On 2008.01.07 at 23:05:09 -0500, Thor Lancelot Simon wrote: > The engine interface operates at too low a layer to directly accellerate > HMAC. This is unfortunate since it means even on hosts with crypto > hardware that can do HMAC quite fast, it ends up using raw digest operations > and being slower than software (because of the system call overhead to do > each digest operation of the HMAC). > > The result is that a number of engines disable all hash accelleration. > > What would be a reasonable way to fix this? I will gladly contribute the > code back to OpenSSL if I can get any kind of feedback that it would be > accepted.
Really, it is already fixed in current 0.9.9 build. There is a way to provide arbitrary MAC algorithms (not only HMAC) using EVP_PKEY_METHOD and calulate MACs using EVP_DigestSign* API. There is also built-in implementation of HMAC algorithm as PKEY_METHOD, which one may study in order to provide own from the engine. Some time ago I've submited few documentation pages which cover this subjects, but they seems not to get into HEAD. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
