Date: Mon, 11 Jul 2016 14:02:28 -0400 From: Jung-uk Kim <jkim@FreeBSD.org> To: Slawa Olhovchenkov <slw@zxy.spb.ru>, FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: GOST in OPENSSL_BASE Message-ID: <3b266620-75aa-4935-28b3-0f29484f3876@FreeBSD.org> In-Reply-To: <20160710133019.GD20831@zxy.spb.ru> References: <20160710133019.GD20831@zxy.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --O54dH76gA4SANvDfdEQhvvgB2eBO0Pio6 Content-Type: multipart/mixed; boundary="PK2LLS3ALCEeJKGduwpuNTgMGMe7taV51" From: Jung-uk Kim <jkim@FreeBSD.org> To: Slawa Olhovchenkov <slw@zxy.spb.ru>, FreeBSD Current <freebsd-current@freebsd.org> Message-ID: <3b266620-75aa-4935-28b3-0f29484f3876@FreeBSD.org> Subject: Re: GOST in OPENSSL_BASE References: <20160710133019.GD20831@zxy.spb.ru> In-Reply-To: <20160710133019.GD20831@zxy.spb.ru> --PK2LLS3ALCEeJKGduwpuNTgMGMe7taV51 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 07/10/16 09:30 AM, Slawa Olhovchenkov wrote: > I am surprised lack of support GOST in openssl-base. > Can be this enabled before 11.0 released? It works for me, I think. The following change was all I need to enable the engine: --- /etc/ssl/openssl.cnf.orig +++ /etc/ssl/openssl.cnf @@ -13,6 +13,21 @@ #oid_file =3D $ENV::HOME/.oid oid_section =3D new_oids +# GOST +openssl_conf =3D openssl_def + +[openssl_def] +engines =3D engine_section + +[engine_section] +gost =3D gost_section + +[gost_section] +engine_id =3D gost +dynamic_path =3D /usr/lib/engines/libgost.so +default_algorithms =3D ALL +CRYPT_PARAMS =3D id-Gost28147-89-CryptoPro-A-ParamSet + # To use this configuration file with the "-extfile" option of the # "openssl x509" utility, name here the section containing the # X.509v3 extensions to use: Please see the README file for more info: https://svnweb.freebsd.org/base/head/crypto/openssl/engines/ccgost/README= =2Egost?revision=3D238405&view=3Dco Jung-uk Kim --PK2LLS3ALCEeJKGduwpuNTgMGMe7taV51-- --O54dH76gA4SANvDfdEQhvvgB2eBO0Pio6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXg986AAoJEHyflib82/FG/JoH/RKcqV+g9umlip1SEtj+z00d QUvW5JRRDYu6IS+OqKCeALyfIo/1K2c9GQp9+7QCRVJUQE4eEh+6JmKD8t67HQee xtNTwLmsuQQZCVfnLqtzjw8NOZmyb53sYSrt7vIgkZk9nv2by0prOFM0ZDOhT1DI Zh8REgYQOHxM++fsTsq7H2ahMey/71ZGxqlgw7NAvYpe3jtAksvcOFfGg93O24D9 jVvcWzXir2a81AAldxNnuLBvVYVbVaA5RcJ5dvLY+7NegMxL+Tnaqztzd1IJr0K8 6wqN6tF/ilFnrjTihfvqam89//nmfP2QEatyEdnHu+5SywbMtNjRgoy9i6KMtw0= =RVV+ -----END PGP SIGNATURE----- --O54dH76gA4SANvDfdEQhvvgB2eBO0Pio6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3b266620-75aa-4935-28b3-0f29484f3876>