From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cas@altlinux.org>
To: sisyphus@lists.altlinux.org
References: <7e4f91e6-f5c1-eac7-0c18-3a48262b202f@gmail.com>
From: Andrey Cherepanov <cas@altlinux.org>
Message-ID: <f252a9f8-d834-25dc-f6d0-c301f095cb57@altlinux.org>
Date: Thu, 19 May 2016 14:49:45 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.0
MIME-Version: 1.0
In-Reply-To: <7e4f91e6-f5c1-eac7-0c18-3a48262b202f@gmail.com>
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit
Subject: Re: [sisyphus] openssl & GOST
X-BeenThere: sisyphus@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Sisyphus discussions <sisyphus@lists.altlinux.org>
List-Id: ALT Linux Sisyphus discussions <sisyphus.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/sisyphus>,
 <mailto:sisyphus-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sisyphus>
List-Post: <mailto:sisyphus@lists.altlinux.org>
List-Help: <mailto:sisyphus-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus>,
 <mailto:sisyphus-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2016 11:49:46 -0000
Archived-At: <http://lore.altlinux.org/sisyphus/f252a9f8-d834-25dc-f6d0-c301f095cb57@altlinux.org/>
List-Archive: <http://lore.altlinux.org/sisyphus/>
List-Post: <mailto:sisyphus@altlinux.ru>

19.05.2016 14:02, Вадим Илларионов пишет:
> На свежеустановленной системе:
> 
> # openssl smime -sign -in req.xml -out req.sig -binary -signer req.pem
> -outform DER
> unable to load signing key file
> 139673537910680:error:0609E09C:digital envelope
> routines:PKEY_SET_TYPE:unsupported algorithm:p_lib.c:231:
> 139673537910680:error:0606F076:digital envelope
> routines:EVP_PKCS82PKEY:unsupported private key
> algorithm:evp_pkey.c:84:TYPE=GOST R 34.10-2001
> 139673537910680:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1
> lib:pem_pkey.c:141:
> 
> Установлено:
> 
> # rpm -qa | grep ssl | sort
> alterator-sslkey-0.2.3-alt1
> libssl10-1.0.2h-alt1
> openssl-1.0.2h-alt1
> openssl-engines-1.0.2h-alt1
> 
> Добавлял в /etc/openssl/openssl.cnf строчки:
> 
> [openssl_def]
> engines = engine_section
> 
> [engine_section]
> gost = gost_section
> 
> [gost_section]
> engine_id = gost
> default_algorithms = ALL
> CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
> 
> Не помогает.
> 
> На более старой системе с ssl версии 1.0.1k всё работает.
https://www.altlinux.org/ГОСТ_в_OpenSSL

[root@cas ~]# openssl ciphers|tr ':' '\n'|grep GOST
GOST2001-GOST89-GOST89
GOST94-GOST89-GOST89
[root@cas ~]# rpm -q libssl10
libssl10-1.0.2h-alt1
[

-- 
Andrey Cherepanov
cas@altlinux.org