Hi Vladimir,
I have inserted your code into my application between
OPENSSL_config("correct config file path");
SSL_library_init();
SSL_load_error_strings();
and
SSL_CTX_use_certificate_chain_file(ctx, CERTFILE)
The code was executed without errors but
SSL_CTX_use_certificate_chain_file(ctx, CERTFILE) function call cause the same
error: Unsupported algorithm.
As far as I understood the main idea of this code is to get engine and
initialize it by ENGINE_init(e).
What is the further use of this ENGINE* pointer? It seems that i can "forget"
about it.
Why ENGINE_init(e) call is not necessary for dynamic linkage?
I thought that everything should be the same because I pass correct
configuration file path to
OPENSSL_config("correct config file path");
I read "Network security with openssl" book and CryptoKom documentation
http://www.cryptocom.ru/products/cryptopacket.html#docs
Unfortunately both sources doesn't contain information how to handle with
engines (especially in case of statically linkage).
________________________________
От: Vladimir Belov <ml.vladimbe...@gmail.com>
Кому: openssl-users@openssl.org
Отправлено: четверг, 14 июня 2012 18:01
Тема: Re: OpenSSL and GOST engine issue (statically linked library )
I made a mistake in code and it is possible not to load all engines with
ENGINE_load_builtin_engines :
What next code show you:
//testing loading GOST engine
ENGINE *e;
const char *engine_id = "gost";
ENGINE_load_openssl();
//ENGINE_load_builtin_engines();
ENGINE_load_gost();
e = ENGINE_by_id(engine_id);
if(!e)
{
/* the engine isn't available */
ERR_print_errors(bf_log);
return 1;
}
if(!ENGINE_init(e))
{
/* the engine couldn't initialise, release 'e' */
ERR_print_errors(bf_log);
ENGINE_free(e);
return 1;
}
--------------------------------------------------------------------------------------------------------
From: Abyss Lingvo
Sent: Wednesday, June 13, 2012 5:21 PM
To: openssl-users@openssl.org
Subject: OpenSSL and GOST engine issue (statically linked library )
Hi all !
This is my first mail to openssl mailing list.
I have a problem with statically linked openSSL library and GOST crypto
engine. Openssl 1.0.0g
I have simple client/server application using GOST keys and certificates. It
works fine with GOST keys but only if I use dynamically linked version of
openSSL library. If I try to use statically linked openSSL I got an error
message.
This is how I initialized openSSL library:
OPENSSL_config("correct config file path");
SSL_library_init();
SSL_load_error_strings();
When I try to read certificate file I got an error.
SSL_CTX_use_certificate_chain_file(ctx, CERTFILE)
Return value here is not 1. So this is an error.
The human readable error message is:
3084809868:error:0609E09C:digital envelope routines:PKEY_SET_TYPE:unsupported
algorithm:p_lib.c:239: 3084809868:error:0B07706F:x509 certificate
routines:X509_PUBKEY_get:unsupported algorithm:x_pubkey.c:155:
3084809868:error:140BF10C:SSL routines:SSL_SET_CERT:x509 lib:ssl_rsa.c:402:
When I use the same code with dynamically linked openSSL library with external
GOST engine library everything works fine. So what is the difference between
static and dynamic version? The only idea that I have at this time that my
library initialization sequence is wrong.
I checked symbols in the compiled libcrypto.a library.
nm ./libcrypto.a | grep gost
This command gave me output with many GOST function which were included to
libcrypto.a library. So I think that library was compiled properly and all GOST
engine functions were included in the static library.
"Unsupported algorithm" error message means that GOST functions was not
initialized properly. The question is: how properly initialize engines with
statically linked openSSL?
Is it possible to use engines and statically linked openssl library in general?
Best Regards
Xidex
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
