1

We have a project that needs to run an openssl engine on iOS device. We have compiled the .so file for the test engine and it works fine with the command line. But when we put it in the iOS project and tries to load the engine, the load step always gives an error.

NSString *enginePath = [[NSBundle mainBundle] pathForResource:@"silly-engine" ofType:@"so"];
char* engine_id = "silly-engine";
char* engine_path = (char *)[enginePath UTF8String];
ENGINE_load_dynamic();
ENGINE *dyn = ENGINE_by_id("dynamic");

if (!ENGINE_ctrl_cmd_string(dyn, "SO_PATH", engine_path, 0))
{
    NSLog(@"SO_PATH failed"); 
}
if (!ENGINE_ctrl_cmd_string(dyn, "DIR_ADD", engine_path, 0))
{
    NSLog(@"DIR_ADD failed");
}
if (!ENGINE_ctrl_cmd_string(dyn, "ID", engine_id, 0))
{
    NSLog(@"ID failed");
}


if (!ENGINE_ctrl_cmd(dyn, "LIST_ADD", 1, NULL, NULL, 0))
{
    NSLog(@"LIST_ADD failed");
}

if (!ENGINE_ctrl_cmd_string(dyn, "LOAD", NULL, 0))
{
    NSLog(@"LOAD failed");
}

ENGINE *myEngine = ENGINE_by_id(engine_id);

myEngine will aways be NULL. I suspect that iOS does not allow such dynamic libraries. Does anyone has experience how to make the OpenSSL Engine work on iOS?

Summer
  • 488
  • 4
  • 14
  • Most version of iOS do not allow dynamic loading of libraries. I'm told that changed recently. However, you can work around it by "swizzling". See [Objective C Method Swizzling using dynamic library](http://stackoverflow.com/q/9638815). Also see [Rethinking & Repackaging iOS Apps](https://www.google.com/search?q=Rethinking+%26+Repackaging+iOS+Apps). – jww Jan 17 '16 at 00:55
  • @jww Thank you for the information. Swizzling using dynamic library is another approach I will try with. However after digging I'm told that Apple does not allow customized dynamic library in iOS (will be rejected by App Store). So another question is that can we modify `openssl.cnf` to add our library while compiling OpenSSL then make it available as a default engine? – Summer Jan 18 '16 at 15:01

2 Answers2

0

Apple does not allow you to use "so" (shared libraries) on iOS.

The easiest way for you is to integrate OpenSSL to your project via CocoaPods: https://cocoapods.org/pods/OpenSSL-Universal

Alexander Perechnev
  • 2,797
  • 3
  • 21
  • 35
  • Unfortunately, it looks like OpenSSL-Universal is not supplying a corrected version of `opensslconf.h`. – jww Jan 15 '16 at 00:27
  • @jww describe the problem more detail. I belive you're cunfusing something. – Alexander Perechnev Jan 15 '16 at 05:44
  • Thank you Alexander. However it is not OpenSSL that causes the problem. We already have OpenSSL in our iOS project and it works fine. It is the Engine part of the OpenSSL that does not work. All the examples/tutorials are compiling the Engine into a .so file and load it at the run time. So I just wonder if there is an iOS compatible way to integrate with it. – Summer Jan 15 '16 at 14:10
  • @Alexander - A bug report has been opened; see [opensslconf.h is correct for one architecture; and not the others](https://github.com/krzyzanowskim/OpenSSL/issues/23). Based on krzyzanowskim's comment, it appears they are supplying a `opensslconf.h` for x86_64; and not iOS platforms (like armv7, armv7s, etc). – jww Jan 17 '16 at 01:04
0

Finally I got it solved by using static engine..Simply loading the engine file in OpenSSL engine calls should work. No need for dynamic engine on iOS.

Summer
  • 488
  • 4
  • 14
  • do you mind sharing more details on how you get this to work? What do you mean by "Simply loading the engine file i OpenSSL engine calls" ? Thanks. – evalsyrelec Jul 20 '16 at 21:08
  • @mkwon By that I mean you can include the .c engine file in the xcode project and use it directly. No need to precompile it into the .so file then drop it into the Xcode project. – Summer Jul 21 '16 at 13:24
  • Hi did you tried to use the engine in an EVP_KEY and than wrap it in an SecIdentityRef ? I'm trying to find a way to do https client auth with an OpenSSL engine – Indio Jan 19 '18 at 17:28