0

To load the capi engine dynamically, the following code is used:

EVP_PKEY *key = NULL;
ENGINE_load_builtin_engines();
ENGINE *engine = ENGINE_by_id("dynamic");
ENGINE_ctrl_cmd_string(engine, "SO_PATH", "./capi.dll", 0); 
ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0); 
ENGINE_init(engine);

While debugging I checked, ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0) is failing. So what could be the reason for this?

I have not build openssl for using capi, I am using default capi.dll that came with openssl. Should I build the openssl again with capi enabled in openssl.cfg file, or is there something else I am doing wrong?

Nissa
  • 4,636
  • 8
  • 29
  • 37
User1234
  • 1,543
  • 4
  • 22
  • 32
  • What does [`ERR_get_error`](http://www.openssl.org/docs/manmaster/crypto/ERR_get_error.html) return? – jww Jan 17 '16 at 15:48

3 Answers3

1

I had basically the same issue using capi.dll on the command line:

openssl engine dynamic -t -pre SO_PATH:./capi.dll -pre LOAD -post list_csps

After lot of trial and error, I found that the DLL I was using was a dummy! It basically contained a bind_engine function that always returned 0 (which means failure). Using a CAPI DLL that was natively compiled under Windows it worked.

dvo
  • 336
  • 1
  • 10
1

I spent time trying to find the capi.dll only to realize it was already compiled into the Windows openssl components.

From the command line:

openssl engine capi
Neeraj Kumar
  • 771
  • 2
  • 16
  • 37
mdrissel
  • 31
  • 2
0

Another (pretty obscure) reason why engine loading may fail is that the library itself requires another library, which is not found. In this case, one simply gets the generic No such file or directory error (although the path of the library, e.g., ./capi.dll, is correct).

To check if this is the problem, try 

ldd ./capi.dll

or

cygcheck ./capi.dll

and if so, copy the missing library dependencies (e.g., libeay32.dll) to the current directory.

dvo
  • 336
  • 1
  • 10