Quantcast

OpenSSL with Luna SA

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

OpenSSL with Luna SA

Bram Cymet
Hi,

I am attempting to use openssl with the Luna SA HSM. I am getting the
following error:

can't use that engine
140064027543208:error:2606B08C:engine routines:ENGINE_finish:dsa not
implemented:e_lunaca3.c:710:DSO not set
140064027543208:error:260B806D:engine
routines:ENGINE_TABLE_REGISTER:init failed:eng_table.c:174:

Any idea why this would be happening?

Is it that the engine is just not implemented properly?

Thanks,

--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
613-608-9752
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSSL with Luna SA

Bugzilla from mathias.tausig@a-cert.at
On 02/01/2012 12:59 PM, Bram Cymet wrote:

> Hi,
>
> I am attempting to use openssl with the Luna SA HSM. I am getting the
> following error:
>
> can't use that engine
> 140064027543208:error:2606B08C:engine routines:ENGINE_finish:dsa not
> implemented:e_lunaca3.c:710:DSO not set
> 140064027543208:error:260B806D:engine
> routines:ENGINE_TABLE_REGISTER:init failed:eng_table.c:174:
>
> Any idea why this would be happening?
>
> Is it that the engine is just not implemented properly?
>
> Thanks,
>
I found the Luna engine not working out of the box either, because the
engine was not loaded correctly. I had to create a patch to solve this
problem:

diff -rup openssl-fips-1.2.orig//crypto/engine/eng_all.c
openssl-fips-1.2/crypto/engine/eng_all.c
--- openssl-fips-1.2.orig//crypto/engine/eng_all.c      2010-03-19
11:15:00.000000000 +0100
+++ openssl-fips-1.2/crypto/engine/eng_all.c    2010-03-19
11:42:24.000000000 +0100
@@ -72,6 +72,11 @@ void ENGINE_load_builtin_engines(void)
        ENGINE_load_padlock();
 #endif
        ENGINE_load_dynamic();
+
+#ifndef OPENSSL_NO_HW_LUNACA3
+       ENGINE_load_lunaca3();
+#endif
+
 #ifndef OPENSSL_NO_STATIC_ENGINE
 #ifndef OPENSSL_NO_HW
 #ifndef OPENSSL_NO_HW_4758_CCA
@@ -86,9 +91,6 @@ void ENGINE_load_builtin_engines(void)
 #ifndef OPENSSL_NO_HW_CSWIFT
        ENGINE_load_cswift();
 #endif
-#ifndef OPENSSL_NO_HW_LUNACA3
-       ENGINE_load_lunaca3();
-#endif
 #ifndef OPENSSL_NO_HW_NCIPHER
        ENGINE_load_chil();
 #endif

The patch is written for openssl-fips-1.2, as you can see, but I am sure
you can adaptate it for other versions as well.

cheers
Mathias


smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSSL with Luna SA

Bram Cymet
Hi Mathias,

Thanks for the reply. I made the change however it doesn't seem to have
fixed my problem.

I am still getting:

139697024018088:error:2606B08C:engine routines:ENGINE_finish:dsa not
implemented:e_lunaca3.c:710:DSO not set
139697024018088:error:260B806D:engine
routines:ENGINE_TABLE_REGISTER:init failed:eng_table.c:174:


and then

139697024018088:error:0306E06C:bignum routines:BN_mod_inverse:no
inverse:bn_gcd.c:491:
139697024018088:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP
lib:a_sign.c:279:

I even tried removing the #ifndef around the load command and that
didn't seem to fix things either.

May I ask which Luna product we have been able to use the engine with?

Thanks,

Bram


On 12-02-01 7:58 AM, Mathias Tausig wrote:

> On 02/01/2012 12:59 PM, Bram Cymet wrote:
>> Hi,
>>
>> I am attempting to use openssl with the Luna SA HSM. I am getting the
>> following error:
>>
>> can't use that engine
>> 140064027543208:error:2606B08C:engine routines:ENGINE_finish:dsa not
>> implemented:e_lunaca3.c:710:DSO not set
>> 140064027543208:error:260B806D:engine
>> routines:ENGINE_TABLE_REGISTER:init failed:eng_table.c:174:
>>
>> Any idea why this would be happening?
>>
>> Is it that the engine is just not implemented properly?
>>
>> Thanks,
>>
>
> I found the Luna engine not working out of the box either, because the
> engine was not loaded correctly. I had to create a patch to solve this
> problem:
>
> diff -rup openssl-fips-1.2.orig//crypto/engine/eng_all.c
> openssl-fips-1.2/crypto/engine/eng_all.c
> --- openssl-fips-1.2.orig//crypto/engine/eng_all.c      2010-03-19
> 11:15:00.000000000 +0100
> +++ openssl-fips-1.2/crypto/engine/eng_all.c    2010-03-19
> 11:42:24.000000000 +0100
> @@ -72,6 +72,11 @@ void ENGINE_load_builtin_engines(void)
>         ENGINE_load_padlock();
>  #endif
>         ENGINE_load_dynamic();
> +
> +#ifndef OPENSSL_NO_HW_LUNACA3
> +       ENGINE_load_lunaca3();
> +#endif
> +
>  #ifndef OPENSSL_NO_STATIC_ENGINE
>  #ifndef OPENSSL_NO_HW
>  #ifndef OPENSSL_NO_HW_4758_CCA
> @@ -86,9 +91,6 @@ void ENGINE_load_builtin_engines(void)
>  #ifndef OPENSSL_NO_HW_CSWIFT
>         ENGINE_load_cswift();
>  #endif
> -#ifndef OPENSSL_NO_HW_LUNACA3
> -       ENGINE_load_lunaca3();
> -#endif
>  #ifndef OPENSSL_NO_HW_NCIPHER
>         ENGINE_load_chil();
>  #endif
>
> The patch is written for openssl-fips-1.2, as you can see, but I am sure
> you can adaptate it for other versions as well.
>
> cheers
> Mathias
>


--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
613-608-9752
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenSSL with Luna SA

Dr. Stephen Henson
On Wed, Feb 01, 2012, Bram Cymet wrote:

> Hi Mathias,
>
> Thanks for the reply. I made the change however it doesn't seem to have
> fixed my problem.
>
> I am still getting:
>
> 139697024018088:error:2606B08C:engine routines:ENGINE_finish:dsa not
> implemented:e_lunaca3.c:710:DSO not set
> 139697024018088:error:260B806D:engine
> routines:ENGINE_TABLE_REGISTER:init failed:eng_table.c:174:
>
>

I don't have access to that hardware but it looks like some shared library
associated with it can't be loaded.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Loading...