[openssl.org #2840] [PATCH] Restore alg_section to 1.0.1c

2012-06-27 09:39:33.408683861 -0400 @@ -76,5 +76,6 @@ #ifndef OPENSSL_NO_ENGINE ENGINE_add_conf_module(); #endif + EVP_add_alg_module(); } -- David McCullough, david_mccullo...@mcafee.com, Ph:+61 734352815 McAfee - SnapGear http://www.mcafee.com

[PATCH] Restore alg_section to 1.0.1c

2012-06-27 09:39:33.408683861 -0400 @@ -76,5 +76,6 @@ #ifndef OPENSSL_NO_ENGINE ENGINE_add_conf_module(); #endif + EVP_add_alg_module(); } -- David McCullough, david_mccullo...@mcafee.com, Ph:+61 734352815 McAfee - SnapGear http://www.mcafee.com

Re: [CVS] OpenSSL: openssl/crypto/engine/ eng_cryptodev.c

of it. It was permanently disabled. I am trying to get some more time to revisit that patch for you guys, hopefulyl soon :-) Cheers, Davidm -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org

Re: Any known issues with cryptodev digests in 0.9.8k?

-- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org __ OpenSSL Project http://www.openssl.org

Re: [openssl.org #1974] [PATCH 12/14] Config option for cryptodev on other OS's (+ hash)

guess this is somehow a remanent of working around that, sorry for the noise :-( Short answer, drop the fd changes in the patch. Thanks, Davidm -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org

Re: [openssl.org #1973] [PATCH 11/14] Ensure 'make links' gets all headers correctly.

not, I'll find a better way, Cheers, Davidm -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org __ OpenSSL Project

Re: [openssl.org #1973] [PATCH 11/14] Ensure 'make links' gets all headers correctly.

not, I'll find a better way, Cheers, Davidm -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org __ OpenSSL Project

Re: [openssl.org #1968] [PATCH 06/14] Allow overriding of settings for cross compilation.

. If this change is not suitable that ok. I still feel that in a cross compiled embedded system, the output of uname on the build host is next to useless information for most decision making. It's possible for same target to be built on a Windows/Linux/BSD/whatever system. Cheers, Davidm -- David

Re: [openssl.org #1968] [PATCH 06/14] Allow overriding of settings for cross compilation.

. If this change is not suitable that ok. I still feel that in a cross compiled embedded system, the output of uname on the build host is next to useless information for most decision making. It's possible for same target to be built on a Windows/Linux/BSD/whatever system. Cheers, Davidm -- David

Re: [openssl.org #1974] [PATCH 12/14] Config option for cryptodev on other OS's (+ hash)

Jivin Thor Lancelot Simon lays it down ... On Thu, Jul 02, 2009 at 12:28:36AM +0200, David McCullough via RT wrote: The reason the option exists is that in all but the most unusual cases, using cryptodev hashing via some HW device is not worth it by any measure. There are some people

[PATCH 02/14] Only use gcc if CC has not been provided.

!= ]; then # then strip off whatever prefix egcs prepends the number with... # Hopefully, this will work for any future prefixes as well. -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org

[PATCH 06/14] Allow overriding of settings for cross compilation.

it is has a braindamaged uname. -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org __ OpenSSL Project

[PATCH 10/14] Add support for building with the uClinux-dist.

:-0} -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org __ OpenSSL Project http

[PATCH 02/14] Only use gcc if CC has not been provided. (RESEND)

!= ]; then # then strip off whatever prefix egcs prepends the number with... # Hopefully, this will work for any future prefixes as well. -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org

[openssl.org #1963] [PATCH 01/14] Build should fail if makedepend is not present.

If makedepend fails (for example, if it isn't in the path), then domd should fail so the build can stop on the error. Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear

[openssl.org #1964] [PATCH 02/14] Only use gcc if CC has not been provided.

When cross compiling for embedded targets gcc is unlikely to be the best choice of compiler for making decisions. Only use gcc if CC is not provided. Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html -- David McCullough, david_mccullo...@securecomputing.com, Ph

[openssl.org #1965] [PATCH 03/14] Make sure defines to remove SHA are correct.

Some combinations of algorithm removal cause compilation errors. Fix this case for SHA/SHA1. Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.com

[openssl.org #1966] [PATCH 04/14] Ensure OCSP can be disabled.

Some support for OCSP was not ifdef'd and prevents its exclusion from openssl via the config options. Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http

[openssl.org #1967] [PATCH 05/14] Do not run off the end of the params array.

Do not run off the end of the RSA params arrays freeing values or we will crash (or worse, corrupt the heap). Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http

[openssl.org #1968] [PATCH 06/14] Allow overriding of settings for cross compilation.

Allow the build environment to override settings such as MACHINE etc so that cross compilation for embedded systems is much easier. Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee

[openssl.org #1970] [PATCH 08/14] Fix unused variable words and uninited data b.

words was unused (compiler warning) remove it. b was uninited memory causing us to generate bogus numbers to pass into cryptodev. Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee

[openssl.org #1971] [PATCH 09/14] Only test speeds up to 4K packets.

Change the speed test to only test sizes up to 4096. Most cryptodev HW drivers fail with 8192 sized requests. 4K seems like a reasonable limit to test up to. Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html -- David McCullough, david_mccullo

[openssl.org #1972] [PATCH 10/14] Add support for building with the uClinux-dist.

Add support for building within the uClinux-dist cross-compile framework for embedded systems (with and without MMU). Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear

[openssl.org #1973] [PATCH 11/14] Ensure 'make links' gets all headers correctly.

Needed to include all the headers in the links target to get openssl cross compiling nicely within the uClinux-dist. Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear

[openssl.org #1974] [PATCH 12/14] Config option for cryptodev on other OS's (+ hash)

hash implementation. Fix up RSA API compliance for rsa_nocrt_mod_exp method while here. Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.com

[openssl.org #1975] [PATCH 13/14] Add support for CPU usage reporting.

get_cpu/calc_cpu functions for other OS's. Also includes a few compile time warning fixes. Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.com

[openssl.org #1976] [PATCH 14/14] Cleanup some compile time warnings/magic numbers.

Cleanup some compile time warnings/magic numbers. Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org diff

Re: [PATCH 09/14] Only test speeds up to 4K packets.

Jivin Thor Lancelot Simon lays it down ... On Tue, Jun 30, 2009 at 12:56:38PM +1000, David McCullough wrote: Change the speed test to only test sizes up to 4096. Most cryptodev HW drivers fail with 8192 sized requests. 4K seems like a reasonable limit to test up

Re: [PATCH 14/14] Cleanup some compile time warnings/magic numbers.

Jivin Tim Rice lays it down ... On Tue, 30 Jun 2009, David McCullough wrote: Cleanup some compile time warnings/magic numbers. --- diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index 186eb36..1e5d3a3 100644 --- a/crypto/engine/eng_cryptodev.c

Re: [openssl.org #1966] [PATCH 04/14] Ensure OCSP can be disabled.

/msg26096.html Note progs.h is auto generated by progs.pl so you need to edit both otherwise progs.h will get overwritten. Thanks for fixing it up, I missed that. Cheers, Davidm -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http

Re: [openssl.org #1966] [PATCH 04/14] Ensure OCSP can be disabled.

/msg26096.html Note progs.h is auto generated by progs.pl so you need to edit both otherwise progs.h will get overwritten. Thanks for fixing it up, I missed that. Cheers, Davidm -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http

Re: [openssl.org #1976] [PATCH 14/14] Cleanup some compile time warnings/magic numbers.

Jivin Green, Paul lays it down ... David McCullough proposed the following patch to crypto/engine/eng_cryptodev.c: (extracted from a larger change set): @@ -428,7 +428,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if ((state-d_fd = get_dev_crypto()) 0

Re: [openssl.org #1974] [PATCH 12/14] Config option for cryptodev on other OS's (+ hash)

for the cryptodev engine related bits. Should they appear in new rt tickets of their own or keep it within this one ? Thanks, Davidm -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org

Re: [openssl.org #1974] [PATCH 12/14] Config option for cryptodev on other OS's (+ hash)

for the cryptodev engine related bits. Should they appear in new rt tickets of their own or keep it within this one ? Thanks, Davidm -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org

[PATCH 00/14] Patches from the ocf-linux and uClinux-dist projects

/pub/uClinux/dist/ -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org __ OpenSSL Project http

[PATCH 01/14] Build should fail if makedepend is not present.

OPENSSL_DOING_MAKEDEPEND $@ \ ${PERL} $TOP/util/clean-depend.pl Makefile Makefile.new +RC=$? fi mv Makefile.new Makefile # unfake the presence of Kerberos rm $TOP/krb5.h + +exit $RC -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.com

[PATCH 03/14] Make sure defines to remove SHA are correct.

); EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org __ OpenSSL

[PATCH 04/14] Ensure OCSP can be disabled.

OPENSSL_NO_MD2 -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org __ OpenSSL Project http

[PATCH 05/14] Do not run off the end of the params array.

++) { if (kop-crk_param[i].crp_p) free(kop-crk_param[i].crp_p); kop-crk_param[i].crp_p = NULL; -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org

[PATCH 07/14] Use a stronger key when testing algs.

; + sess.key = (caddr_t)123456789abcdefghijklmno; for (i = 0; ciphers[i].id count CRYPTO_ALGORITHM_MAX; i++) { if (ciphers[i].nid == NID_undef) -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.com

[PATCH 08/14] Fix unused variable words and uninited data b.

; crp-crp_p = NULL; @@ -637,6 +637,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) b = malloc(bytes); if (b == NULL) return (1); + memset(b, 0, bytes); crp-crp_p = b; crp-crp_nbits = bits; -- David McCullough, david_mccullo

[PATCH 09/14] Only test speeds up to 4K packets.

]; static double dsa_results[DSA_NUM][2]; #ifndef OPENSSL_NO_ECDSA -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org

[PATCH 11/14] Ensure 'make links' gets all headers correctly.

) gentests: -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org __ OpenSSL Project http

[PATCH 12/14] Config option for cryptodev on other OS's (+ hash)

(); # endif #endif -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org __ OpenSSL Project http

[PATCH 13/14] Add support for CPU usage reporting.

get_cpu(int s) @@ -395,7 +396,6 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) #endif /* OPENSSL_NO_ECDH */ -static int do_cpu = 0; #ifndef HAVE_CPU_USAGE /* stub out the cpu functions if we do not support it */ static void get_cpu(int s) {} -- David

[PATCH 14/14] Cleanup some compile time warnings/magic numbers.

; kop.crk_iparams = 3; - kop.crk_param[3].crp_p = key; + kop.crk_param[3].crp_p = (caddr_t) key; kop.crk_param[3].crp_nbits = keylen * 8; kop.crk_oparams = 1; -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http

Re: [PATCH 00/14] Patches from the ocf-linux and uClinux-dist projects

/dist/ -- David McCullough,  david_mccullo...@securecomputing.com,  Ph:+61 734352815 McAfee - SnapGear  http://www.snapgear.com                 http://www.uCdot.org __ OpenSSL Project

Re: [openssl.org #1957] OpenSSL 0.9.8k Solaris build failure in apps; Makefile variables not quoted

} APPNAME=$$target$(EXE_EXT) OBJECTS=$$target.o \ + CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS=$$target.o \ LIBDEPS=$(PEX_LIBS) $$LIBRARIES $(EX_LIBS) \ link_app.$${shlib_target} -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61

Re: [openssl.org #1957] OpenSSL 0.9.8k Solaris build failure in apps; Makefile variables not quoted

} APPNAME=$$target$(EXE_EXT) OBJECTS=$$target.o \ + CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS=$$target.o \ LIBDEPS=$(PEX_LIBS) $$LIBRARIES $(EX_LIBS) \ link_app.$${shlib_target} -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61

Best version for submitting patches ?

is no problem, Thanks, Davidm -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org __ OpenSSL Project

Re: AES hardware accelerator in OpenSSL with/without OCF

it is being used when you run openssl. Probably best to move this discussion to the ocf-linux mailing list, not sure it belongs on the openssl list ;-) http://lists.sourceforge.net/mailman/listinfo/ocf-linux-users Cheers, Davidm -- David McCullough, david_mccullo...@securecomputing.com

Re: [openssl.org #1823] Linux configuration options for OCF/HAVE_CRYPTODEV needed

to do but haven't got around to. Cheers, Davidm -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 Secure Computing - SnapGear http://www.uCdot.org http://www.snapgear.com __ OpenSSL Project

Re: Crypto engine asynchronously

] - Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1?/min. -- David McCullough, [EMAIL PROTECTED], Ph:+61 734352815 Secure Computing - SnapGear http://www.uCdot.org http://www.cyberguard.com

Re: Crypto engine asynchronously

(that is decryption/encryption of each packet). The cryptodev engine (OpenBSD/FreeBSD/linux) can provide async support so that multiple SSL users are being processed at once. How are you testing the performance ? On box or using networking ? Cheers, Davidm -- David McCullough, [EMAIL