[openssl-dev] procedure for adding new engine registration

Vemulapalli Jyothi jyothi.v at freescale.com
Fri Nov 13 11:16:55 UTC 2015 

Hi Matt,

Very useful information.

I too agree with you that we need not have a new engine distribution.

I see some options like dynamic engines and static engine support.

If we have built a library with dynamic engine interface, how can we do speed test using openssl speed command.

Thanks
Jyothi



-----Original Message-----
From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell
Sent: Friday, November 13, 2015 3:25 PM
To: openssl-dev at openssl.org
Subject: Re: [openssl-dev] procedure for adding new engine registration



On 12/11/15 18:21, Vemulapalli Jyothi wrote:
> Hi all,
> 
>  
> 
> We would like to add a new engine registration to openssl.
> 
>  
> 
> Can you please explain a procedure?
> 
>  
> 
> When we gone through the code, we could find an engines directory in 
> openssl ,  but those files are not getting compiled.
> 
> Do we need to give some additional options. Can you please help.

Its not clear to me whether your asking "how do I create my own engine for my own purposes?" or "how do I create an engine that I want to get incorporated into the OpenSSL source and be distributed as part of OpenSSL?". The answers to these two questions are slightly different.

For the former question I suggest you start with these two links:
https://www.openssl.org/blog/blog/2015/10/07/engine-school/
https://www.openssl.org/blog/blog/2015/10/08/engine-building-lesson-1-a-minimum-useless-engine/

There's also some content on the wiki on this topic:
https://wiki.openssl.org/index.php/Creating_an_OpenSSL_Engine_to_use_indigenous_ECDH_ECDSA_and_HASH_Algorithms

For the latter question the technical procedure is essentially the same as above. However I am personally not keen on the introduction of new engines that do not have a broad applicability to large groups of users.
That would typically rule out the introduction of manufacturer specific engines requiring the presence of additional hardware.

Matt
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

More information about the openssl-dev mailing list