On Thursday 15 April 2010 17:02:39 Craig Ringer wrote: > Hi folks > > Sorry it's taken me so long to check in with a _tested_ patch to enable > hardware crypto in OpenSSL. > > I just spent six hours getting one of the C3 thin clients at work > booting a usable local Linux install. Their USB HDD support is soooooooo > buggy. I ended up having to solder up a broken 44-pin-to-40-pin IDE > adapter. Argh. Anyway, it's finally running so I should be able to test > out the patched sd. The patch works on hardware _without_ hardware > crypto, it's just hardware with hardware crypto that I've had trouble > getting to. > > Rather than unconditionally enabling hw crypto, though, I'm wondering if > this is something that should really be user-controllable. If we read > openssl.cnf during startup that'd give the user a chance to control > engine use - in particular, to blacklist a known-broken engine that > causes problems.
Yes, I think that is a good idea. It seems to me that the default should be to use hardware encryption if it exists, but it will be important to be able to disable it via a directive, and possibly specify what hardware device is permitted. > > If the unconditional patch works I'll post it, then see if I can get the > sd (at least) to read openssl.cnf and follow up with a second patch. If I understand correctly, your patch adds encryption to the SD. Is that correct? > > Oh, by the way, newer VIA chips like the 2nd revision C7 and the Nano > support hardware SHA-1 and SHA-256 too :-) Hmm. That is also interesting ... Kern > > -- > Craig Ringer > > --------------------------------------------------------------------------- >--- Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Bacula-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/bacula-devel ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Bacula-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/bacula-devel
