I'm trying to install SoftHSM as shown here, which requires OpenSSL. So I installed OpenSSL v1.0.2j, but it seems it doesn't have bundled GOST support, or at least I couldn't find libgost.so
in /usr/lib/openssl/engines
; so I took it from an older version of OpenSSL that I found (v1.0.0k-2.1.x86_64) and placed it in that folder.
Then, as suggested in multiple forums, I modified the file openssl.cnf (in /usr/local/ssl
).
In the line after RANDFIL = $ENV::HOME/.rnd
I added:
openssl_conf=openssl_def
And at the end of the file:
# OpenSSL default section
[openssl_def]
engines = engine_section
# Engine section
[engine_section]
gost = gost_section
# Engine gost section
[gost_section]
engine_id = gost
dynamic_path = /usr/lib/openssl/engines/libgost.so
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
But still in the configure phase of SoftHSM installation it shows this error:
checking for OpenSSL GOST support... Cannot GOST engine
configure: error: OpenSSL library has no GOST support
Any help would be highly appreciated!
If I run this command: openssl ciphers|tr ':' '\n'|grep GOST
, the output is: Error configuring OpenSSL