OpenSSL Engine的三种加载方式

本文测试代码基于Openssl版本：1.1.1f

创建一个Engine lib

1. #include <openssl/evp.h>
2. #include <openssl/engine.h>
3. #include <iostream>
5. static int encryptfn(EVP_PKEY_CTX *ctx,unsigned char *out,size_t *outlen,const unsigned char *in,size_t inlen){
6.   *outlen = 1;
7.   std::cout << "encryptfn call" << std::endl;
8.   return 1;
9. }
11. static int test_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
12.                            const int **pnids, int nid)
13. {
14.     static const int rnid = EVP_PKEY_RSA;
15.     if (pmeth == NULL) {
16.         *pnids = &rnid;
17.         return 1;
18.     }
20.     if (nid == EVP_PKEY_RSA) {
21.         EVP_PKEY_METHOD* method{EVP_PKEY_meth_new(0,0)};
22.         EVP_PKEY_meth_set_encrypt(method, nullptr, encryptfn);//设置自定义方法
23.         *pmeth = method;
24.         return 1;
25.     }
27.     *pmeth = NULL;
28.     return 0;
29. }
31. static std::int32_t bind(ENGINE* const e, const char* const id) {
32.   std::int32_t ret{0};
33.   ENGINE_set_id(e,"test_ID");
34.   ENGINE_set_name(e,"test_name");
36.   ENGINE_set_pkey_meths(e,test_pkey_meths);
38.   return 1;
39. }
41. extern "C" std::int32_t bind_engine(ENGINE* const e, const char* const id,
42.                                     const dynamic_fns* const fns);
43. extern "C" std::int32_t bind_engine(ENGINE* const e, const char* const id,
44.                                     const dynamic_fns* const fns) {
45.   if (ENGINE_get_static_state() == fns->static_state) {
46.     if (0 == bind(e, id)) {
47.       return 0;
48.     }
49.     return 1;
50.   }
52.   static_cast<void>(CRYPTO_set_mem_functions(
53.       fns->mem_fns.malloc_fn, fns->mem_fns.realloc_fn, fns->mem_fns.free_fn));
54.   if (0 == bind(e, id)) {
55.     return 0;
56.   }
57.   return 1;
58. }
61. extern "C" uint64_t v_check(const uint64_t v) noexcept;
62. extern "C" uint64_t v_check(const uint64_t v) noexcept {
63.   if (v >= static_cast<uint64_t>(0x00030000U)) {
64.     return static_cast<uint64_t>(0x00030000U);
65.   }
66.   return 0U;
67. }

复制代码

编译动态库：g++ -fPIC -shared engine_evp_so.cpp -o libengine_evp.so

Engine 加载方式1：cmd加载

方法1：openssl cmd加载

1. > engine dynamic -pre SO_PATH:/yourpath/libengine_evp.so -pre LOAD
2. (dynamic) Dynamic engine loading support
3. [Success]: SO_PATH:/yourpath/libengine_evp.so
4. [Success]: LOAD
5. Loaded: (test_ID) test_name

复制代码

方法2：进程中调用cmd函数加载

在代码中使用ENGINE_ctrl_cmd_string()调用cmd能力来加载engine
[code]#include #include #include void dump_hex(const uint8_t *hex, uint32_t size) {  uint32_t i = 0;  for (i = 0; i < size; ++i) {    if ((i % 8) == 0) {      printf("\n");    }    printf("0x%02x ", hex);  }  printf("\n");}RSA* rsa_create(){    RSA* rsa = RSA_new();//分配空间    BIGNUM* pBNe = BN_new();//分配空间    BN_set_word(pBNe, RSA_F4);    int ret = RSA_generate_key_ex(rsa, 1024, pBNe, NULL);    if(ret < 0 ){        printf("encrypt failed, ret:%d \n", ret);        return nullptr;    }    BN_free(pBNe);    return rsa;}int main(){  ENGINE_load_dynamic();//加载dynamic engine  ENGINE* engine = ENGINE_by_id("dynamic");  if(engine == nullptr){    std::cout