Hi,
Thanks again. This might sound like a very basic question but if I am right...the way to disable engine is to specify a -noengine flag while configuration rit? Also, does that automatically define the OPENSSL_NO_ENGINE flag?
Thanks for all the help.
Joe
Geoff Thorpe <[EMAIL PROTECTED]> wrote:
Geoff Thorpe <[EMAIL PROTECTED]> wrote:
On July 8, 2004 05:14 pm, Joe smith wrote:
> I really appreciate the quick response. Currently I am exploring how to
> use the RSA library. So lets take the rsa structure
[snip]
> So are you saying the ENGINE variable does not come into picture if we
> use RSA_generate_key(1024,65537,NULL,NULL); ?
Not necessarily. RSA_generate_key() is a deprecated wrapper around
RSA_generate_key_ex(), BTW. So you either get an RSA object allocated (by
the wrapper) or you allocate your own and pass it in (for the _ex()
variety), and in either case any RSA->ENGINE link has already been
established - the key-generation will simply use the RSA object's ENGINE
reference if it has one.
I suggest taking a look at the engine(3) man page from recent CVS
snapshots, and also taking a look at the README.ENGINE in the top-level
and th e README in the crypto/engine/ directories. These documents will
eventually be out of date and hopefully removed, but for now they're more
useful than they are annoying, so they will remain there a bit longer.
Beyond that, check out the source code, particularly the way API code for
RSA, DSA, [etc] use the various engine APIs - eg. crypto/rsa/rsa_lib.c,
crypto/evp/digest.c, [etc].
> Also, why is the CRYPTO_EX_DATA variable used?
This allows implementations (eg. an RSA_METHOD, [etc]) to attach arbitrary
data to objects (eg. RSA). They use CRYPTO_get_ex_new_index() (usually
via a wrapper, eg. RSA_get_ex_new_index()) to register a new type of data
identified by a unique index, then they use CRYPTO_[set|get]_ex_data()
(or corresponding wrappers; RSA_[set|get]_ex_data(), [etc]) to read/write
these values. For a concrete example, the ./engines/e_ncipher.c
implementation attaches a "key handle" to each RSA object that represents < BR>a key inside their crypto device. Search for 'hndidx_rsa".
Unfortunately, for more background, you'll just need to look through the
code and keep looking until it starts to make sense. It's not obvious
sometimes, but it will eventually start to yield if you're patient. :-)
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
