-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Geoff Thorpe via RT wrote:
>>On non-i386 ENGINE_load_padlock() immediately returns and the rest is >>also #ifdef'ed and compiles only on i386. > > OK, one quick observation right off - you'd probably need to home this > in on linux-x86, as non-linux platforms (and/or compilers) would > probably croak on some or all of this. Particularly with the use of > "__func__". :-) > >>OTOH the startup check for PadLock availability is really quick and >>simple - only two 'cpuid' instructions and parsing their output. No need >>to dlopen() other libraries, no need to wait for hardware >>initialization, etc. IMHO it could be safely compiled in... > > Can be this be made 486-safe? If so, and the code was made friendlier to > non-linux x86 kernels (and non-gcc compilers), we'd be up and running. Hi again, I finally decided to make the engine equal to other engines and build as a shared library. My next step will be extending the OpenSSL_config() (if necessary) to allow fine-grained loading of specified engines for apps that support it. But this will go to a new RT item. Well, on http://www.logix.cz/michal/devel/padlock/ you can find an updated version of the PadLock engine module for OpenSSL-CVS. It now contains all features as does the OpenSSL-0.9.7 version, i.e. AES in all keylengths and RNG. Incorporated is a check for CPUID instruction availability to be safe on 486 machines (does really somebody still use them?) and it only builds with GCC, otherwise an empty module with only a dummy ENGINE_load_padlock() is compiled. I don't see a reason to limit this module to Linux-only, IMHO bounding it to GCC-only should be enough. The PadLock engine doesn't make any nasty syscalls or whatever else that could break on non-Linux. I also added some comments and polished the code a little :-) Would you accept it to the CVS in this form or should I change something? Thanks! Michal Ludvig - -- * A mouse is a device used to point at the xterm you want to type in. * Personal homepage - http://www.logix.cz/michal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA7dLpDDolCcRbIhgRAlHQAKC5A0rCQixrzrWad/Ex0TClUcpX+wCfSo0u ya7iFbQ0kHLtLzg+cdY43Z4= =7Xzn -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
