Dynamical loading of openSSL engine

0 投票
最新提问 用户: (3.2k 分)

I have to use a certain engine for openSSL. Regardless of what it does, how is a particular engine activated and dynamically loaded?

Lets say I have built an engine libxxx.so as a shared object and put it in the proper directory (/usr/lib/engines).

Where is the proper point to tell openSSL what engine it should load and how is that done? I found from https://wiki.openssl.org/index.php/Creating_an_OpenSSL_Engine_to_use_indigenous_ECDH_ECDSA_and_HASH_Algorithms that it should be somehow like

ENGINE *my_engine = ENGINE_by_id("xxx");

but there is almost no docu about.

From How to use private key on a PKCS#11 module instead of perivate key file for mutual-authentication in OpenSSL? I found:

    if (!(e = ENGINE_by_id("dynamic")))
        goto err;
    if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", "dstu", 0))
        goto err;
    if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
        goto err;
    if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
        goto err;
    e = ENGINE_by_id("pkcs11_engine");
    if (!e)
      return error;

    res = ENGINE_init(e);
    if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))

What are the control commands for and why are they not used in the first example? OK, SO_PATH tells a path, but what about the others?

Where should this code be placed? I use openSSL as a library and there is no main, like in the example. Is ENGINE_load_builtin_engines automatically called at startup and needs to be modified when I want to use a given engine as default?

I further know, there is a config file where engines can be specified in engine sections. Can I use this config file to specify my engine xxx as the default engine, so that I don't need the code above to load the specific engine? I'm not sure if the config file is read automatically when using openSSL programatically.

发表于 用户: (2.5k 分)
As for documentation, you might want to checkout engine(3) man pages.

登录 或者 注册 后回答这个问题。

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。