Displaying 1 1 of 1 commits (0.006s)

OpenBSD — lib/libssl/src/crypto/engine eng_all.c engine.h, lib/libssl/src/engines Makefile

Remove the GOST engine: It is not compiled or used and depends on the
"dynamic engine" feature that is not enabled in our build.  People who
need it can still pull it out of the Attic; if it is to have a Russian
engine just because it's a Russian engine.

OK deraadt@ beck@
Delta File
+1 -6,371 33 files
+0 -910 lib/libssl/src/engines/ccgost/gost_ameth.c
+0 -621 lib/libssl/src/engines/ccgost/gost_pmeth.c
+0 -616 lib/libssl/src/engines/ccgost/gost_crypt.c
+0 -409 lib/libssl/src/engines/ccgost/gost89.c
+0 -343 lib/libssl/src/engines/ccgost/gost2001.c
+0 -321 lib/libssl/src/engines/ccgost/gost_sign.c
+0 -304 lib/libssl/src/engines/ccgost/gost2001_keyx.c
+0 -300 lib/libssl/src/engines/ccgost/README.gost
+0 -287 lib/libssl/src/engines/ccgost/gost94_keyx.c
+0 -273 lib/libssl/src/engines/ccgost/gost_eng.c
+0 -255 lib/libssl/src/engines/ccgost/gosthash.c
+0 -218 lib/libssl/src/engines/ccgost/gost_lcl.h
+0 -212 lib/libssl/src/engines/ccgost/e_gost_err.c
+0 -210 lib/libssl/src/engines/ccgost/gostsum.c
+0 -198 lib/libssl/src/engines/ccgost/gost_params.c
+0 -156 lib/libssl/src/engines/ccgost/e_gost_err.h
+0 -109 lib/libssl/src/engines/ccgost/gost_keywrap.c
+0 -96 lib/libssl/src/engines/ccgost/gost89.h
+0 -90 lib/libssl/src/engines/ccgost/Makefile
+0 -89 lib/libssl/src/engines/ccgost/gost_ctl.c
+0 -75 lib/libssl/src/engines/ccgost/gost_md.c
+0 -61 lib/libssl/src/engines/ccgost/e_gost_err.proto
+0 -56 lib/libssl/src/engines/ccgost/gost_keywrap.h
+0 -55 lib/libssl/src/engines/ccgost/gost_asn1.c
+0 -48 lib/libssl/src/engines/ccgost/gosthash.h
+0 -34 lib/libssl/src/engines/ccgost/gost_params.h
+0 -10 lib/libssl/src/engines/ccgost/gost2001_keyx.h
+0 -5 lib/libssl/src/engines/ccgost/gost.ec
+0 -3 lib/libssl/src/crypto/engine/eng_all.c
+1 -2 lib/libssl/src/engines/Makefile
+0 -3 lib/libssl/src/crypto/engine/engine.h
+0 -1 lib/libssl/src/util/mk1mf.pl
+0 -1 lib/libssl/src/util/mkfiles.pl
+1 -6,371 33 files
lib/libssl/src/crypto/engine/eng_all.c
@@ -86,9 +86,6 @@ void ENGINE_load_builtin_engines(void)
ENGINE_load_padlock();
#endif
#endif
-#ifndef OPENSSL_NO_GOST
- ENGINE_load_gost();
-#endif
#endif
ENGINE_register_all_complete();
}
lib/libssl/src/crypto/engine/engine.h
@@ -317,9 +317,6 @@ void ENGINE_load_openssl(void);
void ENGINE_load_dynamic(void);
#ifndef OPENSSL_NO_STATIC_ENGINE
void ENGINE_load_padlock(void);
-#ifndef OPENSSL_NO_GOST
-void ENGINE_load_gost(void);
-#endif
#endif
void ENGINE_load_cryptodev(void);
void ENGINE_load_rsax(void);
lib/libssl/src/engines/Makefile
@@ -9,7 +9,7 @@ INCLUDES= -I../include
CFLAG=-g
MAKEFILE= Makefile
AR= ar r
-ENGDIRS= ccgost
+ENGDIRS=
RECURSIVE_MAKE= [ -z "$(ENGDIRS)" ] || for i in $(ENGDIRS) ; do \
(cd $$i && echo "making $$target in $(DIR)/$$i..." && \
@@ -109,7 +109,6 @@ errors:
$(PERL) ../util/mkerr.pl -conf e_$$l.ec \
-nostatic -staticloader -write e_$$l.c; \
done
- (cd ccgost; $(MAKE) PERL=$(PERL) errors)
tests:
lib/libssl/src/engines/ccgost/Makefile → /dev/null
@@ -1,90 +0,0 @@
-DIR=ccgost
-TOP=../..
-CC=cc
-INCLUDES= -I../../include
-CFLAG=-g
-MAKEFILE= Makefile
-AR= ar r
-CFLAGS= $(INCLUDES) $(CFLAG)
-LIB=$(TOP)/libcrypto.a
-
-LIBSRC= gost2001.c gost2001_keyx.c gost89.c gost94_keyx.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c gost_sign.c
-
-LIBOBJ= e_gost_err.o gost2001_keyx.o gost2001.o gost89.o gost94_keyx.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o gosthash.o gost_keywrap.o gost_md.o gost_params.o gost_pmeth.o gost_sign.o
-
-SRC=$(LIBSRC)
-
-LIBNAME=gost
-
-top:
- (cd $(TOP); $(MAKE) DIRS=engines EDIRS=$(DIR) sub_all)
-
-all: lib
-
-tags:
- ctags $(SRC)
-
-errors:
- $(PERL) ../../util/mkerr.pl -conf gost.ec -nostatic -write $(SRC)
-
-lib: $(LIBOBJ)
- if [ -n "$(SHARED_LIBS)" ]; then \
- $(MAKE) -f $(TOP)/Makefile.shared -e \
- LIBNAME=$(LIBNAME) \
- LIBEXTRAS='$(LIBOBJ)' \
- LIBDEPS='-L$(TOP) -lcrypto' \
- link_o.$(SHLIB_TARGET); \
- else \
- $(AR) $(LIB) $(LIBOBJ); \
- fi
- @touch lib
-
-install:
- [ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
- if [ -n "$(SHARED_LIBS)" ]; then \
- set -e; \
- echo installing $(LIBNAME); \
- pfx=lib; \
- if [ "$(PLATFORM)" != "Cygwin" ]; then \
- case "$(CFLAGS)" in \
- *DSO_BEOS*) sfx=".so";; \
- *DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \
- *DSO_DL*) sfx=".sl";; \
- *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
- *) sfx=".bad";; \
- esac; \
- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- else \
- sfx=".so"; \
- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- fi; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
- fi
-
-links:
-
-tests:
-
-depend:
- @if [ -z "$(THIS)" ]; then \
- $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
- else \
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC); \
- fi
-
-files:
-
-
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff *.so *.sl *.dll
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
lib/libssl/src/engines/ccgost/README.gost → /dev/null
@@ -1,300 +0,0 @@
-GOST ENGINE
-
-This engine provides implementation of Russian cryptography standard.
-This is also an example of adding new cryptoalgorithms into OpenSSL
-without changing its core. If OpenSSL is compiled with dynamic engine
-support, new algorithms can be added even without recompilation of
-OpenSSL and applications which use it.
-
-ALGORITHMS SUPPORTED
-
-GOST R 34.10-94 and GOST R 34.10-2001 - digital signature algorithms.
- Also support key exchange based on public keys. See RFC 4357 for
- details of VKO key exchange algorithm. These algorithms use
- 256 bit private keys. Public keys are 1024 bit for 94 and 512 bit for
- 2001 (which is elliptic-curve based). Key exchange algorithms
- (VKO R 34.10) are supported on these keys too.
-
-GOST R 34.11-94 Message digest algorithm. 256-bit hash value
-
-GOST 28147-89 - Symmetric cipher with 256-bit key. Various modes are
- defined in the standard, but only CFB and CNT modes are implemented
- in the engine. To make statistical analysis more difficult, key
- meshing is supported (see RFC 4357).
-
-GOST 28147-89 MAC mode. Message authentication code. While most MAC
- algorithms out there are based on hash functions using HMAC
- algorithm, this algoritm is based on symmetric cipher.
- It has 256-bit symmetric key and only 32 bits of MAC value
- (while HMAC has same key size and value size).
-
- It is implemented as combination of EVP_PKEY type and EVP_MD type.
-
-USAGE OF THESE ALGORITHMS
-
-This engine is designed to allow usage of this algorithms in the
-high-level openssl functions, such as PKI, S/MIME and TLS.
-
-See RFC 4490 for S/MIME with GOST algorithms and RFC 4491 for PKI.
-TLS support is implemented according IETF
-draft-chudov-cryptopro-cptls-03.txt and is compatible with
-CryptoPro CSP 3.0 and 3.6 as well as with MagPro CSP.
-GOST ciphersuites implemented in CryptoPro CSP 2.0 are not supported
-because they use ciphersuite numbers used now by AES ciphersuites.
-
-To use the engine you have to load it via openssl configuration
-file. Applications should read openssl configuration file or provide
-their own means to load engines. Also, applications which operate with
-private keys, should use generic EVP_PKEY API instead of using RSA or
-other algorithm-specific API.
-
-CONFIGURATION FILE
-
-Configuration file should include following statement in the global
-section, i.e. before first bracketed section header (see config(5) for details)
-
- openssl_conf = openssl_def
-
-where openssl_def is name of the section in configuration file which
-describes global defaults.
-
-This section should contain following statement:
-
- [openssl_def]
- engines = engine_section
-
-which points to the section which describes list of the engines to be
-loaded. This section should contain:
-
- [engine_section]
- gost = gost_section
-
-And section which describes configuration of the engine should contain
-
- [gost_section]
- engine_id = gost
- dynamic_path = /usr/lib/ssl/engines/libgost.so
- default_algorithms = ALL
- CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
-
-Where engine_id parameter specifies name of engine (should be "gost").
-dynamic_path is a location of the loadable shared library implementing the
-engine. If the engine is compiled statically or is located in the OpenSSL
-engines directory, this line can be omitted.
-default_algorithms parameter specifies that all algorithms, provided by
-engine, should be used.
-
-The CRYPT_PARAMS parameter is engine-specific. It allows the user to choose
-between different parameter sets of symmetric cipher algorithm. RFC 4357
-specifies several parameters for the GOST 28147-89 algorithm, but OpenSSL
-doesn't provide user interface to choose one when encrypting. So use engine
-configuration parameter instead.
-
-Value of this parameter can be either short name, defined in OpenSSL
-obj_dat.h header file or numeric representation of OID, defined in RFC
-4357.
-
-USAGE WITH COMMAND LINE openssl UTILITY
-
-1. Generation of private key
-
- openssl genpkey -algorithm gost2001 -pkeyopt paramset:A -out seckey.pem
-
- Use -algorithm option to specify algorithm.
- Use -pkeyopt option to pass paramset to algorithm. The following paramsets
- are supported by
- gost94: 0,A,B,C,D,XA,XB,XC
- gost2001: 0,A,B,C,XA,XB
- You can also use numeric representation of OID as to destinate
- paramset.
-
- Paramsets starting with X are intended to use for key exchange keys.
- Paramsets without X are for digital signature keys.
-
- Paramset for both algorithms 0 is the test paramset which should be used
- only for test purposes.
-
-There are no algorithm-specific things with generation of certificate
-request once you have a private key.
-
-2. Generation of certificate request along with private/public keypar
-
- openssl req -newkey gost2001 -pkeyopt paramset:A
-
- Syntax of -pkeyopt parameter is identical with genpkey command.
-
- You can also use oldstyle syntax -newkey gost2001:paramfile, but in
- this case you should create parameter file first.
-
- It can be created with
-
- openssl genpkey -genparam -algorithm gost2001 -pkeyopt paramset:A\
- -out paramfile.
-
-3. S/MIME operations
-
-If you want to send encrypted mail using GOST algorithms, don't forget
-to specify -gost89 as encryption algorithm for OpenSSL smime command.
-While OpenSSL is clever enough to find out that GOST R 34.11-94 digest
-must be used for digital signing with GOST private key, it have no way
-to derive symmetric encryption algorithm from key exchange keys.
-
-4. TLS operations
-
-OpenSSL supports all four ciphersuites defined in the IETF draft.
-Once you've loaded GOST key and certificate into your TLS server,
-ciphersuites which use GOST 28147-89 encryption are enabled.
-
-Ciphersuites with NULL encryption should be enabled explicitely if
[6302 lines truncated]

Raw diff | Expand