Cryptology ePrint Archive: Report 2018/354

Start your ENGINEs: dynamically loadable contemporary crypto

Nicola Tuveri and Billy B. Brumley

Abstract: Software ever-increasingly relies on building blocks implemented by security libraries, which provide access to evolving standards, protocols, and cryptographic primitives. These libraries are often subject to complex development models and long decision-making processes, which limit the ability of contributors to participate in the development process, hinder the deployment of scientific results and pose challenges for OS maintainers. In this paper, focusing on OpenSSL as a de-facto standard, we analyze these limits, their impact on the security of modern systems, and their significance for researchers. We propose the OpenSSL ENGINE API as a tool in a framework to overcome these limits, describing how it fits in the OpenSSL architecture, its features, and a technical review of its internals.

We evaluate our methodology by instantiating libsuola, a new ENGINE providing support for emerging cryptographic standards such as X25519 and Ed25519 for currently deployed versions of OpenSSL, performing benchmarks to demonstrate the viability and benefits.

The results confirm that the ENGINE API offers (1) an ideal architecture to address wide-ranging security concerns; (2) a valuable tool to enhance future research by easing testing and facilitating the dissemination of novel results in real-world systems; and (3) a means to bridge the gaps between research results and currently deployed systems.

Category / Keywords: implementation / applied cryptography, public key cryptography, elliptic curve cryptography, software engineering, software implementation, OpenSSL

Date: received 16 Apr 2018, last revised 11 Jun 2019

Contact author: nicola tuveri at tuni fi,billy brumley@tuni fi

Available format(s): PDF | BibTeX Citation

Version: 20190611:171726 (All versions of this report)

Short URL: ia.cr/2018/354