On 2006.09.28 at 23:33:53 +0200, Heiko J Schick wrote: > Hello, > > I'm looking into the OpenSSL engine support which was introduced in > OpenSSL version 0.9.6 (or 0.9.7). Is there an official "engine" > specification or HOWTO available? The only document I have found so > far is [1]. As a first start I have looked into the GMP engine > module. If I understand the engine concept correctly I can only use > the following functions and methods within an engine: > > - RSA > - DSA > - ECDH > - ECDSA > - DH > - RAND > > Can I implement block ciphers (e.g. DES, etc.) in an engine module or > is this not supported (by the API implementation) at the moment.
You can at least implement block ciphers and digest algorithns, which are not implemented by OpenSSL itself. OpenSSL uses lhash tables to keep lists of available block ciphers and digest algorithms. You should define your own EVP_CIPHER or EVP_MD structure, fill it with pointers to functions which implement cipher/digest operations and use EVP_add_cipher/EVP_add_digest functions to tell OpenSSL to use your implementation. You can see an example of such engine in the engines/ccgost directory of recent development snapshots of OpenSSL 0.9.9. Public key algorithms in this engine rely on 0.9.9 features, but cipher and digest algorithms are compatible with 0.9.8 implementation. (really there is an implementation of ccgost engine for 0.9.8 on www.cryptocom.ru/OpenSource/OpenSSL_eng.html, but it requires patches for support of adding public key algorithms). Although we never tried to redefine existing cipher algorithms - only to add new ones. > I'm quite new in this area and apologize if this questions makes no > sense or was already answered on the openssl-dev mailing-list. Really there are serious lack of documentation for these advanced areas of OpenSSL usage (I consider writing an engine an advanced usage). I think that if you write documentation on this subject after you figure it out, OpenSSL developers would be glad to include it into distribution. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
