From owner-freebsd-current@FreeBSD.ORG Mon Sep 26 14:34:44 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2FFB916A41F; Mon, 26 Sep 2005 14:34:44 +0000 (GMT) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [64.7.153.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id B811043D48; Mon, 26 Sep 2005 14:34:43 +0000 (GMT) (envelope-from mike@sentex.net) Received: from pumice6.sentex.ca (pumice6.sentex.ca [64.7.153.21]) by smarthost1.sentex.ca (8.13.3/8.13.3) with ESMTP id j8QEYhV4082968; Mon, 26 Sep 2005 10:34:43 -0400 (EDT) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by pumice6.sentex.ca (8.13.3/8.13.3) with ESMTP id j8QEYgsV006557; Mon, 26 Sep 2005 10:34:42 -0400 (EDT) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.13.3/8.13.3) with ESMTP id j8QEYfH4027832 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 26 Sep 2005 10:34:41 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <6.2.3.4.0.20050926101828.03203c18@64.7.153.2> X-Mailer: QUALCOMM Windows Eudora Version 6.2.3.4 Date: Mon, 26 Sep 2005 10:34:33 -0400 To: freebsd-current@freebsd.org From: Mike Tancsa Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new X-Scanned-By: MIMEDefang 2.51 on 64.7.153.18 X-Scanned-By: MIMEDefang 2.51 on 64.7.153.21 Subject: OpenSSL bugfix X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Sep 2005 14:34:44 -0000 Looking at the commit logs, there has not been an update to openssl in some time (if its not broken, why 'fix' it) so I am not sure who to ask about it. There is however, one somewhat critical bug that effects users who have the ACE padlock engine in their VIA CPUs. I filled out a PR (http://www.freebsd.org/cgi/query-pr.cgi?pr=86598) with the details. The patch / fix is trivial and it has been in the OpenSSL cvs (http://cvs.openssl.org/chngview?cn=13061) repo since April and is part of official release 0.9.8. Any chance someone could commit the patch and perhaps MFC it so it makes it for 6.0R? Committing the patch would be a lot less work than a full import, and VIA C3/C7 users would then be able to make use of the super fast crypto. Without the patch/fix, users will get sporadic encryption failures when using the padlock engine via openssl apps-- typically, using openvpn. ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike