similar to: Crypto hw acceleration for openssl

Howdy, <this messages is cross posted in freebsd-security and freebsd-net> I'm seeking current cryptographic coprocessors supported in FreeBSD 8.x. By perusing through the crypto-dev (and subsequently referenced) man page(s) I found this list: Hifn 7751/7951/7811/7955/7956 crypto accelerator SafeNet 1141/1741 Bluesteel 5501/5601 Broadcom

I have a zpool that consists for a two-drive mirror. The two times I took the zpool offline, I had to resilver one of the drives (the same drive both times) when I imported it back. All drives in the pool show no read, write, or checksum errors and are new, so I'm looking to a software problem before hardware. Both drives are encrypted geli devices. I tried to reproduce the error with 1GB

Hi all, can someone comment on the state of the hifn(4) driver? I've recently upgraded my 6.2-STABLE workstation to RELENG_7, and I'm now experiencing system lockups that seem to be caused by the hifn(4) driver. I've got a Soekris vpn1401 card to help with GELI disk en- cryption. Reading from a GELI volume is causing the system to freeze completely, which does not happen if

Hi, Just got some of the new Soekris 1401 VPN cards based on the hifn 7955 chip. hifn0 mem 0xe8510000-0xe8517fff,0xe8518000-0xe8519fff,0xe851a000-0xe851afff irq 5 at device 0.0 on pci1 hifn0: Hifn 7955, rev 0, 32KB dram, 64 sessions vs hifn0 mem 0xeb902000-0xeb902fff,0xeb901000-0xeb901fff irq 10 at device 8.0 on pci0 hifn0: Hifn 7951, rev 0, 128KB sram, 193 sessions When it says "n

Is anyone else seeing this: perl @/kern/makeops.pl -h @/opencrypto/crypto_if.m rm -f .depend mkdep -f .depend -a -nostdinc -D_KERNEL -DKLD_MODULE -I- -I. -I@ -I@/../include -I/usr/obj/usr/local/src-STABLE/src/i386/usr/include /usr/local/src-STABLE/src/sys/modules/hifn/../../dev/hifn/hifn7751.c /usr/local/src-STABLE/src/sys/modules/hifn/../../dev/hifn/hifn7751.c:47: opt_hifn.h: No such file or

Hi Freebies!! I know F-BSD 4.8 supports a framework in the kernel to use crypto functions from hifn crypto cards. Is there any of these cards that support custom crypto? What is the best route to go if I want to support IPSec (and maybe other) crypto functions but with custom crypto algorithms? Any info or ideas will be appreciated. Thanks Peut

Roger Marquis wrote: > [snip] > >It takes all of 2 seconds to generate a ssh 2 new session on a >500Mhz cpu (causing less than 20% utilization). Considering that >99% of even the most heavily loaded servers have more than enough >cpu for this task I don't really see it as an issue. > >Also, by generating a different key for each session you get better >entropy,

Hi. geli(8) from FreeBSD-CURRENT is now able to perform data integrity verification (data authentication) using one of the following algorithms: - HMAC/MD5 - HMAC/SHA1 - HMAC/RIPEMD160 - HMAC/SHA256 - HMAC/SHA384 - HMAC/SHA512 One of the main design goals was to make it reliable and resistant to power failures or system crashes. This was very important to commit both data update and HMAC

Hi! I try to load an module that it is found in curent /lib/modules/`uname -r` tree ... root at sevcenco: ~ # ls -l /lib/modules/`uname -r`/kernel/drivers/crypto/padlock-* -rwxr--r-- 1 root root 14296 Mar 16 19:37 /lib/modules/2.6.38-0.el5.elrepo/kernel/drivers/crypto/padlock-aes.ko -rwxr--r-- 1 root root 10808 Mar 16 19:37 /lib/modules/2.6.38-0.el5.elrepo/kernel/drivers/crypto/padlock-sha.ko

Hi there! we are thinking of deploying a IPSEC VPN concentrator using multiple PCI bus version VPN1401 cards in a FreeBSD box using hifn support.. From the technical specs in Soekris website http://www.soekris.com/vpn1401.htm, each card can support 24 to 70 connections. The question is if we put 3 VPN1401 cards in a single box, does this mean the FreeBSD box can support 3 x (24 to 70) IPSEC

Hello I have a server with an hardware crypto accelator. For giving userspace access to it I use the cryptodev module (http://cryptodev-linux.org/) I have also the cryptodev engine compiled in openssl. When I modprobe the cryptodev module, I cannot login with ssh on the server. The symptom can be found with dmesg: audit: type=1326 audit(1424784807.257:3): auid=4294967295 uid=22 gid=22

Hi. Here you can find patches with changes to gmirror(8) and graid3(8): http://people.freebsd.org/~pjd/patches/gmirror.7.patch http://people.freebsd.org/~pjd/patches/graid3.patch The patches does the following: - Significant synchronization speed improvement. Now many parallel synchronization I/O requests can be used instead of only one before. Many people requested this. - Close race

Hello, I just set up Debian Lenny on a PCEngines ALIX. This board have a GeodeLX processor with hardware crypto accelerator, so I patched my kernel to get cryptodev support. Everything is fine when playin with openssl, but openssh just crash when a large amount of data is transfered. A small example: alix:~# scp 100meg.test localhost:/dev/null root at localhost's password: 100meg.test

Hello, I think there was already a thread on this. I just want to raise the question again if anyone has successfully booted an gdbe-encrypted filesystem (everything encrypted except the bootloader). The passphrase is entered at the bootloader prompt or embedded in the bootloader. I appreciate any tips. Thanks, - ronnel

Please forgive me for the really dumb question following. I am a complete newbie to rsync. I have been trying to set up an rsync server and am unable to get any logging. I need to know if the following is possible. I'm rsyncing from the client and connecting with ssh to an rsync server. I can connect just fine and the files go with no problem. I'm going from a RedHat 7.3 with rsync

Hello list, please spend a minute considering these facts and maybe there is something to improve: 1) VIA Eden based board can write AES256 encrypted information on HDD at > 60MB/s 2) iperf shows NIC speed 69MB/s 3) openssl tests have even better results 4) openssh can transfer AES256 encrypted information at < 27MB/s (and worse with HDD encryption) It is better with openssh 5.x, than

On Wed, 2 Nov 2016, Stuart Henderson wrote: > On 2016-11-02, Jakub Jelen <jjelen at redhat.com> wrote: > > The current set of patches are rebased on current upstream is attached > > with few more tweaks needed to build, pass testsuite and make it work. > > The upstream review and insight would be helpful. > > Since these are going to break things with LibreSSL,

I am trying to install centos 5.4 on a centos 5.2 xen host. Technically this is rocks cluster and thats axillary software but the avalanch installer may be the hiccup this is what shows up in the xen log any suggestions Watching /local/domain/13/logdirty/next-active xs_read(): vncpasswd get error. /vm/84384fb8-e6a6-3a84-8027-e79b841fdc7b/vncpasswd. char device redirected to /dev/pts/4

I have searched around the lists and Google and found this HYPERLINK "http://people.freebsd.org/~pjd/patches/jail_2004120901.patch"http://people. freebsd.org/~pjd/patches/jail_2004120901.patch I was wondering if anyone know of a multiple IP patch that works with FreeBSD 5.4 I really do not understand why this is not included in the standard jail I mean sure jail is handy for

In a virtualized environment running Xen or VMware, can the guest operating systems utilize hardware crypto acceleration such as the "PadLock" AES acceleration built into VIA CPUs? (Wasn't able to find this info in any of ~400 Google hits, so I'm shooting it out a bit to let as many as possible benefit from the answer.)