steps to use a dynamic engine from an application

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

steps to use a dynamic engine from an application

Anil Gunturu
I am just wondering about the steps to use a dynamic engine. Can somebody verify this:
    e = ENGINE_by_id("dynamic");
    if (!e) {
        return RC_ERROR;
    }
    if ((!ENGINE_ctrl_cmd_string(e, "SO_PATH", so_path, 0)) ||
        (!ENGINE_ctrl_cmd_string(e, "ID", "ATHENA", 0)) ||
        (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)))
    {
        ENGINE_free(e);
        return RC_ERROR;
    }
 
    if (!ENGINE_init(e)) {
        ENGINE_free(e);
        return RC_ERROR;
    }
   
    ENGINE_set_default_RSA(e);
 
Also, when do I need to call ENGINE_finish() and ENGINE_free()?
Thanks,
-Anil


Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
Reply | Threaded
Open this post in threaded view
|

Re: steps to use a dynamic engine from an application

Geoff Thorpe-2
Hi there,

On November 29, 2005 03:05 pm, Anil Gunturu wrote:
> I am just wondering about the steps to use a dynamic engine. Can
> somebody verify this:

>       e = ENGINE_by_id("dynamic");
>       if (!e) {
>         return RC_ERROR;
>     }
>       if ((!ENGINE_ctrl_cmd_string(e, "SO_PATH", so_path, 0)) ||
>         (!ENGINE_ctrl_cmd_string(e, "ID", "ATHENA", 0)) ||
>         (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)))
>     {
>         ENGINE_free(e);
>         return RC_ERROR;
>     }

All of that should be equivalent to ENGINE_by_id("athena") if the engine
has the appropriate name/path and you're using a recent version of
openssl. But if that works for you, cool.

>       if (!ENGINE_init(e)) {
>         ENGINE_free(e);
>         return RC_ERROR;
>     }
>
>       ENGINE_set_default_RSA(e);
>
>   Also, when do I need to call ENGINE_finish() and ENGINE_free()?

Up until you call ENGINE_init() all you have is a *structural* reference,
the engine may not be able to do anything (eg. if it's for hardware you
don't have) but it lets you manipulate it. This reference should be
released by ENGINE_free(). If ENGINE_init() succeeds, you have a
*functional* reference as well, which is released by ENGINE_finish(). In
your case, you've got one of each kind of reference so you'd need to
release both.

However, ENGINE_set_default_RSA() will attempt to initialise the engine if
it's not already initialised anyway (it can't be a default unless it's
*working*). So don't bother trying to initialise it, then you only need
to call ENGINE_free() once you're done. You need to check the return
value of ENGINE_set_default_RSA() though if you want to know if it
succeeded.

BTW, your application needs to call ENGINE_cleanup() when closing down, as
this releases any/all internal references. Eg. ENGINE_set_default_RSA()
causes an internal functional reference to be kept internally to prevent
the engine from deinitialising/unloading.

Cheers,
Geoff

--
Geoff Thorpe
[hidden email]
http://www.openssl.org/

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: steps to use a dynamic engine from an application

Anil Gunturu
Thank you for your response. I have couple of more questions:
- If I use ENGINE_by_id("athena"), what should be the name and path of engine implementation.
- I understand that ENGINE_cleanup() should be called before shutting down the application, but can I call ENGINE_finish() and ENGINE_free() before application has done using the Engine?
 
Thanks,
-Anil
 


Geoff Thorpe <[hidden email]> wrote:
Hi there,

On November 29, 2005 03:05 pm, Anil Gunturu wrote:
> I am just wondering about the steps to use a dynamic engine. Can
> somebody verify this:

> e = ENGINE_by_id("dynamic");
> if (!e) {
> return RC_ERROR;
> }
> if ((!ENGINE_ctrl_cmd_string(e, "SO_PATH", so_path, 0)) ||
> (!ENGINE_ctrl_cmd_string(e, "ID", "ATHENA", 0)) ||
> (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)))
> {
> ENGINE_free(e);
> return RC_ERROR;
> }

All of that should be equivalent to ENGINE_by_id("athena") if the engine
has the appropriate name/path and you're using a recent version of
openssl. But if that works for you, cool.

> if (!ENGINE_init(e)) {
> ENGINE_free(e);
> return RC_ERROR;
> }
>
> ENGINE_set_default_RSA(e);
>
> Also, when do I need to call ENGINE_finish() and ENGINE_free()?

Up until you call ENGINE_init() all you have is a *structural* reference,
the engine may not be able to do anything (eg. if it's for hardware you
don't have) but it lets you manipulate it. This reference should be
released by ENGINE_free(). If ENGINE_init() succeeds, you have a
*functional* reference as well, which is released by ENGINE_finish(). In
your case, you've got one of each kind of reference so you'd need to
release both.

However, ENGINE_set_default_RSA() will attempt to initialise the engine if
it's not already initialised anyway (it can't be a default unless it's
*working*). So don't bother trying to initialise it, then you only need
to call ENGINE_free() once you're done. You need to check the return
value of ENGINE_set_default_RSA() though if you want to know if it
succeeded.

BTW, your application needs to call ENGINE_cleanup() when closing down, as
this releases any/all internal references. Eg. ENGINE_set_default_RSA()
causes an internal functional reference to be kept internally to prevent
the engine from deinitialising/unloading.

Cheers,
Geoff

--
Geoff Thorpe
[hidden email]
http://www.openssl.org/

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]


Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
Reply | Threaded
Open this post in threaded view
|

Re: steps to use a dynamic engine from an application

Dr. Stephen Henson
On Thu, Dec 01, 2005, Anil Gunturu wrote:

> Thank you for your response. I have couple of more questions:
>   - If I use ENGINE_by_id("athena"), what should be the name and path of engine implementation.
>   - I understand that ENGINE_cleanup() should be called before shutting down the application, but can I call ENGINE_finish() and ENGINE_free() before application has done using the Engine?
>    

If you just want to load a dynamic ENGINE and set it as the default
implementation for (for example) RSA you might want to consider the autoconfig
mechanism.

That allows the various ENGINE parameters to be set in a config file.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: steps to use a dynamic engine from an application

Geoff Thorpe-2
In reply to this post by Anil Gunturu
On December 1, 2005 01:20 pm, Anil Gunturu wrote:
> Thank you for your response. I have couple of more questions:
>   - If I use ENGINE_by_id("athena"), what should be the name and path
> of engine implementation.

It depends on how the source was configured/built. Typically it will be
within an 'engines' sub-directory of the installation path. The source is
your friend for things like this. If you're using a prebuilt package,
that is just as difficult to predict from here, but running 'strace' on
an openssl binary when it tries to load dynamic engines would be a quick
trick to figure it out (grep the output for "libathena", for example).

>   - I understand that ENGINE_cleanup() should
> be called before shutting down the application, but can I call
> ENGINE_finish() and ENGINE_free() before application has done using the
> Engine?

If you have your own references, yes you have to release them. Likewise,
if the library maintains its own internal references (eg. when you
register an engine into the internal list(s) - whether as a default
implementation or not) you have to tell the library to release its own
references too, using ENGINE_cleanup(). Failing to do either will result
in the ENGINE not being unloaded (although if your app exits, the kernel
will of course clean up anything stray). Again, if you're not sure what's
going on here, take a look at the source (in ./crypto/engine/) and it may
become clearer. The engine structure, internally, maintains two reference
counts; 'struct_ref' and 'funct_ref'. The latter is like a specialised
form of the former - if you increment funct_ref, you should also
increment struct_ref - so struct_ref>=funct_ref at all times.
'struct_ref' represents references to the structure itself, whether it's
enabled or not. 'funct_ref' represents 'enabled' references - so the
engine is initialised if and only if funct_ref>=1.

Hope that helps,
Geoff

--
Geoff Thorpe
[hidden email]
http://www.openssl.org/

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]