Hi Mathias, Thanks for the reply. I made the change however it doesn't seem to have fixed my problem.
I am still getting: 139697024018088:error:2606B08C:engine routines:ENGINE_finish:dsa not implemented:e_lunaca3.c:710:DSO not set 139697024018088:error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init failed:eng_table.c:174: and then 139697024018088:error:0306E06C:bignum routines:BN_mod_inverse:no inverse:bn_gcd.c:491: 139697024018088:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP lib:a_sign.c:279: I even tried removing the #ifndef around the load command and that didn't seem to fix things either. May I ask which Luna product we have been able to use the engine with? Thanks, Bram On 12-02-01 7:58 AM, Mathias Tausig wrote: > On 02/01/2012 12:59 PM, Bram Cymet wrote: >> Hi, >> >> I am attempting to use openssl with the Luna SA HSM. I am getting the >> following error: >> >> can't use that engine >> 140064027543208:error:2606B08C:engine routines:ENGINE_finish:dsa not >> implemented:e_lunaca3.c:710:DSO not set >> 140064027543208:error:260B806D:engine >> routines:ENGINE_TABLE_REGISTER:init failed:eng_table.c:174: >> >> Any idea why this would be happening? >> >> Is it that the engine is just not implemented properly? >> >> Thanks, >> > > I found the Luna engine not working out of the box either, because the > engine was not loaded correctly. I had to create a patch to solve this > problem: > > diff -rup openssl-fips-1.2.orig//crypto/engine/eng_all.c > openssl-fips-1.2/crypto/engine/eng_all.c > --- openssl-fips-1.2.orig//crypto/engine/eng_all.c 2010-03-19 > 11:15:00.000000000 +0100 > +++ openssl-fips-1.2/crypto/engine/eng_all.c 2010-03-19 > 11:42:24.000000000 +0100 > @@ -72,6 +72,11 @@ void ENGINE_load_builtin_engines(void) > ENGINE_load_padlock(); > #endif > ENGINE_load_dynamic(); > + > +#ifndef OPENSSL_NO_HW_LUNACA3 > + ENGINE_load_lunaca3(); > +#endif > + > #ifndef OPENSSL_NO_STATIC_ENGINE > #ifndef OPENSSL_NO_HW > #ifndef OPENSSL_NO_HW_4758_CCA > @@ -86,9 +91,6 @@ void ENGINE_load_builtin_engines(void) > #ifndef OPENSSL_NO_HW_CSWIFT > ENGINE_load_cswift(); > #endif > -#ifndef OPENSSL_NO_HW_LUNACA3 > - ENGINE_load_lunaca3(); > -#endif > #ifndef OPENSSL_NO_HW_NCIPHER > ENGINE_load_chil(); > #endif > > The patch is written for openssl-fips-1.2, as you can see, but I am sure > you can adaptate it for other versions as well. > > cheers > Mathias > -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. 613-608-9752 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
