On 2006.09.28 at 23:33:53 +0200, Heiko J Schick wrote:

> Hello,
>
> I'm looking into the OpenSSL engine support which was introduced in
> OpenSSL version 0.9.6 (or 0.9.7). Is there an official "engine"
> specification or HOWTO available? The only document I have found so
> far is [1]. As a first start I have looked into the GMP engine
> module. If I understand the engine concept correctly I can only use
> the following functions and methods within an engine:
>
> - RSA
> - DSA
> - ECDH
> - ECDSA
> - DH
> - RAND
>
> Can I implement block ciphers (e.g. DES, etc.) in an engine module or
> is this not supported (by the API implementation) at the moment.


You can at least implement block ciphers and digest algorithns, which
are not implemented by OpenSSL itself.

OpenSSL uses lhash tables to keep lists of available block ciphers and
digest algorithms.

You should define your own EVP_CIPHER or EVP_MD structure, fill it
with pointers to functions which implement cipher/digest operations
and use EVP_add_cipher/EVP_add_digest functions to tell OpenSSL to use
your implementation.

You can see an example of such engine in the engines/ccgost directory
of recent development snapshots of OpenSSL 0.9.9.

Public key algorithms in this engine rely on 0.9.9 features, but
cipher and digest algorithms are compatible with 0.9.8 implementation.
(really there is an implementation of ccgost engine for 0.9.8 on
www.cryptocom.ru/OpenSource/OpenSSL_eng.html, but it requires patches
for support of adding public key algorithms).

Although we never tried to redefine existing cipher algorithms - only to
add new ones.

> I'm quite new in this area and apologize if this questions makes no
> sense or was already answered on the openssl-dev mailing-list.


Really there are serious lack of documentation for these advanced areas
of OpenSSL usage (I consider writing an engine an advanced usage).

I think that if you write documentation on this subject after you figure
it out, OpenSSL developers would be glad to include it into
distribution.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org