On 02/01/2012 12:59 PM, Bram Cymet wrote: > Hi, > > I am attempting to use openssl with the Luna SA HSM. I am getting the > following error: > > can't use that engine > 140064027543208:error:2606B08C:engine routines:ENGINE_finish:dsa not > implemented:e_lunaca3.c:710:DSO not set > 140064027543208:error:260B806D:engine > routines:ENGINE_TABLE_REGISTER:init failed:eng_table.c:174: > > Any idea why this would be happening? > > Is it that the engine is just not implemented properly? > > Thanks, >
I found the Luna engine not working out of the box either, because the
engine was not loaded correctly. I had to create a patch to solve this
problem:
diff -rup openssl-fips-1.2.orig//crypto/engine/eng_all.c
openssl-fips-1.2/crypto/engine/eng_all.c
--- openssl-fips-1.2.orig//crypto/engine/eng_all.c 2010-03-19
11:15:00.000000000 +0100
+++ openssl-fips-1.2/crypto/engine/eng_all.c 2010-03-19
11:42:24.000000000 +0100
@@ -72,6 +72,11 @@ void ENGINE_load_builtin_engines(void)
ENGINE_load_padlock();
#endif
ENGINE_load_dynamic();
+
+#ifndef OPENSSL_NO_HW_LUNACA3
+ ENGINE_load_lunaca3();
+#endif
+
#ifndef OPENSSL_NO_STATIC_ENGINE
#ifndef OPENSSL_NO_HW
#ifndef OPENSSL_NO_HW_4758_CCA
@@ -86,9 +91,6 @@ void ENGINE_load_builtin_engines(void)
#ifndef OPENSSL_NO_HW_CSWIFT
ENGINE_load_cswift();
#endif
-#ifndef OPENSSL_NO_HW_LUNACA3
- ENGINE_load_lunaca3();
-#endif
#ifndef OPENSSL_NO_HW_NCIPHER
ENGINE_load_chil();
#endif
The patch is written for openssl-fips-1.2, as you can see, but I am sure
you can adaptate it for other versions as well.
cheers
Mathias
smime.p7s
Description: S/MIME Cryptographic Signature
