Loading OpenSSL custom engine via openssl.conf file shows error

Question

I have a simple openssl engine that I want to load into OpenSSL via openssl.conf file. I have install openssl-1.1.1c from source using the following configuration setting,

./config --prefix=/opt/openssl -DOPENSSL_LOAD_CONF --openssldir=/opt/openssl

After installation $openssl version shows the following,

ss@ss:~$ openssl version
OpenSSL 1.1.1c  28 May 2019

After that, I change openssl.conf like the following,

openssl_conf = openssl_def

[openssl_def]
engines = engine_section

[engine_section]
rsa-engine-new = rsa_section

[rsa_section]
engine_id = rsa-engine-new

Upon make those changes, openssl engine command shows the following,

ss@ss:/opt/openssl$ openssl engine
rsa-engine-new
(rdrand) Intel RDRAND engine
(dynamic) Dynamic engine loading support
(rsa-engine-new) engine for testing 1
139904801769216:error:260AB089:engine routines:ENGINE_ctrl_cmd_string:invalid cmd name:crypto/engine/eng_ctrl.c:255:
139904801769216:error:260BC066:engine routines:int_engine_configure:engine configuration error:crypto/engine/eng_cnf.c:141:section=rsa_section, name=oid_section, value=new_oids
139904801769216:error:0E07606D:configuration file routines:module_run:module initialization error:crypto/conf/conf_mod.c:177:module=engines, value=engine_section, retcode=-1      

Any idea what I did wrong?

Answer 1

I found the solution from the OpenSSL mail list.

What happens is, I was putting the new configuration at the beginning of the openssl.cnf file. Therefore, I have the remnants of main openssl config.

Then I move the following section at the end of the openssl.cnf file

[openssl_def]
engines = engine_section

[engine_section]
rsa-engine-new = rsa_section

[rsa_section]
engine_id = rsa-engine-new
dynamic_path = (PATH_TO_OPENSSL)/lib/engines-1.1/rsa-engine-new.so

And the engine loads without any error,

$openssl engine
(rdrand) Intel RDRAND engine
(dynamic) Dynamic engine loading support
(rsa-engine-new) engine for testing 1