[erlang-questions] crypto:engine_list() returns empty list

Lars Thorsen lars.thorsen@REDACTED
Fri Jan 19 10:11:20 CET 2018


crypto:engine_list() returns what engine is loaded for OTP ssl (OTP just uses crypto lib and not openssl ) and not what is available

(it loops too get all engines by using ENGINE_get_first() and ENGINE_get_next() from crypto lib). OTP just uses crypto lib and not openssl.

So after you executed {ok, Engine} = crypto:engine_load(<<"gost">>, [], []). you should see gost in the list.

Interesting with dstu, where is that engine located. Same place as gost ?

Normally if you just use the id, the engine must be located in the OpenSSL/LibreSSL installation "engines" directory for crypto lib to find it.

See crypto users guide for loading from other directory.

Perhaps openssl has some other config where to find engines that not affects cryptolib.

BR Lars Thorsén

OTP Team

From: erlang-questions-bounces@REDACTED <erlang-questions-bounces@REDACTED> on behalf of Eugene Pirogov <iamexile@REDACTED>
Sent: Thursday, January 18, 2018 5:43:05 PM
To: erlang-questions@REDACTED
Subject: [erlang-questions] crypto:engine_list() returns empty list


I'm running crypto:engine_list(), but it won't list any OpenSSL engines I have installed. What can be the reason?

I can see the engine in the system by running the following:

# openssl engine -t gost
(gost) Reference implementation of GOST engine
     [ available ]

# openssl engine -t dstu
(dstu) Reference implementation of DSTU engine
     [ available ]

However when running from erl repl, I get this:

# erl
Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V9.2  (abort with ^G)
1> crypto:engine_list().

What's weird is that if I try to forcefully load the engine, it works sometimes.

  *   it works with gost engine:

# erl
Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V9.2  (abort with ^G)
1> {ok, Engine} = crypto:engine_load(<<"gost">>, [], []).

  *   it does not work with dstu engine:

# erl
Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V9.2  (abort with ^G)
1> {ok, Engine} = crypto:engine_load(<<"dstu">>, [], []).
** exception error: no match of right hand side value {error,bad_engine_id}

What am I missing? How can I get to load dstu engine<https://github.com/dstucrypt/openssl-dstu/commits/dstu-1_0_1h> in my case?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180119/21d4ca2d/attachment.htm>

More information about the erlang-questions mailing list