[openssl-users] Help with using a dynamic engine with SSL_CTX

Brian Watson bwats9999 at gmail.com
Tue Dec 9 20:19:50 UTC 2014


I thought that's what the following does:

ENGINE_set_default(engine, ENGINE_METHOD_RAND).

I'm also trying to figure out in rand_lib.c and RAND_get_rand_method() what
causes default_RAND_meth to change.

Thanks,
   BW

On Tue, Dec 9, 2014 at 1:52 PM, Dmitry Belyavsky <beldmit at gmail.com> wrote:

> Hello!
>
> Do you set your RNG as default when the engine is loaded?
>
> On Tue, Dec 9, 2014 at 10:44 PM, Brian Watson <bwats9999 at gmail.com> wrote:
>
>> Hi,
>>    I am doing the following:
>>
>> 1. I have a dynamic engine that I would like to use to produce random
>> numbers on Android (aosp).
>> 2. I can successfully load the dynamic engine by using the Android
>> OpenSSLEngine.getInstance() which takes care of loading the engine and I
>> can see that the binding is there via bind_engine and bind_helper via some
>> debug prints that I have put in the engine. I follow this up by calling
>> ENGINE_set_default() for ENGINE_METHOD_RAND. I am using the Apache Harmony
>> jsse library.
>> 3. Some time later there is a call to SSL_CTX_new() which starts the
>> process of establishing the TLS session, etc.
>> 4. I would like to see my random number generator get invoked to provide
>> random numbers when needed, but for some reason the ssleay one is being
>> called.
>> 5. I can open an adb shell and run the openssl command and explicitly
>> load the engine via:
>>
>> openssl engine dynamic –pre SO_PATH:/system/lib/ssl/engines/MyEngine.so
>> –pre ID:myengine –pre LOAD. With this I see my random number generator get
>> used, but when I try to do this programatically it doesn't get called.
>>
>>
>> I have a couple of questions:
>>
>>
>> 1. Should this work even when using the SSL_CTX... api's?
>>
>> 2. Am I setting up the engine too soon and then the SSL_CTX.. commands
>> clear them out?
>>
>>
>> I've looked around a lot so any help would be greatly appreciated!
>>
>>
>> Thanks,
>>
>>    BW
>>
>> _______________________________________________
>> openssl-users mailing list
>> openssl-users at openssl.org
>> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
>>
>>
>
>
> --
> SY, Dmitry Belyavsky
>
> _______________________________________________
> openssl-users mailing list
> openssl-users at openssl.org
> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141209/cd005962/attachment.html>


More information about the openssl-users mailing list