That solves the problem! I was missing the second "LOAD" command, to the OpenSSL stub, telling it where to find the Broadcom library.
Thanks! -----Original Message----- From: Geoff Thorpe [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 01, 2005 8:54 PM To: [email protected] Cc: Martin Del Vecchio Subject: Re: Problem using Broadcom uBSec engine in 0.9.8 Hi Martin, Comments inline. On October 28, 2005 09:54 am, Martin Del Vecchio wrote: > Yes, there are two different libubsec.so libraries: > > 1) The one built in OpenSSL with "./config shared"; this > is the stub library that contains "bind_engine", etc. > > 2) The one provided by the Broadcom SDK; this is the actual > library that contains "ubsec_bits_to_bytes", etc. > > If I put 1) in the "right" place (/usr/local/ssl/lib/engines), then > ENGINE_by_id ("ubsec") succeeds. If I remove it from that directory, > then ENGINE_by_id ("ubsec") fails. > > So I put 1) in the "right" place. Then I load the "dynamic" engine: > > Engine = ENGINE_by_id ("dynamic"); > > and give it the following commands: > > Return = ENGINE_ctrl_cmd_string (Engine, "SO_PATH", "ubsec", 0); > Return = ENGINE_ctrl_cmd_string (Engine, "LOAD", NULL, 0); These three steps are essentially what 'ENGINE_by_id("ubsec")' does. The result is that 'Engine' is now the "ubsec" engine and no longer the (or rather a copy of the) "dynamic" engine. > Both succeed; it find the library in in /usr/local/ssl/lib/engines/, > which is the OpenSSL stub. But when I run: > > Return = ENGINE_set_default (Engine, ENGINE_METHOD_ALL); > > It fails, because it can't find the "ubsec_bits_to_bytes" symbol. Yup, ENGINE_set_default() will try to initialise the engine - if it isn't already initialised - before setting it as a default implementation. Loading the broadcom library is delayed until the initialisation step to ensure you can always get a "structural" reference to an engine, whether or not you have the corresponding hardware, drivers, [etc]. Eg. it's what allows you see the ctrl-commands available for engines even if you can't initialise them as yet; 'apps/openssl engine -vvvv' > So > it smells like it wants the Broadcom library in the "LOAD" command, so > I change that to: > > Return = ENGINE_ctrl_cmd_string (Engine, "SO_PATH", > "/usr/lib/libubsec.so", 0); > > Which is where the Broadcom library is. Now the "LOAD" command fails, > because it can't find the "bind_engine" symbol. So now it's looking > for the OpenSSL stub library there! So then I renamed the Broadcom > library to /usr/lib/bc.libubsec.so, and said: > > Return = ENGINE_ctrl_cmd_string (Engine, "SO_PATH", > "/usr/lib/bc.libubsec.so", 0); > > And I got the same error. Did you do this as a replacement for the earlier "SO_PATH" step (ie. prior to the "LOAD")? Until you run the "LOAD" command, 'Engine' is the "dynamic" engine. Once you've called "LOAD", 'Engine' is the loaded "ubsec" engine. At this point, the "SO_PATH" ctrl-command is the one implemented by the "ubsec" engine and not that of the "dynamic" engine, ie. it refers to the broadcom library and not the engine library, but that's only *after* the "LOAD". I think this is probably what you're missing - let me know if I've misunderstood. So, you probably want; #ifdef DO_IT_THE_LONG_WAY /* SO_PATH points the "dynamic" engine to the ubsec engine */ Engine = ENGINE_by_id ("dynamic"); Return = ENGINE_ctrl_cmd_string (Engine, "SO_PATH", "ubsec", 0); /* LOAD changes 'Engine' to be a "ubsec" engine handle */ Return = ENGINE_ctrl_cmd_string (Engine, "LOAD", NULL, 0); #else /* This achieves the same thing as above, if the library has the * appropriate file-name and path. */ Engine = ENGINE_by_id ("ubsec"); #endif /* SO_PATH points the "ubsec" engine to the broadcom library */ Return = ENGINE_ctrl_cmd_string (Engine, "SO_PATH", "bc.libubsec.so", 0); /* This implicitly initialises the engine */ Return = ENGINE_set_default (Engine, ENGINE_METHOD_ALL); Cheers, Geoff -- Geoff Thorpe [EMAIL PROTECTED] http://www.geoffthorpe.net/ Self-interest and materialistic desire are parts of who we are, but not all. To base a social and economic system on these traits is dangerously fundamentalist. -- Joel Bakan ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
