[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-dev
Subject: HowTo: Engine-specific TLS master secret generation?
From: Andrey Kulikov <amdeich () gmail ! com>
Date: 2011-01-24 13:52:13
Message-ID: AANLkTi=upComz0KJZk8yx2ZQmbdKWj12hDHXayvTAt6p () mail ! gmail ! com
[Download RAW message or body]
Hello,
Now OpenSSL generates master secret and read/write keys inside the library,
left only premaster secret decryption to the engine.
In case of hardware-based TLS engine it could be not an option, as there may
be no possibility to set read/write keys from outside (or it may be
restricted according to some rules of such hardware usage).
If someone would needed to implement such device support in OpenSSL:
1. How would you estimate required effort?
2. What is the best base OpenSSL version to start with?
3. What is necessary to take into account, but may be not visible from the
beginning?
Would be really appreciated for any answer.
Andrey.
[Attachment #3 (text/html)]
Hello,<br><br>Now OpenSSL generates master secret and read/write keys insid=
e the library, left only premaster secret decryption to the engine.<br><br>=
In case of hardware-based TLS engine it could be not an option, as there ma=
y be no possibility to set read/write keys from outside (or it may be restr=
icted according to some rules of such hardware usage).<br>
<br>If someone would needed to implement such device support in OpenSSL:<br=
>1. How would you estimate required effort?<br>2. What is the best base Ope=
nSSL version to start with?<br>3. What is necessary to take into account, b=
ut may be not visible from the beginning?<br>
<br>Would be really appreciated for any answer.<br><br>Andrey.<br>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic