[PATCH 3/3] pkcs12: add support for GOST PFX files

2020-04-07 Thread Dmitry Baryshkov
Russian standard body has changed the way MAC key is calculated for PKCS12 files. Generate proper keys depending on the digest type used for MAC generation. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/pkcs12/p12_key.c | 18 ++ src/lib

[PATCH 2/3] Populate PBE table with GOST R 34.11-2012 HMAC ids

2020-04-07 Thread Dmitry Baryshkov
Allow using GOST R 34.11-2012 in PBE/PBKDF2/PKCS#5. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/evp/evp_pbe.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c index de08c8d78c52

[PATCH 1/3] Add OIDs for GOST R 34.11-2012 HMAC functions

2020-04-07 Thread Dmitry Baryshkov
Add OIDs for HMAC using Streebog (GOST R 34.11-2012) hash function. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/objects/obj_mac.num | 2 ++ src/lib/libcrypto/objects/objects.txt | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/lib/libcrypto/objects

[PATCH 0/5] gost: add support for magma and kuznyechik ciphers

2020-04-07 Thread Dmitry Baryshkov
Russian standards body has issues a standard GOST R 34.12-2015 defining two block ciphers: magma and kuznyechik. English descriptions of these ciphers are defined in draft-dolmatov-magma (in RFC editor queue) and RFC 7801 respectively. These patches add support for basic constructions using these

[PATCH 4/5] gost: add support for magma cipher

2020-04-07 Thread Dmitry Baryshkov
GOST R 34.12-2015 defines Magma cipher (a variant of GOST 28147-89 with fixed S-BOX and endianness change), see draft-dolmatov-magma. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/Symbols.list | 5 + src/lib/libcrypto/evp/c_all.c | 5

[PATCH 3/5] gost: use key_meshing for specifying section size

2020-04-07 Thread Dmitry Baryshkov
In preparation to adding ACPKM support, switch key_meshing to be a section size rather than just a flag. Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/gost/gost.h | 2 +- src/lib/libcrypto/gost/gost2814789.c | 8 src/lib/libcrypto/gost/gost89_params.c | 2 +- 3 files

[PATCH 2/5] gost: drop key_len from Gost28147_set_key

2020-04-07 Thread Dmitry Baryshkov
There is no point in specifying key length to Gost28147_set_key, everybody just passes 256 (or 32 * 8) no matter what. Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/evp/e_gost2814789.c | 4 +++- src/lib/libcrypto/evp/m_gost2814789.c | 3 ++- src/lib/libcrypto/gost/gost.h

[PATCH 1/5] modes: add functions implementing common code for 64-bit ciphers

2020-04-07 Thread Dmitry Baryshkov
64-bit ciphers are old, but it would be good to use common code for their implementations. Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/modes/cbc64.c | 202 src/lib/libcrypto/modes/cfb64.c | 169 ++ src/lib/libcrypto/modes/ctr64

[PATCH v2] gostr341001: support unwrapped private keys support

2020-04-06 Thread Dmitry Baryshkov
GOST private keys can be wrapped in OCTET STRING, INTEGER or come unwrapped. Support the latter format. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/gost/gost_asn1.c | 52 ++ src/lib/libcrypto/gost/gost_asn1.h | 11 ++ src/lib

Re: [PATCH 1/2] gost: add missing error reporting

2020-04-04 Thread Dmitry Baryshkov
> From: Dmitry Baryshkov > > > > Add few more error reports to help debugging. > > > > Sponsored by ROSA Linux. > > > > Signed-off-by: Dmitry Baryshkov > > --- > > src/lib/libcrypto/gost/gostr341001_ameth.c | 20 +++- > > 1 file changed, 15 insertions(+), 5 deletions(-) -- With best wishes Dmitry

[PATCH] gostr341001: support unwrapped private keys support

2020-03-26 Thread Dmitry Baryshkov
GOST private keys can be wrapped in OCTET STRING, INTEGER or come unwrapped. Support the latter format. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/gost/gostr341001_ameth.c | 75 -- 1 file changed, 70 insertions(+), 5 deletions(-) diff

[PATCH 1/8] ssl_sigalgs: select proper default algorithm for GOST pkeys

2020-03-28 Thread Dmitry Baryshkov
Return default sigalg algorithm depending in the default digest algorithm (GOST94 or Streebog) selected by pkey. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libssl/ssl_sigalgs.c | 43 -- src/regress/lib/libssl/tlsext/tlsexttest.c | 10

[PATCH 5/8] ssl: support GOST certificates in ssl_cert_dup()

2020-03-28 Thread Dmitry Baryshkov
Add case entry for SSL_PKEY_GOST01 Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libssl/ssl_cert.c | 4 1 file changed, 4 insertions(+) diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index af8ef329b4b2..4da453c11eca 100644 --- a/src/lib/libssl

Re: [PATCH] ec: add support for several more GOST curves

2020-03-28 Thread Dmitry Baryshkov
6, 2020 at 09:25:57PM +0300, dbarysh...@gmail.com wrote: > > From: Dmitry Baryshkov > > > > Add support for GOST curves defined by RFC 7836 and > > draft-deremin-rfc4491-bis. Add aliases for 256-bit GOST curves (see > > draft-smyshlyaev-tls12-gost-suites). > &

[PATCH 6/8] ssl: do not send GOST 94 certificate type

2020-03-28 Thread Dmitry Baryshkov
GOST R 34.10-94 is an obsolete certificate type, unsupported by LibreSSL and by the rest of current software, so there is no point in sending in the CertificateTypes. Drop it. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libssl/s3_lib.c | 2 -- src/lib/libssl/tls1.h

[PATCH 7/8] ssl: add support for IANA-allocated GOST certificate types

2020-03-28 Thread Dmitry Baryshkov
IANA has allocated numbers for GOST ClientCertificateType. Use them in addition to private values (left in place for compat). Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libssl/s3_lib.c | 4 src/lib/libssl/tls1.h | 6 -- 2 files changed, 8 insertions(+), 2

[PATCH 3/8] ssl: add support for IANA-allocated GOST sigalgs values

2020-03-28 Thread Dmitry Baryshkov
Add support for IANA-allocated GOST SignatureAlgorithms values. Values predating IANA allocation are left in place because they are still used by deployed products. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libssl/ssl_sigalgs.c | 12 src/lib/libssl

[PATCH 2/8] ssl: pass a flag to GOST pkey to generate proper TLS1.2 CertVerify

2020-03-28 Thread Dmitry Baryshkov
if it is a GOST pkey. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libssl/ssl_clnt.c | 7 +++ src/lib/libssl/ssl_srvr.c | 7 +++ 2 files changed, 14 insertions(+) diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index ce43a89ca737..2a16bd19f247 100644

[PATCH 4/8] ssl: provide interoperability with CryptoPro CSP

2020-03-28 Thread Dmitry Baryshkov
Windows CSPs fail to send proper SigAlgs extension (it does not include GOST entries even for GOST CipherSuites). To ensure interoperability, assume that the server will understand GOST sigalgs if it has sent GOST certificate. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib

[PATCH 8/8] ssl: add support for new GOST CNT-IMIT ciphersuite value

2020-03-28 Thread Dmitry Baryshkov
Add support for IANA-assigned value {0xc1, 0x02} for GOST CNT-IMIT CipherSuite (GOST2012256-GOST89-GOST89). Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libssl/s3_lib.c | 17 + 1 file changed, 17 insertions(+) diff --git a/src/lib/libssl/s3_lib.c b/src

[PATCH v2 2/2] gost: populate params tables with new curves

2020-03-28 Thread Dmitry Baryshkov
Allow users to specify new curves via strings. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/gost/gostr341001_params.c | 7 +++ 1 file changed, 7 insertions(+) diff --git a/src/lib/libcrypto/gost/gostr341001_params.c b/src/lib/libcrypto/gost

[PATCH v2 1/2] ec: add support for several more GOST curves

2020-03-28 Thread Dmitry Baryshkov
-obektov-oid-tekhnicheskogo-komiteta-po-standartizatsii-kriptograficheskaya-zashchita-1.html) Sponsored by ROSA Linux. Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/ec/ec_curve.c | 162 +++- src/lib/libcrypto/gost/gostr341001_params.c | 4 +- src/lib/libcrypto

[PATCH v3 2/2] gost: populate params tables with new curves

2020-03-29 Thread Dmitry Baryshkov
Allow users to specify new curves via strings. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/gost/gostr341001_params.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/src/lib/libcrypto/gost/gostr341001_params.c b/src/lib/libcrypto/gost

Re: [PATCH v2 2/2] gost: populate params tables with new curves

2020-03-29 Thread Dmitry Baryshkov
V3 though. > Best regards, > > > On Sat, Mar 28, 2020 at 07:16:14PM +0300, Dmitry Baryshkov wrote: > > Allow users to specify new curves via strings. > > > > Sponsored by ROSA Linux > > > > Signed-off-by: Dmitry Baryshkov > > --- > > src

Re: [PATCH] gostr341001: support unwrapped private keys support

2020-03-31 Thread Dmitry Baryshkov
Hello, вт, 31 мар. 2020 г. в 06:20, Kinichiro Inoguchi : > > Hi, > > Where can we see the specifcation for these 3 different format, wrapped in > OCTET STRING, INTEGER and unwrapped but masked ? > I tried to find but couldn't. There is no English specification for GOST PKCS8 files yet,

[PATCH] regress/evp: add simple test for AEAD ciphers

2020-05-07 Thread Dmitry Baryshkov
Add a companion to evptest.c and aeadtest.c: test for AEAD ciphers using EVP_CIPHER interface. For now it is capable of testing only GCM mode. Signed-off-by: Dmitry Baryshkov --- src/regress/lib/libcrypto/evp/evpaeadtest.c | 382 ++ .../lib/libcrypto/evp/evpaeadtests.txt

[PATCH 5/5] pkcs12: add support for GOST PFX files

2020-06-27 Thread Dmitry Baryshkov
Russian standard body has changed the way MAC key is calculated for PKCS12 files. Generate proper keys depending on the digest type used for MAC generation. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/pkcs12/p12_key.c | 18 ++ src/lib

[PATCH 4/6] crypto: IDEA: convert to use new modes 64-bit helpers

2020-06-27 Thread Dmitry Baryshkov
Convert IDEA cipher to use 64-bit modes helper functions. Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/idea/i_cbc.c | 74 +++- src/lib/libcrypto/idea/i_cfb64.c | 57 ++-- src/lib/libcrypto/idea/i_ofb64.c | 47 ++-- 3

[PATCH 6/6] crypto: Gost 28147-89: convert to use new modes 64-bit helpers

2020-06-27 Thread Dmitry Baryshkov
Convert Gost 28147-89 cipher to use 64-bit modes helper functions. Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/gost/gost2814789.c | 121 ++- 1 file changed, 9 insertions(+), 112 deletions(-) diff --git a/src/lib/libcrypto/gost/gost2814789.c b/src/lib

[PATCH 3/5] gost: support new PublicKeyParameters format

2020-06-27 Thread Dmitry Baryshkov
Add support for updated PublicKeyParameters format as defined by draft-deremin-rfc4491-bis. Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/gost/gost_asn1.c | 2 +- src/lib/libcrypto/gost/gostr341001_ameth.c | 42 -- 2 files changed, 41 insertions(+), 3

[PATCH 4/5] gostr341001: support unwrapped private keys support

2020-06-27 Thread Dmitry Baryshkov
GOST private keys can be wrapped in OCTET STRING, INTEGER or come unwrapped. Support the latter format. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/gost/gost_asn1.c | 52 ++ src/lib/libcrypto/gost/gost_asn1.h | 11 ++ src/lib

[PATCH 2/5] gost: use ECerror to report EC errors

2020-06-27 Thread Dmitry Baryshkov
GOST code uses GOSTerror(EC_R_foo) to report several errors. Use ECerror(EC_R_foo) instead to make error messages match error code. Sponsored by ROSA Linux. Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/gost/gostr341001_ameth.c | 2 +- src/lib/libcrypto/gost/gostr341001_key.c | 14

[PATCH 1/5] gost: populate params tables with new curves

2020-06-27 Thread Dmitry Baryshkov
Allow users to specify new curves via strings. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/gost/gostr341001_params.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/src/lib/libcrypto/gost/gostr341001_params.c b/src/lib/libcrypto/gost

[PATCH 5/6] crypto: RC2: convert to use new modes 64-bit helpers

2020-06-27 Thread Dmitry Baryshkov
Convert RC2 cipher to use 64-bit modes helper functions. Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/rc2/rc2.h | 4 +- src/lib/libcrypto/rc2/rc2_cbc.c | 111 +++ src/lib/libcrypto/rc2/rc2_locl.h | 7 ++ src/lib/libcrypto/rc2/rc2cfb64.c | 57

[PATCH 1/6] modes: add functions implementing common code for 64-bit ciphers

2020-06-27 Thread Dmitry Baryshkov
64-bit ciphers are old, but it would be good to use common code for their implementations. Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/modes/cbc64.c | 202 src/lib/libcrypto/modes/cfb64.c | 169 ++ src/lib/libcrypto/modes/ctr64

[PATCH 3/6] crypto: cast: convert to use new modes 64-bit helpers

2020-06-27 Thread Dmitry Baryshkov
Convert CAST cipher to use 64-bit modes helper functions. Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/Makefile| 2 +- src/lib/libcrypto/cast/c_cbc.c| 75 + src/lib/libcrypto/cast/c_cfb64.c | 56 ++-- src/lib/libcrypto/cast/c_enc.c

[PATCH 2/6] crypto: bf: convert to use new modes 64-bit helpers

2020-06-27 Thread Dmitry Baryshkov
Convert Blowfish cipher to use 64-bit modes helper functions. Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/Makefile | 2 +- src/lib/libcrypto/bf/bf_cbc.c | 83 ++- src/lib/libcrypto/bf/bf_cfb64.c | 57 ++-- src/lib/libcrypto/bf/bf_enc.c

Re: [PATCH 1/6] modes: add functions implementing common code for 64-bit ciphers

2020-07-08 Thread Dmitry Baryshkov
сб, 27 июн. 2020 г. в 22:37, Dmitry Baryshkov : > > 64-bit ciphers are old, but it would be good to use common code for > their implementations. Gracious ping for this patchset. > > Signed-off-by: Dmitry Baryshkov > --- > src/lib/libcrypt

Re: [PATCH 1/5] gost: populate params tables with new curves

2020-07-08 Thread Dmitry Baryshkov
Gracious ping for these patches. сб, 27 июн. 2020 г. в 20:14, Dmitry Baryshkov : > > Allow users to specify new curves via strings. > > Sponsored by ROSA Linux > > Signed-off-by: Dmitry Baryshkov > --- > src/lib/libcrypto/gost/gostr341001_params.c | 10