Hi Geoff, I appreciate your reply. Currently, I dont have any engine supported at the openssl side. I have crypto driver at the kernel side, which registered with the kernel for the hashing and encryption algos.
>From the openssl, when I issue "enc" or "dgst" commands, I dont give "engine" parameter. Basically, I dont set any engine. With my understanding, openssl will pass the command to kernel, kernel will search the first available registered crypto driver which is capable of handling requested operation and submit the request to that crypto driver. Above things working fine for all encryption and decryption commands. But for hashing (dgst command) kernel is not getting the proper request from the openssl with mac operation set. Any reason, why openssl dont pass the only hashing commands to kernel when no engines are mentioned/set? is there any way I can configure openssl to pass any request to kernel with out looking for any engines and also with out passing it to hadle it in software? thanks, MB. On Fri, Dec 12, 2008 at 2:09 AM, Geoff Thorpe <ge...@geoffthorpe.net> wrote: > On Thursday 11 December 2008 12:44:24 Madhusudan Bhat wrote: > > Hi All, > > > > I am having a issue when using digest command from openssl. When I > > issue digest command md5 from openssl, kernel side it will never > > receive IOCTL - CIOCGSESSION with sop->mac getting set, also it wont > > receive IOCTL - CIOCCRYPT with mac operation set. Tho, crypto driver > > which I have written registered new session, free session, process > > functions for CRYPTO_MD5, CRYPTO_MD5_HMAC. > > > > But when I issue des/3des/aes enc commands from openssl, open crypto > > device at the kernel side receives proper IOCTL and calls my crypto > > driver with new session and process functions with sop->cipher and > > other fields related to cipher get set. > > > > Is there anything I might be missing in my driver or is there anything > > which I have to enable to receive any digest commands? > > BTW, I dont have any engine supported, so I dont use engine params > > while issueing command from openssl. > > My guess is that you're initialising your engine too late - your engine > will only become the default for crypto algorithms/modes that it > supports and that *haven't been used yet*. When something tries to use > md5 for the first time, a default md5 implementation will be chosen and > cached. You probably loaded your engine early enough to be there before > anyone needed des/3des/aes, but after someone had already started using > md5. > > Specifically, I'm guessing that randomness gathering is your problem. The > random code uses hashes extensively, and if that kicks in before you > register your engine's md5 implementation, then the default s/w > implementation has already become the live default. Try building your > openssl libraries with -DENGINE_TABLE_DEBUG and add a big printf() just > before you load your engine. If there is engine logging related to md5 > that occurs before you load your engine, that's the problem. Another > thing to try is to call ENGINE_set_default() on your engine once it's > loaded - your MD5 code after that should use your engine, even if the > randomness stuff won't. > > Cheers, > Geoff > > -- > Un terrien, c'est un singe avec des clefs de char... > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
