[openssl-dev] [openssl.org #3322] [PATCH] ccgost to use configured params for 28147-89 in CNT and IMIT mode
GOST is now a separately-maintained engine. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl.org #3322] [PATCH] ccgost to use configured params for 28147-89 in CNT and IMIT mode
Hello Andrey, Thank you for your work, but I do not see the patch :-( I should say that in practice the CNT mode is used in TLS where usage of the Gost28147_CryptoProParamSetA is required. On Mon, Apr 21, 2014 at 7:40 PM, Andrey Kulikov via RT r...@openssl.orgwrote: Currently ccgost engine use configured params (s-boxes) when it works in CFB mode only. For CNT and IMITO parameters are hardcoded to Gost28147_CryptoProParamSetA Supplied patch allow ccgost engine to really use parameters, specified either in config file, or via engine API. When nothing is configured, parameters selection fails back to default - i.e. Gost28147_CryptoProParamSetA. So regression behavior persists. *WARNING: *Some interoperability issues possible, with SSL for example (uses 28147-CNT by default), if some previously configured parameters start to be used, while previously they where ignored. Patch created using this command: \diff -rupN openssl-1.0.1g/engines/ccgost/ openssl-1.0.1g-debug/engines/ccgost/ ccgost_CNT_use_params.patch To apply patch use following command in current OpenSSL root dev. directory: patch -p1 -l -u -b -i ccgost_CNT_use_params.patch Patch created against 1.0.1g. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org -- SY, Dmitry Belyavsky
Re: [openssl.org #3322] [PATCH] ccgost to use configured params for 28147-89 in CNT and IMIT mode
Dmitriy, Thanks for noticing! I do not see it either - correcting myself. :-) You are right - according to http://tools.ietf.org/html/draft-chudov-cryptopro-cptls-04 CryptoProParamSetA is required in GOST TLS. But only for content encryption. Premaster secret encryption could use any other parameters. Also, OpenSSL usage is not limited to TLS only - for some other protocols (IPSec, for instance) other parameters can be used. This patch is for them. On 22 April 2014 12:24, Dmitry Belyavsky beld...@gmail.com wrote: Hello Andrey, Thank you for your work, but I do not see the patch :-( I should say that in practice the CNT mode is used in TLS where usage of the Gost28147_CryptoProParamSetA is required. ccgost_CNT_use_params.patch Description: Binary data
[openssl.org #3322] [PATCH] ccgost to use configured params for 28147-89 in CNT and IMIT mode
Currently ccgost engine use configured params (s-boxes) when it works in CFB mode only. For CNT and IMITO parameters are hardcoded to Gost28147_CryptoProParamSetA Supplied patch allow ccgost engine to really use parameters, specified either in config file, or via engine API. When nothing is configured, parameters selection fails back to default - i.e. Gost28147_CryptoProParamSetA. So regression behavior persists. *WARNING: *Some interoperability issues possible, with SSL for example (uses 28147-CNT by default), if some previously configured parameters start to be used, while previously they where ignored. Patch created using this command: \diff -rupN openssl-1.0.1g/engines/ccgost/ openssl-1.0.1g-debug/engines/ccgost/ ccgost_CNT_use_params.patch To apply patch use following command in current OpenSSL root dev. directory: patch -p1 -l -u -b -i ccgost_CNT_use_params.patch Patch created against 1.0.1g. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org