implement it for nCipher hardware. The interface in itself should be
clear enough, but the nCipher implementation is currently not the
best when it comes to getting a passphrase from the user. However,
getting it better is a little hard until a better user interaction
method is create.
Also, use the possibility in req, so we can start to create CSR's with
keys from the nForce box.
WARNING: I've made *no* tests yet, mostly because I didn't implement
this on the machine where I have an nForce box to play with. All I
know is that it compiles cleanly on Linux...
This is correctly taken care of by hwcrhk_init(). While we're at it, give
this engine the official name of the library used (CHIL, for Cryptographic
Hardware Interface Library).
OpenSSL to have to opt out hardware support instead of having to opt
it in. And since the hardware support modules are self-contained and
actually check that the vendor stuff is loadable, it still works as
expected, or at least, so I think...
It's cute to observe that Atalla having no RSA-specific form of mod_exp
causes a DSA server to achieve about 6 times as many signatures per
second than an RSA server. :-)
Atalla card, you should be able to compile with the "hw-atalla" switch
with "./config" or "perl Configure", and then you can use the command-
line switch "-engine atalla" inside speed, s_cient and s_server (after
checking out note (1)).
Notes:
(1) I've turned on native name translation when loading the shared-
library, but this means that the Unix shared library needs to be
libatasi.so rather than atasi.so. I got around this in my testing
by creating a symbollic link from /usr/lib/libatasi.so to the real
library, but something better will be needed. It also assumes in
win32 that the DLL will be called atasi.dll - but as I don't have
a win32/atalla environment to try I have no idea yet if this is
the case.
(2) Currently DSA verifies are not accelerated because I haven't yet
got a mod_exp-based variant of BN_mod_exp2_mont() that yields
correct results.
(3) Currently the "init()" doesn't fail if the shared library can
load successfully but the card is not operational. In this case,
the ENGINE_init() call will succeed, but all RSA, DSA, DH, and
the two BN_*** operations will fail until the ENGINE is switched
back to something that does work. I expect to correct this next.
(4) Although the API for the Atalla card just has the one crypto
function suggesting an RSA private key operation - this is in
fact just a straight mod_exp function that ignores all the RSA
key parameters except the (private) exponent and modulus. This is
why the only accelerator work is taking place inside the mod_exp
function and there's no optimisation of RSA private key operations
based on CRT etc.
whatever the underlying API is. It must return (void *) because shared
libraries can expose functions, structures, or whatever. However, some
compilers give loads of warnings about casted function pointers through
this code, so I am explicitly casting them to the right prototypes.
OPENSSL_malloc and OPENSSL_free.
* 3 "normal" files (crypto/rsa/rsa_lib.c, crypto/dsa/dsa_lib.c
and crypto/dh/dh_lib.c) had their Malloc's and Free's missed
when Richard merged the changes across to this branch -
probably because those files have been changed in this branch
and gave some grief to the merge - so I've changed them
manually here.
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages. That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.
This change includes all the name changes needed throughout all C files.
structures and functions for each stack type. The previous behaviour
can be enabled by configuring with the "-DDEBUG_SAFESTACK" option.
This will also cause "make update" (mkdef.pl in particular) to
update the libeay.num and ssleay.num symbol tables with the number of
extra functions DEBUG_SAFESTACK creates.
The way this change works is to accompany each DECLARE_STACK_OF()
macro with a set of "#define"d versions of the sk_##type##_***
functions that ensures all the existing "type-safe" stack calls are
precompiled into the underlying stack calls. The presence or abscence
of the DEBUG_SAFESTACK symbol controls whether this block of
"#define"s or the DECLARE_STACK_OF() macro is taking effect. The
block of "#define"s is in turn generated and maintained by a perl
script (util/mkstack.pl) that encompasses the block with delimiting
C comments. This works in a similar way to the auto-generated error
codes and, like the other such maintenance utilities, is invoked
by the "make update" target.
A long (but mundane) commit will follow this with the results of
"make update" - this will include all the "#define" blocks for
each DECLARE_STACK_OF() statement, along with stripped down
libeay.num and ssleay.num files.
yet tighter, and also put some heat on the rest of the library by
insisting (correctly) that compare callbacks used in stacks are prototyped
with "const" parameters. This has led to a depth-first explosion of
compiler warnings in the code where 1 constification has led to 3 or 4
more. Fortunately these have all been resolved to completion and the code
seems cleaner as a result - in particular many of the _cmp() functions
should have been prototyped with "const"s, and now are. There was one
little problem however;
X509_cmp() should by rights compare "const X509 *" pointers, and it is now
declared as such. However, it's internal workings can involve
recalculating hash values and extensions if they have not already been
setup. Someone with a more intricate understanding of the flow control of
X509 might be able to tighten this up, but for now - this seemed the
obvious place to stop the "depth-first" constification of the code by
using an evil cast (they have migrated all the way here from safestack.h).
Fortunately, this is the only place in the code where this was required
to complete these type-safety changes, and it's reasonably clear and
commented, and seemed the least unacceptable of the options. Trying to
take the constification further ends up exploding out considerably, and
indeed leads directly into generalised ASN functions which are not likely
to cooperate well with this.
