On Sun, Jan 09, 2011, Andrey Kulikov wrote:
Hello,
I'm exploring how to implement custom engine, and can't undestand the
purpose of EVP_PKEY_derive() function.
It is possible to set pointer to it's implementation using
EVP_PKEY_meth_set_derive() call.
But it used only in *pkeyutl* command.
It is not used in SSL handshake.
The only engine which set it is ccgost, but as I understand in not used at
all.
According to pkeyutl command documentation it is used for key derivation
(agreement) operations.
Could please anyone explain, what it is designed for, and according to which
standard it should be implemented in new engine?
Is it required at all?
It is implemented in DH and ECDH ENGINEs too. It's purpose is key derivation:
where a symmetric key is derived from other keys. This is normally for key
agreement algorithms like DH or ECDH. If the algorithm you are implementing
doesn't support such an operation you don't need to implement it.
The ssl code doesn't currently use the higher level derivation code.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
