>>>>> "Brian" == Brian Wellington via RT <[EMAIL PROTECTED]> writes:
Brian> On Thu, 25 Jan 2001, Niklas Hallqvist via RT wrote:
>> Below is a patch to make bind9 work better with OpenSSL
>> [engine]. There were subtle API differences that were really
>> hard to debug. Unfortunately the OpenSSL people have not
>> marked the engine version with a bit in OPENSSL_VERSION so the
>> only preprocessor symbol that is usable to distinguish the
>> versions is the CRYPTO_LOCK_ENGINE constant.
Brian> What exactly is OpenSSL [engine]? There's nothing obvious
Brian> on the web page. I suppose applying the patch should be
Brian> ok, as long as the API isn't going to change anytime soon.
OpenSSL [engine] is a variant of OpenSSL that can make use of different
computational "engines" for stuff like cryptographic algorithms and
random number generators. The purpose of this version is to enable
the use of hardware devices for expensive computations. Wrt the API
changing, I am not the one to judge that, I will CC: the OpenSSL
development list, maybe someone there can answer. However, you should
know that OpenBSD already has embraced the engine version and has it
integrated in the development sources.
>> However, I would like to see another solution in the long-term,
>> where bind9 could actually make use of a named engine for
>> random numbers and cryptographic algorithms etc. But that's
>> not in my immediate agenda. The engine version of OpenSSL is
>> still in flux anyhow, I believe.
Brian> Could you explain this too? What benefits would there be
Brian> from doing this, when the low-level crypto routines work,
Brian> and the random number algorithms are not used?
The benefit is that access to algorithmic hardware (cryptocards, big
number crunchers, random generators) will be otherwise transparent to
BIND9.
Brian> Thanks, Brian
Brian> --- Headers Follow ---
>> From [EMAIL PROTECTED] Thu Jan 25 10:07:09 2001
Brian> Return-Path: <[EMAIL PROTECTED]> Delivered-To:
Brian> [EMAIL PROTECTED] Received: from isrv3.isc.org
Brian> (isrv3.isc.org [204.152.184.87]) by pub3.rc.vix.com
Brian> (Postfix) with ESMTP id DD0E5430E for
Brian> <[EMAIL PROTECTED]>; Thu, 25 Jan 2001 10:07:08
Brian> -0800 (PST) Received: from shell.nominum.com
Brian> (shell.nominum.com [204.152.187.59]) by isrv3.isc.org
Brian> (8.11.0/8.9.1) via ESMTP id f0PI78O24042 for
Brian> <[EMAIL PROTECTED]>; Thu, 25 Jan 2001 10:07:08 -0800 (PST)
Brian> env-from ([EMAIL PROTECTED]) Received: from
Brian> shell.nominum.com (shell.nominum.com [204.152.187.59]) by
Brian> shell.nominum.com (Postfix) with ESMTP id ED3943190F for
Brian> <[EMAIL PROTECTED]>; Thu, 25 Jan 2001 10:07:07 -0800 (PST)
Brian> Date: Thu, 25 Jan 2001 10:07:07 -0800 (PST) From: Brian
Brian> Wellington <[EMAIL PROTECTED]> To: Niklas
Brian> Hallqvist via RT <[EMAIL PROTECTED]> Subject: Re:
Brian> [ISC-Bugs #709] (bind9) bind9 and OpenSSL In-Reply-To:
Brian> <[EMAIL PROTECTED]> Message-ID:
Brian> <[EMAIL PROTECTED]>
Brian> MIME-Version: 1.0 Content-Type: TEXT/PLAIN;
Brian> charset=US-ASCII X-DCC-MAPS-Metrics: isrv3.isc.org 666;
Brian> IP=0/183 env_From=0/87 From=0/556 Subject=0/1
Brian> Message-ID=0/1 Received=0/1 Body=0/1 Fuz1=0/1
Brian> -------------------------------------------- Managed by
Brian> Request Tracker
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
