On 2007.11.19 at 11:25:46 +0100, Davide Vernizzi wrote: > Hi users, > > is there an easy (or even a not-so-easy) way to use a crypto engine in a > TLS/SSL session? I'd like to use a crypto engine for asymmetric crypto > during the handshake and another engine the for symmetric crypto of data > during the session. > > Anybody can help me?
If you want to use just one engine - it is very easy. I assume you are talking about using engine from your application, you are writing using OpenSSL API. 1. Acquire reference to the engine. Typically, just call ENGINE_by_id - it would work if a) engine is compiled statically into OpenSSL b) You have loaded openssl configuration file using OPENSSL_config(NULL) and engine is described there with explicitely stated dynamic_path c) engine is compiled as shared library and placed into the default engine directory 2. Having reference to engine, initailize it using ENGINE_init 3. Specify algorithms, you want to use from the engine using ENGINE_set_default function. 4. Proceed with tls/ssl as usial. If you load two engines and specify different flags to ENGINE_set_default (say ENGINE_METHOD_RSA | ENGINE_METHOD_RSA | ENGINE_METHOD_ECDSA |ENGINE_METHOD_PKEY_METHS | ENGINE_METHOD_PKEY_ASN1_METHS | ENGINE_METHOD_DH|ENGINE_METHOD_ECDH for one engine and ENGINE_METHOD_CIPHERS | ENGINE_METHOD_DIGESTS for other one it would be precisely what you want - all asymmetric algorithms from one engine and all symmetric from other one. You can use also third engine for ENGINE_METHOD_RAND (random number generation) and fourth for ENGINE_METHOD_STORE. All these constants are for OpenSSL 0.9.9. OpenSSL 0.9.8 supports less methods. > Regards. > > -- > Davide ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
