Hi,
Maybe you could have a look at "ssl/man/man3/engine.3", there is some explanation on how engine works.
Some sample code could also be found in fiel apps/apps.c the following function:
ENGINE *setup_engine(BIO *err, const char *engine, int debug)
You could also have a lok at apps/engine.c file.
hope it could help.
Fred
-----Original Message-----
From: JCA [mailto:
[hidden email]]
Sent: Mon 1/23/2006 9:00 PM
To:
[hidden email]
Cc:
Subject: Re: Dynamic Engine II
I would have thought that without the appropriate hardware you won't
be able to use the engine. But, assuming that you have it, you would
something like this:
#define CRYPTO_ENGINE_NAME "EngineName"
ENGINE * engine ;
// Initialize the OpenSSL library.
SSL_library_init() ;
SSL_load_error_strings();
// Load the specified crypto engine, and make it the default for
OpenSSL
// in the cases specified below.
ENGINE_load_builtin_engines() ;
engine = ENGINE_by_id(CRYPTO_ENGINE_NAME) ;
if (engine) {
ENGINE_set_default_RAND(engine) ;
ENGINE_set_default_RSA(engine) ;
ENGINE_set_default_ciphers(engine) ;
ENGINE_set_default_digests(engine) ;
ENGINE_finish(engine) ;
ENGINE_free(engine) ;
}
From this point onwards, calls to the EVP interface will use the
particular crypto engine that you have specified. Your engine might not
implement all of this crypto though. Also, you have to make use of the EVP
interface - otherwise you are screwed. The non EVP interface for crypto in
OpenSSL is just another item that will hopefully some day be removed from
the OpenSSL API, in order to make it slightly less cumbersome and monstrous.
On 1/23/06, Sara Fonseca <
[hidden email]> wrote:
>
> Ok... If i wanted to test those example engines, how could i do that?
> Is there any way to test them without the hardware? I loaded it
> sucessfully:
>
> ../apps/openssl engine dynamic -pre SO_PATH:./libatalla.so -pre LOAD
> (dynamic) Dynamic engine loading support
> [Success]: SO_PATH:./libatalla.so
> [Success]: LOAD
> Loaded: (atalla) Atalla hardware engine support
>
> How could I use it now?
>
> thanks again
>
> Sara
>
> On 1/23/06, JCA <
[hidden email]> wrote:
> > OpenSSL's Achilles's heel is its incomplete documentation, and the
> fact
> > that apparently nobody seems to know the answer to a large percentage of
> > questions, if this forum is a measure of that. Anyway, having gone
> through
> > the exercise of putting together a crypto engine for OpenSSL, just about
> the
> > only thing that helped me was the code available for other crypto
> engines
> > already in the OpenSSL distribution itself.
> >
> >
> >
> >
> > On 1/23/06, Sara Fonseca <
[hidden email]> wrote:
> > >
> > > Hello everybody,
> > >
> > > is there any documenation on how to create a dynamic engine, other
> > > than README.ENGINE? I checked the eng_dyn.c file on crypto/engine in
> > > the 9.8a OpenSSL distribuition. Is that a good start?
> > >
> > > thanks
> > >
> > > Sara
> > >
> > ______________________________________________________________________
> > > OpenSSL Project
> >
http://www.openssl.org> > > User Support Mailing List
[hidden email]
> > > Automated List Manager
> >
[hidden email]
> > >
> >
> >
> ______________________________________________________________________
> OpenSSL Project
http://www.openssl.org> User Support Mailing List
[hidden email]
> Automated List Manager
[hidden email]
>
______________________________________________________________________
OpenSSL Project
http://www.openssl.orgUser Support Mailing List
[hidden email]
Automated List Manager
[hidden email]
Locked
