'Re: steps to use a dynamic engine from an application'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Re: steps to use a dynamic engine from an application
From:       Geoff Thorpe <geoff () openssl ! org>
Date:       2005-11-30 5:10:08
Message-ID: 200511300010.09050.geoff () geoffthorpe ! net
[Download RAW message or body]

Hi there,

On November 29, 2005 03:05 pm, Anil Gunturu wrote:
> I am just wondering about the steps to use a dynamic engine. Can
> somebody verify this:

>       e = ENGINE_by_id("dynamic"); 
>       if (!e) {
>         return RC_ERROR;
>     }
>       if ((!ENGINE_ctrl_cmd_string(e, "SO_PATH", so_path, 0)) ||
>         (!ENGINE_ctrl_cmd_string(e, "ID", "ATHENA", 0)) ||
>         (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)))
>     {
>         ENGINE_free(e);
>         return RC_ERROR;
>     }

All of that should be equivalent to ENGINE_by_id("athena") if the engine 
has the appropriate name/path and you're using a recent version of 
openssl. But if that works for you, cool.

>       if (!ENGINE_init(e)) {
>         ENGINE_free(e);
>         return RC_ERROR;
>     }
>
>       ENGINE_set_default_RSA(e);
>
>   Also, when do I need to call ENGINE_finish() and ENGINE_free()?

Up until you call ENGINE_init() all you have is a *structural* reference, 
the engine may not be able to do anything (eg. if it's for hardware you 
don't have) but it lets you manipulate it. This reference should be 
released by ENGINE_free(). If ENGINE_init() succeeds, you have a 
*functional* reference as well, which is released by ENGINE_finish(). In 
your case, you've got one of each kind of reference so you'd need to 
release both.

However, ENGINE_set_default_RSA() will attempt to initialise the engine if 
it's not already initialised anyway (it can't be a default unless it's 
*working*). So don't bother trying to initialise it, then you only need 
to call ENGINE_free() once you're done. You need to check the return 
value of ENGINE_set_default_RSA() though if you want to know if it 
succeeded.

BTW, your application needs to call ENGINE_cleanup() when closing down, as 
this releases any/all internal references. Eg. ENGINE_set_default_RSA() 
causes an internal functional reference to be kept internally to prevent 
the engine from deinitialising/unloading.

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@openssl.org
http://www.openssl.org/

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic