>>IIRC, when you do dynamic linkage, the conf file is parsed and engine
initiated as per conf file, not when you do static linkage. Hence your issue.
The question is how to initialize this engine programmatically.
I called OPENSSL_config("correct config file path") with correct config file
path. It doesn't work.
>>More generally, it's a bad idea to link statically in the context of GOST use.
I can't change it. Static linkage is requirement.
Best Regards
Vladislav
________________________________
От: Alexandre Aufrere <alexandre.aufr...@opentrust.com>
Кому: openssl-users@openssl.org
Копия: Abyss Lingvo <xidex...@yahoo.com>
Отправлено: пятница, 15 июня 2012 18:16
Тема: Re: OpenSSL and GOST engine issue (statically linked library )
Hello,
IIRC, when you do dynamic linkage, the conf file is parsed and
engine initiated as per conf file, not when you do static linkage.
Hence your issue.
More generally, it's a bad idea to link statically in the context of
GOST use: if at one point you need to use FSB certified GOST, you'll
run into trouble (there are chances, depending how you use it, that
you'll need to submit your code for certification).
Regards,
Alexandre
Le 15/06/2012 08:34, Abyss Lingvo a écrit :
Hi Vladimir,
>
>
>
>I have inserted your code into my application between
>
>
>
>OPENSSL_config("correct config file path");
>SSL_library_init();
>SSL_load_error_strings();
>
>
>
>and
>
>
>SSL_CTX_use_certificate_chain_file(ctx, CERTFILE)
>
>
>
>The code was executed without errors but
>SSL_CTX_use_certificate_chain_file(ctx, CERTFILE) function call cause the same
>error: Unsupported algorithm.
>
>
>As far as I understood the main idea of this code is to get engine and
>initialize it by ENGINE_init(e).
>What is the further use of this ENGINE* pointer? It seems that i can
>"forget" about it.
>
>
>Why ENGINE_init(e) call is not necessary for dynamic linkage?
>I thought that everything should be the same because I pass correct
>configuration file path to OPENSSL_config("correct config file path");
>
>
>
>
>I read "Network security with openssl" book and CryptoKom documentation
>http://www.cryptocom.ru/products/cryptopacket.html#docs
>Unfortunately both sources doesn't contain information how to handle with
>engines (especially in case of statically linkage).
>
>
>
>
>
>
>
>
>________________________________
> От: Vladimir Belov <ml.vladimbe...@gmail.com>
>Кому: openssl-users@openssl.org
>Отправлено: четверг, 14 июня 2012 18:01
>Тема: Re: OpenSSL and GOST engine issue (statically linked library )
>
>I made a mistake in code and it is possible not to load all
engines with ENGINE_load_builtin_engines :
>
>What next code show you:
>
> //testing loading GOST engine
> ENGINE *e;
> const char *engine_id = "gost";
> ENGINE_load_openssl();
> //ENGINE_load_builtin_engines();
> ENGINE_load_gost();
> e = ENGINE_by_id(engine_id);
> if(!e)
> {
> /* the engine isn't available */
> ERR_print_errors(bf_log);
> return 1;
> }
> if(!ENGINE_init(e))
> {
> /* the engine couldn't initialise, release 'e' */
> ERR_print_errors(bf_log);
> ENGINE_free(e);
> return 1;
> }
>
>
>
>--------------------------------------------------------------------------------------------------------
>From: Abyss Lingvo
>Sent: Wednesday, June 13, 2012 5:21 PM
>To: openssl-users@openssl.org
>Subject: OpenSSL and GOST engine issue (statically linked
library )
>Hi all !
>
>
>
>This is my first mail to openssl mailing list.
>
>
>
>I have a problem with statically linked openSSL library and
GOST crypto engine. Openssl 1.0.0g
>
>I have simple client/server application using GOST keys and
certificates. It works fine with GOST keys but only if I use
dynamically linked version of openSSL library. If I try to
use statically linked openSSL I got an error message.
>
>This is how I initialized openSSL library:
>
>OPENSSL_config("correct config file path");
>
>SSL_library_init();
>
>SSL_load_error_strings();
>
>When I try to read certificate file I got an error.
>
>SSL_CTX_use_certificate_chain_file(ctx, CERTFILE)
>
>Return value here is not 1. So this is an error.
>
>The human readable error message is:
>
>3084809868:error:0609E09C:digital envelope
routines:PKEY_SET_TYPE:unsupported algorithm:p_lib.c:239:
3084809868:error:0B07706F:x509 certificate
routines:X509_PUBKEY_get:unsupported
algorithm:x_pubkey.c:155: 3084809868:error:140BF10C:SSL
routines:SSL_SET_CERT:x509 lib:ssl_rsa.c:402:
>
>When I use the same code with dynamically linked openSSL
library with external GOST engine library everything works
fine. So what is the difference between static and dynamic
version? The only idea that I have at this time that my
library initialization sequence is wrong.
>
>I checked symbols in the compiled libcrypto.a library.
>
>nm ./libcrypto.a | grep gost
>
>This command gave me output with many GOST function which
were included to libcrypto.a library. So I think that
library was compiled properly and all GOST engine functions
were included in the static library.
>
>"Unsupported algorithm" error message means that GOST
functions was not initialized properly. The question is: how
properly initialize engines with statically linked openSSL?
>
>
>Is it possible to use engines and statically linked openssl
library in general?
>
>
>Best Regards
>Xidex
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List openssl-users@openssl.org
>Automated List Manager majord...@openssl.org
>
>
>
