Openssl и libgost.so

Openssl согласно ГОСТ
Оригинал - http://www.cryptocom.ru/products/openssl-1-config-en.html
Цитата:
---------------------------
MAGPRO DNS. INSTALLATION AND CONFIGURING OpenSSL 1.0.0

Already installed
If you installed OpenSSL 1.0.0 from packages, be sure it compiled with the options:
shared, zlib, enable-rfc3779
Option shared is necessary!
If the libgost.so library presents in $PREFIX/lib/engines it should work.

Installation from FreeBSD ports
On FreeBSD you may install OpenSSL 1.0.0 from port collection.

$ cd /usr/ports/security/openssl
$ make config
Choose the options shared, zlib, enable-rfc3779.
$ make
$ sudo make install

Installation from sources
For most linux-based OS you'll have to install OpenSSL 1.0.0 from sources.
You'll need zlib devel files for compiling.
On Debian lenny you can install these files from zlib1g-dev package:

$ sudo apt-get install zlib1g-dev

This is way of compiling and installing OpenSSL 1.0.0 from sources:
$ wget http://www.openssl.org/source/openssl-1.0.0a.tar.gz
$ tar xzf openssl-1.0.0a.tar.gz
$ cd openssl-1.0.0a
$ ./config shared zlib enable-rfc3779 --prefix=/usr/local
$ make depend
$ make
$ sudo make install

After that OpenSSL binaries will be placed at /usr/local.
Config file will be placed at /usr/local/openssl or /usr/local/ssl (it depends from your OS)

Configuration
For correct using of GOST cryptoalgorithms next strings should be added in openssl.cnf:
before the first section (begin of section marks by brackets: []):

openssl_conf = openssl_def
By default openssl.cnf doesn't contain it.
At the end of openssl.cnf add sections:
[openssl_def]
engines = engine_section

[engine_section]
gost = gost_section

[gost_section]
engine_id = gost
default_algorithms = ALL
dynamic_path = /usr/local/lib/engines/libgost.so  //or your $PREFIX/lib/engines/libgost.so
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet

---------------------------------------------------------------
Дополнительно надо создать символьную ссылку /usr/lib/enjines/libgost.so на /usr/local/lib/engines/libgost.so, иначе sshd выдает ошибку при запуске.

Полезные ссылки
source of openssl-1.0.1i/engines/ccgost/README.gost
http://rodji.net/blog/2013/12/27/openssl-%D0%BF%D0%BE-%D0%B3%D0%BE%D1%81...
http://www.cryptocom.ru/products/openssl-1-config-en.html
http://www.cryptocom.ru/opensource/
ГОСТ 28147-89 ГОСТ Р 34.10-2012 ГОСТ Р 34.11-2012