[openssl-dev] Errors when loading an OpenSSL RSA Engine

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Mon Mar 7 22:47:22 UTC 2016

A naïve question.

OpenSSL RSA engine (RSAX) by Intel wants to call function mod_exp_512() that
is defined somewhere else. I checked, and that function is not defined
anywhere in the sources of either OpenSSL-1.0.2h-dev, or OpenSSL-1.1.0-pre.
$ clang -shared -o eng_rsax.so eng_rsax.o -L/opt/local/lib -lcrypto

Undefined symbols for architecture x86_64:

  "_mod_exp_512", referenced from:

      _e_rsax_bn_mod_exp in eng_rsax.o

ld: symbol(s) not found for architecture x86_64

clang: error: linker command failed with exit code 1 (use -v to see

$ openssl version

OpenSSL 1.0.2h-dev  xx XXX xxxx


Does it mean that this method has been deprecated and removed? If so, what
functions should be used instead?

Also, this Intel-optimized engine (from 2010) seems to be geared towards
RSA-1024, which isn’t considered adequate by now. Does it mean this engine
has been deprecated as well, and shouldn’t be used (assuming one can link a
valid shared library, resolving that undefined reference)?  Does the current
OpenSSL RSA code contains optimizations proposed by that engine?


P.S. My OpenSSL-1.0.2h-dev installation was configured for darwin-x86_64-cc,
and seems to function correctly. It also passed all the tests.
Uri Blumenthal

From:  openssl-dev <openssl-dev-bounces at openssl.org> on behalf of Jeremy
Farrell <jeremy.farrell at oracle.com>
Organization:  Oracle Corporation
Reply-To:  openssl-dev <openssl-dev at openssl.org>
Date:  Monday, March 7, 2016 at 13:25
To:  openssl-dev <openssl-dev at openssl.org>
Subject:  Re: [openssl-dev] Errors when loading an OpenSSL RSA Engine

> On 07/03/2016 17:56, Richard Levitte wrote:
>> In message <1457369381041-64385.post at n7.nabble.com>
>> <mailto:1457369381041-64385.post at n7.nabble.com>  on Mon, 7 Mar 2016 09:49:41
>> -0700 (MST), danigrosu <dni.grosu at gmail.com> <mailto:dni.grosu at gmail.com>
>> said:
>> dni.grosu> I want to build an OpenSSL RSA engine, starting from this existing
>> dni.grosu> source code file
>> dni.grosu> which is a faster method implemented by Intel. First of all I want
>> to
>> dni.grosu> build this code so I'm using these commands:
>> dni.grosu> 
>> dni.grosu> gcc -fPIC -m64 -o eng_rsax.o -c eng_rsax.c
>> dni.grosu> gcc -shared -o eng_rsax.so -lcrypto eng_rsax.o
>> You might want to try this:
>>     gcc -shared -o eng_rsax.so eng_rsax.o -lcrypto
>> When linking, order is important.
> In the spirit of teaching to fish, this could have been discovered by looking
> at the makefiles which build the engine. Those aren't always easy to decipher,
> so an alternative would have been just to build that OpenSSL release and look
> at all the output lines from the build which mention eng_rsax.
> -- 
> J. J. Farrell

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160307/e453a6b7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4324 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160307/e453a6b7/attachment.bin>

More information about the openssl-dev mailing list