SSL Probe 03

This paper discusses the engine machinery of OpenSSL. Openssl Hardware engine Engineallowsusers to easily add their own hardware to OpenSSL , replacing the software algorithms provided.

the ENGINE is reserved by OPENSSL to load the first The three-party cryptographic library engine, which mainly contains the dynamic library loading code and cryptographic function pointers are managed by a series of interfaces. If you want to use the engine (if you have already loaded the engine), first load the Engine (for example engine_load_xxxx), then select the algorithm to be used or all the supported encryption law. When your application uses the encryption and decryption algorithm, it will point to the encryption and decryption algorithm in the dynamic library you are loading, not the encryption and decryption algorithm in the original OPENSSL repository.

Basic process of using engine:

①//engine_load_xxxx ();
Initializes the engine object, sets the engine's properties and methods (the algorithm it implements), loads the engine into the system,
②//e =engine_by_id ("Id_ali");
Get engine
③ Select which algorithms to use
Engine_set_default (ENGINE *e, int Flag)
The instructions for Flag include the following:
Engine_method_all using all existing algorithms (default)
Engine_method_rsa using only the RSA algorithm
ENGINE_METHOD_DSA using only the DSA algorithm
ENGINE_METHOD_DH using the DH algorithm only
Engine_method_rand using only random number algorithms
Engine_method_ciphers only using symmetric encryption and decryption algorithms
Engine_method_digests using only digest algorithms
④//with symmetric cryptography as an example, the engine can be passed into the method.

EVP_ENCRYPTINIT_EX (CTX,CIPER,E,KEY,IV);
This replaces the self-contained algorithm of SSL with the algorithm in the engine.

Description

A.engine_load_hwcipher (); This method initializes the ENGINE.

void Engine_load_hwcipher () {ENGINE *E_HW = Engine_hwcipher (); if (!E_HW) return; Engine_add (E_HW); Engine_free (E_HW); Err_clear_error ();}

and call Engine_hwcipher ()

Static engine *engine_hwcipher (void) {ENGINE *ret = engine_new (); if (!ret) return null;if (!bind_helper (ret)) {Engine_ Free (ret); return NULL;} return ret;}

Engine_hwcipher () call Bind_helper (engine *e); Take a look at the implementation of Bind_helper (engine *e)

static int Bind_helper (ENGINE *e) {int ret;ret = engine_set_id (E, engine_hw_id); if (ret! = 1) {printf ("engine_set_id faile D\n "); return 0;} RET = Engine_set_name (E, Engine_hw_name), if (ret! = 1) {printf ("Engine_set_name failed\n"); return 0;} RET = Engine_set_rsa (E, &hw_rsa), if (ret! = 1) {printf ("Engine_set_rsa failed\n"); return 0;} RET = Engine_set_rand (E, &hw_rand), if (ret! = 1) {printf ("Engine_set_rand failed\n"); return 0;} RET = Engine_set_destroy_function (E, Hw_destroy), if (ret! = 1) {printf ("engine_set_destroy_function failed\n"); return 0 ;} RET = Engine_set_init_function (E, Hw_init), if (ret! = 1) {printf ("engine_set_init_function failed\n"); return 0;} RET = Engine_set_finish_function (E, Hw_finish), if (ret! = 1) {printf ("engine_set_finish_function failed\n"); return 0;} RET = Engine_set_ctrl_function (E, Hw_ctrl), if (ret! = 1) {printf ("engine_set_ctrl_function failed\n"); return 0;} RET = Engine_set_load_privkey_function (E, Hw_load_privkey), if (ret! = 1) {printf ("Engine_set_load_privkEy_function failed\n "); return 0;} RET = Engine_set_load_pubkey_function (E, Hw_load_pubkey), if (ret! = 1) {printf ("Engine_set_load_pubkey_function failed \ n "); return 0;} RET = Engine_set_cmd_defns (E, Hw_cmd_defns), if (ret! = 1) {printf ("Engine_set_cmd_defns failed\n"); return 0;} RET = Engine_set_ciphers (E, hw_ciphers), if (ret! = 1) {printf ("engine_set_ciphers failed\n"); return 0;} RET = Engine_set_digests (E, HW_MD), if (ret! = 1) {printf ("engine_set_digests failed\n"); return 0;} return 1;}

The bind_helper (engine *e) method sets the properties and methods in the engine structure and implements various encryption and decryption algorithms.

B. At this point, the engine initialization is complete, then E = engine_by_id ("ID_HW"), to obtain the engine you need.

C. Select the algorithm you want to use. Engine_set_default (ENGINE *e, int Flag)

C. Passing the engine into the decryption call function can be. EVP_ENCRYPTINIT_EX (&CIPH_CTX, cipher, E, key, iv);

This allows you to replace the default algorithm in OpenSSL with your own definition algorithm. Specific code can be used to test the demos/engines in the OpenSSL source

Copyright notice: This article Bo Master original article. Blog, not reproduced without consent.

SSL Probe 03