Date: Wed, 17 Sep 2008 14:26:32 +0200 From: Ian FREISLICH <ianf@clue.co.za> To: Mike Tancsa <mike@sentex.net> Cc: current@freebsd.org Subject: Re: PATCH: crypto/openssl/crypto/engine/eng_table.c Message-ID: <E1Kfw76-0001dB-Gs@clue.co.za> In-Reply-To: <200809171213.m8HCDMgc043508@lava.sentex.ca> References: <200809171213.m8HCDMgc043508@lava.sentex.ca> <E1Kfs3n-0001CB-EC@clue.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Tancsa wrote: > At 04:06 AM 9/17/2008, Ian Freislich wrote: > >Hi > > > >I had to apply the following patch to fix the engine cache in openssl > >so that it will actually use the padlock driver for accelleration. > >It appears that the original logic was reversed. > > Hi, > For applications (eg sshd), is not > --- crypto/openssl/crypto/engine/eng_cryptodev.c 2008-02-05 > 13:10:31.000000000 -0500 > +++ crypto/openssl/crypto/engine/eng_cryptodev.c.good 2008-08-21 > 13:10:26.000000000 -0400 > @@ -1127,6 +1127,7 @@ > } > > ENGINE_add(engine); > + ENGINE_set_default_ciphers(engine); > ENGINE_free(engine); > ERR_clear_error(); > } > > also necessary ? The patch I posted was sufficient in conjunction with the following addition to /etc/ssl/openssl.cnf: openssl_conf = openssl_def [openssl_def] engines = openssl_engines [openssl_engines] padlock = padlock_engine [padlock_engine] default_algorithms = ALL Ian -- Ian Freislich
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1Kfw76-0001dB-Gs>