Re: [Ocf-linux-users] Error thrown by OpenSSL when /dev/crypto exists
Brought to you by:
david-m
Menu
▾
▴
Re: [Ocf-linux-users] Error thrown by OpenSSL when /dev/crypto exists
|
From: David M. <dav...@mc...> - 2011-09-20 22:08:27
|
Jivin Turner, Greg lays it down ... > All, > > I am using OCF and OpenSSL to access crypto hardware on the AM37x processor. OCF 20100325 is used with a 2.6.32 kernel from TI for the AM37x. OpenSSL 1.0.0d is built with CFLAG?s ?DHAVE_CRYPTODEV and -DUSE_CRYPTODEV_DIGESTS. Hmm, I have never used openssl 1.X with or without OCF, a bit slack I know :-( > The following errors are being thrown by OpenSSL when generating a self-signed certificate: > > root@am37x-evm:~# openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 > > You are about to be asked to enter information that will be incorporated > > into your certificate request. > > What you are about to enter is what is called a Distinguished Name or a DN. > > There are quite a few fields but you can leave some blank > > For some fields there will be a default value, > > If you enter '.', the field will be left blank. > > ----- > > Country Name (2 letter code) [AU]:US > > State or Province Name (full name) [Some-State]:TX > > Locality Name (eg, city) []: > > Organization Name (eg, company) [Internet Widgits Pty Ltd]:TI > > Organizational Unit Name (eg, section) []: > > Common Name (eg, YOUR name) []: > > Email Address []: > > 1073868400:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:125: > > 1073868400:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP lib:a_sign.c:279: > > root@am37x-evm:~# > > root@am37x-evm:~# > > > > If I remove /dev/crypto, the error does not occur. Has anyone else seen this issue? Is this a known issue that is maybe fixed in the newer OCF version? Sounds like a definate OCF issue of some sort ;-) I don't expect thats it's been fixed. But its hard to say. I don't know what driver you are using that is providing OCF PKI ops. There have been a number of cryptosoft fixes and various little fixes but I don't recall any PKI specific ones. If you can, trying a newer version won't hurt. Just be warned that I do not know the status of the OCF work in openssl 1.X, I oushed a lot of changes up a long time ago but have never really had the chance to follow up on what went in and what didn't. Cheers, Davidm -- David McCullough, dav...@mc..., Ph:+61 734352815 McAfee - SnapGear http://www.mcafee.com http://www.uCdot.org |
