How to make OpenSSL engine usage application specific?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

How to make OpenSSL engine usage application specific?

Jayalakshmi bhat
Hello All,

We have 2 RSA OpenSSL engines in our product. Both the engines performs same RSA encyrpt/decrypt operations. For easy explaination I am naming engines as

1. RSA smart card  engine 
2. RSA TPM engine 

Engine usage is application specific.There are couple of applications dependent on RSA TPM  engine. And are few applications dependent on RSA smart card engine. 
We wanted to know if there are any APIs provided by OpenSSL to make the engine usage application specific? Is there any way we can make OpenSSL chose specific engine for
specific application.

Regards
Jayalakshmi.



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: How to make OpenSSL engine usage application specific?

Paul Dale

Try RSA_new_method when allocating the RSA_METHOD.  It takes an engine argument which will be used for related operations.

 

Pauli

--

Oracle

Dr Paul Dale | Cryptographer | Network Security & Encryption

Phone +61 7 3031 7217

Oracle Australia

 

From: Jayalakshmi bhat [mailto:[hidden email]]
Sent: Monday, 19 February 2018 7:16 PM
To: [hidden email]
Subject: [openssl-users] How to make OpenSSL engine usage application specific?

 

Hello All,

 

We have 2 RSA OpenSSL engines in our product. Both the engines performs same RSA encyrpt/decrypt operations. For easy explaination I am naming engines as

 

1. RSA smart card  engine 

2. RSA TPM engine 

 

Engine usage is application specific.There are couple of applications dependent on RSA TPM  engine. And are few applications dependent on RSA smart card engine. 

We wanted to know if there are any APIs provided by OpenSSL to make the engine usage application specific? Is there any way we can make OpenSSL chose specific engine for

specific application.

 

Regards

Jayalakshmi.

 

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: How to make OpenSSL engine usage application specific?

Linsell, StevenX
In reply to this post by Jayalakshmi bhat
> On Mon, 19 Feb 2018 Jayalakshmi Bhat wrote:
>
> Engine usage is application specific.There are couple of applications
> dependent on RSA TPM? engine. And are few applications dependent on
> RSA smart card engine.?
>
> We wanted to know if there are any APIs provided by OpenSSL to make the
> engine usage application specific? Is there any way we can make OpenSSL
> chose specific engine for
>
> specific application.
>

I think but don't quote me that if your applications are using the openssl.cnf file to configure the
engine you are going to use, then the OPENSSL_CONF environment variable will allow you to
control the configuration file loaded by OpenSSL. This allows you to have application specific
configuration files that load the engine you require and make it the default engine.
This is dependent on your application having been built with OPENSSL_LOAD_CONF defined.
You can also control the config file loaded programmatically via OPENSSL_config.

The alternative is loading your engine programmatically such as nginx does:
https://github.com/nginx/nginx/blob/master/src/event/ngx_event_openssl.c#L4193-L4237
and use ENGINE_set_default to make the engine you require the default for that application.
Of course that is only useful if you are in control of your applications source code.

There are more details here:
https://wiki.openssl.org/index.php/Library_Initialization
https://www.openssl.org/docs/manmaster/man5/config.html

Steve Linsell                   Intel Shannon DCG/CID Software Development Team
[hidden email]


--------------------------------------------------------------
Intel Research and Development Ireland Limited
Registered in Ireland
Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
Registered Number: 308263


This e-mail and any attachments may contain confidential material for the sole
use of the intended recipient(s). Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact the
sender and delete all copies.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users