[EMAIL PROTECTED] - Fri Jul 9 01:06:08 2004]: > I finally decided to make the engine equal to other engines and build as > a shared library. My next step will be extending the OpenSSL_config() > (if necessary) to allow fine-grained loading of specified engines for > apps that support it. But this will go to a new RT item.
OK, but given that your engine can be made 486-proof, in principle I'd have no objection to placing the engine directly into the core code a la the BSD cryptodev implementation. Though perhaps starting off with it as a conventional plug-in would be best, then we could review bundling it into libcrypto later on (a la BSD's cryptodev). > Well, on http://www.logix.cz/michal/devel/padlock/ you can find an > updated version of the PadLock engine module for OpenSSL-CVS. It now > contains all features as does the OpenSSL-0.9.7 version, i.e. AES in all > keylengths and RNG. Cool. > Incorporated is a check for CPUID instruction availability to be safe on > 486 machines (does really somebody still use them?) We have to assume that it's possible, yes. People are using openssl in a variety of environments, and though 486s are rare on the desktop now they're far from extinct in the embedded world. There might even be one or two 386s still roaming wild ... (which poses the question; what about 386-safe?) > and it only builds > with GCC, otherwise an empty module with only a dummy > ENGINE_load_padlock() is compiled. I don't see a reason to limit this > module to Linux-only, IMHO bounding it to GCC-only should be enough. Well in theory you could allow it to be compiler-agnostic too, but the issue is how to ensure the code won't fail compilation or execution for any supported combination. If checking for gcc ensures the code won't burp on anything else, that's fine. Anyone with special needs can always look at extending (and testing) it for other compilers later. > Would you accept it to the CVS in this form or should I change > something? I'll try to find some time soon to comb through the code. If you haven't heard back from me in a week or two, send me a nag in private email. Thanks for carrying out the updates. Cheers, Geoff -- Geoff Thorpe, RT/openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
