[openssl-dev] Errors when loading an OpenSSL RSA Engine
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Mon Mar 7 22:47:22 UTC 2016
A naïve question.
OpenSSL RSA engine (RSAX) by Intel wants to call function mod_exp_512() that
is defined somewhere else. I checked, and that function is not defined
anywhere in the sources of either OpenSSL-1.0.2h-dev, or OpenSSL-1.1.0-pre.
$ clang -shared -o eng_rsax.so eng_rsax.o -L/opt/local/lib -lcrypto
Undefined symbols for architecture x86_64:
"_mod_exp_512", referenced from:
_e_rsax_bn_mod_exp in eng_rsax.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see
invocation)
$ openssl version
OpenSSL 1.0.2h-dev xx XXX xxxx
$
Does it mean that this method has been deprecated and removed? If so, what
functions should be used instead?
Also, this Intel-optimized engine (from 2010) seems to be geared towards
RSA-1024, which isn’t considered adequate by now. Does it mean this engine
has been deprecated as well, and shouldn’t be used (assuming one can link a
valid shared library, resolving that undefined reference)? Does the current
OpenSSL RSA code contains optimizations proposed by that engine?
Thanks!
P.S. My OpenSSL-1.0.2h-dev installation was configured for darwin-x86_64-cc,
and seems to function correctly. It also passed all the tests.
--
Regards,
Uri Blumenthal
From: openssl-dev <openssl-dev-bounces at openssl.org> on behalf of Jeremy
Farrell <jeremy.farrell at oracle.com>
Organization: Oracle Corporation
Reply-To: openssl-dev <openssl-dev at openssl.org>
Date: Monday, March 7, 2016 at 13:25
To: openssl-dev <openssl-dev at openssl.org>
Subject: Re: [openssl-dev] Errors when loading an OpenSSL RSA Engine
> On 07/03/2016 17:56, Richard Levitte wrote:
>> In message <1457369381041-64385.post at n7.nabble.com>
>> <mailto:1457369381041-64385.post at n7.nabble.com> on Mon, 7 Mar 2016 09:49:41
>> -0700 (MST), danigrosu <dni.grosu at gmail.com> <mailto:dni.grosu at gmail.com>
>> said:
>>
>> dni.grosu> I want to build an OpenSSL RSA engine, starting from this existing
>> dni.grosu> source code file
>> dni.grosu> which is a faster method implemented by Intel. First of all I want
>> to
>> dni.grosu> build this code so I'm using these commands:
>> dni.grosu>
>> dni.grosu> gcc -fPIC -m64 -o eng_rsax.o -c eng_rsax.c
>> dni.grosu> gcc -shared -o eng_rsax.so -lcrypto eng_rsax.o
>>
>> You might want to try this:
>>
>> gcc -shared -o eng_rsax.so eng_rsax.o -lcrypto
>>
>> When linking, order is important.
>
> In the spirit of teaching to fish, this could have been discovered by looking
> at the makefiles which build the engine. Those aren't always easy to decipher,
> so an alternative would have been just to build that OpenSSL release and look
> at all the output lines from the build which mention eng_rsax.
> --
> J. J. Farrell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160307/e453a6b7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4324 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160307/e453a6b7/attachment.bin>
More information about the openssl-dev
mailing list