I had similar trouble a while ago. I understood that if crypto/ssl application need to use RAND method before the intended engine is loaded, default_RAND_method would be populated with RAND_SSLeay(). ENGINE_set_RAND wouldn't overwrite this as rand wrappers prefer default_RAND_method than engine's default RAND method. So, One need to explicitly call either RAND_set_rand_method(rand_method_pointer) if one can directly access engine's rand method or RAND_set_rand_engine(e) where e is preferred engine's reference. Thanks, Thulasi. On 10 December 2014 at 22:05, Brian Watson <bwats9999 at gmail.com> wrote: > > I checked and ENGINE_set_RAND function is being called. What I can't > figure out is the following: > > 1. RAND_get_rand_method() is called to get the random method and in a > normal case default_RAND_METHOD would be null which would cause code to > call ENGINE_get_rand() to be called to get the random method for the engine > associated for RAND. > 2. In my particular case something has already caused default_RAND_METHOD > to be populated before I load my engine and the only place I see that it > can get reset is via RAND_set_rand_method() which can be called by > RAND_cleanup() and ENGINE_cleanup(). > > Any ideas? > > On Wed, Dec 10, 2014 at 8:25 AM, Brian Watson <bwats9999 at gmail.com> wrote: > >> I didn't call that one, but I'll give it a try. I also read that if >> someone subsequently calls ENGINE_load_builtin_engines()that it'll reset >> things back to how they were so I'll look at that also. >> >> Thanks, >> BW >> >> On Wed, Dec 10, 2014 at 1:06 AM, Dmitry Belyavsky <beldmit at gmail.com> >> wrote: >> >>> Hello Brian, >>> >>> Do you call ENGINE_set_RAND function? >>> >>> On Tue, Dec 9, 2014 at 11:19 PM, Brian Watson <bwats9999 at gmail.com> >>> wrote: >>> >>>> I thought that's what the following does: >>>> >>>> ENGINE_set_default(engine, ENGINE_METHOD_RAND). >>>> >>>> I'm also trying to figure out in rand_lib.c and RAND_get_rand_method() >>>> what causes default_RAND_meth to change. >>>> >>>> Thanks, >>>> BW >>>> >>>> On Tue, Dec 9, 2014 at 1:52 PM, Dmitry Belyavsky <beldmit at gmail.com> >>>> wrote: >>>> >>>>> Hello! >>>>> >>>>> Do you set your RNG as default when the engine is loaded? >>>>> >>>>> On Tue, Dec 9, 2014 at 10:44 PM, Brian Watson <bwats9999 at gmail.com> >>>>> wrote: >>>>> >>>>>> Hi, >>>>>> I am doing the following: >>>>>> >>>>>> 1. I have a dynamic engine that I would like to use to produce random >>>>>> numbers on Android (aosp). >>>>>> 2. I can successfully load the dynamic engine by using the Android >>>>>> OpenSSLEngine.getInstance() which takes care of loading the engine and I >>>>>> can see that the binding is there via bind_engine and bind_helper via some >>>>>> debug prints that I have put in the engine. I follow this up by calling >>>>>> ENGINE_set_default() for ENGINE_METHOD_RAND. I am using the Apache Harmony >>>>>> jsse library. >>>>>> 3. Some time later there is a call to SSL_CTX_new() which starts the >>>>>> process of establishing the TLS session, etc. >>>>>> 4. I would like to see my random number generator get invoked to >>>>>> provide random numbers when needed, but for some reason the ssleay one is >>>>>> being called. >>>>>> 5. I can open an adb shell and run the openssl command and explicitly >>>>>> load the engine via: >>>>>> >>>>>> openssl engine dynamic ?pre >>>>>> SO_PATH:/system/lib/ssl/engines/MyEngine.so ?pre ID:myengine ?pre LOAD. >>>>>> With this I see my random number generator get used, but when I try to do >>>>>> this programatically it doesn't get called. >>>>>> >>>>>> >>>>>> I have a couple of questions: >>>>>> >>>>>> >>>>>> 1. Should this work even when using the SSL_CTX... api's? >>>>>> >>>>>> 2. Am I setting up the engine too soon and then the SSL_CTX.. >>>>>> commands clear them out? >>>>>> >>>>>> >>>>>> I've looked around a lot so any help would be greatly appreciated! >>>>>> >>>>>> >>>>>> Thanks, >>>>>> >>>>>> BW >>>>>> >>>>>> _______________________________________________ >>>>>> openssl-users mailing list >>>>>> openssl-users at openssl.org >>>>>> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> SY, Dmitry Belyavsky >>>>> >>>>> _______________________________________________ >>>>> openssl-users mailing list >>>>> openssl-users at openssl.org >>>>> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> openssl-users mailing list >>>> openssl-users at openssl.org >>>> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users >>>> >>>> >>> >>> >>> -- >>> SY, Dmitry Belyavsky >>> >>> _______________________________________________ >>> openssl-users mailing list >>> openssl-users at openssl.org >>> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users >>> >>> >> > > _______________________________________________ > openssl-users mailing list > openssl-users at openssl.org > https://mta.opensslfoundation.net/mailman/listinfo/openssl-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141212/8166d14d/attachment.html>
