X-Git-Url: http://www.wagner.pp.ru/gitweb/?p=openssl-gost%2Fengine.git;a=blobdiff_plain;f=INSTALL.md;h=b1be27bd0b46a328c65b81a060f8948af7db0616;hp=007d9e19d49be27dd3c8a9e1a4985535b0c72aaf;hb=HEAD;hpb=daa809969846b2bbd0675623545488765dea2fe0 diff --git a/INSTALL.md b/INSTALL.md index 007d9e1..b1be27b 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -6,54 +6,67 @@ How to Build To build and install OpenSSL GOST Engine, you will need -* OpenSSL 1.1.* +* OpenSSL 3.0 development version * an ANSI C compiler -* CMake (2.8 or newer) +* CMake (3.0 or newer, 3.18 recommended) Here is a quick build guide: + $ git clone https://github.com/gost-engine/engine + $ cd engine + $ git submodule update --init $ mkdir build $ cd build - $ cmake .. - $ make + $ cmake -DCMAKE_BUILD_TYPE=Release .. + $ cmake --build . --config Release +Instead of `Release` you can use `Debug`, `RelWithDebInfo` or `MinSizeRel` configuration. +See [cmake docs](https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html) for details. You will find built binaries in `../bin` directory. -If you want to build against a specific OpenSSL instance (you will need it -if you have more than one OpenSSL instance for example), you can use -the `cmake` variable `CMAKE_C_FLAGS` to specify path to include files and -shared libraries of the desirable OpenSSL instance +If you want to build against a specific OpenSSL instance (you will need it if +you have more than one OpenSSL instance for example), you can use the `cmake` +variable `OPENSSL_ROOT_DIR` to specify absolute path of the desirable OpenSSL +instance: - $ cmake -DCMAKE_C_FLAGS='-I/PATH/TO/OPENSSL/include -L/PATH/TO/OPENSSL/lib' .. + $ cmake -DOPENSSL_ROOT_DIR=/PATH/TO/OPENSSL/ .. + +Building against OpenSSL 3.0 requires openssl detection module +(FindOpenSSL.cmake) from CMake 3.18 or higher. More earlier versions may have +problems with it. + +If you use Visual Studio, you can also set `CMAKE_INSTALL_PREFIX` variable +to set install path, like this: + + > cmake -G "Visual Studio 15 Win64" -DCMAKE_PREFIX_PATH=c:\OpenSSL\vc-win64a\ -DCMAKE_INSTALL_PREFIX=c:\OpenSSL\vc-win64a\ .. + +Also instead of `cmake --build` tool you can just open `gost-engine.sln` +in Visual Studio, select configuration and call `Build Solution` manually. + +Instructions how to build OpenSSL 1.1.0 with Microsoft Visual Studio +you can find [there](https://gist.github.com/terrillmoore/995421ea6171a9aa50552f6aa4be0998). How to Install -------------- -For now OpenSSL GOST Engine does not have an installation script, so you have to -do it manually. - -Copy `gostsum` and `gost12sum` binaries to your binary directory. For example -`/usr/local/bin`: +To install GOST Engine you can call: - # cd ../bin - # cp gostsum gost12sum /usr/local/bin + # cmake --build . --target install --config Release -Then, if you like to install man files properly, you can do it as follows: +or old plain and Unix only: - # cd .. - # mkdir -p /usr/local/man/man1 - # cp gost12sum.1 gostsum.1 /usr/local/man/man1 + # make install The engine library `gost.so` should be installed into OpenSSL engine directory. -Use the following command to get its name: + +To ensure that it is installed propery call: $ openssl version -e ENGINESDIR: "/usr/lib/i386-linux-gnu/engines-1.1" -Then simply copy `gost.so` there - - # cp bin/gost.so /usr/lib/i386-linux-gnu/engines-1.1 +Then check that `gost.so` there + # ls /usr/lib/i386-linux-gnu/engines-1.1 Finally, to start using GOST Engine through OpenSSL, you should edit `openssl.cnf` configuration file as specified below. @@ -90,13 +103,12 @@ And section which describes configuration of the engine should contain engine_id = gost dynamic_path = /usr/lib/ssl/engines/libgost.so default_algorithms = ALL - CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet -BouncyCastle cryptoprovider has some problems with private key parsing from -PrivateKeyInfo, so if you want to use old private key representation format, -which supported by BC, you must add: +Various cryptoproviders (e.g. BouncyCastle) has some problems with private key +parsing from PrivateKeyInfo, so if you want to use old private key +representation format, which supported by BC, you will have to add: - PK_PARAMS = LEGACY_PK_WRAP + GOST_PK_FORMAT = LEGACY_PK_WRAP to `[gost_section]`. @@ -113,10 +125,11 @@ The `CRYPT_PARAMS` parameter is engine-specific. It allows the user to choose between different parameter sets of symmetric cipher algorithm. [RFC 4357][1] specifies several parameters for the GOST 28147-89 algorithm, but OpenSSL doesn't provide user interface to choose one when encrypting. So use engine -configuration parameter instead. +configuration parameter instead. It SHOULD NOT be used nowadays because all +the parameters except the default one are deprecated now. Value of this parameter can be either short name, defined in OpenSSL `obj_dat.h` header file or numeric representation of OID, defined in [RFC 4357][1]. -[1]:https://tools.ietf.org/html/rfc4357 "RFC 4357" \ No newline at end of file +[1]:https://tools.ietf.org/html/rfc4357 "RFC 4357"