On Wed, Jan 30, 2019 at 07:34:57AM -0500, Mimi Zohar wrote:
> On Sun, 2019-01-27 at 05:39 +0300, Vitaly Chikunov wrote:
> > Because of call to OPENSSL_add_all_algorithms_conf() calling
> > OpenSSL_add_all_algorithms() is not needed. There was not be any
> > problems though because double initialization is permitted.
> > ---
> > src/libimaevm.c | 1 -
> > 1 file changed, 1 deletion(-)
> >
> > diff --git a/src/libimaevm.c b/src/libimaevm.c
> > index 7501303..b038d0c 100644
> > --- a/src/libimaevm.c
> > +++ b/src/libimaevm.c
> > @@ -995,7 +995,6 @@ int sign_hash(const char *hashalgo, const unsigned char *hash, int size, const c
> >
> > static void libinit()
> > {
> > - OpenSSL_add_all_algorithms();
> > OPENSSL_add_all_algorithms_conf();
> > ERR_load_crypto_strings();
> > }
>
> The only difference between the two calls seems to be reading the
> system openssl.cnf file. In the original call that is dependent on
> OPENSSL_LOAD_CONF being defined. Calling
> OPENSSL_add_all_algorithms_conf(), forces reading the system
> openssl.cnf.
Yes. OPENSSL_LOAD_CONF is per application define, which is by default
undefined. And instead of defining it, we could just call
OPENSSL_add_all_algorithms_conf(), which is required for GOST support.
Otherwise enabling Streebog via OPENSSL_CONF will not work.
Thanks,
>
> Mimi
