[openssl-users] Help with using a dynamic engine with SSL_CTX

Brian Watson bwats9999 at gmail.com
Wed Dec 10 16:35:34 UTC 2014 

I checked and ENGINE_set_RAND function is being called. What I can't figure
out is the following:

1. RAND_get_rand_method() is called to get the random method and in a
normal case default_RAND_METHOD would be null which would cause code to
call ENGINE_get_rand() to be called to get the random method for the engine
associated for RAND.
2. In my particular case something has already caused default_RAND_METHOD
to be populated before I load my engine and the only place I see that it
can get reset is via RAND_set_rand_method() which can be called by
RAND_cleanup() and ENGINE_cleanup().

Any ideas?

On Wed, Dec 10, 2014 at 8:25 AM, Brian Watson <bwats9999 at gmail.com> wrote:

> I didn't call that one, but I'll give it a try. I also read that if
> someone subsequently calls ENGINE_load_builtin_engines()that it'll reset
> things back to how they were so I'll look at that also.
>
> Thanks,
>   BW
>
> On Wed, Dec 10, 2014 at 1:06 AM, Dmitry Belyavsky <beldmit at gmail.com>
> wrote:
>
>> Hello Brian,
>>
>> Do you call ENGINE_set_RAND function?
>>
>> On Tue, Dec 9, 2014 at 11:19 PM, Brian Watson <bwats9999 at gmail.com>
>> wrote:
>>
>>> I thought that's what the following does:
>>>
>>> ENGINE_set_default(engine, ENGINE_METHOD_RAND).
>>>
>>> I'm also trying to figure out in rand_lib.c and RAND_get_rand_method()
>>> what causes default_RAND_meth to change.
>>>
>>> Thanks,
>>>    BW
>>>
>>> On Tue, Dec 9, 2014 at 1:52 PM, Dmitry Belyavsky <beldmit at gmail.com>
>>> wrote:
>>>
>>>> Hello!
>>>>
>>>> Do you set your RNG as default when the engine is loaded?
>>>>
>>>> On Tue, Dec 9, 2014 at 10:44 PM, Brian Watson <bwats9999 at gmail.com>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>    I am doing the following:
>>>>>
>>>>> 1. I have a dynamic engine that I would like to use to produce random
>>>>> numbers on Android (aosp).
>>>>> 2. I can successfully load the dynamic engine by using the Android
>>>>> OpenSSLEngine.getInstance() which takes care of loading the engine and I
>>>>> can see that the binding is there via bind_engine and bind_helper via some
>>>>> debug prints that I have put in the engine. I follow this up by calling
>>>>> ENGINE_set_default() for ENGINE_METHOD_RAND. I am using the Apache Harmony
>>>>> jsse library.
>>>>> 3. Some time later there is a call to SSL_CTX_new() which starts the
>>>>> process of establishing the TLS session, etc.
>>>>> 4. I would like to see my random number generator get invoked to
>>>>> provide random numbers when needed, but for some reason the ssleay one is
>>>>> being called.
>>>>> 5. I can open an adb shell and run the openssl command and explicitly
>>>>> load the engine via:
>>>>>
>>>>> openssl engine dynamic –pre
>>>>> SO_PATH:/system/lib/ssl/engines/MyEngine.so –pre ID:myengine –pre LOAD.
>>>>> With this I see my random number generator get used, but when I try to do
>>>>> this programatically it doesn't get called.
>>>>>
>>>>>
>>>>> I have a couple of questions:
>>>>>
>>>>>
>>>>> 1. Should this work even when using the SSL_CTX... api's?
>>>>>
>>>>> 2. Am I setting up the engine too soon and then the SSL_CTX.. commands
>>>>> clear them out?
>>>>>
>>>>>
>>>>> I've looked around a lot so any help would be greatly appreciated!
>>>>>
>>>>>
>>>>> Thanks,
>>>>>
>>>>>    BW
>>>>>
>>>>> _______________________________________________
>>>>> openssl-users mailing list
>>>>> openssl-users at openssl.org
>>>>> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> SY, Dmitry Belyavsky
>>>>
>>>> _______________________________________________
>>>> openssl-users mailing list
>>>> openssl-users at openssl.org
>>>> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
>>>>
>>>>
>>>
>>> _______________________________________________
>>> openssl-users mailing list
>>> openssl-users at openssl.org
>>> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
>>>
>>>
>>
>>
>> --
>> SY, Dmitry Belyavsky
>>
>> _______________________________________________
>> openssl-users mailing list
>> openssl-users at openssl.org
>> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141210/7a21d745/attachment-0001.html>

More information about the openssl-users mailing list