SSL -> EVP functions [was: xlat lower/upper]

Alexander Clouter alex at
Tue Sep 21 09:52:47 CEST 2010

Alan DeKok <aland at> wrote:
>> Another patch that Alan will no doubt neglect, others might find it 
>> useful though.
> Already in 2.1.10, via another patch.  This functionality is having 
> enough demand that it's worth doing.
The Little Tin God known as 'Efficiency' is displeased with your 

*Two* if() statements and two additional pointers, -3 to wisdom. :)

Although I do now ponder why I bothered doing an 'upper' function in my 

Now, if you could rewrite all your calls to the OpenSSL library code to 
use EVP functions instead I would be able to use my crypto-accelerators, 
then I say you are ready for a point release.  On a serious note would 
that be a case of me having to do this if I wanted it?

The reason I ask is that I have put FreeRADIUS on an OpenRD[1] 
(replacing the old 600W Dull boxen we have with a £200 7W nicety) and 
although regular non-EAP requests are fast I think the EAP ones are alot 
more expensive CPU wise due to the SSL overhead.  Of course I have not 
profiled anything yet (do you have any profiling data supporting this or 
do I need to generate my own?) so could be wrong.  Anyway, as with most 
ARM/MIPS SoC's they come with lots of goodies, including hardware 

I got OpenSSL using it which is nice, however I then discovered the hard 
way that FreeRADIUS does not use the EVP functions in OpenSSL and so 
offload engines cannot be used.

Would you accept a change like this, or would I be wasting my time 
trying to submit this sort of thing?



Alexander Clouter
.sigmonster says: Don't look back, the lemmings are gaining on you.

More information about the Freeradius-Devel mailing list