RE: Engine/pkcs#11: are the mod_exp functions required?

Mon, 12 Mar 2001 17:10:03 -0800 

I haven't implemented these in the context of an ENGINE, but have for
earlier versions of OpenSSL via RSA_METHOD.  I assume that the ENGINE is
similar to RSA_METHOD.  I left these mod_exp function pointers NULL since
rsa_eay.c checks if it is non-NULL before calling it.  If it is NULL, it
uses the other functions that you've provided instead.  Try it and see if it
works.
Steven
--
Steven Reddie <[EMAIL PROTECTED]>
Senior Software Engineer
Computer Associates Pty Ltd (Australia)


> -----Original Message-----
> From: Martin Kraemer [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, March 13, 2001 2:11 AM
> To:   [EMAIL PROTECTED]
> Subject:      Engine/pkcs#11: are the mod_exp functions required?
> 
> Hi,
> 
> I am trying to add support for a hardware engine which is tied to the
> pkcs#11 api. In the ENGINE structure (and the RSA, DSA, DH methods) I
> find pointers to functions implementing the modular exponentiation, and
> the chinese remainder theorem. Also, the existing engines bring their
> own copy of the mod_exp functions, sometimes based on hardware support,
> sometimes implemented in terms of BN calls.
> 
> As pkcs#11 seems not to support a mod_exp functionality directly, my
> questions are:
> a) is the existence of the functions a requirement for using ENGINEs?
>    Not all of them seem to be required, as a comment says "may be null".
>    (when using the high-level interfaces like rsa_pub_enc(), will
>    there still be a hidden call to the mod_exp functions?)
> b) does the pkcs#11 api offer a "hidden" mod_exp functionality, like
>    when using the "raw X.509 rsa" mechanism?
> c) iff the functions must be present, will the whole speed gain be lost
>    if I call the software openssl_mod_exp functions?
> 
> Sorry for my ignorance -- I am not a mathematician.
> 
>    Martin
> -- 
> <[EMAIL PROTECTED]>         |     Fujitsu Siemens
> Fon: +49-89-636-46021, FAX: +49-89-636-41143 | 81730  Munich,  Germany
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to