Re: OpenSSL and GOST engine issue (statically linked library )

Wed, 13 Jun 2012 22:30:57 -0700 

Hi.

I think you should add
OpenSSL_add_all_algorithms();
in your initialization part.

Best regards,

Andrey Koltsov
software developer

13.06.2012 17:21, Abyss Lingvo написал:

Hi all !

This is my first mail to openssl mailing list.

I have a problem with statically linked openSSL library and GOST crypto engine. 
 Openssl 1.0.0g

I have simple client/server application using GOST keys and certificates. It 
works fine with GOST keys but only if I use dynamically linked version of 
openSSL library. If I try to use statically linked openSSL I got an error 
message.

This is how I initialized openSSL library:

OPENSSL_config("correct config file path");
SSL_library_init();
SSL_load_error_strings();

When I try to read certificate file I got an error.

SSL_CTX_use_certificate_chain_file(ctx, CERTFILE)

Return value here is not 1. So this is an error.

The human readable error message is:

3084809868:error:0609E09C:digital envelope routines:PKEY_SET_TYPE:unsupported 
algorithm:p_lib.c:239: 3084809868:error:0B07706F:x509 certificate 
routines:X509_PUBKEY_get:unsupported algorithm:x_pubkey.c:155: 
3084809868:error:140BF10C:SSL routines:SSL_SET_CERT:x509 lib:ssl_rsa.c:402:

When I use the same code with dynamically linked openSSL library with external 
GOST engine library everything works fine. So what is the difference between 
static and dynamic version? The only idea that I have at this time that my 
library initialization sequence is wrong.

I checked symbols in the compiled libcrypto.a library.

nm ./libcrypto.a | grep gost

This command gave me output with many GOST function which were included to 
libcrypto.a library. So I think that library was compiled properly and all GOST 
engine functions were included in the static library.

"Unsupported algorithm" error message means that GOST functions was not 
initialized properly. The question is: how properly initialize engines with statically 
linked openSSL?

Is it possible to use engines and statically linked openssl library in general?

Best Regards
Xidex


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to