[openssl-users] Help with using a dynamic engine with SSL_CTX

Thulasi Goriparthi thulasi.goriparthi at gmail.com
Fri Dec 12 12:53:33 UTC 2014 

I had similar trouble a while ago.

I understood that if crypto/ssl application need to use RAND method before
the intended engine is loaded, default_RAND_method would be populated with
RAND_SSLeay().

ENGINE_set_RAND wouldn't overwrite this as rand wrappers prefer
default_RAND_method than engine's default RAND method.

So, One need to explicitly call either
RAND_set_rand_method(rand_method_pointer) if one can directly access
engine's rand method or RAND_set_rand_engine(e) where e is preferred
engine's reference.

Thanks,
Thulasi.

On 10 December 2014 at 22:05, Brian Watson <bwats9999 at gmail.com> wrote:
>
> I checked and ENGINE_set_RAND function is being called. What I can't
> figure out is the following:
>
> 1. RAND_get_rand_method() is called to get the random method and in a
> normal case default_RAND_METHOD would be null which would cause code to
> call ENGINE_get_rand() to be called to get the random method for the engine
> associated for RAND.
> 2. In my particular case something has already caused default_RAND_METHOD
> to be populated before I load my engine and the only place I see that it
> can get reset is via RAND_set_rand_method() which can be called by
> RAND_cleanup() and ENGINE_cleanup().
>
> Any ideas?
>
> On Wed, Dec 10, 2014 at 8:25 AM, Brian Watson <bwats9999 at gmail.com> wrote:
>
>> I didn't call that one, but I'll give it a try. I also read that if
>> someone subsequently calls ENGINE_load_builtin_engines()that it'll reset
>> things back to how they were so I'll look at that also.
>>
>> Thanks,
>>   BW
>>
>> On Wed, Dec 10, 2014 at 1:06 AM, Dmitry Belyavsky <beldmit at gmail.com>
>> wrote:
>>
>>> Hello Brian,
>>>
>>> Do you call ENGINE_set_RAND function?
>>>
>>> On Tue, Dec 9, 2014 at 11:19 PM, Brian Watson <bwats9999 at gmail.com>
>>> wrote:
>>>
>>>> I thought that's what the following does:
>>>>
>>>> ENGINE_set_default(engine, ENGINE_METHOD_RAND).
>>>>
>>>> I'm also trying to figure out in rand_lib.c and RAND_get_rand_method()
>>>> what causes default_RAND_meth to change.
>>>>
>>>> Thanks,
>>>>    BW
>>>>
>>>> On Tue, Dec 9, 2014 at 1:52 PM, Dmitry Belyavsky <beldmit at gmail.com>
>>>> wrote:
>>>>
>>>>> Hello!
>>>>>
>>>>> Do you set your RNG as default when the engine is loaded?
>>>>>
>>>>> On Tue, Dec 9, 2014 at 10:44 PM, Brian Watson <bwats9999 at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hi,
>>>>>>    I am doing the following:
>>>>>>
>>>>>> 1. I have a dynamic engine that I would like to use to produce random
>>>>>> numbers on Android (aosp).
>>>>>> 2. I can successfully load the dynamic engine by using the Android
>>>>>> OpenSSLEngine.getInstance() which takes care of loading the engine and I
>>>>>> can see that the binding is there via bind_engine and bind_helper via some
>>>>>> debug prints that I have put in the engine. I follow this up by calling
>>>>>> ENGINE_set_default() for ENGINE_METHOD_RAND. I am using the Apache Harmony
>>>>>> jsse library.
>>>>>> 3. Some time later there is a call to SSL_CTX_new() which starts the
>>>>>> process of establishing the TLS session, etc.
>>>>>> 4. I would like to see my random number generator get invoked to
>>>>>> provide random numbers when needed, but for some reason the ssleay one is
>>>>>> being called.
>>>>>> 5. I can open an adb shell and run the openssl command and explicitly
>>>>>> load the engine via:
>>>>>>
>>>>>> openssl engine dynamic –pre
>>>>>> SO_PATH:/system/lib/ssl/engines/MyEngine.so –pre ID:myengine –pre LOAD.
>>>>>> With this I see my random number generator get used, but when I try to do
>>>>>> this programatically it doesn't get called.
>>>>>>
>>>>>>
>>>>>> I have a couple of questions:
>>>>>>
>>>>>>
>>>>>> 1. Should this work even when using the SSL_CTX... api's?
>>>>>>
>>>>>> 2. Am I setting up the engine too soon and then the SSL_CTX..
>>>>>> commands clear them out?
>>>>>>
>>>>>>
>>>>>> I've looked around a lot so any help would be greatly appreciated!
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>>    BW
>>>>>>
>>>>>> _______________________________________________
>>>>>> openssl-users mailing list
>>>>>> openssl-users at openssl.org
>>>>>> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> SY, Dmitry Belyavsky
>>>>>
>>>>> _______________________________________________
>>>>> openssl-users mailing list
>>>>> openssl-users at openssl.org
>>>>> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> openssl-users mailing list
>>>> openssl-users at openssl.org
>>>> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
>>>>
>>>>
>>>
>>>
>>> --
>>> SY, Dmitry Belyavsky
>>>
>>> _______________________________________________
>>> openssl-users mailing list
>>> openssl-users at openssl.org
>>> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
>>>
>>>
>>
>
> _______________________________________________
> openssl-users mailing list
> openssl-users at openssl.org
> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141212/8166d14d/attachment.html>

More information about the openssl-users mailing list