Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I configure openssl's default backend engine?

I compiled OpenSSL with cryptodev support (i.e. hardware acceleration), but unfortunately the default engine is still software.

time openssl speed -evp aes-128-cbc -engine cryptodev

yields the "right" number, but ProFTP (which also uses OpenSSL) does not show any performance gain when used (FTP Secure, FTPS, however you call it).

The engine has support for AES-128, AES-192, RC4, SHA-1, DES, Triple-DES and a few others.

My /etc/ssl/openssl.cnf looks like this:

#...
# a lot of generic stuff...
#...

[engine_section]
cryptodev = cryptodev_section

[cryptodev_section]
default_algorithms = ALL

I looked into the code, but they do nasty things with defines, redefines, undefines, combined with prototypes which makes tracing a pain...

If the above is correct, what routine gets called to initialize the engines when the user creates CTX_SSL or similar?

like image 220
drahnr Avatar asked Oct 16 '12 08:10

drahnr


1 Answers

According to OpenSSL's config(5): "The command default_algorithms sets the default algorithms an ENGINE will supply using the functions ENGINE_set_default_string()". I don't believe "ALL" is a valid engine. You might try specifying the engine_id to default_algorithms.


If you are doing this in source code, try calling:

ENGINE_load_builtin_engines();

followed by

ENGINE_register_all_complete();

If you have an ENGINE*, then you can do something like:

ENGINE* eng = ENGINE_by_id("XXX");
ENGINE_set_default(eng, ENGINE_METHOD_ALL);
OpenSSL_add_all_algorithms();

I'm not aware of any good documentation on the subject, but I have not checked Viega, Massier, and Chandra's book. A few of us were discussing it on an OpenSSL wiki talk page for Libcrypto API.

like image 141
jww Avatar answered Oct 18 '22 01:10

jww