Updated GOST MAC support.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 18 May 2007 15:55:55 +0000 (15:55 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 18 May 2007 15:55:55 +0000 (15:55 +0000)
Submitted by: vitus@cryptocom.ru

engines/ccgost/Makefile
engines/ccgost/e_gost_err.c
engines/ccgost/e_gost_err.h
engines/ccgost/gost2001_keyx.c
engines/ccgost/gost94_keyx.c
engines/ccgost/gost_ameth.c
engines/ccgost/gost_crypt.c
engines/ccgost/gost_eng.c
engines/ccgost/gost_lcl.h
engines/ccgost/gost_pmeth.c

index 4c8466a..e2a2fda 100644 (file)
@@ -238,19 +238,21 @@ gost_params.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 gost_params.o: ../../include/openssl/symhacks.h gost_params.c gost_params.h
 gost_pmeth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 gost_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-gost_pmeth.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-gost_pmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-gost_pmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-gost_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-gost_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+gost_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+gost_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+gost_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+gost_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+gost_pmeth.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
+gost_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+gost_pmeth.o: ../../include/openssl/objects.h
 gost_pmeth.o: ../../include/openssl/opensslconf.h
 gost_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 gost_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 gost_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 gost_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-gost_pmeth.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h gost_lcl.h
-gost_pmeth.o: gost_params.h gost_pmeth.c gosthash.h
+gost_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+gost_pmeth.o: e_gost_err.h gost89.h gost_lcl.h gost_params.h gost_pmeth.c
+gost_pmeth.o: gosthash.h
 gost_sign.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 gost_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 gost_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
index 62c8bac..648a2d7 100644 (file)
@@ -86,6 +86,8 @@ static ERR_STRING_DATA GOST_str_functs[]=
 {ERR_FUNC(GOST_F_GOST_COMPUTE_PUBLIC), "GOST_COMPUTE_PUBLIC"},
 {ERR_FUNC(GOST_F_GOST_DO_SIGN),        "GOST_DO_SIGN"},
 {ERR_FUNC(GOST_F_GOST_DO_VERIFY),      "GOST_DO_VERIFY"},
+{ERR_FUNC(GOST_F_GOST_IMIT_CTRL),      "GOST_IMIT_CTRL"},
+{ERR_FUNC(GOST_F_GOST_IMIT_UPDATE),    "GOST_IMIT_UPDATE"},
 {ERR_FUNC(GOST_F_MAKE_RFC4490_KEYTRANSPORT_2001),      "MAKE_RFC4490_KEYTRANSPORT_2001"},
 {ERR_FUNC(GOST_F_PARAM_COPY_GOST01),   "PARAM_COPY_GOST01"},
 {ERR_FUNC(GOST_F_PARAM_COPY_GOST94),   "PARAM_COPY_GOST94"},
@@ -122,7 +124,6 @@ static ERR_STRING_DATA GOST_str_reasons[]=
 {ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),"bad pkey parameters format"},
 {ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),"cannot pack ephemeral key"},
 {ERR_REASON(GOST_R_CTX_NOT_INITIALIZED_FOR_ENCRYPT),"ctx not initialized for encrypt"},
-{ERR_REASON(GOST_R_DECODE_ERROR)         ,"decode error"},
 {ERR_REASON(GOST_R_ERROR_COMPUTING_MAC)  ,"error computing mac"},
 {ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),"error computing shared key"},
 {ERR_REASON(GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO),"error packing key transport info"},
index 0818a68..e416867 100644 (file)
@@ -83,6 +83,8 @@ void ERR_GOST_error(int function, int reason, char *file, int line);
 #define GOST_F_GOST_COMPUTE_PUBLIC                      109
 #define GOST_F_GOST_DO_SIGN                             110
 #define GOST_F_GOST_DO_VERIFY                           111
+#define GOST_F_GOST_IMIT_CTRL                           138
+#define GOST_F_GOST_IMIT_UPDATE                                 139
 #define GOST_F_MAKE_RFC4490_KEYTRANSPORT_2001           127
 #define GOST_F_PARAM_COPY_GOST01                        132
 #define GOST_F_PARAM_COPY_GOST94                        133
@@ -100,11 +102,11 @@ void ERR_GOST_error(int function, int reason, char *file, int line);
 #define GOST_F_PKEY_GOST_CTRL                           114
 #define GOST_F_PKEY_GOST_CTRL01_STR                     115
 #define GOST_F_PKEY_GOST_CTRL94_STR                     116
-#define GOST_F_PKEY_GOST_MAC_CTRL                       138
-#define GOST_F_PKEY_GOST_MAC_CTRL_STR                   139
-#define GOST_F_PKEY_GOST_MAC_KEYGEN                     140
+#define GOST_F_PKEY_GOST_MAC_CTRL                       140
+#define GOST_F_PKEY_GOST_MAC_CTRL_STR                   141
+#define GOST_F_PKEY_GOST_MAC_KEYGEN                     142
 #define GOST_F_PRIV_DECODE_GOST_94                      117
-#define GOST_F_PRIV_DECODE_MAC                          141
+#define GOST_F_PRIV_DECODE_MAC                          143
 #define GOST_F_PUB_DECODE_GOST01                        136
 #define GOST_F_PUB_DECODE_GOST94                        134
 #define GOST_F_PUB_ENCODE_GOST01                        135
@@ -116,7 +118,6 @@ void ERR_GOST_error(int function, int reason, char *file, int line);
 #define GOST_R_BAD_PKEY_PARAMETERS_FORMAT               129
 #define GOST_R_CANNOT_PACK_EPHEMERAL_KEY                114
 #define GOST_R_CTX_NOT_INITIALIZED_FOR_ENCRYPT          115
-#define GOST_R_DECODE_ERROR                             134
 #define GOST_R_ERROR_COMPUTING_MAC                      116
 #define GOST_R_ERROR_COMPUTING_SHARED_KEY               117
 #define GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO                 118
@@ -131,12 +132,12 @@ void ERR_GOST_error(int function, int reason, char *file, int line);
 #define GOST_R_INVALID_ENCRYPTED_KEY_SIZE               123
 #define GOST_R_INVALID_GOST94_PARMSET                   127
 #define GOST_R_INVALID_IV_LENGTH                        102
-#define GOST_R_INVALID_MAC_KEY_LENGTH                   135
+#define GOST_R_INVALID_MAC_KEY_LENGTH                   134
 #define GOST_R_INVALID_PARAMSET                                 103
 #define GOST_R_KEY_IS_NOT_INITALIZED                    104
 #define GOST_R_KEY_IS_NOT_INITIALIZED                   105
 #define GOST_R_KEY_PARAMETERS_MISSING                   131
-#define GOST_R_MAC_KEY_NOT_SET                          136
+#define GOST_R_MAC_KEY_NOT_SET                          135
 #define GOST_R_MALLOC_FAILURE                           124
 #define GOST_R_NOT_ENOUGH_SPACE_FOR_KEY                         125
 #define GOST_R_NO_MEMORY                                106
index 1929dbd..3cef5f2 100644 (file)
@@ -69,6 +69,7 @@ int pkey_GOST01cc_encrypt (EVP_PKEY_CTX *pctx,unsigned char *out,
        struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);     
        GOST_KEY_TRANSPORT *gkt = NULL;
        int ret=0;
+       const struct gost_cipher_info *cipher_info;
        gost_ctx ctx;
        EC_KEY *ephemeral=NULL;
        const EC_POINT *pub_key_point=NULL;
@@ -84,7 +85,8 @@ int pkey_GOST01cc_encrypt (EVP_PKEY_CTX *pctx,unsigned char *out,
                goto err;
                }       
        /* encrypt session key */
-       gost_init(&ctx, &GostR3411_94_CryptoProParamSet);
+       cipher_info = get_encryption_params(NULL);
+       gost_init(&ctx, cipher_info->sblock);
        gost_key(&ctx,shared_key);
        encrypt_cryptocom_key(key,key_len,encrypted_key,&ctx);
        /* compute hmac of session key */
@@ -122,7 +124,7 @@ int pkey_GOST01cc_encrypt (EVP_PKEY_CTX *pctx,unsigned char *out,
                goto err;
                }       
        ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
-       gkt->key_agreement_info->cipher = OBJ_nid2obj(NID_id_Gost28147_89_cc);
+       gkt->key_agreement_info->cipher = OBJ_nid2obj(cipher_info->nid);
        if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt,&out))>0) ret = 1;
        ;
        err:
@@ -143,6 +145,7 @@ int pkey_GOST01cc_decrypt (EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_l
        unsigned char hmac[4],hmac_comp[4];
        unsigned char iv[8];
        int i;
+       const struct gost_cipher_info *cipher_info;
        gost_ctx ctx;
        const EC_POINT *pub_key_point;
        EVP_PKEY *eph_key;
@@ -178,7 +181,8 @@ int pkey_GOST01cc_decrypt (EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_l
                return 0;
                }
        /* Decrypt session key */
-       gost_init(&ctx, &GostR3411_94_CryptoProParamSet);
+       cipher_info = get_encryption_params(gkt->key_agreement_info->cipher);
+       gost_init(&ctx, cipher_info->sblock);
        gost_key(&ctx,shared_key);
        
        if (!decrypt_cryptocom_key(key,*key_len,gkt->key_info->encrypted_key->data, 
index 599185f..a7cdb2a 100644 (file)
@@ -234,6 +234,7 @@ int pkey_GOST94cc_encrypt (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen
        /* create DH structure filling parameters from passed pub_key */
        DH *dh = NULL;
        GOST_KEY_TRANSPORT *gkt = NULL;
+       const struct gost_cipher_info *cipher_info;
        gost_ctx cctx;
        EVP_PKEY *newkey=NULL;
        unsigned char shared_key[32],encrypted_key[32],hmac[4],
@@ -254,7 +255,8 @@ int pkey_GOST94cc_encrypt (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen
                goto err;
                }       
        /* encrypt session key */
-       gost_init(&cctx, &GostR3411_94_CryptoProParamSet);
+       cipher_info = get_encryption_params(NULL);
+       gost_init(&cctx, cipher_info->sblock);
        gost_key(&cctx,shared_key);
        encrypt_cryptocom_key(key,key_len,encrypted_key,&cctx);
        /* compute hmac of session key */
@@ -293,7 +295,7 @@ int pkey_GOST94cc_encrypt (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen
                goto err;
                }       
        ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
-       gkt->key_agreement_info->cipher = OBJ_nid2obj(NID_id_Gost28147_89_cc);
+       gkt->key_agreement_info->cipher = OBJ_nid2obj(cipher_info->nid);
        *outlen = i2d_GOST_KEY_TRANSPORT(gkt,&out);
        err:
        if (gkt) GOST_KEY_TRANSPORT_free(gkt);
@@ -374,6 +376,7 @@ int pkey_GOST94cc_decrypt (EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_l
        unsigned char hmac[4],hmac_comp[4];
        unsigned char iv[8];
        int i;
+       const struct gost_cipher_info *cipher_info;
        gost_ctx ctx;
        DH *dh = DH_new();
        EVP_PKEY *eph_key;
@@ -415,7 +418,8 @@ int pkey_GOST94cc_decrypt (EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_l
                return 0;
                }
        /* Decrypt session key */
-       gost_init(&ctx, &GostR3411_94_CryptoProParamSet);
+       cipher_info = get_encryption_params(gkt->key_agreement_info->cipher);
+       gost_init(&ctx, cipher_info->sblock);
        gost_key(&ctx,shared_key);
        
        if (!decrypt_cryptocom_key(key,*key_len,gkt->key_info->encrypted_key->data, 
index f5ac9c2..39a175f 100644 (file)
@@ -714,69 +714,12 @@ static void  mackey_free_gost(EVP_PKEY *pk)
                        OPENSSL_free(pk->pkey.ptr);
                }       
        }
-static int     priv_decode_mac(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf)
-       {       
-               X509_ALGOR *palg = NULL;
-               int priv_len = 0;
-               ASN1_OBJECT *palg_obj = NULL;
-               ASN1_OCTET_STRING *s=NULL;
-               const unsigned char *pkey_buf = NULL, *p = NULL;
-               unsigned char *keybuf=NULL;
-               if (!PKCS8_pkey_get0(&palg_obj,&pkey_buf,&priv_len,&palg,p8inf)) 
-                       {
-                       return 0;
-                       }
-               p = pkey_buf;
-               if (V_ASN1_OCTET_STRING != *p) 
-                       {
-                       GOSTerr(GOST_F_PRIV_DECODE_MAC,
-                               GOST_R_DECODE_ERROR);
-                       return 0;       
-                       }       
-               s = d2i_ASN1_OCTET_STRING(NULL,&p,priv_len);
-               if (!s || s->length!=32) 
-                       {
-                       GOSTerr(GOST_F_PRIV_DECODE_MAC,
-                               GOST_R_DECODE_ERROR);
-                       return 0;       
-                       }       
-               keybuf = OPENSSL_malloc(32);
-               memcpy(keybuf,s->data,32);
-               EVP_PKEY_assign(pk,EVP_PKEY_base_id(pk),keybuf);
-               ASN1_STRING_free(s);
-               return 1;
-       }
-       
-static int     priv_encode_mac(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
-       {
-       ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
-       ASN1_STRING *key = ASN1_STRING_new();
-       unsigned char *priv_buf=NULL, *data = EVP_PKEY_get0((EVP_PKEY *)pk);
-       int priv_len;
-       
-       ASN1_STRING_set(key, data, 32);
-       priv_len = i2d_ASN1_OCTET_STRING(key,&priv_buf);
-       ASN1_STRING_free(key);
-       return PKCS8_pkey_set0(p8,algobj,0,V_ASN1_NULL,NULL,priv_buf,priv_len);
-       }
-
-static int     priv_print_mac(BIO *out,const EVP_PKEY *pkey, int indent,
-       ASN1_PCTX *pctx)
-       {
-               unsigned char *data = EVP_PKEY_get0((EVP_PKEY *)pkey);
-               int i;
-               if (!BIO_indent(out, indent,128)) return 0;
-               for (i=0; i<32;i++) {
-                       BIO_printf(out,"%02x",data[i]);
-               }
-               return 1;
-       }       
 static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 {
        switch (op)
                {
                case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-                       *(int *)arg2 = NID_id_Gost28147_89_MAC;
+                       *(int *)arg2 = NID_undef;
                        return 2;
                }
        return -2;
@@ -825,8 +768,6 @@ int register_ameth_gost (int nid, EVP_PKEY_ASN1_METHOD **ameth, const char* pems
                        break;
                case NID_id_Gost28147_89_MAC:
                        EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost);
-                       EVP_PKEY_asn1_set_private(*ameth, priv_decode_mac,
-                               priv_encode_mac, priv_print_mac);
                        EVP_PKEY_asn1_set_ctrl(*ameth,mac_ctrl_gost);   
                        break;
                }               
index e6645c2..e02ad20 100644 (file)
@@ -88,10 +88,12 @@ static EVP_CIPHER cipher_gost_vizircfb =
        gost_cipher_ctl,
        NULL,
        };
-
+#endif
 /* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */
 /* Init functions which set specific parameters */
+#ifdef USE_SSL
 static int gost_imit_init_vizir(EVP_MD_CTX *ctx);
+#endif
 static int gost_imit_init_cpa(EVP_MD_CTX *ctx);
 /* process block of data */
 static int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count);
@@ -103,6 +105,8 @@ static int gost_imit_cleanup(EVP_MD_CTX *ctx);
 /* Control function, knows how to set MAC key.*/
 static int gost_imit_ctrl(EVP_MD_CTX *ctx,int type, int arg, void *ptr);
 
+#ifdef USE_SSL
+
 EVP_MD imit_gost_vizir =
        {
        NID_undef,
@@ -121,27 +125,26 @@ EVP_MD imit_gost_vizir =
        8,
        sizeof(struct ossl_gost_imit_ctx) 
        };
-
+#endif
 EVP_MD imit_gost_cpa =
        {
-       NID_undef,
+       NID_id_Gost28147_89_MAC,
        NID_undef,
        4,
-       EVP_MD_FLAG_NEEDS_KEY,
+       0,
        gost_imit_init_cpa,
        gost_imit_update,
        gost_imit_final,
        gost_imit_copy,
        gost_imit_cleanup,
-       gost_imit_ctrl,
        NULL,
        NULL,
        {0,0,0,0,0},
        8,
-       sizeof(struct ossl_gost_imit_ctx) 
+       sizeof(struct ossl_gost_imit_ctx), 
+       gost_imit_ctrl
        };
 
-#endif
 /* 
  * Correspondence between gost parameter OIDs and substitution blocks
  * NID field is filed by register_gost_NID function in engine.c
@@ -233,7 +236,7 @@ static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        gost_init(&(c->cctx),&Gost28147_CryptoProParamSetA);
        c->key_meshing=1;
        c->count=0;
-       gost_key(&(c->cctx),key);
+       if(key) gost_key(&(c->cctx),key);
        if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
        memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
        return 1;
@@ -547,6 +550,7 @@ int gost_imit_init_vizir(EVP_MD_CTX *ctx)
        gost_init(&(c->cctx),&GostR3411_94_CryptoProParamSet);
        return 1;
        }
+#endif
 
 int gost_imit_init_cpa(EVP_MD_CTX *ctx)
        {
@@ -559,7 +563,7 @@ int gost_imit_init_cpa(EVP_MD_CTX *ctx)
        return 1;
        }
 
-static void mac_block_mesh(struct ossl_gost_imit_ctx *c,unsigned char *data)
+static void mac_block_mesh(struct ossl_gost_imit_ctx *c,const unsigned char *data)
        {
        char buffer[8];
        /* We are using local buffer for iv because CryptoPro doesn't 
@@ -579,7 +583,10 @@ int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count)
        struct ossl_gost_imit_ctx *c = ctx->md_data;
        const unsigned char *p = data;
        size_t bytes = count,i;
-       if (!(c->key_set)) return 0;
+       if (!(c->key_set)) {
+               GOSTerr(GOST_F_GOST_IMIT_UPDATE, GOST_R_MAC_KEY_NOT_SET);
+               return 0;
+       }
        if (c->bytes_left)
                {
                for (i=c->bytes_left;i<8&&bytes>0;bytes--,i++,p++)
@@ -623,6 +630,7 @@ int gost_imit_final(EVP_MD_CTX *ctx,unsigned char *md)
                mac_block_mesh(c,c->partial_block);
                }
        get_mac(c->buffer,32,md);
+       if (!c->key_set) return 0;
        return 1;
        }
 
@@ -630,13 +638,19 @@ int gost_imit_ctrl(EVP_MD_CTX *ctx,int type, int arg, void *ptr)
        {
        switch (type)
                {
-               case EVP_MD_CTRL_GET_TLS_MAC_KEY_LENGTH:
+               case EVP_MD_CTRL_KEY_LEN:
                        *((unsigned int*)(ptr)) = 32;
                        return 1;
                case EVP_MD_CTRL_SET_KEY:
                {
+               if (arg!=32) {
+                       GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
+                       return 0;
+               }
+
                gost_key(&(((struct ossl_gost_imit_ctx*)(ctx->md_data))->cctx),ptr)     ;
                ((struct ossl_gost_imit_ctx*)(ctx->md_data))->key_set = 1;
+               return 1;
 
                }
                default:
@@ -657,4 +671,3 @@ int gost_imit_cleanup(EVP_MD_CTX *ctx)
        return 1;
        }
 
-#endif
index fd474dc..daa397f 100644 (file)
@@ -34,7 +34,7 @@ static int gost_cipher_nids[] =
     {NID_id_Gost28147_89, NID_gost89_cnt,0};
 
 static int gost_digest_nids[] =
-       {NID_id_GostR3411_94, 0};
+       {NID_id_GostR3411_94,NID_id_Gost28147_89_MAC, 0};
 
 static int gost_pkey_meth_nids[] = 
        {NID_id_GostR3410_94_cc, NID_id_GostR3410_94, NID_id_GostR3410_2001_cc,
@@ -137,6 +137,7 @@ static int bind_gost (ENGINE *e,const char *id)
                || ! EVP_add_cipher(&cipher_gost)
                || ! EVP_add_cipher(&cipher_gost_cpacnt)
                || ! EVP_add_digest(&digest_gost)
+               || ! EVP_add_digest(&imit_gost_cpa)
                )
                {
                goto end;
@@ -160,14 +161,18 @@ static int gost_digests(ENGINE *e, const EVP_MD **digest,
        if (!digest) 
                {
                *nids = gost_digest_nids;
-               return 1
+               return 2
                }
        /*printf("Digest no %d requested\n",nid);*/
        if(nid == NID_id_GostR3411_94) 
                {
                *digest = &digest_gost;
                }
-       else 
+       else if (nid == NID_id_Gost28147_89_MAC) 
+               {
+               *digest = &imit_gost_cpa;
+               }
+       else
                {
                ok =0;
                *digest = NULL;
index bb33d7c..8026a2d 100644 (file)
@@ -114,7 +114,8 @@ struct ossl_gost_digest_ctx {
 };     
 /* EVP_MD structure for GOST R 34.11 */
 extern EVP_MD digest_gost;
-
+/* EVP_MD structure for GOST 28147 in MAC mode */
+extern EVP_MD imit_gost_cpa;
 /* Cipher context used for EVP_CIPHER operation */
 struct ossl_gost_cipher_ctx {
        int paramNID;
@@ -128,7 +129,6 @@ struct gost_cipher_info {
        gost_subst_block *sblock;
        int key_meshing;
 };
-#ifdef USE_SSL
 /* Context for MAC */
 struct ossl_gost_imit_ctx {
        gost_ctx cctx;
@@ -139,7 +139,6 @@ struct ossl_gost_imit_ctx {
        int bytes_left;
        int key_set;
 };     
-#endif
 /* Table which maps parameter NID to S-blocks */
 extern struct gost_cipher_info gost_cipher_list[];
 /* Find encryption params from ASN1_OBJECT */
index 8ed531f..76c5d9e 100644 (file)
@@ -545,7 +545,7 @@ static int pkey_gost_mac_ctrl (EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                {
                case EVP_PKEY_CTRL_MD:
                {
-               if (EVP_MD_type((const EVP_MD *)p2) != NID_id_Gost28147_89_MAC)
+               if (p2 != NULL)
                        {
                        GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_DIGEST_TYPE);
                        return 0;
@@ -591,7 +591,7 @@ static int pkey_gost_mac_ctrl (EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                                } else {
                                key = &(data->key);
                                }
-                       return mctx->digest->md_ctrl(mctx,EVP_MD_CTRL_SET_KEY,32,key);
+                       return imit_gost_vizir.md_ctrl(mctx,EVP_MD_CTRL_SET_KEY,32,key);
                        }  
                }       
        return -2;
@@ -646,27 +646,7 @@ static int pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 
 static int pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
        {
-       void *key;
-       struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
-       if (!mctx->digest)  return 1;
-       if (!data->key_set)
-               { 
-               EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
-               if (!pkey) 
-                       {
-                       GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,GOST_R_MAC_KEY_NOT_SET);
-                       return 0;
-                       }
-               key = EVP_PKEY_get0(pkey);
-               if (!key) 
-                       {
-                       GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,GOST_R_MAC_KEY_NOT_SET);
-                       return 0;
-                       }
-               } else {
-               key = &(data->key);
-               }
-               return mctx->digest->md_ctrl(mctx,EVP_MD_CTRL_SET_KEY,32,key);
+       return 1;
 }
 
 static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, EVP_MD_CTX *mctx)