Re: [uClinux-dev] openssl with hw-crypt engine IXP425 or less lcryptlib

Thu, 15 Jan 2009 22:44:07 -0800 

Jivin Siegfried Müller lays it down ...
> Hi David,
> >Jivin Siegfried Müller lays it down ...
> >> Hi,
> >>
> >> I currently using openswan with the OCF for the hw crypto engine on
> >> the ixp425. I want to use also openvpn. I compiled it with crypto and
> >> openvpn grows to 1MB. (without crypto
> >> ~240KB)
> >> Is there any possibility to use openssl also with OCF? How can i
> >> reduce the size of openvpn with crypto?
> 
> >Depending on how you added OCF to your uClinux-dist,  you should
> > already have openssl(libcrypto) being accelerated by OCF.
> 
> I selected "OCF", "cryptodev" and "IXP4XX" in the Kernel Module
> Settings. Is there anything else to do in the openssl config?

openssl needs to be patched and have ocf-linux enabled with the:

        --with-cryptodev

options.  Run openssl and type:

        OpenSSL> engine
        (cryptodev) BSD cryptodev engine
        (dynamic) Dynamic engine loading support
        OpenSSL>

If cryptodev does show then you do not have OCF acceleration in openssl.
You need to get a patch from the OCF project for your openssl version.

Most of the SG dist will handle this if CONFIG_OCF_OCF is defined in eth
modules build.  You most likely have this.

> >There is an OpenSSL patch included with OCF specifically for that, then
> you just need to create the /dev/crypto node:
> >
> >        mknod /dev/crypto c 10 70
> 
> Is that patch already included in snapgear3.4 (i use 0.9.7m OpenSSL)?

The SG dist should also do that for you,  look in /dev/ on your target
for /dev/crypto

> How can I reduce the size of the libcrypto?

I wish I knew :-), it's big and interdependent.

The lib/libssl makefile has a good go at getting rid of a much as
possible.  Depending on your usage you may be able to disable some more
algs etc.

Otherwise look at use dropbear?? perhaps ?  Would be more work to
convert openvpn though,  someone may have already done it.

Cheers,
Davidm

-- 
David McCullough,  [email protected],   Ph:+61 734352815
Secure Computing - SnapGear  http://www.uCdot.org   http://www.snapgear.com
_______________________________________________
uClinux-dev mailing list
[email protected]
http://mailman.uclinux.org/mailman/listinfo/uclinux-dev
This message was resent by [email protected]
To unsubscribe see:
http://mailman.uclinux.org/mailman/options/uclinux-dev

Reply via email to