Bug#629636: linux-image-2.6.32-5-kirkwood: IPsec aes-sha1 with kirkwood/mv_cesa causes CPU to spin
* Thus spake Alexander Clouter (alex@digriz.org.uk):
> I have just been tasked with putting together an active-active IPsec VPN
> concentrator (with a need to use AES-SHA1 it seems) and I was hoping to
> use the OpenRD's (and mv_cesa). Have you got a patch I can test that
> fixes things for SHA1?
The patch below should work around the problem by not using it. You could try
the kernel from backports. If I remember correctly than it seems that the
later kernel passes one big chunk instead of three requests (init, update,
fin). If that works out for then the only problem are fragmanted packets.
diff --git a/drivers/crypto/mv_cesa.c b/drivers/crypto/mv_cesa.c
index 3cf303e..f556a71 100644
--- a/drivers/crypto/mv_cesa.c
+++ b/drivers/crypto/mv_cesa.c
@@ -1062,7 +1062,7 @@ static int mv_probe(struct platform_device *pdev)
"Could not register aes-cbc driver\n");
goto err_unreg_ecb;
}
-
+#if 0
ret = crypto_register_ahash(&mv_sha1_alg);
if (ret == 0)
cpg->has_sha1 = 1;
@@ -1076,7 +1076,7 @@ static int mv_probe(struct platform_device *pdev)
printk(KERN_WARNING MV_CESA
"Could not register hmac-sha1 driver\n");
}
-
+#endif
return 0;
err_unreg_ecb:
crypto_unregister_alg(&mv_aes_alg_ecb);
> Cheers
Sebastian
Reply to: