用于OpenSSL的PKCS#11引擎 [英] PKCS#11 engine for openSSL

问题描述

我正在尝试在Windows 7下设置openSSL以使用供应商特定的安全模块.

从供应商那里我得到了PKCS#11 API dll(让我们说是vendor.dll). PKCS#11引擎是根据 https://github.com/OpenSC/libp11 <创建的/p>

如链接中所述，为了进行测试，我开始

openssl引擎pkcs11 -t

但是得到:

D:\Gateway\openSSL\Win32\Release>openssl engine pkcs11 -t
11020:error:25078067:DSO support routines:WIN32_LOAD:could not load the shared library:.\crypto\dso\dso_win32.c:179:filename(\usr\local\ssl\lib\engines\pkcs11.dll)
11020:error:25070067:DSO support routines:DSO_load:could not load the shared library:.\crypto\dso\dso_lib.c:233:
11020:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:.\crypto\engine\eng_dyn.c:467:
11020:error:2606A074:engine routines:ENGINE_by_id:no such engine:.\crypto\engine\eng_list.c:390:id=pkcs11

配置文件为:

[engine_section]
pkcs11 = pkcs11_section

[pkcs11_section]
engine_id = pkcs11
dynamic_path = D:\Gateway\libp11\libp11-master\src\pkcs11.dll
MODULE_PATH = D:\Gateway\driver\smgw\Win32\vendor.dll
init = 0

它尝试在Unix目录\ usr \ local中找到dll ... 似乎根本没有评估动态路径的内容，因为我可以在其中指定任何内容，但上面的错误消息也会得到提示.

我在做什么错了?

解决方案

在配置文件中的其他条目之前，您需要:

[openssl_def]
engines = engine_section

另一方面，不需要以下几行:

engine_id = pkcs11
init = 0

还要检查(使用例如ldd)您所引用的库是否可以实际加载.如果找不到它们依赖的库，则动态加载程序将在它们上失败，然后尝试使用默认库路径，例如

/usr/local/ssl/lib/engines/<engine-id>.dll

I'm trying to setup openSSL under Windows 7 to use a vendor specific security module.

From the vendor I got a PKCS#11 API dll (lets say vendor.dll). The PKCS#11 engine has been created according to https://github.com/OpenSC/libp11

As described in the link, for testing, I start

openssl engine pkcs11 -t

but get:

D:\Gateway\openSSL\Win32\Release>openssl engine pkcs11 -t
11020:error:25078067:DSO support routines:WIN32_LOAD:could not load the shared library:.\crypto\dso\dso_win32.c:179:filename(\usr\local\ssl\lib\engines\pkcs11.dll)
11020:error:25070067:DSO support routines:DSO_load:could not load the shared library:.\crypto\dso\dso_lib.c:233:
11020:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:.\crypto\engine\eng_dyn.c:467:
11020:error:2606A074:engine routines:ENGINE_by_id:no such engine:.\crypto\engine\eng_list.c:390:id=pkcs11

The configuration file is:

[engine_section]
pkcs11 = pkcs11_section

[pkcs11_section]
engine_id = pkcs11
dynamic_path = D:\Gateway\libp11\libp11-master\src\pkcs11.dll
MODULE_PATH = D:\Gateway\driver\smgw\Win32\vendor.dll
init = 0

It tries to find the dll in a unix directory \usr\local... It seems, that the content of dynamic path is not evaluated at all, because I can specify whatever there, I get alwys the error message above.

What am I doing wrong?

解决方案

Before the other entries in the config file, you need:

[openssl_def]
engines = engine_section

On the other hand, the following lines are not needed:

engine_id = pkcs11
init = 0

Also check (using, e.g., ldd) that the libraries you reference can actually be loaded. If a lib they depend on cannot be found, the dynamic loader will fail on them and then try to use default library paths such as

/usr/local/ssl/lib/engines/<engine-id>.dll

这篇关于用于OpenSSL的PKCS#11引擎的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！