- Jun 29, 2000
-
-
Richard Levitte authored
-
- Jun 26, 2000
-
-
Richard Levitte authored
-
Geoff Thorpe authored
the one line turns an error return value into a success return value. :-) "openssl speed -engine hwcrhk rsa1024" now passes through ok.
-
Geoff Thorpe authored
-
- Jun 23, 2000
-
-
Richard Levitte authored
fixes.
-
- Jun 20, 2000
-
-
Geoff Thorpe authored
-
Geoff Thorpe authored
correct the DSO-dependant code in the engine code.
-
- Jun 19, 2000
-
-
Richard Levitte authored
of dynamic lock support in the nCipher code.
-
Richard Levitte authored
of dynamic lock support in the nCipher code.
-
Richard Levitte authored
-
- Jun 15, 2000
-
-
Geoff Thorpe authored
now less so.
-
Geoff Thorpe authored
Atalla code to see if the accelerator is running. (2) Turn some spaces into tabs.
-
Geoff Thorpe authored
It's cute to observe that Atalla having no RSA-specific form of mod_exp causes a DSA server to achieve about 6 times as many signatures per second than an RSA server. :-)
-
- Jun 14, 2000
-
-
Geoff Thorpe authored
-
Geoff Thorpe authored
Atalla card, you should be able to compile with the "hw-atalla" switch with "./config" or "perl Configure", and then you can use the command- line switch "-engine atalla" inside speed, s_cient and s_server (after checking out note (1)). Notes: (1) I've turned on native name translation when loading the shared- library, but this means that the Unix shared library needs to be libatasi.so rather than atasi.so. I got around this in my testing by creating a symbollic link from /usr/lib/libatasi.so to the real library, but something better will be needed. It also assumes in win32 that the DLL will be called atasi.dll - but as I don't have a win32/atalla environment to try I have no idea yet if this is the case. (2) Currently DSA verifies are not accelerated because I haven't yet got a mod_exp-based variant of BN_mod_exp2_mont() that yields correct results. (3) Currently the "init()" doesn't fail if the shared library can load successfully but the card is not operational. In this case, the ENGINE_init() call will succeed, but all RSA, DSA, DH, and the two BN_*** operations will fail until the ENGINE is switched back to something that does work. I expect to correct this next. (4) Although the API for the Atalla card just has the one crypto function suggesting an RSA private key operation - this is in fact just a straight mod_exp function that ignores all the RSA key parameters except the (private) exponent and modulus. This is why the only accelerator work is taking place inside the mod_exp function and there's no optimisation of RSA private key operations based on CRT etc.
-
Richard Levitte authored
wrong. Additionally, just give a new value to hndidx once.
-
Geoff Thorpe authored
whatever the underlying API is. It must return (void *) because shared libraries can expose functions, structures, or whatever. However, some compilers give loads of warnings about casted function pointers through this code, so I am explicitly casting them to the right prototypes.
-
Geoff Thorpe authored
(initiated by ./config and the presence of SDK headers) are conflicting.
-
Geoff Thorpe authored
should be NULL'd out.
-
- Jun 13, 2000
-
-
Geoff Thorpe authored
engine list if HW_NCIPHER is defined. I want to play :-)
-
Richard Levitte authored
- implemented nCipher support via the nfhwcrhk library (not well tested). - make update + make depend
-
- Jun 09, 2000
-
-
Geoff Thorpe authored
OPENSSL_malloc and OPENSSL_free. * 3 "normal" files (crypto/rsa/rsa_lib.c, crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c) had their Malloc's and Free's missed when Richard merged the changes across to this branch - probably because those files have been changed in this branch and gave some grief to the merge - so I've changed them manually here.
-
- Jun 08, 2000
-
-
Richard Levitte authored
-
- Jun 01, 2000
-
-
cvs2svn authored
-
Richard Levitte authored
like Malloc, Realloc and especially Free conflict with already existing names on some operating systems or other packages. That is reason enough to change the names of the OpenSSL memory allocation macros to something that has a better chance of being unique, like prepending them with OPENSSL_. This change includes all the name changes needed throughout all C files.
-
Ulf Möller authored
-
Ulf Möller authored
-
Richard Levitte authored
-
Ulf Möller authored
Submitted by: Karsten Spang <ks@bellesystems.com>
-
Richard Levitte authored
Contributed by Yoichiro Okabe <okabe@wizsoft.co.jp>
-
Geoff Thorpe authored
libeay.num and ssleay.num.
-
Geoff Thorpe authored
structures and functions for each stack type. The previous behaviour can be enabled by configuring with the "-DDEBUG_SAFESTACK" option. This will also cause "make update" (mkdef.pl in particular) to update the libeay.num and ssleay.num symbol tables with the number of extra functions DEBUG_SAFESTACK creates. The way this change works is to accompany each DECLARE_STACK_OF() macro with a set of "#define"d versions of the sk_##type##_*** functions that ensures all the existing "type-safe" stack calls are precompiled into the underlying stack calls. The presence or abscence of the DEBUG_SAFESTACK symbol controls whether this block of "#define"s or the DECLARE_STACK_OF() macro is taking effect. The block of "#define"s is in turn generated and maintained by a perl script (util/mkstack.pl) that encompasses the block with delimiting C comments. This works in a similar way to the auto-generated error codes and, like the other such maintenance utilities, is invoked by the "make update" target. A long (but mundane) commit will follow this with the results of "make update" - this will include all the "#define" blocks for each DECLARE_STACK_OF() statement, along with stripped down libeay.num and ssleay.num files.
-
Geoff Thorpe authored
yet tighter, and also put some heat on the rest of the library by insisting (correctly) that compare callbacks used in stacks are prototyped with "const" parameters. This has led to a depth-first explosion of compiler warnings in the code where 1 constification has led to 3 or 4 more. Fortunately these have all been resolved to completion and the code seems cleaner as a result - in particular many of the _cmp() functions should have been prototyped with "const"s, and now are. There was one little problem however; X509_cmp() should by rights compare "const X509 *" pointers, and it is now declared as such. However, it's internal workings can involve recalculating hash values and extensions if they have not already been setup. Someone with a more intricate understanding of the flow control of X509 might be able to tighten this up, but for now - this seemed the obvious place to stop the "depth-first" constification of the code by using an evil cast (they have migrated all the way here from safestack.h). Fortunately, this is the only place in the code where this was required to complete these type-safety changes, and it's reasonably clear and commented, and seemed the least unacceptable of the options. Trying to take the constification further ends up exploding out considerably, and indeed leads directly into generalised ASN functions which are not likely to cooperate well with this.
-
Geoff Thorpe authored
same one). However, the first will temporarily break things until the second comes through. :-) The safestack.h handling was mapping compare callbacks that externally are of the type (int (*)(type **,type **)) into the underlying callback type used by stack.[ch], which is (int (*)(void *,void *)). After some degree of digging, it appears that the callback type in the underlying stack code should use double pointers too - when the compare operations are invoked (from sk_find and sk_sort), they are being used by bsearch and qsort to compare two pointers to pointers. This change corrects the prototyping (by only casting to the (void*,void*) form at the moment it is needed by bsearch and qsort) and makes the mapping in safestack.h more transparent. It also changes from "void*" to "char*" to stay in keeping with stack.[ch]'s assumed base type of "char". Also - the "const" situation was that safestack.h was throwing away "const"s, and to c...
-
Ulf Möller authored
-
- May 31, 2000
-
-
Bodo Möller authored
-
Bodo Möller authored
-
Ulf Möller authored
-
Ulf Möller authored
-
Richard Levitte authored
-