tnozaki / NetBSD / issues / #153 - [OpenSSL-1.0.2] TNF local patch - enable opencrypto(9)'s hardware cryptodev engine support

Takehiko NOZAKI reporter

changed status to resolved

BUGFIX: Issue ~~#153~~ - enable opencrypto(9)'s hardware cryptodev engine support

make cryptodev engine work with N**BSD's opencrypto(9), apply TNF's local patch with some modification. also disable OpenBSD, cause they stopped userland cryptodev support a few years ago.

original commit messages: http://mail-index.netbsd.org/source-changes/2005/12/31/0002.html http://mail-index.netbsd.org/source-changes/2007/03/04/0026.html http://mail-index.netbsd.org/source-changes/2008/01/25/msg001284.html http://mail-index.netbsd.org/source-changes/2008/01/26/msg001374.html

enable cryptodev.

eliminate caddr_t

Some minor opencrypto fixes, one with a major performance impact for OpenSSL:

1) Fix extremely misleading text in crypto.4 manual page so it does not appear to claim that a new cloned file descriptor is required for every session.

2) Fix severe performance problem (and fd leak!) in openssl cryptodev engine resulting from misunderstanding probably caused by said manual page text.

3) Check for session-ID wraparound in kernel cryptodev provider. Also, start allocating sessions at 1, not 0 -- this will be necessary when we add ioctls for the creation of multiple sessions at once, so we can tell which if any creations failed.

CRIOGET is gone. Saves one ioctl per session.

→ <<cset 02fe79bd6097b0f5efd4d992885b3559ac0c937e>>

2019-07-09T08:51:15+00:00

Comments (2)

Takehiko NOZAKI reporter
- marked as enhancement
- 2019-07-09T04:50:39+00:00
Takehiko NOZAKI reporter
- changed status to resolved
BUGFIX: Issue ~~#153~~ - enable opencrypto(9)'s hardware cryptodev engine support

make cryptodev engine work with N**BSD's opencrypto(9), apply TNF's local patch with some modification. also disable OpenBSD, cause they stopped userland cryptodev support a few years ago.

original commit messages: http://mail-index.netbsd.org/source-changes/2005/12/31/0002.html http://mail-index.netbsd.org/source-changes/2007/03/04/0026.html http://mail-index.netbsd.org/source-changes/2008/01/25/msg001284.html http://mail-index.netbsd.org/source-changes/2008/01/26/msg001374.html

enable cryptodev.

eliminate caddr_t

Some minor opencrypto fixes, one with a major performance impact for OpenSSL:

1) Fix extremely misleading text in crypto.4 manual page so it does not appear to claim that a new cloned file descriptor is required for every session.

2) Fix severe performance problem (and fd leak!) in openssl cryptodev engine resulting from misunderstanding probably caused by said manual page text.

3) Check for session-ID wraparound in kernel cryptodev provider. Also, start allocating sessions at 1, not 0 -- this will be necessary when we add ioctls for the creation of multiple sessions at once, so we can tell which if any creations failed.

CRIOGET is gone. Saves one ioctl per session.

→ <<cset 02fe79bd6097b0f5efd4d992885b3559ac0c937e>>
- 2019-07-09T08:51:15+00:00
Log in to comment