What is the best way to add HMAC-SHA256 support to an application that is already using OpenSSL for SHA-1 and MD5? The application must run on both Solaris 10 and OpenSolaris.
I noticed that OpenSolaris's libcrpyto.so.0.9.8 has EVP_sha256() but Solaris 10's libcrypto.so.0.9.7 doesn't. I can just use dlsym(RTLD_DEFAULT, "EVP_sha256") to get SHA-256 support for OpenSolaris. But, what do I fall back to on Solaris 10? I know that the Solaris Cryptographic Framework on Solaris 10 supports SHA-256 because I see it in "digest -l". I also know that Solaris 10 has an adapter that implements part of the OpenSSL API using the Cryptographic Framework. Is it possible to add SHA-256 support using that adapter? Or, do I have to add the SHA-256 support using the Cryptographic Framework's PKCS#11 API? If I have to use the PKCS#11 API, how do I choose which slot to use? Should I always use the first slot that can verify HMAC-SHA256? The signed messages are very small, and I read that for small messages I should always use the soft tokens for performance reasons. Is it reasonable for me to rely on the metaslot to take care of that for me? Thanks, Brian
