Is there any sort of a guide as to what is needed to create an openssl engine?
It's not clear to me what interface needs to be provided nor exactly what functionality can be moved to an engine. I have an idea I'd like to experiment with for an approach to parallelising encryption/decryption (using existing algorithms, such as the various sizes of AES). I'm thinking about how I could multi-thread the encryption, but I don't know if it's possible to do what I'm thinking about as a pluggable option, For example, assuming I wanted to use AES-256 CBC or CFB, I'd like to use the existing openssl code as much as possible without changes, so establishment of sessions, key agreement, etc, use the existing code. I'd want to only supply the block level encryption/decryption once the keys and cipher had been agreed, at which point, block encrypt/decrypt would pass through code I'd supply via the engine. Things such as re-negotiation of keys, message authentication, seesion termination, etc I'd want to use the existing code rather than attempt to roll my own, particularly since I'm thinking of doing a proof-of-concept and it's not impossible that my somewhat hazy ideas arem't actully workable. Can the pluggable engine be used to provide such a limited interface/extention to openssl? I'd only handle the IV and supply block encrypt/decrypt. Does this actually fit the engine interface or is an engine expected at a minimum to provide more than just this rather limited functionality? For anyone who is curious, my interest was sparked by seeing performance problems on some hardware - Sun T52xx servers for example, which have rather limited CPU power, but compensate by having lots of CPUs with support for lots of threads. I've been musing over an idea how to get the block encryption/decryption broken out so that individual blocks can be en/decrypted in separate threads, then marshalled back into a single stream again. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
