Hi, I think ubsec driver in included in FreeBSD release, so you should be able to use the ENGINE related to /dev/crypto. (hw_cryptodev.c)
Ubsec ENGINE should be ok for BroadCom FreebSD driver. I think that you should not mix them. Hope it could help, Fred -----Original Message----- From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Tue 4/19/2005 12:40 PM To: [email protected] Cc: Subject: Re: Using OpenSSL with 'ubsec' hardware on FreeBSD Hi, > Which version of openssl is the ports tree based on? I don't know about > the world version, but the problem with the ports one seems to be (so > far) just a matter of paths. I don't "do bsd", but I assume that tweaking > with LD_LIBRARY_PATH or some such thing ought to be able to convince > openssl to find libubsec.so. Whether the result will be > version-compatible is another issue, but you might be lucky. the ports version is OpenSSL 0.9.7g 11 Apr 2005 (world version is OpenSSL 0.9.7d 17 Mar 2004) the issue with LD_LIBRARY_PATH appears to be void as there is NO libubsec.so on the filesystem. its simply not made. where can I get it from??? (on Redhat and Fedora Core < 3 this file appears in the mystical 'hycrypto' package) I've attempted to actualy make a libubsec.so by hand using the files provided by OpenSSL... eg cd openssl-0.9.7g/crypto/engine cc -o tmp_ubsec.o -I.. -I../.. -I../../include -fPIC -DENGINE_DYNAMIC_SUPPOR T -DOPENSSL_THREADS -pthread -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENS SL_NO_KRB5 -DTERMIOS -DL_ENDIAN -O -pipe -Wl,-rpath,/usr/local/lib -Wall -D SHA1_ASM -DMD5_ASM -DRMD160_ASM -c hw_ubsec.c cc -o tmp_ubsec_err.o -I.. -I../.. -I../../include -fPIC -DENGINE_DYNAMIC_SU PPORT -DOPENSSL_THREADS -pthread -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DO PENSSL_NO_KRB5 -DTERMIOS -DL_ENDIAN -O -pipe -Wl,-rpath,/usr/local/lib -Wal l -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c hw_ubsec_err.c then link this all up as a nice ELF 32-bit LSB shared object... gcc -shared -o dyn_ubsec.so tmp_ubsec.o tmp_ubsec_err.o -L../.. -lcrypto then attempted to actually USE this file as in the docs that OpenSSL provides.. README.ENGINE # /usr/local/bin/openssl engine ubsec -vvvv -pre SO_PATH:./dyn_ubsec.so -t (ubsec) UBSEC hardware engine support [Success]: SO_PATH:./dyn_ubsec.so [ unavailable ] 39977:error:2506406A:DSO support routines:DLFCN_BIND_FUNC:could not bind to the requested symbol name:dso_dlfcn.c:252:symname(ubsec_bytes_to_bits): Undefined symbol "ubsec_bytes_to_bits" 39977:error:2506C06A:DSO support routines:DSO_bind_func:could not bind to the requested symbol name:dso_lib.c:294: 39977:error:84069067:ubsec engine:UBSEC_INIT:dso failure:hw_ubsec.c:418: SO_PATH: Specifies the path to the 'ubsec' shared library (input flags): STRING ...so, failure is still my no.1 success :-) I'm wondering a couple of things. 1) according to some folk, /dev/crypto should *just work* - and, for some userland test tools (eg cryptotest) it does 2) why doesnt openssl just USE the ubsec engine? its been statically compiled in - so it should be able to utilise... or does it HAVE to use the DSO system? Alan ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
<<winmail.dat>>
