44 lines
1.5 KiB
Text
44 lines
1.5 KiB
Text
|
|
ENGINE
|
|
======
|
|
|
|
With OpenSSL 0.9.6, a new component has been added to support external
|
|
crypto devices, for example accelerator cards. The component is called
|
|
ENGINE, and has still a pretty experimental status and almost no
|
|
documentation. It's designed to be faily easily extensible by the
|
|
calling programs.
|
|
|
|
There's currently built-in support for the following crypto devices:
|
|
|
|
o CryptoSwift
|
|
o Compaq Atalla
|
|
o nCipher CHIL
|
|
|
|
A number of things are still needed and are being worked on:
|
|
|
|
o An openssl utility command to handle or at least check available
|
|
engines.
|
|
o A better way of handling the methods that are handled by the
|
|
engines.
|
|
o Documentation!
|
|
|
|
What already exists is fairly stable as far as it has been tested, but
|
|
the test base has been a bit small most of the time.
|
|
|
|
|
|
No external crypto device is chosen unless you say so. You have actively
|
|
tell the openssl utility commands to use it through a new command line
|
|
switch called "-engine". And if you want to use the ENGINE library to
|
|
do something similar, you must also explicitely choose an external crypto
|
|
device, or the built-in crypto routines will be used, just as in the
|
|
default OpenSSL distribution.
|
|
|
|
|
|
PROBLEMS
|
|
========
|
|
|
|
It seems like the ENGINE part doesn't work too well with Cryptoswift on
|
|
Win32. A quick test done right before the release showed that trying
|
|
"openssl speed -engine cswift" generated errors. If the DSO gets enabled,
|
|
an attempt is made to write at memory address 0x00000002.
|
|
|