Contributed by sean on from the OMG-OCF dept.
The OpenBSD Cryptographic Framework (OCF), presented at USENIX 2003 by Angelos Keromytis, Jason Wright and Theo de Raadt, is a key feature in the latest release of 6Wind's embedded Linux network stack.
OCF is a service virtualization layer implemented inside the kernel that provides uniform access to accelerator functionality by hiding card-specific details behind a carefully-designed API. Specifically /dev/crypto which abstracts various crypto functions and offloads them to the various supported devices (should they exist) such as the hifn.
According to 6Wind, their 6WINDGateTM 2.8 release "features a unique `fast-path-ready' software architecture supporting the OCF standard, which has been adopted by leading processor vendors for IPsec hardware crypto-accelerator."
Read more from the original paper:
http://www.thought.net/jason/ocfpaper/index.html
Edit: A representative of 6Wind requested I update the name Wingate to 6WINDGateTM.
(Comments are closed)
By Anonymous Coward (81.57.42.108) on
Comments
By Anonymous Coward (151.136.100.2) on
go about your business.
By Jason Wright (65.202.219.66) jason@openbsd.org on http://www.thought.net/jason
>
What are you talking about?
By Farlies (69.180.143.157) farlies@gmail.com on
>
Poster possibly referred to this issue:
http://www.nabble.com/'Corrupted-MAC-on-input'-points-to-vpn1411-problem-t1694703.html
http://archive.openbsd.nu/?ml=openbsd-misc&a=2006-05&t=2063486
or something similar. Basically, userland use of hifn crypto hurls
in fairly short order. I doubt the announcement actually supplies
anything like a fix. It would be nice if somebody was working on this though. If nobody else has a handle on it, I might have to volunteer.
By Anonymous Coward (150.101.19.41) on