On Wed, Jan 30, 2019 at 08:41:13AM -0500, Mimi Zohar wrote: > [Cc'ing Bruno, Petr] > > On Wed, 2019-01-30 at 16:25 +0300, Vitaly Chikunov wrote: > > On Wed, Jan 30, 2019 at 07:34:57AM -0500, Mimi Zohar wrote: > > > On Sun, 2019-01-27 at 05:39 +0300, Vitaly Chikunov wrote: > > > > Because of call to OPENSSL_add_all_algorithms_conf() calling > > > > OpenSSL_add_all_algorithms() is not needed. There was not be any > > > > problems though because double initialization is permitted. > > > > --- > > > > src/libimaevm.c | 1 - > > > > 1 file changed, 1 deletion(-) > > > > > > > > diff --git a/src/libimaevm.c b/src/libimaevm.c > > > > index 7501303..b038d0c 100644 > > > > --- a/src/libimaevm.c > > > > +++ b/src/libimaevm.c > > > > @@ -995,7 +995,6 @@ int sign_hash(const char *hashalgo, const unsigned char *hash, int size, const c > > > > > > > > static void libinit() > > > > { > > > > - OpenSSL_add_all_algorithms(); > > > > OPENSSL_add_all_algorithms_conf(); > > > > ERR_load_crypto_strings(); > > > > } > > > > > > The only difference between the two calls seems to be reading the > > > system openssl.cnf file. In the original call that is dependent on > > > OPENSSL_LOAD_CONF being defined. Calling > > > OPENSSL_add_all_algorithms_conf(), forces reading the system > > > openssl.cnf. > > > > Yes. OPENSSL_LOAD_CONF is per application define, which is by default > > undefined. And instead of defining it, we could just call > > OPENSSL_add_all_algorithms_conf(), which is required for GOST support. > > Otherwise enabling Streebog via OPENSSL_CONF will not work. > > I think this is basically a packaging question. Instead of hard > coding this change, it could be an autoconf option (eg. > enable/disable-gost). User already have control to load or not engines by editing or not the config. But, if OpenSSL_add_all_algorithms() is used without defining OPENSSL_LOAD_CONF (default) user will lose such option. I think loading config is quite normal operation which is also default for the openssl binary. > > Bruno, Petr, any preference? > > Thanks, > > Mimi