Hi! I'm trying to enable GOST ciphers in openssl-1.0.0e and so far I failed. What I've done so far:
1. built openssl with "./config shared zlib enable-rfc3779 --prefix=/tmp/gost-ssl-new" 2. updated config file as described in README.gost. I've straced openssl run and I'm sure it reads my configuration file (attached to this mail) and I'm sure there is /tmp/gost-ssl-new/lib/engines/libgost.so. But nevertheless openssl does not open this binary (conclusions from strace) and no GOST ciphers available. I've tried to do exactly same steps installing openssl system wide (prefix=/usr) but still no luck. Could you help me to understand what am I doing wrong? Is there any way to debug what openssl loads from configuration file and how it parses that? Thank you in advance for any pointers, -- Peter.
HOME = . RANDFILE = $ENV::HOME/.rnd engines = engine_section [engine_section] gost = gost_section [gost_section] engine_id = gost dynamic_path = /tmp/gost-ssl-new/lib/engines/libgost.so default_algorithms = ALL CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
tablet gost-ssl-new # strace -e open ./bin/openssl ciphers open("/tmp/gost-ssl-new/lib/tls/x86_64/libssl.so.1.0.0", O_RDONLY) = -1 ENOENT (No such file or directory) open("/tmp/gost-ssl-new/lib/tls/libssl.so.1.0.0", O_RDONLY) = -1 ENOENT (No such file or directory) open("/tmp/gost-ssl-new/lib/x86_64/libssl.so.1.0.0", O_RDONLY) = -1 ENOENT (No such file or directory) open("/tmp/gost-ssl-new/lib/libssl.so.1.0.0", O_RDONLY) = 3 open("/tmp/gost-ssl-new/lib/libcrypto.so.1.0.0", O_RDONLY) = 3 open("/tmp/gost-ssl-new/lib/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 open("/lib64/libdl.so.2", O_RDONLY) = 3 open("/tmp/gost-ssl-new/lib/libz.so.1", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib64/libz.so.1", O_RDONLY) = 3 open("/tmp/gost-ssl-new/lib/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib64/libc.so.6", O_RDONLY) = 3 open("/tmp/gost-ssl-new/ssl/openssl.cnf", O_RDONLY) = 3 open("/proc/meminfo", O_RDONLY) = 3 open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 3 ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5