[erlang-questions] crypto:engine_list() returns empty list

Lars Thorsen lars.thorsen@REDACTED
Mon Jan 22 07:16:54 CET 2018 

Hi,

fine you got it working.


Then for your question:

crypto:engine_list() shows which engines are loaded and not which are available to the system.

So in your case it shows you dstu which you load and dynamic which the system loads to be able to load other engines dynamically.


BR Lars

________________________________
From: Eugene Pirogov <iamexile@REDACTED>
Sent: Sunday, January 21, 2018 4:01:24 PM
To: Lars Thorsen
Cc: erlang-questions@REDACTED
Subject: Re: [erlang-questions] crypto:engine_list() returns empty list

Hi Lars,

I figured it out.

I mistakingly ended up with two different openssl (and libssl1.0.0) in the system:

  *   one that was installed from Ubuntu sources, e.g. https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.23,
  *   another one was the one I built & installed manually (via make install).

My custom-built & installed openssl command somehow successfully saw custom-built libssl1.0.0, which contained dstu engine. However erlang was unable to see custom-built libssl1.0.0. Instead, it remained to refer to libssl1.0.0 that existed somewhere else in the system. Hence Erlang was unable to load "dstu".

I packed my custom-built openssl as a .deb package and properly installed it (overriding/upgrading existing system one). Erlang now sees correct libssl1.0.0 with no problem, and is able to load the engine in question:

crypto:engine_load(<<"dstu">>, [], []).
{ok,#Ref<0.3776855326.4257087491.172227>}

Just as an observation, interestingly, crypto:engine_list() still will not show a list of available engines... until I load at least some engine:

# erl
Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V9.2  (abort with ^G)
1> crypto:engine_list().
[]
2> crypto:engine_load(<<"dstu">>, [], []).
{ok,#Ref<0.3447474459.3988914180.174416>}
3> crypto:engine_list().
[<<"dynamic">>,<<"dstu">>]
4>

It's not an issue, just a question: why won't crypto:engine_list() tell me what engines exist in the system, upfront?

On Fri, Jan 19, 2018 at 11:11 AM, Lars Thorsen <lars.thorsen@REDACTED<mailto:lars.thorsen@REDACTED>> wrote:

Hi,

crypto:engine_list() returns what engine is loaded for OTP ssl (OTP just uses crypto lib and not openssl ) and not what is available

(it loops too get all engines by using ENGINE_get_first() and ENGINE_get_next() from crypto lib). OTP just uses crypto lib and not openssl.


So after you executed {ok, Engine} = crypto:engine_load(<<"gost">>, [], []). you should see gost in the list.


Interesting with dstu, where is that engine located. Same place as gost ?

Normally if you just use the id, the engine must be located in the OpenSSL/LibreSSL installation "engines" directory for crypto lib to find it.

See crypto users guide for loading from other directory.

Perhaps openssl has some other config where to find engines that not affects cryptolib.


BR Lars Thorsén

OTP Team




________________________________
From: erlang-questions-bounces@REDACTED<mailto:erlang-questions-bounces@REDACTED> <erlang-questions-bounces@REDACTED<mailto:erlang-questions-bounces@REDACTED>> on behalf of Eugene Pirogov <iamexile@REDACTED<mailto:iamexile@REDACTED>>
Sent: Thursday, January 18, 2018 5:43:05 PM
To: erlang-questions@REDACTED<mailto:erlang-questions@REDACTED>
Subject: [erlang-questions] crypto:engine_list() returns empty list

Hi,

I'm running crypto:engine_list(), but it won't list any OpenSSL engines I have installed. What can be the reason?

I can see the engine in the system by running the following:

# openssl engine -t gost
(gost) Reference implementation of GOST engine
     [ available ]

# openssl engine -t dstu
(dstu) Reference implementation of DSTU engine
     [ available ]

However when running from erl repl, I get this:

# erl
Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V9.2  (abort with ^G)
1> crypto:engine_list().
[]

What's weird is that if I try to forcefully load the engine, it works sometimes.

  *   it works with gost engine:

# erl
Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V9.2  (abort with ^G)
1> {ok, Engine} = crypto:engine_load(<<"gost">>, [], []).
{ok,#Ref<0.950608548.1984823298.71941>}

  *   it does not work with dstu engine:

# erl
Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V9.2  (abort with ^G)
1> {ok, Engine} = crypto:engine_load(<<"dstu">>, [], []).
** exception error: no match of right hand side value {error,bad_engine_id}

What am I missing? How can I get to load dstu engine<https://github.com/dstucrypt/openssl-dstu/commits/dstu-1_0_1h> in my case?

--
http://www.gmile.me



--
http://www.gmile.me
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180122/2243cae6/attachment.htm>

More information about the erlang-questions mailing list