From ec06417d52e53cc66fbc2ffe3e45520514098cba Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 18 May 2007 15:55:55 +0000 Subject: Updated GOST MAC support. Submitted by: vitus@cryptocom.ru --- engines/ccgost/Makefile | 18 +++++++------ engines/ccgost/e_gost_err.c | 3 ++- engines/ccgost/e_gost_err.h | 15 ++++++----- engines/ccgost/gost2001_keyx.c | 10 ++++--- engines/ccgost/gost94_keyx.c | 10 ++++--- engines/ccgost/gost_ameth.c | 61 +----------------------------------------- engines/ccgost/gost_crypt.c | 37 ++++++++++++++++--------- engines/ccgost/gost_eng.c | 11 +++++--- engines/ccgost/gost_lcl.h | 5 ++-- engines/ccgost/gost_pmeth.c | 26 +++--------------- 10 files changed, 73 insertions(+), 123 deletions(-) (limited to 'engines') diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile index 4c8466a53b..e2a2fda9a8 100644 --- a/engines/ccgost/Makefile +++ b/engines/ccgost/Makefile @@ -238,19 +238,21 @@ gost_params.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h gost_params.o: ../../include/openssl/symhacks.h gost_params.c gost_params.h gost_pmeth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h gost_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -gost_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -gost_pmeth.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -gost_pmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -gost_pmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -gost_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -gost_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +gost_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +gost_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +gost_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +gost_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +gost_pmeth.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +gost_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +gost_pmeth.o: ../../include/openssl/objects.h gost_pmeth.o: ../../include/openssl/opensslconf.h gost_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h gost_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h gost_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h gost_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -gost_pmeth.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h gost_lcl.h -gost_pmeth.o: gost_params.h gost_pmeth.c gosthash.h +gost_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +gost_pmeth.o: e_gost_err.h gost89.h gost_lcl.h gost_params.h gost_pmeth.c +gost_pmeth.o: gosthash.h gost_sign.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h gost_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h gost_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/engines/ccgost/e_gost_err.c b/engines/ccgost/e_gost_err.c index 62c8bacbe4..648a2d71e5 100644 --- a/engines/ccgost/e_gost_err.c +++ b/engines/ccgost/e_gost_err.c @@ -86,6 +86,8 @@ static ERR_STRING_DATA GOST_str_functs[]= {ERR_FUNC(GOST_F_GOST_COMPUTE_PUBLIC), "GOST_COMPUTE_PUBLIC"}, {ERR_FUNC(GOST_F_GOST_DO_SIGN), "GOST_DO_SIGN"}, {ERR_FUNC(GOST_F_GOST_DO_VERIFY), "GOST_DO_VERIFY"}, +{ERR_FUNC(GOST_F_GOST_IMIT_CTRL), "GOST_IMIT_CTRL"}, +{ERR_FUNC(GOST_F_GOST_IMIT_UPDATE), "GOST_IMIT_UPDATE"}, {ERR_FUNC(GOST_F_MAKE_RFC4490_KEYTRANSPORT_2001), "MAKE_RFC4490_KEYTRANSPORT_2001"}, {ERR_FUNC(GOST_F_PARAM_COPY_GOST01), "PARAM_COPY_GOST01"}, {ERR_FUNC(GOST_F_PARAM_COPY_GOST94), "PARAM_COPY_GOST94"}, @@ -122,7 +124,6 @@ static ERR_STRING_DATA GOST_str_reasons[]= {ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),"bad pkey parameters format"}, {ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),"cannot pack ephemeral key"}, {ERR_REASON(GOST_R_CTX_NOT_INITIALIZED_FOR_ENCRYPT),"ctx not initialized for encrypt"}, -{ERR_REASON(GOST_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(GOST_R_ERROR_COMPUTING_MAC) ,"error computing mac"}, {ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),"error computing shared key"}, {ERR_REASON(GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO),"error packing key transport info"}, diff --git a/engines/ccgost/e_gost_err.h b/engines/ccgost/e_gost_err.h index 0818a681cf..e416867d2a 100644 --- a/engines/ccgost/e_gost_err.h +++ b/engines/ccgost/e_gost_err.h @@ -83,6 +83,8 @@ void ERR_GOST_error(int function, int reason, char *file, int line); #define GOST_F_GOST_COMPUTE_PUBLIC 109 #define GOST_F_GOST_DO_SIGN 110 #define GOST_F_GOST_DO_VERIFY 111 +#define GOST_F_GOST_IMIT_CTRL 138 +#define GOST_F_GOST_IMIT_UPDATE 139 #define GOST_F_MAKE_RFC4490_KEYTRANSPORT_2001 127 #define GOST_F_PARAM_COPY_GOST01 132 #define GOST_F_PARAM_COPY_GOST94 133 @@ -100,11 +102,11 @@ void ERR_GOST_error(int function, int reason, char *file, int line); #define GOST_F_PKEY_GOST_CTRL 114 #define GOST_F_PKEY_GOST_CTRL01_STR 115 #define GOST_F_PKEY_GOST_CTRL94_STR 116 -#define GOST_F_PKEY_GOST_MAC_CTRL 138 -#define GOST_F_PKEY_GOST_MAC_CTRL_STR 139 -#define GOST_F_PKEY_GOST_MAC_KEYGEN 140 +#define GOST_F_PKEY_GOST_MAC_CTRL 140 +#define GOST_F_PKEY_GOST_MAC_CTRL_STR 141 +#define GOST_F_PKEY_GOST_MAC_KEYGEN 142 #define GOST_F_PRIV_DECODE_GOST_94 117 -#define GOST_F_PRIV_DECODE_MAC 141 +#define GOST_F_PRIV_DECODE_MAC 143 #define GOST_F_PUB_DECODE_GOST01 136 #define GOST_F_PUB_DECODE_GOST94 134 #define GOST_F_PUB_ENCODE_GOST01 135 @@ -116,7 +118,6 @@ void ERR_GOST_error(int function, int reason, char *file, int line); #define GOST_R_BAD_PKEY_PARAMETERS_FORMAT 129 #define GOST_R_CANNOT_PACK_EPHEMERAL_KEY 114 #define GOST_R_CTX_NOT_INITIALIZED_FOR_ENCRYPT 115 -#define GOST_R_DECODE_ERROR 134 #define GOST_R_ERROR_COMPUTING_MAC 116 #define GOST_R_ERROR_COMPUTING_SHARED_KEY 117 #define GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO 118 @@ -131,12 +132,12 @@ void ERR_GOST_error(int function, int reason, char *file, int line); #define GOST_R_INVALID_ENCRYPTED_KEY_SIZE 123 #define GOST_R_INVALID_GOST94_PARMSET 127 #define GOST_R_INVALID_IV_LENGTH 102 -#define GOST_R_INVALID_MAC_KEY_LENGTH 135 +#define GOST_R_INVALID_MAC_KEY_LENGTH 134 #define GOST_R_INVALID_PARAMSET 103 #define GOST_R_KEY_IS_NOT_INITALIZED 104 #define GOST_R_KEY_IS_NOT_INITIALIZED 105 #define GOST_R_KEY_PARAMETERS_MISSING 131 -#define GOST_R_MAC_KEY_NOT_SET 136 +#define GOST_R_MAC_KEY_NOT_SET 135 #define GOST_R_MALLOC_FAILURE 124 #define GOST_R_NOT_ENOUGH_SPACE_FOR_KEY 125 #define GOST_R_NO_MEMORY 106 diff --git a/engines/ccgost/gost2001_keyx.c b/engines/ccgost/gost2001_keyx.c index 1929dbdc68..3cef5f2e38 100644 --- a/engines/ccgost/gost2001_keyx.c +++ b/engines/ccgost/gost2001_keyx.c @@ -69,6 +69,7 @@ int pkey_GOST01cc_encrypt (EVP_PKEY_CTX *pctx,unsigned char *out, struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx); GOST_KEY_TRANSPORT *gkt = NULL; int ret=0; + const struct gost_cipher_info *cipher_info; gost_ctx ctx; EC_KEY *ephemeral=NULL; const EC_POINT *pub_key_point=NULL; @@ -84,7 +85,8 @@ int pkey_GOST01cc_encrypt (EVP_PKEY_CTX *pctx,unsigned char *out, goto err; } /* encrypt session key */ - gost_init(&ctx, &GostR3411_94_CryptoProParamSet); + cipher_info = get_encryption_params(NULL); + gost_init(&ctx, cipher_info->sblock); gost_key(&ctx,shared_key); encrypt_cryptocom_key(key,key_len,encrypted_key,&ctx); /* compute hmac of session key */ @@ -122,7 +124,7 @@ int pkey_GOST01cc_encrypt (EVP_PKEY_CTX *pctx,unsigned char *out, goto err; } ASN1_OBJECT_free(gkt->key_agreement_info->cipher); - gkt->key_agreement_info->cipher = OBJ_nid2obj(NID_id_Gost28147_89_cc); + gkt->key_agreement_info->cipher = OBJ_nid2obj(cipher_info->nid); if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt,&out))>0) ret = 1; ; err: @@ -143,6 +145,7 @@ int pkey_GOST01cc_decrypt (EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_l unsigned char hmac[4],hmac_comp[4]; unsigned char iv[8]; int i; + const struct gost_cipher_info *cipher_info; gost_ctx ctx; const EC_POINT *pub_key_point; EVP_PKEY *eph_key; @@ -178,7 +181,8 @@ int pkey_GOST01cc_decrypt (EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_l return 0; } /* Decrypt session key */ - gost_init(&ctx, &GostR3411_94_CryptoProParamSet); + cipher_info = get_encryption_params(gkt->key_agreement_info->cipher); + gost_init(&ctx, cipher_info->sblock); gost_key(&ctx,shared_key); if (!decrypt_cryptocom_key(key,*key_len,gkt->key_info->encrypted_key->data, diff --git a/engines/ccgost/gost94_keyx.c b/engines/ccgost/gost94_keyx.c index 599185f66d..a7cdb2a26d 100644 --- a/engines/ccgost/gost94_keyx.c +++ b/engines/ccgost/gost94_keyx.c @@ -234,6 +234,7 @@ int pkey_GOST94cc_encrypt (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen /* create DH structure filling parameters from passed pub_key */ DH *dh = NULL; GOST_KEY_TRANSPORT *gkt = NULL; + const struct gost_cipher_info *cipher_info; gost_ctx cctx; EVP_PKEY *newkey=NULL; unsigned char shared_key[32],encrypted_key[32],hmac[4], @@ -254,7 +255,8 @@ int pkey_GOST94cc_encrypt (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen goto err; } /* encrypt session key */ - gost_init(&cctx, &GostR3411_94_CryptoProParamSet); + cipher_info = get_encryption_params(NULL); + gost_init(&cctx, cipher_info->sblock); gost_key(&cctx,shared_key); encrypt_cryptocom_key(key,key_len,encrypted_key,&cctx); /* compute hmac of session key */ @@ -293,7 +295,7 @@ int pkey_GOST94cc_encrypt (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen goto err; } ASN1_OBJECT_free(gkt->key_agreement_info->cipher); - gkt->key_agreement_info->cipher = OBJ_nid2obj(NID_id_Gost28147_89_cc); + gkt->key_agreement_info->cipher = OBJ_nid2obj(cipher_info->nid); *outlen = i2d_GOST_KEY_TRANSPORT(gkt,&out); err: if (gkt) GOST_KEY_TRANSPORT_free(gkt); @@ -374,6 +376,7 @@ int pkey_GOST94cc_decrypt (EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_l unsigned char hmac[4],hmac_comp[4]; unsigned char iv[8]; int i; + const struct gost_cipher_info *cipher_info; gost_ctx ctx; DH *dh = DH_new(); EVP_PKEY *eph_key; @@ -415,7 +418,8 @@ int pkey_GOST94cc_decrypt (EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_l return 0; } /* Decrypt session key */ - gost_init(&ctx, &GostR3411_94_CryptoProParamSet); + cipher_info = get_encryption_params(gkt->key_agreement_info->cipher); + gost_init(&ctx, cipher_info->sblock); gost_key(&ctx,shared_key); if (!decrypt_cryptocom_key(key,*key_len,gkt->key_info->encrypted_key->data, diff --git a/engines/ccgost/gost_ameth.c b/engines/ccgost/gost_ameth.c index f5ac9c2d80..39a175f52c 100644 --- a/engines/ccgost/gost_ameth.c +++ b/engines/ccgost/gost_ameth.c @@ -714,69 +714,12 @@ static void mackey_free_gost(EVP_PKEY *pk) OPENSSL_free(pk->pkey.ptr); } } -static int priv_decode_mac(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf) - { - X509_ALGOR *palg = NULL; - int priv_len = 0; - ASN1_OBJECT *palg_obj = NULL; - ASN1_OCTET_STRING *s=NULL; - const unsigned char *pkey_buf = NULL, *p = NULL; - unsigned char *keybuf=NULL; - if (!PKCS8_pkey_get0(&palg_obj,&pkey_buf,&priv_len,&palg,p8inf)) - { - return 0; - } - p = pkey_buf; - if (V_ASN1_OCTET_STRING != *p) - { - GOSTerr(GOST_F_PRIV_DECODE_MAC, - GOST_R_DECODE_ERROR); - return 0; - } - s = d2i_ASN1_OCTET_STRING(NULL,&p,priv_len); - if (!s || s->length!=32) - { - GOSTerr(GOST_F_PRIV_DECODE_MAC, - GOST_R_DECODE_ERROR); - return 0; - } - keybuf = OPENSSL_malloc(32); - memcpy(keybuf,s->data,32); - EVP_PKEY_assign(pk,EVP_PKEY_base_id(pk),keybuf); - ASN1_STRING_free(s); - return 1; - } - -static int priv_encode_mac(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk) - { - ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk)); - ASN1_STRING *key = ASN1_STRING_new(); - unsigned char *priv_buf=NULL, *data = EVP_PKEY_get0((EVP_PKEY *)pk); - int priv_len; - - ASN1_STRING_set(key, data, 32); - priv_len = i2d_ASN1_OCTET_STRING(key,&priv_buf); - ASN1_STRING_free(key); - return PKCS8_pkey_set0(p8,algobj,0,V_ASN1_NULL,NULL,priv_buf,priv_len); - } - -static int priv_print_mac(BIO *out,const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx) - { - unsigned char *data = EVP_PKEY_get0((EVP_PKEY *)pkey); - int i; - if (!BIO_indent(out, indent,128)) return 0; - for (i=0; i<32;i++) { - BIO_printf(out,"%02x",data[i]); - } - return 1; - } static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2) { switch (op) { case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_id_Gost28147_89_MAC; + *(int *)arg2 = NID_undef; return 2; } return -2; @@ -825,8 +768,6 @@ int register_ameth_gost (int nid, EVP_PKEY_ASN1_METHOD **ameth, const char* pems break; case NID_id_Gost28147_89_MAC: EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost); - EVP_PKEY_asn1_set_private(*ameth, priv_decode_mac, - priv_encode_mac, priv_print_mac); EVP_PKEY_asn1_set_ctrl(*ameth,mac_ctrl_gost); break; } diff --git a/engines/ccgost/gost_crypt.c b/engines/ccgost/gost_crypt.c index e6645c2e8c..e02ad20326 100644 --- a/engines/ccgost/gost_crypt.c +++ b/engines/ccgost/gost_crypt.c @@ -88,10 +88,12 @@ static EVP_CIPHER cipher_gost_vizircfb = gost_cipher_ctl, NULL, }; - +#endif /* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */ /* Init functions which set specific parameters */ +#ifdef USE_SSL static int gost_imit_init_vizir(EVP_MD_CTX *ctx); +#endif static int gost_imit_init_cpa(EVP_MD_CTX *ctx); /* process block of data */ static int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count); @@ -103,6 +105,8 @@ static int gost_imit_cleanup(EVP_MD_CTX *ctx); /* Control function, knows how to set MAC key.*/ static int gost_imit_ctrl(EVP_MD_CTX *ctx,int type, int arg, void *ptr); +#ifdef USE_SSL + EVP_MD imit_gost_vizir = { NID_undef, @@ -121,27 +125,26 @@ EVP_MD imit_gost_vizir = 8, sizeof(struct ossl_gost_imit_ctx) }; - +#endif EVP_MD imit_gost_cpa = { - NID_undef, + NID_id_Gost28147_89_MAC, NID_undef, 4, - EVP_MD_FLAG_NEEDS_KEY, + 0, gost_imit_init_cpa, gost_imit_update, gost_imit_final, gost_imit_copy, gost_imit_cleanup, - gost_imit_ctrl, NULL, NULL, {0,0,0,0,0}, 8, - sizeof(struct ossl_gost_imit_ctx) + sizeof(struct ossl_gost_imit_ctx), + gost_imit_ctrl }; -#endif /* * Correspondence between gost parameter OIDs and substitution blocks * NID field is filed by register_gost_NID function in engine.c @@ -233,7 +236,7 @@ static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key, gost_init(&(c->cctx),&Gost28147_CryptoProParamSetA); c->key_meshing=1; c->count=0; - gost_key(&(c->cctx),key); + if(key) gost_key(&(c->cctx),key); if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); return 1; @@ -547,6 +550,7 @@ int gost_imit_init_vizir(EVP_MD_CTX *ctx) gost_init(&(c->cctx),&GostR3411_94_CryptoProParamSet); return 1; } +#endif int gost_imit_init_cpa(EVP_MD_CTX *ctx) { @@ -559,7 +563,7 @@ int gost_imit_init_cpa(EVP_MD_CTX *ctx) return 1; } -static void mac_block_mesh(struct ossl_gost_imit_ctx *c,unsigned char *data) +static void mac_block_mesh(struct ossl_gost_imit_ctx *c,const unsigned char *data) { char buffer[8]; /* We are using local buffer for iv because CryptoPro doesn't @@ -579,7 +583,10 @@ int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count) struct ossl_gost_imit_ctx *c = ctx->md_data; const unsigned char *p = data; size_t bytes = count,i; - if (!(c->key_set)) return 0; + if (!(c->key_set)) { + GOSTerr(GOST_F_GOST_IMIT_UPDATE, GOST_R_MAC_KEY_NOT_SET); + return 0; + } if (c->bytes_left) { for (i=c->bytes_left;i<8&&bytes>0;bytes--,i++,p++) @@ -623,6 +630,7 @@ int gost_imit_final(EVP_MD_CTX *ctx,unsigned char *md) mac_block_mesh(c,c->partial_block); } get_mac(c->buffer,32,md); + if (!c->key_set) return 0; return 1; } @@ -630,13 +638,19 @@ int gost_imit_ctrl(EVP_MD_CTX *ctx,int type, int arg, void *ptr) { switch (type) { - case EVP_MD_CTRL_GET_TLS_MAC_KEY_LENGTH: + case EVP_MD_CTRL_KEY_LEN: *((unsigned int*)(ptr)) = 32; return 1; case EVP_MD_CTRL_SET_KEY: { + if (arg!=32) { + GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH); + return 0; + } + gost_key(&(((struct ossl_gost_imit_ctx*)(ctx->md_data))->cctx),ptr) ; ((struct ossl_gost_imit_ctx*)(ctx->md_data))->key_set = 1; + return 1; } default: @@ -657,4 +671,3 @@ int gost_imit_cleanup(EVP_MD_CTX *ctx) return 1; } -#endif diff --git a/engines/ccgost/gost_eng.c b/engines/ccgost/gost_eng.c index fd474dc1a5..daa397f6cc 100644 --- a/engines/ccgost/gost_eng.c +++ b/engines/ccgost/gost_eng.c @@ -34,7 +34,7 @@ static int gost_cipher_nids[] = {NID_id_Gost28147_89, NID_gost89_cnt,0}; static int gost_digest_nids[] = - {NID_id_GostR3411_94, 0}; + {NID_id_GostR3411_94,NID_id_Gost28147_89_MAC, 0}; static int gost_pkey_meth_nids[] = {NID_id_GostR3410_94_cc, NID_id_GostR3410_94, NID_id_GostR3410_2001_cc, @@ -137,6 +137,7 @@ static int bind_gost (ENGINE *e,const char *id) || ! EVP_add_cipher(&cipher_gost) || ! EVP_add_cipher(&cipher_gost_cpacnt) || ! EVP_add_digest(&digest_gost) + || ! EVP_add_digest(&imit_gost_cpa) ) { goto end; @@ -160,14 +161,18 @@ static int gost_digests(ENGINE *e, const EVP_MD **digest, if (!digest) { *nids = gost_digest_nids; - return 1; + return 2; } /*printf("Digest no %d requested\n",nid);*/ if(nid == NID_id_GostR3411_94) { *digest = &digest_gost; } - else + else if (nid == NID_id_Gost28147_89_MAC) + { + *digest = &imit_gost_cpa; + } + else { ok =0; *digest = NULL; diff --git a/engines/ccgost/gost_lcl.h b/engines/ccgost/gost_lcl.h index bb33d7c0c8..8026a2de9e 100644 --- a/engines/ccgost/gost_lcl.h +++ b/engines/ccgost/gost_lcl.h @@ -114,7 +114,8 @@ struct ossl_gost_digest_ctx { }; /* EVP_MD structure for GOST R 34.11 */ extern EVP_MD digest_gost; - +/* EVP_MD structure for GOST 28147 in MAC mode */ +extern EVP_MD imit_gost_cpa; /* Cipher context used for EVP_CIPHER operation */ struct ossl_gost_cipher_ctx { int paramNID; @@ -128,7 +129,6 @@ struct gost_cipher_info { gost_subst_block *sblock; int key_meshing; }; -#ifdef USE_SSL /* Context for MAC */ struct ossl_gost_imit_ctx { gost_ctx cctx; @@ -139,7 +139,6 @@ struct ossl_gost_imit_ctx { int bytes_left; int key_set; }; -#endif /* Table which maps parameter NID to S-blocks */ extern struct gost_cipher_info gost_cipher_list[]; /* Find encryption params from ASN1_OBJECT */ diff --git a/engines/ccgost/gost_pmeth.c b/engines/ccgost/gost_pmeth.c index 8ed531f038..76c5d9e5ff 100644 --- a/engines/ccgost/gost_pmeth.c +++ b/engines/ccgost/gost_pmeth.c @@ -545,7 +545,7 @@ static int pkey_gost_mac_ctrl (EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { case EVP_PKEY_CTRL_MD: { - if (EVP_MD_type((const EVP_MD *)p2) != NID_id_Gost28147_89_MAC) + if (p2 != NULL) { GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_DIGEST_TYPE); return 0; @@ -591,7 +591,7 @@ static int pkey_gost_mac_ctrl (EVP_PKEY_CTX *ctx, int type, int p1, void *p2) } else { key = &(data->key); } - return mctx->digest->md_ctrl(mctx,EVP_MD_CTRL_SET_KEY,32,key); + return imit_gost_vizir.md_ctrl(mctx,EVP_MD_CTRL_SET_KEY,32,key); } } return -2; @@ -646,27 +646,7 @@ static int pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) static int pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) { - void *key; - struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); - if (!mctx->digest) return 1; - if (!data->key_set) - { - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); - if (!pkey) - { - GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,GOST_R_MAC_KEY_NOT_SET); - return 0; - } - key = EVP_PKEY_get0(pkey); - if (!key) - { - GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,GOST_R_MAC_KEY_NOT_SET); - return 0; - } - } else { - key = &(data->key); - } - return mctx->digest->md_ctrl(mctx,EVP_MD_CTRL_SET_KEY,32,key); + return 1; } static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, EVP_MD_CTX *mctx) -- cgit v1.2.3