Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the ENGINE in OpenSSL and what is it used for?

Tags:

c

openssl

cryptography

evp-cipher

I cannot find a good explanation of what the ENGINE in OpenSSL is. It is used in functions like EVP_PKEY_CTX_new.

I am using EVP_PKEY_CTX_new just before I encrypt/decrypt something using EVP_PKEY_encrypt and EVP_PKEY_decrypt but do I really need to specify the ENGINE parameter when calling EVP_PKEY_CTX_new. Everywhere I look inside the OpenSSL the parameter is specified as null.

So my question is: What is the ENGINE in OpenSSL and what is it used for and what difference does it make when it is not specified?

like image 923
Blurry Sterk Avatar asked Feb 24 '15 08:02

Blurry Sterk

1 Answers

The engine is the hardware or software implementation used for performing cryptographic operations. The default engine ID is openssl and uses the built-in functions of OpenSSL.

Assume we have a hardware device with a super fast implementation of AES. Now when we use AES encryption we can set the engine to that hardware device (instead of NULL), which means that the operations are now computed by the hardware device instead of the default OpenSSL software layer.

This is explained in Section 4.6 of the Network Security with OpenSSL book.

OpenSSL has built-in support for cryptographic acceleration. Using the ENGINE object type, an application can get a reference to a changeable, underlying representation, most often a hardware device. (...)

The general idea is simple: we retrieve an object representing the type of hardware we wish to utilize, then we tell OpenSSL to use the device we chose.

Example 4-17 shows a small code example of how we would perform this operation.

ENGINE *e;
if (!(e = ENGINE_by_id("cswift")))
    fprintf(stderr, "Error finding specified ENGINE\n");
else if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
    fprintf(stderr, "Error using ENGINE\n");
else
    fprintf(stderr, "Engine successfully enabled\n");

The function call ENGINE_by_id will look up an implementation from the built-in methods available and return an ENGINE object. The single argument to this function should be the string identifier of the underlying implementation we wish to use. (...)

The ENGINE object that we receive from the lookup should be used in the call to ENGINE_set_default to allow cryptographic functions to utilize the capabilities of the specific ENGINE. The second parameter allows us to specify constraints on what we allow the engine to implement. (...)

NOTE: cswift is "used for CryptoSwift" acceleration hardware."

like image 73
Daniel Avatar answered Sep 22 '22 18:09

Daniel
Sign in to Comment

Related questions

How to fix error Format specifies type 'char *' but the argument has type 'char'
Are there any advantages to using calloc() instead of a malloc() and memset()?
Does this pointer casting break strict aliasing rule?
How to ensure correct file permissions
Why is dynamic binary translation more practical than static binary translation?
String pointer and array of chars in c
Undefined reference to WinMain@16 when using SDL
how to set a FILE** variable to stdout?
I got different results with pow(10,2) and pow(10,j), j=2;
How can we handle errors and exceptions in c like other languages(c++ and Java)?
Where is struct with no named members useful?
C compiling - "undefined reference to"?
What does //**/ mean?
How is barrier implemented in message passing systems?
sprintf in C resets the value of counting variable [duplicate]
CPU overhead for struct?
Tool to remove/Apply ifdef's/else's from codebase
GCC no longer implements <varargs.h>
error: implicit declaration of function 'create_proc_read_entry' [-Werror=implicit-function-declaration]
Compile without generating output file in GCC

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!