I wrote a self-defined OpenSSL engine and engine tester in ubuntu 20.4. And the OpenSSL version is 1.1.1.
The goal is to use engine in TLS session, and the first step is to use command line to sign a digest. The reference website is: https://wiki.openssl.org/index.php/Creating_an_OpenSSL_Engine_to_use_indigenous_ECDH_ECDSA_and_HASH_Algorithms
But the tester use the engine by calling the function, like ECDSA_sign and ECDSA_verify in the code, which can't act as expected. I hope to achieve the effect like:
$ openssl dgst -engine <engine_id> -sha256 -sign -out
So what should I do? And is this practicable? Thanks a lot!
That OpenSSL wiki page is useful for beginners to learn how OpenSSL engine works, but it is too old that a lot of APIs in the page has been deprecated, especially the ECC functions.
Yes it is practicable.
Copy your
YOUR_ENGINE_NAME.so
to/usr/lib/x86_64-linux-gnu/engines-1.1/
, then edit/etc/openssl.cnf
to tell OpenSSL command line utility to start with loading your engine:You can put some
printf
info in your engine's init function. It will display after OpenSSL command line utility started if the engine is properly loaded: