[openssl-dev] Errors when loading an OpenSSL RSA Engine

Jeremy Farrell jeremy.farrell at oracle.com
Tue Mar 8 01:49:39 UTC 2016 

If I remember correctly, the RSAX engine was dropped from OpenSSL in 
1.0.2 because equivalent code had been added to the core OpenSSL 
library. It built correctly in 1.0.1.

Regards,
                         jjf

On 07/03/2016 22:47, Blumenthal, Uri - 0553 - MITLL wrote:
> A naïve question.
>
> OpenSSL RSA engine (RSAX) by Intel wants to call function 
> mod/_/exp/_/512() that is defined somewhere else. I checked, and that 
> function is not defined anywhere in the sources of either 
> OpenSSL-1.0.2h-dev, or OpenSSL-1.1.0-pre.
>
> $ clang -shared -o eng_rsax.so eng_rsax.o -L/opt/local/lib -lcrypto
>
> Undefined symbols for architecture x86_64:
>
> "_mod_exp_512", referenced from:
>
>     _e_rsax_bn_mod_exp in eng_rsax.o
>
> ld: symbol(s) not found for architecture x86_64
>
> clang: error: linker command failed with exit code 1 (use -v to see 
> invocation)
>
> $ openssl version
>
> OpenSSL 1.0.2h-dev  xx XXX xxxx
>
> $
>
>
> Does it mean that this method has been deprecated and removed? If so, 
> what functions should be used instead?
>
> Also, this Intel-optimized engine (from 2010) seems to be geared 
> towards RSA-1024, which isn’t considered adequate by now. Does it mean 
> this engine has been deprecated as well, and shouldn’t be used 
> (assuming one can link a valid shared library, resolving that 
> undefined reference)?  Does the current OpenSSL RSA code contains 
> optimizations proposed by that engine?
>
> Thanks!
>
> P.S. My OpenSSL-1.0.2h-dev installation was configured for 
> darwin-x86_64-cc, and seems to function correctly. It also passed all 
> the tests.
> -- 
> Regards,
> Uri Blumenthal
>
> From: openssl-dev <openssl-dev-bounces at openssl.org 
> <mailto:openssl-dev-bounces at openssl.org>> on behalf of Jeremy Farrell 
> <jeremy.farrell at oracle.com <mailto:jeremy.farrell at oracle.com>>
> Organization: Oracle Corporation
> Reply-To: openssl-dev <openssl-dev at openssl.org 
> <mailto:openssl-dev at openssl.org>>
> Date: Monday, March 7, 2016 at 13:25
> To: openssl-dev <openssl-dev at openssl.org <mailto:openssl-dev at openssl.org>>
> Subject: Re: [openssl-dev] Errors when loading an OpenSSL RSA Engine
>
>     On 07/03/2016 17:56, Richard Levitte wrote:
>>     In message<1457369381041-64385.post at n7.nabble.com>  on Mon, 7 Mar 2016 09:49:41 -0700 (MST), danigrosu<dni.grosu at gmail.com>  said:
>>
>>     dni.grosu> I want to build an OpenSSL RSA engine, starting from this existing
>>     dni.grosu> source code file
>>     dni.grosu> which is a faster method implemented by Intel. First of all I want to
>>     dni.grosu> build this code so I'm using these commands:
>>     dni.grosu>
>>     dni.grosu> gcc -fPIC -m64 -o eng_rsax.o -c eng_rsax.c
>>     dni.grosu> gcc -shared -o eng_rsax.so -lcrypto eng_rsax.o
>>
>>     You might want to try this:
>>
>>          gcc -shared -o eng_rsax.so eng_rsax.o -lcrypto
>>
>>     When linking, order is important.
>
>     In the spirit of teaching to fish, this could have been discovered
>     by looking at the makefiles which build the engine. Those aren't
>     always easy to decipher, so an alternative would have been just to
>     build that OpenSSL release and look at all the output lines from
>     the build which mention eng_rsax.
>
>     -- 
>     J. J. Farrell
>
>

-- 
J. J. Farrell
Not speaking for Oracle

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160308/64fbbbcb/attachment-0001.html>

More information about the openssl-dev mailing list