Thanks Marek..yeah, its more to do with processing block ciphers from kernel rather than SSL as such, my question to be exactly precise is for me to find out how to feed exact multiples of block cipher length from sk_buff, when they are internally fragmented in physical/virtual memory within an sk_buff (scatter/gather io) and when the sk_buffs are chained. This now looks more like a linux kernel question rather than SSL, but any help is appreciated. Functions such as sock_read/sock_write in socket.c do a buffer copy into another char buffer in the kernel from the sk_buff associated to the sock fd, now we want to avoid that and directly pass the sk_buff->data to the crypto hardware if sk_buff->len = n * block_size otherwise do a memcpy..
Is there any function in linux which directly gives the sk_buff->data ptr without any memcpy? Thanks --Gayathri -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Marek Marcola Sent: Wednesday, June 28, 2006 8:06 PM To: openssl-users@openssl.org Subject: RE: SSL_read/SSL_write from kernel Hello, > Thanks, but let me rephrase my question. > > There seems to be a requirement for us to process SSL app data from > kernel, > wherein I would like to read the sk_buff and pass it to a crypto > acclerator > (hardware/software), but we face a problem wherein for block ciphers, > we need > to ensure the data segment within the sk_buff is a multiple of the > block cipher > length, otherwise, we need to do a buffer copy and maintain the > remaining data > in some kernel memory, prequeue it and append it to the next sk_buff.. > > If openssl does support SSL_read/SSL_write from kernel, then I could > simply > call it otherwise, have to write my own SSL_read/SSL_write functions.. > > Please let me know if such support is available or someone has already > attempted > this.. I'm not sure whether we talking of SSL or some_block_cipher_mode. If you want get from some source stream of data encrypted by block cipher (for example in CBC mode) and decrypt it you may use OpenSSL EVP interface (which take care of block "remainders" on any stage). But if you want put this in kernel code - for me better solution is to write yourself some cipher_mode then get some parts from OpenSSL. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
