MAGPRO DNS. INSTALLATION AND CONFIGURING OpenSSL 1.0.0

Already installed

If you installed OpenSSL 1.0.0 from packages, be sure it compiled with the options:
shared, zlib, enable-rfc3779
Option shared is necessary!
If the libgost.so library presents in $PREFIX/lib/engines it should work.

Installation from FreeBSD ports

On FreeBSD you may install OpenSSL 1.0.0 from port collection.

$ cd /usr/ports/security/openssl
$ make config

Choose the options shared, zlib, enable-rfc3779.

$ make
$ sudo make install

Installation from sources

For most linux-based OS you'll have to install OpenSSL 1.0.0 from sources.
You'll need zlib devel files for compiling.
On Debian lenny you can install these files from zlib1g-dev package:

$ sudo apt-get install zlib1g-dev

This is way of compiling and installing OpenSSL 1.0.0 from sources:

$ wget http://www.openssl.org/source/openssl-1.0.0a.tar.gz
$ tar xzf openssl-1.0.0a.tar.gz
$ cd openssl-1.0.0a
$ ./config shared zlib enable-rfc3779 --prefix=/usr/local
$ make depend
$ make
$ sudo make install

After that OpenSSL binaries will be placed at /usr/local.
Config file will be placed at /usr/local/openssl or /usr/local/ssl (it depends from your OS)

Configuration

For correct using of GOST cryptoalgorithms next strings should be added in openssl.cnf:

1. before the first section (begin of section marks by brackets: []):

   openssl_conf = openssl_def

   By default openssl.cnf doesn't contain it.

2. At the end of openssl.cnf add sections:
   

   [openssl_def]
   engines = engine_section
   
   [engine_section]
   gost = gost_section
   
   [gost_section]
   engine_id = gost
   default_algorithms = ALL
   dynamic_path = /usr/local/lib/engines/libgost.so		//or your $PREFIX/lib/engines/libgost.so
   CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet