diff options
36 files changed, 14 insertions, 7129 deletions
@@ -4,6 +4,13 @@ Changes between 1.0.2e and 1.1.0 [xx XXX xxxx] + *) The GOST engine was out of date and therefore it has been removed. An up + to date GOST engine is now being maintained in an external repository. + See: https://wiki.openssl.org/index.php/Binaries. Libssl still retains + support for GOST ciphersuites (these are only activated if a GOST engine + is present). + [Matt Caswell] + *) EGD is no longer supported by default; use enable-egd when configuring. [Ben Kaduk and Rich Salz] @@ -1932,7 +1932,6 @@ while (<IN>) $sdirs = 0 unless /\\$/; s/fips // if (/^DIRS=/ && !$fips); s/engines // if (/^DIRS=/ && $disabled{"engine"}); - s/ccgost// if (/^ENGDIRS=/ && $disabled{"gost"}); s/^VERSION=.*/VERSION=$version/; s/^MAJOR=.*/MAJOR=$major/; s/^MINOR=.*/MINOR=$minor/; diff --git a/Makefile.in b/Makefile.in index 8dd7f1aaff..69e2706e8e 100644 --- a/Makefile.in +++ b/Makefile.in @@ -132,7 +132,6 @@ FIPSCANLIB= BASEADDR= DIRS= crypto ssl engines apps test tools -ENGDIRS= ccgost SHLIBDIRS= crypto ssl INSTALL_SUBS= engines apps tools @@ -212,7 +211,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\ AS='$(CC)' ASFLAG='$(CFLAG) -c' \ AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \ CROSS_COMPILE='$(CROSS_COMPILE)' \ - PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \ + PERL='$(PERL)' \ SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \ INSTALL_PREFIX='$(INSTALL_PREFIX)' \ INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \ diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index 2c2353a3f0..74cde879ae 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -86,9 +86,6 @@ void ENGINE_load_builtin_engines(void) ENGINE_load_padlock(); # endif # endif -# ifndef OPENSSL_NO_GOST - ENGINE_load_gost(); -# endif # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) ENGINE_load_capi(); # endif diff --git a/engines/Makefile.in b/engines/Makefile.in index b8665ff406..aed9ff512e 100644 --- a/engines/Makefile.in +++ b/engines/Makefile.in @@ -12,12 +12,6 @@ INCLUDES= -I../include CFLAG=-g MAKEFILE= Makefile AR= ar r -ENGDIRS= ccgost - -RECURSIVE_MAKE= [ -z "$(ENGDIRS)" ] || for i in $(ENGDIRS) ; do \ - (cd $$i && echo "making $$target in $(DIR)/$$i..." && \ - $(MAKE) -e TOP=../.. DIR=$$i $$target ) || exit 1; \ - done; ENGINES_ASM_OBJ= @@ -60,7 +54,7 @@ ALL= $(GENERAL) $(SRC) $(HEADER) top: (cd ..; $(MAKE) DIRS=$(DIR) all) -all: lib subdirs +all: lib lib: $(LIBOBJ) $(TESTLIBOBJ) @if [ -n "$(SHARED_LIBS)" ]; then \ @@ -82,12 +76,8 @@ e_padlock-x86.s: asm/e_padlock-x86.pl e_padlock-x86_64.s: asm/e_padlock-x86_64.pl $(PERL) asm/e_padlock-x86_64.pl $(PERLASM_SCHEME) > $@ -subdirs: - @target=all; $(RECURSIVE_MAKE) - files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO - @target=files; $(RECURSIVE_MAKE) # XXXXX This currently only works on systems that use .so as suffix # for shared libraries as well as for Cygwin which uses the @@ -118,27 +108,23 @@ install: mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ done; \ fi - @target=install; $(RECURSIVE_MAKE) errors: set -e; for l in $(LIBNAMES); do \ $(PERL) ../util/mkerr.pl -conf e_$$l.ec \ -nostatic -staticloader -write e_$$l.c; \ done - (cd ccgost; $(MAKE) PERL=$(PERL) errors) update: local_depend @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi - @[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) ) depend: local_depend @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi - @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) + local_depend: @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(TESTLIBSRC) clean: rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - @target=clean; $(RECURSIVE_MAKE) # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/engines/ccgost/Makefile.in b/engines/ccgost/Makefile.in deleted file mode 100644 index 77d552f85f..0000000000 --- a/engines/ccgost/Makefile.in +++ /dev/null @@ -1,75 +0,0 @@ -DIR=ccgost -TOP=../.. -CC=cc -INCLUDES= -I../../include -CFLAG=-g -MAKEFILE= Makefile -AR= ar r -CFLAGS= $(INCLUDES) $(CFLAG) -LIB=$(TOP)/libcrypto.a - -LIBSRC= gost2001.c gost2001_keyx.c gost89.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_pmeth.c gost_params.c - -LIBOBJ= e_gost_err.o gost2001_keyx.o gost2001.o gost89.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o gosthash.o gost_keywrap.o gost_md.o gost_pmeth.o gost_params.o - -SRC=$(LIBSRC) - -LIBNAME=gost - -top: - (cd $(TOP); $(MAKE) DIRS=engines sub_all) - -all: lib - -errors: - $(PERL) ../../util/mkerr.pl -conf gost.ec -nostatic -write $(SRC) - -lib: $(LIBOBJ) - if [ -n "$(SHARED_LIBS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile.shared -e \ - LIBNAME=$(LIBNAME) \ - LIBEXTRAS='$(LIBOBJ)' \ - LIBDEPS='-L$(TOP) -lcrypto' \ - link_o.$(SHLIB_TARGET); \ - else \ - $(AR) $(LIB) $(LIBOBJ); \ - fi - @touch lib - -install: - [ -n "$(INSTALLTOP)" ] # should be set by top Makefile... - if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ - echo installing $(LIBNAME); \ - pfx=lib; \ - if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ - sfx=".so"; \ - cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - else \ - case "$(CFLAGS)" in \ - *DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \ - *DSO_DL*) sfx=".sl";; \ - *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ - *) sfx=".bad";; \ - esac; \ - cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - fi; \ - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ - fi - -update: local_depend - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi - -depend: local_depend - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi -local_depend: - @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) - -files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff *.so *.sl *.dll *.dylib - -# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/engines/ccgost/README.gost b/engines/ccgost/README.gost deleted file mode 100644 index abc5a9b7ca..0000000000 --- a/engines/ccgost/README.gost +++ /dev/null @@ -1,300 +0,0 @@ -GOST ENGINE - -This engine provides implementation of Russian cryptography standard. -This is also an example of adding new cryptoalgorithms into OpenSSL -without changing its core. If OpenSSL is compiled with dynamic engine -support, new algorithms can be added even without recompilation of -OpenSSL and applications which use it. - -ALGORITHMS SUPPORTED - -GOST R 34.10-94 and GOST R 34.10-2001 - digital signature algorithms. - Also support key exchange based on public keys. See RFC 4357 for - details of VKO key exchange algorithm. These algorithms use - 256 bit private keys. Public keys are 1024 bit for 94 and 512 bit for - 2001 (which is elliptic-curve based). Key exchange algorithms - (VKO R 34.10) are supported on these keys too. - -GOST R 34.11-94 Message digest algorithm. 256-bit hash value - -GOST 28147-89 - Symmetric cipher with 256-bit key. Various modes are - defined in the standard, but only CFB and CNT modes are implemented - in the engine. To make statistical analysis more difficult, key - meshing is supported (see RFC 4357). - -GOST 28147-89 MAC mode. Message authentication code. While most MAC - algorithms out there are based on hash functions using HMAC - algorithm, this algoritm is based on symmetric cipher. - It has 256-bit symmetric key and only 32 bits of MAC value - (while HMAC has same key size and value size). - - It is implemented as combination of EVP_PKEY type and EVP_MD type. - -USAGE OF THESE ALGORITHMS - -This engine is designed to allow usage of this algorithms in the -high-level openssl functions, such as PKI, S/MIME and TLS. - -See RFC 4490 for S/MIME with GOST algorithms and RFC 4491 for PKI. -TLS support is implemented according IETF -draft-chudov-cryptopro-cptls-03.txt and is compatible with -CryptoPro CSP 3.0 and 3.6 as well as with MagPro CSP. -GOST ciphersuites implemented in CryptoPro CSP 2.0 are not supported -because they use ciphersuite numbers used now by AES ciphersuites. - -To use the engine you have to load it via openssl configuration -file. Applications should read openssl configuration file or provide -their own means to load engines. Also, applications which operate with -private keys, should use generic EVP_PKEY API instead of using RSA or -other algorithm-specific API. - -CONFIGURATION FILE - -Configuration file should include following statement in the global -section, i.e. before first bracketed section header (see config(5) for details) - - openssl_conf = openssl_def - -where openssl_def is name of the section in configuration file which -describes global defaults. - -This section should contain following statement: - - [openssl_def] - engines = engine_section - -which points to the section which describes list of the engines to be -loaded. This section should contain: - - [engine_section] - gost = gost_section - -And section which describes configuration of the engine should contain - - [gost_section] - engine_id = gost - dynamic_path = /usr/lib/ssl/engines/libgost.so - default_algorithms = ALL - CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet - -Where engine_id parameter specifies name of engine (should be "gost"). -dynamic_path is a location of the loadable shared library implementing the -engine. If the engine is compiled statically or is located in the OpenSSL -engines directory, this line can be omitted. -default_algorithms parameter specifies that all algorithms, provided by -engine, should be used. - -The CRYPT_PARAMS parameter is engine-specific. It allows the user to choose -between different parameter sets of symmetric cipher algorithm. RFC 4357 -specifies several parameters for the GOST 28147-89 algorithm, but OpenSSL -doesn't provide user interface to choose one when encrypting. So use engine -configuration parameter instead. - -Value of this parameter can be either short name, defined in OpenSSL -obj_dat.h header file or numeric representation of OID, defined in RFC -4357. - -USAGE WITH COMMAND LINE openssl UTILITY - -1. Generation of private key - - openssl genpkey -algorithm gost2001 -pkeyopt paramset:A -out seckey.pem - - Use -algorithm option to specify algorithm. - Use -pkeyopt option to pass paramset to algorithm. The following paramsets - are supported by - gost94: 0,A,B,C,D,XA,XB,XC - gost2001: 0,A,B,C,XA,XB - You can also use numeric representation of OID as to destinate - paramset. - - Paramsets starting with X are intended to use for key exchange keys. - Paramsets without X are for digital signature keys. - - Paramset for both algorithms 0 is the test paramset which should be used - only for test purposes. - -There are no algorithm-specific things with generation of certificate -request once you have a private key. - -2. Generation of certificate request along with private/public keypar - - openssl req -newkey gost2001 -pkeyopt paramset:A - - Syntax of -pkeyopt parameter is identical with genpkey command. - - You can also use oldstyle syntax -newkey gost2001:paramfile, but in - this case you should create parameter file first. - - It can be created with - - openssl genpkey -genparam -algorithm gost2001 -pkeyopt paramset:A\ - -out paramfile. - -3. S/MIME operations - -If you want to send encrypted mail using GOST algorithms, don't forget -to specify -gost89 as encryption algorithm for OpenSSL smime command. -While OpenSSL is clever enough to find out that GOST R 34.11-94 digest -must be used for digital signing with GOST private key, it have no way -to derive symmetric encryption algorithm from key exchange keys. - -4. TLS operations - -OpenSSL supports all four ciphersuites defined in the IETF draft. -Once you've loaded GOST key and certificate into your TLS server, -ciphersuites which use GOST 28147-89 encryption are enabled. - -Ciphersuites with NULL encryption should be enabled explicitely if -needed. - -GOST2001-GOST89-GOST89 Uses GOST R 34.10-2001 for auth and key exchange - GOST 28147-89 for encryption and GOST 28147-89 MAC -GOST94-GOST89-GOST89 Uses GOST R 34.10-94 for auth and key exchange - GOST 28147-89 for encryption and GOST 28147-89 MAC -GOST2001-NULL-GOST94 Uses GOST R 34.10-2001 for auth and key exchange, - no encryption and HMAC, based on GOST R 34.11-94 -GOST94-NULL-GOST94 Uses GOST R 34.10-94 for auth and key exchange, - no encryption and HMAC, based on GOST R 34.11-94 - -Gost 94 and gost 2001 keys can be used simultaneously in the TLS server. -RSA, DSA and EC keys can be used simultaneously with GOST keys, if -server implementation supports loading more than two private -key/certificate pairs. In this case ciphersuites which use any of loaded -keys would be supported and clients can negotiate ones they wish. - -This allows creation of TLS servers which use GOST ciphersuites for -Russian clients and RSA/DSA ciphersuites for foreign clients. - -5. Calculation of digests and symmetric encryption - OpenSSL provides specific commands (like sha1, aes etc) for calculation - of digests and symmetric encryption. Since such commands cannot be - added dynamically, no such commands are provided for GOST algorithms. - Use generic commands 'dgst' and 'enc'. - - Calculation of GOST R 34.11-94 message digest - - openssl dgst -md_gost94 datafile - - Note that GOST R 34.11-94 specifies that digest value should be - interpreted as little-endian number, but OpenSSL outputs just hex dump - of digest value. - - So, to obtain correct digest value, such as produced by gostsum utility - included in the engine distribution, bytes of output should be - reversed. - - Calculation of HMAC based on GOST R 34.11-94 - - openssl dgst -md_gost94 -mac hmac -macopt key:<32 bytes of key> datafile - - (or use hexkey if key contain NUL bytes) - Calculation of GOST 28147 MAC - - openssl dgst -mac gost-mac -macopt key:<32 bytes of key> datafile - - Note absence of an option that specifies digest algorithm. gost-mac - algorithm supports only one digest (which is actually part of - implementation of this mac) and OpenSSL is clever enough to find out - this. - - Encryption with GOST 28147 CFB mode - openssl enc -gost89 -out encrypted-file -in plain-text-file -k <passphrase> - Encryption with GOST 28147 CNT mode - openssl enc -gost89-cnt -out encrypted-file -in plain-text-file -k <passphrase> - - -6. Encrypting private keys and PKCS12 - -To produce PKCS12 files compatible with MagPro CSP, you need to use -GOST algorithm for encryption of PKCS12 file and also GOST R 34.11-94 -hash to derive key from password. - -openssl pksc12 -export -inkey gost.pem -in gost_cert.pem -keypbe gost89\ - -certpbe gost89 -macalg md_gost94 - -7. Testing speed of symmetric ciphers. - -To test performance of GOST symmetric ciphers you should use -evp switch -of the openssl speed command. Engine-provided ciphers couldn't be -accessed by cipher-specific functions, only via generic evp interface - - openssl speed -evp gost89 - openssl speed -evp gost89-cnt - - -PROGRAMMING INTERFACES DETAILS - -Applications never should access engine directly. They only use provided -EVP_PKEY API. But there are some details, which should be taken into -account. - -EVP provides two kinds of API for key exchange: - -1. EVP_PKEY_encrypt/EVP_PKEY_decrypt functions, intended to use with - RSA-like public key encryption algorithms - -2. EVP_PKEY_derive, intended to use with Diffie-Hellman-like shared key -computing algorithms. - -Although VKO R 34.10 algorithms, described in the RFC 4357 are -definitely second case, engine provides BOTH API for GOST R 34.10 keys. - -EVP_PKEY_derive just invokes appropriate VKO algorithm and computes -256 bit shared key. VKO R 34.10-2001 requires 64 bits of random user key -material (UKM). This UKM should be transmitted to other party, so it is -not generated inside derive function. - -It should be set by EVP_PKEY_CTX_ctrl function using -EVP_PKEY_CTRL_SET_IV command after call of EVP_PKEY_derive_init, but -before EVP_PKEY_derive. - unsigned char ukm[8]; - RAND_bytes(ukm,8); - EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_DERIVE, 8, ukm) - -EVP_PKEY_encrypt encrypts provided session key with VKO shared key and -packs it into GOST key transport structure, described in the RFC 4490. - -It typically uses ephemeral key pair to compute shared key and packs its -public part along with encrypted key. So, for most cases use of -EVP_PKEY_encrypt/EVP_PKEY_decrypt with GOST keys is almost same as with -RSA. - -However, if peerkey field in the EVP_PKEY_CTX structure is set (using -EVP_PKEY_derive_set_peerkey function) to EVP_PKEY structure which has private -key and uses same parameters as the public key from which this EVP_PKEY_CTX is -created, EVP_PKEY_encrypt will use this private key to compute shared key and -set ephemeral key in the GOST_key_transport structure to NULL. In this case -pkey and peerkey fields in the EVP_PKEY_CTX are used upside-down. - -If EVP_PKEY_decrypt encounters GOST_key_transport structure with NULL -public key field, it tries to use peerkey field from the context to -compute shared key. In this case peerkey field should really contain -peer public key. - -Encrypt operation supports EVP_PKEY_CTRL_SET_IV operation as well. -It can be used when some specific restriction on UKM are imposed by -higher level protocol. For instance, description of GOST ciphersuites -requires UKM to be derived from shared secret. - -If UKM is not set by this control command, encrypt operation would -generate random UKM. - - -This sources include implementation of GOST 28147-89 and GOST R 34.11-94 -which are completely indepentent from OpenSSL and can be used separately -(files gost89.c, gost89.h, gosthash.c, gosthash.h) Utility gostsum (file -gostsum.c) is provided as example of such separate usage. This is -program, simular to md5sum and sha1sum utilities, but calculates GOST R -34.11-94 hash. - -Makefile doesn't include rule for compiling gostsum. -Use command - -$(CC) -o gostsum gostsum.c gost89.c gosthash.c -where $(CC) is name of your C compiler. - -Implementations of GOST R 34.10-xx, including VKO algorithms heavily -depends on OpenSSL BIGNUM and Elliptic Curve libraries. - - diff --git a/engines/ccgost/e_gost_err.c b/engines/ccgost/e_gost_err.c deleted file mode 100644 index d05ef6143c..0000000000 --- a/engines/ccgost/e_gost_err.c +++ /dev/null @@ -1,201 +0,0 @@ -/* e_gost_err.c */ -/* ==================================================================== - * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include <stdio.h> -#include <openssl/err.h> -#include "e_gost_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -# define ERR_FUNC(func) ERR_PACK(0,func,0) -# define ERR_REASON(reason) ERR_PACK(0,0,reason) - -static ERR_STRING_DATA GOST_str_functs[] = { - {ERR_FUNC(GOST_F_DECODE_GOST_ALGOR_PARAMS), "DECODE_GOST_ALGOR_PARAMS"}, - {ERR_FUNC(GOST_F_ENCODE_GOST_ALGOR_PARAMS), "ENCODE_GOST_ALGOR_PARAMS"}, - {ERR_FUNC(GOST_F_FILL_GOST2001_PARAMS), "FILL_GOST2001_PARAMS"}, - {ERR_FUNC(GOST_F_GET_ENCRYPTION_PARAMS), "GET_ENCRYPTION_PARAMS"}, - {ERR_FUNC(GOST_F_GOST2001_COMPUTE_PUBLIC), "GOST2001_COMPUTE_PUBLIC"}, - {ERR_FUNC(GOST_F_GOST2001_DO_SIGN), "GOST2001_DO_SIGN"}, - {ERR_FUNC(GOST_F_GOST2001_DO_VERIFY), "GOST2001_DO_VERIFY"}, - {ERR_FUNC(GOST_F_GOST2001_KEYGEN), "GOST2001_KEYGEN"}, - {ERR_FUNC(GOST_F_GOST89_GET_ASN1_PARAMETERS), - "GOST89_GET_ASN1_PARAMETERS"}, - {ERR_FUNC(GOST_F_GOST89_SET_ASN1_PARAMETERS), - "GOST89_SET_ASN1_PARAMETERS"}, - {ERR_FUNC(GOST_F_GOST_CIPHER_CTL), "GOST_CIPHER_CTL"}, - {ERR_FUNC(GOST_F_GOST_IMIT_CTRL), "GOST_IMIT_CTRL"}, - {ERR_FUNC(GOST_F_GOST_IMIT_FINAL), "GOST_IMIT_FINAL"}, - {ERR_FUNC(GOST_F_GOST_IMIT_UPDATE), "GOST_IMIT_UPDATE"}, - {ERR_FUNC(GOST_F_PARAM_COPY_GOST01), "PARAM_COPY_GOST01"}, - {ERR_FUNC(GOST_F_PKEY_GOST01CP_DECRYPT), "PKEY_GOST01CP_DECRYPT"}, - {ERR_FUNC(GOST_F_PKEY_GOST01CP_ENCRYPT), "PKEY_GOST01CP_ENCRYPT"}, - {ERR_FUNC(GOST_F_PKEY_GOST01_PARAMGEN), "PKEY_GOST01_PARAMGEN"}, - {ERR_FUNC(GOST_F_PKEY_GOST2001_DERIVE), "PKEY_GOST2001_DERIVE"}, - {ERR_FUNC(GOST_F_PKEY_GOST_CTRL), "PKEY_GOST_CTRL"}, - {ERR_FUNC(GOST_F_PKEY_GOST_CTRL01_STR), "PKEY_GOST_CTRL01_STR"}, - {ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL), "PKEY_GOST_MAC_CTRL"}, - {ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL_STR), "PKEY_GOST_MAC_CTRL_STR"}, - {ERR_FUNC(GOST_F_PKEY_GOST_MAC_KEYGEN), "PKEY_GOST_MAC_KEYGEN"}, - {ERR_FUNC(GOST_F_PRINT_GOST_01), "PRINT_GOST_01"}, - {ERR_FUNC(GOST_F_PRIV_DECODE_GOST), "PRIV_DECODE_GOST"}, - {ERR_FUNC(GOST_F_PUB_DECODE_GOST01), "PUB_DECODE_GOST01"}, - {ERR_FUNC(GOST_F_PUB_ENCODE_GOST01), "PUB_ENCODE_GOST01"}, - {ERR_FUNC(GOST_F_UNPACK_CP_SIGNATURE), "UNPACK_CP_SIGNATURE"}, - {0, NULL} -}; - -static ERR_STRING_DATA GOST_str_reasons[] = { - {ERR_REASON(GOST_R_BAD_KEY_PARAMETERS_FORMAT), - "bad key parameters format"}, - {ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT), - "bad pkey parameters format"}, - {ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY), - "cannot pack ephemeral key"}, - {ERR_REASON(GOST_R_CTRL_CALL_FAILED), "ctrl call failed"}, - {ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY), - "error computing shared key"}, - {ERR_REASON(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO), - "error parsing key transport info"}, - {ERR_REASON(GOST_R_INCOMPATIBLE_ALGORITHMS), "incompatible algorithms"}, - {ERR_REASON(GOST_R_INCOMPATIBLE_PEER_KEY), "incompatible peer key"}, - {ERR_REASON(GOST_R_INVALID_CIPHER_PARAMS), "invalid cipher params"}, - {ERR_REASON(GOST_R_INVALID_CIPHER_PARAM_OID), "invalid cipher param oid"}, - {ERR_REASON(GOST_R_INVALID_DIGEST_TYPE), "invalid digest type"}, - {ERR_REASON(GOST_R_INVALID_IV_LENGTH), "invalid iv length"}, - {ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH), "invalid mac key length"}, - {ERR_REASON(GOST_R_INVALID_PARAMSET), "invalid paramset"}, - {ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED), "key is not initialized"}, - {ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING), "key parameters missing"}, - {ERR_REASON(GOST_R_MAC_KEY_NOT_SET), "mac key not set"}, - {ERR_REASON(GOST_R_NO_PARAMETERS_SET), "no parameters set"}, - {ERR_REASON(GOST_R_NO_PEER_KEY), "no peer key"}, - {ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR), - "no private part of non ephemeral keypair"}, - {ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED), "public key undefined"}, - {ERR_REASON(GOST_R_RANDOM_GENERATOR_ERROR), "random generator error"}, - {ERR_REASON(GOST_R_RANDOM_GENERATOR_FAILURE), "random generator failure"}, - {ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED), - "random number generator failed"}, - {ERR_REASON(GOST_R_SIGNATURE_MISMATCH), "signature mismatch"}, - {ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q), - "signature parts greater than q"}, - {ERR_REASON(GOST_R_UKM_NOT_SET), "ukm not set"}, - {ERR_REASON(GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND), - "unsupported cipher ctl command"}, - {ERR_REASON(GOST_R_UNSUPPORTED_PARAMETER_SET), - "unsupported parameter set"}, - {0, NULL} -}; - -#endif - -#ifdef GOST_LIB_NAME -static ERR_STRING_DATA GOST_ |