[erlang-questions] crypto:engine_list() returns empty list

Eugene Pirogov iamexile@REDACTED
Mon Jan 22 12:37:35 CET 2018


Hi Lars,

crypto:engine_list() shows which engines are loaded and not which are
> available to the system.


I just realized you already said it twice, and wasn't paying enough
attention. Noted, thank your for clarification!

On Mon, Jan 22, 2018 at 8:16 AM, Lars Thorsen <lars.thorsen@REDACTED>
wrote:

> Hi,
>
> fine you got it working.
>
>
> Then for your question:
>
> crypto:engine_list() shows which engines are loaded and not which are
> available to the system.
>
> So in your case it shows you dstu which you load and dynamic which the
> system loads to be able to load other engines dynamically.
>
>
> BR Lars
> ------------------------------
> *From:* Eugene Pirogov <iamexile@REDACTED>
> *Sent:* Sunday, January 21, 2018 4:01:24 PM
> *To:* Lars Thorsen
> *Cc:* erlang-questions@REDACTED
> *Subject:* Re: [erlang-questions] crypto:engine_list() returns empty list
>
> Hi Lars,
>
> I figured it out.
>
> I mistakingly ended up with two different openssl (and libssl1.0.0) in the
> system:
>
>    - one that was installed from Ubuntu sources, e.g.
>    https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.23
>    <https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.23>,
>    - another one was the one I built & installed manually (via make
>    install).
>
> My custom-built & installed openssl command somehow successfully saw
> custom-built libssl1.0.0, which contained dstu engine. However erlang was
> unable to see custom-built libssl1.0.0. Instead, it remained to refer to
> libssl1.0.0 that existed somewhere else in the system. Hence Erlang was
> unable to load "dstu".
>
> I packed my custom-built openssl as a .deb package and properly installed
> it (overriding/upgrading existing system one). Erlang now sees correct
> libssl1.0.0 with no problem, and is able to load the engine in question:
>
> crypto:engine_load(<<"dstu">>, [], []).
> {ok,#Ref<0.3776855326.4257087491 <(425)%20708-7491>.172227>}
>
> Just as an observation, interestingly, crypto:engine_list() still will
> not show a list of available engines... until I load at least some engine:
>
>
> # erl
> Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10]
> [async-threads:10] [hipe] [kernel-poll:false]
>
> Eshell V9.2  (abort with ^G)
> 1> crypto:engine_list().
> []
> 2> crypto:engine_load(<<"dstu">>, [], []).
> {ok,#Ref<0.3447474459.3988914180.174416>}
> 3> crypto:engine_list().
> [<<"dynamic">>,<<"dstu">>]
> 4>
>
> It's not an issue, just a question: why won't crypto:engine_list() tell
> me what engines exist in the system, upfront?
>
> On Fri, Jan 19, 2018 at 11:11 AM, Lars Thorsen <lars.thorsen@REDACTED>
> wrote:
>
> Hi,
>
> *crypto:engine_list()* returns what engine is loaded for OTP ssl (OTP
> just uses crypto lib and not openssl ) and not what is available
>
> (it loops too get all engines by using ENGINE_get_first() and
> ENGINE_get_next() from crypto lib). OTP just uses crypto lib and not
> openssl.
>
>
> So after you executed {ok, Engine} = crypto:engine_load(<<"gost">>, [],
> []). you should see gost in the list.
>
>
> Interesting with dstu, where is that engine located. Same place as gost ?
>
> Normally if you just use the id, the engine must be located in the
> OpenSSL/LibreSSL installation "engines" directory for crypto lib to find
> it.
>
> See crypto users guide for loading from other directory.
>
> Perhaps openssl has some other config where to find engines that not
> affects cryptolib.
>
>
> BR Lars Thorsén
>
> OTP Team
>
>
>
> ------------------------------
> *From:* erlang-questions-bounces@REDACTED <erlang-questions-bounces@REDACTED
> ng.org> on behalf of Eugene Pirogov <iamexile@REDACTED>
> *Sent:* Thursday, January 18, 2018 5:43:05 PM
> *To:* erlang-questions@REDACTED
> *Subject:* [erlang-questions] crypto:engine_list() returns empty list
>
> Hi,
>
> I'm running *crypto:engine_list()*, but it won't list any OpenSSL engines
> I have installed. What can be the reason?
>
> I can see the engine in the system by running the following:
>
> # openssl engine -t gost
> (gost) Reference implementation of GOST engine
>      [ available ]
>
> # openssl engine -t dstu
> (dstu) Reference implementation of DSTU engine
>      [ available ]
>
>
> However when running from erl repl, I get this:
>
> # erl
> Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10]
> [async-threads:10] [hipe] [kernel-poll:false]
>
> Eshell V9.2  (abort with ^G)
> 1> crypto:engine_list().
> []
>
>
> What's weird is that if I try to forcefully load the engine, it *works
> sometimes.*
>
>    - it works with gost engine:
>
>    # erl
>    Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10]
>    [async-threads:10] [hipe] [kernel-poll:false]
>
>    Eshell V9.2  (abort with ^G)
>    1> {ok, Engine} = crypto:engine_load(<<"gost">>, [], []).
>    {ok,#Ref<0.950608548.1984823298.71941>}
>
>    - it does not work with dstu engine:
>
>    # erl
>    Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10]
>    [async-threads:10] [hipe] [kernel-poll:false]
>
>    Eshell V9.2  (abort with ^G)
>    1> {ok, Engine} = crypto:engine_load(<<"dstu">>, [], []).
>    ** exception error: no match of right hand side value
>    {error,bad_engine_id}
>
> What am I missing? How can I get to load dstu engine
> <https://github.com/dstucrypt/openssl-dstu/commits/dstu-1_0_1h> in my
> case?
>
> --
> http://www.gmile.me
>
>
>
>
> --
> http://www.gmile.me
>



-- 
http://www.gmile.me
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180122/6e643b49/attachment.htm>


More information about the erlang-questions mailing list