Hi John, > I have a question around the area of the Hardware device support that is > used by the various Engines in OpenSSL. In the 0.9.8.a tree there are > files for engines like Attala, uBSec, CryptoSwift etc. This is the area > in OpenSSL is what I am currently interested in understanding. > > I see where the "Binding" via DSO is taking place to, (I am guessing ) - > loadable libraries that then interface via system calls to actual > hardware drivers.
Yes the only "openssl code" involved is the logic to shim between the openssl-native interfaces (and semantics) and the APIs exposed by the hardware-specific SDKs. We don't package those SDKs, and only include the engine implementations in openssl if we've been given permission to also ship a header with the necessary subset of declarations from the SDK (BTW it's now possible for a vendor to provide their own engine as a shared-library if they don't even want to expose any APIs to openssl or its users). Ie. you should be able to build and load openssl on platforms without any hardware or hardware-supporting SDKs, obviously, but you will definitely need the SDK's libraries, the hardware drivers, *and* the hardware to do anything useful - and all those things are (presumably) provided by the vendor when you buy the hardware and also (presumably) closed-source. > This is where I can really use your assistance. I am looking for > pointers, or support sites where I can find open source code, SDK's or > sample code for accessing the hardware devices that exist in OpenSSL. I > understand why these code packages would not be a part of OpenSSL but I > am at a loss at to where to find them. As I mentioned, the only stuff we have are some openssl-specific shims and some minimal copy-n-pasted header declarations from the vendor SDKs. You'd need to go to the vendors themselves to get anything else. However if you dig around the net, you may find open-source drivers and/or libs for various bits of hardware - eg. OpenBSD, linux's cryptoapi, etc. Whether those things contain code submitted by vendors or "use at your own risk" open source approximations is another matter. Also, you may find that kernel support code for various hardware devices may be confined to a particular subset of functionality, eg. symmetric-ciphers only, certain algorithms/modes only, no non-blocking functionality, etc. Good luck. Cheers, Geoff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
