From owner-cvs-src@FreeBSD.ORG Sun Jan 13 19:01:47 2008 Return-Path: Delivered-To: cvs-src@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CD55516A417; Sun, 13 Jan 2008 19:01:47 +0000 (UTC) (envelope-from sam@errno.com) Received: from ebb.errno.com (ebb.errno.com [69.12.149.25]) by mx1.freebsd.org (Postfix) with ESMTP id 9717A13C469; Sun, 13 Jan 2008 19:01:47 +0000 (UTC) (envelope-from sam@errno.com) Received: from trouble.errno.com (trouble.errno.com [10.0.0.248]) (authenticated bits=0) by ebb.errno.com (8.13.6/8.12.6) with ESMTP id m0DJ1lVK027619 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 13 Jan 2008 11:01:47 -0800 (PST) (envelope-from sam@errno.com) Message-ID: <478A601A.3060506@errno.com> Date: Sun, 13 Jan 2008 11:01:46 -0800 From: Sam Leffler User-Agent: Thunderbird 2.0.0.9 (X11/20071125) MIME-Version: 1.0 To: "Simon L. Nielsen" References: <200801131144.m0DBimYT077701@repoman.freebsd.org> <20080113115947.GA1135@zaphod.nitro.dk> In-Reply-To: <20080113115947.GA1135@zaphod.nitro.dk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-DCC--Metrics: ebb.errno.com; whitelist Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/crypto/openssl/crypto/engine eng_cryptodev.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jan 2008 19:01:47 -0000 Simon L. Nielsen wrote: > On 2008.01.13 11:44:47 +0000, Simon L. Nielsen wrote: > >> simon 2008-01-13 11:44:47 UTC >> >> FreeBSD src repository >> >> Modified files: >> crypto/openssl/crypto/engine eng_cryptodev.c >> Log: >> Unbreak detection of cryptodev support for FreeBSD which was broken >> with OpenSSL 0.9.8 import. >> >> Note that this does not enable cryptodev by default, as it was the >> case with OpenSSL 0.9.7 in FreeBSD base, but this change makes it >> possible to enable cryptodev at all. >> > > With this change it is possible to enable cryptodev by default for > openssl(1) with lines like below in etc/ssl/openssl.cnf. > Unfortunately openssh does not call the functions to read the config > file so it's not possible to enable cryptodev in openssh in a similar > fashion. I have yet figure out how to do support cryptodev by default > cleanly... > > Oh, and I just remembered that I forgot to thank Mike Tancsa / Sentex > for providing hardware used for testing this. So... thanks! :-) > > > > [openssl_init] > engines = engine_section > > [engine_section] > cryptodev = cryptodev_section > > [ cryptodev_section ] > engine_id = cryptodev > default_algorithms = ALL > > > (Note that the above was copied from a config file I haven't touched > in month so I'm 100% the exact section above is enough, but it's > close...) > > I gave you a patch to make cryptodev the default (if present) w/o modifying openssl.cnf. That is how things used to work in freebsd and how things work on systems like openbsd. Was there a problem w/ it? Sam