Message ID | 1492505276-25285-1-git-send-email-gilad@benyossef.com |
---|---|
State | Superseded |
Headers | show |
Hi Gilad, Thanks for you contribution. I have a small comment inline below. On Tue, Apr 18, 2017 at 11:47:56AM +0300, Gilad Ben-Yossef wrote: > Add support for OpenSSH to use a hardware SSL engine if cryptodev-linux is > included. > > Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> > --- > package/openssh/openssh.mk | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk > index f971e99..4a6c516 100644 > --- a/package/openssh/openssh.mk > +++ b/package/openssh/openssh.mk > @@ -28,6 +28,11 @@ endif > > OPENSSH_DEPENDENCIES = zlib openssl > > +ifeq ($(BR2_PACKAGE_CRYPTODEV_LINUX), y) Redundant space before 'y'. > +OPENSSH_DEPENDENCIES += cryptodev-linux > +OPENSSH_CONF_OPTS += --with-ssl-engine > +endif > + > ifeq ($(BR2_PACKAGE_LINUX_PAM),y) > define OPENSSH_INSTALL_PAM_CONF > $(INSTALL) -D -m 644 $(@D)/contrib/sshd.pam.generic $(TARGET_DIR)/etc/pam.d/sshd baruch
Hi Gilad, On 18-04-17 10:47, Gilad Ben-Yossef wrote: > Add support for OpenSSH to use a hardware SSL engine if cryptodev-linux is > included. I haven't checked, but doesn't openssh work equally well with OCF? In that case, you should use "cryptodev" instead of "cryptodev-linux" in both the condition and the DEPENDENCIES line. Also, I'm surprised that this is needed at all, I thought openssh handed off all crypto to openssl, and openssl already has support for cryptodev. Could you explain that point? > > Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> > --- > package/openssh/openssh.mk | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk > index f971e99..4a6c516 100644 > --- a/package/openssh/openssh.mk > +++ b/package/openssh/openssh.mk > @@ -28,6 +28,11 @@ endif > > OPENSSH_DEPENDENCIES = zlib openssl > > +ifeq ($(BR2_PACKAGE_CRYPTODEV_LINUX), y) > +OPENSSH_DEPENDENCIES += cryptodev-linux > +OPENSSH_CONF_OPTS += --with-ssl-engine We generally like to add else OPENSSH_CONF_OPTS += --without-ssl-engine Regards, Arnout > +endif > + > ifeq ($(BR2_PACKAGE_LINUX_PAM),y) > define OPENSSH_INSTALL_PAM_CONF > $(INSTALL) -D -m 644 $(@D)/contrib/sshd.pam.generic $(TARGET_DIR)/etc/pam.d/sshd >
On Tue, Apr 18, 2017 at 12:42 PM, Baruch Siach <baruch@tkos.co.il> wrote: > Hi Gilad, > > Thanks for you contribution. I have a small comment inline below. > > On Tue, Apr 18, 2017 at 11:47:56AM +0300, Gilad Ben-Yossef wrote: ... >> >> +ifeq ($(BR2_PACKAGE_CRYPTODEV_LINUX), y) > > Redundant space before 'y'. > Thanks Baruch, I will fix it and re-send the patch. Gilad
diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk index f971e99..4a6c516 100644 --- a/package/openssh/openssh.mk +++ b/package/openssh/openssh.mk @@ -28,6 +28,11 @@ endif OPENSSH_DEPENDENCIES = zlib openssl +ifeq ($(BR2_PACKAGE_CRYPTODEV_LINUX), y) +OPENSSH_DEPENDENCIES += cryptodev-linux +OPENSSH_CONF_OPTS += --with-ssl-engine +endif + ifeq ($(BR2_PACKAGE_LINUX_PAM),y) define OPENSSH_INSTALL_PAM_CONF $(INSTALL) -D -m 644 $(@D)/contrib/sshd.pam.generic $(TARGET_DIR)/etc/pam.d/sshd
Add support for OpenSSH to use a hardware SSL engine if cryptodev-linux is included. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> --- package/openssh/openssh.mk | 5 +++++ 1 file changed, 5 insertions(+)