[openssl-dev] Errors when loading an OpenSSL RSA Engine

Jeremy Farrell jeremy.farrell at oracle.com
Tue Mar 8 01:49:39 UTC 2016

If I remember correctly, the RSAX engine was dropped from OpenSSL in 
1.0.2 because equivalent code had been added to the core OpenSSL 
library. It built correctly in 1.0.1.


On 07/03/2016 22:47, Blumenthal, Uri - 0553 - MITLL wrote:
> A naïve question.
> OpenSSL RSA engine (RSAX) by Intel wants to call function 
> mod/_/exp/_/512() that is defined somewhere else. I checked, and that 
> function is not defined anywhere in the sources of either 
> OpenSSL-1.0.2h-dev, or OpenSSL-1.1.0-pre.
> $ clang -shared -o eng_rsax.so eng_rsax.o -L/opt/local/lib -lcrypto
> Undefined symbols for architecture x86_64:
> "_mod_exp_512", referenced from:
>     _e_rsax_bn_mod_exp in eng_rsax.o
> ld: symbol(s) not found for architecture x86_64
> clang: error: linker command failed with exit code 1 (use -v to see 
> invocation)
> $ openssl version
> OpenSSL 1.0.2h-dev  xx XXX xxxx
> $
> Does it mean that this method has been deprecated and removed? If so, 
> what functions should be used instead?
> Also, this Intel-optimized engine (from 2010) seems to be geared 
> towards RSA-1024, which isn’t considered adequate by now. Does it mean 
> this engine has been deprecated as well, and shouldn’t be used 
> (assuming one can link a valid shared library, resolving that 
> undefined reference)?  Does the current OpenSSL RSA code contains 
> optimizations proposed by that engine?
> Thanks!
> P.S. My OpenSSL-1.0.2h-dev installation was configured for 
> darwin-x86_64-cc, and seems to function correctly. It also passed all 
> the tests.
> -- 
> Regards,
> Uri Blumenthal
> From: openssl-dev <openssl-dev-bounces at openssl.org 
> <mailto:openssl-dev-bounces at openssl.org>> on behalf of Jeremy Farrell 
> <jeremy.farrell at oracle.com <mailto:jeremy.farrell at oracle.com>>
> Organization: Oracle Corporation
> Reply-To: openssl-dev <openssl-dev at openssl.org 
> <mailto:openssl-dev at openssl.org>>
> Date: Monday, March 7, 2016 at 13:25
> To: openssl-dev <openssl-dev at openssl.org <mailto:openssl-dev at openssl.org>>
> Subject: Re: [openssl-dev] Errors when loading an OpenSSL RSA Engine
>     On 07/03/2016 17:56, Richard Levitte wrote:
>>     In message<1457369381041-64385.post at n7.nabble.com>  on Mon, 7 Mar 2016 09:49:41 -0700 (MST), danigrosu<dni.grosu at gmail.com>  said:
>>     dni.grosu> I want to build an OpenSSL RSA engine, starting from this existing
>>     dni.grosu> source code file
>>     dni.grosu> which is a faster method implemented by Intel. First of all I want to
>>     dni.grosu> build this code so I'm using these commands:
>>     dni.grosu>
>>     dni.grosu> gcc -fPIC -m64 -o eng_rsax.o -c eng_rsax.c
>>     dni.grosu> gcc -shared -o eng_rsax.so -lcrypto eng_rsax.o
>>     You might want to try this:
>>          gcc -shared -o eng_rsax.so eng_rsax.o -lcrypto
>>     When linking, order is important.
>     In the spirit of teaching to fish, this could have been discovered
>     by looking at the makefiles which build the engine. Those aren't
>     always easy to decipher, so an alternative would have been just to
>     build that OpenSSL release and look at all the output lines from
>     the build which mention eng_rsax.
>     -- 
>     J. J. Farrell

J. J. Farrell
Not speaking for Oracle

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160308/64fbbbcb/attachment-0001.html>

More information about the openssl-dev mailing list