Re: Error with dgst -sign
Hello, right now I am continuing the development of my own PKCS#11 engine to OpenSSL. I had several problems in the past, I had to change if (do_verify) r = EVP_DigestVerifyInit(mctx, pctx, md, e, sigkey); else r = EVP_DigestSignInit(mctx, pctx, md, e, sigkey); for if (do_verify) r = EVP_DigestVerifyInit(mctx, pctx, md, NULL, sigkey); else r = EVP_DigestSignInit(mctx, pctx, md, NULL, sigkey); in the dgst.c file from OpenSSL source code, because if I did not do this change I got the next error: Error setting context 3916:error:260C0065:engine routines:ENGINE_get_pkey_meth:unimplemented public key method:.\crypto\engine\tb_pkmeth.c:127: 3916:error:0609D09C:digital envelope routines:INT_CTX_NEW:unsupported algorithm:.\crypto\evp\pmeth_lib.c:161: error in dgst when I tried to lunch: openssl dgst -sha1 -sign id_of_private_key -keyform engine -out file -engine id-engine file-with-data I have realized that in my bind_helper function I have the next: if (!ENGINE_set_id (e, PKCS11) || !ENGINE_set_destroy_function (e, pkcs11_engine_destroy) || !ENGINE_set_init_function (e, pkcs11_init) || !ENGINE_set_finish_function (e, pkcs11_finish) || !ENGINE_set_ctrl_function (e, pkcs11_engine_ctrl) || !ENGINE_set_cmd_defns (e, pkcs11_cmd_defns) || !ENGINE_set_name (e, Engine PKCS#11) || !ENGINE_set_RSA (e, rsa_method) || !ENGINE_set_default (e, ENGINE_METHOD_RSA) || !ENGINE_set_load_privkey_function (e, pkcs11_load_private_key) || !ENGINE_set_load_pubkey_function (e, pkcs11_load_public_key) || !ENGINE_set_RAND(e, aleatorios) || !ENGINE_set_ciphers (e, engine_ciphers) || !ENGINE_register_ciphers (e) || !ENGINE_set_digests (e, engine_digests)) { return 0; } But I do not have a call to ENGINE_set_pkey_meths, may it be the cause of my problem?. These function receives: (ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f) where f can be: static int gost_pkey_meths (ENGINE *e, EVP_PKEY_METHOD **pmeth, const int **nids, int nid) but it is undocumented and I do not know how to work with that. My aim is to carry out sign and verify with no changes in original OpenSSL source code. Thanks for your help. Kindest regard. El 30 de junio de 2010 10:34, Nacho Álvarez nasin...@gmail.com escribió: I'm sorry very very much, I downloaded 1.0.0 instead of 1.0.0a. In last version I did the changes, compiled and ran OK. thank you very much for your help. 2010/6/29 Dr. Stephen Henson st...@openssl.org On Tue, Jun 29, 2010, Nacho lvarez wrote: Ok, with option disable-capieng (I didn't know it) OpenSSL compiles... but I changed e for NULL in those calls (EVP_Digest... in dgst.c file) and the same error occurs: Error setting context 295228:error:260C0065:engine routines:ENGINE_get_pkey_meth:unimplemented public key method:tb_pkmeth.c:127: 295228:error:0609D09C:digital envelope routines:INT_CTX_NEW:unsupported algorithm:pmeth_lib.c:161: error in dgst Hmm... that works for me. Check you aren't using the old version of openssl with: openssl version -a Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Problem with rsa_keygen
I have the engine in a dynamic library and there's not relevant part of the code. If I overwrite rsa_keygen function and if I do something or nothing but return 1 I get segmentation fault but it's not my function, my function ends ok and invokes the return instruction. The example code I wrote is an example that makes OpenSSL ends with segmentation fault. I don't know how to get gdb output from a dynamic library or OpenSSL. 2010/9/23 Christian Hohnstaedt christ...@hohnstaedt.de On Thu, Sep 23, 2010 at 10:08:40AM +0200, Nacho ?lvarez wrote: That's not the problem, I think, because if the only instruction of the function is: int rsa_keygen (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) { return 1; } I get the segmentation fault when the rsa_keygen ends. But if I return 0 or -1 (errors) OpenSSL reports me error in genrsa and call ends ok (no segmentation fault or something like that). What about posting the relevant part of the code? And the gdb output. It would help a lot. Cheers Christian 2010/9/22 Christian Hohnstaedt christ...@hohnstaedt.de On Wed, Sep 22, 2010 at 03:41:30PM +0200, Nacho ?lvarez wrote: Hello everybody Several months ago I developed an OpenSSL PKCS#11 engine for Windows XP and it worked ok (it was compiled with MinGW). Now I'm trying to compile it on Linux (Debian 5 with GCC 4.3.1) but I have the next problem: In the overwritten function *rsa_keygen* (whose signature is *int rsa_keygen (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)*) always when the function ends (after the return instrucction) System reports me *Segmentation Fault*. You overwrote you return address on the stack most probably by accessing a locally declared array out of bounds. Cheers Christian __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Problem with rsa_keygen
I think I know what's the problem. If you return 1 in rsa_keygen, OpenSSL expects a correct RSA key. I find out muy PKCKS#11 device don't work ok and the keys was wrong so OpenSSL didn't recive a correct RSA key and when I returned 1 withouh generate an RSA key was the same problem, OpenSSL hadn't a RSA key. El 24 de septiembre de 2010 10:31, Nacho Álvarez nasin...@gmail.comescribió: I have the engine in a dynamic library and there's not relevant part of the code. If I overwrite rsa_keygen function and if I do something or nothing but return 1 I get segmentation fault but it's not my function, my function ends ok and invokes the return instruction. The example code I wrote is an example that makes OpenSSL ends with segmentation fault. I don't know how to get gdb output from a dynamic library or OpenSSL. 2010/9/23 Christian Hohnstaedt christ...@hohnstaedt.de On Thu, Sep 23, 2010 at 10:08:40AM +0200, Nacho ?lvarez wrote: That's not the problem, I think, because if the only instruction of the function is: int rsa_keygen (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) { return 1; } I get the segmentation fault when the rsa_keygen ends. But if I return 0 or -1 (errors) OpenSSL reports me error in genrsa and call ends ok (no segmentation fault or something like that). What about posting the relevant part of the code? And the gdb output. It would help a lot. Cheers Christian 2010/9/22 Christian Hohnstaedt christ...@hohnstaedt.de On Wed, Sep 22, 2010 at 03:41:30PM +0200, Nacho ?lvarez wrote: Hello everybody Several months ago I developed an OpenSSL PKCS#11 engine for Windows XP and it worked ok (it was compiled with MinGW). Now I'm trying to compile it on Linux (Debian 5 with GCC 4.3.1) but I have the next problem: In the overwritten function *rsa_keygen* (whose signature is *int rsa_keygen (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)*) always when the function ends (after the return instrucction) System reports me *Segmentation Fault*. You overwrote you return address on the stack most probably by accessing a locally declared array out of bounds. Cheers Christian __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Problem with rsa_keygen
That's not the problem, I think, because if the only instruction of the function is: int rsa_keygen (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) { return 1; } I get the segmentation fault when the rsa_keygen ends. But if I return 0 or -1 (errors) OpenSSL reports me error in genrsa and call ends ok (no segmentation fault or something like that). 2010/9/22 Christian Hohnstaedt christ...@hohnstaedt.de On Wed, Sep 22, 2010 at 03:41:30PM +0200, Nacho ?lvarez wrote: Hello everybody Several months ago I developed an OpenSSL PKCS#11 engine for Windows XP and it worked ok (it was compiled with MinGW). Now I'm trying to compile it on Linux (Debian 5 with GCC 4.3.1) but I have the next problem: In the overwritten function *rsa_keygen* (whose signature is *int rsa_keygen (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)*) always when the function ends (after the return instrucction) System reports me *Segmentation Fault*. You overwrote you return address on the stack most probably by accessing a locally declared array out of bounds. Cheers Christian __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Problem with rsa_keygen
Hello everybody Several months ago I developed an OpenSSL PKCS#11 engine for Windows XP and it worked ok (it was compiled with MinGW). Now I'm trying to compile it on Linux (Debian 5 with GCC 4.3.1) but I have the next problem: In the overwritten function *rsa_keygen* (whose signature is *int rsa_keygen (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)*) always when the function ends (after the return instrucction) System reports me *Segmentation Fault*. What I do is: 1. I generate the RSA key with PKCS#11. 2. I get the public part of the key from the device. 3. I store this information in the *rsa* variable (I don't do memory allocation or *RSA_new ()* invoke, I supose rsa variable is initialized). If I do memory allocation or I invoke *RSA_new ()* I get the same error. 4. Finally I return 1 if the process ends ok and -1 in case of error (PKCS#11 error). And when the function ends I get Segmentation fault and I don't know why. The OpenSSL version is 1.0.0a (I compiled it from source code). Thanks.
Problems with cipher in engine
Hello everybody, I am having got several problems with ciphers in my engine. 1st: Key, who I recive in the key argument from init function (from evp_cipher_st), is different to the key I write in the command line (Is the key cooked?). 2nd: In the init function (from evp_cipher_st) the key I recived always is diferent althought I write the same password in the command line. 3rd: The function do_cipher (also from evp_cipher_st) is called two times. Is it correct?. First call recive in inl (message length), the number of bytes I want to cipher and the second recive always 8. I am using DES algorithm with ecb (NID_des_ecb). Thanks.
Re: Error with dgst -sign
I'm sorry very very much, I downloaded 1.0.0 instead of 1.0.0a. In last version I did the changes, compiled and ran OK. thank you very much for your help. 2010/6/29 Dr. Stephen Henson st...@openssl.org On Tue, Jun 29, 2010, Nacho lvarez wrote: Ok, with option disable-capieng (I didn't know it) OpenSSL compiles... but I changed e for NULL in those calls (EVP_Digest... in dgst.c file) and the same error occurs: Error setting context 295228:error:260C0065:engine routines:ENGINE_get_pkey_meth:unimplemented public key method:tb_pkmeth.c:127: 295228:error:0609D09C:digital envelope routines:INT_CTX_NEW:unsupported algorithm:pmeth_lib.c:161: error in dgst Hmm... that works for me. Check you aren't using the old version of openssl with: openssl version -a Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Error with dgst -sign
Hi again, Do you say me who change if (do_verify) r = EVP_DigestVerifyInit(mctx, pctx, md, e, sigkey); else r = EVP_DigestSignInit(mctx, pctx, md, e, sigkey); for if (do_verify) r = EVP_DigestVerifyInit(mctx, pctx, md, NULL, sigkey); else r = EVP_DigestSignInit(mctx, pctx, md, NULL, sigkey); in the dgst.c file? I tryed it but unfortunatly I could not compile. I downloaded the source code (1.0.0a) and I tryed to compiled OpenSSL with Mingw, Msys and Active Perl. 1st:perl Configure minwg shared. This ends ok, (Configured for mingw). 2nd: make. This make a lot of things, but at the end: Creating library file: libcrypto.dll.a libcrypto.a(c_enc.o):c_enc.c:(.text+0x0): multiple definition of `_CAST_encrypt' libcrypto.a(cast-586.o):cast-586.s:(.text+0x0): first defined here libcrypto.a(c_enc.o):c_enc.c:(.text+0x420): multiple definition of `_CAST_decrypt' libcrypto.a(cast-586.o):cast-586.s:(.text+0x4b0): first defined here libcrypto.a(c_enc.o):c_enc.c:(.text+0x840): multiple definition of `_CAST_cbc_encrypt' libcrypto.a(cast-586.o):cast-586.s:(.text+0x950): first defined here collect2: ld returned 1 exit status make[4]: *** [link_a.cygwin] Error 1 make[4]: Leaving directory `/c/openssl-1.0.0a' make[3]: *** [do_cygwin-shared] Error 2 make[3]: Leaving directory `/c/openssl-1.0.0a' make[2]: *** [libcrypto.dll.a] Error 2 make[2]: Leaving directory `/c/openssl-1.0.0a' make[1]: *** [shared] Error 2 make[1]: Leaving directory `/c/openssl-1.0.0a/crypto' make: *** [build_crypto] Error 1 3rd: make install. The same (it ends with erros, obviously) e_capi.c: In function `capi_get_pkey': e_capi.c:671: error: `DSSPUBKEY' undeclared (first use in this function) e_capi.c:671: error: (Each undeclared identifier is reported only once e_capi.c:671: error: for each function it appears in.) e_capi.c:671: error: `dp' undeclared (first use in this function) e_capi.c:674: error: syntax error before ')' token e_capi.c:718: warning: long unsigned int format, ALG_ID arg (arg 4) e_capi.c: In function `capi_rsa_sign': e_capi.c:818: warning: long unsigned int format, int arg (arg 4) e_capi.c: In function `capi_rsa_priv_dec': e_capi.c:912: warning: passing arg 6 of `CryptDecrypt' from incompatible pointer type e_capi.c: In function `capi_get_provname': e_capi.c:1090: warning: implicit declaration of function `CryptEnumProvidersA' e_capi.c: In function `capi_list_providers': e_capi.c:1129: warning: int format, DWORD arg (arg 3) e_capi.c:1129: warning: int format, DWORD arg (arg 5) e_capi.c: In function `capi_list_containers': e_capi.c:1188: warning: int format, DWORD arg (arg 3) e_capi.c: In function `capi_dump_prov_info': e_capi.c:1239: warning: int format, DWORD arg (arg 4) e_capi.c:1240: warning: int format, DWORD arg (arg 4) e_capi.c: In function `capi_dump_cert': e_capi.c:1290: warning: passing arg 2 of `d2i_X509' from incompatible pointer type e_capi.c: In function `capi_open_store': e_capi.c:1328: error: `CERT_STORE_PROV_SYSTEM_A' undeclared (first use in this function) e_capi.c: In function `capi_list_certs': e_capi.c:1369: warning: unused variable `fname' e_capi.c: In function `capi_ctx_new': e_capi.c:1529: error: `CERT_STORE_READONLY_FLAG' undeclared (first use in this function) e_capi.c: In function `capi_load_ssl_client_cert': e_capi.c:1633: warning: passing arg 2 of `d2i_X509' from incompatible pointer type make[1]: *** [e_capi.o] Error 1 make[1]: Leaving directory `/c/openssl-1.0.0a/engines' make: *** [build_engines] Error 1 2010/6/28 Dr. Stephen Henson st...@openssl.org On Mon, Jun 28, 2010, Nacho lvarez wrote: It's a custom engine. load privkey is the pointer to function used as argument in the call: ENGINE_set_load_privkey_function (e, load_private_key); This function is called when OpenSSL try to get the command line key argument. In that function I assign the RSA private key (get it from hardware, only modulus and public exponent) to the EVP with: EVP_PKEY_assign_RSA (pk, rsa); where pk is EVP_PKEY *pk; and rsa is RSA *rsa; Everything goes well until the load_private_key function ends and returns the EVP_PKEY. When that call ends, OpenSSL throws the error I said before. Hmm that's a bug. In apps/dgst.c there are calls to EVP_DigestVerifyInit() and EVP_DigestSignInit(). Try changing the e parameter to NULL in both cases. I've checked this against the CryptoAPI ENGINE and it seems to work OK now. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Error with dgst -sign
Ok, with option disable-capieng (I didn't know it) OpenSSL compiles... but I changed e for NULL in those calls (EVP_Digest... in dgst.c file) and the same error occurs: Error setting context 295228:error:260C0065:engine routines:ENGINE_get_pkey_meth:unimplemented public key method:tb_pkmeth.c:127: 295228:error:0609D09C:digital envelope routines:INT_CTX_NEW:unsupported algorithm:pmeth_lib.c:161: error in dgst 2010/6/29 Dr. Stephen Henson st...@openssl.org On Tue, Jun 29, 2010, Nacho lvarez wrote: Hi again, Do you say me who change if (do_verify) r = EVP_DigestVerifyInit(mctx, pctx, md, e, sigkey); else r = EVP_DigestSignInit(mctx, pctx, md, e, sigkey); for if (do_verify) r = EVP_DigestVerifyInit(mctx, pctx, md, NULL, sigkey); else r = EVP_DigestSignInit(mctx, pctx, md, NULL, sigkey); in the dgst.c file? I tryed it but unfortunatly I could not compile. I downloaded the source code (1.0.0a) and I tryed to compiled OpenSSL with Mingw, Msys and Active Perl. 1st:perl Configure minwg shared. This ends ok, (Configured for mingw). 2nd: make. This make a lot of things, but at the end: Creating library file: libcrypto.dll.a libcrypto.a(c_enc.o):c_enc.c:(.text+0x0): multiple definition of `_CAST_encrypt' libcrypto.a(cast-586.o):cast-586.s:(.text+0x0): first defined here libcrypto.a(c_enc.o):c_enc.c:(.text+0x420): multiple definition of `_CAST_decrypt' libcrypto.a(cast-586.o):cast-586.s:(.text+0x4b0): first defined here libcrypto.a(c_enc.o):c_enc.c:(.text+0x840): multiple definition of `_CAST_cbc_encrypt' libcrypto.a(cast-586.o):cast-586.s:(.text+0x950): first defined here collect2: ld returned 1 exit status make[4]: *** [link_a.cygwin] Error 1 make[4]: Leaving directory `/c/openssl-1.0.0a' make[3]: *** [do_cygwin-shared] Error 2 make[3]: Leaving directory `/c/openssl-1.0.0a' make[2]: *** [libcrypto.dll.a] Error 2 make[2]: Leaving directory `/c/openssl-1.0.0a' make[1]: *** [shared] Error 2 make[1]: Leaving directory `/c/openssl-1.0.0a/crypto' make: *** [build_crypto] Error 1 3rd: make install. The same (it ends with erros, obviously) e_capi.c: In function `capi_get_pkey': e_capi.c:671: error: `DSSPUBKEY' undeclared (first use in this function) e_capi.c:671: error: (Each undeclared identifier is reported only once e_capi.c:671: error: for each function it appears in.) e_capi.c:671: error: `dp' undeclared (first use in this function) e_capi.c:674: error: syntax error before ')' token e_capi.c:718: warning: long unsigned int format, ALG_ID arg (arg 4) e_capi.c: In function `capi_rsa_sign': e_capi.c:818: warning: long unsigned int format, int arg (arg 4) e_capi.c: In function `capi_rsa_priv_dec': e_capi.c:912: warning: passing arg 6 of `CryptDecrypt' from incompatible pointer type e_capi.c: In function `capi_get_provname': e_capi.c:1090: warning: implicit declaration of function `CryptEnumProvidersA' e_capi.c: In function `capi_list_providers': e_capi.c:1129: warning: int format, DWORD arg (arg 3) e_capi.c:1129: warning: int format, DWORD arg (arg 5) e_capi.c: In function `capi_list_containers': e_capi.c:1188: warning: int format, DWORD arg (arg 3) e_capi.c: In function `capi_dump_prov_info': e_capi.c:1239: warning: int format, DWORD arg (arg 4) e_capi.c:1240: warning: int format, DWORD arg (arg 4) e_capi.c: In function `capi_dump_cert': e_capi.c:1290: warning: passing arg 2 of `d2i_X509' from incompatible pointer type e_capi.c: In function `capi_open_store': e_capi.c:1328: error: `CERT_STORE_PROV_SYSTEM_A' undeclared (first use in this function) e_capi.c: In function `capi_list_certs': e_capi.c:1369: warning: unused variable `fname' e_capi.c: In function `capi_ctx_new': e_capi.c:1529: error: `CERT_STORE_READONLY_FLAG' undeclared (first use in this function) e_capi.c: In function `capi_load_ssl_client_cert': e_capi.c:1633: warning: passing arg 2 of `d2i_X509' from incompatible pointer type make[1]: *** [e_capi.o] Error 1 make[1]: Leaving directory `/c/openssl-1.0.0a/engines' make: *** [build_engines] Error 1 Try including disable-capieng on the command line to config. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Error with dgst -sign
I think I wrote this mail in a wrong way so I post it again: Hello, when I run: openssl dgst -sha1 -sign id_of_private_key -keyform engine -out file -engine id-engine file-with-data In OpenSSL 0.9.8 when the load privkey function ends, OpenSSL is waiting and do nothing (doesn't invoke rsa_sign), it doesn't do anything more. In openSSL 1.0.0a when the load privkey function ends, OpenSSL throws the next error: Error setting context 3916:error:260C0065:engine routines:ENGINE_get_pkey_meth:unimplemented public key method:.\crypto\engine\tb_pkmeth.c:127: 3916:error:0609D09C:digital envelope routines:INT_CTX_NEW:unsupported algorithm:.\crypto\evp\pmeth_lib.c:161: error in dgst Do I have to do something further define rsa sign function and link it in the RSA_METHOD?. Thanks again.
Re: Error with dgst -sign
It's a custom engine. load privkey is the pointer to function used as argument in the call: ENGINE_set_load_privkey_function (e, load_private_key); This function is called when OpenSSL try to get the command line key argument. In that function I assign the RSA private key (get it from hardware, only modulus and public exponent) to the EVP with: EVP_PKEY_assign_RSA (pk, rsa); where pk is EVP_PKEY *pk; and rsa is RSA *rsa; Everything goes well until the load_private_key function ends and returns the EVP_PKEY. When that call ends, OpenSSL throws the error I said before. 2010/6/28 Dr. Stephen Henson st...@openssl.org On Mon, Jun 28, 2010, Nacho lvarez wrote: I think I wrote this mail in a wrong way so I post it again: Hello, when I run: openssl dgst -sha1 -sign id_of_private_key -keyform engine -out file -engine id-engine file-with-data In OpenSSL 0.9.8 when the load privkey function ends, OpenSSL is waiting and do nothing (doesn't invoke rsa_sign), it doesn't do anything more. In openSSL 1.0.0a when the load privkey function ends, OpenSSL throws the next error: Error setting context 3916:error:260C0065:engine routines:ENGINE_get_pkey_meth:unimplemented public key method:.\crypto\engine\tb_pkmeth.c:127: 3916:error:0609D09C:digital envelope routines:INT_CTX_NEW:unsupported algorithm:.\crypto\evp\pmeth_lib.c:161: error in dgst Do I have to do something further define rsa sign function and link it in the RSA_METHOD?. Thanks again. Is this a custom ENGINE or a standard one? Which load privkey function do you mean? The one in the ENGINE? Are you assigning the key to an EVP_PKEY correctly? You *must* use EVP_PKEY_assign_RSA() or similar in 1.0.0 as other structures get initialised at the same time. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Error engine using rsautl
Hello, I am building a PKCS#11 engine to an HSM. When I run: openssl rsautl -sign -inkey id-of-private-key -keyform engine -in file-data -out file-sign -engine My-engine-id The engine executes the rsa_priv_enc function (I thought the engine would execute rsa_sign, but this is not the problem). The problem is when the rsa_priv_enc ends, OpenSSL always throws and exception (I am using OpenSSL in Windows). In the rsa_priv_enc I read data from from (flen bytes) I wirte the result in to and return 1. Where is the problem? What would I do to avoid it?. Thanks.
I don't know to make an Engine to use within OpenSSL application
Hello I know how to do an engine implementation that overwrite OpenSLL functionality (like RSA sign and verify, ...) but I want to do an implementation (dll) can be called from OpenSSL (through OpenSSl config file). How do I build this dll for OpenSSL? I don't know the structure of these DLLs. Thanks.