Writing an ENGINE for OpenSSL-1.1.1 and 3.0

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Writing an ENGINE for OpenSSL-1.1.1 and 3.0

Blumenthal, Uri - 0553 - MITLL

In preparation for writing a new engine that supports message digest and asymmetric crypto (sign and decrypt), I am trying to port the existing simple/demo engines from the Engine Corner examples (thanks, Richard!).

 

The fork of https://github.com/engine-corner/Lesson-2-A-digest.git that compiles and runs correctly (apparently) on OpenSSL-1.1.1 is https://github.com/mouse07410/Lesson-2-A-digest.git .

 

But no matter what, I was unable to make either of these two repos to run successfully with OpenSSL-3.0 (master), even though the latter repo at least seems to compile correctly, and answers “Available”. Here’s what I’m getting (for both versions I built the sample “emd5”engine and copied to the appropriate subdir of the lib/;  “openssl3” is an alias that points OPENSSL_CONF at the correct file, and invokes the correct OpenSSL-3.0 “openssl” binary, as it’s not on the main path):

 

$ penssl version

OpenSSL 1.1.1d  10 Sep 2019

$ openssl engine -t -c emd5

(emd5) A simple md5 engine for demonstration purposes

 [MD5]

     [ available ]

$ echo "shoot" | openssl dgst -md5 -engine emd5

engine "emd5" set.

(stdin)= 61a08703a6a4c774cad650afaedd9c10

$ echo "shoot" | openssl dgst -md5

(stdin)= 61a08703a6a4c774cad650afaedd9c10

$ 

$ openssl3 version

OpenSSL 3.0.0-dev xx XXX xxxx (Library: OpenSSL 3.0.0-dev xx XXX xxxx)

$ openssl3 engine -t -vv -c emd5

(emd5) A simple md5 engine for demonstration purposes

 [MD5]

     [ available ]

$ echo "shoot" | openssl3 dgst -md5

MD5(stdin)= 61a08703a6a4c774cad650afaedd9c10

$ echo "shoot" | openssl3 dgst -md5 -engine emd5

engine "emd5" set.

Error setting digest

C0:05:98:0C:01:00:00:00:error:digital envelope routines:EVP_DigestInit_ex:initialization error:crypto/evp/digest.c:224:

$

 

 

Something must be missing from the configuration/setup – but what…? Help would be greatly appreciated!

 

Thanks!

Regards,

Uri

 

Reply | Threaded
Open this post in threaded view
|

Re: Writing an ENGINE for OpenSSL-1.1.1 and 3.0

Richard Levitte - VMS Whacker-2
When you say you put it in "the appropriate of the lib/", what
directory is that exactly?  Does it correspond to the output of
"openssl3 version -e"?

On Sun, 01 Dec 2019 00:58:00 +0100,
Blumenthal, Uri - 0553 - MITLL wrote:

>
>
> In preparation for writing a new engine that supports message digest and asymmetric crypto (sign
> and decrypt), I am trying to port the existing simple/demo engines from the Engine Corner examples
> (thanks, Richard!).
>
> The fork of https://github.com/engine-corner/Lesson-2-A-digest.git that compiles and runs
> correctly (apparently) on OpenSSL-1.1.1 is https://github.com/mouse07410/Lesson-2-A-digest.git .
>
> But no matter what, I was unable to make either of these two repos to run successfully with
> OpenSSL-3.0 (master), even though the latter repo at least seems to compile correctly, and answers
> “Available”. Here’s what I’m getting (for both versions I built the sample “emd5”engine and copied
> to the appropriate subdir of the lib/;  “openssl3” is an alias that points OPENSSL_CONF at the
> correct file, and invokes the correct OpenSSL-3.0 “openssl” binary, as it’s not on the main path):
>
> $ penssl version
>
> OpenSSL 1.1.1d  10 Sep 2019
>
> $ openssl engine -t -c emd5
>
> (emd5) A simple md5 engine for demonstration purposes
>
>  [MD5]
>
>      [ available ]
>
> $ echo "shoot" | openssl dgst -md5 -engine emd5
>
> engine "emd5" set.
>
> (stdin)= 61a08703a6a4c774cad650afaedd9c10
>
> $ echo "shoot" | openssl dgst -md5
>
> (stdin)= 61a08703a6a4c774cad650afaedd9c10
>
> $
>
> $ openssl3 version
>
> OpenSSL 3.0.0-dev xx XXX xxxx (Library: OpenSSL 3.0.0-dev xx XXX xxxx)
>
> $ openssl3 engine -t -vv -c emd5
>
> (emd5) A simple md5 engine for demonstration purposes
>
>  [MD5]
>
>      [ available ]
>
> $ echo "shoot" | openssl3 dgst -md5
>
> MD5(stdin)= 61a08703a6a4c774cad650afaedd9c10
>
> $ echo "shoot" | openssl3 dgst -md5 -engine emd5
>
> engine "emd5" set.
>
> Error setting digest
>
> C0:05:98:0C:01:00:00:00:error:digital envelope routines:EVP_DigestInit_ex:initialization
> error:crypto/evp/digest.c:224:
>
> $
>
> Something must be missing from the configuration/setup – but what…? Help would be greatly
> appreciated!
>
> Thanks!
>
> —
>
> Regards,
>
> Uri
>
>
--
Richard Levitte         [hidden email]
OpenSSL Project         http://www.openssl.org/~levitte/