<div dir="ltr"><div dir="ltr">Dear Shariful,<div><br></div><div>You can build your engine when it's feasible. </div><div>You can install it to the engine folder and get rid of dynamic_path, but it's not necessary.<br></div><div><br></div><div><div>I prefer explicitly loading the engine via the config file.</div></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Aug 26, 2021 at 7:56 PM Shariful Alam <<a href="mailto:dipto181@gmail.com">dipto181@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Dear Dmitry,<div>Thank you very much. After moving the above section at the end of the configuration file and add the dynamic path to the shared library like the following,</div><div>==================</div><div>[rsa_section]<br>engine_id = rsa-engine-new<br>dynamic_path = /opt/openssl/lib/engines-1.1/rsa-engine-new.so<br></div><div>==================</div><div><br></div><div>My engine load without any error. Thanks.</div><div>One more question, Do I need to compile and install my engine with Openssl source code in-order for it to work with mod_ssl?</div><div><br></div><div>Regards,</div><div>Shariful Alam </div><div><br></div><div><br></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Aug 26, 2021 at 10:30 AM Dmitry Belyavsky <<a href="mailto:beldmit@gmail.com" target="_blank">beldmit@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">As I suspected, you have the remnants of main openssl config just after your only directive in the [rsa_section]<div><br></div><div>I'd suggest you moving the following lines<br><div><br></div><div>=========</div><div><span style="color:rgb(80,0,80)">[openssl_def]</span><br style="color:rgb(80,0,80)"><span style="color:rgb(80,0,80)">engines = engine_section</span><br style="color:rgb(80,0,80)"><br style="color:rgb(80,0,80)"><span style="color:rgb(80,0,80)">[engine_section]</span><br style="color:rgb(80,0,80)"><span style="color:rgb(80,0,80)">rsa-engine-new = rsa_section</span><br style="color:rgb(80,0,80)"><br style="color:rgb(80,0,80)"><span style="color:rgb(80,0,80)">[rsa_section]</span><br style="color:rgb(80,0,80)"><span style="color:rgb(80,0,80)">engine_id = rsa-engine-new</span><br></div></div><div><span style="color:rgb(80,0,80)">==========</span></div><div><span style="color:rgb(80,0,80)">to the end of your openssl.cnf</span></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Aug 26, 2021 at 6:20 PM Shariful Alam <<a href="mailto:dipto181@gmail.com" target="_blank">dipto181@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Dmitry,<div>Thank you for your response.</div><div><br></div><div>As you have suggested, I have changed my engine name to maintain with the configuration file</div><div><br></div><div>/* Engine Id and Name */<br>static const char *engine_rsa_id = "rsa-engine-new";<br>static const char *engine_rsa_name = "Dummy RSA engine for testing";<br></div><div><br></div><div>Here is my whole <b>openssl.cnf</b> file content</div><div>=============================================================================================================================</div><div><br></div><div>#<br># OpenSSL example configuration file.<br># This is mostly being used for generation of certificate requests.<br>#<br><br># Note that you can include other files from the main configuration<br># file using the .include directive.<br>#.include filename<br><br># This definition stops the following lines choking if HOME isn't<br># defined.<br>HOME = .<br><br>openssl_conf = openssl_def<br><br>[openssl_def]<br>engines = engine_section<br><br>[engine_section]<br>rsa-engine-new = rsa_section<br><br>[rsa_section]<br>engine_id = rsa-engine-new<br><br># Extra OBJECT IDENTIFIER info:<br>#oid_file = $ENV::HOME/.oid<br>oid_section = new_oids<br><br># To use this configuration file with the "-extfile" option of the<br># "openssl x509" utility, name here the section containing the<br># X.509v3 extensions to use:<br># extensions =<br># (Alternatively, use a configuration file that has only<br># X.509v3 extensions in its main [= default] section.)<br><br>[ new_oids ]<br><br># We can add new OIDs in here for use by 'ca', 'req' and 'ts'.<br># Add a simple OID like this:<br># testoid1=1.2.3.4<br># Or use config file substitution like this:<br># testoid2=${testoid1}.5.6<br><br># Policies used by the TSA examples.<br>tsa_policy1 = 1.2.3.4.1<br>tsa_policy2 = 1.2.3.4.5.6<br>tsa_policy3 = 1.2.3.4.5.7<br><br>####################################################################<br>[ ca ]<br>default_ca = CA_default # The default ca section<br><br>####################################################################<br>[ CA_default ]<br><br>dir = ./demoCA # Where everything is kept<br>certs = $dir/certs # Where the issued certs are kept<br>crl_dir = $dir/crl # Where the issued crl are kept<br>database = $dir/index.txt # database index file.<br>#unique_subject = no # Set to 'no' to allow creation of<br> # several certs with same subject.<br>new_certs_dir = $dir/newcerts # default place for new certs.<br><br>certificate = $dir/cacert.pem # The CA certificate<br>serial = $dir/serial # The current serial number<br>crlnumber = $dir/crlnumber # the current crl number<br> # must be commented out to leave a V1 CRL<br>crl = $dir/crl.pem # The current CRL<br>private_key = $dir/private/cakey.pem# The private key<br><br>x509_extensions = usr_cert # The extensions to add to the cert<br><br># Comment out the following two lines for the "traditional"<br># (and highly broken) format.<br>name_opt = ca_default # Subject Name options<br>cert_opt = ca_default # Certificate field options<br><br># Extension copying option: use with caution.<br># copy_extensions = copy<br><br># Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs<br># so this is commented out by default to leave a V1 CRL.<br># crlnumber must also be commented out to leave a V1 CRL.<br># crl_extensions = crl_ext<br><br>default_days = 365 # how long to certify for<br>default_crl_days= 30 # how long before next CRL<br>default_md = default # use public key default MD<br>preserve = no # keep passed DN ordering<br><br># A few difference way of specifying how similar the request should look<br># For type CA, the listed attributes must be the same, and the optional<br># and supplied fields are just that :-)<br>policy = policy_match<br><br># For the CA policy<br>[ policy_match ]<br>countryName = match<br>stateOrProvinceName = optional<br>organizationName = optional<br>organizationalUnitName = optional<br>commonName = supplied<br>emailAddress = optional<br><br># For the 'anything' policy<br># At this point in time, you must list all acceptable 'object'<br># types.<br>[ policy_anything ]<br>countryName = optional<br>stateOrProvinceName = optional<br>localityName = optional<br>organizationName = optional<br>organizationalUnitName = optional<br>commonName = supplied<br>emailAddress = optional<br><br>####################################################################<br>[ req ]<br>default_bits = 2048<br>default_keyfile = privkey.pem<br>distinguished_name = req_distinguished_name<br>attributes = req_attributes<br>x509_extensions = v3_ca # The extensions to add to the self signed cert<br><br># Passwords for private keys if not present they will be prompted for<br># input_password = secret<br># output_password = secret<br><br># This sets a mask for permitted string types. There are several options.<br># default: PrintableString, T61String, BMPString.<br># pkix : PrintableString, BMPString (PKIX recommendation before 2004)<br># utf8only: only UTF8Strings (PKIX recommendation after 2004).<br># nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).<br># MASK:XXXX a literal mask value.<br># WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.<br>string_mask = utf8only<br><br># req_extensions = v3_req # The extensions to add to a certificate request<br><br>[ req_distinguished_name ]<br>countryName = Country Name (2 letter code)<br>countryName_default = AU<br>countryName_min = 2<br>countryName_max = 2<br><br>stateOrProvinceName = State or Province Name (full name)<br>stateOrProvinceName_default = Some-State<br><br>localityName = Locality Name (eg, city)<br><br>0.organizationName = Organization Name (eg, company)<br>0.organizationName_default = Internet Widgits Pty Ltd<br><br># we can do this but it is not needed normally :-)<br>#1.organizationName = Second Organization Name (eg, company)<br>#1.organizationName_default = World Wide Web Pty Ltd<br><br>organizationalUnitName = Organizational Unit Name (eg, section)<br>#organizationalUnitName_default =<br><br>commonName = Common Name (e.g. server FQDN or YOUR name)<br>commonName_max = 64<br><br>emailAddress = Email Address<br>emailAddress_max = 64<br><br># SET-ex3 = SET extension number 3<br><br>[ req_attributes ]<br>challengePassword = A challenge password<br>challengePassword_min = 4<br>challengePassword_max = 20<br><br>unstructuredName = An optional company name<br><br>[ usr_cert ]<br><br># These extensions are added when 'ca' signs a request.<br><br># This goes against PKIX guidelines but some CAs do it and some software<br># requires this to avoid interpreting an end user certificate as a CA.<br><br>basicConstraints=CA:FALSE<br><br># Here are some examples of the usage of nsCertType. If it is omitted<br># the certificate can be used for anything *except* object signing.<br><br># This is OK for an SSL server.<br># nsCertType = server<br><br># For an object signing certificate this would be used.<br># nsCertType = objsign<br><br># For normal client use this is typical<br># nsCertType = client, email<br><br># and for everything including object signing:<br># nsCertType = client, email, objsign<br><br># This is typical in keyUsage for a client certificate.<br># keyUsage = nonRepudiation, digitalSignature, keyEncipherment<br><br># This will be displayed in Netscape's comment listbox.<br>nsComment = "OpenSSL Generated Certificate"<br><br># PKIX recommendations harmless if included in all certificates.<br>subjectKeyIdentifier=hash<br>authorityKeyIdentifier=keyid,issuer<br><br># This stuff is for subjectAltName and issuerAltname.<br># Import the email address.<br># subjectAltName=email:copy<br># An alternative to produce certificates that aren't<br># deprecated according to PKIX.<br># subjectAltName=email:move<br><br># Copy subject details<br># issuerAltName=issuer:copy<br><br>#nsCaRevocationUrl = <a href="http://www.domain.dom/ca-crl.pem" target="_blank">http://www.domain.dom/ca-crl.pem</a><br>#nsBaseUrl<br>#nsRevocationUrl<br>#nsRenewalUrl<br>#nsCaPolicyUrl<br>#nsSslServerName<br><br># This is required for TSA certificates.<br># extendedKeyUsage = critical,timeStamping<br><br>[ v3_req ]<br><br># Extensions to add to a certificate request<br><br>basicConstraints = CA:FALSE<br>keyUsage = nonRepudiation, digitalSignature, keyEncipherment<br><br>[ v3_ca ]<br><br><br># Extensions for a typical CA<br><br><br># PKIX recommendation.<br><br>subjectKeyIdentifier=hash<br><br>authorityKeyIdentifier=keyid:always,issuer<br><br>basicConstraints = critical,CA:true<br><br># Key usage: this is typical for a CA certificate. However since it will<br># prevent it being used as an test self-signed certificate it is best<br># left out by default.<br># keyUsage = cRLSign, keyCertSign<br><br># Some might want this also<br># nsCertType = sslCA, emailCA<br><br># Include email address in subject alt name: another PKIX recommendation<br># subjectAltName=email:copy<br># Copy issuer details<br># issuerAltName=issuer:copy<br><br># DER hex encoding of an extension: beware experts only!<br># obj=DER:02:03<br># Where 'obj' is a standard or added object<br># You can even override a supported extension:<br># basicConstraints= critical, DER:30:03:01:01:FF<br><br>[ crl_ext ]<br><br># CRL extensions.<br># Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.<br><br># issuerAltName=issuer:copy<br>authorityKeyIdentifier=keyid:always<br><br>[ proxy_cert_ext ]<br># These extensions should be added when creating a proxy certificate<br><br># This goes against PKIX guidelines but some CAs do it and some software<br># requires this to avoid interpreting an end user certificate as a CA.<br><br>basicConstraints=CA:FALSE<br><br># Here are some examples of the usage of nsCertType. If it is omitted<br># the certificate can be used for anything *except* object signing.<br><br># This is OK for an SSL server.<br># nsCertType = server<br><br># For an object signing certificate this would be used.<br># nsCertType = objsign<br><br># For normal client use this is typical<br># nsCertType = client, email<br><br># and for everything including object signing:<br># nsCertType = client, email, objsign<br><br># This is typical in keyUsage for a client certificate.<br># keyUsage = nonRepudiation, digitalSignature, keyEncipherment<br><br># This will be displayed in Netscape's comment listbox.<br>nsComment = "OpenSSL Generated Certificate"<br><br># PKIX recommendations harmless if included in all certificates.<br>subjectKeyIdentifier=hash<br>authorityKeyIdentifier=keyid,issuer<br><br># This stuff is for subjectAltName and issuerAltname.<br># Import the email address.<br># subjectAltName=email:copy<br># An alternative to produce certificates that aren't<br># deprecated according to PKIX.<br># subjectAltName=email:move<br><br># Copy subject details<br># issuerAltName=issuer:copy<br><br>#nsCaRevocationUrl = <a href="http://www.domain.dom/ca-crl.pem" target="_blank">http://www.domain.dom/ca-crl.pem</a><br>#nsBaseUrl<br>#nsRevocationUrl<br>#nsRenewalUrl<br>#nsCaPolicyUrl<br>#nsSslServerName<br><br># This really needs to be in place for it to be a proxy certificate.<br>proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo<br><br>####################################################################<br>[ tsa ]<br><br>default_tsa = tsa_config1 # the default TSA section<br><br>[ tsa_config1 ]<br><br># These are used by the TSA reply generation only.<br>dir = ./demoCA # TSA root directory<br>serial = $dir/tsaserial # The current serial number (mandatory)<br>crypto_device = builtin # OpenSSL engine to use for signing<br>signer_cert = $dir/tsacert.pem # The TSA signing certificate<br> # (optional)<br>certs = $dir/cacert.pem # Certificate chain to include in reply<br> # (optional)<br>signer_key = $dir/private/tsakey.pem # The TSA private key (optional)<br>signer_digest = sha256 # Signing digest to use. (Optional)<br>default_policy = tsa_policy1 # Policy if request did not specify it<br> # (optional)<br>other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)<br>digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)<br>accuracy = secs:1, millisecs:500, microsecs:100 # (optional)<br>clock_precision_digits = 0 # number of digits after dot. (optional)<br>ordering = yes # Is ordering defined for timestamps?<br> # (optional, default: no)<br>tsa_name = yes # Must the TSA name be included in the reply?<br> # (optional, default: no)<br>ess_cert_id_chain = no # Must the ESS cert id chain be included?<br> # (optional, default: no)<br>ess_cert_id_alg = sha1 # algorithm to compute certificate<br> # identifier (optional, default: sha1)<br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Aug 26, 2021 at 7:39 AM Dmitry Belyavsky <<a href="mailto:beldmit@gmail.com" target="_blank">beldmit@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Dear Shariful,<div><br></div><div>1. Don't hurry :)</div><div>2. It looks like there are some more configuration options in your openssl.cnf [rsa_section] </div><div>I think they came from the standard configuration. So if I am wrong, please provide the whole file.</div><div>3. I'd recommend you also update the lines</div><div>`</div><div>static const char *engine_dasync_id = "dasync";<br>static const char *engine_dasync_name = "Dummy Async engine support";<br></div><div>`</div><div>To be consistent with your engine name</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Aug 26, 2021 at 3:24 PM Shariful Alam <<a href="mailto:dipto181@gmail.com" target="_blank">dipto181@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">Any help regarding this matter??<div dir="auto"><br></div><div dir="auto">Regards,</div><div dir="auto">Shariful </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Aug 26, 2021, 12:06 AM Shariful Alam <<a href="mailto:dipto181@gmail.com" target="_blank">dipto181@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">Hello,</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">I have a simple rsa engine code (from engines/e_dasync.c). My code compiles. Command "</span><strong style="background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">$openssl engine -t -c</span></strong><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">" shows the following,</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> openssl engine -t -c</span></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">(rdrand) Intel RDRAND engine</span></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> [RAND]</span></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> [ available ]</span></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">(dynamic) Dynamic engine loading support</span></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> [ unavailable ]</span></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">(dasync) Dummy Async engine support</span></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> [RSA]</span></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> [ available ]</span></p></blockquote></blockquote><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">I also modify </span><strong style="background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">openssl.cnf</span></strong><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> configuration as following to load this engine,</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">openssl_conf = openssl_def</span></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">[openssl_def]</span></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">engines = engine_section</span></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">[engine_section]</span></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">rsa-engine-new = rsa_section</span></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">[rsa_section]</span></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">engine_id = rsa-engine-new</span></p></blockquote></blockquote><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">Then when I run the command "$</span><strong style="background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">openssl engine</span></strong><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">", I get the following error,</span></p><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">$openssl engine</span></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">(rdrand) Intel RDRAND engine</span></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">(dynamic) Dynamic engine loading support</span></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">(dasync) Dummy Async engine support</span></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">139633213376256:error:260AB089:engine routines:ENGINE_ctrl_cmd_string:invalid cmd name:crypto/engine/eng_ctrl.c:255:</span></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">139633213376256:error:260BC066:engine routines:int_engine_configure:engine configuration error:crypto/engine/eng_cnf.c:141:section=rsa_section, name=oid_section, value=new_oids</span></p></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">139633213376256:error:0E07606D:configuration file routines:module_run:module initialization error:crypto/conf/conf_mod.c:177:module=engines, value=engine_section, retcode=-1 </span></p></blockquote></blockquote><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">Any help why is this happening? How can I fix this? </span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">My goal is to use my OpenSSL engine with Apache for mod_ssl. Do I have to compile my engine with the OpenSSL source code to do that? </span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">Here is the complete source code of my sample engine,</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">==============================================</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"><br></span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">#include <stdio.h></span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">#include <string.h></span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">#include <openssl/engine.h></span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">#include <openssl/sha.h></span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">#include <openssl/aes.h></span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">#include <openssl/rsa.h></span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">#include <openssl/evp.h></span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">#include <openssl/async.h></span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">#include <openssl/bn.h></span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">#include <openssl/crypto.h></span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">#include <openssl/ssl.h></span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">#include <openssl/modes.h></span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">/* Engine Id and Name */</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">static const char *engine_dasync_id = "dasync";</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">static const char *engine_dasync_name = "Dummy Async engine support";</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">static int dasync_pub_enc(int flen, const unsigned char *from,</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> unsigned char *to, RSA *rsa, int padding) {</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> printf("dasync_pub_enc\n");</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> </span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> return 0;</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">}</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">static int dasync_pub_dec(int flen, const unsigned char *from,</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> unsigned char *to, RSA *rsa, int padding) {</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> printf("dasync_pub_dec\n");</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> </span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> return 0;</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">}</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">static int dasync_rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding){</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> printf("dasync_rsa_priv_enc\n");</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> return 0; </span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">}</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">static int dasync_rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding){</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> printf("dasync_rsa_priv_dec\n");</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> return 0;</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">}</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">static RSA_METHOD *dasync_rsa_method = NULL;</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">static int bind_dasync(ENGINE *e){</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> /* Setup RSA_METHOD */</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) == NULL</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) == 0</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> || RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) == 0</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> ) {</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> return 0;</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> }</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> /* Ensure the dasync error handling is set up */</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> </span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> if (!ENGINE_set_id(e, engine_dasync_id)</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> || !ENGINE_set_name(e, engine_dasync_name)</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> || !ENGINE_set_RSA(e, dasync_rsa_method)</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> ) {</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> return 0;</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> }</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> return 1;</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">}</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">static int bind_helper(ENGINE *e, const char *id){</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> if (!bind_dasync(e)){</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> printf("2_Error: Inside Bind helper\n");</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> return 0;</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> }</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt"> return 1;</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">}</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">IMPLEMENT_DYNAMIC_CHECK_FN()</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt">=============================================</p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">Thanks,</span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">Shariful </span></p><p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"></p></div>
</blockquote></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr">SY, Dmitry Belyavsky</div>
</blockquote></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr">SY, Dmitry Belyavsky</div>
</blockquote></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature">SY, Dmitry Belyavsky</div></div>