4

I'm trying to encrypt a string on an embedded system running on linux using OpenSSL. The system uses imx6ul microprocessor. It consists with a hardware crypto engine.

root@imx6ulevk:/# openssl version
OpenSSL 1.0.2d 9 Jul 2015
root@imx6ulevk:/# openssl engine
(cryptodev) BSD cryptodev engine
(dynamic) Dynamic engine loading support

When I call RSA_public_encrypt() function in my code it gives an error.

root@imx6ulevk:/vp/test# ./RsaEnDc 
cryptodev_digest_update: illegal inputs
error:00000000:lib(0):func(0):reason(0)

And when I remove loading cryptodev driver at the startup of my embedded system and then run the program, it works fine. But I need the cryptodev support for other operations in my system.

Here is my code

void encrypt(RSA* pRsaKey, char* message, int msgLen, char* cipher, int *cipherLen)
{
    if((*cipherLen = RSA_public_encrypt(msgLen, (unsigned char*)message, (unsigned char*)cipher, pRsaKey, RSA_PKCS1_OAEP_PADDING)) == -1)
    {
        ERR_load_crypto_strings();
        fprintf(stderr, "Error encrypting message: %s\n", ERR_error_string(ERR_get_error(), NULL));
    }
}

Is there any way to specify RSA_public_encrypt() function not to use cryptodev engine?

jww
  • 97,681
  • 90
  • 411
  • 885
thilinaur
  • 141
  • 6
  • Is `pRsaKey` any good? Can you [`RSA_print`](https://www.openssl.org/docs/man1.0.1/crypto/RSA_print.html) it and ensure at least `e` and `n` are present? Also, `error:00000000:lib(0):func(0):reason(0)` is very suspect. You can usually get an error code out of it, even if `openssl errstr` cannot print a friendly version. Finally, please forgive my ignorance... Did you build OpenSSL 1.0.2d and put it on path? Or is it part of the board's image? – jww Jan 06 '17 at 21:39
  • 1
    *"Is there any way to specify RSA_public_encrypt() function not to use cryptodev engine?"* - Yes, you change the method in OpenSSL. Also see OpenSSL 1.1.0's [`RSA_meth_set_pub_enc`](http://www.openssl.org/docs/man1.1.0/crypto/RSA_meth_set_pub_enc.html). If working or 1.0.2 and below, then you use `RSA_METHOD` and `ENGINE_set_RSA`. – jww Jan 06 '17 at 21:43
  • @jww Smells like an answer to me. – Maarten Bodewes Jan 07 '17 at 00:01

0 Answers0