OpenSSL dynamic engine loading shows error

Dmitry Belyavsky beldmit at gmail.com
Thu Aug 26 13:38:39 UTC 2021


Dear Shariful,

1. Don't hurry :)
2. It looks like there are some more configuration options in your
openssl.cnf [rsa_section]
I think they came from the standard configuration. So if I am wrong, please
provide the whole file.
3. I'd recommend you also update the lines
`
static const char *engine_dasync_id = "dasync";
static const char *engine_dasync_name = "Dummy Async engine support";
`
To be consistent with your engine name

On Thu, Aug 26, 2021 at 3:24 PM Shariful Alam <dipto181 at gmail.com> wrote:

> Any help regarding this matter??
>
> Regards,
> Shariful
>
> On Thu, Aug 26, 2021, 12:06 AM Shariful Alam <dipto181 at gmail.com> wrote:
>
>> Hello,
>>
>> I have a simple rsa engine code (from engines/e_dasync.c). My code
>> compiles. Command "*$openssl engine -t -c*" shows the following,
>>
>>
>>  openssl engine -t -c
>>
>> (rdrand) Intel RDRAND engine
>>
>>  [RAND]
>>
>>      [ available ]
>>
>> (dynamic) Dynamic engine loading support
>>
>>      [ unavailable ]
>>
>> (dasync) Dummy Async engine support
>>
>>  [RSA]
>>
>>      [ available ]
>>
>>
>> I also modify *openssl.cnf* configuration as following to load this
>> engine,
>>
>>
>> openssl_conf = openssl_def
>>
>>
>> [openssl_def]
>>
>> engines = engine_section
>>
>>
>> [engine_section]
>>
>> rsa-engine-new = rsa_section
>>
>>
>> [rsa_section]
>>
>> engine_id = rsa-engine-new
>>
>>
>> Then when I run the command "$*openssl engine*", I get the following
>> error,
>>
>> $openssl engine
>>
>> (rdrand) Intel RDRAND engine
>>
>> (dynamic) Dynamic engine loading support
>>
>> (dasync) Dummy Async engine support
>>
>> 139633213376256:error:260AB089:engine
>> routines:ENGINE_ctrl_cmd_string:invalid cmd
>> name:crypto/engine/eng_ctrl.c:255:
>>
>> 139633213376256:error:260BC066:engine
>> routines:int_engine_configure:engine configuration
>> error:crypto/engine/eng_cnf.c:141:section=rsa_section, name=oid_section,
>> value=new_oids
>>
>> 139633213376256:error:0E07606D:configuration file
>> routines:module_run:module initialization
>> error:crypto/conf/conf_mod.c:177:module=engines, value=engine_section,
>> retcode=-1
>>
>>
>> Any help why is this happening? How can I fix this?
>>
>> My goal is to use my OpenSSL engine with Apache for mod_ssl. Do I have to
>> compile my engine with the OpenSSL source code to do that?
>>
>>
>> Here is the complete source code of my sample engine,
>>
>> ==============================================
>>
>>
>> #include <stdio.h>
>>
>> #include <string.h>
>>
>>
>> #include <openssl/engine.h>
>>
>> #include <openssl/sha.h>
>>
>> #include <openssl/aes.h>
>>
>> #include <openssl/rsa.h>
>>
>> #include <openssl/evp.h>
>>
>> #include <openssl/async.h>
>>
>> #include <openssl/bn.h>
>>
>> #include <openssl/crypto.h>
>>
>> #include <openssl/ssl.h>
>>
>> #include <openssl/modes.h>
>>
>>
>> /* Engine Id and Name */
>>
>> static const char *engine_dasync_id = "dasync";
>>
>> static const char *engine_dasync_name = "Dummy Async engine support";
>>
>>
>> static int dasync_pub_enc(int flen, const unsigned char *from,
>>
>>                     unsigned char *to, RSA *rsa, int padding) {
>>
>> printf("dasync_pub_enc\n");
>>
>>
>>
>> return 0;
>>
>> }
>>
>>
>> static int dasync_pub_dec(int flen, const unsigned char *from,
>>
>>                     unsigned char *to, RSA *rsa, int padding) {
>>
>> printf("dasync_pub_dec\n");
>>
>>
>>
>> return 0;
>>
>> }
>>
>>
>> static int dasync_rsa_priv_enc(int flen, const unsigned char *from,
>> unsigned char *to, RSA *rsa, int padding){
>>
>>      printf("dasync_rsa_priv_enc\n");
>>
>> return 0;
>>
>> }
>>
>>
>> static int dasync_rsa_priv_dec(int flen, const unsigned char *from,
>> unsigned char *to, RSA *rsa, int padding){
>>
>> printf("dasync_rsa_priv_dec\n");
>>
>> return 0;
>>
>> }
>>
>>
>>
>> static RSA_METHOD *dasync_rsa_method = NULL;
>>
>>
>>
>> static int bind_dasync(ENGINE *e){
>>
>>     /* Setup RSA_METHOD */
>>
>>     if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0))
>> == NULL
>>
>>         || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0
>>
>>         || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0
>>
>>         || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc)
>> == 0
>>
>>         || RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec)
>> == 0
>>
>> ) {
>>
>>
>>         return 0;
>>
>>     }
>>
>>
>>     /* Ensure the dasync error handling is set up */
>>
>>
>>
>>     if (!ENGINE_set_id(e, engine_dasync_id)
>>
>>         || !ENGINE_set_name(e, engine_dasync_name)
>>
>>         || !ENGINE_set_RSA(e, dasync_rsa_method)
>>
>>         ) {
>>
>>         return 0;
>>
>>     }
>>
>>     return 1;
>>
>> }
>>
>>
>> static int bind_helper(ENGINE *e, const char *id){
>>
>>     if (!bind_dasync(e)){
>>
>> printf("2_Error: Inside Bind helper\n");
>>
>>         return 0;
>>
>> }
>>
>>     return 1;
>>
>> }
>>
>>
>> IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
>>
>> IMPLEMENT_DYNAMIC_CHECK_FN()
>>
>>
>> =============================================
>>
>>
>>
>>
>>
>> Thanks,
>>
>> Shariful
>>
>>

-- 
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210826/118707b0/attachment-0001.html>


More information about the openssl-users mailing list