- marked as enhancement
[OpenSSL-1.0.2] TNF local patch - enable opencrypto(9)'s hardware cryptodev engine support
TNF local patch audit
- crypto/engine/eng_cryptodev.c
- dist/crypto/evp/openbsd_hw.c
original commit message:
http://mail-index.netbsd.org/source-changes/2005/12/31/0002.html
http://mail-index.netbsd.org/source-changes/2007/03/04/0026.html
http://mail-index.netbsd.org/source-changes/2008/01/25/msg001284.html
http://mail-index.netbsd.org/source-changes/2008/01/26/msg001374.html
Comments (2)
-
reporter -
reporter - changed status to resolved
BUGFIX: Issue
- enable opencrypto(9)'s hardware cryptodev engine support#153make cryptodev engine work with N**BSD's opencrypto(9), apply TNF's local patch with some modification. also disable OpenBSD, cause they stopped userland cryptodev support a few years ago.
original commit messages: http://mail-index.netbsd.org/source-changes/2005/12/31/0002.html http://mail-index.netbsd.org/source-changes/2007/03/04/0026.html http://mail-index.netbsd.org/source-changes/2008/01/25/msg001284.html http://mail-index.netbsd.org/source-changes/2008/01/26/msg001374.html
enable cryptodev.
eliminate caddr_t
Some minor opencrypto fixes, one with a major performance impact for OpenSSL:
1) Fix extremely misleading text in crypto.4 manual page so it does not appear to claim that a new cloned file descriptor is required for every session.
2) Fix severe performance problem (and fd leak!) in openssl cryptodev engine resulting from misunderstanding probably caused by said manual page text.
3) Check for session-ID wraparound in kernel cryptodev provider. Also, start allocating sessions at 1, not 0 -- this will be necessary when we add ioctls for the creation of multiple sessions at once, so we can tell which if any creations failed.
CRIOGET is gone. Saves one ioctl per session.
→ <<cset 02fe79bd6097b0f5efd4d992885b3559ac0c937e>>
- Log in to comment