- Jul 07, 2000
-
-
Richard Levitte authored
random numbers generator, always return status 1 since the entropy is already presumably there...
-
Richard Levitte authored
-
Richard Levitte authored
-
Richard Levitte authored
This seems to work, but I'm a little unsure that I got it all right, and would like this to be reviewed.
-
- Jul 06, 2000
-
-
Richard Levitte authored
implement it for nCipher hardware. The interface in itself should be clear enough, but the nCipher implementation is currently not the best when it comes to getting a passphrase from the user. However, getting it better is a little hard until a better user interaction method is create. Also, use the possibility in req, so we can start to create CSR's with keys from the nForce box. WARNING: I've made *no* tests yet, mostly because I didn't implement this on the machine where I have an nForce box to play with. All I know is that it compiles cleanly on Linux...
-
- Jul 05, 2000
-
-
Richard Levitte authored
This is correctly taken care of by hwcrhk_init(). While we're at it, give this engine the official name of the library used (CHIL, for Cryptographic Hardware Interface Library).
-
- Jun 30, 2000
-
-
Richard Levitte authored
-
Richard Levitte authored
Check for missing engine name, and also, do not count up the number of given algorithms when an engine is given
-
Richard Levitte authored
p_CSwift_AttachKeyParam actually returns more than one kind of error. Detect the input size error, treat any that are not specially checked as 'request failed', not as 'provide parameters', and for those, add the actual status code to the error message
-
Richard Levitte authored
Cryptoswitch actually has a few more statuses than SW_OK. Let's provide the possibility for a better granularity in error checking
-
Richard Levitte authored
the configuration parameter 'no-hw'.
-
- Jun 29, 2000
-
-
Richard Levitte authored
-
Richard Levitte authored
OpenSSL to have to opt out hardware support instead of having to opt it in. And since the hardware support modules are self-contained and actually check that the vendor stuff is loadable, it still works as expected, or at least, so I think...
-
Richard Levitte authored
it functional :-).
-
Richard Levitte authored
-
Richard Levitte authored
-
Richard Levitte authored
logstream.
-
Richard Levitte authored
-
Richard Levitte authored
Rename 'hwcrhk' to 'ncipher' in all public symbols. Redo the logging function so it takes a BIO. Make module-local functions static
-
Richard Levitte authored
-
- Jun 26, 2000
-
-
Richard Levitte authored
-
Geoff Thorpe authored
the one line turns an error return value into a success return value. :-) "openssl speed -engine hwcrhk rsa1024" now passes through ok.
-
Geoff Thorpe authored
-
- Jun 23, 2000
-
-
Richard Levitte authored
fixes.
-
- Jun 20, 2000
-
-
Geoff Thorpe authored
-
Geoff Thorpe authored
correct the DSO-dependant code in the engine code.
-
- Jun 19, 2000
-
-
Richard Levitte authored
of dynamic lock support in the nCipher code.
-
Richard Levitte authored
of dynamic lock support in the nCipher code.
-
Richard Levitte authored
-
- Jun 15, 2000
-
-
Geoff Thorpe authored
now less so.
-
Geoff Thorpe authored
Atalla code to see if the accelerator is running. (2) Turn some spaces into tabs.
-
Geoff Thorpe authored
It's cute to observe that Atalla having no RSA-specific form of mod_exp causes a DSA server to achieve about 6 times as many signatures per second than an RSA server. :-)
-
- Jun 14, 2000
-
-
Geoff Thorpe authored
-
Geoff Thorpe authored
Atalla card, you should be able to compile with the "hw-atalla" switch with "./config" or "perl Configure", and then you can use the command- line switch "-engine atalla" inside speed, s_cient and s_server (after checking out note (1)). Notes: (1) I've turned on native name translation when loading the shared- library, but this means that the Unix shared library needs to be libatasi.so rather than atasi.so. I got around this in my testing by creating a symbollic link from /usr/lib/libatasi.so to the real library, but something better will be needed. It also assumes in win32 that the DLL will be called atasi.dll - but as I don't have a win32/atalla environment to try I have no idea yet if this is the case. (2) Currently DSA verifies are not accelerated because I haven't yet got a mod_exp-based variant of BN_mod_exp2_mont() that yields correct results. (3) Currently the "init()" doesn't fail if the shared library can load successfully but the card is not operational. In this case, the ENGINE_init() call will succeed, but all RSA, DSA, DH, and the two BN_*** operations will fail until the ENGINE is switched back to something that does work. I expect to correct this next. (4) Although the API for the Atalla card just has the one crypto function suggesting an RSA private key operation - this is in fact just a straight mod_exp function that ignores all the RSA key parameters except the (private) exponent and modulus. This is why the only accelerator work is taking place inside the mod_exp function and there's no optimisation of RSA private key operations based on CRT etc.
-
Richard Levitte authored
wrong. Additionally, just give a new value to hndidx once.
-
Geoff Thorpe authored
whatever the underlying API is. It must return (void *) because shared libraries can expose functions, structures, or whatever. However, some compilers give loads of warnings about casted function pointers through this code, so I am explicitly casting them to the right prototypes.
-
Geoff Thorpe authored
(initiated by ./config and the presence of SDK headers) are conflicting.
-
Geoff Thorpe authored
should be NULL'd out.
-
- Jun 13, 2000
-
-
Geoff Thorpe authored
engine list if HW_NCIPHER is defined. I want to play :-)
-
Richard Levitte authored
- implemented nCipher support via the nfhwcrhk library (not well tested). - make update + make depend
-