[openssl-dev] Errors when loading an OpenSSL RSA Engine
Richard Levitte
levitte at openssl.org
Wed Mar 9 20:55:16 UTC 2016
In message <1457543989853-64500.post at n7.nabble.com> on Wed, 9 Mar 2016 10:19:49 -0700 (MST), danigrosu <dni.grosu at gmail.com> said:
dni.grosu> Richard Levitte - VMS wrote
dni.grosu> > Exactly how did it fail? It's a bit hard to diagnose unless you show
dni.grosu> > us what you were told... I assume there were some error messages?
dni.grosu>
dni.grosu> This is what I get if I use the the git version:
dni.grosu> <http://openssl.6102.n7.nabble.com/file/n64500/19.png>
dni.grosu> ... and if I use the blog code for the e_md5.c file (called md5-engine.c on
dni.grosu> the blog)
dni.grosu> it simply works with the same commands. As I said above, I had to make some
dni.grosu> modifications in order to build the engine using autotools.
and you discovered why on your own:
In message <1457546255766-64501.post at n7.nabble.com> on Wed, 9 Mar 2016 10:57:35 -0700 (MST), danigrosu <dni.grosu at gmail.com> said:
dni.grosu> In git version, if I comment the block
dni.grosu>
dni.grosu> / if (id && strcmp(id, engine_id)) {
dni.grosu> fprintf(stderr, "MD5 engine called with the unexpected id %s\n", id);
dni.grosu> fprintf(stderr, "The expected id is %s\n", engine_id);
dni.grosu> goto end;
dni.grosu> }/
dni.grosu>
dni.grosu> ... then I type
dni.grosu>
dni.grosu> /$ gcc -fPIC -o rfc1321/md5c.o -c rfc1321/md5c.c
dni.grosu> $ gcc -fPIC -o md5-engine.o -c e_md5.c
dni.grosu> $ gcc -shared -o md5-engine.so -lcrypto md5-engine.o rfc1321/md5c.o
dni.grosu>
dni.grosu> $ echo whatever | openssl dgst -engine `pwd`/md5-engine.so -md5
dni.grosu> engine "emd5" set.
dni.grosu> (stdin)= d8d77109f4a24efc3bd53d7cabb7ee35/
dni.grosu>
dni.grosu> ... everithing goes well
Yes.
The check that you commented away isn't strictly necessary, it's very
much a paranoid check. Did you notice how, in the README, the example
call is this?
$ OPENSSL_ENGINES=.libs openssl engine -t -c emd5
The id that the engine's init function receives is exactly what the
openssl app receives as an engine name on the command line, so if you
give it the full path variant (like in my blog), that's what it gets,
and if you do it with the OPENSSL_ENGINES env variable, it will get
the name you gave ("emd5" in the example above).
But yeah, strictly speaking, the id check in the engine's init
function is not necessary.
Cheers,
Richard
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-dev
mailing list