Security library for the system with GOST

YuryG · Jul 21, 2016

Sorry, but couldn't find it on the forum already existing, are there any tutorials how to step up for some good security library supporting GOST ciphers for the system?

For, base OpenSSL 1.0.1t-freebsd in my FreeBSD 10.3-STABLE amd64 couldn't do GOST ciphers, also I couldn't do it with GnuPG plus GnuTLS from ports. Not sure, if LibreSSL supports GOST, but I hope ports' OpenSSL support it?

cpm@ · Jul 23, 2016

Did you read the following discussion in the freebsd-security mailing list?

https://lists.freebsd.org/pipermail/freebsd-security/2016-July/008971.html

YuryG · Jul 23, 2016

Thanks for the link. It happen to be informative at first, but than became politics… (Although existing GOST ciphers are good enough and do not have any backdoors or other harmful aftermath, obviously looking in the source and internationally acclaimed maths of elliptic curves.)

It says that OpenSSL has GOST in 10.* and 11.*, but for some unknown reason (compatibility with 9.*?) many ports (say, bind910) refuse to use base OpenSSL. So, I leave hopes it will work somehow.

cpm@ · Jul 24, 2016

Well, you can also read /usr/src/crypto/openssl/engines/ccgost/README.gost

It contains useful information about the GOST engine.

Code:

% openssl engine gost -t -c -vvvv
(gost) Reference implementation of GOST engine
 [gost89, gost89-cnt, md_gost94, gost-mac, gost94, gost2001, gost-mac]
     [ available ]
     CRYPT_PARAMS: OID of default GOST 28147-89 parameters
          (input flags): STRING

YuryG · Jul 24, 2016

Thank you, half of that I've already found. But only half.

Security library for the system with GOST

YuryG

cpm@

Moderator

YuryG

cpm@

Moderator

YuryG