[Openswan dev] Re: [Openswan Users] Hardware encryption support - VIA PadLock?

Nate Carlson natecars at natecarlson.com
Tue Jun 22 09:23:19 CEST 2004 

On Tue, 22 Jun 2004, Ken Bantoft wrote:
> I didn't get it...  (the patch)

heh, ok, that's what i get for trying to work on this stuff when i'm dead 
tired. attached.  :)

> > lips_info:ipsec_init: KLIPS startup, Openswan KLIPS IPsec stack version: 2.2.0dr1
> > klips_info:ipsec_alg_init: KLIPS alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=251)
> > klips_info:ipsec_alg_init: calling ipsec_alg_static_init()
> > setup_ipsec_alg_capi_cipher(): alg_type=15 alg_id=12 name=aes keyminbits=128 keymaxbits=256, ret=0
> > setup_ipsec_alg_capi_cipher(): alg_type=15 alg_id=253 name=twofish keyminbits=128 keymaxbits=256, ret=0
> > setup_ipsec_alg_capi_cipher(): alg_type=15 alg_id=252 name=serpent keyminbits=128 keymaxbits=256, ret=0
> > setup_ipsec_alg_capi_cipher(): alg_type=15 alg_id=6 name=cast5 keyminbits=128 keymaxbits=128, ret=0
> > setup_ipsec_alg_capi_cipher(): alg_type=15 alg_id=7 name=blowfish keyminbits=96 keymaxbits=448, ret=0
> > 
> > It breaks the built in AES support, though. Certainly shouldn't be
> > commited to the source tree; just works for me (tm).
> 
> Okay, we'll sort it out based on your patch, thanks!

Sounds good!

------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
|       depriving some poor village of its idiot since 1981            |
------------------------------------------------------------------------
-------------- next part --------------
diff -Naur /home/natecars/build/deb/openswan/2.2.0cvs/cvs/openswan-2/linux/net/ipsec/Makefile ipsec/Makefile
--- /home/natecars/build/deb/openswan/2.2.0cvs/cvs/openswan-2/linux/net/ipsec/Makefile	2004-06-21 23:10:58.000000000 -0500
+++ ipsec/Makefile	2004-06-21 23:48:26.000000000 -0500
@@ -78,7 +78,8 @@
 
 CFLAGS_ipsec_alg.o += -DEXPORT_SYMTAB
 obj-$(CONFIG_IPSEC_ALG) += ipsec_alg.o 
-obj-$(CONFIG_IPSEC_ENC_AES) += ipsec_alg_aes.o
+## obj-$(CONFIG_IPSEC_ENC_AES) += ipsec_alg_aes.o
+obj-$(CONFIG_IPSEC_ENC_CRYPTOAPI) += ipsec_alg_cryptoapi.o
 
 export-objs += ipsec_alg.o
 
diff -Naur /home/natecars/build/deb/openswan/2.2.0cvs/cvs/openswan-2/linux/net/ipsec/defconfig ipsec/defconfig
--- /home/natecars/build/deb/openswan/2.2.0cvs/cvs/openswan-2/linux/net/ipsec/defconfig	2004-04-05 21:49:25.000000000 -0500
+++ ipsec/defconfig	2004-06-21 23:57:50.000000000 -0500
@@ -44,7 +44,8 @@
 
 # Encryption algorithm(s):
 CONFIG_IPSEC_ENC_3DES=y
-CONFIG_IPSEC_ENC_AES=y
+# CONFIG_IPSEC_ENC_AES=y
+CONFIG_IPSEC_ENC_CRYPTOAPI=y
 
 # modular algo extensions (and new ALGOs)
 CONFIG_IPSEC_ALG=y
diff -Naur /home/natecars/build/deb/openswan/2.2.0cvs/cvs/openswan-2/linux/net/ipsec/ipsec_alg.c ipsec/ipsec_alg.c
--- /home/natecars/build/deb/openswan/2.2.0cvs/cvs/openswan-2/linux/net/ipsec/ipsec_alg.c	2004-04-05 21:49:25.000000000 -0500
+++ ipsec/ipsec_alg.c	2004-06-22 00:05:27.000000000 -0500
@@ -771,10 +771,10 @@
 		"calling ipsec_alg_static_init()\n");
 
 	/* XXX ipsec_alg_static_init(); */
-#if defined(CONFIG_IPSEC_ENC_AES) && !defined(CONFIG_IPSEC_ENC_AES_MODULE)
+#if defined(CONFIG_IPSEC_ENC_CRYPTOAPI) && !defined(CONFIG_IPSEC_ENC_CRYPTOAPI_MODULE)
 	{
-		extern int ipsec_aes_init(void);
-		ipsec_aes_init();
+		extern int ipsec_cryptoapi_init(void);
+		ipsec_cryptoapi_init();
 	}
 #endif
 
diff -Naur /home/natecars/build/deb/openswan/2.2.0cvs/cvs/openswan-2/linux/net/ipsec/ipsec_alg_cryptoapi.c ipsec/ipsec_alg_cryptoapi.c
--- /home/natecars/build/deb/openswan/2.2.0cvs/cvs/openswan-2/linux/net/ipsec/ipsec_alg_cryptoapi.c	2004-04-05 21:49:25.000000000 -0500
+++ ipsec/ipsec_alg_cryptoapi.c	2004-06-21 23:56:28.000000000 -0500
@@ -57,7 +57,7 @@
 #define NO_CRYPTOAPI_SUPPORT
 #endif
 /*	Low freeswan header coupling	*/
-#include "freeswan/ipsec_alg.h"
+#include "openswan/ipsec_alg.h"
 
 #include <linux/crypto.h>
 #ifdef CRYPTO_API_VERSION_CODE
@@ -68,7 +68,7 @@
 #ifdef NO_CRYPTOAPI_SUPPORT
 #warning "Building an unusable module :P"
 /* Catch old CryptoAPI by not allowing module to load */
-IPSEC_ALG_MODULE_INIT( ipsec_cryptoapi_init )
+IPSEC_ALG_MODULE_INIT_STATIC( ipsec_cryptoapi_init )
 {
 	printk(KERN_WARNING "ipsec_cryptoapi.o was not built on stock Linux CryptoAPI (2.4.22+ or 2.6.x), not loading.\n");
 	return -EINVAL;
@@ -398,7 +398,7 @@
 	return 0;
 }
 
-IPSEC_ALG_MODULE_INIT( ipsec_cryptoapi_init )
+IPSEC_ALG_MODULE_INIT_STATIC( ipsec_cryptoapi_init )
 {
 	int ret, test_ret;
 	if ((ret=setup_cipher_list(alg_capi_carray)) < 0)
@@ -408,7 +408,7 @@
 	}
 	return ret;
 }
-IPSEC_ALG_MODULE_EXIT( ipsec_cryptoapi_fini )
+IPSEC_ALG_MODULE_EXIT_STATIC( ipsec_cryptoapi_fini )
 {
 	unsetup_cipher_list(alg_capi_carray);
 	return;

More information about the Dev mailing list