[Bug 1707] New: Tweak OpenSSL ENGINE support to use openssl config system

Fri Jan 29 03:52:13 EST 2010

https://bugzilla.mindrot.org/show_bug.cgi?id=1707

           Summary: Tweak OpenSSL ENGINE support to use openssl config
                    system
           Product: Portable OpenSSH
           Version: 5.3p1
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Miscellaneous
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: pizza at shaftnet.org

from the OPENSSL_config manpage:

 "OPENSSL_config() configures OpenSSL using the standard openssl.cnf
  configuration file name using config_name. If config_name is NULL
then
  the default name openssl_conf will be used."
  ...
 "It is strongly recommended that all new applications call
  OPENSSL_config() or the more sophisticated functions such as
  CONF_modules_load() during initialization (that is before starting
any
  threads). By doing this an application does not need to keep track of
  all configuration options and some new functionality can be supported
  automatically."

The attached patch adds a call to OPENSSL_config() at the end of the
calls to the ENGINE initialization.  If the sysadmin has enabled
hardware accelerated crypto support in the openssl.cnf file, openssh
will use those settings.

Without this patch, unless the sysadmin has hardwired the openssl
libraries to default to a hardware crypto engine, openssh cannot take
advantage of said engine.

With this patch and the appropriate openssl.cnf tweaks, I easily double
the throughput of scp on a system with a VIA Padlock crypto engine.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.