David, > Jivin Siegfried Müller lays it down ... > > Hi David, > > >Jivin Siegfried Müller lays it down ... > > >> Hi, > > >> > > >> I currently using openswan with the OCF for the hw crypto engine on > > >> the ixp425. I want to use also openvpn. I compiled it with crypto
> > >> and openvpn grows to 1MB. (without crypto > > >> ~240KB) > > >> Is there any possibility to use openssl also with OCF? How can i > > >> reduce the size of openvpn with crypto? > > > > >Depending on how you added OCF to your uClinux-dist, you should > > >already have openssl(libcrypto) being accelerated by OCF. > > > > I selected "OCF", "cryptodev" and "IXP4XX" in the Kernel Module > > Settings. Is there anything else to do in the openssl config? > > openssl needs to be patched and have ocf-linux enabled with the: > > --with-cryptodev > > options. Run openssl and type: > > OpenSSL> engine > (cryptodev) BSD cryptodev engine > (dynamic) Dynamic engine loading support > OpenSSL> > I get: OpenSSL> engine (dynamic) Dynamic engine loading support (cswift) CryptoSwift hardware engine support (chil) nCipher hardware engine support (atalla) Atalla hardware engine support (nuron) Nuron hardware engine support (ubsec) UBSEC hardware engine support (aep) Aep hardware engine support (sureware) SureWare hardware engine support (4758cca) IBM 4758 CCA hardware engine support Do you have any idea why there is no IXP4xx? > If cryptodev does show then you do not have OCF acceleration in openssl. You need to get a patch from the OCF project for your > openssl version. I doesn't show "cryptodev" so I must have OCF acceleration, do I? > Most of the SG dist will handle this if CONFIG_OCF_OCF is defined in eth modules build. You most likely have this. > > > >There is an OpenSSL patch included with OCF specifically for that, > > >then > > you just need to create the /dev/crypto node: > > > > > > mknod /dev/crypto c 10 70 > > > > Is that patch already included in snapgear3.4 (i use 0.9.7m OpenSSL)? > > The SG dist should also do that for you, look in /dev/ on your target for /dev/crypto > > > How can I reduce the size of the libcrypto? > > I wish I knew :-), it's big and interdependent. > > The lib/libssl makefile has a good go at getting rid of a much as possible. Depending on your usage you may be able to disable some > more algs etc. > Otherwise look at use dropbear?? perhaps ? Would be more work to convert openvpn though, someone may have already done it. > Cheers, > Davidm Cheers, Siegfried -- David McCullough, [email protected], Ph:+61 734352815 Secure Computing - SnapGear http://www.uCdot.org http://www.snapgear.com _______________________________________________ uClinux-dev mailing list [email protected] http://mailman.uclinux.org/mailman/listinfo/uclinux-dev This message was resent by [email protected] To unsubscribe see: http://mailman.uclinux.org/mailman/options/uclinux-dev _______________________________________________ uClinux-dev mailing list [email protected] http://mailman.uclinux.org/mailman/listinfo/uclinux-dev This message was resent by [email protected] To unsubscribe see: http://mailman.uclinux.org/mailman/options/uclinux-dev
