[openssl-dev] Errors when loading an OpenSSL RSA Engine

Richard Levitte levitte at openssl.org
Wed Mar 9 20:55:16 UTC 2016 

In message <1457543989853-64500.post at n7.nabble.com> on Wed, 9 Mar 2016 10:19:49 -0700 (MST), danigrosu <dni.grosu at gmail.com> said:

dni.grosu> Richard Levitte - VMS wrote
dni.grosu> > Exactly how did it fail?  It's a bit hard to diagnose unless you show 
dni.grosu> > us what you were told...  I assume there were some error messages? 
dni.grosu> 
dni.grosu> This is what I get if I use the the git version:
dni.grosu> <http://openssl.6102.n7.nabble.com/file/n64500/19.png> 
dni.grosu> ... and if I use the blog code for the e_md5.c file (called md5-engine.c on
dni.grosu> the blog) 
dni.grosu> it simply works with the same commands. As I said above, I had to make some 
dni.grosu> modifications in order to build the engine using autotools.

and you discovered why on your own:

In message <1457546255766-64501.post at n7.nabble.com> on Wed, 9 Mar 2016 10:57:35 -0700 (MST), danigrosu <dni.grosu at gmail.com> said:

dni.grosu> In git version, if I comment the block
dni.grosu> 
dni.grosu> / if (id && strcmp(id, engine_id)) {
dni.grosu>     fprintf(stderr, "MD5 engine called with the unexpected id %s\n", id);
dni.grosu>     fprintf(stderr, "The expected id is %s\n", engine_id);
dni.grosu>     goto end;
dni.grosu>   }/
dni.grosu> 
dni.grosu> ... then I type
dni.grosu> 
dni.grosu> /$ gcc -fPIC -o rfc1321/md5c.o -c rfc1321/md5c.c 
dni.grosu> $ gcc -fPIC -o md5-engine.o -c e_md5.c 
dni.grosu> $ gcc -shared -o md5-engine.so -lcrypto md5-engine.o rfc1321/md5c.o
dni.grosu> 
dni.grosu> $ echo whatever | openssl dgst -engine `pwd`/md5-engine.so -md5
dni.grosu> engine "emd5" set.
dni.grosu> (stdin)= d8d77109f4a24efc3bd53d7cabb7ee35/
dni.grosu> 
dni.grosu> ... everithing goes well

Yes.

The check that you commented away isn't strictly necessary, it's very
much a paranoid check.  Did you notice how, in the README, the example
call is this?

    $ OPENSSL_ENGINES=.libs openssl engine -t -c emd5

The id that the engine's init function receives is exactly what the
openssl app receives as an engine name on the command line, so if you
give it the full path variant (like in my blog), that's what it gets,
and if you do it with the OPENSSL_ENGINES env variable, it will get
the name you gave ("emd5" in the example above).

But yeah, strictly speaking, the id check in the engine's init
function is not necessary.

Cheers,
Richard

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-dev mailing list