As mentioned in a previous post, OpenSSL 1.1.1 branch of releases will hit End of Life (EoL) by September 11th, 2023. That’s right, it’s not a typo! It’s about 3 months away! It’s already listed as an old release branch here: https://www.openssl.org/source/old/ . Are you sure you are ready to tackle the migration to their new LTS branch of releases?
In that post (https://www.wolfssl.com/openssl-1-1-1-eol/) we listed 3 ways that wolfSSL could help. One of them was wolfEngine. You can continue using OpenSSL, but under the hood the wolfCrypt implementations of the cryptographic algorithms will be used. This might be especially useful if you are looking for an accelerated path to FIPS certification.
We have put in extra testing against 1.1.1s (which is likely to be the final release on that branch of releases) and can confirm that wolfEngine backed by wolfCrypt will work smoothly with it. Its as easy as setting the OPENSSL_CONF environment variable and adding the following to openssl.conf:
engine_id = libwolfengine dynamic_path = /path/to/libwolfengine.so init = 1
The other option is to set the OPENSSL_ENGINES environment variable to the directory containing libwolfengine.so and then calling the ENGINE_by_id() function.
And just like that, you will have meticulously optimized, well-supported, regularly updated and best-tested cryptographic implementations working for you; no changes to your code required!
Have questions? Want to learn more about your options in the face of the 1.1.1 release branch EoL? Reach out to facts@wolfssl.com, or call us at +1 425 245 8247