Ok,
so from what you are saying, my order like this:

dynamic --> set SO_PATH --> LOAD and then set all parameters of
the engine that SO_PATH implements. i.e MODULE_PATH

is correct?

BR
Piotr
________________________________
Od: Selva Nair <selva.n...@gmail.com>
Wysłane: czwartek, 27 maja 2021 00:44
Do: Piotr Lobacz <piotr.lob...@softgent.com>
DW: openssl-users@openssl.org <openssl-users@openssl.org>
Temat: Re: dynamic engine load

Hi,

On Wed, May 26, 2021 at 4:45 PM Piotr Lobacz 
<piotr.lob...@softgent.com<mailto:piotr.lob...@softgent.com>> wrote:
Btw i have verified that in openssl command line tool if i switch order from 
the one that worked for me:

OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/engines-1.1/libpkcs11.so -pre 
ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/libckteec.so

to the one that was in the code:

OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/engines-1.1/libpkcs11.so -pre 
MODULE_PATH:/usr/lib/libckteec.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD

the error is the same as for me in the C# code. So the question is if you are 
telling me that the proper order is like that:

dynamic --> set SO_PATH --> LOAD and then set all parameters of
the engine that SO_PATH implements.

does the order which i used is also correct one?

The main error in your original code was setting MODULE_PATH on the dynamic 
engine instead of on pkcs11.  And, I mistyped saying set ID after LOAD. As for 
LIST_ADD, if required, should be specified before LOAD as it's a directive to 
the dynamic engine, not pkcs11.

It has been a while since I have looked into dynamic loading in detail, but 
here is my understanding.

The dynamic engine supports only a few controls out of which the most useful 
ones are SO_PATH, ID and LIST_ADD. It won't understand MODULE_PATH. And, if  
SO_PATH is not given, I think ID could be used to locate the so-path of the 
engine but I have never got it to work. In any case, as you are giving the full 
SO_PATH, you don't need to set the ID. A "wrong" ID may lead to load failure 
but no ID will succeed. There may be some use of ID if the same shared lib 
implements multiple engines with different IDs. I don't know.

The LOAD control causes the dynamic engine to convert itself to a new engine. 
Almost all engine parameters are wiped clean (including id and name) and the 
shared library pointed to by SO_PATH is loaded. The bind function defined in 
the shared lib gets executed which will fill-in the new engine parameters and 
set up the methods it supports. In the case of pkcs11, It sets the id to 
"pkcs11" on loading. So, after loading, querying the ID using Engine_get_id() 
will return "pkcs11".

LOAD also causes the engine to be added to the internal list if LIST_ADD was 
specified before LOAD, not otherwise.

Once loaded, the pkcs11 engine can handle controls like MODULE_PATH. It will 
use it to locate the module and load it when required -- usually after 
Engine_init() is called.

Selva
[https://softgent.com/wp-content/uploads/2020/01/Zasob-14.png]<https://www.softgent.com>

Softgent Sp. z o.o., Budowlanych 31d, 80-298 Gdansk, POLAND

KRS: 0000674406, NIP: 9581679801, REGON: 367090912

www.softgent.com

Sąd Rejonowy Gdańsk-Północ w Gdańsku, VII Wydział Gospodarczy Krajowego 
Rejestru Sądowego

KRS 0000674406, Kapitał zakładowy: 25 000,00 zł wpłacony w całości.

Reply via email to