Rolf Fokkens wrote:
James Yonan wrote:
Yes -- smaller packets, definitely. I'm thinking that this is more likely
a problem with the padlock and/or padlock OpenSSL interface than with
ping.
I've seen issues like this with the padlock accelerator before, where
cipher final fails on packets which encrypt/decrypt fine without padlock.
I'm wondering if perhaps the padlock has a stricter API than the standard
software-implemented EVP layer in OpenSSL, with regard to length, buffer
alignment, etc.
It must be the packet size indeed:
[root@home17 test] openvpn --test-crypto --secret key
--cipher AES-128-CBC --verb 0 --engine padlock
Sun Apr 3 10:50:19 2005 SELF TEST FAILED, src.len=2 buf.len=0
[root@home17 test] openvpn --test-crypto --secret key --cipher
AES-128-CBC --verb 0
[root@home17 test]
Unfortunately the test bails out on the first failure (as can bee seen
without the --verb 0 option), It would be good te see of larger packet
sizes would pass the test.
Rolf
To see more I raised the verbosity level to 9, in that cases no
problems arise. "verb 8" still results in problems.
|