Hi Aleksey,
Aleksey Samsonov wrote:
> Hello,
>
> Jan Just Keijser wrote:
>> in opensc-0.11.13/src/pkcs11/openssl.c there's section
>>
>> 106 void
>> 107 sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *card)
>> 108 {
>> 109 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
>> 110 /* FIXME: see openssl-1.0.0-beta3/engines/ccgost/README.gost */
>> 111 OPENSSL_config(NULL);
>> 112 #endif
>
> It needs for loading and using engine with GOST algorithms.
>
>
so the GOST algorithm engine *requires* that an openssl config is loaded
? that does not scale very well: any application can run
OPENSSL_config
or
CONF_modules_load
at any stage. The problem is that you can load and register an engine
only once.
>> I commented out the OPENSSL_config(NULL) and now it works ...
>>
>> should this added as a patch? the FIXME seems to be to *remove* the
>> explicit call to OPENSSL_config; I can confirm that this works for
>> both openssl-1.0.0-beta4 and the official openssl-1.0.0 release
>
>
> The FIXME means that call OPENSSL_config(NULL) may have problems and
> needs more cleanup solution for loading GOST algorithms' implementation.
>
so either GOST algorithms work or openssl+opensc-pkcs11 works ? To me
that choice is simple : I'll comment out the OPENSSL_config part until
the GOST driver behaves.
Do you have information why the GOST driver needs this openssl config?
what needs to be loaded? Are there other ways to load the same
information? Is it a particular section of an openssl.cnf file that
needs to be loaded? what if the openssl.cnf file does not contain that
section?
cheers,
JJK
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
