Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 13 Jan 2008 11:01:46 -0800
From:      Sam Leffler <sam@errno.com>
To:        "Simon L. Nielsen" <simon@FreeBSD.org>
Cc:        cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/crypto/openssl/crypto/engine eng_cryptodev.c
Message-ID:  <478A601A.3060506@errno.com>
In-Reply-To: <20080113115947.GA1135@zaphod.nitro.dk>
References:  <200801131144.m0DBimYT077701@repoman.freebsd.org> <20080113115947.GA1135@zaphod.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help 

Simon L. Nielsen wrote:
> On 2008.01.13 11:44:47 +0000, Simon L. Nielsen wrote:
>   
>> simon       2008-01-13 11:44:47 UTC
>>
>>   FreeBSD src repository
>>
>>   Modified files:
>>     crypto/openssl/crypto/engine eng_cryptodev.c 
>>   Log:
>>   Unbreak detection of cryptodev support for FreeBSD which was broken
>>   with OpenSSL 0.9.8 import.
>>   
>>   Note that this does not enable cryptodev by default, as it was the
>>   case with OpenSSL 0.9.7 in FreeBSD base, but this change makes it
>>   possible to enable cryptodev at all.
>>     
>
> With this change it is possible to enable cryptodev by default for
> openssl(1) with lines like below in etc/ssl/openssl.cnf.
> Unfortunately openssh does not call the functions to read the config
> file so it's not possible to enable cryptodev in openssh in a similar
> fashion. I have yet figure out how to do support cryptodev by default
> cleanly...
>
> Oh, and I just remembered that I forgot to thank Mike Tancsa / Sentex
> for providing hardware used for testing this.  So... thanks! :-)
>
>
>
> [openssl_init]
> engines = engine_section
>
> [engine_section]
> cryptodev = cryptodev_section
>
> [ cryptodev_section ]
> engine_id = cryptodev
> default_algorithms = ALL
>
>
> (Note that the above was copied from a config file I haven't touched
> in month so I'm 100% the exact section above is enough, but it's
> close...)
>
>   
I gave you a patch to make cryptodev the default (if present) w/o 
modifying openssl.cnf.  That is how things used to work in freebsd and 
how things work on systems like openbsd.  Was there a problem w/ it?

    Sam

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?478A601A.3060506>