Fix OpenSSL 3.6 compatibility and update gost-engine NID handling #489
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull request overview
This PR updates gost-engine for compatibility with OpenSSL 3.6, refactors NID handling for MGM mode algorithms, and fixes CI test infrastructure on Windows.
Key Changes:
- Updated OpenSSL patch to version 3.6, resolving conflicts and properly registering
NID_magma_mgmandNID_kuznyechik_mgmthrough OpenSSL's standard object system - Refactored NID handling: MGM mode NIDs are now expected from OpenSSL, with fallback to dynamic creation if absent
- Fixed Windows CI to use correct OpenSSL version by copying DLLs instead of relying on system PATH
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 11 comments.
Show a summary per file
| File | Description |
|---|---|
| test_tls13handshake.c | New test for TLS 1.3 session resumption and early data with GOST ciphers |
| test_keyexpimp.c | Updated test labels and switched to runtime NID lookup using OBJ_sn2nid() |
| tcl_tests/tls13.try | Updated regex patterns and test parameters to match OpenSSL 3.6 output format |
| patches/openssl-tls1.3.patch | Major update for OpenSSL 3.6 compatibility with proper MGM NID registration |
| gost_prov_cipher.c | Fixed warning message text (still references wrong macro name) |
| gost_lcl.h | Removed fallback NID definitions now expected from OpenSSL |
| gost_keyexpimp.c | Refactored gost_tlstree() to use runtime NID lookup with static caching |
| gost_grasshopper_cipher.c | Updated to use OBJ_sn2nid() for kuznyechik_mgm NID lookup |
| gost_eng.c | Enhanced NID creation logic to check OpenSSL first, create dynamically only if missing |
| gost_crypt.c | Fixed whitespace and updated to use OBJ_sn2nid() for magma_mgm NID lookup |
| CMakeLists.txt | Added new TLS 1.3 test and disabled PERL tests on Windows |
| .github/workflows/*.yml | Updated CI workflows to use OpenSSL 3.6 and fixed Windows DLL handling |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.
Fixes with the OpenSSL patch: - Resolved patch conflicts with OpenSSL 3.6. - Fixed Resumption and PSK modes. - Fixed define conflict between `TLS1_TLSTREE_S` and `SSL_QUIC` that broke `TLS1_3_RFC_AES_128_GCM_SHA256`. - Properly registered `NID_magma_mgm` and `NID_kuznyechik_mgm` through the standard `make update` process. Fixes related to `gost-engine` code: - Updated `tcl_tests/tls13.try` to match the new algorithm output format in OpenSSL 3.6. - Refactored NID handling: previously `gost-engine` defined MGM mode NIDs internally, but they are now expected from OpenSSL. If absent, `gost-engine` temporarily creates them dynamically until OpenSSL includes proper definitions. - Added a test for session resumption. - Fix running tests on CI on Windows: before this commit the tests used incorrect openssl version (the one provided by the platform) - Disable running PERL tests on Windows (it always fails)
VladGud
force-pushed
the
fix-openssl-3-6
branch
from
3e043ac to
56b8931
Compare
VladGud
pushed a commit
to VladGud/openssl
that referenced
this pull request
Dec 3, 2025
This patch introduces support for Russian cryptographic algorithms in TLS 1.3 as specified in [RFC 9367](https://www.rfc-editor.org/rfc/rfc9367). Changes: - **New TLS 1.3 cipher suites:** - `TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L` - `TLS_GOSTR341112_256_WITH_MAGMA_MGM_L` - `TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S` - `TLS_GOSTR341112_256_WITH_MAGMA_MGM_S` - **New ciphers and OIDs:** - `magma-mgm` - `kuznyechik-mgm` - **EVP updates:** - New `EVP_CTRL` values for TLSTREE: - `EVP_CTRL_TLSTREE` - `EVP_CTRL_SET_TLSTREE_PARAMS` - Added parameters `OSSL_CIPHER_PARAM_TLSTREE` and `OSSL_CIPHER_PARAM_TLSTREE_MODE`. - **TLSTREE key diversification:** - New flags: `TLS1_TLSTREE`, `TLS1_TLSTREE_S`, `TLS1_TLSTREE_L`. - Integrated into `tls13_meth.c` and `rec_layer_s3.c` with calls to `EVP_CIPHER_CTX_ctrl` to pass sequence numbers and configure TLSTREE mode. - Previously TLSTREE was only used for TLS 1.2 GOST cipher suites. This patch extends support to TLS 1.3, including distinction between "light" and "strong" modes (L/S flags). Required non-trivial changes in `tls13_meth.c` and `rec_layer_s3.c`. - **SSL/Cipher layer extensions:** - New `SSL_ENC_*` indices for MGM-based ciphers. - Updated `ssl_ciph.c` for proper cipher descriptions and filtering. - **AEAD tag lengths for GOST TLS 1.3:** - `EVP_MAGMA_TLS_TAG_LEN = 8` - `EVP_KUZNYECHIK_TLS_TAG_LEN = 16` - Integrated into `tls13_enc.c`. - **Signature handling updates:** * Signature handling was updated to reuse OpenSSL’s existing hardcoded GOST checks in the gost-provider. * This was achieved by defining algorithms under the same names as in the gost-engine. * All calls to EVP_PKEY_get_id were replaced with EVP_PKEY_is_a to ensure compatibility with both providers and engines. The sigalg_allowed logic was refined to: exclude GOST2001 in TLS 1.3 and allow GOST2012-256/GOST2012-512 as valid signature algorithms. Tests: All TLS 1.3 GOST functionality introduced in this patch was tested in a separate PR1:gost-engine/engine#482 in the gost-engine repository, which includes integration tests and interoperability checks. Additionally, a follow-up PR2:gost-engine/engine#489 extends the test coverage and provides several minor fixes.
Contributor
|
@VladGud can you have a look please ? https://github.com/gost-engine/engine/actions/runs/20119205767/job/57735536763 patches are not applied to 3.6 anymore (but we only see it on daily builds) |
Contributor
|
or maybe we should run tests on some release tag ? |
Author
Yes, you are right. We should run tests on a tag, not on a branch. Sorry, we didn’t consider this option. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix OpenSSL 3.6 compatibility and update gost-engine NID handling
Fixes with the OpenSSL patch
TLS1_TLSTREE_SandSSL_QUICthat brokeTLS1_3_RFC_AES_128_GCM_SHA256.NID_magma_mgmandNID_kuznyechik_mgmthrough the standardmake updateprocess.Fixes related to
gost-enginecodetcl_tests/tls13.tryto match the new algorithm output format in OpenSSL 3.6.gost-enginedefined MGM mode NIDs internally, but they are now expected from OpenSSL.If absent,
gost-enginetemporarily creates them dynamically until OpenSSL includes proper definitions.