Update: adding
ENGINE_init(e)
after
e = ENGINE_by_id("XXX");
doesn't make any difference, as in my case functional reference count is
8(???) at the moment of ENGINE_init(e) call, so engine is not
re-initialised. :(
On 4 January 2011 04:12, Andrey Kulikov <amde...@gmail.com> wrote:
> If we take a look at any ENGINE_load_XXX function, we find that they all
> has similar structure:
>
> ENGINE *toadd = engine_XXX();
> if(!toadd) return;
> ENGINE_add(toadd);
> ENGINE_free(toadd);
> ERR_clear_error();
>
> My question is: why we need call ENGINE_free(toadd) ??
> Somewhere inside it calls EVP_PKEY_asn1_free(), which besides everything
> else desroy all AMETH structures, created during engine initialization via
> EVP_PKEY_asn1_set_* .
>
> So, let's consider following example:
>
> CRYPTO_malloc_init();
> ERR_load_crypto_strings();
> ENGINE_load_builtin_engines();
>
> e = ENGINE_by_id("XXX");
> ENGINE_set_default(e, ENGINE_METHOD_ALL);
> OpenSSL_add_all_algorithms();
> OpenSSL_add_ssl_algorithms();
>
> EVP_PKEY *signing_key = ENGINE_load_private_key(e, NULL, NULL, NULL);
>
> // bla-bla-bla...
>
> And, if in engine load priv func we write something like
> EVP_PKEY *pkey = EVP_PKEY_new();
> pkey->ameth = ENGINE_get_pkey_asn1_meth(eng, NID_id_SOME_NID);
>
> it's not gonna work, because all ASN1 structures, carefully created by
> engine via calls to EVP_PKEY_asn1_set_* are invalid and possibly corrupted
> at this moment.
>
> Is it a design issue, or provided example is invalid (but it taken from
> openssl sources, hm...)?
>
>
