frederic.donnat at zencod
Oct 23, 2002, 11:50 AM
Post #1 of 3
Enabling RAND redirection on crypto accelerator using OpenSSL ENGINE
A few month ago i submit a patch for redirecting RAND on crypto accelerator for mod-ssl and apache-1.3.x.
A few weeks ago, i see a cvs commit about this on mod-ssl mailing list.
But i see that apache-2.0.x have not been updated.
I post a message for this in mod-ssl dev mailing list, but maybe should i post it somewhere else!
So, in fact the patch is for ssl_engine_init.c file in directory ./modules/ssl.
Just modify functions calls:
- ssl_engine_init ()
- ssl_init_SSLlibrary ()
"ssl_engine_init()" (line 300) should be call earlier, before than "ssl_init_SSLlibrary()" (line 270).
In fact you have to initialyze OpenSSL ENGINE before initialzing the library, due to fact that OpenSSL default function pointer must be set to ENGINE function pointer before library initialisation otherwise you can not modify default settings.
Geoff Thorpe comment:
"ssl_init_SSLLibrary() must be seeding the PRNG, and thus initialising the set-on-first-use pointer in openssl to a default RAND_METHOD."
Cliff Woolley comment:
Well, I can't do anything about 1.3's mod_ssl, but if somebody can verify
for me that the following fixes Apache 2.0's mod_ssl, I'll commit it.
I recently download apache-2.0.x and no change about this ?
So, can anyone tell me more about?
Is this duie to OpenSSL ENGINE change for future release, or anything else?