On 2014-04-14 at 21:52:46, Dmitry Olshansky via RT <[email protected]> wrote: > It's been a bit over 2 years since the new Russian cryptography standard > is out. > RFCs 6986 and 7091 been out there for a while[1,2]. Other toolkits are > adding support, e.g. Libgcrypt introduced GOST 34.11-2012 in 1.6.0 [3]. > > Keeping in mind that OpenSSL provides GOST reference engine it seems > natural to revise it in the light of the new standard. > > To summarize the full set of changes for the new standard: > - New hash function GOST R 34.11-2012 (Stribog) takes place of GOST > R 34.11-94. After 2018 usage of 34.11-94 is basically prohibited. > > - Digital signature algorithm GOST 34.10-2001 is extended to > support both 256bit and 512bit keys. The hash function to use is GOST R > 34.11-2012. 256bit version is exactly the same modulo the hashing. > > - 2 new parameter sets (curves) for 512bit GOST 34.10-2012 are > listed as recommended. Older ones stay as is for 256-bit version. > > - Symmetric cipher stays the same, one new S-box set was defined. > > - Key Exchange (VKO) is the same algorithm but with different hash > function (HMAC of GOST 34.11-2012). > > This patch adds support for hash algorithm GOST R 34.11-2012 _only_ . > The source code was initially tested on x86, PowerPC and ARMv4. > New digests have short names "md_gost12_256" and "md_gost12_512" > respectively.
Hi. Thank you for working on this. At first glance the patch looks fine for me. > See attached patch or browse it on github: > https://github.com/openssl/openssl/pull/68 > > Next steps towards full support are far less involved and consist mostly > of minor changes such as adding paramsets and/or removing artificial > limitations. > > 1. GOST R 34.11-2012: Hash Function http://tools.ietf.org/html/rfc6986 > 2. GOST R 34.10-2012: Digital Signature Algorithm > http://tools.ietf.org/html/rfc7091 > 3. http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000336.html
signature.asc
Description: This is a digitally signed message part.
