On 2005.10.26 at 19:37:34 +0100, upinder singh wrote: > > 2) I have my own C implementation of the AES(rijndael) algo as also of > the SHA-256 hash fn,UMAC,RSA and a PRBG to generate symmetric keys.All > these are software implementations only. > > > > 3)I want to plug in these and use them instead of the implementations > provided as default in the openssl. > > > > 4)What I have figured out so far is that I will have to first make my > own engine for each of the algos I wish to add.This engine would have
You can write just one engine with all the algorithms. Just don't forget to register all these algorithms in engine initialization code, and set engine provided versions as defaults. > 5)Once this is done I would figure out where all the encrytpion algo > is called by the openvpn framework and replace each such call with a > call to my implementation of the algos in openssl. For any well-written application which uses OpenSSL you don't need this. It might be enough to just write openssl.cnf file which tells OpenSSL to load your engine, and set environment variable OPENSSL_CONF pointing to this file. Typically applications, which use libcrypto call so-called EVP layer functions (see EVP manpage in OpenSSL documentation). These functions know about engines and if some non-default engine is loaded and initalized, they would use engine-provided implementation of algorithms. If application is not so well-written (I haven't seen OpenVPN code) you might have to fix some initialization code. Or you may choose to load your engine explictiely from application code, not relying on environment variables and configuration files. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
