know enough about it be sure this is a valid fix.
I think we need a long term arm expert to pass judgement on this one,
unless of source you manage to get it tested. I don't have any thumb
targets I can try it on, sory,
Cheers,
Davidm
> Cc: linux-arm-ker...@lists.infradead.org
> Cc: linux-cry
Cheers,
Davidm
> -Original Message-
> From: linux-crypto-ow...@vger.kernel.org
> [mailto:linux-crypto-ow...@vger.kernel.org] On Behalf Of Herbert Xu
> Sent: Thursday, September 06, 2012 10:20 PM
> To: David McCullough
> Cc: linux-ker...@vger.kernel.org; linux-crypto@vger.ker
~38%
KS8695 166 MHz little3828549 5795373~51%
Signed-off-by: David McCullough
---
diff -Npur linux-3.5.orig/arch/arm/crypto/aes-armv4.S
linux-3.5/arch/arm/crypto/aes-armv4.S
--- linux-3.5.orig/arch/arm/crypto/aes-armv4.S 1970-01-01 10:00:00.0
+1000
gt;
> > I am not sure what you mean when you bundle "sha-md5" and "des and aes".
> > A tunnel needs both an encryption algorithm (aes or 3des) and an
> > authentication algothim (sha1, sha2, md5, etc). So for your tunnel
> > to work, you would always be using
Jivin Leo Yan lays it down ...
>
> hi, David
>
> Very appreciate for your answer. :-)
>
> Please see my inline comments.
>
> Best Regards,
> Leo Yan
>
>
> -Original Message-
> From: David McCullough [mailto:david_mccullo...@securecomputing.co
aphics Framework
> will directly use the Linux Crypto APIs or not? Otherwise
Once linux has it's own user space API you will not need OCF to provide one,
but you will need to add/wait for support for applications like openssl etc
to use the linux API.
Cheers,
Davidm
--
David McCullo
and offsets to the OCF, still the thing does not work...
> May be I'm missing out something
> Please help..
Which OCF crypto driver are you using ? Talitos or cryptosoft or
something else ?
Cheers,
Davidm
--
David McCullough, david_mccullo...@securecomputing.com, Ph:+61 7
:
http://lists.sourceforge.net/mailman/listinfo/ocf-linux-users
Cheers,
Davidm
--
David McCullough, [EMAIL PROTECTED], Ph:+61 734352815
Secure Computing - SnapGear http://www.uCdot.org http://www.cyberguard.com
-
To unsubscribe from this list: send the line "unsubscribe linux-crypt
sizeof(int), 0644, NULL, NULL, &proc_dointvec},
> { NET_IPSEC_DEBUG_ESP, "debug_esp", &debug_esp,
> - sizeof(int), 0644, NULL, &proc_dointvec},
> + sizeof(int), 0644, NULL, NULL, &proc_dointvec},
--
David McCullough,
"NULL irs in callback\n");
> > @@ -273,7 +284,7 @@
> > crp = NULL;
> >
> > /* setup the rest of the processing now */
> > -PROCESS_NEXT(irs->workq, ipsec_rsm_wq, ipsec_rsm, irs);
> > +PROCESS_NEXT(irs, ipsec_rsm_wq, ipsec_rsm);
> > return 0;
> > }
> >
> > @@ -396,6 +407,7 @@
&g
very driver. Sounds like
something that needs to move up a level ?
Cheers,
Davidm
--
David McCullough, [EMAIL PROTECTED], Ph:+61 734352815
Secure Computing - SnapGear http://www.uCdot.org http://www.cyberguard.com
-
To unsubscribe from this list: send the line "unsubscribe linux
y.
Could you have a look at it ? I have done some basic testing here
and it seems ok, haven't checked your performance increases yet ;-)
Thanks,
Davidm
--
David McCullough, [EMAIL PROTECTED], Ph:+61 734352815
Secure Computing - SnapGear http://www.uCdot.org http://www.cyberguard.com
Ind
ng on there,
Cheers,
Davidm
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eran Ben-Avi
> Sent: Thursday, August 30, 2007 2:58 AM
> To: David McCullough
> Cc: linux-crypto@vger.kernel.org
> Subject: Re: Openswan 2.4.9 - tasklet or
Jivin Eran Ben-Avi lays it down ...
>
> --- David McCullough
> <[EMAIL PROTECTED]> wrote:
>
> >
> >
> >
> > Jivin Eran Ben-Avi lays it down ...
> > > Hi,
> > >
> > > I tested IPSec(tunnel mode) routing performance
> &
Jivin Eran Ben-Avi lays it down ...
> Hi,
>
> Please ignore.Apparently the ocfnull was enabled along
> with the cryptosoft - that was the root cause of my
> problem.
No problems.
Cheers,
Davidm
> --- David McCullough
> <[EMAIL PROTECTED]> wrote:
>
> >
erything. We have
fixed a couple of bugs since 20070727 so if I can get some more
information it might be time to do a new version with it fixed ;-)
Cheers,
Davidm
--
David McCullough, [EMAIL PROTECTED], Ph:+61 734352815
Secure Computing - SnapGear http://www.uCdot.org http://www.cyberguard.co
Sure, send in a patch. This is against ocf-linux-20070727 right ?
Cheers,
Davidm
--
David McCullough, [EMAIL PROTECTED], Ph:+61 734352815
Secure Computing - SnapGear http://www.uCdot.org http://www.cyberguard.com
-
To unsubscribe from this list: send the line "unsubscribe linux-cryp
struct scatterlist *src,
> 361:unsigned int nbytes, u8 *iv)
> 362: {
> 363: BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_CIPHER);
> 364: BUG_ON(tfm->crt_cipher.cit_mode == CRYPT
, join up the mailing list if you are interested/working on this:
http://lists.sourceforge.net/mailman/listinfo/ocf-linux-users
Cheers,
Davidm
--
David McCullough, [EMAIL PROTECTED], Ph:+61 734352815
Secure Computing - SnapGear http://www.uCdot.org http://www.cyberguard.com
-
To unsubs
as full backward compat to
> >2.4 so that is just an aberation (a long one :-(
> >
> >In general, backwards compat is high on the list of things to provide.
> >It helps ensure that the HW drivers are easier to maintain if nothing
> >else ;-)
> >
> >Chee
else ;-)
Cheers,
Davidm
> On 7/18/07, David McCullough <[EMAIL PROTECTED]> wrote:
> >
> >Jivin Nawang Chhetan lays it down ...
> >> Hi David,
> >> Thanks for the reply. Since there is no proper API
> >> documentation for the OCF-Linux, can we ref
publications/library/proceedings/bsdcon03/tech/leffler_crypto/leffler_crypto.pdf
All available from the links page on:
http://ocf-linux.sourceforge.net/links.html
Cheers,
Davidm
> On 7/18/07, David McCullough <[EMAIL PROTECTED]> wrote:
> >
> >Jivin Nawang Chhetan lays i
e is,
Cheers,
Davidm
> On 7/17/07, David McCullough <[EMAIL PROTECTED]> wrote:
> >
> >Jivin Nawang Chhetan lays it down ...
> >> Hi All,
> >>
> >> I am trying to integrate OCF-linux with Quicksec on linux 2.6 kernels.
> >> Many versions of OC
le all the code in
"random.c" however, it was broken on 64bits arches in older versions.
Cheers,
Davidm
--
David McCullough, [EMAIL PROTECTED], Ph:+61 734352815
Secure Computing - SnapGear http://www.uCdot.org http://www.cyberguard.com
-
To unsubscribe from this list: send the
tes 64 bytes256 bytes 1024 bytes 8192
> bytes
> des-cbc 46223.25k71846.34k74447.87k75156.82k
> 75145.22k
> [EMAIL PROTECTED] /]#
> -
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a m
SUNRPC=y
> # CONFIG_RPCSEC_GSS_KRB5 is not set
> # CONFIG_RPCSEC_GSS_SPKM3 is not set
> # CONFIG_SMB_FS is not set
> # CONFIG_CIFS is not set
> # CONFIG_NCP_FS is not set
> # CONFIG_CODA_FS is not set
> # CONFIG_AFS_FS is not set
> # CONFIG_9P_FS is not set
>
Jivin Evgeniy Polyakov lays it down ...
> On Wed, May 24, 2006 at 09:04:43AM +1000, David McCullough ([EMAIL
> PROTECTED]) wrote:
> >
> > Hi Evgeniy,
>
> Hello David.
>
> > Just interested in the results you are getting below for
> > compariso
http://tservice.net.ru/~s0mbre/old/?section=projects&item=acrypto
>
> --
> Evgeniy Polyakov
> -
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to [EMAIL PROTECTED]
> More majordomo info at http://vger.kern
does that also contain crypto algo's?
Later 2.4 series kernels also contain crypto.
> As I recall, the Debian distribution provides the 2.4.27 kernel in its stable
> release.
Seems to have been there since about 2.4.22
Cheers,
Davidm
--
David McCullough, [EMAIL PROTECTED],
lockups on rev 1.0 chips
* updated openswan patch to 2.4.5rc6
Tested under 2.4.32 and 2.6.16 across multiple architectures,
Cheers,
Davidm
--
David McCullough, [EMAIL PROTECTED], Ph:+61 734352815
Secure Computing - SnapGear http://www.uCdot.org http://www.cyberguard.com
-
To unsubscribe
Jivin Herbert Xu lays it down ...
> On Wed, Mar 15, 2006 at 08:54:48AM +1000, David McCullough wrote:
> >
> > struct aes_ctx {
> > int key_length;
> > - u32 E[60];
> > - u32 D[60];
> > + u32 _KEYS[120];
> > };
>
> Looks good. Than
unds like a bug waiting to happen to me.
Why not do something like the attached patch.
Cheers,
Davidm
--
David McCullough, [EMAIL PROTECTED], Ph:+61 734352815
Secure Computing - SnapGear http://www.uCdot.org http://www.cybergu
ports required
algs
* updated ssl patch to openssl-0.9.8a
* no patch required for openssh anymore
* openssl md5/sha support by Ronen Shitrit
Cheers,
Davidm
--
David McCullough, [EMAIL PROTECTED], Ph:+61 734352815
Secure Computing - SnapGear http://www.uCdot.org http://www.cyberguard.com
-
To unsubs
re should I pay more attentions while writing code?
Get the source code from:
http://ocf-linux.sourceforge.net/
Look at the safenet driver, it's probably the cleanest and easiest to
follow. You can also look at the ixp4xx driver for a simple framework.
Both provide most the function
h 4.3p1 as well which I will be
including along with openssl 0.9.8a.
Cheers,
Davidm
--
David McCullough, [EMAIL PROTECTED], Custom Embedded Solutions + Security
Ph:+61 734352815 Fx:+61 738913630 http://www.uCdot.org http://www.cyberguard.com
-
To unsubscribe from this list: send the line "unsub
.
> * Simple single patch to add OCF to 2.4 or 2.6 kernels.
> * Fixed broken openssl speed test (Ronen Shitrit)
>
> Cheers,
> Davidm
--
David McCullough, [EMAIL PROTECTED], Custom Embedded Solutions + Security
Ph:+61 734352815 Fx:+61 738913630 http://www.uCdot.org http://www.cybergua
Have a look at the ixp4xx driver in ocf-linux for how to do all this:
http://ocf-linux.sourceforge.net/
Cheers,
Davidm
--
David McCullough, [EMAIL PROTECTED], Custom Embedded Solutions + Security
Ph:+61 734352815 Fx:+61 738913630 http://www.uCdot.org http://www.cyberguard.com
-
To unsubsc
Jivin Ronen Shitrit lays it down ...
> Hi
>
> I tested it and it seems fine now.
> Before I got same digest for MD5 and HMAC MD5.
OK, I'll apply it and see how we go,
Thanks,
Davidm
--
David McCullough, [EMAIL PROTECTED], Custom Embedded Solutions + Security
Ph:+61
sk becuase, at various stages, the output of this code has
been compared to other libraries and was producing the same results as
required for MD5/SHA, and I would not like to break it :-)
Cheers,
Davidm
--
David McCullough, [EMAIL PROTECTED], Custom Embedded Solutions + Security
Ph:+61 7
h
passing it on to the kernel.
To get the hashes running from openssl still requires some code to be
complete IIRC,
Cheers,
Davidm
--
David McCullough, [EMAIL PROTECTED], Custom Embedded Solutions + Security
Ph:+61 734352815 Fx:+61 738913630 http://www.uCdot.org http://www.cyberguard.com
-
To unsu
put+0xe4/0x2a8
> [d13dfca4] ipsec_tunnel_send+0x274/0x410 [ipsec]
> [d13e01cc] ipsec_tunnel_xsm_complete+0x1d0/0x2d4 [ipsec]
> [d13e55a8] ipsec_xsm+0x164/0x33c [ipsec]
> [d13f8100] ipsec_ocf_xmit_cb+0x60/0x108 [ipsec]
> [c013b444] crypto_done+0x1d4/0x2d4
> [d1027bb0] swcr_process+0x29
The rsync uses the OpenVPN, which uses the OpenSSL engine by registering
> all available engines.
Have you tried it yet, it would be nice to know if it works in practice :-)
Cheers,
Davidm
--
David McCullough, [EMAIL PROTECTED], Custom Embedded Solutions + Security
Ph:+61 734352815 Fx:+61 7389
register_all_complete();
near the start of the program. What I don't know for sure is how to
ensure the HW engines take precedence over the software ones :-(
With scp I could do it by choosing appropriate alg's IIRC, it's been a
while,
Cheers,
Davidm
--
David McCullough, [EMAIL PR
.
* Simple single patch to add OCF to 2.4 or 2.6 kernels.
* Fixed broken openssl speed test (Ronen Shitrit)
Cheers,
Davidm
--
David McCullough, [EMAIL PROTECTED], Custom Embedded Solutions + Security
Ph:+61 734352815 Fx:+61 738913630 http://www.uCdot.org http://www.cyberguard.com
-
To unsubscribe
crypto.
Great, thanks, I can't believe I hadn't seen the multi thing,
but there you go :-)
I added you patch to my tree so it's included in the next ocf-linux
release,
Thanks,
Davidm
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On B
ble and works on
> FC4
I have HEAD and 2.4.2dr2 going. I have been meaning to put up a new
release for some time now :-(
I will import dr5 and generate a patch this week if I can,
Cheers,
Davidm
--
David McCullough, [EMAIL PROTECTED], Custom Embedded Solutions + Security
Ph:+61 73
iy pointed out, yes, it should be possible to get a zero copy
implementation (depending on host arch and crypto HW combinations etc).
Cheers,
Davidm
--
David McCullough, [EMAIL PROTECTED], Custom Embedded Solutions + Security
Ph:+61 734352815 Fx:+61 738913630 http://www.uCdot.org http://www.cyberg
to accelerate and in what
environment (kernel, user, apps)? That may make your choice
a little easier.
Either way you are going to have to write a driver, so the effort
there will be similar. So the difference *may* be in the application
support,
Cheers,
Davidm
--
David McCullough,
e driver.
There are patches on the OCF site for full IPSEC acceleration of OpenSwan
2.3.0. OpenSSL (ssh, scp,...) is also well supported.
It would be nice to see some more drivers. I have a freescale here and
was considering playing with it, but finding the time for OOB projects
is always a pro
Jivin David Vrabel lays it down ...
> David McCullough wrote:
> > Jivin David Vrabel lays it down ...
> >
> >>The attached patch also fixes up a few other bits and pieces.
> >
> > At least some of the changes you have made to error returns are incorrect,
Jivin David Vrabel lays it down ...
> David McCullough wrote:
> >
> > * Lots of fixes for IXP driver
> >- builds for 1.4 and 2.0 access libs
> >- task queues to handle possible blocking calls
>
> You need to use work queues for 2.6. I think recent 2.4 k
51 matches
Mail list logo
