[openssl-users] External encryption chip and EC{DSA, DH} (with engine?)

Thulasi Goriparthi thulasi.goriparthi at gmail.com
Wed Jun 3 13:19:21 UTC 2015


Thanks Remy for asking the question in my mind.

"ENGINE_set_default_EC_METHOD" will be perfect to offload EC Point
multiplication, doubling and addition offered by some h/w crypto
accelerators.

Hi Matt,

What is the reason to keep ec_method, ecdh_method and ecdsa_method
structure definitions in local header files ec_locl.h, ech_locl.h and
ecs_locl.h respectively unlike their peers.. dh_method, dsa_method,
rsa_meth_st and rand_meth_st which are defined in exported header files?

ENGINE_set_default_EC_METHOD is really nice idea. Even if it is not
immediate, please discuss the possibility of having this with your team.

Thanks,
Thulasi.


On 3 June 2015 at 18:28, Matt Caswell <matt at openssl.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> On 03/06/15 06:32, Rémy Grünblatt wrote:
> > Hello. I have a custom external hardware encryption chip that can
> > computes some operations like the addition of two points, the
> > inverse of one point, etc.
> >
> > I read that if I want to move some calculus from openssl to this
> > chip, Openssl engines are the way to go.
> >
> > By defining a custom EC_METHOD, for example, I can just move the
> > inverse on the chip while keeping other functions "in openssl"
> > (not moving them). Still, how do I ask to my Engine to use this
> > new custom EC_METHOD  ?
> >
> > I see functions like ENGINE_set_default_ECDSA, or
> > ENGINE_set_default_ECDH, but I don't want to change thoses, only
> > the underlying EC_METHOD which is "used" for calculus.
> >
> > I do not know if it's clear, but what i'm searching for is a kind
> > of "ENGINE_set_default_EC_METHOD" which could be used by the tests
> > from ectest.c, for example. Any idea ?
>
> Unfortunately, I don't think such a thing exists. In fact the
> definition of EC_METHOD is not defined in any public header file so it
> is not currently possible to provide your own version without hacking
> OpenSSL itself.
>
> Matt
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEcBAEBAgAGBQJVbvn8AAoJENnE0m0OYESRwtsH/1p941OTgrEMPuLlkyulf4DA
> E3HzZNqgShlGBK6y4NrI+1bwPAHNeRe1weQuaOokDqiY9k+Qh/B4ncKVKbH3kJFF
> c8xlKhf9GsMzsfV+sqeTSX0b16cvTbos0l6JEVGcypLib7jtcJcE9a966dC699Cz
> 7k6Adq6mpznm30JFFARon0Ov7htLvCvU6nRgBnV3nSh/+++5iNe1ZQht06El92Ap
> VPvbYz54zePaQgndI/lgtNEA9RQcI/Zsbn3dJzs9FDWyMs4JCjf0Yl2oCtzfeb2c
> wMX6nJFiTOMa6rMUpPedTd2QS/XrOHUpPdcRxWpz4grYklqVAizlKrtHPutwrpo=
> =//we
> -----END PGP SIGNATURE-----
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150603/421accb2/attachment.html>


More information about the openssl-users mailing list