Hi, Maybe you could have a look at "ssl/man/man3/engine.3", there is some explanation on how engine works.
Some sample code could also be found in fiel apps/apps.c the following function: ENGINE *setup_engine(BIO *err, const char *engine, int debug) You could also have a lok at apps/engine.c file. hope it could help. Fred -----Original Message----- From: JCA [mailto:[EMAIL PROTECTED] Sent: Mon 1/23/2006 9:00 PM To: openssl-users@openssl.org Cc: Subject: Re: Dynamic Engine II I would have thought that without the appropriate hardware you won't be able to use the engine. But, assuming that you have it, you would something like this: #define CRYPTO_ENGINE_NAME "EngineName" ENGINE * engine ; // Initialize the OpenSSL library. SSL_library_init() ; SSL_load_error_strings(); // Load the specified crypto engine, and make it the default for OpenSSL // in the cases specified below. ENGINE_load_builtin_engines() ; engine = ENGINE_by_id(CRYPTO_ENGINE_NAME) ; if (engine) { ENGINE_set_default_RAND(engine) ; ENGINE_set_default_RSA(engine) ; ENGINE_set_default_ciphers(engine) ; ENGINE_set_default_digests(engine) ; ENGINE_finish(engine) ; ENGINE_free(engine) ; } From this point onwards, calls to the EVP interface will use the particular crypto engine that you have specified. Your engine might not implement all of this crypto though. Also, you have to make use of the EVP interface - otherwise you are screwed. The non EVP interface for crypto in OpenSSL is just another item that will hopefully some day be removed from the OpenSSL API, in order to make it slightly less cumbersome and monstrous. On 1/23/06, Sara Fonseca <[EMAIL PROTECTED]> wrote: > > Ok... If i wanted to test those example engines, how could i do that? > Is there any way to test them without the hardware? I loaded it > sucessfully: > > ../apps/openssl engine dynamic -pre SO_PATH:./libatalla.so -pre LOAD > (dynamic) Dynamic engine loading support > [Success]: SO_PATH:./libatalla.so > [Success]: LOAD > Loaded: (atalla) Atalla hardware engine support > > How could I use it now? > > thanks again > > Sara > > On 1/23/06, JCA <[EMAIL PROTECTED]> wrote: > > OpenSSL's Achilles's heel is its incomplete documentation, and the > fact > > that apparently nobody seems to know the answer to a large percentage of > > questions, if this forum is a measure of that. Anyway, having gone > through > > the exercise of putting together a crypto engine for OpenSSL, just about > the > > only thing that helped me was the code available for other crypto > engines > > already in the OpenSSL distribution itself. > > > > > > > > > > On 1/23/06, Sara Fonseca <[EMAIL PROTECTED]> wrote: > > > > > > Hello everybody, > > > > > > is there any documenation on how to create a dynamic engine, other > > > than README.ENGINE? I checked the eng_dyn.c file on crypto/engine in > > > the 9.8a OpenSSL distribuition. Is that a good start? > > > > > > thanks > > > > > > Sara > > > > > ______________________________________________________________________ > > > OpenSSL Project > > http://www.openssl.org > > > User Support Mailing List openssl-users@openssl.org > > > Automated List Manager > > [EMAIL PROTECTED] > > > > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
