Re: steps to use a dynamic engine from an application

Sat, 03 Dec 2005 16:03:57 -0800 

On December 1, 2005 01:20 pm, Anil Gunturu wrote:
> Thank you for your response. I have couple of more questions:
>   - If I use ENGINE_by_id("athena"), what should be the name and path
> of engine implementation.

It depends on how the source was configured/built. Typically it will be 
within an 'engines' sub-directory of the installation path. The source is 
your friend for things like this. If you're using a prebuilt package, 
that is just as difficult to predict from here, but running 'strace' on 
an openssl binary when it tries to load dynamic engines would be a quick 
trick to figure it out (grep the output for "libathena", for example).

>   - I understand that ENGINE_cleanup() should 
> be called before shutting down the application, but can I call
> ENGINE_finish() and ENGINE_free() before application has done using the
> Engine?

If you have your own references, yes you have to release them. Likewise, 
if the library maintains its own internal references (eg. when you 
register an engine into the internal list(s) - whether as a default 
implementation or not) you have to tell the library to release its own 
references too, using ENGINE_cleanup(). Failing to do either will result 
in the ENGINE not being unloaded (although if your app exits, the kernel 
will of course clean up anything stray). Again, if you're not sure what's 
going on here, take a look at the source (in ./crypto/engine/) and it may 
become clearer. The engine structure, internally, maintains two reference 
counts; 'struct_ref' and 'funct_ref'. The latter is like a specialised 
form of the former - if you increment funct_ref, you should also 
increment struct_ref - so struct_ref>=funct_ref at all times. 
'struct_ref' represents references to the structure itself, whether it's 
enabled or not. 'funct_ref' represents 'enabled' references - so the 
engine is initialised if and only if funct_ref>=1.

Hope that helps,
Geoff

-- 
Geoff Thorpe
[EMAIL PROTECTED]
http://www.openssl.org/

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to