Jivin Siegfried Müller lays it down ... > David, > > > Jivin Siegfried Müller lays it down ... > > > Hi David, > > > >Jivin Siegfried Müller lays it down ... > > > >> Hi, > > > >> > > > >> I currently using openswan with the OCF for the hw crypto engine > on > > > >> the ixp425. I want to use also openvpn. I compiled it with crypto > > > > >> and openvpn grows to 1MB. (without crypto > > > >> ~240KB) > > > >> Is there any possibility to use openssl also with OCF? How can i > > > >> reduce the size of openvpn with crypto? > > > > > > >Depending on how you added OCF to your uClinux-dist, you should > > > >already have openssl(libcrypto) being accelerated by OCF. > > > > > > I selected "OCF", "cryptodev" and "IXP4XX" in the Kernel Module > > > Settings. Is there anything else to do in the openssl config? > > > > openssl needs to be patched and have ocf-linux enabled with the: > > > > --with-cryptodev > > > > options. Run openssl and type: > > > > OpenSSL> engine > > (cryptodev) BSD cryptodev engine > > (dynamic) Dynamic engine loading support > > OpenSSL> > > > > I get: > OpenSSL> engine > (dynamic) Dynamic engine loading support > (cswift) CryptoSwift hardware engine support > (chil) nCipher hardware engine support > (atalla) Atalla hardware engine support > (nuron) Nuron hardware engine support > (ubsec) UBSEC hardware engine support > (aep) Aep hardware engine support > (sureware) SureWare hardware engine support > (4758cca) IBM 4758 CCA hardware engine support > > Do you have any idea why there is no IXP4xx?
You do not need any of those ;-) > > If cryptodev does show then you do not have OCF acceleration in > openssl. You need to get a patch from the OCF project for your > > openssl version. > > I doesn't show "cryptodev" so I must have OCF acceleration, do I? No cryptodev means no OCF patch or OCF not enabled with the --with-cryptodev option for openssl. Get the openssl patch from the ocf-linux project, checkout the README.sglinux and see how you go, Cheers, Davidm > > Most of the SG dist will handle this if CONFIG_OCF_OCF is defined in > eth modules build. You most likely have this. > > > > > >There is an OpenSSL patch included with OCF specifically for that, > > > >then > > > you just need to create the /dev/crypto node: > > > > > > > > mknod /dev/crypto c 10 70 > > > > > > Is that patch already included in snapgear3.4 (i use 0.9.7m > OpenSSL)? > > > > The SG dist should also do that for you, look in /dev/ on your target > for /dev/crypto > > > > > How can I reduce the size of the libcrypto? > > > > I wish I knew :-), it's big and interdependent. > > > > The lib/libssl makefile has a good go at getting rid of a much as > possible. Depending on your usage you may be able to disable some > > more algs etc. > > > Otherwise look at use dropbear?? perhaps ? Would be more work to > convert openvpn though, someone may have already done it. > > > Cheers, > > Davidm > > Cheers, > Siegfried > > -- > David McCullough, david_mccullo...@securecomputing.com, Ph:+61 > 734352815 > Secure Computing - SnapGear http://www.uCdot.org > http://www.snapgear.com > _______________________________________________ > uClinux-dev mailing list > uClinux-dev@uclinux.org > http://mailman.uclinux.org/mailman/listinfo/uclinux-dev > This message was resent by uclinux-dev@uclinux.org > To unsubscribe see: > http://mailman.uclinux.org/mailman/options/uclinux-dev > > _______________________________________________ > uClinux-dev mailing list > uClinux-dev@uclinux.org > http://mailman.uclinux.org/mailman/listinfo/uclinux-dev > This message was resent by uclinux-dev@uclinux.org > To unsubscribe see: > http://mailman.uclinux.org/mailman/options/uclinux-dev > -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 Secure Computing - SnapGear http://www.uCdot.org http://www.snapgear.com _______________________________________________ uClinux-dev mailing list uClinux-dev@uclinux.org http://mailman.uclinux.org/mailman/listinfo/uclinux-dev This message was resent by uclinux-dev@uclinux.org To unsubscribe see: http://mailman.uclinux.org/mailman/options/uclinux-dev
