Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Apache: Dev

Enabling RAND redirection on crypto accelerator using OpenSSL ENGINE

 

 

Apache dev RSS feed   Index | Previous | View Threaded


frederic.donnat at zencod

Oct 23, 2002, 11:50 AM

Post #1 of 3 (782 views)
Permalink
Enabling RAND redirection on crypto accelerator using OpenSSL ENGINE

Hi all,


A few month ago i submit a patch for redirecting RAND on crypto accelerator for mod-ssl and apache-1.3.x.

A few weeks ago, i see a cvs commit about this on mod-ssl mailing list.
But i see that apache-2.0.x have not been updated.
I post a message for this in mod-ssl dev mailing list, but maybe should i post it somewhere else!

So, in fact the patch is for ssl_engine_init.c file in directory ./modules/ssl.
Just modify functions calls:
- ssl_engine_init ()
- ssl_init_SSLlibrary ()

"ssl_engine_init()" (line 300) should be call earlier, before than "ssl_init_SSLlibrary()" (line 270).

In fact you have to initialyze OpenSSL ENGINE before initialzing the library, due to fact that OpenSSL default function pointer must be set to ENGINE function pointer before library initialisation otherwise you can not modify default settings.

Geoff Thorpe comment:
"ssl_init_SSLLibrary() must be seeding the PRNG, and thus initialising the set-on-first-use pointer in openssl to a default RAND_METHOD."

Cliff Woolley comment:
Well, I can't do anything about 1.3's mod_ssl, but if somebody can verify
for me that the following fixes Apache 2.0's mod_ssl, I'll commit it.


I recently download apache-2.0.x and no change about this ?
So, can anyone tell me more about?
Is this duie to OpenSSL ENGINE change for future release, or anything else?


Regards

Fred


dirkx at webweaving

Jan 1, 1970, 3:46 PM

Post #2 of 3 (736 views)
Permalink
Re: Enabling RAND redirection on crypto accelerator using OpenSSL ENGINE [In reply to]

On Wed, 23 Oct 2002, Frederic DONNAT wrote:

> A few weeks ago, i see a cvs commit about this on mod-ssl mailing list.
> But i see that apache-2.0.x have not been updated.

Good that you noticed this ! Thoug there are many more experts on the
mod-ssl mailing list; this list can propably help you get the code in
apache 2.0 fixed.

Can you:

-> confirm that apache 2.0 needs this ?
-> supply us with a patch with the code for 2.0 ?

Dw


trawick at attglobal

Oct 24, 2002, 5:15 PM

Post #3 of 3 (737 views)
Permalink
Re: Enabling RAND redirection on crypto accelerator using OpenSSL ENGINE [In reply to]

"Frederic DONNAT" <frederic.donnat [at] zencod> writes:

> A few month ago i submit a patch for redirecting RAND on crypto accelerator for mod-ssl and apache-1.3.x.
>
> A few weeks ago, i see a cvs commit about this on mod-ssl mailing list.
> But i see that apache-2.0.x have not been updated.

maintainers of mod_ssl for Apache 1.3 apparently have to time for
Apache 2.0 mod_ssl

> I post a message for this in mod-ssl dev mailing list, but maybe should i post it somewhere else!

yes, if you have a concern about Apache 2.0 mod_ssl please post here,
but note that more skills are on mod-ssl dev mailing list

> So, in fact the patch is for ssl_engine_init.c file in directory ./modules/ssl.
> Just modify functions calls:
> - ssl_engine_init ()
> - ssl_init_SSLlibrary ()
>
> "ssl_engine_init()" (line 300) should be call earlier, before than "ssl_init_SSLlibrary()" (line 270).
>
> In fact you have to initialyze OpenSSL ENGINE before initialzing the library, due to fact that OpenSSL default function pointer must be set to ENGINE function pointer before library initialisation otherwise you can not modify default settings.
>
> Geoff Thorpe comment:
> "ssl_init_SSLLibrary() must be seeding the PRNG, and thus initialising the set-on-first-use pointer in openssl to a default RAND_METHOD."
>
> Cliff Woolley comment:
> Well, I can't do anything about 1.3's mod_ssl, but if somebody can verify
> for me that the following fixes Apache 2.0's mod_ssl, I'll commit it.

apparently nobody verified for Cliff that it fixed the problem with
Apache 2.0

can you verify it?

can you post a patch with the change?

Thanks,

--
Jeff Trawick | trawick [at] attglobal
Born in Roswell... married an alien...

Apache dev RSS feed   Index | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.