Jivin Stephen Henson via RT lays it down ...
> > [david_mccullo...@securecomputing.com - Wed Jul 01 05:41:07 2009]:
> >
> >
> > Jivin Stephen Henson via RT lays it down ...
> > >
> > > The equivalent to the two configure options can be done by including
> > > -Dfoo to Configure, for example Configure [options] -DHAVE_CRYPTODEV
> > .
> >
> > Ok, thats works for me if it's the preferred solution.
> >
>
> OK, that has been added.
>
> It's unfortunate that there is a need to enable digests separately
> because it is possible at the ENGINE level to selectively enable
> algorithm implementations. Presumably this is to cover cases where
> applications just blindly use all algorithms and have no option to avoid
> using digests.
Maybe there is a better way, I am not and openssl expert thats for sure :-)
The reason the option exists is that in all but the most unusual cases,
using cryptodev hashing via some HW device is not worth it by any measure.
There are some people using it, but they have specific applications/needs.
I wasn't aware of a way to allow an engine to selectively support different
combinations of hashes and ciphers, but if there is by all means point me at
it and I will see what I can do to remove that ifdef.
> > > This patch also does considerably more than the above description,
> > > adding new symmetric algorithms, changing the behaviour of existing
> > code
> > > etc. This should preferably be split into smaller patches which can
> > be
> > > more easily analysed with full descriptions of the reasoning for
> > changes.
> >
> > Sorry about that, I'll sync up with whatever changes have gone in and
> > generate new patches for the cryptodev engine related bits.
> >
> > Should they appear in new "rt" tickets of their own or keep it within
> > this
> > one ?
>
> I'll apply some of the bits where I know what they do. The main bit I
> wasn't sure about was the reason for a change to a static fd in
> get_dev_crypto(): there was no comment in the ticket of the patch as to
> why this was done.
No problems, I have the log here, it's just with version changes over
the years the code/reasons get moved around. The log for that change:
Clean up the cryptodev handling to not burn file descriptors or open the
main channel more than needed.
But looking at the code I can't see how it achieves that. I know that
ocf-linux had a lot of kernel issues in this area in the early days and
I can only guess this is somehow a remanent of working around that,
sorry for the noise :-(
Short answer, drop the fd changes in the patch.
Thanks,
Davidm
--
David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815
McAfee - SnapGear http://www.snapgear.com http://www.uCdot.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
