On 17/03/2020 07:42, Mahendra SP wrote: > Hi, > > We are looking at implementing an engine for RSA and AES. > > For AES, looking at the documentation, understand that engine will get > invoked only if the application or SSL library invokes EVP based calls > rather than native AES calls. Is this correct ? Yes. Note that the low-level AES API will be deprecated in the forthcoming OpenSSL 3.0. > > For RSA, is it mandatory to use EVP for using engine ? No. You can hook in using RSA_METHOD or EVP_PKEY_METHOD. The RSA low-level APIs (including RSA_METHOD) will also be deprecated in the forthcoming OpenSSL 3.0. > Is it a must to use latest openssl version for engine ? Reason for this > question is, looking at 1.1.X code, all the calls are modified to EVP in > SSL library when compared to previous versions. As understanding is, > engine works with EVP, wanted to know if we need to use latest version. Engines have been around for a long time. Not sure how well they worked in conjunction with libssl in previous versions. But in any case the only supported version at the moment is OpenSSL 1.1.1. All other versions are EOL. Note that Engines themselves are also being deprecated in OpenSSL 3.0. They are being replaced by the new provider interface. Depending on the the time frame that you want this functionality you might be better off writing a provider (OpenSSL 3.0 is scheduled for release in Q4 this year). Matt
