[openssl-users] Help with using a dynamic engine with SSL_CTX

Dmitry Belyavsky beldmit at gmail.com
Wed Dec 10 07:06:02 UTC 2014 

Hello Brian,

Do you call ENGINE_set_RAND function?

On Tue, Dec 9, 2014 at 11:19 PM, Brian Watson <bwats9999 at gmail.com> wrote:

> I thought that's what the following does:
>
> ENGINE_set_default(engine, ENGINE_METHOD_RAND).
>
> I'm also trying to figure out in rand_lib.c and RAND_get_rand_method()
> what causes default_RAND_meth to change.
>
> Thanks,
>    BW
>
> On Tue, Dec 9, 2014 at 1:52 PM, Dmitry Belyavsky <beldmit at gmail.com>
> wrote:
>
>> Hello!
>>
>> Do you set your RNG as default when the engine is loaded?
>>
>> On Tue, Dec 9, 2014 at 10:44 PM, Brian Watson <bwats9999 at gmail.com>
>> wrote:
>>
>>> Hi,
>>>    I am doing the following:
>>>
>>> 1. I have a dynamic engine that I would like to use to produce random
>>> numbers on Android (aosp).
>>> 2. I can successfully load the dynamic engine by using the Android
>>> OpenSSLEngine.getInstance() which takes care of loading the engine and I
>>> can see that the binding is there via bind_engine and bind_helper via some
>>> debug prints that I have put in the engine. I follow this up by calling
>>> ENGINE_set_default() for ENGINE_METHOD_RAND. I am using the Apache Harmony
>>> jsse library.
>>> 3. Some time later there is a call to SSL_CTX_new() which starts the
>>> process of establishing the TLS session, etc.
>>> 4. I would like to see my random number generator get invoked to provide
>>> random numbers when needed, but for some reason the ssleay one is being
>>> called.
>>> 5. I can open an adb shell and run the openssl command and explicitly
>>> load the engine via:
>>>
>>> openssl engine dynamic –pre SO_PATH:/system/lib/ssl/engines/MyEngine.so
>>> –pre ID:myengine –pre LOAD. With this I see my random number generator get
>>> used, but when I try to do this programatically it doesn't get called.
>>>
>>>
>>> I have a couple of questions:
>>>
>>>
>>> 1. Should this work even when using the SSL_CTX... api's?
>>>
>>> 2. Am I setting up the engine too soon and then the SSL_CTX.. commands
>>> clear them out?
>>>
>>>
>>> I've looked around a lot so any help would be greatly appreciated!
>>>
>>>
>>> Thanks,
>>>
>>>    BW
>>>
>>> _______________________________________________
>>> openssl-users mailing list
>>> openssl-users at openssl.org
>>> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
>>>
>>>
>>
>>
>> --
>> SY, Dmitry Belyavsky
>>
>> _______________________________________________
>> openssl-users mailing list
>> openssl-users at openssl.org
>> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
>>
>>
>
> _______________________________________________
> openssl-users mailing list
> openssl-users at openssl.org
> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
>
>


-- 
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141210/b46cfb67/attachment.html>

More information about the openssl-users mailing list