From owner-freebsd-current@FreeBSD.ORG  Wed Sep 17 12:27:11 2008
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3FB631065684
	for <current@freebsd.org>; Wed, 17 Sep 2008 12:27:11 +0000 (UTC)
	(envelope-from ianf@clue.co.za)
Received: from munchkin.clue.co.za (munchkin.clue.co.za [66.219.59.160])
	by mx1.freebsd.org (Postfix) with ESMTP id 0252B8FC0C
	for <current@freebsd.org>; Wed, 17 Sep 2008 12:27:10 +0000 (UTC)
	(envelope-from ianf@clue.co.za)
DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=20070313; d=clue.co.za;
	h=Received:Received:Received:To:cc:From:Subject:In-Reply-To:References:X-Attribution:Date:Message-Id;
	b=h80KipjtVltbMK5a9M30Jjid/YfzZ0TuS/ToCrcgFccmY6Kf7b4GAca9hT8jSCnlJqh13j3OnpkiNdoed9W1d5MTCuEyrh4rnernQe24zB8ECBItY0OwCTn5JqcKkiooxQZQ3w4/LTjC1bH2S5OlAfuxn/SOwc2yrSpiuhC5J9op2lzvyc9D1EXeLxHa+obccbQw+r82AJu9smNkmDUlJL3LnosNU07zYznT/GwAb9Vks8rnSjaMzSt9+GZeLxMV;
Received: from uucp by munchkin.clue.co.za with local-rmail (Exim 4.67)
	(envelope-from <ianf@clue.co.za>)
	id 1Kfw7i-0002ax-2o; Wed, 17 Sep 2008 12:27:10 +0000
Received: from dsl-241-65-41.telkomadsl.co.za ([41.241.65.41] helo=clue.co.za)
	by urchin.clue.co.za with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69)
	(envelope-from <ianf@clue.co.za>)
	id 1Kfw78-00039D-7V; Wed, 17 Sep 2008 12:26:34 +0000
Received: from localhost ([127.0.0.1] helo=clue.co.za)
	by clue.co.za with esmtp (Exim 4.69 (FreeBSD))
	(envelope-from <ianf@clue.co.za>)
	id 1Kfw76-0001dB-Gs; Wed, 17 Sep 2008 14:26:32 +0200
To: Mike Tancsa <mike@sentex.net>
From: Ian FREISLICH <ianf@clue.co.za>
In-Reply-To: <200809171213.m8HCDMgc043508@lava.sentex.ca> 
References: <200809171213.m8HCDMgc043508@lava.sentex.ca>
	<E1Kfs3n-0001CB-EC@clue.co.za> 
X-Attribution: BOFH
Date: Wed, 17 Sep 2008 14:26:32 +0200
Message-Id: <E1Kfw76-0001dB-Gs@clue.co.za>
Cc: current@freebsd.org
Subject: Re: PATCH: crypto/openssl/crypto/engine/eng_table.c 
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Sep 2008 12:27:11 -0000

Mike Tancsa wrote:
> At 04:06 AM 9/17/2008, Ian Freislich wrote:
> >Hi
> >
> >I had to apply the following patch to fix the engine cache in openssl
> >so that it will actually use the padlock driver for accelleration.
> >It appears that the original logic was reversed.
> 
> Hi,
>          For applications (eg sshd), is not
> --- crypto/openssl/crypto/engine/eng_cryptodev.c        2008-02-05 
> 13:10:31.000000000 -0500
> +++ crypto/openssl/crypto/engine/eng_cryptodev.c.good   2008-08-21 
> 13:10:26.000000000 -0400
> @@ -1127,6 +1127,7 @@
>          }
> 
>          ENGINE_add(engine);
> +       ENGINE_set_default_ciphers(engine);
>          ENGINE_free(engine);
>          ERR_clear_error();
>   }
> 
> also necessary ?

The patch I posted was sufficient in conjunction with the following
addition to /etc/ssl/openssl.cnf:

openssl_conf = openssl_def

[openssl_def]
engines = openssl_engines

[openssl_engines]
padlock = padlock_engine

[padlock_engine]
default_algorithms = ALL


Ian

--
Ian Freislich