Hi! I'm trying to enable GOST ciphers in openssl-1.0.0e and so far I
failed. What I've done so far:
1. built openssl with "./config shared zlib enable-rfc3779
--prefix=/tmp/gost-ssl-new"
2. updated config file as described in README.gost.
I've straced openssl run and I'm sure it reads my configuration file
(attached to this mail) and I'm sure there
is /tmp/gost-ssl-new/lib/engines/libgost.so. But nevertheless openssl
does not open this binary (conclusions from strace) and no GOST ciphers
available. I've tried to do exactly same steps installing openssl system
wide (prefix=/usr) but still no luck. Could you help me to understand
what am I doing wrong? Is there any way to debug what openssl loads from
configuration file and how it parses that?
Thank you in advance for any pointers,
--
Peter.
HOME = .
RANDFILE = $ENV::HOME/.rnd
engines = engine_section
[engine_section]
gost = gost_section
[gost_section]
engine_id = gost
dynamic_path = /tmp/gost-ssl-new/lib/engines/libgost.so
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
tablet gost-ssl-new # strace -e open ./bin/openssl ciphers
open("/tmp/gost-ssl-new/lib/tls/x86_64/libssl.so.1.0.0", O_RDONLY) = -1 ENOENT
(No such file or directory)
open("/tmp/gost-ssl-new/lib/tls/libssl.so.1.0.0", O_RDONLY) = -1 ENOENT (No
such file or directory)
open("/tmp/gost-ssl-new/lib/x86_64/libssl.so.1.0.0", O_RDONLY) = -1 ENOENT (No
such file or directory)
open("/tmp/gost-ssl-new/lib/libssl.so.1.0.0", O_RDONLY) = 3
open("/tmp/gost-ssl-new/lib/libcrypto.so.1.0.0", O_RDONLY) = 3
open("/tmp/gost-ssl-new/lib/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib64/libdl.so.2", O_RDONLY) = 3
open("/tmp/gost-ssl-new/lib/libz.so.1", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib64/libz.so.1", O_RDONLY) = 3
open("/tmp/gost-ssl-new/lib/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib64/libc.so.6", O_RDONLY) = 3
open("/tmp/gost-ssl-new/ssl/openssl.cnf", O_RDONLY) = 3
open("/proc/meminfo", O_RDONLY) = 3
open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 3
ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5
