[erlang-questions] crypto:engine_list() returns empty list

Eugene Pirogov iamexile@REDACTED
Sun Jan 21 16:01:24 CET 2018 

Hi Lars,

I figured it out.

I mistakingly ended up with two different openssl (and libssl1.0.0) in the
system:

   - one that was installed from Ubuntu sources, e.g.
   https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.23,
   - another one was the one I built & installed manually (via make install
   ).

My custom-built & installed openssl command somehow successfully saw
custom-built libssl1.0.0, which contained dstu engine. However erlang was
unable to see custom-built libssl1.0.0. Instead, it remained to refer to
libssl1.0.0 that existed somewhere else in the system. Hence Erlang was
unable to load "dstu".

I packed my custom-built openssl as a .deb package and properly installed
it (overriding/upgrading existing system one). Erlang now sees correct
libssl1.0.0 with no problem, and is able to load the engine in question:

crypto:engine_load(<<"dstu">>, [], []).
{ok,#Ref<0.3776855326.4257087491.172227>}

Just as an observation, interestingly, crypto:engine_list() still will not
show a list of available engines... until I load at least some engine:


# erl
Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10]
[async-threads:10] [hipe] [kernel-poll:false]

Eshell V9.2  (abort with ^G)
1> crypto:engine_list().
[]
2> crypto:engine_load(<<"dstu">>, [], []).
{ok,#Ref<0.3447474459.3988914180.174416>}
3> crypto:engine_list().
[<<"dynamic">>,<<"dstu">>]
4>

It's not an issue, just a question: why won't crypto:engine_list() tell me
what engines exist in the system, upfront?

On Fri, Jan 19, 2018 at 11:11 AM, Lars Thorsen <lars.thorsen@REDACTED>
wrote:

> Hi,
>
> *crypto:engine_list()* returns what engine is loaded for OTP ssl (OTP
> just uses crypto lib and not openssl ) and not what is available
>
> (it loops too get all engines by using ENGINE_get_first() and
> ENGINE_get_next() from crypto lib). OTP just uses crypto lib and not
> openssl.
>
>
> So after you executed {ok, Engine} = crypto:engine_load(<<"gost">>, [],
> []). you should see gost in the list.
>
>
> Interesting with dstu, where is that engine located. Same place as gost ?
>
> Normally if you just use the id, the engine must be located in the
> OpenSSL/LibreSSL installation "engines" directory for crypto lib to find
> it.
>
> See crypto users guide for loading from other directory.
>
> Perhaps openssl has some other config where to find engines that not
> affects cryptolib.
>
>
> BR Lars Thorsén
>
> OTP Team
>
>
>
> ------------------------------
> *From:* erlang-questions-bounces@REDACTED <erlang-questions-bounces@
> erlang.org> on behalf of Eugene Pirogov <iamexile@REDACTED>
> *Sent:* Thursday, January 18, 2018 5:43:05 PM
> *To:* erlang-questions@REDACTED
> *Subject:* [erlang-questions] crypto:engine_list() returns empty list
>
> Hi,
>
> I'm running *crypto:engine_list()*, but it won't list any OpenSSL engines
> I have installed. What can be the reason?
>
> I can see the engine in the system by running the following:
>
> # openssl engine -t gost
> (gost) Reference implementation of GOST engine
>      [ available ]
>
> # openssl engine -t dstu
> (dstu) Reference implementation of DSTU engine
>      [ available ]
>
>
> However when running from erl repl, I get this:
>
> # erl
> Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10]
> [async-threads:10] [hipe] [kernel-poll:false]
>
> Eshell V9.2  (abort with ^G)
> 1> crypto:engine_list().
> []
>
>
> What's weird is that if I try to forcefully load the engine, it *works
> sometimes.*
>
>    - it works with gost engine:
>
>    # erl
>    Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10]
>    [async-threads:10] [hipe] [kernel-poll:false]
>
>    Eshell V9.2  (abort with ^G)
>    1> {ok, Engine} = crypto:engine_load(<<"gost">>, [], []).
>    {ok,#Ref<0.950608548.1984823298.71941>}
>
>    - it does not work with dstu engine:
>
>    # erl
>    Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10]
>    [async-threads:10] [hipe] [kernel-poll:false]
>
>    Eshell V9.2  (abort with ^G)
>    1> {ok, Engine} = crypto:engine_load(<<"dstu">>, [], []).
>    ** exception error: no match of right hand side value
>    {error,bad_engine_id}
>
> What am I missing? How can I get to load dstu engine
> <https://github.com/dstucrypt/openssl-dstu/commits/dstu-1_0_1h> in my
> case?
>
> --
> http://www.gmile.me
>



-- 
http://www.gmile.me
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180121/61e0e6ab/attachment.htm>

More information about the erlang-questions mailing list