projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| b22bda21 RL |
1 | |
| 2 | ENGINE | |
| 3 | ====== | |
| 4 | ||
| 5 | With OpenSSL 0.9.6, a new component has been added to support external | |
| 6 | crypto devices, for example accelerator cards. The component is called | |
| 7 | ENGINE, and has still a pretty experimental status and almost no | |
| 8 | documentation. It's designed to be faily easily extensible by the | |
| 9 | calling programs. | |
| 10 | ||
| 11 | There's currently built-in support for the following crypto devices: | |
| 12 | ||
| 13 | o CryptoSwift | |
| 14 | o Compaq Atalla | |
| 15 | o nCipher CHIL | |
| 55d892e3 | 16 | o Nuron |
| b22bda21 RL |
17 | |
| 18 | A number of things are still needed and are being worked on: | |
| 19 | ||
| b22bda21 RL |
20 | o A better way of handling the methods that are handled by the |
| 21 | engines. | |
| 22 | o Documentation! | |
| 23 | ||
| 24 | What already exists is fairly stable as far as it has been tested, but | |
| 25 | the test base has been a bit small most of the time. | |
| 26 | ||
| b22bda21 RL |
27 | |
| 28 | No external crypto device is chosen unless you say so. You have actively | |
| 29 | tell the openssl utility commands to use it through a new command line | |
| 30 | switch called "-engine". And if you want to use the ENGINE library to | |
| 31 | do something similar, you must also explicitely choose an external crypto | |
| 32 | device, or the built-in crypto routines will be used, just as in the | |
| 33 | default OpenSSL distribution. | |
| 34 | ||
| 56245be4 RL |
35 | |
| 36 | PROBLEMS | |
| 37 | ======== | |
| 38 | ||
| 39 | It seems like the ENGINE part doesn't work too well with Cryptoswift on | |
| 40 | Win32. A quick test done right before the release showed that trying | |
| 41 | "openssl speed -engine cswift" generated errors. If the DSO gets enabled, | |
| 42 | an attempt is made to write at memory address 0x00000002. | |
| 43 |