gost-engine / engine Goto Github PK

View Code? Open in Web Editor NEW

352.0 29.0 167.0 3.08 MB

A reference implementation of the Russian GOST crypto algorithms for OpenSSL

License: Apache License 2.0

C 94.53% eC 0.01% CMake 0.20% Roff 0.06% Perl 0.68% Makefile 0.01% Tcl 4.26% Shell 0.11% Batchfile 0.17%

cryptography openssl gost

engine's Introduction

engine

A reference implementation of the Russian GOST crypto algorithms for OpenSSL

Compatibility: OpenSSL 3.0

License: same as the corresponding version of OpenSSL.

Mailing list: http://www.wagner.pp.ru/list-archives/openssl-gost/

Some useful links: https://www.altlinux.org/OSS-GOST-Crypto

DO NOT TRY BUILDING MASTER BRANCH AGAINST openssl 1.1.1! Use 1_1_1 branch instead!

provider

A reference implementation in the same spirit as the engine, specified above.

This is currently work in progress, with only a subset of all intended functionality implemented: symmetric ciphers, hashes and MACs.

For more information, see README.prov.md

engine's People

Contributors

Stargazers

Watchers

Forkers

levitte blackswanbay dantejohn maxamar fars vcgato29 andbortnik stevenlinsell romen oscarlinden mattlk13 purplei2p locusf yyyyyyy9 kanet4u danilvoe mouse07410 ayuryshev boggard enorae sysman-one dhyannataraj mrdoger djm00n rd-mobile-alex hugo020892 antonkravtsevich andyk555 shenfahsu wladdy lumag andrean mattcaswell vt-alt iamundef glebfm efanov abbra candrews mojoman zwerg-max sergeydjam undefbehavior gaelguegan savin-sergey zatupitel zombokid miley94 kunfuzi olegjakushkin s-sokolko algv chipitsine grundik pipeckotu hiller slavondt avlubimov deynekoaa iskrant selivan volcanowcan netdebug murzindima sts0mrg0 frenzymind yancycarlos bonomali alex2015 ddulesov vimloko secnotice nmorozxov dslzuha mikhailnov pulfer asmuslim kostya77 hooper21 igraemvtanki tihomirov71 5l1v3r1 andreypnm verrens bbbrumley volgvam abhisheknishantpuresoftware paulidale beccagwarren luinxz sonia-garudi veyborov afalin wbeck10 igrkir hackomatic ikle ph12345678 dantld drevil35

engine's Issues

pkey_gost_ec_derive return code

In OpenSSL docs for EVP_PKEY_derive it is stated that:

EVP_PKEY_derive_init() and EVP_PKEY_derive() return 1 for success and 0 or a negative value for failure.

OpenSSL DH implementation follows this convention.

GOST engine returns key length on success which may break some code that expects '1'.

Adopt to 1.1.0

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=cddcea8c4b46ea610d928af899e394d9e323c617

Inconsistent build - fails on some machines (?!)

One MacOS Sierra 10.12.5 machine builds the engine fine. Another one fails:

$ cmake -DOPENSSL_PATH=/Users/uri/src/openssl ..
-- The C compiler identification is AppleClang 8.1.0.8020042
-- The CXX compiler identification is AppleClang 8.1.0.8020042
-- Check for working C compiler: /opt/local/bin/clang
-- Check for working C compiler: /opt/local/bin/clang -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Check for working CXX compiler: /opt/local/bin/clang++
-- Check for working CXX compiler: /opt/local/bin/clang++ -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Check if the system is big endian
-- Searching 16 bit integer
-- Looking for sys/types.h
-- Looking for sys/types.h - found
-- Looking for stdint.h
-- Looking for stdint.h - found
-- Looking for stddef.h
-- Looking for stddef.h - found
-- Check size of unsigned short
-- Check size of unsigned short - done
-- Using unsigned short
-- Check if the system is big endian - little endian
-- LITTLE_ENDIAN
-- Configuring done
-- Generating done
-- Build files have been written to: /Users/uri/src/grasshopper-engine/build
$ make -j 2
Scanning dependencies of target gost
[  6%] Building C object CMakeFiles/gost.dir/gost_ec_sign.c.o
[  6%] Building C object CMakeFiles/gost.dir/gost_ec_keyx.c.o
[ 10%] Building C object CMakeFiles/gost.dir/gost89.c.o
[ 13%] Building C object CMakeFiles/gost.dir/gosthash.c.o
[ 16%] Building C object CMakeFiles/gost.dir/gost_grasshopper_core.c.o
[ 20%] Building C object CMakeFiles/gost.dir/gost_grasshopper_defines.c.o
[ 23%] Building C object CMakeFiles/gost.dir/gost_grasshopper_galois_precompiled.c.o
[ 26%] Building C object CMakeFiles/gost.dir/gost_grasshopper_precompiled.c.o
[ 30%] Building C object CMakeFiles/gost.dir/gost_grasshopper_cipher.c.o
[ 33%] Building C object CMakeFiles/gost.dir/gost_grasshopper_mac.c.o
[ 36%] Building C object CMakeFiles/gost.dir/gosthash2012.c.o
[ 40%] Linking C static library libgost.a
/opt/local/bin/ranlib: file: libgost.a(gost_grasshopper_mac.c.o) has no symbols
/opt/local/bin/ranlib: file: libgost.a(gost_grasshopper_mac.c.o) has no symbols
[ 40%] Built target gost
Scanning dependencies of target gost12sum
Scanning dependencies of target gostsum12
[ 43%] Building C object CMakeFiles/gostsum12.dir/gostsum12.c.o
[ 46%] Building C object CMakeFiles/gost12sum.dir/gost12sum.c.o
[ 53%] Linking C executable ../bin/gost12sum
[ 53%] Linking C executable ../bin/gostsum12
[ 53%] Built target gost12sum
[ 53%] Built target gostsum12
Scanning dependencies of target gostsum
Scanning dependencies of target gost_engine
[ 56%] Building C object CMakeFiles/gostsum.dir/gostsum.c.o
[ 60%] Building C object CMakeFiles/gost_engine.dir/e_gost_err.c.o
[ 63%] Linking C executable ../bin/gostsum
[ 66%] Building C object CMakeFiles/gost_engine.dir/gost_asn1.c.o
[ 66%] Built target gostsum
[ 70%] Building C object CMakeFiles/gost_engine.dir/gost_crypt.c.o
[ 73%] Building C object CMakeFiles/gost_engine.dir/gost_ctl.c.o
[ 76%] Building C object CMakeFiles/gost_engine.dir/gost_eng.c.o
[ 80%] Building C object CMakeFiles/gost_engine.dir/gost_keywrap.c.o
[ 83%] Building C object CMakeFiles/gost_engine.dir/gost_params.c.o
[ 86%] Building C object CMakeFiles/gost_engine.dir/gost_ameth.c.o
[ 90%] Building C object CMakeFiles/gost_engine.dir/gost_md.c.o
[ 93%] Building C object CMakeFiles/gost_engine.dir/gost_md2012.c.o
[ 96%] Building C object CMakeFiles/gost_engine.dir/gost_pmeth.c.o
[100%] Linking C shared module ../bin/gost.so
Undefined symbols for architecture x86_64:
  "_BN_is_zero", referenced from:
      _gost_ec_sign in libgost.a(gost_ec_sign.c.o)
      _gost_ec_verify in libgost.a(gost_ec_sign.c.o)
      _gost_ec_keygen in libgost.a(gost_ec_sign.c.o)
  "_CRYPTO_zalloc", referenced from:
      _pub_encode_gost_ec in gost_ameth.c.o
      _VKO_compute_key in libgost.a(gost_ec_keyx.c.o)
  "_DSA_SIG_get0", referenced from:
      _pack_sign_cp in gost_pmeth.c.o
      _gost_ec_verify in libgost.a(gost_ec_sign.c.o)
  "_DSA_SIG_set0", referenced from:
      _unpack_cp_signature in gost_pmeth.c.o
      _gost_ec_sign in libgost.a(gost_ec_sign.c.o)
  "_EVP_CIPHER_CTX_buf_noconst", referenced from:
      _gost_cipher_do_cfb in gost_crypt.c.o
      _gost_cipher_do_cnt in gost_crypt.c.o
      _gost_grasshopper_cipher_do_ofb in libgost.a(gost_grasshopper_cipher.c.o)
      _gost_grasshopper_cipher_do_cfb in libgost.a(gost_grasshopper_cipher.c.o)
  "_EVP_CIPHER_CTX_encrypting", referenced from:
      _gost_cipher_do_cfb in gost_crypt.c.o
      _gost_cipher_do_cbc in gost_crypt.c.o
      _gost_grasshopper_cipher_do_ecb in libgost.a(gost_grasshopper_cipher.c.o)
      _gost_grasshopper_cipher_do_cbc in libgost.a(gost_grasshopper_cipher.c.o)
      _gost_grasshopper_cipher_do_cfb in libgost.a(gost_grasshopper_cipher.c.o)
  "_EVP_CIPHER_CTX_get_cipher_data", referenced from:
      _gost_cipher_do_cfb in gost_crypt.c.o
      _gost_cipher_cleanup in gost_crypt.c.o
      _gost89_set_asn1_parameters in gost_crypt.c.o
      _gost89_get_asn1_parameters in gost_crypt.c.o
      _gost_cipher_ctl in gost_crypt.c.o
      _gost_cipher_do_cbc in gost_crypt.c.o
      _gost_cipher_do_cnt in gost_crypt.c.o
      ...
  "_EVP_CIPHER_CTX_iv", referenced from:
      _gost89_set_asn1_parameters in gost_crypt.c.o
  "_EVP_CIPHER_CTX_iv_noconst", referenced from:
      _gost_cipher_do_cfb in gost_crypt.c.o
      _gost_cipher_do_cbc in gost_crypt.c.o
      _gost_cipher_do_cnt in gost_crypt.c.o
      _gost_cipher_init_cnt in gost_crypt.c.o
      _gost_cipher_init_param in gost_crypt.c.o
      _gost_grasshopper_cipher_init in libgost.a(gost_grasshopper_cipher.c.o)
      _gost_grasshopper_cipher_do_cbc in libgost.a(gost_grasshopper_cipher.c.o)
      ...
  "_EVP_CIPHER_CTX_num", referenced from:
      _gost_cipher_do_cfb in gost_crypt.c.o
      _gost_cipher_do_cnt in gost_crypt.c.o
      _gost_grasshopper_cipher_do_ofb in libgost.a(gost_grasshopper_cipher.c.o)
      _gost_grasshopper_cipher_do_cfb in libgost.a(gost_grasshopper_cipher.c.o)
  "_EVP_CIPHER_CTX_original_iv", referenced from:
      _gost89_get_asn1_parameters in gost_crypt.c.o
      _gost_cipher_init_cnt in gost_crypt.c.o
      _gost_cipher_init_param in gost_crypt.c.o
      _gost_grasshopper_cipher_init in libgost.a(gost_grasshopper_cipher.c.o)
  "_EVP_CIPHER_CTX_set_num", referenced from:
      _gost_cipher_do_cfb in gost_crypt.c.o
      _gost_cipher_do_cnt in gost_crypt.c.o
      _gost_grasshopper_cipher_do_ofb in libgost.a(gost_grasshopper_cipher.c.o)
      _gost_grasshopper_cipher_do_cfb in libgost.a(gost_grasshopper_cipher.c.o)
  "_EVP_CIPHER_meth_free", referenced from:
      _cipher_gost in gost_crypt.c.o
      _cipher_gost_cbc in gost_crypt.c.o
      _cipher_gost_cpacnt in gost_crypt.c.o
      _cipher_gost_cpcnt_12 in gost_crypt.c.o
      _cipher_gost_destroy in gost_crypt.c.o
      _cipher_gost_grasshopper in libgost.a(gost_grasshopper_cipher.c.o)
  "_EVP_CIPHER_meth_new", referenced from:
      _cipher_gost in gost_crypt.c.o
      _cipher_gost_cbc in gost_crypt.c.o
      _cipher_gost_cpacnt in gost_crypt.c.o
      _cipher_gost_cpcnt_12 in gost_crypt.c.o
      _cipher_gost_grasshopper_create in libgost.a(gost_grasshopper_cipher.c.o)
  "_EVP_CIPHER_meth_set_cleanup", referenced from:
      _cipher_gost in gost_crypt.c.o
      _cipher_gost_cbc in gost_crypt.c.o
      _cipher_gost_cpacnt in gost_crypt.c.o
      _cipher_gost_cpcnt_12 in gost_crypt.c.o
      _cipher_gost_grasshopper_setup in libgost.a(gost_grasshopper_cipher.c.o)
  "_EVP_CIPHER_meth_set_ctrl", referenced from:
      _cipher_gost in gost_crypt.c.o
      _cipher_gost_cbc in gost_crypt.c.o
      _cipher_gost_cpacnt in gost_crypt.c.o
      _cipher_gost_cpcnt_12 in gost_crypt.c.o
      _cipher_gost_grasshopper_setup in libgost.a(gost_grasshopper_cipher.c.o)
  "_EVP_CIPHER_meth_set_do_cipher", referenced from:
      _cipher_gost in gost_crypt.c.o
      _cipher_gost_cbc in gost_crypt.c.o
      _cipher_gost_cpacnt in gost_crypt.c.o
      _cipher_gost_cpcnt_12 in gost_crypt.c.o
      _cipher_gost_grasshopper_setup in libgost.a(gost_grasshopper_cipher.c.o)
  "_EVP_CIPHER_meth_set_flags", referenced from:
      _cipher_gost in gost_crypt.c.o
      _cipher_gost_cbc in gost_crypt.c.o
      _cipher_gost_cpacnt in gost_crypt.c.o
      _cipher_gost_cpcnt_12 in gost_crypt.c.o
      _cipher_gost_grasshopper_setup in libgost.a(gost_grasshopper_cipher.c.o)
  "_EVP_CIPHER_meth_set_get_asn1_params", referenced from:
      _cipher_gost in gost_crypt.c.o
      _cipher_gost_cbc in gost_crypt.c.o
      _cipher_gost_cpacnt in gost_crypt.c.o
      _cipher_gost_cpcnt_12 in gost_crypt.c.o
      _cipher_gost_grasshopper_setup in libgost.a(gost_grasshopper_cipher.c.o)
  "_EVP_CIPHER_meth_set_impl_ctx_size", referenced from:
      _cipher_gost in gost_crypt.c.o
      _cipher_gost_cbc in gost_crypt.c.o
      _cipher_gost_cpacnt in gost_crypt.c.o
      _cipher_gost_cpcnt_12 in gost_crypt.c.o
      _cipher_gost_grasshopper in libgost.a(gost_grasshopper_cipher.c.o)
  "_EVP_CIPHER_meth_set_init", referenced from:
      _cipher_gost in gost_crypt.c.o
      _cipher_gost_cbc in gost_crypt.c.o
      _cipher_gost_cpacnt in gost_crypt.c.o
      _cipher_gost_cpcnt_12 in gost_crypt.c.o
      _cipher_gost_grasshopper in libgost.a(gost_grasshopper_cipher.c.o)
  "_EVP_CIPHER_meth_set_iv_length", referenced from:
      _cipher_gost in gost_crypt.c.o
      _cipher_gost_cbc in gost_crypt.c.o
      _cipher_gost_cpacnt in gost_crypt.c.o
      _cipher_gost_cpcnt_12 in gost_crypt.c.o
      _cipher_gost_grasshopper_setup in libgost.a(gost_grasshopper_cipher.c.o)
  "_EVP_CIPHER_meth_set_set_asn1_params", referenced from:
      _cipher_gost in gost_crypt.c.o
      _cipher_gost_cbc in gost_crypt.c.o
      _cipher_gost_cpacnt in gost_crypt.c.o
      _cipher_gost_cpcnt_12 in gost_crypt.c.o
      _cipher_gost_grasshopper_setup in libgost.a(gost_grasshopper_cipher.c.o)
  "_EVP_MD_CTX_free", referenced from:
      _VKO_compute_key in libgost.a(gost_ec_keyx.c.o)
  "_EVP_MD_CTX_md_data", referenced from:
      _gost_imit_update in gost_crypt.c.o
      _gost_imit_final in gost_crypt.c.o
      _gost_imit_copy in gost_crypt.c.o
      _gost_imit_cleanup in gost_crypt.c.o
      _gost_imit_ctrl in gost_crypt.c.o
      _gost_imit_init in gost_crypt.c.o
      _gost_digest_init in gost_md.c.o
      ...
  "_EVP_MD_CTX_new", referenced from:
      _VKO_compute_key in libgost.a(gost_ec_keyx.c.o)
  "_EVP_MD_CTX_reset", referenced from:
      _VKO_compute_key in libgost.a(gost_ec_keyx.c.o)
  "_EVP_MD_meth_free", referenced from:
      _imit_gost_cpa in gost_crypt.c.o
      _imit_gost_cpa_destroy in gost_crypt.c.o
      _imit_gost_cp_12 in gost_crypt.c.o
      _imit_gost_cp_12_destroy in gost_crypt.c.o
      _digest_gost in gost_md.c.o
      _digest_gost_destroy in gost_md.c.o
      _digest_gost2012_256 in gost_md2012.c.o
      ...
  "_EVP_MD_meth_get_ctrl", referenced from:
      _pkey_gost_mac_ctrl in gost_pmeth.c.o
      _pkey_gost_mac_signctx in gost_pmeth.c.o
  "_EVP_MD_meth_get_init", referenced from:
      _gost_imit_ctrl in gost_crypt.c.o
  "_EVP_MD_meth_new", referenced from:
      _imit_gost_cpa in gost_crypt.c.o
      _imit_gost_cp_12 in gost_crypt.c.o
      _digest_gost in gost_md.c.o
      _digest_gost2012_256 in gost_md2012.c.o
      _digest_gost2012_512 in gost_md2012.c.o
  "_EVP_MD_meth_set_app_datasize", referenced from:
      _imit_gost_cpa in gost_crypt.c.o
      _imit_gost_cp_12 in gost_crypt.c.o
      _digest_gost in gost_md.c.o
      _digest_gost2012_256 in gost_md2012.c.o
      _digest_gost2012_512 in gost_md2012.c.o
  "_EVP_MD_meth_set_cleanup", referenced from:
      _imit_gost_cpa in gost_crypt.c.o
      _imit_gost_cp_12 in gost_crypt.c.o
      _digest_gost in gost_md.c.o
      _digest_gost2012_256 in gost_md2012.c.o
      _digest_gost2012_512 in gost_md2012.c.o
  "_EVP_MD_meth_set_copy", referenced from:
      _imit_gost_cpa in gost_crypt.c.o
      _imit_gost_cp_12 in gost_crypt.c.o
      _digest_gost in gost_md.c.o
      _digest_gost2012_256 in gost_md2012.c.o
      _digest_gost2012_512 in gost_md2012.c.o
  "_EVP_MD_meth_set_ctrl", referenced from:
      _imit_gost_cpa in gost_crypt.c.o
      _imit_gost_cp_12 in gost_crypt.c.o
      _digest_gost2012_256 in gost_md2012.c.o
      _digest_gost2012_512 in gost_md2012.c.o
  "_EVP_MD_meth_set_final", referenced from:
      _imit_gost_cpa in gost_crypt.c.o
      _imit_gost_cp_12 in gost_crypt.c.o
      _digest_gost in gost_md.c.o
      _digest_gost2012_256 in gost_md2012.c.o
      _digest_gost2012_512 in gost_md2012.c.o
  "_EVP_MD_meth_set_flags", referenced from:
      _imit_gost_cpa in gost_crypt.c.o
      _imit_gost_cp_12 in gost_crypt.c.o
  "_EVP_MD_meth_set_init", referenced from:
      _imit_gost_cpa in gost_crypt.c.o
      _imit_gost_cp_12 in gost_crypt.c.o
      _digest_gost in gost_md.c.o
      _digest_gost2012_256 in gost_md2012.c.o
      _digest_gost2012_512 in gost_md2012.c.o
  "_EVP_MD_meth_set_input_blocksize", referenced from:
      _imit_gost_cpa in gost_crypt.c.o
      _imit_gost_cp_12 in gost_crypt.c.o
      _digest_gost in gost_md.c.o
      _digest_gost2012_256 in gost_md2012.c.o
      _digest_gost2012_512 in gost_md2012.c.o
  "_EVP_MD_meth_set_result_size", referenced from:
      _imit_gost_cpa in gost_crypt.c.o
      _imit_gost_cp_12 in gost_crypt.c.o
      _digest_gost in gost_md.c.o
      _digest_gost2012_256 in gost_md2012.c.o
      _digest_gost2012_512 in gost_md2012.c.o
  "_EVP_MD_meth_set_update", referenced from:
      _imit_gost_cpa in gost_crypt.c.o
      _imit_gost_cp_12 in gost_crypt.c.o
      _digest_gost in gost_md.c.o
      _digest_gost2012_256 in gost_md2012.c.o
      _digest_gost2012_512 in gost_md2012.c.o
  "_EVP_PKEY_asn1_set_security_bits", referenced from:
      _register_ameth_gost in gost_ameth.c.o
  "_OPENSSL_die", referenced from:
      _pkey_gost_ctrl in gost_pmeth.c.o
      _gost_ec_sign in libgost.a(gost_ec_sign.c.o)
      _gost_ec_verify in libgost.a(gost_ec_sign.c.o)
      _pkey_GOST_ECcp_decrypt in libgost.a(gost_ec_keyx.c.o)
  "_OPENSSL_hexstr2buf", referenced from:
      _pkey_gost_mac_ctrl_str in gost_pmeth.c.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[2]: *** [../bin/gost.so] Error 1
make[1]: *** [CMakeFiles/gost_engine.dir/all] Error 2
make: *** [all] Error 2

Somehow the libraries are not picked up... But they're there:

$ ll $HOME/src/openssl/*.dylib
-rwxr-xr-x  1 uri  staff  2591144 Jun 26 18:52 /Users/uri/src/openssl/libcrypto.1.1.dylib*
lrwxr-xr-x  1 uri  staff       19 Jun 26 18:52 /Users/uri/src/openssl/libcrypto.dylib@ -> libcrypto.1.1.dylib
-rwxr-xr-x  1 uri  staff   493208 Jun 26 18:52 /Users/uri/src/openssl/libssl.1.1.dylib*
lrwxr-xr-x  1 uri  staff       16 Jun 26 18:52 /Users/uri/src/openssl/libssl.dylib@ -> libssl.1.1.dylib
$

Can it be that the script is looking for .so instead of .dylib on this platform??? (But in that case why does it succeed on another Mac?)

What info would you need to help debugging this weird problem?

P.S. Making sure static libraries are there did not help either.

OpenSSL 1.0.2 и GOST2012

Пытаюсь собрать OpenSSL_1_0_2-stable с gost-engine из ветки openssl_1_0_2.
Согласно инструкции накладываю патчи из engine/patches/1.0.2 и копирую engine/* в engines/ccgost:

$ git clone [email protected]:gost-engine/engine.git
$ cd engine && git checkout openssl_1_0_2
$ cd ../openssl-OpenSSL_1_0_2-stable
$ patch -p1 < ../engine/patches/1.0.2/1.oids.diff
$ patch -p1 < ../engine/patches/1.0.2/2.numeric.diff
$ patch -p1 < ../engine/patches/1.0.2/3.pkcs12.diff
$ patch -p1 < ../engine/patches/1.0.2/4.smimecap.diff
$ cp -rf ../engine/* engines/ccgost/
$ ./config --prefix=/opt/openssl-1.0.2-gost --openssldir=/opt/openssl-1.0.2-gost/ssl -Wl,-rpath,/opt/openssl-1.0.2-gost/lib shared
$ make depend && make -j4 && sudo make install

Патчи накладываются без ошибок, сборка проходит нормально. Однако в списке ciphers присутствует только:

$ LD_LIBRARY_PATH=/opt/openssl-1.0.2-gost/lib /opt/openssl-1.0.2-gost/bin/openssl ciphers | tr ":" "\n" | grep GOST
GOST2001-GOST89-GOST89

Так и должно быть или я что-то делаю не так?

Развитие поддержки ГОСТ алгоритмов прекращено?

Подскажите а проект жив еще? просто последний коммит от 2016 года. :(

The engine fails to compile on OpenSSL 1.1.0. I know it isn't released yet but I need GOST 34.10-2012 because -2001 is deprecated by now. There are several issues with opaque data structures, I hacked my way around it with this patch:

diff --git a/Makefile b/Makefile
index 95014cb..0c906e0 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
 DIR=ccgost
 TOP=../..
 CC=cc
-INCLUDES= -I../../include
+INCLUDES= -I../../include -I../../crypto/include
 CFLAG=-g
 MAKEFILE= Makefile
 AR= ar r
diff --git a/gost_ameth.c b/gost_ameth.c
index 8a9cd28..2336787 100644
--- a/gost_ameth.c
+++ b/gost_ameth.c
@@ -18,6 +18,7 @@
 #endif
 #include "gost_lcl.h"
 #include "e_gost_err.h"
+#include <internal/evp_int.h>

 /*
  * Pack bignum into byte buffer of given size, filling all leading bytes by
diff --git a/gost_lcl.h b/gost_lcl.h
index a82362f..945ca48 100644
--- a/gost_lcl.h
+++ b/gost_lcl.h
@@ -35,6 +35,11 @@ typedef struct R3410_ec {
     char *y;
 } R3410_ec_params;

+struct DSA_SIG_st {
+    BIGNUM *r;
+    BIGNUM *s;
+};
+
 extern R3410_ec_params R3410_2001_paramset[],
     *R3410_2012_256_paramset, R3410_2012_512_paramset[];

It's by no means proper but at least I can compile from the openssl_1_1_0 branch. Master has much more issues so I gave up on it. Still, make produces this:

(cd ../..; make DIRS=engines sub_all)
make[1]: Entering directory '/home/rkfg/soft/openssl'
make[1]: *** No rule to make target 'sub_all'.  Stop.
make[1]: Leaving directory '/home/rkfg/soft/openssl'
Makefile:20: recipe for target 'top' failed
make: *** [top] Error 2

Indeed, there are no such targets. make lib only touches the lib file and does nothing else. Basically, I have a bunch of object files but no shared library to use.

I don't know how the engine directory should be named so I chose ccgost as it was named before. OpenSSL (branch is OpenSSL_1_1_0-pre4) itself doesn't seem to compile the engine by default even with enable-shared option. I can compile OpenSSL without problems but gost-engine gives me headaches.

Не работает подпись на openssl 1.1.0f

Здравствуйте.

Помогите, пожалуйста. На openssl 1.0.2 работает следующая команда:

echo "123" | openssl dgst -sign private.key -engine gost -hex

Приватный ключ при этом создавался из закрытого контейнера криптопро по данному гайду: https://habr.com/post/275039/

На openssl 1.1.0f не заводится, ошибка:

engine "gost" set.
unable to load key file
140466538247424:error:0D0E20DD:asn1 encoding routines:c2i_ibuf:illegal padding:../crypto/asn1/a_int.c:187:
140466538247424:error:8007F072:lib(128):PRIV_DECODE_GOST:invalid paramset:/root/openssl/engine/gost_ameth.c:375:
140466538247424:error:0606F091:digital envelope routines:EVP_PKCS82PKEY:private key decode error:../crypto/evp/evp_pkey.c:44:
140466538247424:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:../crypto/pem/pem_pkey.c:86:

Как завести?

On Mac CMake (current master) fails with TEST_BIG_ENDIAN

$ cmake -DCMAKE_C_FLAGS="-I${HOME}/src/openssl-1.1/include -L${HOME}/src/openssl-1.1/lib" ..
-- Check if the system is big endian
-- Searching 16 bit integer
CMake Error at /opt/local/share/cmake-3.8/Modules/TestBigEndian.cmake:41 (message):
  no suitable type found
Call Stack (most recent call first):
  CMakeLists.txt:8 (TEST_BIG_ENDIAN)


-- Configuring incomplete, errors occurred!
See also "/Users/ur20980/src/grasshopper-engine/build/CMakeFiles/CMakeOutput.log".
See also "/Users/ur20980/src/grasshopper-engine/build/CMakeFiles/CMakeError.log".

Here's the error log:
CMakeError.log.txt

P.S. I swear I had successful builds yesterday.

Ошибка при формировании ключа

Снова здравствуйте! Выполняю команду:
openssl genpkey -algorithm gost2012_512 -pkeyopt paramset:A -out seckey.pem -gost89-cnt-12 -pass pass:hello

выдает ошибку:
Error writing key
140489600395072:error:0D0A706C:asn1 encoding routines:PKCS5_pbe2_set_iv:cipher has no object identifier:crypto/asn1/p5_pbev2.c:53:
140489600395072:error:2307D00D:PKCS12 routines:PKCS8_encrypt:ASN1 lib:crypto/pkcs12/p12_p8e.c:32:

Вывод команды openssl engine -c :
(dynamic) Dynamic engine loading support
(gost) Reference implementation of GOST engine
[gost89, gost89-cnt, gost89-cnt-12, gost89-cbc, grasshopper-ecb, grasshopper-cbc, grasshopper-cfb, grasshopper-ofb, grasshopper-ctr, md_gost94, gost-mac, md_gost12_256, md_gost12_512, gost-mac-12, gost2001, gost-mac, gost2012_256, gost2012_512, gost-mac-12]

Algorithm GOST 34.10 2012_512 with paramset C isn't implemented

Здравствуйте. Столкнулся с проблемой отсутствия возможности генерации ключа алгоритма ГОСТ 34.10 2012_512 с набором параметром "С". С чем связано отсутствие реализации этого набора параметров и планируется ли реализация в будущем?

Apply fix

https://github.com/openssl/openssl/pull/511/files
Apply fix

engine does not display ciphers on openssl-1.1.0h

when I install openssl-1.1.0g - everything is ok
however on openssl-1.1.0h - "openssl ciphers" does not contain "GOST"

what do you think if we add travis-ci build ? which will check "openssl ciphers", for example ?

Add more cipher modes

GOST engine now support only few of available cipher modes.
CFB, CNT and (in the gost89-cbc branch) CBC.

It would be nice to have rest of modes (OFB, ECB) available. Especially, ECB, because it would allow to construct everything else from the high-level code using EVP-level functions

Add interface for GOST keymeshing

In some applications there is a need for ability to perform key meshing via OpenSSL interface as a separate action.

Ideally it would be done by EVP interface.
But it assumes changes to OpenSSL core, so doing it (for exxample) via engine-specific command also will do.

не работает тест 04-pkey.t

если кто-то понимает, как это должно работать, посмотрите, плиз ?
я (пока) не осилил

Не могу собрать gost-engine

Доброго времени суток!
Пытаюсь собрать из Ваших исходников gost-engine по инструкции Build, команда
make TOP=../openssl-1.0.2d
я уже по всякому менял, и l вместо d (openssl 1.0.2l), выдает ошибку:
make: *** Не заданы цели и не найден make-файл. Останов.
Если пытаюсь собрать по инструкции CMake_Readme.md из проекта, то сыпятся ошибки (вывод в прицепе)
Версия Linux FC19(требование заказчика), openssl - 1.0.2l (с сайта)
gost-engine-make-error.txt

Add framework to add entries into object database.

Now, gost engine depends entirely on neccessary OIDs and SNs added to core OpenSSL object database. This prevent using of updated engine with already released OpenSSL.

It would be nice if separately maintained engine would work with older versions of OpenSSL declaring new NIDs if possible, but taking advantage of existing ones if neccessary.

не совсем правильный путь при "make install"

при установке путь до папки с engine выбирается неправильно.
пример, берем CentOS7, ставим на нее openssl-1.1.0, ставим engine ... он видит установленную нами версию openssl, но неправильно формирует путь до папки

wget https://www.openssl.org/source/openssl-1.1.0h.tar.gz
tar xf openssl-1.1.0h.tar.gz
cd openssl-1.1.0h
./config shared
make all install_sw
cd ..
git clone https://github.com/gost-engine/engine.git
cd engine
cmake3 .
make all install


#ls /usr/local/lib64/| grep engines
engines-1_1
engines-1.1
#

engines-1.1 - тут хочет видеть openssl
engines-1_1 - сюда кладет инсталятор

если openssl ставится с недефолтным префиксом (как, например, тут #59), то магия с определением путей ломается еще сильнее (engine, несмотря на то, что ему передали OPENSSL_ROOT_DIR, все равно ставит в /usr/local)

я (пока) не осилил эту магию, поэтому issue, а не PR

OPENSSL_zalloc

The patch to be applied

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b51bce942023325e727ca4225252d06c49d8f2b7#patch33

result of gost_ec_compute_public() should be checked

Идентификаторы параметров для ГОСТ-2012-256

Подскажите, почему тут так?

engine/gost_params.c

Line 90 in ae3020d

R3410_ec_params *R3410_2012_256_paramset = R3410_2001_paramset;

У КриптоПро идентификаторы параметров для ГОСТ-2012-256 отличаются от ГОСТ-2001.

https://cpdn.cryptopro.ru/content/csp40/html/group___pro_c_s_p_ex_CP_PARAM_OIDS.html

INSTALL.md

Hello, I tried to install the engine using your guide located in INSTALL.md file, and that try was unsuccessful. So help me please :) Ready to give all information you need about my installation process

Ubuntu 16.04
OpenSSL 1.1.1-pre4 and -pre6
While installing i found that on step 2 "How to Install" the file gost.so was installed in .../engines-1_1 folder, not in .../engines-1.1 as guided. So i created symlink and finished the installation but the output of:
openssl ciphers | tr ':' '\n' | grep GOST
was empty

Supported algo list

Please update ALGORITHMS SUPPORTED section of README.gost.

Thanks!

Fails to build on Mac with the OpenSSL-1.1 master

$ cmake -DOPENSSL_PATH=/Users/uri/src/openssl ..
-- The C compiler identification is AppleClang 8.1.0.8020042
-- The CXX compiler identification is AppleClang 8.1.0.8020042
-- Check for working C compiler: /opt/local/bin/clang
-- Check for working C compiler: /opt/local/bin/clang -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Check for working CXX compiler: /opt/local/bin/clang++
-- Check for working CXX compiler: /opt/local/bin/clang++ -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Check if the system is big endian
-- Searching 16 bit integer
-- Looking for sys/types.h
-- Looking for sys/types.h - found
-- Looking for stdint.h
-- Looking for stdint.h - found
-- Looking for stddef.h
-- Looking for stddef.h - found
-- Check size of unsigned short
-- Check size of unsigned short - done
-- Using unsigned short
-- Check if the system is big endian - little endian
-- LITTLE_ENDIAN
-- Configuring done
-- Generating done
-- Build files have been written to: /Users/uri/src/grasshopper-engine/build
$ make
Scanning dependencies of target gost
[  3%] Building C object CMakeFiles/gost.dir/gost_ec_keyx.c.o
In file included from /Users/uri/src/grasshopper-engine/gost_ec_keyx.c:10:
In file included from /Users/uri/src/openssl/include/openssl/evp.h:16:
/Users/uri/src/openssl/include/openssl/bio.h:685:27: error: declaration of 'struct hostent'
      will not be visible outside of this function [-Werror,-Wvisibility]
DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name))
                          ^
/Users/uri/src/openssl/include/openssl/bio.h:686:1: error: expected function body after
      function declarator
DEPRECATEDIN_1_1_0(int BIO_get_port(const char *str, unsigned short *port_ptr))
^
/Users/uri/src/openssl/include/openssl/bio.h:698:55: error: declaration of
      'union BIO_sock_info_u' will not be visible outside of this function
      [-Werror,-Wvisibility]
                  enum BIO_sock_info_type type, union BIO_sock_info_u *info);
                                                      ^
In file included from /Users/uri/src/grasshopper-engine/gost_ec_keyx.c:10:
In file included from /Users/uri/src/openssl/include/openssl/evp.h:27:
In file included from /Users/uri/src/openssl/include/openssl/objects.h:15:
In file included from /Users/uri/src/openssl/include/openssl/asn1.h:24:
/Users/uri/src/openssl/include/openssl/bn.h:291:1: error: expected function body after
      function declarator
DEPRECATEDIN_0_9_8(int
^
/Users/uri/src/openssl/include/openssl/bn.h:362:1: error: expected function body after
      function declarator
DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3
^
In file included from /Users/uri/src/grasshopper-engine/gost_ec_keyx.c:10:
In file included from /Users/uri/src/openssl/include/openssl/evp.h:27:
In file included from /Users/uri/src/openssl/include/openssl/objects.h:15:
/Users/uri/src/openssl/include/openssl/asn1.h:553:1: error: type specifier missing, defaults
      to 'int' [-Werror,-Wimplicit-int]
DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x))
^
/Users/uri/src/openssl/include/openssl/asn1.h:553:68: error: expected ';' after top level
      declarator
DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x))
                                                                   ^
                                                                   ;
In file included from /Users/uri/src/grasshopper-engine/gost_ec_keyx.c:11:
/Users/uri/src/openssl/include/openssl/err.h:248:1: error: expected function body after
      function declarator
DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid))
^
In file included from /Users/uri/src/grasshopper-engine/gost_ec_keyx.c:12:
/Users/uri/src/openssl/include/openssl/rand.h:47:1: error: type specifier missing, defaults
      to 'int' [-Werror,-Wimplicit-int]
DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num))
^
/Users/uri/src/openssl/include/openssl/rand.h:47:1: error: conflicting types for
      'DEPRECATEDIN_1_1_0'
/Users/uri/src/openssl/include/openssl/asn1.h:553:1: note: previous declaration is here
DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x))
^
In file included from /Users/uri/src/grasshopper-engine/gost_ec_keyx.c:12:
/Users/uri/src/openssl/include/openssl/rand.h:47:71: error: expected ';' after top level
      declarator
DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num))
                                                                      ^
                                                                      ;
In file included from /Users/uri/src/grasshopper-engine/gost_ec_keyx.c:18:
In file included from /Users/uri/src/grasshopper-engine/gost_lcl.h:14:
In file included from /Users/uri/src/openssl/include/openssl/dsa.h:31:
/Users/uri/src/openssl/include/openssl/dh.h:135:1: error: type specifier missing, defaults
      to 'int' [-Werror,-Wimplicit-int]
DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
^
/Users/uri/src/openssl/include/openssl/dh.h:138:61: error: expected ';' after top level
      declarator
                                              void *cb_arg))
                                                            ^
                                                            ;
In file included from /Users/uri/src/grasshopper-engine/gost_ec_keyx.c:18:
In file included from /Users/uri/src/grasshopper-engine/gost_lcl.h:14:
/Users/uri/src/openssl/include/openssl/dsa.h:122:1: error: type specifier missing, defaults
      to 'int' [-Werror,-Wimplicit-int]
DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits,
^
/Users/uri/src/openssl/include/openssl/dsa.h:122:1: error: conflicting types for
      'DEPRECATEDIN_0_9_8'
/Users/uri/src/openssl/include/openssl/dh.h:135:1: note: previous declaration is here
DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
^
In file included from /Users/uri/src/grasshopper-engine/gost_ec_keyx.c:18:
In file included from /Users/uri/src/grasshopper-engine/gost_lcl.h:14:
/Users/uri/src/openssl/include/openssl/dsa.h:129:63: error: expected ';' after top level
      declarator
                                                void *cb_arg))
                                                              ^
                                                              ;
In file included from /Users/uri/src/grasshopper-engine/gost_ec_keyx.c:18:
In file included from /Users/uri/src/grasshopper-engine/gost_lcl.h:16:
In file included from /Users/uri/src/openssl/include/openssl/x509.h:31:
/Users/uri/src/openssl/include/openssl/rsa.h:206:1: error: type specifier missing, defaults
      to 'int' [-Werror,-Wimplicit-int]
DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
^
/Users/uri/src/openssl/include/openssl/rsa.h:206:1: error: conflicting types for
      'DEPRECATEDIN_0_9_8'
/Users/uri/src/openssl/include/openssl/dh.h:135:1: note: previous declaration is here
DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
^
In file included from /Users/uri/src/grasshopper-engine/gost_ec_keyx.c:18:
In file included from /Users/uri/src/grasshopper-engine/gost_lcl.h:16:
In file included from /Users/uri/src/openssl/include/openssl/x509.h:31:
/Users/uri/src/openssl/include/openssl/rsa.h:208:56: error: expected ';' after top level
      declarator
                                         void *cb_arg))
                                                       ^
                                                       ;
fatal error: too many errors emitted, stopping now [-ferror-limit=]
20 errors generated.
make[2]: *** [CMakeFiles/gost.dir/gost_ec_keyx.c.o] Error 1
make[1]: *** [CMakeFiles/gost.dir/all] Error 2
make: *** [all] Error 2
$

Compatibility with OpenSSL-1.0.2 is broken

The title says it all: it seems impossible to build this engine with OpenSSL-1.0.2 any more. And 1.0.2 is the current standard for the vast majority of the deployed applications (those that aren't stuck with 0.9.8 :), so it is infeasible to replace the standard OpenSSL installation (which is 1.0.2l) with 1.1...

Adapt to 1.1.0 opaque EVP_CIPHER/EVP_CIPHER_CTX structs.

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=39e8d0ce73fb4cd760fbc02b82081a52263c8781

Слинковать в статическую библиотеку вместе с OpenSSL

Привет! Я правильно понимаю что тк OpenSSL перешел в 1.1.0 на динамическую загрузку модулей то слинковать это все (OpenSSL + ГОСТ) в одну статическую библиотеку (*.a) больше невозможно? Так как при развертывании есть сложности с развертыванием дополнительных файлов, хочется один большой статически слинкованный бинарник.
На выходе хочется получить OpenSSL для статической сборки сразу с gost-engine (как было в версиях 1.0.1 при сборке с no-shared)

GOST 2001 certificate CryptoPro CSP

Добрый день.
Столкнулся с проблемой работы ГОСТ сертификатов.
На версии openssl 1.0.2 все работает корректно как на Linux так и на Windows + CryptoPro CSP.
После установки openssl 1.1 с модулем ГОСТ не проходит handshake.
Соединение возможно установить если использовать на клиенте такую же библиотеку.

Соответственно как заставить работать модуль со всеми остальными клиентами? Cipher при подключении используется один и тот же GOST2001-GOST89-GOST89.

Примеры:

root@debian:~# openssl version
OpenSSL 1.0.1k 8 Jan 2015

root@debian:~# openssl engine
(rsax) RSAX engine support
(rdrand) Intel RDRAND engine
(dynamic) Dynamic engine loading support
(gost) Reference implementation of GOST engine

root@debian:~# openssl ciphers | tr ":" "\n" | grep GOST
GOST2001-GOST89-GOST89
GOST94-GOST89-GOST89

root@debian:~# curl -v --ciphers GOST2001-GOST89-GOST89 https://172.17.0.2/
* Hostname was NOT found in DNS cache
*   Trying 172.17.0.2...
* Connected to 172.17.0.2 (172.17.0.2) port 443 (#0)
* failed setting cipher list: GOST2001-GOST89-GOST89
* Closing connection 0
curl: (59) failed setting cipher list: GOST2001-GOST89-GOST89

root@2f66fe4ce860:/# openssl version
OpenSSL 1.1.0f  25 May 2017

root@2f66fe4ce860:/# openssl engine
(rdrand) Intel RDRAND engine
(dynamic) Dynamic engine loading support
(gost) Reference implementation of GOST engine

root@2f66fe4ce860:/# openssl ciphers | tr ":" "\n" | grep GOST
GOST2012-GOST8912-GOST8912
GOST2001-GOST89-GOST89

root@2f66fe4ce860:/# curl -v --ciphers GOST2001-GOST89-GOST89 https://172.17.0.2/ -k
*   Trying 172.17.0.2...
* TCP_NODELAY set
* Connected to 172.17.0.2 (172.17.0.2) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: GOST2001-GOST89-GOST89
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / GOST2001-GOST89-GOST89
* ALPN, server accepted to use http/1.1
* Server certificate:
...
> GET / HTTP/1.1
> Host: 172.17.0.2
> User-Agent: curl/7.52.1
> Accept: */*
> 
* TLSv1.2 (IN), TLS alert, Client hello (1):
* Curl_http_done: called premature == 0
* Empty reply from server
* Connection #0 to host 172.17.0.2 left intact

OpenSSL 1.0.2

Подскажите, пожалуйста, как собрать на Debian под OpenSSL 1.0.2?

Problem with OpenSSL 1.1.0g

I used 0.9 version of OpenSSL with GOST-engine without problems.

Now I explore installation with OpenSSL 1.1.0g ang this gost-engine.

OpenSSL operates OK in many cases (key/csr generation, etc.) but reports about problems at some checks, e.g.:

C:\openssl\bin>openssl engine -t -post list_csps
(dynamic) Dynamic engine loading support
[ unavailable ]
(capi) CryptoAPI ENGINE
[ available ]
Available CSPs:
0. Aktiv ruToken CSP v1.0, type 1

Crypto-Pro GOST R 34.10-2001 Cryptographic Service Provider, type 75
Crypto-Pro GOST R 34.10-2012 Cryptographic Service Provider, type 80
Crypto-Pro GOST R 34.10-2012 Strong Cryptographic Service Provider, type 81
eToken Base Cryptographic Provider, type 1
Microsoft Base Cryptographic Provider v1.0, type 1
Microsoft Base DSS and Diffie-Hellman Cryptographic Provider, type 13
Microsoft Base DSS Cryptographic Provider, type 3
Microsoft Base Smart Card Crypto Provider, type 1
Microsoft DH SChannel Cryptographic Provider, type 18
Microsoft Enhanced Cryptographic Provider v1.0, type 1
Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider, type 13
Microsoft Enhanced RSA and AES Cryptographic Provider, type 24
Microsoft Exchange Cryptographic Provider v1.0, type 5
Microsoft RSA SChannel Cryptographic Provider, type 12
Microsoft Strong Cryptographic Provider, type 1
[Success]: list_csps
(gost) Reference implementation of GOST engine
[ available ]
[Failure]: list_csps
7728:error:260AC089:engine routines:int_ctrl_helper:invalid cmd name:crypto\engine\eng_ctrl.c:85:
7728:error:260AB089:engine routines:ENGINE_ctrl_cmd_string:invalid cmd name:crypto\engine\eng_ctrl.c:263:

Engine section is the following:
#-------------------------------------------------------------------
[engine_section]
capi = capi_config
gost = gost_section
#-------------------------------------------------------------------
[capi_config]
engine_id = capi
dynamic_path = ./engines/capi.dll
#default_algorithms = ALL
init=1
#-------------------------------------------------------------------
[gost_section]
engine_id = gost
dynamic_path = ./engines/gost.dll
default_algorithms = ALL
init = 0
#-------------------------------------------------------------------

If gost=gost_section is commented, I have no problem.
What is a problem and how to solve ?

перенос тестов из ветки object_db в мастер

00-engine.t - кажется, этот тест перекрывает собой 'openssl engine | grep GOST', после его включения, наверное, проверку https://github.com/gost-engine/engine/blob/master/.ci/build-check.sh#L11 можно убрать?

абсолютный способ определения пути до библиотеки $ENV{'OPENSSL_ENGINES'} = abs_path("../.libs"); кажется, не очень удобен. может сделать условное присваивание, если переменная не задана, то задать ее таким значением. это не поломает текущее поведение и даст возможность переопределять путь

частично тесты падают
https://travis-ci.org/chipitsine/engine/builds/396454774

надо бы их посмотреть

насчет переноса тестов в мастер, перенесете своими силами? если я буду, то комит пойдет с моим авторством, что не очень правильно.

Build under Windows

Add references to OpenSSL at CMakeLists.txt

include_directories("C:/projects/openssl/out32/openssl-x86-shared-release-vs2015/include")
link_libraries("C:/projects/openssl/out32/openssl-x86-shared-release-vs2015/lib/libcrypto.lib", "C:/projects/openssl/out32/openssl-x86-shared-release-vs2015/lib/libssl.lib")

Build the gost-engine

cd /projects/openssl/tmp32
mkdir engine
cd engine
cmake -G "MinGW Makefiles" --build /projects/openssl/out32/engine
mingw32-make.exe

At result

[ 85%] Linking C shared module \projects\openssl\out32\engine\bin\gost.dll
c:/mingw/bin/../lib/gcc/mingw32/6.3.0/../../../../mingw32/bin/ld.exe: cannot find -l,
c:/mingw/bin/../lib/gcc/mingw32/6.3.0/../../../../mingw32/bin/ld.exe: cannot find -lcrypto
c:/mingw/bin/../lib/gcc/mingw32/6.3.0/../../../../mingw32/bin/ld.exe: cannot find -l,
collect2.exe: error: ld returned 1 exit status
CMakeFiles\gost_engine.dir\build.make:371: recipe for target '/projects/openssl/out32/engine/bin/gost.dll' failed
mingw32-make.exe[2]: *** [/projects/openssl/out32/engine/bin/gost.dll] Error 1
CMakeFiles\Makefile2:103: recipe for target 'CMakeFiles/gost_engine.dir/all' failed
mingw32-make.exe[1]: *** [CMakeFiles/gost_engine.dir/all] Error 2
Makefile:82: recipe for target 'all' failed
mingw32-make.exe: *** [all] Error 2

How to build a gost-engine under Windows?

EVP_key_check

Implement EVP_PKEY_check (master).

License

You haven't license for engine. Can I use it in commercical product? Has any requirements for using?
Publish license for engine, please.

Parsing GOST 2001 keys using java library BouncyCastle

Добрый день. Я пытаюсь прочитать ключи ГОСТ 3410 2001 используя BouncyCastle. В issues ответили, что, по всей видимости, в РЕМ ключа не хватает определенных байт.
Данная проблема отсутствует при использовании ccgost, который идет с openssl 1.0.2.
С чем это может быть связано?

не накладывается 2 патча на ветку openssl-1.0.2

$ git clone -b OpenSSL_1_0_2-stable https://github.com/openssl/openssl.git
Cloning into 'openssl'...
remote: Counting objects: 300635, done.
remote: Compressing objects: 100% (21/21), done.
remote: Total 300635 (delta 7), reused 11 (delta 5), pack-reused 300609
Receiving objects: 100% (300635/300635), 145.09 MiB | 1.79 MiB/s, done.
Resolving deltas: 100% (211146/211146), done.
$ cd openssl/
$ patch -p1 < ../patches/1.0.2/cipher_modes.diff
can't find file to patch at input line 4
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff -uNr crypto/objects_orig/obj_dat.h crypto/objects/obj_dat.h
|--- crypto/objects_orig/obj_dat.h	2015-10-06 20:43:14.000000000 +0300
|+++ crypto/objects/obj_dat.h	2015-10-06 20:45:53.000000000 +0300
--------------------------
File to patch: ^C
$ patch -p1 < ../patches/1.0.2/numeric.diff 
patching file crypto/asn1/a_mbstr.c
patching file crypto/asn1/a_strnid.c
Hunk #1 FAILED at 192.
1 out of 1 hunk FAILED -- saving rejects to file crypto/asn1/a_strnid.c.rej
$

Problem compiling code

gcc -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -Wall -O0 -g -DBN_DEBUG
-DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_IA32_SSE2
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM
-DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -pedantic
-DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow
-Wformat -Wtype-limits -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT
-DDEBUG_UNUSED -c -o gost_md2012.o gost_md2012.c
gost_md2012.c: In function ‘gost_digest_copy’:
gost_md2012.c:86:50: error: invalid application of ‘sizeof’ to a void
type [-Werror=pointer-arith]
memcpy(to->md_data, from->md_data, sizeof(*(from->md_data)));
^
cc1: all warnings being treated as errors
: recipe for target 'gost_md2012.o' failed

core dump in grasshopper-ctr mode

The issue appears through using the branch openssl_1_1_0: encryption/decryption command
./openssl enc -grasshopper-ctr <...>
return
openssl: malloc.c:2395: sysmalloc: Assertion (old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0)' failed. Core dump

Add interface to assign UZ to key individually.

Now UZ specified globally.
Need ability to override key parameters for each key separately.

This is required, for example, for IKE in GOST IPSec.

gosthash2012 don't work without L_ENDIAN

If L_ENDIAN is not defined, then used other constant. It make incorrect hash and handshake will failed.

Current master fails to find OpenSSL-1.1 installation

OpenSSL binaries (and libraries and include files) are installed in $HOME/openssl-1.1 directory tree.

$ git clone https://github.com/gost-engine/engine.git grass-engine
Cloning into 'grass-engine'...
remote: Counting objects: 508, done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 508 (delta 0), reused 4 (delta 0), pack-reused 502
Receiving objects: 100% (508/508), 656.45 KiB | 0 bytes/s, done.
Resolving deltas: 100% (311/311), done.
$ cd grass-engine/
$ mkdir build
$ cd build
$ !cma
cmake -DCMAKE-C-FLAGS="-I{$HOME}/openssl-1.1/include -L${HOME}/openssl-1.1/lib" ..
-- The C compiler identification is AppleClang 8.1.0.8020042
-- The CXX compiler identification is AppleClang 8.1.0.8020042
-- Check for working C compiler: /opt/local/bin/clang
-- Check for working C compiler: /opt/local/bin/clang -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Check for working CXX compiler: /opt/local/bin/clang++
-- Check for working CXX compiler: /opt/local/bin/clang++ -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Check if the system is big endian
-- Searching 16 bit integer
-- Looking for sys/types.h
-- Looking for sys/types.h - found
-- Looking for stdint.h
-- Looking for stdint.h - found
-- Looking for stddef.h
-- Looking for stddef.h - found
-- Check size of unsigned short
-- Check size of unsigned short - done
-- Using unsigned short
-- Check if the system is big endian - little endian
-- LITTLE_ENDIAN
-- Configuring done
-- Generating done
CMake Warning:
  Manually-specified variables were not used by the project:

    CMAKE-C-FLAGS


-- Build files have been written to: /Users/uri/src/grasshopper-engine/grass-engine/build
$ make
Scanning dependencies of target gost
[  3%] Building C object CMakeFiles/gost.dir/gost_ec_keyx.c.o
/Users/uri/src/grasshopper-engine/grass-engine/gost_ec_keyx.c:33:43: error: use of
      undeclared identifier 'NID_id_GostR3411_2012_512'
    int effective_dgst_nid = (dgst_nid == NID_id_GostR3411_2012_512) ?
                                          ^
/Users/uri/src/grasshopper-engine/grass-engine/gost_ec_keyx.c:34:9: error: use of undeclared
      identifier 'NID_id_GostR3411_2012_256'
        NID_id_GostR3411_2012_256 : dgst_nid;
        ^
/Users/uri/src/grasshopper-engine/grass-engine/gost_ec_keyx.c:35:32: error: use of
      undeclared identifier 'NID_id_GostR3411_2012_512'
    int buf_len = (dgst_nid == NID_id_GostR3411_2012_512) ? 128 : 64,
                               ^
/Users/uri/src/grasshopper-engine/grass-engine/gost_ec_keyx.c:45:15: error: implicit
      declaration of function 'OPENSSL_zalloc' is invalid in C99
      [-Werror,-Wimplicit-function-declaration]
    databuf = OPENSSL_zalloc(buf_len);
              ^
/Users/uri/src/grasshopper-engine/grass-engine/gost_ec_keyx.c:45:13: error: incompatible
      integer to pointer conversion assigning to 'unsigned char *' from 'int'
      [-Werror,-Wint-conversion]
    databuf = OPENSSL_zalloc(buf_len);
            ^ ~~~~~~~~~~~~~~~~~~~~~~~
/Users/uri/src/grasshopper-engine/grass-engine/gost_ec_keyx.c:79:13: error: implicit
      declaration of function 'EVP_MD_CTX_new' is invalid in C99
      [-Werror,-Wimplicit-function-declaration]
    mdctx = EVP_MD_CTX_new();
            ^
/Users/uri/src/grasshopper-engine/grass-engine/gost_ec_keyx.c:79:11: error: incompatible
      integer to pointer conversion assigning to 'EVP_MD_CTX *' (aka
      'struct env_md_ctx_st *') from 'int' [-Werror,-Wint-conversion]
    mdctx = EVP_MD_CTX_new();
          ^ ~~~~~~~~~~~~~~~~
/Users/uri/src/grasshopper-engine/grass-engine/gost_ec_keyx.c:97:5: error: implicit
      declaration of function 'EVP_MD_CTX_free' is invalid in C99
      [-Werror,-Wimplicit-function-declaration]
    EVP_MD_CTX_free(mdctx);
    ^
/Users/uri/src/grasshopper-engine/grass-engine/gost_ec_keyx.c:160:21: error: use of
      undeclared identifier 'NID_id_tc26_gost_28147_param_Z'
        OBJ_nid2obj(NID_id_tc26_gost_28147_param_Z);
                    ^
9 errors generated.
make[2]: *** [CMakeFiles/gost.dir/gost_ec_keyx.c.o] Error 1
make[1]: *** [CMakeFiles/gost.dir/all] Error 2
make: *** [all] Error 2
$

Remove DSA dependency

For historical reasons GOST engine use DSA functions and cannot be compiled if OpenSSL is built with --no-dsa option. We should rewrite it to use ECDSA functions.

hash

Gost hash 2012 (both 256 and 512) produces an incorrect result. ( It does not match examples from the standard Gost R 3411 2012).

Branch openssl_1_0_2 doesn't build with OpenSSL 1.0.2

Branch openssl_1_0_2 doesn't build with OpenSSL 1.0.2 (patched with patches from https://github.com/gost-engine/engine/tree/master/patches/1.0.2 ).

Because of this commit: a170809

Docs don't say how to use Grasshopper for S/MIME (encrypt email)

README.gost says that for S/MIME one needs to specify -gost89. What if one wants to use the current standard (Kuzniechik) block cipher rather than the old 1989 standard?

Similar question for other capabilities (Kuzniechik-based MAC, etc).

Bug in gost_grasshopper_cipher_do_ctr

The following is not correct for x86 archs:
memcpy(c->iv_buffer.b + 8, &c->counter, 8); and c->counter += 1;
See comment in crypto/modes/ctr128.c: "... the IV/counter CTR mode is big-endian".
Also you can see it in GOST_R_3413-2015, item A.2.2.1, table A.8 for input block values.
It's possible to fix as:

static void ctr128_inc(unsigned char *counter)
{
    unsigned int n = 16;
    unsigned char c;

    do {
        --n;
        c = counter[n];
        ++c;
        counter[n] = c;
        if (c) return;
    } while (n);
}

and replace lines: c->counter += 1
by ctr128_inc(c->iv_buffer.b)

SIGSEGV in openssl s_client

Hello!

I have an issue with openssl while connecting to TLS server with GOST server certificate.

/usr/local/bin/openssl version
OpenSSL 1.1.0c 10 Nov 2016

/usr/local/bin/openssl s_client -CAfile /usr/share/ca-certificates/extra/VipNet-CA.crt -state -connect 10.0.99.50:443

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f1e7f3a1158 in BN_is_zero (a=0x0) at crypto/bn/bn_lib.c:922
922         return a->top == 0;
(gdb) bt full
#0  0x00007f1e7f3a1158 in BN_is_zero (a=0x0) at crypto/bn/bn_lib.c:922
No locals.
#1  0x00007f1e7e8a660c in gost_ec_verify (dgst=0x7ffc06897f50 "\035A\232\021\340\031~\334\372\206\360\026\334i}Sϧ\270\370\267^\037\020\272YQМ\260bZ\240\177\211\006\374\177", dgst_len=32, sig=0x2256210,
    ec=0x2242a40) at /usr/src/engine/gost_ec_sign.c:348
        ctx = 0x2256d80
        group = 0x22432a0
        order = 0x22590c0
        md = 0x0
        e = 0x22590d8
        R = 0x2259150
        v = 0x2259168
        z1 = 0x22590f0
        z2 = 0x2259108
        sig_s = 0x0
        sig_r = 0x0
        X = 0x2259138
        tmp = 0x2259120
        C = 0x0
        pub_key = 0x2241210
        ok = 0
#2  0x00007f1e7e8abc64 in pkey_gost_ec_cp_verify (ctx=0x2256360,
    sig=0x2254b70 "\247ԍ\246i-\340U(\241\351b\336\004<\r\221\244\205e$\365\337F\325\304\305\345\311\334\005\022\322\b\227\177\323\367\005\265\365\327\345e2\274\250\345~\342\264\301q\b·\353Hṙ\035\002\321P",
    siglen=64, tbs=0x7ffc06897f50 "\035A\232\021\340\031~\334\372\206\360\026\334i}Sϧ\270\370\267^\037\020\272YQМ\260bZ\240\177\211\006\374\177", tbs_len=32) at /usr/src/engine/gost_pmeth.c:453
        ok = 0
        pub_key = 0x22424c0
        s = 0x2256210
#3  0x00007f1e7f45c370 in EVP_PKEY_verify (ctx=0x2256360,
    sig=0x2254b70 "\247ԍ\246i-\340U(\241\351b\336\004<\r\221\244\205e$\365\337F\325\304\305\345\311\334\005\022\322\b\227\177\323\367\005\265\365\327\345e2\274\250\345~\342\264\301q\b·\353Hṙ\035\002\321P",
    siglen=64, tbs=0x7ffc06897f50 "\035A\232\021\340\031~\334\372\206\360\026\334i}Sϧ\270\370\267^\037\020\272YQМ\260bZ\240\177\211\006\374\177", tbslen=32) at crypto/evp/pmeth_fn.c:97
No locals.
#4  0x00007f1e7f45932c in EVP_DigestVerifyFinal (ctx=0x22561d0,
    sig=0x2254b70 "\247ԍ\246i-\340U(\241\351b\336\004<\r\221\244\205e$\365\337F\325\304\305\345\311\334\005\022\322\b\227\177\323\367\005\265\365\327\345e2\274\250\345~\342\264\301q\b·\353Hṙ\035\002\321P",
    siglen=64) at crypto/evp/m_sigver.c:168
        md = "\035A\232\021\340\031~\334\372\206\360\026\334i}Sϧ\270\370\267^\037\020\272YQМ\260bZ\240\177\211\006\374\177\000\000\223\214F\177\036\177\000\000\000\000\000\000\244\000\000\000\340\332P\177\036\177\000"
        r = 1
        mdlen = 32
        vctx = 0
#5  0x00007f1e7f360962 in ASN1_item_verify (it=0x7f1e7f797380 <X509_CINF_it>, a=0x223fb78, signature=0x223fb88, asn=0x223faf0, pkey=0x22424c0) at crypto/asn1/a_verify.c:172
        ctx = 0x22561d0
        buf_in = 0x22590c0 "\320l%\002"
        ret = -1
        inl = 1696
        mdnid = 809
        pknid = 811
#6  0x00007f1e7f4eeaac in X509_verify (a=0x223faf0, r=0x22424c0) at crypto/x509/x_all.c:26
No locals.
#7  0x00007f1e7f4e926a in internal_verify (ctx=0x2254ea0) at crypto/x509/x509_vfy.c:1719
        pkey = 0x22424c0
        n = 0
        xi = 0x223e320
        xs = 0x223faf0
#8  0x00007f1e7f4e61d6 in verify_chain (ctx=0x2254ea0) at crypto/x509/x509_vfy.c:233
        err = 0
        ok = 1
#9  0x00007f1e7f4e6417 in X509_verify_cert (ctx=0x2254ea0) at crypto/x509/x509_vfy.c:293
        dane = 0x0
        ret = 0
---Type <return> to continue, or q <return> to quit---
#10 0x00007f1e7f7dcc50 in ssl_verify_cert_chain (s=0x223e990, sk=0x2241c60) at ssl/ssl_cert.c:439
        x = 0x223faf0
        i = 0
        verify_store = 0x223d220
        ctx = 0x2254ea0
        param = 0x22544f0
#11 0x00007f1e7f7f5c85 in tls_process_server_certificate (s=0x223e990, pkt=0x7ffc06898220) at ssl/statem/statem_clnt.c:1226
        al = 0
        i = 0
        ret = 0
        exp_idx = 0
        cert_list_len = 1780
        cert_len = 1777
        x = 0x0
        certstart = 0x2243f2a "0\202\006\355\060\202\006\234\240\003\002\001\002\002\020\001\321\361\201eE\277@"
        certbytes = 0x224461b ""
        sk = 0x2241c60
        pkey = 0x0
#12 0x00007f1e7f7f4981 in ossl_statem_client_process_message (s=0x223e990, pkt=0x7ffc06898220) at ssl/statem/statem_clnt.c:624
        st = 0x223e9d8
#13 0x00007f1e7f7f2f1b in read_state_machine (s=0x223e990) at ssl/statem/statem.c:589
        st = 0x223e9d8
        ret = 1
        mt = 11
        len = 1783
        transition = 0x7f1e7f7f3e39 <ossl_statem_client_read_transition>
        pkt = {curr = 0x224461b "", remaining = 0}
        process_message = 0x7f1e7f7f48ef <ossl_statem_client_process_message>
        post_process_message = 0x7f1e7f7f4a24 <ossl_statem_client_post_process_message>
        max_message_size = 0x7f1e7f7f483a <ossl_statem_client_max_message_size>
        cb = 0x0
#14 0x00007f1e7f7f29bc in state_machine (s=0x223e990, server=0) at ssl/statem/statem.c:385
        buf = 0x0
        Time = 1479452021
        cb = 0x0
        st = 0x223e9d8
        ret = -1
        ssret = 1
#15 0x00007f1e7f7f24b1 in ossl_statem_connect (s=0x223e990) at ssl/statem/statem.c:170
No locals.
#16 0x00007f1e7f7cd201 in ssl3_write_bytes (s=0x223e990, type=23, buf_=0x2228630, len=0) at ssl/record/rec_layer_s3.c:377
        buf = 0x2228630 "x\222\v\177\036\177"
        tot = 0
        n = 0
        split_send_fragment = 7400960
        maxpipes = 0
        max_send_fragment = 913408
        nw = 3670016
        u_len = 0
        wb = 0x223ed68
        i = 57344
#17 0x00007f1e7f7d9c1d in ssl3_write (s=0x223e990, buf=0x2228630, len=0) at ssl/s3_lib.c:3822
No locals.
#18 0x00007f1e7f7e6faa in SSL_write (s=0x223e990, buf=0x2228630, num=0) at ssl/ssl_lib.c:1605
No locals.
#19 0x000000000044f81d in s_client_main (argc=0, argv=0x7ffc06899040) at apps/s_client.c:2226
        sbio = 0x2242570
        key = 0x0
---Type <return> to continue, or q <return> to quit---
        con = 0x223e990
        ctx = 0x223caf0
        chain = 0x0
        cert = 0x0
        vpm = 0x221ebb0
        exc = 0x0
        cctx = 0x221ec30
        ssl_args = 0x0
        dane_tlsa_domain = 0x0
        dane_tlsa_rrset = 0x0
        dane_ee_no_name = 0
        crls = 0x0
        meth = 0x7f1e7fa2ab40 <TLS_client_method_data.20660>
        CApath = 0x0
        CAfile = 0x7ffc0689985d "/usr/share/ca-certificates/extra/VipNet-CA.crt"
        cbuf = 0x2228630 "x\222\v\177\036\177"
        sbuf = 0x2232600 ""
        mbuf = 0x2234610 ""
        proxystr = 0x0
        connectstr = 0x221ece0 "10.0.99.50:443"
        cert_file = 0x0
        key_file = 0x0
        chain_file = 0x0
        chCApath = 0x0
        chCAfile = 0x0
        host = 0x221ed00 "10.0.99.50"
        port = 0x221ed20 "443"
        inrand = 0x0
        passarg = 0x0
        pass = 0x0
        vfyCApath = 0x0
        vfyCAfile = 0x0
        sess_in = 0x0
        sess_out = 0x0
        crl_file = 0x0
        p = 0x7ffc06898754 ""
        xmpphost = 0x0
        ehlo = 0x47fcb5 "mail.example.com"
        timeout = {tv_sec = 0, tv_usec = 0}
        timeoutp = 0x0
        readfds = {__fds_bits = {0 <repeats 16 times>}}
        writefds = {__fds_bits = {8, 0 <repeats 15 times>}}
        noCApath = 0
        noCAfile = 0
        build_chain = 0
        cbuf_len = 0
        cbuf_off = 0
        cert_format = 32773
        key_format = 32773
        crlf = 0
        full_log = 1
        mbuf_len = 0
        prexit = 0
        sdebug = 0
        reconnect = 0
        verify = 0
        vpmtouched = 0
        ret = 1
        in_init = 1
        i = 1
        nbio_test = 0
        s = 3
        k = 0
        width = 4
        state = 0
        sbuf_len = 0
        sbuf_off = 0
        cmdletters = 1
        socket_family = 0
        socket_type = 1
        starttls_proto = 0
        crl_format = 32773
        crl_download = 0
        write_tty = 0
        read_tty = 1
        write_ssl = 1
        read_ssl = 1
        tty_on = 0
        ssl_pending = 0
        at_eof = 0
        read_buf_len = 0
        fallback_scsv = 0
        randamt = 0
        o = OPT_EOF
        enable_timeouts = 0
        socket_mtu = 0
        ssl_client_engine = 0x0
        e = 0x0
        servername = 0x0
        alpn_in = 0x0
        tlsextcbp = {biodebug = 0x0, ack = 0}
        ssl_config = 0x0
        serverinfo_types = {256, 0, 0, 0, 36633, 67, 0, 0, 35456, 1673, 32764, 0, 27648, 105, 0, 0, 35296, 1673, 32764, 0, 25696, 32582, 32542, 0, 0, 0, 0, 0, 35328, 1673, 32764, 0, 35456, 1673, 32764, 0,
          58480, 545, 0, 0, 0, 0, 7, 0, 60032, 545, 0, 0, 50480, 546, 0, 0, 32, 0, 0, 0, 46304, 2370, 0, 0, 36585, 67, 0, 0, 35360, 1673, 32764, 0, 24047, 32582, 32542, 0, 35456, 1673, 32764, 0, 58480, 545, 0,
          0, 46304, 2370, 0, 0, 60032, 545, 0, 0, 27648, 105, 0, 0, 42240, 5516, 4135, 37986, 35392, 1673, 32764, 0}
        serverinfo_count = 0
        start = 0
        len = 2127585272
        next_proto_neg_in = 0x0
        srppass = 0x0
        srp_lateuser = 0
        srp_arg = {srppassin = 0x0, srplogin = 0x0, msg = 0, debug = 0, amp = 0, strength = 1024}
        ctlog_file = 0x0
        ct_validation = 0
        min_version = 0
        max_version = 0
        prot_opt = 0
        no_prot_opt = 0
        async = 0
        split_send_fragment = 0
        max_pipelines = 0
        connect_type = use_inet
        count4or6 = 0
        c_nbio = 0
        c_msg = 0
        c_ign_eof = 0
---Type <return> to continue, or q <return> to quit---
        c_brief = 0
        c_tlsextdebug = 0
        c_status_req = 0
        bio_c_msg = 0x0
        __PRETTY_FUNCTION__ = "s_client_main"
#20 0x0000000000438c2b in do_cmd (prog=0x221e470, argc=5, argv=0x7ffc06899040) at apps/openssl.c:471
        f = {type = FT_none, name = 0x7ffc0689984c "s_client", func = 0x7ffc06898ab0, help = 0x43801c <lh_FUNCTION_retrieve+35>}
        fp = 0x696c00 <functions+1152>
#21 0x000000000043835c in main (argc=5, argv=0x7ffc06899040) at apps/openssl.c:177
        f = {type = 23, name = 0x6a2fe0 <prog> "s_client", func = 0x7f1e7ed05ff8, help = 0x7f1e7ecf8d80}
        fp = 0x0
        prog = 0x221e470
        copied_argv = 0x0
        p = 0x0
        pname = 0x6a2fe0 <prog> "s_client"
        buf = "t\213\211\006\374\177\000\000D\274\243\177\036\177\000\000@\320\304\177\036\177\000\000\036\005\000\000\000\000\000\000\350\344\304\177\036\177\000\000\200\215\317~\036\177\000\000\370_\320~\036\177\000\000{ģ\177\036\177\000\000\036\005\000\000\000\000\000\000\370_\320~\036\177\000\000\350\344\304\177\036\177\000\000\070\214\211\006\374\177\000\000\064\214\211\006\374\177\000\000\021\276\243\177\036\177\000\000\b\215\211\006\374\177\000\000j\377/\177\036\177\000\000P!.\177\036\177\000\000\070\214\211\006\374\177\000\000\256\207\377\000\000\000\000\202\035\376\003\000\000\000\000.\000\000\000\000\000\000\000D\274\243\177\036\177\000\000\370_\320~\036\177\000\000F\b\000\000\000\000\000\000\350\344\304\177\036\177\000\000\200"...
        prompt = 0x7ffc06898b78 "{ģ\177\036\177"
        arg = {size = 0, argc = 0, argv = 0x0}
        first = 2143610088
        n = 32542
        i = 32764
        ret = 0

This seems to be triggered by insufficient checks in gost_ec_verify function. sig_r and sig_s should be checked before calling BN_is_zero():

index 2c04ed7..a092b8d 100644
--- a/gost_ec_sign.c
+++ b/gost_ec_sign.c
@@ -345,6 +345,11 @@ int gost_ec_verify(const unsigned char *dgst, int dgst_len,

     DSA_SIG_get0(&sig_r, &sig_s, sig);

+    if (!sig_r || !sig_s) {
+        GOSTerr(GOST_F_GOST_EC_VERIFY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
     if (BN_is_zero(sig_s) || BN_is_zero(sig_r) ||
         (BN_cmp(sig_s, order) >= 1) || (BN_cmp(sig_r, order) >= 1)) {
         GOSTerr(GOST_F_GOST_EC_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);

This patch prevents NULL pointer dereference, but still behaviour is unexpected.
openssl fails with 'certificate signature failure' although both server and CA certificates are valid and the command works OK when used with 'OpenSSL 1.0.2g' with gost engine bundled.

Second call of ENGINE_by_id reports failire

For some reason gost engine doesn't allow to call ENGINE_by_id if engine is already loaded.
So, for example if engine loaded via config file, attempt to specify it again in command line reports error. It seems to be wrong behavoir.

OpenSSL compatibility

Hello!

Could you clarify, which versions of openSSL is compatible with the engine?

Is 1.0.2 compatible?

Change in BIGNUM processing

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=22dc08d00ae9517048b1ca44cd3810128eba0273

This commit to master should be taken into account.