Jan Pechanec's weblog

A presentation written in July 2009, covering all major enhancements we integrated into SunSSH and with OpenSSL within a period of 01/2008-06/2009. The presentation slides are here.

Vladimir, who made most of the latest changes to the PKCS#11 engine we ship as part of OpenSSL in Solaris, wrote a presentation on the PKCS#11 internals. It's a very interesting read, and since I believe some of you who use the patch actually read the code and modified it (I got some feedback during the last few years), I hope it might be a very useful thing. See Vladimir's OpenSSL PKCS#11 engine TOI blog entry on that. We also plan to properly document the engine directly in the code so that people can understand how it works without reverse engineering the code. However, there is no ETA for that yet.

I didn't generate the patch for OpenSSL 0.9.8k. Given the few changes between 0.9.8j and 0.9.8k it is no suprise that you can apply the PKCS#11 engine patch for 0.9.8j on 0.9.8k.[Read More]

I resynced the ChrootDirectory option from OpenSSH to SunSSH, and pushed the change to the repository today. It wasn't a straightforward resync since we have different privilege separation code. I also found a few very minor issues in the OpenSSH code, and filed bugs with patches (1562, 1564, and 1566). [Read More]

I've updated the PKCS#11 patch for the latest OpenSSL 0.9.8j version. The patch also includes a few minor bug fixes integrated into OpenSolaris since the last patch release. I've also moved the README file out of the patch and created a tarball with those 2 files instead. You can now read the README before applying the patch. The patch is pkcs11_engine-0.9.8j.2009-03-11.tgz.

I co-authored a paper titled: "Transparent Multi-core Cryptographic Support on Niagara CMT Processors" along with James Hughes, Gary Morton, Lawrence Spracklen, Krishna Yenduri, and Christoph Schuba. This has been accepted for the International Workshop on Multicore Software Engineering in Vancouver. Lawrence will present there. Thanks to Christoph who put us together and also assumed a role of an editor of the paper. Christoph's blog entry has more details, including a link to the paper itself.

In my first OpenSolaris blog post, I explained why we decided to add some additional information into the default OpenSSL version string. In the current OpenSolaris 2008.11 release it says:[Read More]

We admit that SunSSH versioning could have been more helpful during the last few years. However, there were a few good reasons for the fact that the version number hasn't changed much... [Read More]