Stage 1 GOST ciphersuite support.

Submitted by: ran@cryptocom.ru Reviewed by: steve@openssl.org
author: Dr. Stephen Henson <steve@openssl.org> 2007-03-23 17:04:05 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2007-03-23 17:04:05 +0000
commit: 9981a51e426b5b346848163ff89e8a63d0916097 (patch)
tree: a2811b8d579d5cd881ec49d481764a02a02d5bd0 /engines
parent: ebb326afe6662b65b688151375723d95536eba8f (diff)
3 files changed, 24 insertions, 23 deletions
diff --git a/engines/ccgost/gost_crypt.c b/engines/ccgost/gost_crypt.c
index fca7b2d9d5..04b1e555c2 100644
--- a/engines/ccgost/gost_crypt.c
+++ b/engines/ccgost/gost_crypt.c
@@ -13,21 +13,19 @@
 #include "gost_lcl.h"
 static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, 
 	const unsigned char *iv, int enc);
+static int	gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	const unsigned char *iv, int enc);
 #ifdef USE_SSL
 /* Specialized init functions which set specific parameters */			
 static int	gost_cipher_init_vizir(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 	const unsigned char *iv, int enc);
-static int	gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-	const unsigned char *iv, int enc);
 #endif
 /* Handles block of data in CFB mode */			
 static int	gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	const unsigned char *in, unsigned int inl);
-#if 0
 /* Handles block of data in CNT mode */			
 static int	gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	const unsigned char *in, unsigned int inl);
-#endif
 /* Cleanup function */			
 static int gost_cipher_cleanup(EVP_CIPHER_CTX *);
 /* set/get cipher parameters */
@@ -54,17 +52,16 @@ EVP_CIPHER cipher_gost =
 	NULL,
 	};
 
-#ifdef USE_SSL
-static EVP_CIPHER cipher_gost_vizircfb = 
+EVP_CIPHER cipher_gost_cpacnt = 
 	{
-	NID_undef,
+	NID_gost89_cnt,
 	1,/*block_size*/
 	32,/*key_size*/
 	8,/*iv_len - синхропосылка*/
-	EVP_CIPH_CFB_MODE| EVP_CIPH_NO_PADDING |
+	EVP_CIPH_OFB_MODE| EVP_CIPH_NO_PADDING |
 	EVP_CIPH_CUSTOM_IV| EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
-	gost_cipher_init_vizir,
-	gost_cipher_do_cfb,
+	gost_cipher_init_cpa,
+	gost_cipher_do_cnt,
 	gost_cipher_cleanup,
 	sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */
 	gost89_set_asn1_parameters,
@@ -73,16 +70,17 @@ static EVP_CIPHER cipher_gost_vizircfb =
 	NULL,
 	};
 
-static EVP_CIPHER cipher_gost_cpacnt = 
+#ifdef USE_SSL
+static EVP_CIPHER cipher_gost_vizircfb = 
 	{
 	NID_undef,
 	1,/*block_size*/
 	32,/*key_size*/
 	8,/*iv_len - синхропосылка*/
-	EVP_CIPH_OFB_MODE| EVP_CIPH_NO_PADDING |
+	EVP_CIPH_CFB_MODE| EVP_CIPH_NO_PADDING |
 	EVP_CIPH_CUSTOM_IV| EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
-	gost_cipher_init_cpa,
-	gost_cipher_do_cnt,
+	gost_cipher_init_vizir,
+	gost_cipher_do_cfb,
 	gost_cipher_cleanup,
 	sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */
 	gost89_set_asn1_parameters,
@@ -90,6 +88,7 @@ static EVP_CIPHER cipher_gost_cpacnt =
 	gost_cipher_ctl,
 	NULL,
 	};
+
 /* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */
 /* Init functions which set specific parameters */
 static int gost_imit_init_vizir(EVP_MD_CTX *ctx);
@@ -227,8 +226,6 @@ static int gost_cipher_init_param(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 	return 1;
 	}	
 
-#ifdef USE_SSL
-/* Initializes EVP_CIPHER_CTX with fixed cryptopro A paramset */
 static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 	const unsigned char *iv, int enc)
 	{
@@ -241,6 +238,8 @@ static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 	memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
 	return 1;
 	}
+#ifdef USE_SSL
+/* Initializes EVP_CIPHER_CTX with fixed cryptopro A paramset */
 
 /* Initializes EVP_CIPHER_CTX with fixed vizir paramset */
 static int gost_cipher_init_vizir(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -278,7 +277,6 @@ static void gost_crypt_mesh (void *ctx,unsigned char *iv,unsigned char *buf)
 	c->count+=8;
 	}
 
-#ifdef USE_SSL
 static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf)
 	{
 	struct ossl_gost_cipher_ctx *c = ctx;
@@ -309,7 +307,6 @@ static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf)
 	gostcrypt(&(c->cctx),buf1,buf);
 	c->count +=8;
 	}
-#endif  /* def USE_SSL */
 
 /* GOST encryption in CFB mode */
 int	gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -374,7 +371,6 @@ int	gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	return 1;
 	}
 
-#if USE_SSL
 static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	const unsigned char *in, unsigned int inl)
 	{
@@ -428,7 +424,6 @@ static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
 		}	
 	return 1;
 	}
-#endif  /* def USE_SSL */
 
 /* Cleaning up of EVP_CIPHER_CTX */
 int gost_cipher_cleanup(EVP_CIPHER_CTX *ctx) 
diff --git a/engines/ccgost/gost_eng.c b/engines/ccgost/gost_eng.c
index 0c47253e2a..1c5a493df6 100644
--- a/engines/ccgost/gost_eng.c
+++ b/engines/ccgost/gost_eng.c
@@ -31,7 +31,7 @@ static int gost_pkey_asn1_meths (ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth,
 	const int **nids, int nid);
 
 static int gost_cipher_nids[] =
-    {NID_id_Gost28147_89, 0};
+    {NID_id_Gost28147_89, NID_gost89_cnt,0};
 
 static int gost_digest_nids[] =
 	{NID_id_GostR3411_94, 0};
@@ -129,6 +129,7 @@ static int bind_gost (ENGINE *e,const char *id)
 		|| ! ENGINE_register_pkey_meths(e)
 		/* These two actually should go in LIST_ADD command */
 		|| ! EVP_add_cipher(&cipher_gost)
+		|| ! EVP_add_cipher(&cipher_gost_cpacnt)
 		|| ! EVP_add_digest(&digest_gost)
 		)
 		{
@@ -175,14 +176,18 @@ static int gost_ciphers (ENGINE *e,const EVP_CIPHER **cipher,
 	if (!cipher) 
 		{
 		*nids = gost_cipher_nids;
-		return 1; /* Only one cipher supported */
+		return 2; /* two ciphers are supported */
 		}
 
 	if(nid == NID_id_Gost28147_89) 
 		{
 		*cipher = &cipher_gost;
 		}
-	else 
+	else if  (nid == NID_gost89_cnt) 
+		{
+		*cipher = &cipher_gost_cpacnt;
+		}
+	else	
 		{
 		ok = 0;
 		*cipher = NULL;
diff --git a/engines/ccgost/gost_lcl.h b/engines/ccgost/gost_lcl.h
index b40b88463c..5904eeb834 100644
--- a/engines/ccgost/gost_lcl.h
+++ b/engines/ccgost/gost_lcl.h
@@ -135,6 +135,7 @@ extern struct gost_cipher_info gost_cipher_list[];
 const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj);
 /* Implementation of GOST 28147-89 cipher in CFB and CNT modes */
 extern EVP_CIPHER cipher_gost;
+extern EVP_CIPHER cipher_gost_cpacnt;
 #ifdef USE_SSL
 #define EVP_MD_FLAG_NEEDS_KEY 0x20
 #define EVP_MD_CTRL_GET_TLS_MAC_KEY_LENGTH (EVP_MD_CTRL_ALG_CTRL+1)
author	Dr. Stephen Henson <steve@openssl.org>	2007-03-23 17:04:05 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2007-03-23 17:04:05 +0000
commit	9981a51e426b5b346848163ff89e8a63d0916097 (patch)
tree	a2811b8d579d5cd881ec49d481764a02a02d5bd0 /engines
parent	ebb326afe6662b65b688151375723d95536eba8f (diff)