Created
May 4, 2014 14:19
-
-
Save ignatk/f57ed18390957e88939a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/Configure b/Configure | |
index f0fadaa..c6aed3c 100755 | |
--- a/Configure | |
+++ b/Configure | |
@@ -1034,6 +1034,10 @@ | |
$disabled{"ecdsa"} = "forced"; | |
$disabled{"ecdh"} = "forced"; | |
} | |
+if (defined($disabled{"ec2m"})) | |
+ { | |
+ $disabled{"dstu"} = "forced"; | |
+ } | |
# SSL 2.0 requires MD5 and RSA | |
if (defined($disabled{"md5"}) || defined($disabled{"rsa"})) | |
@@ -1709,6 +1713,7 @@ | |
s/fips // if (/^DIRS=/ && !$fips); | |
s/engines // if (/^DIRS=/ && $disabled{"engine"}); | |
s/ccgost// if (/^ENGDIRS=/ && $disabled{"gost"}); | |
+ s/uadstu// if (/^ENGDIRS=/ && $disabled{"dstu"}); | |
s/^VERSION=.*/VERSION=$version/; | |
s/^MAJOR=.*/MAJOR=$major/; | |
s/^MINOR=.*/MINOR=$minor/; | |
diff --git a/Makefile.org b/Makefile.org | |
index e7f6e5b..a3d3dd9 100644 | |
--- a/Makefile.org | |
+++ b/Makefile.org | |
@@ -138,7 +138,7 @@ | |
BASEADDR= | |
DIRS= crypto fips ssl engines apps test tools | |
-ENGDIRS= ccgost | |
+ENGDIRS= ccgost uadstu | |
SHLIBDIRS= crypto ssl | |
# dirs in crypto to build | |
diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c | |
index 37ddcf9..882943c 100644 | |
--- a/crypto/engine/eng_all.c | |
+++ b/crypto/engine/eng_all.c | |
@@ -110,6 +110,9 @@ | |
#ifndef OPENSSL_NO_GOST | |
ENGINE_load_gost(); | |
#endif | |
+#ifndef OPENSSL_NO_DSTU | |
+ ENGINE_load_dstu(); | |
+#endif | |
#ifndef OPENSSL_NO_GMP | |
ENGINE_load_gmp(); | |
#endif | |
diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h | |
index f8be497..1313775 100644 | |
--- a/crypto/engine/engine.h | |
+++ b/crypto/engine/engine.h | |
@@ -349,6 +349,9 @@ | |
#ifndef OPENSSL_NO_GOST | |
void ENGINE_load_gost(void); | |
#endif | |
+#ifndef OPENSSL_NO_DSTU | |
+void ENGINE_load_dstu(void); | |
+#endif | |
#endif | |
void ENGINE_load_cryptodev(void); | |
void ENGINE_load_rsax(void); | |
diff --git a/crypto/objects/obj_xref.txt b/crypto/objects/obj_xref.txt | |
index 19c9422..cb07920 100644 | |
--- a/crypto/objects/obj_xref.txt | |
+++ b/crypto/objects/obj_xref.txt | |
@@ -56,3 +56,6 @@ | |
dhSinglePass_cofactorDH_sha256kdf_scheme sha256 dh_cofactor_kdf | |
dhSinglePass_cofactorDH_sha384kdf_scheme sha384 dh_cofactor_kdf | |
dhSinglePass_cofactorDH_sha512kdf_scheme sha512 dh_cofactor_kdf | |
+ | |
+dstu4145le dstu34311 dstu4145le | |
+dstu4145be dstu34311 dstu4145be | |
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt | |
index b57aabb..1140e37 100644 | |
--- a/crypto/objects/objects.txt | |
+++ b/crypto/objects/objects.txt | |
@@ -1348,3 +1348,29 @@ | |
1 3 6 1 4 1 311 60 2 1 1 : jurisdictionL : jurisdictionLocalityName | |
1 3 6 1 4 1 311 60 2 1 2 : jurisdictionST : jurisdictionStateOrProvinceName | |
1 3 6 1 4 1 311 60 2 1 3 : jurisdictionC : jurisdictionCountryName | |
+ | |
+# DSTU OIDs | |
+member-body 804 : ISO-UA | |
+ISO-UA 2 1 1 1 : ua-pki | |
+ua-pki 1 1 1 : dstu28147 : DSTU Gost 28147-2009 | |
+dstu28147 2 : dstu28147-ofb : DSTU Gost 28147-2009 OFB mode | |
+dstu28147 3 : dstu28147-cfb : DSTU Gost 28147-2009 CFB mode | |
+dstu28147 5 : dstu28147-wrap : DSTU Gost 28147-2009 key wrap | |
+ | |
+ua-pki 1 1 2 : hmacWithDstu34311 : HMAC DSTU Gost 34311-95 | |
+ua-pki 1 2 1 : dstu34311 : DSTU Gost 34311-95 | |
+ | |
+ua-pki 1 3 1 1 : dstu4145le : DSTU 4145-2002 little endian | |
+dstu4145le 1 1 : dstu4145be : DSTU 4145-2002 big endian | |
+ | |
+# DSTU named curves | |
+dstu4145le 1 2 0 : uacurve0 : DSTU curve 0 | |
+dstu4145le 1 2 1 : uacurve1 : DSTU curve 1 | |
+dstu4145le 1 2 2 : uacurve2 : DSTU curve 2 | |
+dstu4145le 1 2 3 : uacurve3 : DSTU curve 3 | |
+dstu4145le 1 2 4 : uacurve4 : DSTU curve 4 | |
+dstu4145le 1 2 5 : uacurve5 : DSTU curve 5 | |
+dstu4145le 1 2 6 : uacurve6 : DSTU curve 6 | |
+dstu4145le 1 2 7 : uacurve7 : DSTU curve 7 | |
+dstu4145le 1 2 8 : uacurve8 : DSTU curve 8 | |
+dstu4145le 1 2 9 : uacurve9 : DSTU curve 9 | |
diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c | |
index 9702ec5..345bf40 100644 | |
--- a/crypto/x509/x509type.c | |
+++ b/crypto/x509/x509type.c | |
@@ -96,6 +96,10 @@ | |
case NID_id_GostR3410_2001: | |
ret=EVP_PKT_EXCH|EVP_PKT_SIGN; | |
break; | |
+ case NID_dstu4145le: | |
+ case NID_dstu4145be: | |
+ ret=EVP_PKT_SIGN; | |
+ break; | |
default: | |
break; | |
} | |
diff --git a/engines/Makefile b/engines/Makefile | |
index 4bad384..f107828 100644 | |
--- a/engines/Makefile | |
+++ b/engines/Makefile | |
@@ -9,7 +9,7 @@ | |
CFLAG=-g | |
MAKEFILE= Makefile | |
AR= ar r | |
-ENGDIRS= ccgost | |
+ENGDIRS= ccgost uadstu | |
RECURSIVE_MAKE= [ -z "$(ENGDIRS)" ] || for i in $(ENGDIRS) ; do \ | |
(cd $$i && echo "making $$target in $(DIR)/$$i..." && \ | |
@@ -148,6 +148,7 @@ | |
-nostatic -staticloader -write e_$$l.c; \ | |
done | |
(cd ccgost; $(MAKE) PERL=$(PERL) errors) | |
+ (cd uadstu; $(MAKE) PERL=$(PERL) errors) | |
tests: | |
diff --git a/test/Makefile b/test/Makefile | |
index d4b6699..6531f91 100644 | |
--- a/test/Makefile | |
+++ b/test/Makefile | |
@@ -85,6 +85,7 @@ | |
FIPS_TEST_SUITE=fips_test_suite | |
FIPS_CMACTEST= fips_cmactest | |
FIPS_ALGVS= fips_algvs | |
+DSTUTEST= dstutest | |
TESTS= alltests | |
@@ -94,7 +95,7 @@ | |
$(DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) \ | |
$(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \ | |
$(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \ | |
- $(GOST2814789TEST)$(EXE_EXT) \ | |
+ $(GOST2814789TEST)$(EXE_EXT) $(DSTUTEST)$(EXE_EXT) \ | |
$(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) \ | |
$(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ | |
$(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \ | |
@@ -127,7 +128,7 @@ | |
$(FIPS_TEST_SUITE).o $(FIPS_DHVS).o $(FIPS_ECDSAVS).o \ | |
$(FIPS_ECDHVS).o $(FIPS_CMACTEST).o $(FIPS_ALGVS).o \ | |
$(EVPTEST).o $(IGETEST).o $(JPAKETEST).o $(V3NAMETEST).o \ | |
- $(GOST2814789TEST).o | |
+ $(GOST2814789TEST).o $(DSTUTEST).o | |
SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ | |
$(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ | |
$(HMACTEST).c $(WPTEST).c \ | |
@@ -142,7 +143,7 @@ | |
$(FIPS_TEST_SUITE).c $(FIPS_DHVS).c $(FIPS_ECDSAVS).c \ | |
$(FIPS_ECDHVS).c $(FIPS_CMACTEST).c $(FIPS_ALGVS).c \ | |
$(EVPTEST).c $(IGETEST).c $(JPAKETEST).c $(V3NAMETEST).c \ | |
- $(GOST2814789TEST).c | |
+ $(GOST2814789TEST).c $(DSTUTEST).c | |
EXHEADER= | |
HEADER= $(EXHEADER) | |
@@ -190,7 +191,7 @@ | |
test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ | |
test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \ | |
test_jpake test_srp test_cms test_v3name test_ocsp \ | |
- test_gost2814789 | |
+ test_gost2814789 test_dstu | |
test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt | |
../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt | |
@@ -248,6 +249,9 @@ | |
test_gost2814789: $(GOST2814789TEST)$(EXE_EXT) | |
../util/shlib_wrap.sh ./$(GOST2814789TEST) | |
+ | |
+test_dstu: $(DSTUTEST)$(EXE_EXT) | |
+ ../util/shlib_wrap.sh ./$(DSTUTEST) | |
test_enc: ../apps/openssl$(EXE_EXT) testenc | |
@sh ./testenc | |
@@ -565,6 +569,9 @@ | |
$(GOST2814789TEST)$(EXE_EXT): $(GOST2814789TEST).o $(DLIBCRYPTO) | |
@target=$(GOST2814789TEST); $(BUILD_CMD) | |
+ | |
+$(DSTUTEST)$(EXE_EXT): $(DSTUTEST).o $(DLIBCRYPTO) | |
+ @target=$(DSTUTEST); $(BUILD_CMD) | |
$(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) | |
@target=$(RANDTEST); $(BUILD_CMD) | |
diff --git a/util/mk1mf.pl b/util/mk1mf.pl | |
index 90ae84b..7a6d7a4 100755 | |
--- a/util/mk1mf.pl | |
+++ b/util/mk1mf.pl | |
@@ -305,6 +305,7 @@ | |
$cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; | |
$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; | |
$cflags.=" -DOPENSSL_NO_GOST" if $no_gost; | |
+$cflags.=" -DOPENSSL_NO_DSTU" if $no_dstu; | |
$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; | |
$cflags.=" -DOPENSSL_NO_HW" if $no_hw; | |
$cflags.=" -DOPENSSL_FIPS" if $fips; | |
@@ -1066,6 +1067,7 @@ | |
return("") if $no_dh && $dir =~ /\/dh/; | |
return("") if $no_ec && $dir =~ /\/ec/; | |
return("") if $no_gost && $dir =~ /\/ccgost/; | |
+ return("") if $no_dstu && $dir =~ /\/uadstu/; | |
return("") if $no_cms && $dir =~ /\/cms/; | |
return("") if $no_jpake && $dir =~ /\/jpake/; | |
return("") if !$fips && $dir =~ /^fips/; | |
@@ -1431,6 +1433,7 @@ | |
"no-ecdsa" => \$no_ecdsa, | |
"no-ecdh" => \$no_ecdh, | |
"no-gost" => \$no_gost, | |
+ "no-dstu" => \$no_dstu, | |
"no-engine" => \$no_engine, | |
"no-hw" => \$no_hw, | |
"just-ssl" => | |
diff --git a/util/mkdef.pl b/util/mkdef.pl | |
index 8d74eaa..03baeea 100755 | |
--- a/util/mkdef.pl | |
+++ b/util/mkdef.pl | |
@@ -86,7 +86,7 @@ | |
"CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", | |
"SHA256", "SHA512", "RIPEMD", | |
"MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "EC2M", | |
- "HMAC", "AES", "CAMELLIA", "SEED", "GOST", | |
+ "HMAC", "AES", "CAMELLIA", "SEED", "GOST", "DSTU", | |
# EC_NISTP_64_GCC_128 | |
"EC_NISTP_64_GCC_128", | |
# Envelope "algorithms" | |
diff --git a/util/mkfiles.pl b/util/mkfiles.pl | |
index 7dff4a6..b5e16be 100755 | |
--- a/util/mkfiles.pl | |
+++ b/util/mkfiles.pl | |
@@ -81,6 +81,7 @@ | |
"apps", | |
"engines", | |
"engines/ccgost", | |
+"engines/uadstu", | |
"test", | |
"tools" | |
); | |
diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c | |
index 0a984fb..ce95df1 100644 | |
--- a/crypto/x509v3/v3_skey.c | |
+++ b/crypto/x509v3/v3_skey.c | |
@@ -105,6 +105,10 @@ | |
ASN1_BIT_STRING *pk; | |
unsigned char pkey_dig[EVP_MAX_MD_SIZE]; | |
unsigned int diglen; | |
+ EVP_MD_CTX md_ctx; | |
+ int pubkeynid = NID_undef; | |
+ EVP_PKEY *pkey = NULL; | |
+ X509_PUBKEY *pubkey = NULL; | |
if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); | |
@@ -120,17 +124,47 @@ | |
goto err; | |
} | |
- if(ctx->subject_req) | |
- pk = ctx->subject_req->req_info->pubkey->public_key; | |
- else pk = ctx->subject_cert->cert_info->key->public_key; | |
+ if(ctx->subject_req) { | |
+ pubkeynid = OBJ_obj2nid(ctx->subject_req->req_info->pubkey->algor->algorithm); | |
+ pubkey = ctx->subject_req->req_info->pubkey; | |
+ } | |
+ else { | |
+ pubkeynid = OBJ_obj2nid(ctx->subject_cert->cert_info->key->algor->algorithm); | |
+ pubkey = ctx->subject_cert->cert_info->key; | |
+ } | |
+ | |
+ pk = pubkey->public_key; | |
if(!pk) { | |
X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); | |
goto err; | |
} | |
- if (!EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL)) | |
- goto err; | |
+ if ((NID_dstu4145le == pubkeynid) || (NID_dstu4145be == pubkeynid)) { | |
+ pkey = X509_PUBKEY_get(pubkey); | |
+ if (!pkey) | |
+ goto err; | |
+ | |
+ EVP_MD_CTX_init(&md_ctx); | |
+ | |
+ /* This is to make digest use s-box from public key if it is not the default one */ | |
+ if (!EVP_DigestSignInit(&md_ctx, NULL, EVP_get_digestbynid(NID_dstu34311), NULL, pkey)) { | |
+ EVP_PKEY_free(pkey); | |
+ goto err; | |
+ } | |
+ | |
+ EVP_PKEY_free(pkey); | |
+ | |
+ if (!EVP_DigestUpdate(&md_ctx, pk->data, pk->length)) | |
+ goto err; | |
+ | |
+ if (!EVP_DigestFinal(&md_ctx, pkey_dig, &diglen)) | |
+ goto err; | |
+ } | |
+ else { | |
+ if (!EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL)) | |
+ goto err; | |
+ } | |
if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { | |
X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment