How to load the right engine?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How to load the right engine?

Blumenthal, Uri - 0553 - MITLL

I’m debugging programmatic access to a (modified) pkcs11 engine. My system has several OpenSSL installations: Apple-provided OpenSSL-0.9.8 (kept as that came with the OS :), Macports-installed OpenSSL-1.0.2l (the main one installed to /opt/local, used by everything Macports builds, and what I use mostly for my software), and a couple of OpenSSL-1.1.x installations mostly used for debugging.

 

Libp11 is installed in /opt/local/lib/engines, and that version is built for/compatible with OpenSSL-1.0.2.

 

There’s an installation of OpenSSL-1.1.0-stable in ~/openssl-1.1. libp11 built for 1.1 is installed in ~/openssl-1.1/lib/engines-1.1 directory. So far so good.

 

The problem I’m having now is – my application appears to be getting the wrong pkcs11 engine (the one for 1.0.2), based on the error message I get on decrypting, which is indicative of the unmodified libp11 version (not the one I’m working with for 1.1).

 

Question: how do I ensure/verify that the right pkcs11 library is loaded?

 

Tail of openssl.cnf:

 

[pkcs11_section]

   engine_id = pkcs11

   dynamic_path = /Users/ur20980/openssl-1.1/lib/engines-1.1/pkcs11.dylib

   MODULE_PATH = /usr/local/lib/yubihsm_pkcs11.dylib

   init = 0

 

 

Thanks!

--

Regards,

Uri Blumenthal


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: How to load the right engine?

Dmitry Belyavsky-3
Hello,

I usually use strace for this purpose.

On Wed, Sep 27, 2017 at 12:53 AM, Blumenthal, Uri - 0553 - MITLL <[hidden email]> wrote:

I’m debugging programmatic access to a (modified) pkcs11 engine. My system has several OpenSSL installations: Apple-provided OpenSSL-0.9.8 (kept as that came with the OS :), Macports-installed OpenSSL-1.0.2l (the main one installed to /opt/local, used by everything Macports builds, and what I use mostly for my software), and a couple of OpenSSL-1.1.x installations mostly used for debugging.

 

Libp11 is installed in /opt/local/lib/engines, and that version is built for/compatible with OpenSSL-1.0.2.

 

There’s an installation of OpenSSL-1.1.0-stable in ~/openssl-1.1. libp11 built for 1.1 is installed in ~/openssl-1.1/lib/engines-1.1 directory. So far so good.

 

The problem I’m having now is – my application appears to be getting the wrong pkcs11 engine (the one for 1.0.2), based on the error message I get on decrypting, which is indicative of the unmodified libp11 version (not the one I’m working with for 1.1).

 

Question: how do I ensure/verify that the right pkcs11 library is loaded?

 

Tail of openssl.cnf:

 

[pkcs11_section]

   engine_id = pkcs11

   dynamic_path = /Users/ur20980/openssl-1.1/lib/engines-1.1/pkcs11.dylib

   MODULE_PATH = /usr/local/lib/yubihsm_pkcs11.dylib

   init = 0

 

 

Thanks!

--

Regards,

Uri Blumenthal


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




--
SY, Dmitry Belyavsky

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users