[openssl-users] Help with using a dynamic engine with SSL_CTX
Dmitry Belyavsky
beldmit at gmail.com
Tue Dec 9 19:52:09 UTC 2014
Hello!
Do you set your RNG as default when the engine is loaded?
On Tue, Dec 9, 2014 at 10:44 PM, Brian Watson <bwats9999 at gmail.com> wrote:
> Hi,
> I am doing the following:
>
> 1. I have a dynamic engine that I would like to use to produce random
> numbers on Android (aosp).
> 2. I can successfully load the dynamic engine by using the Android
> OpenSSLEngine.getInstance() which takes care of loading the engine and I
> can see that the binding is there via bind_engine and bind_helper via some
> debug prints that I have put in the engine. I follow this up by calling
> ENGINE_set_default() for ENGINE_METHOD_RAND. I am using the Apache Harmony
> jsse library.
> 3. Some time later there is a call to SSL_CTX_new() which starts the
> process of establishing the TLS session, etc.
> 4. I would like to see my random number generator get invoked to provide
> random numbers when needed, but for some reason the ssleay one is being
> called.
> 5. I can open an adb shell and run the openssl command and explicitly load
> the engine via:
>
> openssl engine dynamic –pre SO_PATH:/system/lib/ssl/engines/MyEngine.so
> –pre ID:myengine –pre LOAD. With this I see my random number generator get
> used, but when I try to do this programatically it doesn't get called.
>
>
> I have a couple of questions:
>
>
> 1. Should this work even when using the SSL_CTX... api's?
>
> 2. Am I setting up the engine too soon and then the SSL_CTX.. commands
> clear them out?
>
>
> I've looked around a lot so any help would be greatly appreciated!
>
>
> Thanks,
>
> BW
>
> _______________________________________________
> openssl-users mailing list
> openssl-users at openssl.org
> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
>
>
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141209/cdb66f1a/attachment.html>
More information about the openssl-users
mailing list