If I remember correctly, the RSAX engine was dropped from OpenSSL in
1.0.2 because equivalent code had been added to the core OpenSSL
library. It built correctly in 1.0.1.
Regards,
jjf
On 07/03/2016 22:47, Blumenthal, Uri - 0553 - MITLL wrote:
A naïve question.
OpenSSL RSA engine (RSAX) by Intel wants to call function
mod/_/exp/_/512() that is defined somewhere else. I checked, and that
function is not defined anywhere in the sources of either
OpenSSL-1.0.2h-dev, or OpenSSL-1.1.0-pre.
$ clang -shared -o eng_rsax.so eng_rsax.o -L/opt/local/lib -lcrypto
Undefined symbols for architecture x86_64:
"_mod_exp_512", referenced from:
_e_rsax_bn_mod_exp in eng_rsax.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see
invocation)
$ openssl version
OpenSSL 1.0.2h-dev xx XXX xxxx
$
Does it mean that this method has been deprecated and removed? If so,
what functions should be used instead?
Also, this Intel-optimized engine (from 2010) seems to be geared
towards RSA-1024, which isn’t considered adequate by now. Does it mean
this engine has been deprecated as well, and shouldn’t be used
(assuming one can link a valid shared library, resolving that
undefined reference)? Does the current OpenSSL RSA code contains
optimizations proposed by that engine?
Thanks!
P.S. My OpenSSL-1.0.2h-dev installation was configured for
darwin-x86_64-cc, and seems to function correctly. It also passed all
the tests.
--
Regards,
Uri Blumenthal
From: openssl-dev <openssl-dev-boun...@openssl.org
<mailto:openssl-dev-boun...@openssl.org>> on behalf of Jeremy Farrell
<jeremy.farr...@oracle.com <mailto:jeremy.farr...@oracle.com>>
Organization: Oracle Corporation
Reply-To: openssl-dev <openssl-dev@openssl.org
<mailto:openssl-dev@openssl.org>>
Date: Monday, March 7, 2016 at 13:25
To: openssl-dev <openssl-dev@openssl.org <mailto:openssl-dev@openssl.org>>
Subject: Re: [openssl-dev] Errors when loading an OpenSSL RSA Engine
On 07/03/2016 17:56, Richard Levitte wrote:
In message<1457369381041-64385.p...@n7.nabble.com> on Mon, 7 Mar 2016 09:49:41
-0700 (MST), danigrosu<dni.gr...@gmail.com> said:
dni.grosu> I want to build an OpenSSL RSA engine, starting from this
existing
dni.grosu> source code file
dni.grosu> which is a faster method implemented by Intel. First of all I
want to
dni.grosu> build this code so I'm using these commands:
dni.grosu>
dni.grosu> gcc -fPIC -m64 -o eng_rsax.o -c eng_rsax.c
dni.grosu> gcc -shared -o eng_rsax.so -lcrypto eng_rsax.o
You might want to try this:
gcc -shared -o eng_rsax.so eng_rsax.o -lcrypto
When linking, order is important.
In the spirit of teaching to fish, this could have been discovered
by looking at the makefiles which build the engine. Those aren't
always easy to decipher, so an alternative would have been just to
build that OpenSSL release and look at all the output lines from
the build which mention eng_rsax.
--
J. J. Farrell
--
J. J. Farrell
Not speaking for Oracle
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
