Re: OpenSSL and GOST engine issue (statically linked library )

Fri, 15 Jun 2012 05:15:12 -0700 

As far as I understood the main idea of this code is to get engine and 
initialize it by ENGINE_init(e).

My code was only for testing of loading  and initialization of specific ENGINE.


What is the further use of this ENGINE* pointer? It seems that i can "forget" 
about it
Variable with type ENGINE can be used directly in many cryptography functions, such as EVP_EncryptInit_ex and many others.
The code was executed without errors but SSL_CTX_use_certificate_chain_file(ctx, CERTFILE) function call cause the same error: Unsupported algorithm. 
So, if "gost" engine is successfully loaded, then try this code:


  SSL_load_error_strings();
  ENGINE *e;
  const char *engine_id = "gost";
  ENGINE_load_openssl();
  ENGINE_load_gost();
  e = ENGINE_by_id(engine_id);
  if(!e)
  {
     //the engine isn't available
     ERR_print_errors(bf_log);
     return 1;
  }
  ENGINE_register_complete(e);

  OpenSSL_add_all_algorithms();
  SSL_library_init();


  //here is your code



  //at the end of the program
  ENGINE_free(e);
  ENGINE_cleanup();





------------------------------------------------------------------------------------------------------------------------------------
From: Abyss Lingvo
Sent: Friday, June 15, 2012 10:34 AM
To: openssl-users@openssl.org
Subject: OpenSSL and GOST engine issue (statically linked library )
Hi Vladimir,



I have inserted your code into my application between


OPENSSL_config("correct config file path");
SSL_library_init();
SSL_load_error_strings();


and


SSL_CTX_use_certificate_chain_file(ctx, CERTFILE)
The code was executed without errors but SSL_CTX_use_certificate_chain_file(ctx, CERTFILE) function call cause the same error: Unsupported algorithm. 

As far as I understood the main idea of this code is to get engine and 
initialize it by ENGINE_init(e).
What is the further use of this ENGINE* pointer?   It seems that i can "forget" 
about it.

Why  ENGINE_init(e) call is not necessary for dynamic linkage?
I thought that everything should be the same because I pass correct configuration file path to OPENSSL_config("correct config file path");
I read "Network security with openssl" book and CryptoKom documentation http://www.cryptocom.ru/products/cryptopacket.html#docs Unfortunately both sources doesn't contain information how to handle with engines (especially in case of statically linkage). 



От: Vladimir Belov <ml.vladimbe...@gmail.com>
Кому: openssl-users@openssl.org
Отправлено: четверг, 14 июня 2012 18:01
Тема: Re: OpenSSL and GOST engine issue (statically linked library )


I made a mistake in code and it is possible not to load all engines with 
ENGINE_load_builtin_engines :

What next code show you:

 //testing loading GOST engine
 ENGINE *e;
 const char *engine_id = "gost";
 ENGINE_load_openssl();
 //ENGINE_load_builtin_engines();
 ENGINE_load_gost();
 e = ENGINE_by_id(engine_id);
 if(!e)
 {
   /* the engine isn't available */
   ERR_print_errors(bf_log);
   return 1;
 }
 if(!ENGINE_init(e))
 {
   /* the engine couldn't initialise, release 'e' */
   ERR_print_errors(bf_log);
   ENGINE_free(e);
   return 1;
 }



--------------------------------------------------------------------------------------------------------
From: Abyss Lingvo
Sent: Wednesday, June 13, 2012 5:21 PM
To: openssl-users@openssl.org
Subject: OpenSSL and GOST engine issue (statically linked library )
Hi all !



This is my first mail to openssl mailing list.



I have a problem with statically linked openSSL library and GOST crypto engine. 
 Openssl 1.0.0g
I have simple client/server application using GOST keys and certificates. It works fine with GOST keys but only if I use dynamically linked version of openSSL library. If I try to use statically linked openSSL I got an error message. 

This is how I initialized openSSL library:

OPENSSL_config("correct config file path");

SSL_library_init();

SSL_load_error_strings();

When I try to read certificate file I got an error.

SSL_CTX_use_certificate_chain_file(ctx, CERTFILE)

Return value here is not 1. So this is an error.

The human readable error message is:
3084809868:error:0609E09C:digital envelope routines:PKEY_SET_TYPE:unsupported algorithm:p_lib.c:239: 3084809868:error:0B07706F:x509 certificate routines:X509_PUBKEY_get:unsupported algorithm:x_pubkey.c:155: 3084809868:error:140BF10C:SSL routines:SSL_SET_CERT:x509 lib:ssl_rsa.c:402:
When I use the same code with dynamically linked openSSL library with external GOST engine library everything works fine. So what is the difference between static and dynamic version? The only idea that I have at this time that my library initialization sequence is wrong. 

I checked symbols in the compiled libcrypto.a library.

nm ./libcrypto.a | grep gost
This command gave me output with many GOST function which were included to libcrypto.a library. So I think that library was compiled properly and all GOST engine functions were included in the static library.
"Unsupported algorithm" error message means that GOST functions was not initialized properly. The question is: how properly initialize engines with statically linked openSSL? 


Is it possible to use engines and statically linked openssl library in general?


Best Regards
Xidex
______________________________________________________________________
OpenSSL Project                                http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                          majord...@openssl.org


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to