Centos7 編譯安裝 Openssl 1.1.1 支持國密
阿新 • • 發佈:2019-04-18
supported engine 定義 openssl .tar.gz root nss pla ont OpenSSL項目新版本增加了中國SM2/SM3/SM4算法的支持:
《GB/T 32905-2016 SM3密碼雜湊算法》(原GM/T 0004-2012)
SM2橢圓曲線: https://github.com/openssl/openssl/pull/4793
SM3哈希摘要: https://github.com/openssl/openssl/pull/4616
SM4對稱加密: https://github.com/openssl/openssl/pull/4552
參考: 中國×××制定的商業密碼算法標準
《GM/T 0006-2012 密碼應用標識規範》定義國密算法OID標識
《GB/T 32907-2016 SM4分組密碼算法》(原GM/T 0002-2012)
《GB/T 329??-2016 SM2橢圓曲線公鑰密碼算法》(原GM/T 0003-2012)
在Centos7.6下編譯安裝openssl 1.1.1b
- 官網 https://www.openssl.org/source/ 下載 openssl-1.1.1b.tar.gz
- Centos7.6 安裝編譯環境
[[email protected] ~]# yum groupinstall "Development Tools"
- 解壓縮 開始編譯
[[email protected] shm]# tar xf openssl-1.1.1b.tar.gz [[email protected] shm]# cd openssl-1.1.1b/ [[email protected] openssl-1.1.1b]# less INSTALL on Unix (again, this includes Mac OS/X): $ ./config $ make $ make test $ make install On Unix: $ ./config --prefix=/opt/openssl --openssldir=/usr/local/ssl [[email protected] openssl-1.1.1b]# ./config --prefix=/usr/local/openssl --openssldir=/usr/local/ssl [[email protected] openssl-1.1.1b]# make -j 2 [[email protected] openssl-1.1.1b]# make install
- 導出庫文件
[[email protected] lib]# echo /usr/local/openssl/lib >> /etc/ld.so.conf.d/openssl.conf [[email protected] lib]# ldconfig # "檢測版本信息" [[email protected] bin]# /usr/local/openssl/bin/openssl version -a OpenSSL 1.1.1b 26 Feb 2019 built on: Thu Apr 18 02:07:26 2019 UTC platform: linux-x86_64 options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG OPENSSLDIR: "/usr/local/ssl" ENGINESDIR: "/usr/local/openssl/lib/engines-1.1" Seeding source: os-specific # 導出openssl/bin 到PATH 變量 [[email protected] shm]# echo ‘PATH=/usr/local/openssl/bin:$PATH‘ >> /etc/profile.d/env.sh [[email protected] shm]# source /etc/profile.d/env.sh [[email protected] shm]# openssl version OpenSSL 1.1.1b 26 Feb 2019 # 測試sm3 哈希算法 [[email protected] ~]$ openssl dgst -sm3 - /etc/fstab SM3(/etc/fstab)= cb8e0dcf3dcb9754664db539bf28f75ea7218f3e48ca97f2d470a911e563834b [[email protected] ~]# openssl enc -ciphers Supported ciphers: -seed-ecb -seed-ofb -sm4 -sm4-cbc -sm4-cfb -sm4-ctr -sm4-ecb -sm4-ofb # 測試sm4 加解密 [[email protected] shm]# openssl enc -sm4 -pbkdf2 -in fstab -out fstab.sm4 enter sm4-cbc encryption password: Verifying - enter sm4-cbc encryption password: [[email protected] shm]# file fstab.sm4 fstab.sm4: data [[email protected] shm]# openssl enc -sm4 -pbkdf2 -d -in fstab.sm4 -out fstab2 enter sm4-cbc decryption password: [[email protected] shm]# md5sum fstab fstab2 5bc5d1fe5dc1ed936fab3aabbde66d2a fstab 5bc5d1fe5dc1ed936fab3aabbde66d2a fstab2
Centos7 編譯安裝 Openssl 1.1.1 支持國密