STDout = BIO_push(tmpbio, STDout);
}
#endif
+ if (!load_config(bio_err, NULL))
+ goto end;
argc--;
argv++;
* [including the GNU Public Licence.]
*/
-#define NUM_NID 835
-#define NUM_SN 831
-#define NUM_LN 831
+#define NUM_NID 836
+#define NUM_SN 832
+#define NUM_LN 832
#define NUM_OBJ 787
static unsigned char lvalues[5560]={
&(lvalues[5541]),0},
{"dsa_with_SHA256","dsa_with_SHA256",NID_dsa_with_SHA256,9,
&(lvalues[5550]),0},
+{"gost89-cnt","gost89-cnt",NID_gost89_cnt,0,NULL,0},
};
static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[784]),/* "gost2001" */
&(nid_objs[823]),/* "gost2001cc" */
&(nid_objs[786]),/* "gost89" */
+&(nid_objs[835]),/* "gost89-cnt" */
&(nid_objs[785]),/* "gost94" */
&(nid_objs[822]),/* "gost94cc" */
&(nid_objs[772]),/* "hmacWithMD5" */
&(nid_objs[509]),/* "generationQualifier" */
&(nid_objs[601]),/* "generic cryptogram" */
&(nid_objs[99]),/* "givenName" */
+&(nid_objs[835]),/* "gost89-cnt" */
&(nid_objs[772]),/* "hmacWithMD5" */
&(nid_objs[163]),/* "hmacWithSHA1" */
&(nid_objs[773]),/* "hmacWithSHA224" */
#define NID_id_Gost28147_89 786
#define OBJ_id_Gost28147_89 OBJ_cryptopro,21L
+#define SN_gost89_cnt "gost89-cnt"
+#define NID_gost89_cnt 835
+
#define SN_id_Gost28147_89_MAC "id-Gost28147-89-MAC"
#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC"
#define NID_id_Gost28147_89_MAC 787
ecdsa_with_SHA512 832
dsa_with_SHA224 833
dsa_with_SHA256 834
+gost89_cnt 835
cryptopro 20 : gost94 : GOST R 34.10-94
!Cname id-Gost28147-89
cryptopro 21 : gost89 : GOST 28147-89
+ : gost89-cnt
cryptopro 22 : id-Gost28147-89-MAC : GOST 28147-89 MAC
!Cname id-GostR3411-94-prf
cryptopro 23 : prf-gostr3411-94 : GOST R 34.11-94 PRF
#include "gost_lcl.h"
static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
+static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
#ifdef USE_SSL
/* Specialized init functions which set specific parameters */
static int gost_cipher_init_vizir(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
-static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc);
#endif
/* Handles block of data in CFB mode */
static int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl);
-#if 0
/* Handles block of data in CNT mode */
static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl);
-#endif
/* Cleanup function */
static int gost_cipher_cleanup(EVP_CIPHER_CTX *);
/* set/get cipher parameters */
NULL,
};
-#ifdef USE_SSL
-static EVP_CIPHER cipher_gost_vizircfb =
+EVP_CIPHER cipher_gost_cpacnt =
{
- NID_undef,
+ NID_gost89_cnt,
1,/*block_size*/
32,/*key_size*/
8,/*iv_len - ñèíõðîïîñûëêà*/
- EVP_CIPH_CFB_MODE| EVP_CIPH_NO_PADDING |
+ EVP_CIPH_OFB_MODE| EVP_CIPH_NO_PADDING |
EVP_CIPH_CUSTOM_IV| EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
- gost_cipher_init_vizir,
- gost_cipher_do_cfb,
+ gost_cipher_init_cpa,
+ gost_cipher_do_cnt,
gost_cipher_cleanup,
sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */
gost89_set_asn1_parameters,
NULL,
};
-static EVP_CIPHER cipher_gost_cpacnt =
+#ifdef USE_SSL
+static EVP_CIPHER cipher_gost_vizircfb =
{
NID_undef,
1,/*block_size*/
32,/*key_size*/
8,/*iv_len - ñèíõðîïîñûëêà*/
- EVP_CIPH_OFB_MODE| EVP_CIPH_NO_PADDING |
+ EVP_CIPH_CFB_MODE| EVP_CIPH_NO_PADDING |
EVP_CIPH_CUSTOM_IV| EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
- gost_cipher_init_cpa,
- gost_cipher_do_cnt,
+ gost_cipher_init_vizir,
+ gost_cipher_do_cfb,
gost_cipher_cleanup,
sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */
gost89_set_asn1_parameters,
gost_cipher_ctl,
NULL,
};
+
/* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */
/* Init functions which set specific parameters */
static int gost_imit_init_vizir(EVP_MD_CTX *ctx);
return 1;
}
-#ifdef USE_SSL
-/* Initializes EVP_CIPHER_CTX with fixed cryptopro A paramset */
static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
return 1;
}
+#ifdef USE_SSL
+/* Initializes EVP_CIPHER_CTX with fixed cryptopro A paramset */
/* Initializes EVP_CIPHER_CTX with fixed vizir paramset */
static int gost_cipher_init_vizir(EVP_CIPHER_CTX *ctx, const unsigned char *key,
c->count+=8;
}
-#ifdef USE_SSL
static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf)
{
struct ossl_gost_cipher_ctx *c = ctx;
gostcrypt(&(c->cctx),buf1,buf);
c->count +=8;
}
-#endif /* def USE_SSL */
/* GOST encryption in CFB mode */
int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
return 1;
}
-#if USE_SSL
static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl)
{
}
return 1;
}
-#endif /* def USE_SSL */
/* Cleaning up of EVP_CIPHER_CTX */
int gost_cipher_cleanup(EVP_CIPHER_CTX *ctx)
const int **nids, int nid);
static int gost_cipher_nids[] =
- {NID_id_Gost28147_89, 0};
+ {NID_id_Gost28147_89, NID_gost89_cnt,0};
static int gost_digest_nids[] =
{NID_id_GostR3411_94, 0};
|| ! ENGINE_register_pkey_meths(e)
/* These two actually should go in LIST_ADD command */
|| ! EVP_add_cipher(&cipher_gost)
+ || ! EVP_add_cipher(&cipher_gost_cpacnt)
|| ! EVP_add_digest(&digest_gost)
)
{
if (!cipher)
{
*nids = gost_cipher_nids;
- return 1; /* Only one cipher supported */
+ return 2; /* two ciphers are supported */
}
if(nid == NID_id_Gost28147_89)
{
*cipher = &cipher_gost;
}
- else
+ else if (nid == NID_gost89_cnt)
+ {
+ *cipher = &cipher_gost_cpacnt;
+ }
+ else
{
ok = 0;
*cipher = NULL;
const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj);
/* Implementation of GOST 28147-89 cipher in CFB and CNT modes */
extern EVP_CIPHER cipher_gost;
+extern EVP_CIPHER cipher_gost_cpacnt;
#ifdef USE_SSL
#define EVP_MD_FLAG_NEEDS_KEY 0x20
#define EVP_MD_CTRL_GET_TLS_MAC_KEY_LENGTH (EVP_MD_CTRL_ALG_CTRL+1)
},
#endif /* OPENSSL_NO_ECDH */
+#ifdef TEMP_GOST_TLS
+/* Cipher FF00 */
+ {
+ 1,
+ "GOST-MD5",
+ 0x0300ff00,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_eGOST2814789CNT,
+ SSL_MD5,
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ },
+#endif
+
/* end of list */
};
#define SSL_ENC_AES256_IDX 7
#define SSL_ENC_CAMELLIA128_IDX 8
#define SSL_ENC_CAMELLIA256_IDX 9
-#define SSL_ENC_NUM_IDX 10
+#define SSL_ENC_GOST89_IDX 10
+#define SSL_ENC_NUM_IDX 11
static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
- NULL,NULL,NULL,NULL,NULL,NULL,
+ NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
};
#define SSL_COMP_NULL_IDX 0
EVP_get_cipherbyname(SN_camellia_128_cbc);
ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
EVP_get_cipherbyname(SN_camellia_256_cbc);
+ ssl_cipher_methods[SSL_ENC_GOST89_IDX]=
+ EVP_get_cipherbyname(SN_gost89_cnt);
ssl_digest_methods[SSL_MD_MD5_IDX]=
EVP_get_digestbyname(SN_md5);
case SSL_CAMELLIA256:
i=SSL_ENC_CAMELLIA256_IDX;
break;
+ case SSL_eGOST2814789CNT:
+ i=SSL_ENC_GOST89_IDX;
+ break;
default:
i= -1;
break;
*enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
*enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
*enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
+ *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
*mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
*mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
#define SSL_AES256 0x00000080L
#define SSL_CAMELLIA128 0x00000100L
#define SSL_CAMELLIA256 0x00000200L
+#define SSL_eGOST2814789CNT 0x00000400L
#define SSL_AES (SSL_AES128|SSL_AES256)
#define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)