Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

2018-02-19 Thread Viktor Dukhovni 
On Mon, Feb 19, 2018 at 01:45:26PM -0800, Norm Green wrote:

> # ASN1_LONG_DATA:
> #   success: TRUE
> t@1 (l@1) signal BUS (invalid address alignment) in asn1_item_print_ctx at
> line 155 in file "tasn_prn.c"
>   155  || (it->utype != V_ASN1_BOOLEAN)) && *fld == NULL) {

Perhaps aligning the item buffer (by using malloc) will help, does
the patch below address the problem?

diff --git a/test/asn1_encode_test.c b/test/asn1_encode_test.c
index e9f459ad65..77fa9b5954 100644
--- a/test/asn1_encode_test.c
+++ b/test/asn1_encode_test.c
@@ -709,15 +709,19 @@ static int do_encode_custom(EXPECTED *input,
 static int do_print_item(const TEST_PACKAGE *package)
 {
 #define DATA_BUF_SIZE 256
-unsigned char buf[DATA_BUF_SIZE];
 const ASN1_ITEM *i = ASN1_ITEM_ptr(package->asn1_type);
-ASN1_VALUE *o = (ASN1_VALUE *)
+ASN1_VALUE *o = OPENSSL_malloc(DATA_BUF_SIZE);
 int ret;
 
 OPENSSL_assert(package->encode_expectations_elem_size <= DATA_BUF_SIZE);
 
-(void)RAND_bytes(buf, (int)package->encode_expectations_elem_size);
+if (o == NULL)
+return 0;
+
+(void)RAND_bytes((unsigned char *)o,
+ (int)package->encode_expectations_elem_size);
 ret = ASN1_item_print(bio_err, o, 0, i, NULL);
+OPENSSL_free(o);
 
 return ret;
 }

-- 
Viktor.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to make OpenSSL engine usage application specific?

2018-02-19 Thread Paul Dale 
Try RSA_new_method when allocating the RSA_METHOD.  It takes an engine argument 
which will be used for related operations.

 

Pauli

-- 

Oracle

Dr Paul Dale | Cryptographer | Network Security & Encryption 

Phone +61 7 3031 7217

Oracle Australia

 

From: Jayalakshmi bhat [mailto:bhat.jayalaks...@gmail.com] 
Sent: Monday, 19 February 2018 7:16 PM
To: openssl-users@openssl.org
Subject: [openssl-users] How to make OpenSSL engine usage application specific?

 

Hello All,

 

We have 2 RSA OpenSSL engines in our product. Both the engines performs same 
RSA encyrpt/decrypt operations. For easy explaination I am naming engines as

 

1. RSA smart card  engine 

2. RSA TPM engine 

 

Engine usage is application specific.There are couple of applications dependent 
on RSA TPM  engine. And are few applications dependent on RSA smart card 
engine. 

We wanted to know if there are any APIs provided by OpenSSL to make the engine 
usage application specific? Is there any way we can make OpenSSL chose specific 
engine for

specific application.

 

Regards

Jayalakshmi.

 

 
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

2018-02-19 Thread Norm Green 
For the failure in secmemtst, it appears that secure memory is not 
enabled per this code in ./crypto/mem_sec.c


 23 /* e_os.h includes unistd.h, which defines _POSIX_VERSION */
 24 #if !defined(OPENSSL_NO_SECURE_MEMORY) && defined(OPENSSL_SYS_UNIX) \
 25 && defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L
 26 # define IMPLEMENTED
 27 # include 
 28 # include 
 29 # include 
 30 # include 
 31 # include 
 32 # if defined(OPENSSL_SYS_LINUX)
 33 #  include 
 34 #  include 
 35 #  include 
 36 # endif
 37 # include 
 38 # include 
 39 # include 
 40 #endif



Solaris has this in sys/unistd.h

#ifndef _POSIX_VERSION
#ifdef  _XPG6
#define _POSIX_VERSION  200112L /* Supports IEEE Std 1003.1-2001 */
#else
#define _POSIX_VERSION  199506L /* Supports POSIX-1c DIS */
#endif
#endif /* _POSIX_VERSION */

I'm building with the native Oracle Solaris compiler which apparently 
does not define these macros.


Nornm


On 2/19/2018 1:20 PM, Norm Green wrote:

The output is not too long.



/export/localnew/sparc.Solaris/bin/gmake depend && 
/export/localnew/sparc.Solaris/bin/gmake _tests
gmake[1]: Entering directory 
'/hamburg4/users/normg/gs64trunk/slow10/openssl_1.1'
gmake[1]: Leaving directory 
'/hamburg4/users/normg/gs64trunk/slow10/openssl_1.1'
gmake[1]: Entering directory 
'/hamburg4/users/normg/gs64trunk/slow10/openssl_1.1'

( cd test; \
  mkdir -p test-runs; \
  SRCTOP=../. \
  BLDTOP=../. \
  RESULT_D=test-runs \
  PERL="/opt/perl-5.24.0/bin/perl" \
  EXE_EXT= \
  OPENSSL_ENGINES=`cd .././engines; pwd` \
  OPENSSL_DEBUG_MEMORY=on \
    /opt/perl-5.24.0/bin/perl .././test/run_tests.pl test_asn1_encode 
test_secmem )

../test/recipes/04-test_asn1_encode.t ..
1..1
    # Subtest: ../../test/asn1_encode_test
    1..6
    ok 1 - test_long_32bit
    # ASN1_LONG_DATA:
    #   success: TRUE
../../util/shlib_wrap.sh ../../test/asn1_encode_test => 138
not ok 1 - running asn1_encode_test

#   Failed test 'running asn1_encode_test'
#   at 
/hamburg4/users/normg/gs64trunk/slow10/openssl_1.1/test/../util/perl/OpenSSL/Test/Simple.pm 
line 77.

# Looks like you failed 1 test of 1.
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/1 subtests
../test/recipes/90-test_secmem.t ...
1..1
    # Subtest: ../../test/secmemtest
    1..1
    # ERROR: (bool) 'CRYPTO_secure_malloc_init(4096, 32) == true' 
failed @ test/secmemtest.c:28

    # false
    not ok 1 - test_sec_mem
../../util/shlib_wrap.sh ../../test/secmemtest => 1
not ok 1 - running secmemtest

#   Failed test 'running secmemtest'
#   at 
/hamburg4/users/normg/gs64trunk/slow10/openssl_1.1/test/../util/perl/OpenSSL/Test/Simple.pm 
line 77.

# Looks like you failed 1 test of 1.
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/1 subtests

Test Summary Report
---
../test/recipes/04-test_asn1_encode.t (Wstat: 256 Tests: 1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../test/recipes/90-test_secmem.t (Wstat: 256 Tests: 1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
Files=2, Tests=2,  2 wallclock secs ( 0.04 usr  0.01 sys + 0.38 cusr  
0.16 csys =  0.59 CPU)

Result: FAIL
Makefile:169: recipe for target '_tests' failed
gmake[1]: *** [_tests] Error 1
gmake[1]: Leaving directory 
'/hamburg4/users/normg/gs64trunk/slow10/openssl_1.1'

Makefile:167: recipe for target 'tests' failed
gmake: *** [tests] Error 2
slow test failed



On 2/19/2018 12:50 PM, Benjamin Kaduk wrote:

On 02/19/2018 02:06 PM, Norm Green wrote:

Not sure if this is expected on this platform?

Test Summary Report
---
../test/recipes/04-test_asn1_encode.t    (Wstat: 256 Tests: 1
Failed: 1)
   Failed test:  1
   Non-zero exit status: 1
../test/recipes/90-test_secmem.t (Wstat: 256 Tests: 1
Failed: 1)
   Failed test:  1
   Non-zero exit status: 1
Files=141, Tests=1313, 370 wallclock secs ( 3.42 usr  0.94 sys +
266.48 cusr 40.30 csys = 311.14 CPU)
Result: FAIL
Makefile:169: recipe for target '_tests' failed

I do not think it is expected.  Could you capture the output of 'make
V=1 TESTS="test_asn1_encode test_secmem"' and make it available?
(Probably via posting it on the web and linking; the output may be 
long.)


-Ben




--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

2018-02-19 Thread Norm Green 
You are correct, we are getting a SIGBUS.  Solaris SPARC does not allow 
unaligned data access:


(dbx) run
Running: asn1_encode_test
(process id 11159)
Reading libc_psr.so.1
Reading libscf.so.1
Reading libdoor.so.1
Reading libuutil.so.1
Reading libgen.so.1
Reading libmd.so.1
Reading libmp.so.2
1..6
ok 1 - test_long_32bit
# ASN1_LONG_DATA:
#   success: TRUE
t@1 (l@1) signal BUS (invalid address alignment) in asn1_item_print_ctx 
at line 155 in file "tasn_prn.c"

  155  || (it->utype != V_ASN1_BOOLEAN)) && *fld == NULL) {
(dbx) where
current thread: t@1
=>[1] asn1_item_print_ctx(out = 0x1001453c0, fld = 0x7fffd6dc, 
indent = 2, it = 0x7f3a29f0, fname = 0x100033ad8 "test_long", 
sname = (nil), nohdr = 0, pctx = 0x7f39e8f8), line 155 in 
"tasn_prn.c"
  [2] asn1_template_print_ctx(out = 0x1001453c0, fld = 
0x7fffd6dc, indent = 2, tt = 0x100137808, pctx = 
0x7f39e8f8), line 328 in "tasn_prn.c"
  [3] asn1_item_print_ctx(out = 0x1001453c0, fld = 0x7fffd5e0, 
indent = 0, it = 0x1001376c8, fname = (nil), sname = 0x100033af8 
"ASN1_LONG_DATA", nohdr = 0, pctx = 0x7f39e8f8), line 241 in 
"tasn_prn.c"
  [4] ASN1_item_print(out = 0x1001453c0, ifld = 0x7fffd6d4, 
indent = 0, it = 0x1001376c8, pctx = 0x7f39e8f8), line 131 in 
"tasn_prn.c"
  [5] do_print_item(package = 0x100135e68), line 720 in 
"asn1_encode_test.c"

  [6] test_intern(package = 0x100135e68), line 815 in "asn1_encode_test.c"
  [7] test_long_64bit(), line 832 in "asn1_encode_test.c"
  [8] run_tests(test_prog_name = 0x7fffef88 
"/hamburg4/users/normg/gs64trunk/slow10/openssl_1.1/test/asn1_encode_test"), 
line 205 in "driver.c"

  [9] main(argc = 1, argv = 0x7fffec08), line 51 in "main.c"
(dbx)


On 2/19/2018 1:30 PM, Viktor Dukhovni wrote:



On Feb 19, 2018, at 4:20 PM, Norm Green  wrote:

/export/localnew/sparc.Solaris/bin/gmake depend && 
/export/localnew/sparc.Solaris/bin/gmake _tests
gmake[1]: Entering directory 
'/hamburg4/users/normg/gs64trunk/slow10/openssl_1.1'
gmake[1]: Leaving directory '/hamburg4/users/normg/gs64trunk/slow10/openssl_1.1'
gmake[1]: Entering directory 
'/hamburg4/users/normg/gs64trunk/slow10/openssl_1.1'
( cd test; \
   mkdir -p test-runs; \
   SRCTOP=../. \
   BLDTOP=../. \
   RESULT_D=test-runs \
   PERL="/opt/perl-5.24.0/bin/perl" \
   EXE_EXT= \
   OPENSSL_ENGINES=`cd .././engines; pwd` \
   OPENSSL_DEBUG_MEMORY=on \
 /opt/perl-5.24.0/bin/perl .././test/run_tests.pl test_asn1_encode 
test_secmem )
../test/recipes/04-test_asn1_encode.t ..
1..1
 # Subtest: ../../test/asn1_encode_test
 1..6
 ok 1 - test_long_32bit
 # ASN1_LONG_DATA:
 #   success: TRUE
../../util/shlib_wrap.sh ../../test/asn1_encode_test => 138

On FreeBSD signal 10 (128 + 10 == 138) is SIGBUS, which could be a result of 
unaligned
data access (please report "kill -l" output to confirm the signal numbers).

Could you run this test under gdb, or enable core dumps, and report the stack 
trace?
You may need a build with debugging symbols.



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

2018-02-19 Thread Viktor Dukhovni 


> On Feb 19, 2018, at 4:20 PM, Norm Green  wrote:
> 
> /export/localnew/sparc.Solaris/bin/gmake depend && 
> /export/localnew/sparc.Solaris/bin/gmake _tests
> gmake[1]: Entering directory 
> '/hamburg4/users/normg/gs64trunk/slow10/openssl_1.1'
> gmake[1]: Leaving directory 
> '/hamburg4/users/normg/gs64trunk/slow10/openssl_1.1'
> gmake[1]: Entering directory 
> '/hamburg4/users/normg/gs64trunk/slow10/openssl_1.1'
> ( cd test; \
>   mkdir -p test-runs; \
>   SRCTOP=../. \
>   BLDTOP=../. \
>   RESULT_D=test-runs \
>   PERL="/opt/perl-5.24.0/bin/perl" \
>   EXE_EXT= \
>   OPENSSL_ENGINES=`cd .././engines; pwd` \
>   OPENSSL_DEBUG_MEMORY=on \
> /opt/perl-5.24.0/bin/perl .././test/run_tests.pl test_asn1_encode 
> test_secmem )
> ../test/recipes/04-test_asn1_encode.t ..
> 1..1
> # Subtest: ../../test/asn1_encode_test
> 1..6
> ok 1 - test_long_32bit
> # ASN1_LONG_DATA:
> #   success: TRUE
> ../../util/shlib_wrap.sh ../../test/asn1_encode_test => 138

On FreeBSD signal 10 (128 + 10 == 138) is SIGBUS, which could be a result of 
unaligned
data access (please report "kill -l" output to confirm the signal numbers).

Could you run this test under gdb, or enable core dumps, and report the stack 
trace?
You may need a build with debugging symbols.

-- 
Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

2018-02-19 Thread Norm Green 

The output is not too long.



/export/localnew/sparc.Solaris/bin/gmake depend && 
/export/localnew/sparc.Solaris/bin/gmake _tests
gmake[1]: Entering directory 
'/hamburg4/users/normg/gs64trunk/slow10/openssl_1.1'
gmake[1]: Leaving directory 
'/hamburg4/users/normg/gs64trunk/slow10/openssl_1.1'
gmake[1]: Entering directory 
'/hamburg4/users/normg/gs64trunk/slow10/openssl_1.1'

( cd test; \
  mkdir -p test-runs; \
  SRCTOP=../. \
  BLDTOP=../. \
  RESULT_D=test-runs \
  PERL="/opt/perl-5.24.0/bin/perl" \
  EXE_EXT= \
  OPENSSL_ENGINES=`cd .././engines; pwd` \
  OPENSSL_DEBUG_MEMORY=on \
    /opt/perl-5.24.0/bin/perl .././test/run_tests.pl test_asn1_encode 
test_secmem )

../test/recipes/04-test_asn1_encode.t ..
1..1
    # Subtest: ../../test/asn1_encode_test
    1..6
    ok 1 - test_long_32bit
    # ASN1_LONG_DATA:
    #   success: TRUE
../../util/shlib_wrap.sh ../../test/asn1_encode_test => 138
not ok 1 - running asn1_encode_test

#   Failed test 'running asn1_encode_test'
#   at 
/hamburg4/users/normg/gs64trunk/slow10/openssl_1.1/test/../util/perl/OpenSSL/Test/Simple.pm 
line 77.

# Looks like you failed 1 test of 1.
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/1 subtests
../test/recipes/90-test_secmem.t ...
1..1
    # Subtest: ../../test/secmemtest
    1..1
    # ERROR: (bool) 'CRYPTO_secure_malloc_init(4096, 32) == true' 
failed @ test/secmemtest.c:28

    # false
    not ok 1 - test_sec_mem
../../util/shlib_wrap.sh ../../test/secmemtest => 1
not ok 1 - running secmemtest

#   Failed test 'running secmemtest'
#   at 
/hamburg4/users/normg/gs64trunk/slow10/openssl_1.1/test/../util/perl/OpenSSL/Test/Simple.pm 
line 77.

# Looks like you failed 1 test of 1.
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/1 subtests

Test Summary Report
---
../test/recipes/04-test_asn1_encode.t (Wstat: 256 Tests: 1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
../test/recipes/90-test_secmem.t (Wstat: 256 Tests: 1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
Files=2, Tests=2,  2 wallclock secs ( 0.04 usr  0.01 sys + 0.38 cusr  
0.16 csys =  0.59 CPU)

Result: FAIL
Makefile:169: recipe for target '_tests' failed
gmake[1]: *** [_tests] Error 1
gmake[1]: Leaving directory 
'/hamburg4/users/normg/gs64trunk/slow10/openssl_1.1'

Makefile:167: recipe for target 'tests' failed
gmake: *** [tests] Error 2
slow test failed



On 2/19/2018 12:50 PM, Benjamin Kaduk wrote:

On 02/19/2018 02:06 PM, Norm Green wrote:

Not sure if this is expected on this platform?

Test Summary Report
---
../test/recipes/04-test_asn1_encode.t    (Wstat: 256 Tests: 1
Failed: 1)
   Failed test:  1
   Non-zero exit status: 1
../test/recipes/90-test_secmem.t (Wstat: 256 Tests: 1
Failed: 1)
   Failed test:  1
   Non-zero exit status: 1
Files=141, Tests=1313, 370 wallclock secs ( 3.42 usr  0.94 sys +
266.48 cusr 40.30 csys = 311.14 CPU)
Result: FAIL
Makefile:169: recipe for target '_tests' failed

I do not think it is expected.  Could you capture the output of 'make
V=1 TESTS="test_asn1_encode test_secmem"' and make it available?
(Probably via posting it on the web and linking; the output may be long.)

-Ben


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

2018-02-19 Thread Benjamin Kaduk via openssl-users 
On 02/19/2018 02:06 PM, Norm Green wrote:
> Not sure if this is expected on this platform?
>
> Test Summary Report
> ---
> ../test/recipes/04-test_asn1_encode.t    (Wstat: 256 Tests: 1
> Failed: 1)
>   Failed test:  1
>   Non-zero exit status: 1
> ../test/recipes/90-test_secmem.t (Wstat: 256 Tests: 1
> Failed: 1)
>   Failed test:  1
>   Non-zero exit status: 1
> Files=141, Tests=1313, 370 wallclock secs ( 3.42 usr  0.94 sys +
> 266.48 cusr 40.30 csys = 311.14 CPU)
> Result: FAIL
> Makefile:169: recipe for target '_tests' failed

I do not think it is expected.  Could you capture the output of 'make
V=1 TESTS="test_asn1_encode test_secmem"' and make it available? 
(Probably via posting it on the web and linking; the output may be long.)

-Ben
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] 1.1.1 pre1 tests failing on Solaris SPARC

2018-02-19 Thread Norm Green 

Not sure if this is expected on this platform?

Test Summary Report
---
../test/recipes/04-test_asn1_encode.t    (Wstat: 256 Tests: 1 
Failed: 1)

  Failed test:  1
  Non-zero exit status: 1
../test/recipes/90-test_secmem.t (Wstat: 256 Tests: 1 
Failed: 1)

  Failed test:  1
  Non-zero exit status: 1
Files=141, Tests=1313, 370 wallclock secs ( 3.42 usr  0.94 sys + 266.48 
cusr 40.30 csys = 311.14 CPU)

Result: FAIL
Makefile:169: recipe for target '_tests' failed


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] DTLS over UDP

2018-02-19 Thread Michael Richardson 

Nivedita  wrote:
>> Nivedita  wrote:

>>> I am trying to establish DTLS over UDP connection by using
>>> DTLSv1_listen method .

>>> I have followed the below steps - 1. Created a server socket
>>> and using
>>> this socket created bio and ssl object. bio =
>>> BIO_new_dgram(VI_sock,BIO_NOCLOSE)) SSL_set_bio
>>> (ssl,VP_bio,VP_bio);

>>> 2. Enable cookie exchange on SSL object. SSL_set_options(ssl,
>>> SSL_OP_COOKIE_EXCHANGE);

>>> 3. Then started listening using dtlsv1_listen for the new
>>> client
>>> connections. Once dtlsv1_listen is successful and i got the
>>> peer
>>> address.

mcr> okay.


>> Nivedita- All the above mentioned steps i am doing on server
>> side . On the
>> client side i have already initiated ssl_connect.
>> On the server side when i am listening using dtlsv1_listen
>> method -

>>> 4. Once i got the peer address , i am creating one more socket
>>> 5. With the new socket i tried to connect to peer address.

> Then once i got the client address from the dtlsv1_listen method,
> i am creating one more socket and trying to connect to this client
> address.

I think that I see what is wrong with your flow... you haven't taken the
packet off the original socket, so SSL_accept is still looking for it.

The flow is supposed to be:
1) client sends ClientHello

2) DTLSv1_listen() sees it, and sends a HelloVerifyRequest
   (I assume you have filled in the cookie callbacks. I think that
   perhaps there should be good cryptographic defaults available in
   the library.  Maybe there are, and I'm ignorant of them)
   
3) Client sends ClientHello w/cookie.
   DTLSv1_listen() then sees that and tweaks the SSL* to indicate that
   the cookie has been accepted.  Note that the packet is *LEFT*
   on the incoming socket so that SSL_accept() can process it.
   This is one the places where the DTLSv1_listen() API is rather
   hard to use in my opinion.

4) You make up new sockets, etc.
5) But, you need to call SSL_accept() once with the **old socket** to
   process packet that listen() left on it, and then you can switch the
   FD over!  Of course, you probably want to make sure that SSL_accept()
   sends the reply correctly.

What I do in my proposed DTLSv1_accept() API is that I move the data
From the incoming socket to the new BIO's incoming queue:
https://github.com/mcr/openssl/blob/dtls-listen-refactor/ssl/d1_lib.c#L964

/* At this point, there is a real ClientHello in serv->init_buf */
memcpy(rb->buf, serv->init_buf->data, serv->init_num);
rb->offset = 0;
rb->left   = serv->init_num;

and then remove the packet from the incoming socket.  The situation is
then returned like this so that the new sockets can be setup, but the
incoming SSL_accept() BIO is stuffed with the correct (cookie-full)
ClientHello, and replies will go to the right place with the right source
address.  I hope to get these patches accepted for the March 11 freeze,
but you might not want to depend upon it.


-- 
]   Never tell me the odds! | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works| network architect  [ 
] m...@sandelman.ca  http://www.sandelman.ca/|   ruby on rails[ 



signature.asc
Description: PGP signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] How to make OpenSSL engine usage application specific?

2018-02-19 Thread Jayalakshmi bhat 
Hello All,

We have 2 RSA OpenSSL engines in our product. Both the engines performs
same RSA encyrpt/decrypt operations. For easy explaination I am naming
engines as

1. RSA smart card  engine
2. RSA TPM engine

Engine usage is application specific.There are couple of applications
dependent on RSA TPM  engine. And are few applications dependent on RSA
smart card engine.
We wanted to know if there are any APIs provided by OpenSSL to make the
engine usage application specific? Is there any way we can make OpenSSL
chose specific engine for
specific application.

Regards
Jayalakshmi.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users