OpenSSL ENIGNE support for OpenSSH
Darren Tucker
dtucker at zip.com.au
Sun Jul 4 11:39:07 EST 2004
Michal Ludvig wrote:
> attached is a patch that enables using hardware crypto accelerators
> available through OpenSSL library for SSH operations. Especially in
> ssh/sshd it can bring a significant speed improvement. OTOH if no crypto
> engine is available, nothing bad happens and default software crypto
> routines are used.
The ENGINE functionality is not available in all OpenSSL versions that
OpenSSH supports (it's not in 0.9.5 and it's a separate package for
0.9.6), so your patch will fail to compile on those.
I don't know about adding it to the main tree.. comments? If it is, it
should be either detected automatically at build time or be a configure
option (eg --with-ssl-engine). Maybe just something like this in defines.h:
#if defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER > 0x0090700f)
# define USE_OPENSSL_ENGINE
#endif
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list