File tree 2 files changed +72
-0
lines changed
2 files changed +72
-0
lines changed Original file line number Diff line number Diff line change 11# engine
2+
23A reference implementation of the Russian GOST crypto algorithms for OpenSSL
34
45Compatibility: OpenSSL 3.0
@@ -10,3 +11,13 @@ Mailing list: http://www.wagner.pp.ru/list-archives/openssl-gost/
1011Some useful links: https://www.altlinux.org/OSS-GOST-Crypto
1112
1213DO NOT TRY BUILDING MASTER BRANCH AGAINST openssl 1.1.1! Use 1_1_1 branch instead!
14+
15+ # provider
16+
17+ A reference implementation in the same spirit as the engine, specified
18+ above.
19+
20+ This is currently work in progress, with only a subset of all intended
21+ functionality implemented: symmetric ciphers, hashes and MACs.
22+
23+ For more information, see [ README.prov.md] ( README.prov.md )
Original file line number Diff line number Diff line change 1+ # GOST provider
2+
3+ The GOST provider is currently built in parallell with the GOST
4+ engine, and is implemented like a wrapper around the engine code.
5+
6+ ## Currently implemented
7+
8+ Symmetric ciphers:
9+
10+ - gost89
11+ - gost89-cnt
12+ - gost89-cnt-12
13+ - gost89-cbc
14+ - kuznyechik-ecb
15+ - kuznyechik-cbc
16+ - kuznyechik-cfb
17+ - kuznyechik-ofb
18+ - kuznyechik-ctr
19+ - magma-cbc
20+ - magma-ctr
21+ - magma-ctr-acpkm
22+ - magma-ctr-acpkm-omac
23+ - kuznyechik-ctr-acpkm
24+ - kuznyechik-ctr-acpkm-omac
25+
26+ Hashes:
27+
28+ - id-tc26-gost3411-12-256 (md_gost12_256)
29+ - id-tc26-gost3411-12-512 (md_gost12_512)
30+ - id-GostR3411-94 (md_gost94)
31+
32+ MACs:
33+
34+ - gost-mac
35+ - gost-mac-12
36+ - magma-mac
37+ - kuznyechik-mac
38+ - kuznyechik-ctr-acpkm-omac
39+
40+ ## TODO, not requiring additional OpenSSL support
41+
42+ - Basic support for GOST keys, i.e. implementations of KEYMGMT
43+ (including key generation), DECODER and DECODER.
44+
45+ - Support for these operations using GOST keys:
46+
47+ - ASYM_CIPHER (encryption and decryption using GOST keys)
48+ - SIGNATURE (signing and verifying using GOST keys)
49+
50+ ## TODO, which requires additional OpenSSL support
51+
52+ - TLSTREE support. This may require additional changes in libssl.
53+ Needs investigation.
54+
55+ - PKCS7 and CMS support. This requires OpenSSL PKCS7 and CMS code
56+ to change for better interfacing with providers.
57+
58+ ## TODO, far future
59+
60+ - Refactor the code into being just a provider. This is to be done
61+ when engines aren't supported any more.
You can’t perform that action at this time.
0 commit comments