[openssl-dev] Errors when loading an OpenSSL RSA Engine
jeremy.farrell at oracle.com
Tue Mar 8 01:49:39 UTC 2016
If I remember correctly, the RSAX engine was dropped from OpenSSL in
1.0.2 because equivalent code had been added to the core OpenSSL
library. It built correctly in 1.0.1.
On 07/03/2016 22:47, Blumenthal, Uri - 0553 - MITLL wrote:
> A naïve question.
> OpenSSL RSA engine (RSAX) by Intel wants to call function
> mod/_/exp/_/512() that is defined somewhere else. I checked, and that
> function is not defined anywhere in the sources of either
> OpenSSL-1.0.2h-dev, or OpenSSL-1.1.0-pre.
> $ clang -shared -o eng_rsax.so eng_rsax.o -L/opt/local/lib -lcrypto
> Undefined symbols for architecture x86_64:
> "_mod_exp_512", referenced from:
> _e_rsax_bn_mod_exp in eng_rsax.o
> ld: symbol(s) not found for architecture x86_64
> clang: error: linker command failed with exit code 1 (use -v to see
> $ openssl version
> OpenSSL 1.0.2h-dev xx XXX xxxx
> Does it mean that this method has been deprecated and removed? If so,
> what functions should be used instead?
> Also, this Intel-optimized engine (from 2010) seems to be geared
> towards RSA-1024, which isn’t considered adequate by now. Does it mean
> this engine has been deprecated as well, and shouldn’t be used
> (assuming one can link a valid shared library, resolving that
> undefined reference)? Does the current OpenSSL RSA code contains
> optimizations proposed by that engine?
> P.S. My OpenSSL-1.0.2h-dev installation was configured for
> darwin-x86_64-cc, and seems to function correctly. It also passed all
> the tests.
> Uri Blumenthal
> From: openssl-dev <openssl-dev-bounces at openssl.org
> <mailto:openssl-dev-bounces at openssl.org>> on behalf of Jeremy Farrell
> <jeremy.farrell at oracle.com <mailto:jeremy.farrell at oracle.com>>
> Organization: Oracle Corporation
> Reply-To: openssl-dev <openssl-dev at openssl.org
> <mailto:openssl-dev at openssl.org>>
> Date: Monday, March 7, 2016 at 13:25
> To: openssl-dev <openssl-dev at openssl.org <mailto:openssl-dev at openssl.org>>
> Subject: Re: [openssl-dev] Errors when loading an OpenSSL RSA Engine
> On 07/03/2016 17:56, Richard Levitte wrote:
>> In message<1457369381041-64385.post at n7.nabble.com> on Mon, 7 Mar 2016 09:49:41 -0700 (MST), danigrosu<dni.grosu at gmail.com> said:
>> dni.grosu> I want to build an OpenSSL RSA engine, starting from this existing
>> dni.grosu> source code file
>> dni.grosu> which is a faster method implemented by Intel. First of all I want to
>> dni.grosu> build this code so I'm using these commands:
>> dni.grosu> gcc -fPIC -m64 -o eng_rsax.o -c eng_rsax.c
>> dni.grosu> gcc -shared -o eng_rsax.so -lcrypto eng_rsax.o
>> You might want to try this:
>> gcc -shared -o eng_rsax.so eng_rsax.o -lcrypto
>> When linking, order is important.
> In the spirit of teaching to fish, this could have been discovered
> by looking at the makefiles which build the engine. Those aren't
> always easy to decipher, so an alternative would have been just to
> build that OpenSSL release and look at all the output lines from
> the build which mention eng_rsax.
> J. J. Farrell
J. J. Farrell
Not speaking for Oracle
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-dev