On Wed, 2019-01-30 at 16:25 +0300, Vitaly Chikunov wrote:
> On Wed, Jan 30, 2019 at 07:34:57AM -0500, Mimi Zohar wrote:
> > On Sun, 2019-01-27 at 05:39 +0300, Vitaly Chikunov wrote:
> > > Because of call to OPENSSL_add_all_algorithms_conf() calling
> > > OpenSSL_add_all_algorithms() is not needed. There was not be any
> > > problems though because double initialization is permitted.
> > > ---
> > > src/libimaevm.c | 1 -
> > > 1 file changed, 1 deletion(-)
> > >
> > > diff --git a/src/libimaevm.c b/src/libimaevm.c
> > > index 7501303..b038d0c 100644
> > > --- a/src/libimaevm.c
> > > +++ b/src/libimaevm.c
> > > @@ -995,7 +995,6 @@ int sign_hash(const char *hashalgo, const
> > > unsigned char *hash, int size, const c
> > >
> > > static void libinit()
> > > {
> > > - OpenSSL_add_all_algorithms();
> > > OPENSSL_add_all_algorithms_conf();
> > > ERR_load_crypto_strings();
> > > }
> >
> > The only difference between the two calls seems to be reading the
> > system openssl.cnf file. In the original call that is dependent on
> > OPENSSL_LOAD_CONF being defined. Calling
> > OPENSSL_add_all_algorithms_conf(), forces reading the system
> > openssl.cnf.
>
> Yes. OPENSSL_LOAD_CONF is per application define, which is by default
> undefined. And instead of defining it, we could just call
> OPENSSL_add_all_algorithms_conf(), which is required for GOST
> support.
> Otherwise enabling Streebog via OPENSSL_CONF will not work.
It will if you call
ENGINE_set_default(e, ENGINE_METHOD_ALL);
after ENGINE_init
That's all the conf file is covering up for.
James
