-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all,
most HW engines are now moved to engines/ directory and compiled into standalone lib<something>.so modules. Except for the PadLock engine. That's still in crypto/engine/ and linked directly into libcrypto.so. However the initialization code in ENGINE_load_builtin_engines() doesn't know about it, tries to dlopen libpadlock.so and obviously fails. The symptoms are usually like this: ~$ openssl engine padlock 29381:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:162:filename(/usr/lib/ssl/engines/libpadlock.so): /usr/lib/ssl/engines/libpadlock.so: cannot open shared object file: No such file or directory 29381:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244: 29381:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450: 29381:error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:415:id=padlock One solution is to keep padlock built-in and modify load_builtin_engines() to know about it. Such a patch has been in use in Fedora and RedHat for about a year now and works just fine. It's available here: http://www.logix.cz/michal/devel/padlock/#openssl098-static The other solution is to properly compile PadLock into a shared module. To do so simply move crypto/engine/eng_padlock.c to engines/e_padlock.c and apply the patch from here: http://www.logix.cz/michal/devel/padlock/#openssl098-dynamic I did a decent testing with this dynamic approach and it appears to work just fine. Please apply one of these patches as in the current state (in both 0.9.8d and openssl-SNAP) the PadLock engine is not usable for most users. Thanks! Michal Ludvig -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFkzNYDDolCcRbIhgRArbNAKDVSwA2/OQZXaDpfsuYIX9Mlh4x0wCg+7y4 lofI/Nt3UXZtK++VB9eosVc= =YOII -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
