Hello, > We are having a dynamic certificate+key generation utility which > generates cert+key as and when it gets requests from our component. > Now we have ported our component to 64-bit but don't want to port this > utility to 64-bit as we are not sure of stabiltiy of 64-bit openssl > dlls. > > What I was thinking was to separate code of the OpenSSL specific to > certificate+key generation into a separate dll and use that (without > using ssleay and libeay dlls). Has anyone ever tried this before or > something similar to this??. I will be voting against this approach :-) To separate code for generating keys and issuing certificates you should get random number generator, big numbers, RSA code, message digests (which is spread in headers i *.c files), X.509 stuff (with ASN.1 code), error queue handling routines, support for threading (if you will need) ... Of course this is possible but will require hard work, code modification in many cases, creating your own make files. When you "Configure" OpenSSL many preprocesor variables is set which have impact on performance and which depends on current operating system (for example in big number library so called "limb" size). You should understand this or get generated opensslconf.h file for each operating system you plan to support. If there will be new OpenSSL version you will have to repeat this process again. In my opinion getting from OpenSSL code for DES, AES, even RSA (big nums, prng and RSA stuff) is easy (C version, asm version are not - there are perl scripts which generates this asm code). Maintenance is next problem, some code does not change much over years (DES, AES, message digest, maybe RSA) but other changes very often (X.509).
In my opinion for this purpose I suggest to use 64-bit OpenSSL "full" library version :-) Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
