Hi,
We had a product which generate RSA/MD5 certificate.
Now I'm working on a custom openssl engine.
The goal is to generate X509 certificate with some new signature/digest
algorithms.
With engine, we do not need to re-code too much.
Now we can generate and sign certificate, but X509_verify() failed.
The error is :
X509_verify() fail
33436:error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown
message digest
algorithm:d:\work\newalg\openssl-1.0.1c\crypto\asn1\a_verify.c:174:
a_verify.c:
----------------------------------------------------------
const EVP_MD *type;
type=EVP_get_digestbynid(mdnid);
if (type == NULL)
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
goto err;
}
-------------------------------------------------------------
I wrote a small test :
===================================
EVP_MD *md1,*md2;
OpenSSL_add_all_algorithms();
ENGINE_load_openssl();
ENGINE_load_newalg();
e = ENGINE_by_id("newalg");
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
printf("can't use that engine\n");
ENGINE_free(e);
return ;
}
md1 = ENGINE_get_digest(e, NID_MyDigestAlgor);
md2 = EVP_get_digestbynid(NID_MyDigestAlgor);
===================================
The result is : md1 is not NULL , and md2 is NULL.
I think X509_verify() is calling EVP_get_digestbynid() to get digest
algorithm, but if it doesn't find digest algorithm in engine algorithm
list, how can I use X509_verify() ?
Thank you for your hint.
