OpenSSL 如何选择使用哪个 ENGINE? [英] How does OpenSSL choose which ENGINE to use?
问题描述
我有一个应用程序,它与 OpenSSL 1.0.2 和 TPM 硬件以及针对 RSA 的 OpenSSL ENGINE 实现动态链接.
I have an application that dynamically links with OpenSSL 1.0.2 and TPM hardware with OpenSSL ENGINE implementation for RSA.
我使用 OpenSSL 的 动态 ENGINE 来注册 TPM ENGINE.这是(简化的)代码的样子:
I use OpenSSL's dynamic ENGINE to register the TPM ENGINE. This is how the (simplified) code looks:
ENGINE_load_dynamic();
ENGINE *e = ENGINE_by_id("dynamic");
ENGINE_ctrl_cmd_string(e, "SO_PATH", path_to_libtpm, 0);
ENGINE_ctrl_cmd_string(e, "ID", "tpm2tss", 0);
ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0);
ENGINE_init(e);
ENGINE_ctrl_cmd(e, ...);
ENGINE_ctrl_cmd(e, ...);
ENGINE_register_all_complete();
ENGINE_finish(e);
ENGINE_free(e);
根据 手册页,因为我我调用 ENGINE_register_all_complete() 而不是 ENGINE_set_default_RSA,我让 OpenSSL 决定使用哪种 RSA 实现.
According to the man page, since I'm calling ENGINE_register_all_complete() instead of ENGINE_set_default_RSA, I am letting OpenSSL decide which implementation of RSA to use.
下次 OpenSSL 尝试设置 RSA 密钥时,任何实现 RSA_METHOD 的捆绑引擎都将传递给 ENGINE_init(),如果其中任何一个成功,该引擎将被设置为 RSA 使用的默认值,从那时起
the next time OpenSSL tries to set up an RSA key, any bundled ENGINEs that implement RSA_METHOD will be passed to ENGINE_init() and if any of those succeed, that ENGINE will be set as the default for RSA use from then on
OpenSSL 是否会优先考虑已注册 ENGINE 中的 RSA 实现而不是它自己的实现?
Will OpenSSL prioritize RSA implementation in a registered ENGINE over its own implementation?
如果注册了多个 ENGINE 来提供相同算法的实现,会发生什么?OpenSSL 会使用它能够初始化的第一个 ENGINE 吗?
What happens when there are several ENGINEs registered that provide implementations for the same algorithm? Will OpenSSL use the first ENGINE it is able to initialize?
如果没有调用ENGINE_set_default_XXX,是否可以保证使用注册的ENGINE?
Is there any guarantee that a registered ENGINE will be used if ENGINE_set_default_XXX is not called?
推荐答案
您可以通过 openssl.cnf 配置文件指定使用哪个引擎或者您可以使用 -engine 参数在命令行上指定引擎.
You can specify which engine to use via the openssl.cnf configfile
Or you can use the -engine parameter to specify an engine on the commandline.
从你的 C 代码你可以使用 ENGINE_by_id(engine_id);
From your C Code you can use ENGINE_by_id(engine_id);
这篇关于OpenSSL 如何选择使用哪个 ENGINE?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
