Please include the patches mentioned below to add support for the VIA PadLock hardware crypto-engine (present on many Mini-ITX boards) to the OpenSSL ebuilds. OpenSSL 0.9.8 http://www.logix.cz/michal/devel/padlock/openssl-0.9.8b-sha.diff OpenSSL 0.9.7 http://www.logix.cz/michal/devel/padlock/openssl-0.9.7d-padlock-glue.diff http://www.logix.cz/michal/devel/padlock/openssl-0.9.7d-padlock-engine.diff
needs to go through upstream: openssl-dev@openssl.org
The patch was already posted there, all found issues were resolved, the patch was re-posted, but there was no further reaction on openssl-dev. See the original post at: http://www.mail-archive.com/openssl-dev@openssl.org/msg20394.html See the new patch which addresses all issues at: http://www.mail-archive.com/openssl-dev@openssl.org/msg21415.html As you can see there was no response for almost two months. I was hoping Gentoo could incorporate this very useful patch quicker than openssl itself. The patch should be removed when openssl itself somes with it, of course.
*** Bug 148629 has been marked as a duplicate of this bug. ***
*** Bug 148784 has been marked as a duplicate of this bug. ***
Many could you provide an ebuild with patch for an overlay ?
s/many/maybe
For who has a crypto engine platform like VIA C3 Padlock, there is an option to enable during the ./configure that enable OpenSSH to use the crypto HW engine. The option is --with-ssl-engine, I have modified the 4.5_p1-r1.ebuild to include this parameter and the system goes well. No code patch, just a simple option to enable in the ebuid. I hope that my experience may help someone. Best regards Franco Tampieri
*** Bug 182719 has been marked as a duplicate of this bug. ***
Please add useflag --with-ssl-engine, I use it in general for all installs of openssl. Otherwise, openssl does not build any engine which is included, i.e. Padlock: openssl engine padlock 12766:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:162:filename(/usr/lib/engines/libpadlock.so): /usr/lib/engines/libpadlock.so: cannot open shared object file: No such file or directory12766:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:12766:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450:12766:error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:415:id=padlock padlock is now included in 0.98 source.
hm, seems it is not working in the newer sources anymore any idea?
*** Bug 185263 has been marked as a duplicate of this bug. ***
What happened with this? This is still an issue, but why has there not been any action for more than two years? Have I missed something? dev-libs/openssl-0.9.8k-r1 does not seem to have padlock support (--with-ssl-engine). In my opinion there should be a USE flag for padlock.
I get: udat ~ # equery list openssl [ Searching for package 'openssl' in all categories among: ] * installed packages [I--] [ ] dev-libs/openssl-0.9.8k (0) udat ~ # openssl engine padlock (padlock) VIA PadLock (no-RNG, ACE) So everything seems to be fine (upstream). IMHO there's no need for a padlock USE flag. If at all, there maybe could be a USE flag to match the "--with-ssl-engine" configure option. But as this option seems to be enabled by default now, I see no real need to add a USE flag. Anyway, this would IMHO be a different issue requiring a new bug report.
(In reply to comment #14) I get: # openssl engine padlock 18964:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:162:filename(/usr/lib/engines/libpadlock.so): /usr/lib/engines/libpadlock.so: cannot open shared object file: No such file or directory 18964:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244: 18964:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450: 18964:error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:415:id=padlock openssl engine (dynamic) Dynamic engine loading support This is with dev-libs/openssl-0.9.8l-r2. According to this page here: http://www.logix.cz/michal/devel/padlock/ IMPORTANT: In certain setups most OpenSSL hardware accelerator drivers (so called engines) are compiled as shared modules. Although PadLock engine is always compiled statically OpenSSL core doesn't know that, tries to load it dynamically and fails. That renders PadLock support in OpenSSL 0.9.8 unusable. Please attach the following patch should you encounter any such problems and recompile your openssl library. Am I missing something here?
*** Bug 300342 has been marked as a duplicate of this bug. ***