Re: [openssl.org #668] [PATCH] Fall back to software if nCipher hardware fails
On Sun, Apr 25, 2004 at 11:18:19PM +0200, Geoff Thorpe via RT wrote: Geoff Thorpe wrote: Could you please adapt the patch for the head of CVS (nightly snapshots can be found on the ftp server) and resubmit? If this is not possible, let me know and perhaps I'll find a moment to have a poke at it. NB: in 0.9.8-dev, the engine implementations are to be found in ./engines/ rather than ./crypto/engine/. I doubt it would require much hacking to port this, but it will require testing the fallback scenarios with the hardware (which I can't do). Please also double check that the shared-lib engine build works too (./config shared). Colin, did you get a chance to update your patch? Oof. No, it turns out I got sucked into other projects entirely and I never did update it; I just found this mail while clearing out my inbox, since this is my last day with nCipher. Sorry for dropping the ball on this one. I think it should be perfectly straightforward to port, as you say. If you need testing, could you contact Mark Knight, cced on this mail? I'm also happy to eyeball the change if contacted at the Reply-To: address, [EMAIL PROTECTED] Regards, -- Colin Watson [EMAIL PROTECTED] Software EngineernCipher Corporation Limited __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #668] [PATCH] Fall back to software if nCipher hardware fails
Could you please adapt the patch for the head of CVS (nightly snapshots can be found on the ftp server) and resubmit? If this is not possible, let me know and perhaps I'll find a moment to have a poke at it. NB: in 0.9.8-dev, the engine implementations are to be found in ./engines/ rather than ./crypto/engine/. I doubt it would require much hacking to port this, but it will require testing the fallback scenarios with the hardware (which I can't do). Please also double check that the shared-lib engine build works too (./config shared). Colin, did you get a chance to update your patch? Cheers, Geoff -- Geoff Thorpe, RT/openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #668] [PATCH] Fall back to software if nCipher hardware fails
Hi there, The patch reads OK and I was about to take a closer look when I realised that it's for 0.9.7. Rereading your original submission, you did note this but I must have glazed over at the time. 0.9.7 is a stable release branch so we're not making feature/functional changes there except for outright bugfixes. Could you please adapt the patch for the head of CVS (nightly snapshots can be found on the ftp server) and resubmit? If this is not possible, let me know and perhaps I'll find a moment to have a poke at it. NB: in 0.9.8-dev, the engine implementations are to be found in ./engines/ rather than ./crypto/engine/. I doubt it would require much hacking to port this, but it will require testing the fallback scenarios with the hardware (which I can't do). Please also double check that the shared-lib engine build works too (./config shared). Cheers, Geoff [EMAIL PROTECTED] - Mon Sep 29 16:22:53 2003]: The following patch adapts that already in #668 to leave software fallback off except when explicitly requested, per Geoff Thorpe's request. [snip] -- Geoff Thorpe, RT/openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #668] [PATCH] Fall back to software if nCipher hardware fails
Hi, Attached is a patch that causes the nCipher hardware support in OpenSSL 0.9.7b to fall back to software computation if a hardware problem is reported, naturally only for software keys. Other hardware implementations do similar things, and there are FIXME comments in 0.9.7b's hw_ncipher.c noting that this should be done. Please let me know if I should produce this patch against a 0.9.8 snapshot as well or instead. [Resending because I wasn't subscribed to openssl-dev first time round; apologies if this arrives twice.] Cheers, -- Colin Watson [EMAIL PROTECTED] Software EngineernCipher Corporation Limited __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]