Re: dynamic engine load

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On Wed, May 26, 2021 at 4:45 PM Piotr Lobacz <piotr.lobacz@xxxxxxxxxxxx> wrote:
Btw i have verified that in openssl command line tool if i switch order from the one that worked for me:

OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/engines-1.1/libpkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/libckteec.so

to the one that was in the code:

OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/engines-1.1/libpkcs11.so -pre MODULE_PATH:/usr/lib/libckteec.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD

the error is the same as for me in the C# code. So the question is if you are telling me that the proper order is like that:

dynamic --> set SO_PATH --> LOAD and then set all parameters of
the engine that SO_PATH implements.

does the order which i used is also correct one?

The main error in your original code was setting MODULE_PATH on the dynamic engine instead of on pkcs11.  And, I mistyped saying set ID after LOAD. As for LIST_ADD, if required, should be specified before LOAD as it's a directive to the dynamic engine, not pkcs11.

It has been a while since I have looked into dynamic loading in detail, but here is my understanding. 

The dynamic engine supports only a few controls out of which the most useful ones are SO_PATH, ID and LIST_ADD. It won't understand MODULE_PATH. And, if  SO_PATH is not given, I think ID could be used to locate the so-path of the engine but I have never got it to work. In any case, as you are giving the full SO_PATH, you don't need to set the ID. A "wrong" ID may lead to load failure but no ID will succeed. There may be some use of ID if the same shared lib implements multiple engines with different IDs. I don't know.

The LOAD control causes the dynamic engine to convert itself to a new engine. Almost all engine parameters are wiped clean (including id and name) and the shared library pointed to by SO_PATH is loaded. The bind function defined in the shared lib gets executed which will fill-in the new engine parameters and set up the methods it supports. In the case of pkcs11, It sets the id to "pkcs11" on loading. So, after loading, querying the ID using Engine_get_id() will return "pkcs11".

LOAD also causes the engine to be added to the internal list if LIST_ADD was specified before LOAD, not otherwise.

Once loaded, the pkcs11 engine can handle controls like MODULE_PATH. It will use it to locate the module and load it when required -- usually after Engine_init() is called.

Selva

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux