From: Tom Biggs <[EMAIL PROTECTED]>
tbiggs> ENGINE experts:
tbiggs>
tbiggs> I'm not very strong in maths so pardon this question
tbiggs> which probably has an obvious answer...
tbiggs> Why do the engines have "Chinese Remainder
tbiggs> Theorem" versions of ModExp? I had assumed
tbiggs> from my quick scan of Schneier's book that CRT was
tbiggs> a shortcut for doing ModExp. But I guess it must
tbiggs> serve some other purpose - what would that be?
Uhmmm, actually I do not recall who added that or why. One answer
could be "because it was there" (same reason as why some people climb
mountains), as a service to whoever would like to use it if available.
tbiggs> What are the calling application's responsibilities
tbiggs> for configuring and enabling the engines? Does anyone
tbiggs> have some example code showing how that works?
tbiggs> Does Apache/mod_ssl support it?
apps/speed.c, if any, should answer that question.
tbiggs> I see some locking going on in the init/deinit code...
tbiggs> does it lock for actual operations? I assume these
tbiggs> cards can only do one operation at a time.
tbiggs> Also, does the ENGINE code assume that it is
tbiggs> the only user of the card? It seems that way
tbiggs> since it takes full responsibility for initializing
tbiggs> the card.
Actually, as it is right now, we lock in the init/deinit functions
because there would otherwise be possible race conditions within
OpenSSL (loading the library and stuff should be interlocked or you
may be badly screwed). For the rest, we simply trust the underlying
vendor library to take care of whatever locking is needed. We can't
really take care of that in the engine code, because that will differ
from one vendor to the other. For example, nCipher's libhwcrhk has a
lot of thread support in itself.
When it comes to access to cards from several processes at the same
time, sorry, that's outside of the scope of OpenSSL or any single
application. Either the vendor must provide a way to take ownership
of the card if that is required, or the interlocking between processes
must be done at a lower level.
tbiggs> The first phase of my project is writing an
tbiggs> ENGINE wrapper for our new crypto accelerator.
Cool!
--
Richard Levitte \ Spannv�gen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
