Hi Martin,
Comments inline.
On October 28, 2005 09:54 am, Martin Del Vecchio wrote:
> Yes, there are two different libubsec.so libraries:
>
> 1) The one built in OpenSSL with "./config shared"; this
> is the stub library that contains "bind_engine", etc.
>
> 2) The one provided by the Broadcom SDK; this is the actual
> library that contains "ubsec_bits_to_bytes", etc.
>
> If I put 1) in the "right" place (/usr/local/ssl/lib/engines), then
> ENGINE_by_id ("ubsec") succeeds. If I remove it from that directory,
> then ENGINE_by_id ("ubsec") fails.
>
> So I put 1) in the "right" place. Then I load the "dynamic" engine:
>
> Engine = ENGINE_by_id ("dynamic");
>
> and give it the following commands:
>
> Return = ENGINE_ctrl_cmd_string (Engine, "SO_PATH", "ubsec", 0);
> Return = ENGINE_ctrl_cmd_string (Engine, "LOAD", NULL, 0);
These three steps are essentially what 'ENGINE_by_id("ubsec")' does. The
result is that 'Engine' is now the "ubsec" engine and no longer the (or
rather a copy of the) "dynamic" engine.
> Both succeed; it find the library in in /usr/local/ssl/lib/engines/,
> which is the OpenSSL stub. But when I run:
>
> Return = ENGINE_set_default (Engine, ENGINE_METHOD_ALL);
>
> It fails, because it can't find the "ubsec_bits_to_bytes" symbol.
Yup, ENGINE_set_default() will try to initialise the engine - if it isn't
already initialised - before setting it as a default implementation.
Loading the broadcom library is delayed until the initialisation step to
ensure you can always get a "structural" reference to an engine, whether
or not you have the corresponding hardware, drivers, [etc]. Eg. it's what
allows you see the ctrl-commands available for engines even if you can't
initialise them as yet; 'apps/openssl engine -vvvv'
> So
> it smells like it wants the Broadcom library in the "LOAD" command,
> so I change that to:
>
> Return = ENGINE_ctrl_cmd_string (Engine, "SO_PATH",
> "/usr/lib/libubsec.so", 0);
>
> Which is where the Broadcom library is. Now the "LOAD" command fails,
> because it can't find the "bind_engine" symbol. So now it's looking
> for the OpenSSL stub library there! So then I renamed the Broadcom
> library to /usr/lib/bc.libubsec.so, and said:
>
> Return = ENGINE_ctrl_cmd_string (Engine, "SO_PATH",
> "/usr/lib/bc.libubsec.so", 0);
>
> And I got the same error.
Did you do this as a replacement for the earlier "SO_PATH" step (ie. prior
to the "LOAD")? Until you run the "LOAD" command, 'Engine' is the
"dynamic" engine. Once you've called "LOAD", 'Engine' is the loaded
"ubsec" engine. At this point, the "SO_PATH" ctrl-command is the one
implemented by the "ubsec" engine and not that of the "dynamic" engine,
ie. it refers to the broadcom library and not the engine library, but
that's only *after* the "LOAD". I think this is probably what you're
missing - let me know if I've misunderstood.
So, you probably want;
#ifdef DO_IT_THE_LONG_WAY
/* SO_PATH points the "dynamic" engine to the ubsec engine */
Engine = ENGINE_by_id ("dynamic");
Return = ENGINE_ctrl_cmd_string (Engine, "SO_PATH", "ubsec", 0);
/* LOAD changes 'Engine' to be a "ubsec" engine handle */
Return = ENGINE_ctrl_cmd_string (Engine, "LOAD", NULL, 0);
#else
/* This achieves the same thing as above, if the library has the
* appropriate file-name and path. */
Engine = ENGINE_by_id ("ubsec");
#endif
/* SO_PATH points the "ubsec" engine to the broadcom library */
Return = ENGINE_ctrl_cmd_string (Engine, "SO_PATH", "bc.libubsec.so", 0);
/* This implicitly initialises the engine */
Return = ENGINE_set_default (Engine, ENGINE_METHOD_ALL);
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
Self-interest and materialistic desire are parts of who we are, but
not all. To base a social and economic system on these traits is
dangerously fundamentalist.
-- Joel Bakan
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
