Skip to content
  1. Jul 07, 2000
  2. Jul 06, 2000
    • Richard Levitte's avatar
      Add the possibility to load prvate and public keys from an engine and · 64c4f573
      Richard Levitte authored
      implement it for nCipher hardware.  The interface in itself should be
      clear enough, but the nCipher implementation is currently not the
      best when it comes to getting a passphrase from the user.  However,
      getting it better is a little hard until a better user interaction
      method is create.
      
      Also, use the possibility in req, so we can start to create CSR's with
      keys from the nForce box.
      
      WARNING: I've made *no* tests yet, mostly because I didn't implement
      this on the machine where I have an nForce box to play with.  All I
      know is that it compiles cleanly on Linux...
      64c4f573
  3. Jul 05, 2000
  4. Jun 30, 2000
  5. Jun 29, 2000
  6. Jun 26, 2000
  7. Jun 23, 2000
  8. Jun 20, 2000
  9. Jun 19, 2000
  10. Jun 15, 2000
  11. Jun 14, 2000
    • Geoff Thorpe's avatar
      Little typo. · f18ef82a
      Geoff Thorpe authored
      f18ef82a
    • Geoff Thorpe's avatar
      This adds Atalla support code to the ENGINE framework. If you have an · cc015c48
      Geoff Thorpe authored
      Atalla card, you should be able to compile with the "hw-atalla" switch
      with "./config" or "perl Configure", and then you can use the command-
      line switch "-engine atalla" inside speed, s_cient and s_server (after
      checking out note (1)).
      
      Notes:
        (1) I've turned on native name translation when loading the shared-
            library, but this means that the Unix shared library needs to be
            libatasi.so rather than atasi.so. I got around this in my testing
            by creating a symbollic link from /usr/lib/libatasi.so to the real
            library, but something better will be needed. It also assumes in
            win32 that the DLL will be called atasi.dll - but as I don't have
            a win32/atalla environment to try I have no idea yet if this is
            the case.
        (2) Currently DSA verifies are not accelerated because I haven't yet
            got a mod_exp-based variant of BN_mod_exp2_mont() that yields
            correct results.
        (3) Currently the "init()" doesn't fail if the shared library can
            load successfully but the card is not operational. In this case,
            the ENGINE_init() call will succeed, but all RSA, DSA, DH, and
            the two BN_*** operations will fail until the ENGINE is switched
            back to something that does work. I expect to correct this next.
        (4) Although the API for the Atalla card just has the one crypto
            function suggesting an RSA private key operation - this is in
            fact just a straight mod_exp function that ignores all the RSA
            key parameters except the (private) exponent and modulus. This is
            why the only accelerator work is taking place inside the mod_exp
            function and there's no optimisation of RSA private key operations
            based on CRT etc.
      cc015c48
    • Richard Levitte's avatar
      Geoff inspired me to nullify some pointers if initialisation went · 9a405105
      Richard Levitte authored
      wrong.  Additionally, just give a new value to hndidx once.
      9a405105
    • Geoff Thorpe's avatar
      DSO_bind() is effectively a method-specific wrapper for dlopen() or · 4c4ea428
      Geoff Thorpe authored
      whatever the underlying API is. It must return (void *) because shared
      libraries can expose functions, structures, or whatever. However, some
      compilers give loads of warnings about casted function pointers through
      this code, so I am explicitly casting them to the right prototypes.
      4c4ea428
    • Geoff Thorpe's avatar
      I'm working on Atalla ENGINE code, and the existing bn_exp.c hooks · 28e94dc7
      Geoff Thorpe authored
      (initiated by ./config and the presence of SDK headers) are conflicting.
      28e94dc7
    • Geoff Thorpe's avatar
      If initialisation fails for any reason, the global function pointers · f8127435
      Geoff Thorpe authored
      should be NULL'd out.
      f8127435
  12. Jun 13, 2000
  13. Jun 09, 2000
    • Geoff Thorpe's avatar
      * Migrate the engine code's Malloc + Free calls to the newer · 05d909c5
      Geoff Thorpe authored
        OPENSSL_malloc and OPENSSL_free.
      
      * 3 "normal" files (crypto/rsa/rsa_lib.c, crypto/dsa/dsa_lib.c
        and crypto/dh/dh_lib.c) had their Malloc's and Free's missed
        when Richard merged the changes across to this branch -
        probably because those files have been changed in this branch
        and gave some grief to the merge - so I've changed them
        manually here.
      05d909c5
  14. Jun 08, 2000