[Openswan Users] Openswan-3.0.06: KLIPS_OCF a must to use hardware crypto with linux-2.6.20?

David McCullough David_Mccullough at securecomputing.com
Thu Nov 8 17:38:32 EST 2007

Jivin Paul Wouters lays it down ...
> On Thu, 8 Nov 2007, KokHow.Teh at infineon.com wrote:
> > 	Presently, my hardware crypto device drivers are using the stock
> > CRYPTO_ALGAPI available in 2.6.20. I take a look at hifn and ixp4xx and
> > it needs major changes to the drivers. Is there anyway to use the
> > hardware crypto with openswan-3.0.06 for the moment without having to
> > use the asyncchronous OCF accleration system?
> No. The whole point of OCF was to get hardware crypto working properly.
> Why Linux then started their own "acrypto" is something you will have to
> ask them. Perhaps they have the resources to port openswan to their crypto
> stack?

You can use the cryptosoft driver,  which will take advantage of your
in-kernel CRYPTO_ALGAPI implementation.  It's not ideal, but it's a
start.  If you are using SMP systems it may even be acceptable ;-)

The real advantage is to write yourself an async capable OCF driver.  It's
not as hard as you may think if you already have a driver and the HW is
capable of async operation, lot of example drivers too :-)


David McCullough,  david_mccullough at securecomputing.com,   Ph:+61 734352815
Secure Computing - SnapGear  http://www.uCdot.org http://www.cyberguard.com

More information about the Users mailing list