Build OpenSSL with forced VIA Padlock support - BSD

This is a discussion on Build OpenSSL with forced VIA Padlock support - BSD ; I'm trying to build OpenSSL on FreeBSD 7.0 to always force the use of VIA Padlock engine for the AES algorithms. Does anyone know how this could be done in the ports tree? Thanks!...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Build OpenSSL with forced VIA Padlock support

  1. Build OpenSSL with forced VIA Padlock support

    I'm trying to build OpenSSL on FreeBSD 7.0 to always force the use of VIA
    Padlock engine for the AES algorithms.

    Does anyone know how this could be done in the ports tree?

    Thanks!


  2. Re: Build OpenSSL with forced VIA Padlock support

    On 17 Mar 2008 13:59:16 -0700,
    chainsman@netscape.net wrote:
    > I'm trying to build OpenSSL on FreeBSD 7.0 to always force the use of VIA
    > Padlock engine for the AES algorithms.


    My (limited) understanding of how this works is that openssl will use
    the crypto(9) framework which will then use whatever is available.

    So if I understand you right, is it that you want openssl to exit with
    an error if it cannot find hardware support for AES?


    --
    j p d (at) d s b (dot) t u d e l f t (dot) n l .
    This message was originally posted on Usenet in plain text.
    Any other representation, additions, or changes do not have my
    consent and may be a violation of international copyright law.

  3. Re: Build OpenSSL with forced VIA Padlock support

    In article , jpd says...
    >
    >On 17 Mar 2008 13:59:16 -0700,
    >chainsman@netscape.net wrote:
    >> I'm trying to build OpenSSL on FreeBSD 7.0 to always force the use of VIA
    >> Padlock engine for the AES algorithms.

    >
    >My (limited) understanding of how this works is that openssl will use
    >the crypto(9) framework which will then use whatever is available.


    It does not appear to do that. It just runs the software AES module.

    >So if I understand you right, is it that you want openssl to exit with
    >an error if it cannot find hardware support for AES?


    That would be the extreme solution, but the better solution is to make it prefer
    the hardware solution.
    Right now it does not use the hardware solution unless it's explicitly called
    for by the application (like OpenSSH). I would rather it always provided the
    hardware padlock engine as the first and default selection.


+ Reply to Thread