Latest idea to force usage of custom engine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have abandoned my old idea of trying to get libOpenSSL to always read my 
engine info from the config file (/etc/ssl/openssl.cnf).

Instead I'm going to try to manually load my own engine in the source code 
for libOpenSSL.


I have created a new function in "rand_lib.c" as follows:


static void Do_Whatever_Needs_Done_For_TPM2(void)
{
	CRYPTO_THREAD_write_lock(rand_meth_lock);
	{
		/* Initialize the dynamic engine loader */
		ENGINE_load_dynamic();

		ENGINE *tpm2_engine;
	 
		/* If the first fails, try the second one */
		(tpm2_engine = ENGINE_by_id("tpm2tss")) || (tpm2_engine = 
ENGINE_by_id("libtpm2tss"));
		
		if ( NULL == tpm2_engine )
		{
			assert( 0 == "Do_Whatever_Needs_Done_For_TPM2: tpm2
_engine == NULL" );
			abort();
		}

		int init_res = ENGINE_init(tpm2_engine);
		
		if ( !init_res )
		{
			assert( 0 == "Do_Whatever_Needs_Done_For_TPM2: init_res 
== 0" );
			abort();
		}
			
		RAND_METHOD const *const p_rm = ENGINE_get_RAND(tpm2_engine);

		if ( NULL == p_rm )
		{
			assert( 0 == "Do_Whatever_Needs_Done_For_TPM2: p_rm == 
NULL" );
			abort();
		}
			
		funct_ref = tpm2_engine;

		default_RAND_meth = p_rm;
		
		rand_meth = *default_RAND_meth;  /* Even set the Drbg func 
pointers */
	}
	CRYPTO_THREAD_unlock(rand_meth_lock);
}



And then the next thing I've done is added the following code to the start 
of "RAND_get_rand_method":



const RAND_METHOD *RAND_get_rand_method(void)
{
	static int first_time_for_entire_process = 1;
	
	if ( first_time_for_entire_process )
	{
		first_time_for_entire_process = 0;
		Do_Whatever_Needs_Done_For_TPM2();
	}

    	/* The rest of the function goes here */
}


I'm testing it now but it still seems that something isn't right.

I'm going to keep at this until every process (including ssh-keygen) is 
using my custom engine for random numbers.




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux