crypto:engine_list() returns empty list

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

crypto:engine_list() returns empty list

Eugene Pirogov
Hi,

I'm running crypto:engine_list(), but it won't list any OpenSSL engines I have installed. What can be the reason?

I can see the engine in the system by running the following:

# openssl engine -t gost
(gost) Reference implementation of GOST engine
     [ available ]

# openssl engine -t dstu
(dstu) Reference implementation of DSTU engine
     [ available ]

However when running from erl repl, I get this:

# erl
Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V9.2  (abort with ^G)
1> crypto:engine_list().
[]

What's weird is that if I try to forcefully load the engine, it works sometimes.
  • it works with gost engine:

    # erl
    Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

    Eshell V9.2  (abort with ^G)
    1> {ok, Engine} = crypto:engine_load(<<"gost">>, [], []).
    {ok,#Ref<0.950608548.1984823298.71941>}

  • it does not work with dstu engine:

    # erl
    Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

    Eshell V9.2  (abort with ^G)
    1> {ok, Engine} = crypto:engine_load(<<"dstu">>, [], []).
    ** exception error: no match of right hand side value {error,bad_engine_id}
What am I missing? How can I get to load dstu engine in my case?

--

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: crypto:engine_list() returns empty list

Lars Thorsen-4

Hi,

crypto:engine_list() returns what engine is loaded for OTP ssl (OTP just uses crypto lib and not openssl ) and not what is available

(it loops too get all engines by using ENGINE_get_first() and ENGINE_get_next() from crypto lib). OTP just uses crypto lib and not openssl.


So after you executed {ok, Engine} = crypto:engine_load(<<"gost">>, [], []). you should see gost in the list.


Interesting with dstu, where is that engine located. Same place as gost ?

Normally if you just use the id, the engine must be located in the OpenSSL/LibreSSL installation "engines" directory for crypto lib to find it.

See crypto users guide for loading from other directory.

Perhaps openssl has some other config where to find engines that not affects cryptolib.


BR Lars Thorsén

OTP Team





From: [hidden email] <[hidden email]> on behalf of Eugene Pirogov <[hidden email]>
Sent: Thursday, January 18, 2018 5:43:05 PM
To: [hidden email]
Subject: [erlang-questions] crypto:engine_list() returns empty list
 
Hi,

I'm running crypto:engine_list(), but it won't list any OpenSSL engines I have installed. What can be the reason?

I can see the engine in the system by running the following:

# openssl engine -t gost
(gost) Reference implementation of GOST engine
     [ available ]

# openssl engine -t dstu
(dstu) Reference implementation of DSTU engine
     [ available ]

However when running from erl repl, I get this:

# erl
Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V9.2  (abort with ^G)
1> crypto:engine_list().
[]

What's weird is that if I try to forcefully load the engine, it works sometimes.
  • it works with gost engine:

    # erl
    Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

    Eshell V9.2  (abort with ^G)
    1> {ok, Engine} = crypto:engine_load(<<"gost">>, [], []).
    {ok,#Ref<0.950608548.1984823298.71941>}

  • it does not work with dstu engine:

    # erl
    Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

    Eshell V9.2  (abort with ^G)
    1> {ok, Engine} = crypto:engine_load(<<"dstu">>, [], []).
    ** exception error: no match of right hand side value {error,bad_engine_id}
What am I missing? How can I get to load dstu engine in my case?

--

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: crypto:engine_list() returns empty list

Eugene Pirogov
Hi Lars,

I figured it out.

I mistakingly ended up with two different openssl (and libssl1.0.0) in the system:
My custom-built & installed openssl command somehow successfully saw custom-built libssl1.0.0, which contained dstu engine. However erlang was unable to see custom-built libssl1.0.0. Instead, it remained to refer to libssl1.0.0 that existed somewhere else in the system. Hence Erlang was unable to load "dstu".

I packed my custom-built openssl as a .deb package and properly installed it (overriding/upgrading existing system one). Erlang now sees correct libssl1.0.0 with no problem, and is able to load the engine in question:

crypto:engine_load(<<"dstu">>, [], []).
{ok,#Ref<0.3776855326.4257087491.172227>}

Just as an observation, interestingly, crypto:engine_list() still will not show a list of available engines... until I load at least some engine:

# erl
Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V9.2  (abort with ^G)
1> crypto:engine_list().
[]
2> crypto:engine_load(<<"dstu">>, [], []).
{ok,#Ref<0.3447474459.3988914180.174416>}
3> crypto:engine_list().
[<<"dynamic">>,<<"dstu">>]
4>

It's not an issue, just a question: why won't crypto:engine_list() tell me what engines exist in the system, upfront?

On Fri, Jan 19, 2018 at 11:11 AM, Lars Thorsen <[hidden email]> wrote:

Hi,

crypto:engine_list() returns what engine is loaded for OTP ssl (OTP just uses crypto lib and not openssl ) and not what is available

(it loops too get all engines by using ENGINE_get_first() and ENGINE_get_next() from crypto lib). OTP just uses crypto lib and not openssl.


So after you executed {ok, Engine} = crypto:engine_load(<<"gost">>, [], []). you should see gost in the list.


Interesting with dstu, where is that engine located. Same place as gost ?

Normally if you just use the id, the engine must be located in the OpenSSL/LibreSSL installation "engines" directory for crypto lib to find it.

See crypto users guide for loading from other directory.

Perhaps openssl has some other config where to find engines that not affects cryptolib.


BR Lars Thorsén

OTP Team





From: [hidden email] <[hidden email]> on behalf of Eugene Pirogov <[hidden email]>
Sent: Thursday, January 18, 2018 5:43:05 PM
To: [hidden email]
Subject: [erlang-questions] crypto:engine_list() returns empty list
 
Hi,

I'm running crypto:engine_list(), but it won't list any OpenSSL engines I have installed. What can be the reason?

I can see the engine in the system by running the following:

# openssl engine -t gost
(gost) Reference implementation of GOST engine
     [ available ]

# openssl engine -t dstu
(dstu) Reference implementation of DSTU engine
     [ available ]

However when running from erl repl, I get this:

# erl
Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V9.2  (abort with ^G)
1> crypto:engine_list().
[]

What's weird is that if I try to forcefully load the engine, it works sometimes.
  • it works with gost engine:

    # erl
    Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

    Eshell V9.2  (abort with ^G)
    1> {ok, Engine} = crypto:engine_load(<<"gost">>, [], []).
    {ok,#Ref<0.950608548.1984823298.71941>}

  • it does not work with dstu engine:

    # erl
    Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

    Eshell V9.2  (abort with ^G)
    1> {ok, Engine} = crypto:engine_load(<<"dstu">>, [], []).
    ** exception error: no match of right hand side value {error,bad_engine_id}
What am I missing? How can I get to load dstu engine in my case?

--



--

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: crypto:engine_list() returns empty list

Lars Thorsen-4

Hi,

fine you got it working.


Then for your question:

crypto:engine_list() shows which engines are loaded and not which are available to the system.

So in your case it shows you dstu which you load and dynamic which the system loads to be able to load other engines dynamically.


BR Lars


From: Eugene Pirogov <[hidden email]>
Sent: Sunday, January 21, 2018 4:01:24 PM
To: Lars Thorsen
Cc: [hidden email]
Subject: Re: [erlang-questions] crypto:engine_list() returns empty list
 
Hi Lars,

I figured it out.

I mistakingly ended up with two different openssl (and libssl1.0.0) in the system:
My custom-built & installed openssl command somehow successfully saw custom-built libssl1.0.0, which contained dstu engine. However erlang was unable to see custom-built libssl1.0.0. Instead, it remained to refer to libssl1.0.0 that existed somewhere else in the system. Hence Erlang was unable to load "dstu".

I packed my custom-built openssl as a .deb package and properly installed it (overriding/upgrading existing system one). Erlang now sees correct libssl1.0.0 with no problem, and is able to load the engine in question:

crypto:engine_load(<<"dstu">>, [], []).
{ok,#Ref<0.3776855326.4257087491.172227>}

Just as an observation, interestingly, crypto:engine_list() still will not show a list of available engines... until I load at least some engine:

# erl
Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V9.2  (abort with ^G)
1> crypto:engine_list().
[]
2> crypto:engine_load(<<"dstu">>, [], []).
{ok,#Ref<0.3447474459.3988914180.174416>}
3> crypto:engine_list().
[<<"dynamic">>,<<"dstu">>]
4>

It's not an issue, just a question: why won't crypto:engine_list() tell me what engines exist in the system, upfront?

On Fri, Jan 19, 2018 at 11:11 AM, Lars Thorsen <[hidden email]> wrote:

Hi,

crypto:engine_list() returns what engine is loaded for OTP ssl (OTP just uses crypto lib and not openssl ) and not what is available

(it loops too get all engines by using ENGINE_get_first() and ENGINE_get_next() from crypto lib). OTP just uses crypto lib and not openssl.


So after you executed {ok, Engine} = crypto:engine_load(<<"gost">>, [], []). you should see gost in the list.


Interesting with dstu, where is that engine located. Same place as gost ?

Normally if you just use the id, the engine must be located in the OpenSSL/LibreSSL installation "engines" directory for crypto lib to find it.

See crypto users guide for loading from other directory.

Perhaps openssl has some other config where to find engines that not affects cryptolib.


BR Lars Thorsén

OTP Team





From: [hidden email] <[hidden email]> on behalf of Eugene Pirogov <[hidden email]>
Sent: Thursday, January 18, 2018 5:43:05 PM
To: [hidden email]
Subject: [erlang-questions] crypto:engine_list() returns empty list
 
Hi,

I'm running crypto:engine_list(), but it won't list any OpenSSL engines I have installed. What can be the reason?

I can see the engine in the system by running the following:

# openssl engine -t gost
(gost) Reference implementation of GOST engine
     [ available ]

# openssl engine -t dstu
(dstu) Reference implementation of DSTU engine
     [ available ]

However when running from erl repl, I get this:

# erl
Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V9.2  (abort with ^G)
1> crypto:engine_list().
[]

What's weird is that if I try to forcefully load the engine, it works sometimes.
  • it works with gost engine:

    # erl
    Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

    Eshell V9.2  (abort with ^G)
    1> {ok, Engine} = crypto:engine_load(<<"gost">>, [], []).
    {ok,#Ref<0.950608548.1984823298.71941>}

  • it does not work with dstu engine:

    # erl
    Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

    Eshell V9.2  (abort with ^G)
    1> {ok, Engine} = crypto:engine_load(<<"dstu">>, [], []).
    ** exception error: no match of right hand side value {error,bad_engine_id}
What am I missing? How can I get to load dstu engine in my case?

--



--

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: crypto:engine_list() returns empty list

Eugene Pirogov
Hi Lars,

crypto:engine_list() shows which engines are loaded and not which are available to the system.

I just realized you already said it twice, and wasn't paying enough attention. Noted, thank your for clarification!

On Mon, Jan 22, 2018 at 8:16 AM, Lars Thorsen <[hidden email]> wrote:

Hi,

fine you got it working.


Then for your question:

crypto:engine_list() shows which engines are loaded and not which are available to the system.

So in your case it shows you dstu which you load and dynamic which the system loads to be able to load other engines dynamically.


BR Lars


From: Eugene Pirogov <[hidden email]>
Sent: Sunday, January 21, 2018 4:01:24 PM
To: Lars Thorsen
Cc: [hidden email]
Subject: Re: [erlang-questions] crypto:engine_list() returns empty list
 
Hi Lars,

I figured it out.

I mistakingly ended up with two different openssl (and libssl1.0.0) in the system:
My custom-built & installed openssl command somehow successfully saw custom-built libssl1.0.0, which contained dstu engine. However erlang was unable to see custom-built libssl1.0.0. Instead, it remained to refer to libssl1.0.0 that existed somewhere else in the system. Hence Erlang was unable to load "dstu".

I packed my custom-built openssl as a .deb package and properly installed it (overriding/upgrading existing system one). Erlang now sees correct libssl1.0.0 with no problem, and is able to load the engine in question:

crypto:engine_load(<<"dstu">>, [], []).
{ok,#Ref<0.3776855326.<a href="tel:(425)%20708-7491" value="+14257087491" target="_blank">4257087491.172227>}

Just as an observation, interestingly, crypto:engine_list() still will not show a list of available engines... until I load at least some engine:

# erl
Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V9.2  (abort with ^G)
1> crypto:engine_list().
[]
2> crypto:engine_load(<<"dstu">>, [], []).
{ok,#Ref<0.3447474459.3988914180.174416>}
3> crypto:engine_list().
[<<"dynamic">>,<<"dstu">>]
4>

It's not an issue, just a question: why won't crypto:engine_list() tell me what engines exist in the system, upfront?

On Fri, Jan 19, 2018 at 11:11 AM, Lars Thorsen <[hidden email]> wrote:

Hi,

crypto:engine_list() returns what engine is loaded for OTP ssl (OTP just uses crypto lib and not openssl ) and not what is available

(it loops too get all engines by using ENGINE_get_first() and ENGINE_get_next() from crypto lib). OTP just uses crypto lib and not openssl.


So after you executed {ok, Engine} = crypto:engine_load(<<"gost">>, [], []). you should see gost in the list.


Interesting with dstu, where is that engine located. Same place as gost ?

Normally if you just use the id, the engine must be located in the OpenSSL/LibreSSL installation "engines" directory for crypto lib to find it.

See crypto users guide for loading from other directory.

Perhaps openssl has some other config where to find engines that not affects cryptolib.


BR Lars Thorsén

OTP Team





From: [hidden email] <[hidden email]> on behalf of Eugene Pirogov <[hidden email]>
Sent: Thursday, January 18, 2018 5:43:05 PM
To: [hidden email]
Subject: [erlang-questions] crypto:engine_list() returns empty list
 
Hi,

I'm running crypto:engine_list(), but it won't list any OpenSSL engines I have installed. What can be the reason?

I can see the engine in the system by running the following:

# openssl engine -t gost
(gost) Reference implementation of GOST engine
     [ available ]

# openssl engine -t dstu
(dstu) Reference implementation of DSTU engine
     [ available ]

However when running from erl repl, I get this:

# erl
Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V9.2  (abort with ^G)
1> crypto:engine_list().
[]

What's weird is that if I try to forcefully load the engine, it works sometimes.
  • it works with gost engine:

    # erl
    Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

    Eshell V9.2  (abort with ^G)
    1> {ok, Engine} = crypto:engine_load(<<"gost">>, [], []).
    {ok,#Ref<0.950608548.1984823298.71941>}

  • it does not work with dstu engine:

    # erl
    Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

    Eshell V9.2  (abort with ^G)
    1> {ok, Engine} = crypto:engine_load(<<"dstu">>, [], []).
    ** exception error: no match of right hand side value {error,bad_engine_id}
What am I missing? How can I get to load dstu engine in my case?

--



--



--

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions