了解 OpenSSL 中的引擎初始化 [英] Understanding engine initialization in OpenSSL

问题描述

我正在尝试设置 HMAC-SHA-256 散列的基本测试，但我遇到了引擎设置问题.理想情况下，我只想设置 HMAC-SHA 算法，但到目前为止，我什至还没有得到加载所有算法工作的一般情况.目前，我在尝试设置默认摘要的行上遇到了段错误.

I'm trying to set up a basic test of HMAC-SHA-256 hashing but I'm having problems with the engine setup. Ideally I would like to set up only the HMAC-SHA-algorithm but so far I haven't even gotten the general case where load all the algorithms to work. Currently I'm getting segfaults on the row where I try to set the default digests.

另外，我经常使用 Java，所以请毫不犹豫地指出代码中的任何错误.

Also, I'm regularly a Java guy, so don't hesitate to point out any mistakes in the code.

#include <openssl/hmac.h>
#include <openssl/evp.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>

int main() {
  unsigned char* key = (unsigned char*) "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b";
  unsigned char* data = (unsigned char*) "4869205468657265";
  unsigned char* expected = (unsigned char*) "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7";
  unsigned char* result;
  HMAC_CTX* ctx;
  ENGINE* e;

  ENGINE_load_builtin_engines();
  ENGINE_register_all_complete();
  ENGINE_set_default_digests(e);

  HMAC_CTX_init(ctx);
  HMAC_Init_ex(ctx, key, 40, EVP_sha256(), e);
  result = HMAC(NULL, NULL, 40, data, 16, NULL, NULL);
  HMAC_CTX_cleanup(ctx);

  ENGINE_finish(e);
  ENGINE_free(e);

  if (strcmp((char*) result, (char*) expected) == 0) {
    printf("Test ok
");
  } else {
    printf("Got %s instead of %s
", result, expected);
  }
}

该程序现在已经演变为以下内容，但我仍然在 HMAC_Init_ex 处出现段错误:

The program has now evolved to the following, but I'm still segfaulting at HMAC_Init_ex:

unsigned char* key = (unsigned char*) "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b";
unsigned char* data = (unsigned char*) "4869205468657265";
unsigned char* expected = (unsigned char*) "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7";
unsigned char* result;
unsigned int result_len = 64;
HMAC_CTX ctx;
ENGINE* e;

result = (unsigned char*) malloc(sizeof(char) * result_len);
e = (ENGINE*) ENGINE_new();

ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
ENGINE_set_default_digests(e);

HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, key, 16, EVP_sha256(), e); 
HMAC_Update(&ctx, data, 40);
HMAC_Final(&ctx, result, &result_len);
HMAC_CTX_cleanup(&ctx);

ENGINE_finish(e);
ENGINE_free(e);

推荐答案

正如 Martin 所说，您最初建议的问题在于您需要初始化 ENGINE.您编辑的代码的问题在于您正在执行 ENGINE_new，这将为您提供一个全新的您自己的 ENGINE，然后您需要为其提供密码方法、摘要方法等.事实上，对于您想要的(以及什么)几乎每个人都想要)，完全忽略所有 ENGINE 内容是正确的选择.

The problem with your original suggestion is, as Martin said, that you need to initialise the ENGINE. The problem with your edited code was that you were doing ENGINE_new, which is getting you a completely new ENGINE of your own, which you then need to provide with cipher methods, digest methods, etc. In fact, for what you want (and what almost everybody wants), just completely ignoring all of the ENGINE stuff is the right choice.

一些附属问题:

• 您的字符串是十六进制的，但是您需要每个字符一个 x 才能在字符串中的那个位置实际获取十六进制字节，我怀疑这正是您想要的.
• 您试图从数据"中散列 40 个字节，这并不长(实际效果:您最终会对结果字符串进行部分散列)
• 您的预期结果(据我所知)不正确
• 您将向终端打印出随机字符，因为 HMAC 函数将生成 32 字节的随机二进制数据，而不是可打印的内容.

以下代码编译、运行并通过测试.它与您找到的示例代码有点不同(因为它仍然使用单独的 HMAC_* 函数 - 如果您想使用 HMAC_Update 一点一点地进行散列，这很有用):

The following code compiles, works and passes the test. It's a bit different to the example code you found (since it still uses the individual HMAC_* functions - useful if you want to do your hashing bit by bit using HMAC_Update):

#include <openssl/engine.h>
#include <openssl/hmac.h>
#include <openssl/evp.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>


int main(void)
{
        unsigned char* key = (unsigned char*) "x0bx0bx0bx0bx0bx0bx0bx0bx0bx0bx0bx0bx0bx0bx0bx0bx0bx0bx0bx0b";
        unsigned char* data = (unsigned char*) "x48x69x20x54x68x65x72x65";
        unsigned char* expected = (unsigned char*) "x49x2cxe0x20xfex25x34xa5x78x9dxc3x84x88x06xc7x8fx4fx67x11x39x7fx08xe7xe7xa1x2cxa5xa4x48x3cx8axa6";
        unsigned char* result;
        unsigned int result_len = 32;
        int i;
        HMAC_CTX ctx;

        result = (unsigned char*) malloc(sizeof(char) * result_len);

        ENGINE_load_builtin_engines();
        ENGINE_register_all_complete();

        HMAC_CTX_init(&ctx);
        HMAC_Init_ex(&ctx, key, 16, EVP_sha256(), NULL);
        HMAC_Update(&ctx, data, 8);
        HMAC_Final(&ctx, result, &result_len);
        HMAC_CTX_cleanup(&ctx);

        for (i=0; i!=result_len; i++)
        {
                if (expected[i]!=result[i])
                {
                        printf("Got %02X instead of %02X at byte %d!
", result[i], expected[i], i);
                        break;
                }
        }
        if (i==result_len)
        {
                printf("Test ok!
");
        }
        return 0;
}

当然，它不能回答您关于如何初始化 ENGINE 的原始问题，但是如果没有更多上下文，确实没有正确答案，结果证明哪种上下文与您的情况无关......

Of course, it doesn't answer your original question about how to initialise ENGINEs, but there's really no right answer to that without having more context, which context turns out not to be relevant in your situation...

这篇关于了解 OpenSSL 中的引擎初始化的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！