In this paper, focusing on OpenSSL as a de-facto standard, we analyze these limits, their impact on the security of modern systems, and their significance for researchers.
We propose the OpenSSL ENGINE API as a tool in a framework to overcome these limits, describing how it fits in the OpenSSL architecture, its features, and a technical review of its internals.
We evaluate our methodology by instantiating libsuola, a new ENGINE providing support for emerging cryptographic standards such as X25519 and Ed25519 for currently deployed versions of OpenSSL, performing benchmarks to demonstrate the viability and benefits.
The results confirm that the ENGINE API offers (1) an ideal architecture to address wide-ranging security concerns; (2) a valuable tool to enhance future research by easing testing and facilitating the dissemination of novel results in real-world systems; and (3) a means to bridge the gaps between research results and currently deployed systems.
Category / Keywords: implementation / applied cryptography, public key cryptography, elliptic curve cryptography, software engineering, software implementation, OpenSSL Date: received 16 Apr 2018 Contact author: nicola tuveri at tut fi Available format(s): PDF | BibTeX Citation Version: 20180418:202819 (All versions of this report) Short URL: ia.cr/2018/354