Date: Sun, 13 Jan 2008 16:05:39 -0800 From: Sam Leffler <sam@errno.com> To: "Simon L. Nielsen" <simon@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/crypto/openssl/crypto/engine eng_cryptodev.c Message-ID: <478AA753.8090106@errno.com> In-Reply-To: <20080113233716.GB14893@zaphod.nitro.dk> References: <200801131144.m0DBimYT077701@repoman.freebsd.org> <20080113115947.GA1135@zaphod.nitro.dk> <478A601A.3060506@errno.com> <20080113233716.GB14893@zaphod.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Simon L. Nielsen wrote:
> On 2008.01.13 11:01:46 -0800, Sam Leffler wrote:
>
>> Simon L. Nielsen wrote:
>>
>>> On 2008.01.13 11:44:47 +0000, Simon L. Nielsen wrote:
>>>
>>>
>>>> simon 2008-01-13 11:44:47 UTC
>>>>
>>>> FreeBSD src repository
>>>>
>>>> Modified files:
>>>> crypto/openssl/crypto/engine eng_cryptodev.c Log:
>>>> Unbreak detection of cryptodev support for FreeBSD which was broken
>>>> with OpenSSL 0.9.8 import.
>>>> Note that this does not enable cryptodev by default, as it was the
>>>> case with OpenSSL 0.9.7 in FreeBSD base, but this change makes it
>>>> possible to enable cryptodev at all.
>>>>
>>>>
>>> With this change it is possible to enable cryptodev by default for
>>> openssl(1) with lines like below in etc/ssl/openssl.cnf.
>>> Unfortunately openssh does not call the functions to read the config
>>> file so it's not possible to enable cryptodev in openssh in a similar
>>> fashion. I have yet figure out how to do support cryptodev by default
>>> cleanly...
>>>
> [...]
>
>> I gave you a patch to make cryptodev the default (if present) w/o modifying
>> openssl.cnf. That is how things used to work in freebsd and how things
>> work on systems like openbsd. Was there a problem w/ it?
>>
>
> I'm not certain that is the correct way and that it won't have any
> other side-effects. I should have found some OpenSSL people to bug
> about this, but I haven't gotten around to doing that yet.
>
Ok, I thought you were going to do that before this commit; hence my
question.
> Part of what worries me some, is that I can't find out why OpenSSL
> stopped just using cryptodev by default, neither in docs nor in the
> code.
>
I would expect openssl folks had no clue they broke it because openbsd
doesn't track their code (in this area at least). The only worry I have
about my change is if it makes it impossible to override it's use (e.g.
via openssl.cnf). If you can override the default then I can see
nothing wrong w/ the change and it will "fix ssh".
Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?478AA753.8090106>