On Sun, Jan 09, 2011, Andrey Kulikov wrote: > Hello, > > I'm exploring how to implement custom engine, and can't undestand the > purpose of EVP_PKEY_derive() function. > It is possible to set pointer to it's implementation using > EVP_PKEY_meth_set_derive() call. > > But it used only in *pkeyutl* command. > It is not used in SSL handshake. > > The only engine which set it is "ccgost", but as I understand in not used at > all. > > According to pkeyutl command documentation it is used for "key derivation > (agreement) operations". > > Could please anyone explain, what it is designed for, and according to which > standard it should be implemented in new engine? > Is it required at all? >
It is implemented in DH and ECDH ENGINEs too. It's purpose is key derivation: where a symmetric key is derived from other keys. This is normally for key agreement algorithms like DH or ECDH. If the algorithm you are implementing doesn't support such an operation you don't need to implement it. The ssl code doesn't currently use the higher level derivation code. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
