]>
Commit | Line | Data |
---|---|---|
b22bda21 RL |
1 | |
2 | ENGINE | |
3 | ====== | |
4 | ||
5 | With OpenSSL 0.9.6, a new component has been added to support external | |
6 | crypto devices, for example accelerator cards. The component is called | |
7 | ENGINE, and has still a pretty experimental status and almost no | |
8 | documentation. It's designed to be faily easily extensible by the | |
9 | calling programs. | |
10 | ||
11 | There's currently built-in support for the following crypto devices: | |
12 | ||
13 | o CryptoSwift | |
14 | o Compaq Atalla | |
15 | o nCipher CHIL | |
55d892e3 | 16 | o Nuron |
b22bda21 RL |
17 | |
18 | A number of things are still needed and are being worked on: | |
19 | ||
b22bda21 RL |
20 | o A better way of handling the methods that are handled by the |
21 | engines. | |
22 | o Documentation! | |
23 | ||
24 | What already exists is fairly stable as far as it has been tested, but | |
25 | the test base has been a bit small most of the time. | |
26 | ||
b22bda21 RL |
27 | |
28 | No external crypto device is chosen unless you say so. You have actively | |
29 | tell the openssl utility commands to use it through a new command line | |
30 | switch called "-engine". And if you want to use the ENGINE library to | |
31 | do something similar, you must also explicitely choose an external crypto | |
32 | device, or the built-in crypto routines will be used, just as in the | |
33 | default OpenSSL distribution. | |
34 | ||
56245be4 RL |
35 | |
36 | PROBLEMS | |
37 | ======== | |
38 | ||
39 | It seems like the ENGINE part doesn't work too well with Cryptoswift on | |
40 | Win32. A quick test done right before the release showed that trying | |
41 | "openssl speed -engine cswift" generated errors. If the DSO gets enabled, | |
42 | an attempt is made to write at memory address 0x00000002. | |
43 |