Hi there, On September 17, 2003 08:14 am, Colin Watson wrote: > On Mon, Jul 28, 2003 at 12:01:08PM +0100, Colin Watson wrote: > > Attached is a patch that causes the nCipher hardware support in > > OpenSSL 0.9.7b to fall back to software computation if a hardware > > problem is reported, naturally only for software keys. Other hardware > > implementations do similar things, and there are FIXME comments in > > 0.9.7b's hw_ncipher.c noting that this should be done. > > Hi, > > Is there anything I can do to speed the acceptance of this patch, or is > it simply stuck in somebody's queue? If there's something suboptimal > about it I'd be more than willing to fix it.
It probably just slipped through the net. If others are like me, they scan over what they can of list mail each day and deal with what they have time for. If yours arrives on a busy day (or during a period when the person who should deal with it is away) then there are good chances it will slip by. Mail lists are UDP, the request tracker is TCP, for a tenuous analogy. Please submit the patch to RT and let me know the ticket number (or have you already done so?); http://www.openssl.org/support/rt2.html I periodically expire old postings from my mail folders so your post of Julie 28 is long since gone - so I can't comment yet on your patch except to say that I think "transparent" falling back to software should not be the default mode of operation. If hardware fails and the user/coder specified that a certain class of operations (RSA, DSA, etc) should be done in hardware, then those certain class of operations should generate appropriate errors. If not, you are doing what you want to do rather than what the user/coder told you to do. In other words, I think the falling back to software should be configurable and should require the blessing of the user or coder. At one level, you can expose a control command in the ENGINE to configure this, and you could also support an environment variable check for "default" behaviour so that precompiled and unconfigurable apps can still be "configured" by the user. Note, these comments are perhaps in contradiction with the current behaviour of one or two ENGINEs already in the source, but that's because I haven't had the time to change them and get the appropriate people (who have the hardware) to verify the results. Anyway, dump your patch into RT and let me know and we'll take a look. Cheers, Geoff -- Geoff Thorpe [EMAIL PROTECTED] http://www.geoffthorpe.net/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
