From owner-cvs-all@FreeBSD.ORG Mon Jan 14 00:05:41 2008 Return-Path: Delivered-To: cvs-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BCFBD16A417; Mon, 14 Jan 2008 00:05:41 +0000 (UTC) (envelope-from sam@errno.com) Received: from ebb.errno.com (ebb.errno.com [69.12.149.25]) by mx1.freebsd.org (Postfix) with ESMTP id 6A5C913C45B; Mon, 14 Jan 2008 00:05:41 +0000 (UTC) (envelope-from sam@errno.com) Received: from trouble.errno.com (trouble.errno.com [10.0.0.248]) (authenticated bits=0) by ebb.errno.com (8.13.6/8.12.6) with ESMTP id m0E05d75029424 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 13 Jan 2008 16:05:41 -0800 (PST) (envelope-from sam@errno.com) Message-ID: <478AA753.8090106@errno.com> Date: Sun, 13 Jan 2008 16:05:39 -0800 From: Sam Leffler User-Agent: Thunderbird 2.0.0.9 (X11/20071125) MIME-Version: 1.0 To: "Simon L. Nielsen" References: <200801131144.m0DBimYT077701@repoman.freebsd.org> <20080113115947.GA1135@zaphod.nitro.dk> <478A601A.3060506@errno.com> <20080113233716.GB14893@zaphod.nitro.dk> In-Reply-To: <20080113233716.GB14893@zaphod.nitro.dk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-DCC--Metrics: ebb.errno.com; whitelist Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/crypto/openssl/crypto/engine eng_cryptodev.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jan 2008 00:05:41 -0000 Simon L. Nielsen wrote: > On 2008.01.13 11:01:46 -0800, Sam Leffler wrote: > >> Simon L. Nielsen wrote: >> >>> On 2008.01.13 11:44:47 +0000, Simon L. Nielsen wrote: >>> >>> >>>> simon 2008-01-13 11:44:47 UTC >>>> >>>> FreeBSD src repository >>>> >>>> Modified files: >>>> crypto/openssl/crypto/engine eng_cryptodev.c Log: >>>> Unbreak detection of cryptodev support for FreeBSD which was broken >>>> with OpenSSL 0.9.8 import. >>>> Note that this does not enable cryptodev by default, as it was the >>>> case with OpenSSL 0.9.7 in FreeBSD base, but this change makes it >>>> possible to enable cryptodev at all. >>>> >>>> >>> With this change it is possible to enable cryptodev by default for >>> openssl(1) with lines like below in etc/ssl/openssl.cnf. >>> Unfortunately openssh does not call the functions to read the config >>> file so it's not possible to enable cryptodev in openssh in a similar >>> fashion. I have yet figure out how to do support cryptodev by default >>> cleanly... >>> > [...] > >> I gave you a patch to make cryptodev the default (if present) w/o modifying >> openssl.cnf. That is how things used to work in freebsd and how things >> work on systems like openbsd. Was there a problem w/ it? >> > > I'm not certain that is the correct way and that it won't have any > other side-effects. I should have found some OpenSSL people to bug > about this, but I haven't gotten around to doing that yet. > Ok, I thought you were going to do that before this commit; hence my question. > Part of what worries me some, is that I can't find out why OpenSSL > stopped just using cryptodev by default, neither in docs nor in the > code. > I would expect openssl folks had no clue they broke it because openbsd doesn't track their code (in this area at least). The only worry I have about my change is if it makes it impossible to override it's use (e.g. via openssl.cnf). If you can override the default then I can see nothing wrong w/ the change and it will "fix ssh". Sam