上 该 Engine 了 ) , 那 么 首 先 要 加 载 该库里的加解密算法,而不是原先的 OPENSSL的 库里的加解密算法.
使用Engine的基本流程:
①//Engine_load_xxxx();初始化Engine对象,对engine的属性及方法进行设置(自己实现的算法),将engine加载到系统中,②//e =Engine_by_id("ID_ali");获取engine③选择使用哪些算法ENGINE_set_default(ENGINE *e, int Flag)其中 Flag 的说明如下:ENGINE_METHOD_ALL 使用所有存在的算法(默认)ENGINE_METHOD_RSA 仅使用 RSA 算法ENGINE_METHOD_DSA 仅使用 DSA 算法ENGINE_METHOD_DH 仅使用 DH 算法ENGINE_METHOD_RAND 仅使用随机数算法ENGINE_METHOD_CIPHERS 仅使用对称加解密算法ENGINE_METHOD_DIGESTS 仅使用摘要算法④//以对称加密为例,将engine传入方法即可.
EVP_EncryptInit_ex(ctx,ciper,e,key,iv);这样便使用engine中的算法替换掉了SSL的自带算法.
说明:
a.ENGINE_load_hwcipher();这个方法进行Engine的初始化.
void ENGINE_load_hwcipher() {ENGINE *e_hw = engine_hwcipher();if (!e_hw)return;ENGINE_add(e_hw);ENGINE_free(e_hw);ERR_clear_error();}其中又调用engine_hwcipher()
static ENGINE *engine_hwcipher(void) {ENGINE *ret = ENGINE_new();if (!ret)return NULL;if (!bind_helper(ret)) {ENGINE_free(ret);return NULL;}return ret;}engine_hwcipher()中调用bind_helper(ENGINE *e);来看看bind_helper(ENGINE *e)的实现
static int bind_helper(ENGINE *e) {int ret;ret = ENGINE_set_id(e, engine_hw_id);if (ret != 1) {printf("ENGINE_set_id failed\n");return 0;}ret = ENGINE_set_name(e, engine_hw_name);if (ret != 1) {printf("ENGINE_set_name failed\n");return 0;}ret = ENGINE_set_RSA(e, &hw_rsa);if (ret != 1) {printf("ENGINE_set_RSA failed\n");return 0;}ret = ENGINE_set_RAND(e, &hw_rand);if (ret != 1) {printf("ENGINE_set_RAND failed\n");return 0;}ret = ENGINE_set_destroy_function(e, hw_destroy);if (ret != 1) {printf("ENGINE_set_destroy_function failed\n");return 0;}ret = ENGINE_set_init_function(e, hw_init);if (ret != 1) {printf("ENGINE_set_init_function failed\n");return 0;}ret = ENGINE_set_finish_function(e, hw_finish);if (ret != 1) {printf("ENGINE_set_finish_function failed\n");return 0;}ret = ENGINE_set_ctrl_function(e, hw_ctrl);if (ret != 1) {printf("ENGINE_set_ctrl_function failed\n");return 0;}ret = ENGINE_set_load_privkey_function(e, hw_load_privkey);if (ret != 1) {printf("ENGINE_set_load_privkey_function failed\n");return 0;}ret = ENGINE_set_load_pubkey_function(e, hw_load_pubkey);if (ret != 1) {printf("ENGINE_set_load_pubkey_function failed\n");return 0;}ret = ENGINE_set_cmd_defns(e, hw_cmd_defns);if (ret != 1) {printf("ENGINE_set_cmd_defns failed\n");return 0;}ret = ENGINE_set_ciphers(e, hw_ciphers);if (ret != 1) {printf("ENGINE_set_ciphers failed\n");return 0;}ret = ENGINE_set_digests(e, hw_md);if (ret != 1) {printf("ENGINE_set_digests failed\n");return 0;}return 1;}bind_helper(ENGINE *e)方法中对engine结构体中的属性及方法进行设置,自己实现各种加解密算法.
b.至此,engine的初始化工作完成,然后e = ENGINE_by_id("ID_hw");获取自己需要的engine.
c.选择要使用的算法.ENGINE_set_default(ENGINE *e, int Flag)
c.将engine传入加解密调用函数即可.EVP_EncryptInit_ex(&ciph_ctx, cipher, e, key, iv);
这样便实现了使用自定义算法替换openssl中默认算法.详细的代码可参考OpenSSL 源代码中的 Demos/Engines
,伟人之所以伟大,是因为他与别人共处逆境时,
