Subject: Making OpenSSLcrypto to use crypto framework
To: None <tech-crypto@netbsd.org>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: tech-pkg
Date: 08/21/2003 20:58:16
[I thoguht I'd sent this to tech-crypto last week, but it disappeared;
possibly some Stanford SMTP lossage with the recent Microsoft worm.]
The following patch should make OpenSSL use the crypto framework,
taking advantage of any configured crypto accelerators. It requires
the file /usr/include/crypto/cryptodev.h, which will shortly be
added to the 'comp' set. At runtime it will need /dev/crypto.
Once that's done, what are our opinions about committing such a patch?
Are there pkgs which should be modified to take account of this ---
Angelos Keromytis suggested that if Apache runs chroot'ed, its chroot
area should have a /dev/crypto created as part of pkg installation (or
at least a note to that effect).
Last, do we have a channel to feed a final patch into the OpenSSL teamn?
Index: crypto/dist/openssl//crypto/engine/eng_all.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/openssl/crypto/engine/eng_all.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 eng_all.c
--- crypto/dist/openssl//crypto/engine/eng_all.c 2003/07/24 08:27:13 1.1.1.1
+++ crypto/dist/openssl//crypto/engine/eng_all.c 2003/08/15 21:09:51
@@ -95,13 +95,13 @@
#ifndef OPENSSL_NO_HW_4758_CCA
ENGINE_load_4758cca();
#endif
-#if defined(__OpenBSD__) || defined(__FreeBSD__)
+#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__NetBSD__)
ENGINE_load_cryptodev();
#endif
#endif
}
-#if defined(__OpenBSD__) || defined(__FreeBSD__)
+#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__NetBSD__)
void ENGINE_setup_bsd_cryptodev(void) {
static int bsd_cryptodev_default_loaded = 0;
if (!bsd_cryptodev_default_loaded) {
Index: crypto/dist/openssl//crypto/engine/hw_cryptodev.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/openssl/crypto/engine/hw_cryptodev.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 hw_cryptodev.c
--- crypto/dist/openssl//crypto/engine/hw_cryptodev.c 2003/07/24 08:27:19 1.1.1.1
+++ crypto/dist/openssl//crypto/engine/hw_cryptodev.c 2003/08/15 21:09:52
@@ -33,9 +33,9 @@
#include <openssl/engine.h>
#include <openssl/evp.h>
-#if (defined(__unix__) || defined(unix)) && !defined(USG)
+#if (defined(__unix__) || defined(unix) || defined(__NetBSD__)) && !defined(USG)
#include <sys/param.h>
-# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
+# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) || (__NetBSD_Version__ >= 106210000)
# define HAVE_CRYPTODEV
# endif
# if (OpenBSD >= 200110)
Index: crypto/dist/openssl//crypto/evp/c_all.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/openssl/crypto/evp/c_all.c,v
retrieving revision 1.1.1.3
diff -u -r1.1.1.3 c_all.c
--- crypto/dist/openssl//crypto/evp/c_all.c 2003/07/24 08:27:27 1.1.1.3
+++ crypto/dist/openssl//crypto/evp/c_all.c 2003/08/15 21:09:52
@@ -74,7 +74,7 @@
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
#ifndef OPENSSL_NO_ENGINE
-# if defined(__OpenBSD__) || defined(__FreeBSD__)
+# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__NetBSD__)
ENGINE_setup_bsd_cryptodev();
# endif
#endif