X-Git-Url: http://www.wagner.pp.ru/gitweb/?p=openssl-gost%2Fengine.git;a=blobdiff_plain;f=INSTALL.md;h=b1be27bd0b46a328c65b81a060f8948af7db0616;hp=8e36721945842cf81f6aa13b1a7e4adbe48eebcb;hb=HEAD;hpb=3feabe343608ffbcb8afc887e3931796dd7f5b46 diff --git a/INSTALL.md b/INSTALL.md index 8e36721..b1be27b 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -6,12 +6,15 @@ How to Build To build and install OpenSSL GOST Engine, you will need -* OpenSSL 1.1.1 +* OpenSSL 3.0 development version * an ANSI C compiler -* CMake (3.0 or newer) +* CMake (3.0 or newer, 3.18 recommended) Here is a quick build guide: + $ git clone https://github.com/gost-engine/engine + $ cd engine + $ git submodule update --init $ mkdir build $ cd build $ cmake -DCMAKE_BUILD_TYPE=Release .. @@ -21,13 +24,17 @@ Instead of `Release` you can use `Debug`, `RelWithDebInfo` or `MinSizeRel` confi See [cmake docs](https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html) for details. You will find built binaries in `../bin` directory. -If you want to build against a specific OpenSSL instance (you will need it -if you have more than one OpenSSL instance for example), you can use -the `cmake` variable `OPENSSL_ROOT_DIR` to specify path of the desirable -OpenSSL instance: +If you want to build against a specific OpenSSL instance (you will need it if +you have more than one OpenSSL instance for example), you can use the `cmake` +variable `OPENSSL_ROOT_DIR` to specify absolute path of the desirable OpenSSL +instance: $ cmake -DOPENSSL_ROOT_DIR=/PATH/TO/OPENSSL/ .. +Building against OpenSSL 3.0 requires openssl detection module +(FindOpenSSL.cmake) from CMake 3.18 or higher. More earlier versions may have +problems with it. + If you use Visual Studio, you can also set `CMAKE_INSTALL_PREFIX` variable to set install path, like this: @@ -96,11 +103,10 @@ And section which describes configuration of the engine should contain engine_id = gost dynamic_path = /usr/lib/ssl/engines/libgost.so default_algorithms = ALL - CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet -BouncyCastle cryptoprovider has some problems with private key parsing from -PrivateKeyInfo, so if you want to use old private key representation format, -which supported by BC, you must add: +Various cryptoproviders (e.g. BouncyCastle) has some problems with private key +parsing from PrivateKeyInfo, so if you want to use old private key +representation format, which supported by BC, you will have to add: GOST_PK_FORMAT = LEGACY_PK_WRAP @@ -119,7 +125,8 @@ The `CRYPT_PARAMS` parameter is engine-specific. It allows the user to choose between different parameter sets of symmetric cipher algorithm. [RFC 4357][1] specifies several parameters for the GOST 28147-89 algorithm, but OpenSSL doesn't provide user interface to choose one when encrypting. So use engine -configuration parameter instead. +configuration parameter instead. It SHOULD NOT be used nowadays because all +the parameters except the default one are deprecated now. Value of this parameter can be either short name, defined in OpenSSL `obj_dat.h` header file or numeric representation of OID, defined in