GOST crypto algorithms (well, most of them), ported from the removed GOST

engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov; libcrypto bits only for now. This is a verbatim import of Dmitry's work, and does not compile in this state; the forthcoming commits will address these issues. None of the GOST code is enabled in libcrypto yet, for it still gets compiled with OPENSSL_NO_GOST defined. However, the public header gost.h will be installed.
author: miod <> 2014-11-09 19:17:13 +0000
committer: miod <> 2014-11-09 19:17:13 +0000
commit: 12455d6eff265f95b0a7e20595630321799f50a2 (patch)
tree: 8f4747a1df4b007feca32e262b38052339c686c1 /src/lib
parent: a3c50c7d270773c83559454fd2b75ec6e04f43ab (diff)
download: openbsd-12455d6eff265f95b0a7e20595630321799f50a2.tar.gz
openbsd-12455d6eff265f95b0a7e20595630321799f50a2.tar.bz2
openbsd-12455d6eff265f95b0a7e20595630321799f50a2.zip
75 files changed, 13110 insertions, 31 deletions
diff --git a/src/lib/libcrypto/asn1/ameth_lib.c b/src/lib/libcrypto/asn1/ameth_lib.c
index e88496cc9d..168321618c 100644
--- a/src/lib/libcrypto/asn1/ameth_lib.c
+++ b/src/lib/libcrypto/asn1/ameth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ameth_lib.c,v 1.14 2014/07/13 16:03:09 beck Exp $ */
+/* $OpenBSD: ameth_lib.c,v 1.15 2014/11/09 19:17:13 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -74,6 +74,8 @@ extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[];
 extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
 extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[];
+extern const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
@@ -96,8 +98,16 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
 #ifndef OPENSSL_NO_EC
        &eckey_asn1_meth,
 #endif
+#ifndef OPENSSL_NO_GOST
+        &gostr01_asn1_meths[0],
+        &gostimit_asn1_meth,
+#endif
        &hmac_asn1_meth,
-        &cmac_asn1_meth
+        &cmac_asn1_meth,
+#ifndef OPENSSL_NO_GOST
+        &gostr01_asn1_meths[1],
+        &gostr01_asn1_meths[2],
+#endif
 };
 typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
diff --git a/src/lib/libcrypto/cms/cms_sd.c b/src/lib/libcrypto/cms/cms_sd.c
index 70ad897bda..f4119f7a1c 100644
--- a/src/lib/libcrypto/cms/cms_sd.c
+++ b/src/lib/libcrypto/cms/cms_sd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_sd.c,v 1.8 2014/07/12 16:03:37 miod Exp $ */
+/* $OpenBSD: cms_sd.c,v 1.9 2014/11/09 19:17:13 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -920,6 +920,8 @@ CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
 {
        if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) ||
            !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) ||
+            !cms_add_digest_smcap(smcap, NID_id_tc26_gost3411_2012_256, -1) ||
+            !cms_add_digest_smcap(smcap, NID_id_tc26_gost3411_2012_512, -1) ||
            !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) ||
            !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) ||
            !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) ||
diff --git a/src/lib/libcrypto/crypto/Makefile b/src/lib/libcrypto/crypto/Makefile
index cd32382081..0c4db18488 100644
--- a/src/lib/libcrypto/crypto/Makefile
+++ b/src/lib/libcrypto/crypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.46 2014/07/28 17:57:18 tedu Exp $
+# $OpenBSD: Makefile,v 1.47 2014/11/09 19:17:11 miod Exp $
 LIB=    crypto
@@ -154,6 +154,13 @@ SRCS+= evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c
 SRCS+= e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c
 SRCS+= e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
 SRCS+= e_chacha.c evp_aead.c e_chacha20poly1305.c
+#SRCS+= e_gost2814789.c m_gost2814789.c m_gostr341194.c m_streebog.c
+# gost/
+#SRCS+= gost2814789.c gost89_keywrap.c gost89_params.c gost89imit_ameth.c
+#SRCS+= gost89imit_pmeth.c gost_asn1.c gost_err.c gostr341001.c
+#SRCS+= gostr341001_ameth.c gostr341001_key.c gostr341001_params.c
+#SRCS+= gostr341001_pmeth.c gostr341194.c streebog.c
 # hmac/
 SRCS+= hmac.c hm_ameth.c hm_pmeth.c
@@ -285,6 +292,7 @@ SRCS+= v3_asid.c v3_addr.c
        ${LCRYPTO_SRC}/engine \
        ${LCRYPTO_SRC}/err \
        ${LCRYPTO_SRC}/evp \
+        ${LCRYPTO_SRC}/gost \
        ${LCRYPTO_SRC}/hmac \
        ${LCRYPTO_SRC}/idea \
        ${LCRYPTO_SRC}/krb5 \
@@ -346,6 +354,7 @@ HDRS=\
        crypto/engine/engine.h \
        crypto/err/err.h \
        crypto/evp/evp.h \
+        crypto/gost/gost.h \
        crypto/hmac/hmac.h \
        crypto/idea/idea.h \
        crypto/krb5/krb5_asn.h \
diff --git a/src/lib/libcrypto/ec/ec_curve.c b/src/lib/libcrypto/ec/ec_curve.c
index 9d36d0bf22..0159dbe530 100644
--- a/src/lib/libcrypto/ec/ec_curve.c
+++ b/src/lib/libcrypto/ec/ec_curve.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_curve.c,v 1.7 2014/07/12 16:03:37 miod Exp $ */
+/* $OpenBSD: ec_curve.c,v 1.8 2014/11/09 19:17:13 miod Exp $ */
 /*
 * Written by Nils Larsch for the OpenSSL project.
 */
@@ -2766,6 +2766,315 @@ static const struct {
        }
 };
+#ifndef OPENSSL_NO_GOST
+static const struct {
+        EC_CURVE_DATA h;
+        unsigned char data[0 + 32 * 6];
+}
+ _EC_GOST_2001_Test = {
+        {
+                NID_X9_62_prime_field, 0, 32, 1
+        },
+        {                       /* no seed */
+                0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x04, 0x31,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x07,
+                0x5F, 0xBF, 0xF4, 0x98, 0xAA, 0x93, 0x8C, 0xE7, 0x39, 0xB8,     /* b */
+                0xE0, 0x22, 0xFB, 0xAF, 0xEF, 0x40, 0x56, 0x3F, 0x6E, 0x6A,
+                0x34, 0x72, 0xFC, 0x2A, 0x51, 0x4C, 0x0C, 0xE9, 0xDA, 0xE2,
+                0x3B, 0x7E,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* x */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x02,
+                0x08, 0xE2, 0xA8, 0xA0, 0xE6, 0x51, 0x47, 0xD4, 0xBD, 0x63,     /* y */
+                0x16, 0x03, 0x0E, 0x16, 0xD1, 0x9C, 0x85, 0xC9, 0x7F, 0x0A,
+                0x9C, 0xA2, 0x67, 0x12, 0x2B, 0x96, 0xAB, 0xBC, 0xEA, 0x7E,
+                0x8F, 0xC8,
+                0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* order */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x50, 0xFE, 0x8A, 0x18,
+                0x92, 0x97, 0x61, 0x54, 0xC5, 0x9C, 0xFC, 0x19, 0x3A, 0xCC,
+                0xF5, 0xB3,
+        }
+};
+static const struct {
+        EC_CURVE_DATA h;
+        unsigned char data[0 + 32 * 6];
+}
+ _EC_GOST_2001_CryptoPro_A = {
+        {
+                NID_X9_62_prime_field, 0, 32, 1
+        },
+        {                       /* no seed */
+                0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,     /* p */
+                0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+                0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+                0xFD, 0x97,
+                0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,     /* a */
+                0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+                0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+                0xFD, 0x94,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* b */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0xA6,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* x */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x01,
+                0x8D, 0x91, 0xE4, 0x71, 0xE0, 0x98, 0x9C, 0xDA, 0x27, 0xDF,     /* y */
+                0x50, 0x5A, 0x45, 0x3F, 0x2B, 0x76, 0x35, 0x29, 0x4F, 0x2D,
+                0xDF, 0x23, 0xE3, 0xB1, 0x22, 0xAC, 0xC9, 0x9C, 0x9E, 0x9F,
+                0x1E, 0x14,
+                0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,     /* order */
+                0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x6C, 0x61, 0x10, 0x70,
+                0x99, 0x5A, 0xD1, 0x00, 0x45, 0x84, 0x1B, 0x09, 0xB7, 0x61,
+                0xB8, 0x93,
+        }
+};
+static const struct {
+        EC_CURVE_DATA h;
+        unsigned char data[0 + 32 * 6];
+}
+ _EC_GOST_2001_CryptoPro_B = {
+        {
+                NID_X9_62_prime_field, 0, 32, 1
+        },
+        {                       /* no seed */
+                0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x0C, 0x99,
+                0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x0C, 0x96,
+                0x3E, 0x1A, 0xF4, 0x19, 0xA2, 0x69, 0xA5, 0xF8, 0x66, 0xA7,     /* b */
+                0xD3, 0xC2, 0x5C, 0x3D, 0xF8, 0x0A, 0xE9, 0x79, 0x25, 0x93,
+                0x73, 0xFF, 0x2B, 0x18, 0x2F, 0x49, 0xD4, 0xCE, 0x7E, 0x1B,
+                0xBC, 0x8B,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* x */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x01,
+                0x3F, 0xA8, 0x12, 0x43, 0x59, 0xF9, 0x66, 0x80, 0xB8, 0x3D,     /* y */
+                0x1C, 0x3E, 0xB2, 0xC0, 0x70, 0xE5, 0xC5, 0x45, 0xC9, 0x85,
+                0x8D, 0x03, 0xEC, 0xFB, 0x74, 0x4B, 0xF8, 0xD7, 0x17, 0x71,
+                0x7E, 0xFC,
+                0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* order */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x5F, 0x70, 0x0C, 0xFF,
+                0xF1, 0xA6, 0x24, 0xE5, 0xE4, 0x97, 0x16, 0x1B, 0xCC, 0x8A,
+                0x19, 0x8F,
+        }
+};
+static const struct {
+        EC_CURVE_DATA h;
+        unsigned char data[0 + 32 * 6];
+}
+ _EC_GOST_2001_CryptoPro_C = {
+        {
+                NID_X9_62_prime_field, 0, 32, 1
+        },
+        {                       /* no seed */
+                0x9B, 0x9F, 0x60, 0x5F, 0x5A, 0x85, 0x81, 0x07, 0xAB, 0x1E,     /* p */
+                0xC8, 0x5E, 0x6B, 0x41, 0xC8, 0xAA, 0xCF, 0x84, 0x6E, 0x86,
+                0x78, 0x90, 0x51, 0xD3, 0x79, 0x98, 0xF7, 0xB9, 0x02, 0x2D,
+                0x75, 0x9B,
+                0x9B, 0x9F, 0x60, 0x5F, 0x5A, 0x85, 0x81, 0x07, 0xAB, 0x1E,     /* a */
+                0xC8, 0x5E, 0x6B, 0x41, 0xC8, 0xAA, 0xCF, 0x84, 0x6E, 0x86,
+                0x78, 0x90, 0x51, 0xD3, 0x79, 0x98, 0xF7, 0xB9, 0x02, 0x2D,
+                0x75, 0x98,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* b */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x80, 0x5A,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* x */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00,
+                0x41, 0xEC, 0xE5, 0x57, 0x43, 0x71, 0x1A, 0x8C, 0x3C, 0xBF,     /* y */
+                0x37, 0x83, 0xCD, 0x08, 0xC0, 0xEE, 0x4D, 0x4D, 0xC4, 0x40,
+                0xD4, 0x64, 0x1A, 0x8F, 0x36, 0x6E, 0x55, 0x0D, 0xFD, 0xB3,
+                0xBB, 0x67,
+                0x9B, 0x9F, 0x60, 0x5F, 0x5A, 0x85, 0x81, 0x07, 0xAB, 0x1E,     /* order */
+                0xC8, 0x5E, 0x6B, 0x41, 0xC8, 0xAA, 0x58, 0x2C, 0xA3, 0x51,
+                0x1E, 0xDD, 0xFB, 0x74, 0xF0, 0x2F, 0x3A, 0x65, 0x98, 0x98,
+                0x0B, 0xB9,
+        }
+};
+static const struct {
+        EC_CURVE_DATA h;
+        unsigned char data[0 + 64 * 6];
+}
+ _EC_GOST_2012_Test = {
+        {
+                NID_X9_62_prime_field, 0, 64, 1
+        },
+        {                       /* no seed */
+                0x45, 0x31, 0xac, 0xd1, 0xfe, 0x00, 0x23, 0xc7, 0x55, 0x0d,     /* p */
+                0x26, 0x7b, 0x6b, 0x2f, 0xee, 0x80, 0x92, 0x2b, 0x14, 0xb2,
+                0xff, 0xb9, 0x0f, 0x04, 0xd4, 0xeb, 0x7c, 0x09, 0xb5, 0xd2,
+                0xd1, 0x5d, 0xf1, 0xd8, 0x52, 0x74, 0x1a, 0xf4, 0x70, 0x4a,
+                0x04, 0x58, 0x04, 0x7e, 0x80, 0xe4, 0x54, 0x6d, 0x35, 0xb8,
+                0x33, 0x6f, 0xac, 0x22, 0x4d, 0xd8, 0x16, 0x64, 0xbb, 0xf5,
+                0x28, 0xbe, 0x63, 0x73,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x07,
+                0x1c, 0xff, 0x08, 0x06, 0xa3, 0x11, 0x16, 0xda, 0x29, 0xd8,     /* b */
+                0xcf, 0xa5, 0x4e, 0x57, 0xeb, 0x74, 0x8b, 0xc5, 0xf3, 0x77,
+                0xe4, 0x94, 0x00, 0xfd, 0xd7, 0x88, 0xb6, 0x49, 0xec, 0xa1,
+                0xac, 0x43, 0x61, 0x83, 0x40, 0x13, 0xb2, 0xad, 0x73, 0x22,
+                0x48, 0x0a, 0x89, 0xca, 0x58, 0xe0, 0xcf, 0x74, 0xbc, 0x9e,
+                0x54, 0x0c, 0x2a, 0xdd, 0x68, 0x97, 0xfa, 0xd0, 0xa3, 0x08,
+                0x4f, 0x30, 0x2a, 0xdc,
+                0x24, 0xd1, 0x9c, 0xc6, 0x45, 0x72, 0xee, 0x30, 0xf3, 0x96,     /* x */
+                0xbf, 0x6e, 0xbb, 0xfd, 0x7a, 0x6c, 0x52, 0x13, 0xb3, 0xb3,
+                0xd7, 0x05, 0x7c, 0xc8, 0x25, 0xf9, 0x10, 0x93, 0xa6, 0x8c,
+                0xd7, 0x62, 0xfd, 0x60, 0x61, 0x12, 0x62, 0xcd, 0x83, 0x8d,
+                0xc6, 0xb6, 0x0a, 0xa7, 0xee, 0xe8, 0x04, 0xe2, 0x8b, 0xc8,
+                0x49, 0x97, 0x7f, 0xac, 0x33, 0xb4, 0xb5, 0x30, 0xf1, 0xb1,
+                0x20, 0x24, 0x8a, 0x9a,
+                0x2b, 0xb3, 0x12, 0xa4, 0x3b, 0xd2, 0xce, 0x6e, 0x0d, 0x02,     /* y */
+                0x06, 0x13, 0xc8, 0x57, 0xac, 0xdd, 0xcf, 0xbf, 0x06, 0x1e,
+                0x91, 0xe5, 0xf2, 0xc3, 0xf3, 0x24, 0x47, 0xc2, 0x59, 0xf3,
+                0x9b, 0x2c, 0x83, 0xab, 0x15, 0x6d, 0x77, 0xf1, 0x49, 0x6b,
+                0xf7, 0xeb, 0x33, 0x51, 0xe1, 0xee, 0x4e, 0x43, 0xdc, 0x1a,
+                0x18, 0xb9, 0x1b, 0x24, 0x64, 0x0b, 0x6d, 0xbb, 0x92, 0xcb,
+                0x1a, 0xdd, 0x37, 0x1e,
+                0x45, 0x31, 0xac, 0xd1, 0xfe, 0x00, 0x23, 0xc7, 0x55, 0x0d,     /* order */
+                0x26, 0x7b, 0x6b, 0x2f, 0xee, 0x80, 0x92, 0x2b, 0x14, 0xb2,
+                0xff, 0xb9, 0x0f, 0x04, 0xd4, 0xeb, 0x7c, 0x09, 0xb5, 0xd2,
+                0xd1, 0x5d, 0xa8, 0x2f, 0x2d, 0x7e, 0xcb, 0x1d, 0xba, 0xc7,
+                0x19, 0x90, 0x5c, 0x5e, 0xec, 0xc4, 0x23, 0xf1, 0xd8, 0x6e,
+                0x25, 0xed, 0xbe, 0x23, 0xc5, 0x95, 0xd6, 0x44, 0xaa, 0xf1,
+                0x87, 0xe6, 0xe6, 0xdf,
+        }
+};
+static const struct {
+        EC_CURVE_DATA h;
+        unsigned char data[0 + 64 * 6];
+}
+ _EC_GOST_2012_TC26_A = {
+        {
+                NID_X9_62_prime_field, 0, 64, 1
+        },
+        {                       /* no seed */
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,     /* p */
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xfd, 0xc7,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,     /* a */
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xfd, 0xc4,
+                0xe8, 0xc2, 0x50, 0x5d, 0xed, 0xfc, 0x86, 0xdd, 0xc1, 0xbd,     /* b */
+                0x0b, 0x2b, 0x66, 0x67, 0xf1, 0xda, 0x34, 0xb8, 0x25, 0x74,
+                0x76, 0x1c, 0xb0, 0xe8, 0x79, 0xbd, 0x08, 0x1c, 0xfd, 0x0b,
+                0x62, 0x65, 0xee, 0x3c, 0xb0, 0x90, 0xf3, 0x0d, 0x27, 0x61,
+                0x4c, 0xb4, 0x57, 0x40, 0x10, 0xda, 0x90, 0xdd, 0x86, 0x2e,
+                0xf9, 0xd4, 0xeb, 0xee, 0x47, 0x61, 0x50, 0x31, 0x90, 0x78,
+                0x5a, 0x71, 0xc7, 0x60,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* x */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x03,
+                0x75, 0x03, 0xcf, 0xe8, 0x7a, 0x83, 0x6a, 0xe3, 0xa6, 0x1b,     /* y */
+                0x88, 0x16, 0xe2, 0x54, 0x50, 0xe6, 0xce, 0x5e, 0x1c, 0x93,
+                0xac, 0xf1, 0xab, 0xc1, 0x77, 0x80, 0x64, 0xfd, 0xcb, 0xef,
+                0xa9, 0x21, 0xdf, 0x16, 0x26, 0xbe, 0x4f, 0xd0, 0x36, 0xe9,
+                0x3d, 0x75, 0xe6, 0xa5, 0x0e, 0x3a, 0x41, 0xe9, 0x80, 0x28,
+                0xfe, 0x5f, 0xc2, 0x35, 0xf5, 0xb8, 0x89, 0xa5, 0x89, 0xcb,
+                0x52, 0x15, 0xf2, 0xa4,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,     /* order */
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0x27, 0xe6, 0x95, 0x32, 0xf4, 0x8d, 0x89, 0x11,
+                0x6f, 0xf2, 0x2b, 0x8d, 0x4e, 0x05, 0x60, 0x60, 0x9b, 0x4b,
+                0x38, 0xab, 0xfa, 0xd2, 0xb8, 0x5d, 0xca, 0xcd, 0xb1, 0x41,
+                0x1f, 0x10, 0xb2, 0x75
+        }
+};
+static const struct {
+        EC_CURVE_DATA h;
+        unsigned char data[0 + 64 * 6];
+}
+ _EC_GOST_2012_TC26_B = {
+        {
+                NID_X9_62_prime_field, 0, 64, 1
+        },
+        {                       /* no seed */
+                0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x6f,
+                0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x6c,
+                0x68, 0x7d, 0x1b, 0x45, 0x9d, 0xc8, 0x41, 0x45, 0x7e, 0x3e,     /* b */
+                0x06, 0xcf, 0x6f, 0x5e, 0x25, 0x17, 0xb9, 0x7c, 0x7d, 0x61,
+                0x4a, 0xf1, 0x38, 0xbc, 0xbf, 0x85, 0xdc, 0x80, 0x6c, 0x4b,
+                0x28, 0x9f, 0x3e, 0x96, 0x5d, 0x2d, 0xb1, 0x41, 0x6d, 0x21,
+                0x7f, 0x8b, 0x27, 0x6f, 0xad, 0x1a, 0xb6, 0x9c, 0x50, 0xf7,
+                0x8b, 0xee, 0x1f, 0xa3, 0x10, 0x6e, 0xfb, 0x8c, 0xcb, 0xc7,
+                0xc5, 0x14, 0x01, 0x16,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* x */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x02,
+                0x1a, 0x8f, 0x7e, 0xda, 0x38, 0x9b, 0x09, 0x4c, 0x2c, 0x07,     /* y */
+                0x1e, 0x36, 0x47, 0xa8, 0x94, 0x0f, 0x3c, 0x12, 0x3b, 0x69,
+                0x75, 0x78, 0xc2, 0x13, 0xbe, 0x6d, 0xd9, 0xe6, 0xc8, 0xec,
+                0x73, 0x35, 0xdc, 0xb2, 0x28, 0xfd, 0x1e, 0xdf, 0x4a, 0x39,
+                0x15, 0x2c, 0xbc, 0xaa, 0xf8, 0xc0, 0x39, 0x88, 0x28, 0x04,
+                0x10, 0x55, 0xf9, 0x4c, 0xee, 0xec, 0x7e, 0x21, 0x34, 0x07,
+                0x80, 0xfe, 0x41, 0xbd,
+                0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* order */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x01, 0x49, 0xa1, 0xec, 0x14, 0x25, 0x65, 0xa5, 0x45,
+                0xac, 0xfd, 0xb7, 0x7b, 0xd9, 0xd4, 0x0c, 0xfa, 0x8b, 0x99,
+                0x67, 0x12, 0x10, 0x1b, 0xea, 0x0e, 0xc6, 0x34, 0x6c, 0x54,
+                0x37, 0x4f, 0x25, 0xbd
+        }
+};
+#endif
 typedef struct _ec_list_element_st {
        int nid;
        const EC_CURVE_DATA *data;
@@ -2890,7 +3199,18 @@ static const ec_list_element curve_list[] = {
        {NID_brainpoolP512r1, &_EC_brainpoolP512r1.h, 0, "RFC 5639 curve over a 512 bit prime field"},
        {NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0, "RFC 5639 curve over a 512 bit prime field"},
        /* ANSSI */
-        {NID_FRP256v1, &_EC_FRP256v1.h, 0, "FRP256v1"}
+        {NID_FRP256v1, &_EC_FRP256v1.h, 0, "FRP256v1"},
+#ifndef OPENSSL_NO_GOST
+        /* GOST R 34.10-2001 */
+        {NID_id_GostR3410_2001_TestParamSet, &_EC_GOST_2001_Test.h, 0, "GOST R 34.10-2001 Test Curve"},
+        {NID_id_GostR3410_2001_CryptoPro_A_ParamSet, &_EC_GOST_2001_CryptoPro_A.h, 0, "GOST R 34.10-2001 CryptoPro-A"},
+        {NID_id_GostR3410_2001_CryptoPro_B_ParamSet, &_EC_GOST_2001_CryptoPro_B.h, 0, "GOST R 34.10-2001 CryptoPro-B"},
+        {NID_id_GostR3410_2001_CryptoPro_C_ParamSet, &_EC_GOST_2001_CryptoPro_C.h, 0, "GOST R 34.10-2001 CryptoPro-C"},
+        {NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet, &_EC_GOST_2001_CryptoPro_A.h, 0, "GOST R 34.10-2001 CryptoPro-XchA"},
+        {NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet, &_EC_GOST_2001_CryptoPro_C.h, 0, "GOST R 34.10-2001 CryptoPro-XchB"},
+        {NID_id_tc26_gost_3410_2012_512_paramSetA, &_EC_GOST_2012_TC26_A.h, 0, "GOST R 34.10-2012 TC26-A"},
+        {NID_id_tc26_gost_3410_2012_512_paramSetB, &_EC_GOST_2012_TC26_B.h, 0, "GOST R 34.10-2012 TC26-A"},
+#endif
 };
 #define curve_list_length (sizeof(curve_list)/sizeof(ec_list_element))
diff --git a/src/lib/libcrypto/err/err.c b/src/lib/libcrypto/err/err.c
index 75a1d0181e..f06320247c 100644
--- a/src/lib/libcrypto/err/err.c
+++ b/src/lib/libcrypto/err/err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: err.c,v 1.40 2014/10/05 15:21:48 deraadt Exp $ */
+/* $OpenBSD: err.c,v 1.41 2014/11/09 19:17:13 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -157,6 +157,7 @@ static ERR_STRING_DATA ERR_str_libraries[] = {
        {ERR_PACK(ERR_LIB_FIPS,0,0),            "FIPS routines"},
        {ERR_PACK(ERR_LIB_CMS,0,0),             "CMS routines"},
        {ERR_PACK(ERR_LIB_HMAC,0,0),            "HMAC routines"},
+        {ERR_PACK(ERR_LIB_GOST,0,0),            "GOST routines"},
        {0, NULL},
 };
diff --git a/src/lib/libcrypto/err/err.h b/src/lib/libcrypto/err/err.h
index ced340ea80..87bb96eec7 100644
--- a/src/lib/libcrypto/err/err.h
+++ b/src/lib/libcrypto/err/err.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: err.h,v 1.21 2014/07/11 09:25:24 jsing Exp $ */
+/* $OpenBSD: err.h,v 1.22 2014/11/09 19:17:13 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -195,6 +195,7 @@ typedef struct err_state_st {
 #define ERR_LIB_TS              47
 #define ERR_LIB_HMAC            48
 #define ERR_LIB_JPAKE           49
+#define ERR_LIB_GOST            50
 #define ERR_LIB_USER            128
@@ -231,6 +232,7 @@ typedef struct err_state_st {
 #define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
 #define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
 #define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
+#define GOSTerr(f,r) ERR_PUT_error(ERR_LIB_GOST,(f),(r),__FILE__,__LINE__)
 #define ERR_PACK(l,f,r)         (((((unsigned long)l)&0xffL)<<24L)| \
                                ((((unsigned long)f)&0xfffL)<<12L)| \
diff --git a/src/lib/libcrypto/err/err_all.c b/src/lib/libcrypto/err/err_all.c
index 7362220824..c880f1fbf3 100644
--- a/src/lib/libcrypto/err/err_all.c
+++ b/src/lib/libcrypto/err/err_all.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: err_all.c,v 1.18 2014/10/18 17:08:32 jsing Exp $ */
+/* $OpenBSD: err_all.c,v 1.19 2014/11/09 19:17:13 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -105,6 +105,9 @@
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
+#ifndef OPENSSL_NO_GOST
+#include <openssl/gost.h>
+#endif
 void
 ERR_load_crypto_strings(void)
@@ -157,5 +160,8 @@ ERR_load_crypto_strings(void)
 #ifndef OPENSSL_NO_CMS
        ERR_load_CMS_strings();
 #endif
+#ifndef OPENSSL_NO_GOST
+        ERR_load_GOST_strings();
+#endif
 #endif
 }
diff --git a/src/lib/libcrypto/err/openssl.ec b/src/lib/libcrypto/err/openssl.ec
index c513734e94..dcebbba6c4 100644
--- a/src/lib/libcrypto/err/openssl.ec
+++ b/src/lib/libcrypto/err/openssl.ec
@@ -34,6 +34,7 @@ L STORE		crypto/store/store.h		crypto/store/str_err.c
 L TS            crypto/ts/ts.h                  crypto/ts/ts_err.c
 L HMAC          crypto/hmac/hmac.h              crypto/hmac/hmac_err.c
 L CMS           crypto/cms/cms.h                crypto/cms/cms_err.c
+L GOST          crypto/gost/gost.h              crypto/gost/gost_err.c
 # additional header files to be scanned for function names
 L NONE          crypto/x509/x509_vfy.h          NONE
diff --git a/src/lib/libcrypto/evp/c_allc.c b/src/lib/libcrypto/evp/c_allc.c
index 657e14f86f..26a5cc6179 100644
--- a/src/lib/libcrypto/evp/c_allc.c
+++ b/src/lib/libcrypto/evp/c_allc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: c_allc.c,v 1.13 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: c_allc.c,v 1.14 2014/11/09 19:17:13 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -225,4 +225,10 @@ OpenSSL_add_all_ciphers(void)
 #ifndef OPENSSL_NO_CHACHA
        EVP_add_cipher(EVP_chacha20());
 #endif
+#ifndef OPENSSL_NO_GOST
+        EVP_add_cipher(EVP_gost2814789_ecb());
+        EVP_add_cipher(EVP_gost2814789_cfb64());
+        EVP_add_cipher(EVP_gost2814789_cnt());
+#endif
 }
diff --git a/src/lib/libcrypto/evp/c_alld.c b/src/lib/libcrypto/evp/c_alld.c
index 8f59100caa..99da8acdae 100644
--- a/src/lib/libcrypto/evp/c_alld.c
+++ b/src/lib/libcrypto/evp/c_alld.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: c_alld.c,v 1.11 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: c_alld.c,v 1.12 2014/11/09 19:17:13 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -95,6 +95,12 @@ OpenSSL_add_all_digests(void)
        EVP_add_digest(EVP_ecdsa());
 #endif
 #endif
+#ifndef OPENSSL_NO_GOST
+        EVP_add_digest(EVP_gostr341194());
+        EVP_add_digest(EVP_gost2814789imit());
+        EVP_add_digest(EVP_streebog256());
+        EVP_add_digest(EVP_streebog512());
+#endif
 #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
        EVP_add_digest(EVP_mdc2());
 #endif
diff --git a/src/lib/libcrypto/evp/e_gost2814789.c b/src/lib/libcrypto/evp/e_gost2814789.c
new file mode 100644
index 0000000000..678c7af09d
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_gost2814789.c
@@ -0,0 +1,216 @@
+/* $OpenBSD: e_gost2814789.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/gost.h>
+#include "evp_locl.h"
+typedef struct {
+        GOST2814789_KEY ks;
+        int param_nid;
+} EVP_GOST2814789_CTX;
+static int gost2814789_ctl(EVP_CIPHER_CTX *ctx,int type,int arg,void *ptr)
+{
+        EVP_GOST2814789_CTX *c = ctx->cipher_data;
+        switch (type) {
+        case EVP_CTRL_PBE_PRF_NID:
+                if (ptr) {
+                        *((int *)ptr) = NID_id_HMACGostR3411_94;
+                        return 1;
+                } else {
+                        return 0;
+                }
+        case EVP_CTRL_INIT:
+                /* Default value to have any s-box set at all */
+                c->param_nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
+                return Gost2814789_set_sbox(&c->ks, c->param_nid);
+        case EVP_CTRL_GOST_SET_SBOX:
+                return Gost2814789_set_sbox(&c->ks, arg);
+        default:
+                return -1;
+        }
+}
+static int gost2814789_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+        const unsigned char *iv, int enc)
+{
+        EVP_GOST2814789_CTX *c = ctx->cipher_data;
+        return Gost2814789_set_key(&c->ks, key, ctx->key_len * 8);
+}
+int gost2814789_set_asn1_params(EVP_CIPHER_CTX * ctx, ASN1_TYPE * params)
+{
+        int len = 0;
+        unsigned char *buf = NULL;
+        unsigned char *p = NULL;
+        EVP_GOST2814789_CTX *c = ctx->cipher_data;
+        GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new();
+        ASN1_OCTET_STRING *os = NULL;
+        if (!gcp) {
+                GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        if (!ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len)) {
+                GOST_CIPHER_PARAMS_free(gcp);
+                GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_ASN1_LIB);
+                return 0;
+        }
+        ASN1_OBJECT_free(gcp->enc_param_set);
+        gcp->enc_param_set = OBJ_nid2obj(c->param_nid);
+        len = i2d_GOST_CIPHER_PARAMS(gcp, NULL);
+        p = buf = malloc(len);
+        if (!buf) {
+                GOST_CIPHER_PARAMS_free(gcp);
+                GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        i2d_GOST_CIPHER_PARAMS(gcp, &p);
+        GOST_CIPHER_PARAMS_free(gcp);
+        os = ASN1_OCTET_STRING_new();
+        if (!os || !ASN1_OCTET_STRING_set(os, buf, len)) {
+                free(buf);
+                GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_ASN1_LIB);
+                return 0;
+        }
+        free(buf);
+        ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
+        return 1;
+}
+int gost2814789_get_asn1_params(EVP_CIPHER_CTX * ctx, ASN1_TYPE * params)
+{
+        int ret = -1;
+        int len;
+        GOST_CIPHER_PARAMS *gcp = NULL;
+        EVP_GOST2814789_CTX *c = ctx->cipher_data;
+        unsigned char *p;
+        if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE) {
+                return ret;
+        }
+        p = params->value.sequence->data;
+        gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p,
+                                     params->value.sequence->length);
+        len = gcp->iv->length;
+        if (len != ctx->cipher->iv_len) {
+                GOST_CIPHER_PARAMS_free(gcp);
+                GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS,
+                        GOST_R_INVALID_IV_LENGTH);
+                return -1;
+        }
+        if (!Gost2814789_set_sbox(&c->ks, OBJ_obj2nid(gcp->enc_param_set))) {
+                GOST_CIPHER_PARAMS_free(gcp);
+                return -1;
+        }
+        c->param_nid = OBJ_obj2nid(gcp->enc_param_set);
+        memcpy(ctx->oiv, gcp->iv->data, len);
+        memcpy(ctx->iv, gcp->iv->data, len);
+        GOST_CIPHER_PARAMS_free(gcp);
+        return 1;
+}
+BLOCK_CIPHER_func_ecb(gost2814789, Gost2814789, EVP_GOST2814789_CTX, ks)
+BLOCK_CIPHER_func_cfb(gost2814789, Gost2814789, 64, EVP_GOST2814789_CTX, ks)
+static int gost2814789_cnt_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
+                                  const unsigned char *in, size_t inl)
+{
+        EVP_GOST2814789_CTX *c = ctx->cipher_data;
+        while (inl >= EVP_MAXCHUNK) {
+                Gost2814789_cnt_encrypt(in, out, (long)EVP_MAXCHUNK, &c->ks,
+                                        ctx->iv, ctx->buf, &ctx->num);
+                inl -= EVP_MAXCHUNK;
+                in += EVP_MAXCHUNK;
+                out += EVP_MAXCHUNK;
+        }
+        if (inl)
+                Gost2814789_cnt_encrypt(in, out, inl, &c->ks,
+                                        ctx->iv, ctx->buf, &ctx->num);
+        return 1;
+}
+/* gost89 is CFB-64 */
+#define NID_gost89_cfb64 NID_id_Gost28147_89
+BLOCK_CIPHER_def_ecb(gost2814789, EVP_GOST2814789_CTX, NID_gost89, 8, 32,
+                     EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT,
+                     gost2814789_init_key, NULL, gost2814789_set_asn1_params,
+                     gost2814789_get_asn1_params, gost2814789_ctl)
+BLOCK_CIPHER_def_cfb(gost2814789, EVP_GOST2814789_CTX, NID_gost89, 32, 8, 64,
+                     EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT,
+                     gost2814789_init_key, NULL, gost2814789_set_asn1_params,
+                     gost2814789_get_asn1_params, gost2814789_ctl)
+BLOCK_CIPHER_def1(gost2814789, cnt, cnt, OFB, EVP_GOST2814789_CTX, NID_gost89,
+                  1, 32, 8, EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT,
+                  gost2814789_init_key, NULL, gost2814789_set_asn1_params,
+                  gost2814789_get_asn1_params, gost2814789_ctl)
+#endif
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 9de7c3f9ef..6c1bf6c7cd 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.39 2014/07/11 15:28:27 tedu Exp $ */
+/* $OpenBSD: evp.h,v 1.40 2014/11/09 19:17:13 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -107,8 +107,12 @@
 #define EVP_PKEY_DSA4   NID_dsaWithSHA1_2
 #define EVP_PKEY_DH     NID_dhKeyAgreement
 #define EVP_PKEY_EC     NID_X9_62_id_ecPublicKey
+#define EVP_PKEY_GOSTR01 NID_id_GostR3410_2001
+#define EVP_PKEY_GOSTIMIT NID_id_Gost28147_89_MAC
 #define EVP_PKEY_HMAC   NID_hmac
 #define EVP_PKEY_CMAC   NID_cmac
+#define EVP_PKEY_GOSTR12_256 NID_id_tc26_gost3410_2012_256
+#define EVP_PKEY_GOSTR12_512 NID_id_tc26_gost3410_2012_512
 #ifdef  __cplusplus
 extern "C" {
@@ -137,6 +141,9 @@ struct evp_pkey_st {
 #ifndef OPENSSL_NO_EC
                struct ec_key_st *ec;   /* ECC */
 #endif
+#ifndef OPENSSL_NO_GOST
+                struct gost_key_st *gost; /* GOST */
+#endif
        } pkey;
        int save_parameters;
        STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
@@ -213,6 +220,8 @@ typedef int evp_verify_method(int type, const unsigned char *m,
 #define EVP_MD_CTRL_DIGALGID                    0x1
 #define EVP_MD_CTRL_MICALG                      0x2
+#define EVP_MD_CTRL_SET_KEY                     0x3
+#define EVP_MD_CTRL_GOST_SET_SBOX               0x4
 /* Minimum Algorithm specific ctrl value */
@@ -381,6 +390,8 @@ struct evp_cipher_st {
 #define         EVP_CTRL_AEAD_SET_MAC_KEY       0x17
 /* Set the GCM invocation field, decrypt only */
 #define         EVP_CTRL_GCM_SET_IV_INV         0x18
+/* Set the S-BOX NID for GOST ciphers */
+#define         EVP_CTRL_GOST_SET_SBOX          0x19
 /* GCM TLS constants */
 /* Length of fixed part of IV derived from PRF */
@@ -451,6 +462,11 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                                        (char *)(eckey))
 #endif
+#ifndef OPENSSL_NO_GOST
+#define EVP_PKEY_assign_GOST(pkey,gostkey) EVP_PKEY_assign((pkey),EVP_PKEY_GOSTR01,\
+                                        (char *)(gostkey))
+#endif
 /* Add some extra combinations */
 #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
 #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
@@ -530,6 +546,7 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
 int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
 void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
 void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
+int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr);
 int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
@@ -665,6 +682,12 @@ const EVP_MD *EVP_ripemd160(void);
 #ifndef OPENSSL_NO_WHIRLPOOL
 const EVP_MD *EVP_whirlpool(void);
 #endif
+#ifndef OPENSSL_NO_GOST
+const EVP_MD *EVP_gostr341194(void);
+const EVP_MD *EVP_gost2814789imit(void);
+const EVP_MD *EVP_streebog256(void);
+const EVP_MD *EVP_streebog512(void);
+#endif
 const EVP_CIPHER *EVP_enc_null(void);           /* does nothing :-) */
 #ifndef OPENSSL_NO_DES
 const EVP_CIPHER *EVP_des_ecb(void);
@@ -804,6 +827,12 @@ const EVP_CIPHER *EVP_camellia_256_ofb(void);
 const EVP_CIPHER *EVP_chacha20(void);
 #endif
+#ifndef OPENSSL_NO_GOST
+const EVP_CIPHER *EVP_gost2814789_ecb(void);
+const EVP_CIPHER *EVP_gost2814789_cfb64(void);
+const EVP_CIPHER *EVP_gost2814789_cnt(void);
+#endif
 void OPENSSL_add_all_algorithms_noconf(void);
 void OPENSSL_add_all_algorithms_conf(void);
@@ -871,6 +900,9 @@ struct ec_key_st;
 int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
 struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
 #endif
+#ifndef OPENSSL_NO_GOST
+struct gost_key_st;
+#endif
 EVP_PKEY *EVP_PKEY_new(void);
 void EVP_PKEY_free(EVP_PKEY *pkey);
@@ -1337,6 +1369,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_EVP_DIGESTINIT_EX                          128
 #define EVP_F_EVP_ENCRYPTFINAL_EX                        127
 #define EVP_F_EVP_MD_CTX_COPY_EX                         110
+#define EVP_F_EVP_MD_CTX_CTRL                            195
 #define EVP_F_EVP_MD_SIZE                                162
 #define EVP_F_EVP_OPENINIT                               102
 #define EVP_F_EVP_PBE_ALG_ADD                            115
diff --git a/src/lib/libcrypto/evp/m_gost2814789.c b/src/lib/libcrypto/evp/m_gost2814789.c
new file mode 100644
index 0000000000..ff3f489e46
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_gost2814789.c
@@ -0,0 +1,105 @@
+/* $OpenBSD: m_gost2814789.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/evp.h>
+#include <openssl/gost.h>
+#include <openssl/objects.h>
+static int init(EVP_MD_CTX *ctx)
+{
+        return GOST2814789IMIT_Init(ctx->md_data, NID_id_Gost28147_89_CryptoPro_A_ParamSet);
+}
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+        return GOST2814789IMIT_Update(ctx->md_data, data, count);
+}
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+        return GOST2814789IMIT_Final(md, ctx->md_data);
+}
+static int md_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
+{
+        GOST2814789IMIT_CTX *gctx = ctx->md_data;
+        switch (cmd) {
+        case EVP_MD_CTRL_SET_KEY:
+                return Gost2814789_set_key(&gctx->cipher, p2, p1);
+        case EVP_MD_CTRL_GOST_SET_SBOX:
+                return Gost2814789_set_sbox(&gctx->cipher, p1);
+        }
+        return -2;
+}
+static const EVP_MD gost2814789imit_md = {
+        .type = NID_id_Gost28147_89_MAC,
+        .pkey_type = NID_undef,
+        .md_size = GOST2814789IMIT_LENGTH,
+        .flags = 0,
+        .init = init,
+        .update = update,
+        .final = final,
+        .block_size = GOST2814789IMIT_CBLOCK,
+        .ctx_size = sizeof(EVP_MD *) + sizeof(GOST2814789IMIT_CTX),
+        .md_ctrl = md_ctrl,
+};
+const EVP_MD *
+EVP_gost2814789imit(void)
+{
+        return (&gost2814789imit_md);
+}
+#endif
diff --git a/src/lib/libcrypto/evp/m_gostr341194.c b/src/lib/libcrypto/evp/m_gostr341194.c
new file mode 100644
index 0000000000..380d92d508
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_gostr341194.c
@@ -0,0 +1,93 @@
+/* $OpenBSD: m_gostr341194.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <stdio.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/evp.h>
+#include <openssl/gost.h>
+#include <openssl/objects.h>
+static int init(EVP_MD_CTX *ctx)
+{
+        return GOSTR341194_Init(ctx->md_data, NID_id_GostR3411_94_CryptoProParamSet);
+}
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+        return GOSTR341194_Update(ctx->md_data, data, count);
+}
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+        return GOSTR341194_Final(md, ctx->md_data);
+}
+static const EVP_MD gostr341194_md = {
+        .type = NID_id_GostR3411_94,
+        .pkey_type = NID_undef,
+        .md_size = GOSTR341194_LENGTH,
+        .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
+        .init = init,
+        .update = update,
+        .final = final,
+        .block_size = GOSTR341194_CBLOCK,
+        .ctx_size = sizeof(EVP_MD *) + sizeof(GOSTR341194_CTX),
+};
+const EVP_MD *
+EVP_gostr341194(void)
+{
+        return (&gostr341194_md);
+}
+#endif
diff --git a/src/lib/libcrypto/evp/m_streebog.c b/src/lib/libcrypto/evp/m_streebog.c
new file mode 100644
index 0000000000..cf4b159f43
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_streebog.c
@@ -0,0 +1,125 @@
+/* $OpenBSD: m_streebog.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/evp.h>
+#include <openssl/gost.h>
+#include <openssl/objects.h>
+static int init256(EVP_MD_CTX *ctx)
+{
+        return STREEBOG256_Init(ctx->md_data);
+}
+static int update256(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+        return STREEBOG256_Update(ctx->md_data, data, count);
+}
+static int final256(EVP_MD_CTX *ctx, unsigned char *md)
+{
+        return STREEBOG256_Final(md, ctx->md_data);
+}
+static int init512(EVP_MD_CTX *ctx)
+{
+        return STREEBOG512_Init(ctx->md_data);
+}
+static int update512(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+        return STREEBOG512_Update(ctx->md_data, data, count);
+}
+static int final512(EVP_MD_CTX *ctx, unsigned char *md)
+{
+        return STREEBOG512_Final(md, ctx->md_data);
+}
+static const EVP_MD streebog256_md = {
+        .type = NID_id_tc26_gost3411_2012_256,
+        .pkey_type = NID_undef,
+        .md_size = STREEBOG256_LENGTH,
+        .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
+        .init = init256,
+        .update = update256,
+        .final = final256,
+        .block_size = STREEBOG_CBLOCK,
+        .ctx_size = sizeof(EVP_MD *) + sizeof(STREEBOG_CTX),
+};
+static const EVP_MD streebog512_md = {
+        .type = NID_id_tc26_gost3411_2012_512,
+        .pkey_type = NID_undef,
+        .md_size = STREEBOG512_LENGTH,
+        .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
+        .init = init512,
+        .update = update512,
+        .final = final512,
+        .block_size = STREEBOG_CBLOCK,
+        .ctx_size = sizeof(EVP_MD *) + sizeof(STREEBOG_CTX),
+};
+const EVP_MD *
+EVP_streebog256(void)
+{
+        return (&streebog256_md);
+}
+const EVP_MD *
+EVP_streebog512(void)
+{
+        return (&streebog512_md);
+}
+#endif
diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c
index 12267a6d93..24cdfdd1d0 100644
--- a/src/lib/libcrypto/evp/pmeth_lib.c
+++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_lib.c,v 1.9 2014/07/12 16:03:37 miod Exp $ */
+/* $OpenBSD: pmeth_lib.c,v 1.10 2014/11/09 19:17:13 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -79,6 +79,7 @@ STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
 extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth;
 extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth;
+extern const EVP_PKEY_METHOD gostimit_pkey_meth, gostr01_pkey_meth;
 static const EVP_PKEY_METHOD *standard_methods[] = {
 #ifndef OPENSSL_NO_RSA
@@ -93,8 +94,12 @@ static const EVP_PKEY_METHOD *standard_methods[] = {
 #ifndef OPENSSL_NO_EC
        &ec_pkey_meth,
 #endif
+#ifndef OPENSSL_NO_GOST
+        &gostr01_pkey_meth,
+        &gostimit_pkey_meth,
+#endif
        &hmac_pkey_meth,
-        &cmac_pkey_meth
+        &cmac_pkey_meth,
 };
 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
diff --git a/src/lib/libcrypto/gost/gost.h b/src/lib/libcrypto/gost/gost.h
new file mode 100644
index 0000000000..5296e7b9c2
--- /dev/null
+++ b/src/lib/libcrypto/gost/gost.h
@@ -0,0 +1,263 @@
+/* $OpenBSD: gost.h,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#ifndef HEADER_GOST_H
+#define HEADER_GOST_H
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_GOST
+#error GOST is disabled.
+#endif
+#include <openssl/asn1t.h>
+#include <openssl/ec.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
+typedef struct gost2814789_key_st {
+        unsigned int key[8];
+        unsigned int k87[256],k65[256],k43[256],k21[256];
+        unsigned int count;
+        unsigned key_meshing : 1;
+} GOST2814789_KEY;
+int Gost2814789_set_sbox(GOST2814789_KEY *key, int nid);
+int Gost2814789_set_key(GOST2814789_KEY *key,
+                const unsigned char *userKey, const int bits);
+void Gost2814789_ecb_encrypt(const unsigned char *in, unsigned char *out,
+        GOST2814789_KEY *key, const int enc);
+void Gost2814789_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+        size_t length, GOST2814789_KEY *key,
+        unsigned char *ivec, int *num, const int enc);
+void Gost2814789_cnt_encrypt(const unsigned char *in, unsigned char *out,
+        size_t length, GOST2814789_KEY *key,
+        unsigned char *ivec, unsigned char *cnt_buf, int *num);
+typedef struct {
+        ASN1_OCTET_STRING *iv;
+        ASN1_OBJECT *enc_param_set;
+} GOST_CIPHER_PARAMS;
+DECLARE_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS)
+#define GOST2814789IMIT_LENGTH 4
+#define GOST2814789IMIT_CBLOCK 8
+#define GOST2814789IMIT_LONG unsigned int
+typedef struct GOST2814789IMITstate_st {
+        GOST2814789IMIT_LONG    Nl, Nh;
+        unsigned char           data[GOST2814789IMIT_CBLOCK];
+        unsigned int            num;
+        GOST2814789_KEY         cipher;
+        unsigned char           mac[GOST2814789IMIT_CBLOCK];
+} GOST2814789IMIT_CTX;
+/* Note, also removed second parameter and removed dctx->cipher setting */
+int GOST2814789IMIT_Init(GOST2814789IMIT_CTX *c, int nid);
+int GOST2814789IMIT_Update(GOST2814789IMIT_CTX *c, const void *data, size_t len);
+int GOST2814789IMIT_Final(unsigned char *md, GOST2814789IMIT_CTX *c);
+void GOST2814789IMIT_Transform(GOST2814789IMIT_CTX *c, const unsigned char *data);
+unsigned char *GOST2814789IMIT(const unsigned char *d, size_t n,
+                unsigned char *md, int nid,
+                const unsigned char *key, const unsigned char *iv);
+#define GOSTR341194_LONG unsigned int
+#define GOSTR341194_LENGTH      32
+#define GOSTR341194_CBLOCK      32
+#define GOSTR341194_LBLOCK      (GOSTR341194_CBLOCK/4)
+typedef struct GOSTR341194state_st {
+        GOSTR341194_LONG        Nl, Nh;
+        GOSTR341194_LONG        data[GOSTR341194_LBLOCK];
+        unsigned int            num;
+        GOST2814789_KEY         cipher;
+        unsigned char           H[GOSTR341194_CBLOCK];
+        unsigned char           S[GOSTR341194_CBLOCK];
+} GOSTR341194_CTX;
+/* Note, also removed second parameter and removed dctx->cipher setting */
+int GOSTR341194_Init(GOSTR341194_CTX *c, int nid);
+int GOSTR341194_Update(GOSTR341194_CTX *c, const void *data, size_t len);
+int GOSTR341194_Final(unsigned char *md, GOSTR341194_CTX *c);
+void GOSTR341194_Transform(GOSTR341194_CTX *c, const unsigned char *data);
+unsigned char *GOSTR341194(const unsigned char *d, size_t n,unsigned char *md, int nid);
+#if defined(_LP64)
+#define STREEBOG_LONG64 unsigned long
+#define U64(C)     C##UL
+#else
+#define STREEBOG_LONG64 unsigned long long
+#define U64(C)     C##ULL
+#endif
+#define STREEBOG_LBLOCK 8
+#define STREEBOG_CBLOCK 64
+#define STREEBOG256_LENGTH 32
+#define STREEBOG512_LENGTH 64
+typedef struct STREEBOGstate_st {
+        STREEBOG_LONG64 data[STREEBOG_LBLOCK];
+        unsigned int    num;
+        unsigned int    md_len;
+        STREEBOG_LONG64 h[STREEBOG_LBLOCK];
+        STREEBOG_LONG64 N[STREEBOG_LBLOCK];
+        STREEBOG_LONG64 Sigma[STREEBOG_LBLOCK];
+} STREEBOG_CTX;
+int STREEBOG256_Init(STREEBOG_CTX *c);
+int STREEBOG256_Update(STREEBOG_CTX *c, const void *data, size_t len);
+int STREEBOG256_Final(unsigned char *md, STREEBOG_CTX *c);
+void STREEBOG256_Transform(STREEBOG_CTX *c, const unsigned char *data);
+unsigned char *STREEBOG256(const unsigned char *d, size_t n,unsigned char *md);
+int STREEBOG512_Init(STREEBOG_CTX *c);
+int STREEBOG512_Update(STREEBOG_CTX *c, const void *data, size_t len);
+int STREEBOG512_Final(unsigned char *md, STREEBOG_CTX *c);
+void STREEBOG512_Transform(STREEBOG_CTX *c, const unsigned char *data);
+unsigned char *STREEBOG512(const unsigned char *d, size_t n,unsigned char *md);
+typedef struct gost_key_st GOST_KEY;
+GOST_KEY *GOST_KEY_new(void);
+void GOST_KEY_free(GOST_KEY * r);
+int GOST_KEY_check_key(const GOST_KEY * eckey);
+int GOST_KEY_set_public_key_affine_coordinates(GOST_KEY * key, BIGNUM * x, BIGNUM * y);
+const EC_GROUP * GOST_KEY_get0_group(const GOST_KEY * key);
+int GOST_KEY_set_group(GOST_KEY * key, const EC_GROUP * group);
+int GOST_KEY_get_digest(const GOST_KEY * key);
+int GOST_KEY_set_digest(GOST_KEY * key, int digest_nid);
+const BIGNUM * GOST_KEY_get0_private_key(const GOST_KEY * key);
+int GOST_KEY_set_private_key(GOST_KEY * key, const BIGNUM * priv_key);
+const EC_POINT * GOST_KEY_get0_public_key(const GOST_KEY * key);
+int GOST_KEY_set_public_key(GOST_KEY * key, const EC_POINT * pub_key);
+size_t GOST_KEY_get_size(const GOST_KEY * r);
+/* Gost-specific pmeth control-function parameters */
+/* For GOST R34.10 parameters */
+#define EVP_PKEY_CTRL_GOST_PARAMSET     (EVP_PKEY_ALG_CTRL+1)
+#define EVP_PKEY_CTRL_GOST_SIG_FORMAT   (EVP_PKEY_ALG_CTRL+2)
+#define EVP_PKEY_CTRL_GOST_SET_DIGEST   (EVP_PKEY_ALG_CTRL+3)
+#define EVP_PKEY_CTRL_GOST_GET_DIGEST   (EVP_PKEY_ALG_CTRL+4)
+#define GOST_SIG_FORMAT_SR_BE   0
+#define GOST_SIG_FORMAT_RS_LE   1
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_GOST_strings(void);
+/* Error codes for the GOST functions. */
+/* Function codes. */
+#define GOST_F_DECODE_GOST01_ALGOR_PARAMS                104
+#define GOST_F_ENCODE_GOST01_ALGOR_PARAMS                105
+#define GOST_F_GOST2001_COMPUTE_PUBLIC                   106
+#define GOST_F_GOST2001_DO_SIGN                          107
+#define GOST_F_GOST2001_DO_VERIFY                        108
+#define GOST_F_GOST2001_KEYGEN                           109
+#define GOST_F_GOST89_GET_ASN1_PARAMETERS                102
+#define GOST_F_GOST89_SET_ASN1_PARAMETERS                103
+#define GOST_F_GOST_KEY_CHECK_KEY                        124
+#define GOST_F_GOST_KEY_NEW                              125
+#define GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 126
+#define GOST_F_PARAM_COPY_GOST01                         110
+#define GOST_F_PARAM_DECODE_GOST01                       111
+#define GOST_F_PKEY_GOST01_CTRL                          116
+#define GOST_F_PKEY_GOST01_DECRYPT                       112
+#define GOST_F_PKEY_GOST01_DERIVE                        113
+#define GOST_F_PKEY_GOST01_ENCRYPT                       114
+#define GOST_F_PKEY_GOST01_PARAMGEN                      115
+#define GOST_F_PKEY_GOST01_SIGN                          123
+#define GOST_F_PKEY_GOST_MAC_CTRL                        100
+#define GOST_F_PKEY_GOST_MAC_KEYGEN                      101
+#define GOST_F_PRIV_DECODE_GOST01                        117
+#define GOST_F_PUB_DECODE_GOST01                         118
+#define GOST_F_PUB_ENCODE_GOST01                         119
+#define GOST_F_PUB_PRINT_GOST01                          120
+#define GOST_F_UNPACK_SIGNATURE_CP                       121
+#define GOST_F_UNPACK_SIGNATURE_LE                       122
+/* Reason codes. */
+#define GOST_R_BAD_KEY_PARAMETERS_FORMAT                 104
+#define GOST_R_BAD_PKEY_PARAMETERS_FORMAT                105
+#define GOST_R_CANNOT_PACK_EPHEMERAL_KEY                 106
+#define GOST_R_CTRL_CALL_FAILED                          107
+#define GOST_R_ERROR_COMPUTING_SHARED_KEY                108
+#define GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO          109
+#define GOST_R_INCOMPATIBLE_ALGORITHMS                   110
+#define GOST_R_INCOMPATIBLE_PEER_KEY                     111
+#define GOST_R_INVALID_DIGEST_TYPE                       100
+#define GOST_R_INVALID_IV_LENGTH                         103
+#define GOST_R_INVALID_MAC_KEY_LENGTH                    101
+#define GOST_R_KEY_IS_NOT_INITIALIZED                    112
+#define GOST_R_KEY_PARAMETERS_MISSING                    113
+#define GOST_R_MAC_KEY_NOT_SET                           102
+#define GOST_R_NO_PARAMETERS_SET                         115
+#define GOST_R_NO_PEER_KEY                               116
+#define GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR  117
+#define GOST_R_PUBLIC_KEY_UNDEFINED                      118
+#define GOST_R_RANDOM_GENERATOR_FAILURE                  119
+#define GOST_R_RANDOM_NUMBER_GENERATOR_FAILED            120
+#define GOST_R_SIGNATURE_MISMATCH                        121
+#define GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q            122
+#define GOST_R_UKM_NOT_SET                               123
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/gost/gost2814789.c b/src/lib/libcrypto/gost/gost2814789.c
new file mode 100644
index 0000000000..b80f692f10
--- /dev/null
+++ b/src/lib/libcrypto/gost/gost2814789.c
@@ -0,0 +1,453 @@
+/* $OpenBSD: gost2814789.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/objects.h>
+#include <openssl/gost.h>
+#include "gost_locl.h"
+static inline unsigned int f(const GOST2814789_KEY *c, unsigned int x)
+{
+        return  c->k87[(x>>24) & 255] | c->k65[(x>>16) & 255]|
+                c->k43[(x>> 8) & 255] | c->k21[(x    ) & 255];
+}
+void Gost2814789_encrypt(const unsigned char *in, unsigned char *out,
+        const GOST2814789_KEY *key)
+{
+        unsigned int n1, n2; /* As named in the GOST */
+        c2l(in, n1);
+        c2l(in, n2);
+        /* Instead of swapping halves, swap names each round */
+        n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
+        n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
+        n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
+        n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
+        n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
+        n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
+        n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
+        n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
+        n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
+        n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
+        n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
+        n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
+        n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]);
+        n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]);
+        n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]);
+        n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]);
+        l2c(n2, out);
+        l2c(n1, out);
+}
+void Gost2814789_decrypt(const unsigned char *in, unsigned char *out,
+        const GOST2814789_KEY *key)
+{
+        unsigned int n1, n2; /* As named in the GOST */
+        c2l(in, n1);
+        c2l(in, n2);
+        /* Instead of swapping halves, swap names each round */
+        n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
+        n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
+        n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
+        n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
+        n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]);
+        n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]);
+        n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]);
+        n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]);
+        n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]);
+        n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]);
+        n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]);
+        n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]);
+        n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]);
+        n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]);
+        n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]);
+        n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]);
+        l2c(n2, out);
+        l2c(n1, out);
+}
+static void Gost2814789_mac(const unsigned char *in,
+                unsigned char *mac,
+                GOST2814789_KEY *key)
+{
+        unsigned int n1, n2; /* As named in the GOST */
+        unsigned char *p;
+        int i;
+        for (i = 0; i < 8; i++)
+                mac[i] ^= in[i];
+        p = mac;
+        c2l(p, n1);
+        c2l(p, n2);
+        /* Instead of swapping halves, swap names each round */
+        n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
+        n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
+        n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
+        n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
+        n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
+        n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
+        n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
+        n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
+        p = mac;
+        l2c(n1, p);
+        l2c(n2, p);
+}
+void Gost2814789_ecb_encrypt(const unsigned char *in, unsigned char *out,
+        GOST2814789_KEY *key, const int enc)
+{
+        if (key->key_meshing && key->count == 1024) {
+                Gost2814789_cryptopro_key_mesh(key);
+                key->count = 0;
+        }
+        if (enc)
+                Gost2814789_encrypt(in, out, key);
+        else
+                Gost2814789_decrypt(in, out, key);
+}
+static inline void Gost2814789_encrypt_mesh(unsigned char *iv, GOST2814789_KEY *key)
+{
+        if (key->key_meshing && key->count == 1024) {
+                Gost2814789_cryptopro_key_mesh(key);
+                Gost2814789_encrypt(iv, iv, key);
+                key->count = 0;
+        }
+        Gost2814789_encrypt(iv, iv, key);
+        key->count += 8;
+}
+static inline void Gost2814789_mac_mesh(const unsigned char *data,
+                unsigned char *mac,
+                GOST2814789_KEY *key)
+{
+        if (key->key_meshing && key->count == 1024) {
+                Gost2814789_cryptopro_key_mesh(key);
+                key->count = 0;
+        }
+        Gost2814789_mac(data, mac, key);
+        key->count += 8;
+}
+void Gost2814789_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+        size_t len, GOST2814789_KEY *key,
+        unsigned char *ivec, int *num, const int enc)
+{
+    unsigned int n;
+    size_t l = 0;
+    OPENSSL_assert(in && out && key && ivec && num);
+    n = *num;
+    if (enc) {
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (8%sizeof(size_t) == 0) do { /* always true actually */
+                while (n && len) {
+                        *(out++) = ivec[n] ^= *(in++);
+                        --len;
+                        n = (n+1) % 8;
+                }
+#ifdef __STRICT_ALIGNMENT
+                if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
+                        break;
+#endif
+                while (len>=8) {
+                        Gost2814789_encrypt_mesh(ivec, key);
+                        for (; n<8; n+=sizeof(size_t)) {
+                                *(size_t*)(out+n) =
+                                *(size_t*)(ivec+n) ^= *(size_t*)(in+n);
+                        }
+                        len -= 8;
+                        out += 8;
+                        in  += 8;
+                        n = 0;
+                }
+                if (len) {
+                        Gost2814789_encrypt_mesh(ivec, key);
+                        while (len--) {
+                                out[n] = ivec[n] ^= in[n];
+                                ++n;
+                        }
+                }
+                *num = n;
+                return;
+        } while (0);
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l<len) {
+                if (n == 0) {
+                        Gost2814789_encrypt_mesh(ivec, key);
+                }
+                out[l] = ivec[n] ^= in[l];
+                ++l;
+                n = (n+1) % 8;
+        }
+        *num = n;
+    } else {
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (8%sizeof(size_t) == 0) do { /* always true actually */
+                while (n && len) {
+                        unsigned char c;
+                        *(out++) = ivec[n] ^ (c = *(in++)); ivec[n] = c;
+                        --len;
+                        n = (n+1) % 8;
+                }
+#ifdef __STRICT_ALIGNMENT
+                if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
+                        break;
+#endif
+                while (len>=8) {
+                        Gost2814789_encrypt_mesh(ivec, key);
+                        for (; n<8; n+=sizeof(size_t)) {
+                                size_t t = *(size_t*)(in+n);
+                                *(size_t*)(out+n) = *(size_t*)(ivec+n) ^ t;
+                                *(size_t*)(ivec+n) = t;
+                        }
+                        len -= 8;
+                        out += 8;
+                        in  += 8;
+                        n = 0;
+                }
+                if (len) {
+                        Gost2814789_encrypt_mesh(ivec, key);
+                        while (len--) {
+                                unsigned char c;
+                                out[n] = ivec[n] ^ (c = in[n]); ivec[n] = c;
+                                ++n;
+                        }
+                }
+                *num = n;
+                return;
+        } while (0);
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l<len) {
+                unsigned char c;
+                if (n == 0) {
+                        Gost2814789_encrypt_mesh(ivec, key);
+                }
+                out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c;
+                ++l;
+                n = (n+1) % 8;
+        }
+        *num=n;
+    }
+}
+static inline void Gost2814789_cnt_next(unsigned char *ivec,
+                unsigned char *out,
+                GOST2814789_KEY *key)
+{
+        unsigned char *p = ivec, *p2 = ivec;
+        unsigned int val, val2;
+        if (key->count == 0)
+                Gost2814789_encrypt(ivec, ivec, key);
+        if (key->key_meshing && key->count == 1024) {
+                Gost2814789_cryptopro_key_mesh(key);
+                Gost2814789_encrypt(ivec, ivec, key);
+                key->count = 0;
+        }
+        c2l(p, val);
+        val2 = val + 0x01010101;
+        l2c(val2, p2);
+        c2l(p, val);
+        val2 = val + 0x01010104;
+        if (val > val2) /* overflow */
+                val2++;
+        l2c(val2, p2);
+        Gost2814789_encrypt(ivec, out, key);
+        key->count += 8;
+}
+void Gost2814789_cnt_encrypt(const unsigned char *in, unsigned char *out,
+        size_t len, GOST2814789_KEY *key,
+        unsigned char *ivec, unsigned char *cnt_buf, int *num)
+{
+        unsigned int n;
+        size_t l=0;
+        OPENSSL_assert(in && out && key && cnt_buf && num);
+        n = *num;
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (8%sizeof(size_t) == 0) do { /* always true actually */
+                while (n && len) {
+                        *(out++) = *(in++) ^ cnt_buf[n];
+                        --len;
+                        n = (n+1) % 8;
+                }
+#ifdef __STRICT_ALIGNMENT
+                if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
+                        break;
+#endif
+                while (len>=8) {
+                        Gost2814789_cnt_next(ivec, cnt_buf, key);
+                        for (; n<8; n+=sizeof(size_t))
+                                *(size_t *)(out+n) =
+                                *(size_t *)(in+n) ^ *(size_t *)(cnt_buf+n);
+                        len -= 8;
+                        out += 8;
+                        in  += 8;
+                        n = 0;
+                }
+                if (len) {
+                        Gost2814789_cnt_next(ivec, cnt_buf, key);
+                        while (len--) {
+                                out[n] = in[n] ^ cnt_buf[n];
+                                ++n;
+                        }
+                }
+                *num = n;
+                return;
+        } while(0);
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l<len) {
+                if (n==0)
+                        Gost2814789_cnt_next(ivec, cnt_buf, key);
+                out[l] = in[l] ^ cnt_buf[n];
+                ++l;
+                n = (n+1) % 8;
+        }
+        *num=n;
+}
+int GOST2814789IMIT_Init(GOST2814789IMIT_CTX *c, int nid)
+{
+        c->Nl = c->Nh = c->num = 0;
+        memset(c->mac, 0, 8);
+        return Gost2814789_set_sbox(&c->cipher, nid);
+}
+static void GOST2814789IMIT_block_data_order(GOST2814789IMIT_CTX *ctx, const void *p, size_t num)
+{
+        int i;
+        for (i = 0; i < num; i++) {
+                Gost2814789_mac_mesh(p, ctx->mac, &ctx->cipher);
+                p += 8;
+        }
+}
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+#define HASH_CBLOCK     GOST2814789IMIT_CBLOCK
+#define HASH_LONG       GOST2814789IMIT_LONG
+#define HASH_CTX        GOST2814789IMIT_CTX
+#define HASH_UPDATE     GOST2814789IMIT_Update
+#define HASH_TRANSFORM  GOST2814789IMIT_Transform
+#define HASH_NO_FINAL   1
+#define HASH_BLOCK_DATA_ORDER   GOST2814789IMIT_block_data_order
+#include "md32_common.h"
+int GOST2814789IMIT_Final(unsigned char *md, GOST2814789IMIT_CTX *c)
+{
+        if (c->num) {
+                memset(c->data + c->num, 0, 8 - c->num);
+                Gost2814789_mac_mesh(c->data, c->mac, &c->cipher);
+        }
+        if (c->Nl <= 8 * 8 && c->Nl > 0 && c->Nh == 0) {
+                memset(c->data, 0, 8);
+                Gost2814789_mac_mesh(c->data, c->mac, &c->cipher);
+        }
+        memcpy(md, c->mac, 4);
+        return 1;
+}
+unsigned char *GOST2814789IMIT(const unsigned char *d, size_t n,
+                unsigned char *md, int nid,
+                const unsigned char *key, const unsigned char *iv)
+{
+        GOST2814789IMIT_CTX c;
+        static unsigned char m[GOST2814789IMIT_LENGTH];
+        if (md == NULL)
+                md = m;
+        GOST2814789IMIT_Init(&c, nid);
+        memcpy(c.mac, iv, 8);
+        Gost2814789_set_key(&c.cipher, key, 256);
+        GOST2814789IMIT_Update(&c, d, n);
+        GOST2814789IMIT_Final(md, &c);
+        OPENSSL_cleanse(&c, sizeof(c));
+        return (md);
+}
+#endif
diff --git a/src/lib/libcrypto/gost/gost89_keywrap.c b/src/lib/libcrypto/gost/gost89_keywrap.c
new file mode 100644
index 0000000000..8f641b6cef
--- /dev/null
+++ b/src/lib/libcrypto/gost/gost89_keywrap.c
@@ -0,0 +1,136 @@
+/* $OpenBSD: gost89_keywrap.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/gost.h>
+#include "gost_locl.h"
+static void key_diversify_crypto_pro(GOST2814789_KEY * ctx, const unsigned char *inputKey,
+                           const unsigned char *ukm, unsigned char *outputKey)
+{
+        unsigned long k, s1, s2;
+        int i, mask;
+        unsigned char S[8];
+        unsigned char *p;
+        memcpy(outputKey, inputKey, 32);
+        for (i = 0; i < 8; i++) {
+                /* Make array of integers from key */
+                /* Compute IV S */
+                s1 = 0, s2 = 0;
+                p = outputKey;
+                for (mask = 1; mask < 256; mask <<= 1) {
+                        c2l(p, k);
+                        if (mask & ukm[i]) {
+                                s1 += k;
+                        } else {
+                                s2 += k;
+                        }
+                }
+                p = S;
+                l2c (s1, p);
+                l2c (s2, p);
+                Gost2814789_set_key(ctx, outputKey, 256);
+                mask = 0;
+                Gost2814789_cfb64_encrypt(outputKey, outputKey, 32, ctx, S, &mask, 1);
+        }
+}
+int key_wrap_crypto_pro(int nid, const unsigned char *keyExchangeKey,
+                     const unsigned char *ukm, const unsigned char *sessionKey,
+                     unsigned char *wrappedKey)
+{
+        GOST2814789_KEY ctx;
+        unsigned char kek_ukm[32];
+        Gost2814789_set_sbox(&ctx, nid);
+        key_diversify_crypto_pro(&ctx, keyExchangeKey, ukm, kek_ukm);
+        Gost2814789_set_key(&ctx, kek_ukm, 256);
+        memcpy(wrappedKey, ukm, 8);
+        Gost2814789_encrypt(sessionKey +  0, wrappedKey + 8 +  0, &ctx);
+        Gost2814789_encrypt(sessionKey +  8, wrappedKey + 8 +  8, &ctx);
+        Gost2814789_encrypt(sessionKey + 16, wrappedKey + 8 + 16, &ctx);
+        Gost2814789_encrypt(sessionKey + 24, wrappedKey + 8 + 24, &ctx);
+        GOST2814789IMIT(sessionKey, 32, wrappedKey + 40, nid, kek_ukm, ukm);
+        return 1;
+}
+int key_unwrap_crypto_pro(int nid, const unsigned char *keyExchangeKey,
+                       const unsigned char *wrappedKey,
+                       unsigned char *sessionKey)
+{
+        unsigned char kek_ukm[32], cek_mac[4];
+        GOST2814789_KEY ctx;
+        Gost2814789_set_sbox(&ctx, nid);
+        /* First 8 bytes of wrapped Key is ukm */
+        key_diversify_crypto_pro(&ctx, keyExchangeKey, wrappedKey, kek_ukm);
+        Gost2814789_set_key(&ctx, kek_ukm, 256);
+        Gost2814789_decrypt(wrappedKey + 8 +  0, sessionKey +  0, &ctx);
+        Gost2814789_decrypt(wrappedKey + 8 +  8, sessionKey +  8, &ctx);
+        Gost2814789_decrypt(wrappedKey + 8 + 16, sessionKey + 16, &ctx);
+        Gost2814789_decrypt(wrappedKey + 8 + 24, sessionKey + 24, &ctx);
+        GOST2814789IMIT(sessionKey, 32, cek_mac, nid, kek_ukm, wrappedKey);
+        if (memcmp(cek_mac, wrappedKey + 40, 4)) {
+                printf("IMIT Missmatch!\n");
+                return 0;
+        }
+        return 1;
+}
+#endif
diff --git a/src/lib/libcrypto/gost/gost89_params.c b/src/lib/libcrypto/gost/gost89_params.c
new file mode 100644
index 0000000000..2b2607d24b
--- /dev/null
+++ b/src/lib/libcrypto/gost/gost89_params.c
@@ -0,0 +1,241 @@
+/* $OpenBSD: gost89_params.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <stdlib.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/objects.h>
+#include <openssl/gost.h>
+#include "gost_locl.h"
+/* Substitution blocks from test examples for GOST R 34.11-94*/
+static const gost_subst_block GostR3411_94_TestParamSet = {
+        {0x1,0xF,0xD,0x0,0x5,0x7,0xA,0x4,0x9,0x2,0x3,0xE,0x6,0xB,0x8,0xC},
+        {0xD,0xB,0x4,0x1,0x3,0xF,0x5,0x9,0x0,0xA,0xE,0x7,0x6,0x8,0x2,0xC},
+        {0x4,0xB,0xA,0x0,0x7,0x2,0x1,0xD,0x3,0x6,0x8,0x5,0x9,0xC,0xF,0xE},
+        {0x6,0xC,0x7,0x1,0x5,0xF,0xD,0x8,0x4,0xA,0x9,0xE,0x0,0x3,0xB,0x2},
+        {0x7,0xD,0xA,0x1,0x0,0x8,0x9,0xF,0xE,0x4,0x6,0xC,0xB,0x2,0x5,0x3},
+        {0x5,0x8,0x1,0xD,0xA,0x3,0x4,0x2,0xE,0xF,0xC,0x7,0x6,0x0,0x9,0xB},
+        {0xE,0xB,0x4,0xC,0x6,0xD,0xF,0xA,0x2,0x3,0x8,0x1,0x0,0x7,0x5,0x9},
+        {0x4,0xA,0x9,0x2,0xD,0x8,0x0,0xE,0x6,0xB,0x1,0xC,0x7,0xF,0x5,0x3}
+};
+/* Substitution blocks for hash function 1.2.643.2.9.1.6.1  */
+static const gost_subst_block GostR3411_94_CryptoProParamSet = {
+        {0x1,0x3,0xA,0x9,0x5,0xB,0x4,0xF,0x8,0x6,0x7,0xE,0xD,0x0,0x2,0xC},
+        {0xD,0xE,0x4,0x1,0x7,0x0,0x5,0xA,0x3,0xC,0x8,0xF,0x6,0x2,0x9,0xB},
+        {0x7,0x6,0x2,0x4,0xD,0x9,0xF,0x0,0xA,0x1,0x5,0xB,0x8,0xE,0xC,0x3},
+        {0x7,0x6,0x4,0xB,0x9,0xC,0x2,0xA,0x1,0x8,0x0,0xE,0xF,0xD,0x3,0x5},
+        {0x4,0xA,0x7,0xC,0x0,0xF,0x2,0x8,0xE,0x1,0x6,0x5,0xD,0xB,0x9,0x3},
+        {0x7,0xF,0xC,0xE,0x9,0x4,0x1,0x0,0x3,0xB,0x5,0x2,0x6,0xA,0x8,0xD},
+        {0x5,0xF,0x4,0x0,0x2,0xD,0xB,0x9,0x1,0x7,0x6,0x3,0xC,0xE,0xA,0x8},
+        {0xA,0x4,0x5,0x6,0x8,0x1,0x3,0x7,0xD,0xC,0xE,0x0,0x9,0x2,0xB,0xF}
+};
+/* Test paramset from GOST 28147 */
+gost_subst_block Gost28147_TestParamSet = {
+        {0xC,0x6,0x5,0x2,0xB,0x0,0x9,0xD,0x3,0xE,0x7,0xA,0xF,0x4,0x1,0x8},
+        {0x9,0xB,0xC,0x0,0x3,0x6,0x7,0x5,0x4,0x8,0xE,0xF,0x1,0xA,0x2,0xD},
+        {0x8,0xF,0x6,0xB,0x1,0x9,0xC,0x5,0xD,0x3,0x7,0xA,0x0,0xE,0x2,0x4},
+        {0x3,0xE,0x5,0x9,0x6,0x8,0x0,0xD,0xA,0xB,0x7,0xC,0x2,0x1,0xF,0x4},
+        {0xE,0x9,0xB,0x2,0x5,0xF,0x7,0x1,0x0,0xD,0xC,0x6,0xA,0x4,0x3,0x8},
+        {0xD,0x8,0xE,0xC,0x7,0x3,0x9,0xA,0x1,0x5,0x2,0x4,0x6,0xF,0x0,0xB},
+        {0xC,0x9,0xF,0xE,0x8,0x1,0x3,0xA,0x2,0x7,0x4,0xD,0x6,0x0,0xB,0x5},
+        {0x4,0x2,0xF,0x5,0x9,0x1,0x0,0x8,0xE,0x3,0xB,0xC,0xD,0x7,0xA,0x6}
+};
+/* 1.2.643.2.2.31.1 */
+static const gost_subst_block Gost28147_CryptoProParamSetA = {
+        {0xB,0xA,0xF,0x5,0x0,0xC,0xE,0x8,0x6,0x2,0x3,0x9,0x1,0x7,0xD,0x4},
+        {0x1,0xD,0x2,0x9,0x7,0xA,0x6,0x0,0x8,0xC,0x4,0x5,0xF,0x3,0xB,0xE},
+        {0x3,0xA,0xD,0xC,0x1,0x2,0x0,0xB,0x7,0x5,0x9,0x4,0x8,0xF,0xE,0x6},
+        {0xB,0x5,0x1,0x9,0x8,0xD,0xF,0x0,0xE,0x4,0x2,0x3,0xC,0x7,0xA,0x6},
+        {0xE,0x7,0xA,0xC,0xD,0x1,0x3,0x9,0x0,0x2,0xB,0x4,0xF,0x8,0x5,0x6},
+        {0xE,0x4,0x6,0x2,0xB,0x3,0xD,0x8,0xC,0xF,0x5,0xA,0x0,0x7,0x1,0x9},
+        {0x3,0x7,0xE,0x9,0x8,0xA,0xF,0x0,0x5,0x2,0x6,0xC,0xB,0x4,0xD,0x1},
+        {0x9,0x6,0x3,0x2,0x8,0xB,0x1,0x7,0xA,0x4,0xE,0xF,0xC,0x0,0xD,0x5}
+};
+/* 1.2.643.2.2.31.2 */
+static const gost_subst_block Gost28147_CryptoProParamSetB = {
+        {0x0,0x4,0xB,0xE,0x8,0x3,0x7,0x1,0xA,0x2,0x9,0x6,0xF,0xD,0x5,0xC},
+        {0x5,0x2,0xA,0xB,0x9,0x1,0xC,0x3,0x7,0x4,0xD,0x0,0x6,0xF,0x8,0xE},
+        {0x8,0x3,0x2,0x6,0x4,0xD,0xE,0xB,0xC,0x1,0x7,0xF,0xA,0x0,0x9,0x5},
+        {0x2,0x7,0xC,0xF,0x9,0x5,0xA,0xB,0x1,0x4,0x0,0xD,0x6,0x8,0xE,0x3},
+        {0x7,0x5,0x0,0xD,0xB,0x6,0x1,0x2,0x3,0xA,0xC,0xF,0x4,0xE,0x9,0x8},
+        {0xE,0xC,0x0,0xA,0x9,0x2,0xD,0xB,0x7,0x5,0x8,0xF,0x3,0x6,0x1,0x4},
+        {0x0,0x1,0x2,0xA,0x4,0xD,0x5,0xC,0x9,0x7,0x3,0xF,0xB,0x8,0x6,0xE},
+        {0x8,0x4,0xB,0x1,0x3,0x5,0x0,0x9,0x2,0xE,0xA,0xC,0xD,0x6,0x7,0xF}
+};
+/* 1.2.643.2.2.31.3 */
+static const gost_subst_block Gost28147_CryptoProParamSetC = {
+        {0x7,0x4,0x0,0x5,0xA,0x2,0xF,0xE,0xC,0x6,0x1,0xB,0xD,0x9,0x3,0x8},
+        {0xA,0x9,0x6,0x8,0xD,0xE,0x2,0x0,0xF,0x3,0x5,0xB,0x4,0x1,0xC,0x7},
+        {0xC,0x9,0xB,0x1,0x8,0xE,0x2,0x4,0x7,0x3,0x6,0x5,0xA,0x0,0xF,0xD},
+        {0x8,0xD,0xB,0x0,0x4,0x5,0x1,0x2,0x9,0x3,0xC,0xE,0x6,0xF,0xA,0x7},
+        {0x3,0x6,0x0,0x1,0x5,0xD,0xA,0x8,0xB,0x2,0x9,0x7,0xE,0xF,0xC,0x4},
+        {0x8,0x2,0x5,0x0,0x4,0x9,0xF,0xA,0x3,0x7,0xC,0xD,0x6,0xE,0x1,0xB},
+        {0x0,0x1,0x7,0xD,0xB,0x4,0x5,0x2,0x8,0xE,0xF,0xC,0x9,0xA,0x6,0x3},
+        {0x1,0xB,0xC,0x2,0x9,0xD,0x0,0xF,0x4,0x5,0x8,0xE,0xA,0x7,0x6,0x3}
+};
+/* 1.2.643.2.2.31.4 */
+static const gost_subst_block Gost28147_CryptoProParamSetD = {
+        {0x1,0xA,0x6,0x8,0xF,0xB,0x0,0x4,0xC,0x3,0x5,0x9,0x7,0xD,0x2,0xE},
+        {0x3,0x0,0x6,0xF,0x1,0xE,0x9,0x2,0xD,0x8,0xC,0x4,0xB,0xA,0x5,0x7},
+        {0x8,0x0,0xF,0x3,0x2,0x5,0xE,0xB,0x1,0xA,0x4,0x7,0xC,0x9,0xD,0x6},
+        {0x0,0xC,0x8,0x9,0xD,0x2,0xA,0xB,0x7,0x3,0x6,0x5,0x4,0xE,0xF,0x1},
+        {0x1,0x5,0xE,0xC,0xA,0x7,0x0,0xD,0x6,0x2,0xB,0x4,0x9,0x3,0xF,0x8},
+        {0x1,0xC,0xB,0x0,0xF,0xE,0x6,0x5,0xA,0xD,0x4,0x8,0x9,0x3,0x7,0x2},
+        {0xB,0x6,0x3,0x4,0xC,0xF,0xE,0x2,0x7,0xD,0x8,0x0,0x5,0xA,0x9,0x1},
+        {0xF,0xC,0x2,0xA,0x6,0x4,0x5,0x0,0x7,0x9,0xE,0xD,0x1,0xB,0x8,0x3}
+};
+static const gost_subst_block Gost28147_TC26ParamSetZ = {
+        {0x1,0x7,0xe,0xd,0x0,0x5,0x8,0x3,0x4,0xf,0xa,0x6,0x9,0xc,0xb,0x2},
+        {0x8,0xe,0x2,0x5,0x6,0x9,0x1,0xc,0xf,0x4,0xb,0x0,0xd,0xa,0x3,0x7},
+        {0x5,0xd,0xf,0x6,0x9,0x2,0xc,0xa,0xb,0x7,0x8,0x1,0x4,0x3,0xe,0x0},
+        {0x7,0xf,0x5,0xa,0x8,0x1,0x6,0xd,0x0,0x9,0x3,0xe,0xb,0x4,0x2,0xc},
+        {0xc,0x8,0x2,0x1,0xd,0x4,0xf,0x6,0x7,0x0,0xa,0x5,0x3,0xe,0x9,0xb},
+        {0xb,0x3,0x5,0x8,0x2,0xf,0xa,0xd,0xe,0x1,0x7,0x4,0xc,0x9,0x6,0x0},
+        {0x6,0x8,0x2,0x3,0x9,0xa,0x5,0xc,0x1,0xe,0x4,0x7,0xb,0xd,0x0,0xf},
+        {0xc,0x4,0x6,0x2,0xa,0x5,0xb,0x9,0xe,0x8,0xd,0x7,0x0,0x3,0xf,0x1}
+};
+static const unsigned char CryptoProKeyMeshingKey[] = {
+        0x69, 0x00, 0x72, 0x22,   0x64, 0xC9, 0x04, 0x23,
+        0x8D, 0x3A, 0xDB, 0x96,   0x46, 0xE9, 0x2A, 0xC4,
+        0x18, 0xFE, 0xAC, 0x94,   0x00, 0xED, 0x07, 0x12,
+        0xC0, 0x86, 0xDC, 0xC2,   0xEF, 0x4C, 0xA9, 0x2B
+};
+static const struct gost89_parameters_info {
+        int nid;
+        const gost_subst_block *sblock;
+        int key_meshing;
+} gost_cipher_list[] =
+{
+        {NID_id_Gost28147_89_CryptoPro_A_ParamSet,&Gost28147_CryptoProParamSetA,1},
+        {NID_id_Gost28147_89_CryptoPro_B_ParamSet,&Gost28147_CryptoProParamSetB,1},
+        {NID_id_Gost28147_89_CryptoPro_C_ParamSet,&Gost28147_CryptoProParamSetC,1},
+        {NID_id_Gost28147_89_CryptoPro_D_ParamSet,&Gost28147_CryptoProParamSetD,1},
+        {NID_id_tc26_gost_28147_param_Z,&Gost28147_TC26ParamSetZ,1},
+        {NID_id_Gost28147_89_TestParamSet,&Gost28147_TestParamSet,0},
+        {NID_id_GostR3411_94_TestParamSet,&GostR3411_94_TestParamSet,0},
+        {NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0},
+        {NID_undef,NULL,0}
+};
+int Gost2814789_set_sbox(GOST2814789_KEY *key, int nid)
+{
+        int i;
+        const gost_subst_block *b = NULL;
+        unsigned int t;
+        for (i = 0; gost_cipher_list[i].nid != NID_undef; i++) {
+                if (gost_cipher_list[i].nid != nid)
+                        continue;
+                b = gost_cipher_list[i].sblock;
+                key->key_meshing = gost_cipher_list[i].key_meshing;
+                break;
+        }
+        if (!b)
+                return 0;
+        for (i = 0; i < 256; i++) {
+                t = (unsigned int)(b->k8[i >> 4] <<4 | b->k7 [i & 15]) << 24;
+                key->k87[i] = (t << 11) | (t >> 21);
+                t = (unsigned int)(b->k6[i >> 4] <<4 | b->k5 [i & 15]) << 16;
+                key->k65[i] = (t << 11) | (t >> 21);
+                t = (unsigned int)(b->k4[i >> 4] <<4 | b->k3 [i & 15]) << 8;
+                key->k43[i] = (t << 11) | (t >> 21);
+                t = (unsigned int)(b->k2[i >> 4] <<4 | b->k1 [i & 15]) << 0;
+                key->k21[i] = (t << 11) | (t >> 21);
+        }
+        return 1;
+}
+int Gost2814789_set_key(GOST2814789_KEY *key,
+                const unsigned char *userKey, const int bits)
+{
+        int i;
+        if (bits != 256)
+                return 0;
+        for (i = 0; i < 8; i++)
+                c2l(userKey, key->key[i]);
+        key->count = 0;
+        return 1;
+}
+void Gost2814789_cryptopro_key_mesh(GOST2814789_KEY *key)
+{
+        unsigned char newkey[32];
+        Gost2814789_decrypt(CryptoProKeyMeshingKey +  0, newkey +  0, key);
+        Gost2814789_decrypt(CryptoProKeyMeshingKey +  8, newkey +  8, key);
+        Gost2814789_decrypt(CryptoProKeyMeshingKey + 16, newkey + 16, key);
+        Gost2814789_decrypt(CryptoProKeyMeshingKey + 24, newkey + 24, key);
+        Gost2814789_set_key(key, newkey, 256);
+}
+#endif
diff --git a/src/lib/libcrypto/gost/gost89imit_ameth.c b/src/lib/libcrypto/gost/gost89imit_ameth.c
new file mode 100644
index 0000000000..879c2b0ca0
--- /dev/null
+++ b/src/lib/libcrypto/gost/gost89imit_ameth.c
@@ -0,0 +1,88 @@
+/* $OpenBSD: gost89imit_ameth.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/evp.h>
+#include "asn1_locl.h"
+static void mackey_free_gost(EVP_PKEY *pk)
+{
+        if (pk->pkey.ptr) {
+                free(pk->pkey.ptr);
+        }
+}
+static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+        switch (op) {
+        case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+                *(int *)arg2 = NID_id_Gost28147_89_MAC;
+                return 2;
+        }
+        return -2;
+}
+const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth = {
+        .pkey_id = EVP_PKEY_GOSTIMIT,
+        .pkey_base_id = EVP_PKEY_GOSTIMIT,
+        .pkey_flags = ASN1_PKEY_SIGPARAM_NULL,
+        .pem_str = "GOST-MAC",
+        .info = "GOST 28147-89 MAC",
+        .pkey_free = mackey_free_gost,
+        .pkey_ctrl = mac_ctrl_gost,
+};
+#endif
diff --git a/src/lib/libcrypto/gost/gost89imit_pmeth.c b/src/lib/libcrypto/gost/gost89imit_pmeth.c
new file mode 100644
index 0000000000..ec9c72372c
--- /dev/null
+++ b/src/lib/libcrypto/gost/gost89imit_pmeth.c
@@ -0,0 +1,230 @@
+/* $OpenBSD: gost89imit_pmeth.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/gost.h>
+#include <openssl/x509v3.h> /*For string_to_hex */
+#include "evp_locl.h"
+#include "gost_locl.h"
+struct gost_mac_pmeth_data {
+        EVP_MD *md;
+        unsigned char key[32];
+        unsigned key_set : 1;
+};
+static int pkey_gost_mac_init(EVP_PKEY_CTX *ctx)
+{
+        struct gost_mac_pmeth_data *data;
+        data = calloc(1, sizeof(struct gost_mac_pmeth_data));
+        if (!data)
+                return 0;
+        EVP_PKEY_CTX_set_data(ctx,data);
+        return 1;
+}
+static void pkey_gost_mac_cleanup (EVP_PKEY_CTX *ctx)
+{
+        struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+        free(data);
+}
+static int pkey_gost_mac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+        struct gost_mac_pmeth_data *dst_data, *src_data;
+        if (!pkey_gost_mac_init(dst))
+                return 0;
+        src_data = EVP_PKEY_CTX_get_data(src);
+        dst_data = EVP_PKEY_CTX_get_data(dst);
+        *dst_data = *src_data;
+        return 1;
+}
+static int pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+        struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+        unsigned char *keydata;
+        if (!data->key_set) {
+                GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN, GOST_R_MAC_KEY_NOT_SET);
+                return 0;
+        }
+        keydata = malloc(32);
+        memcpy(keydata, data->key, 32);
+        EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata);
+        return 1;
+}
+static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+        struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+        switch (type) {
+        case EVP_PKEY_CTRL_MD:
+                if (EVP_MD_type(p2) != NID_id_Gost28147_89_MAC) {
+                        GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_DIGEST_TYPE);
+                        return 0;
+                }
+                data->md = p2;
+                return 1;
+        case EVP_PKEY_CTRL_SET_MAC_KEY:
+                if (p1 != 32) {
+                        GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
+                        return 0;
+                }
+                memcpy(data->key, p2, 32);
+                data->key_set = 1;
+                return 1;
+        case EVP_PKEY_CTRL_DIGESTINIT:
+                {
+                        EVP_MD_CTX *mctx = p2;
+                        void *key;
+                        if (!data->key_set) {
+                                EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
+                                if (!pkey) {
+                                        GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_MAC_KEY_NOT_SET);
+                                        return 0;
+                                }
+                                key = EVP_PKEY_get0(pkey);
+                                if (!key) {
+                                        GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_MAC_KEY_NOT_SET);
+                                        return 0;
+                                }
+                        } else {
+                                key = &(data->key);
+                        }
+                        if (!mctx->digest->md_ctrl)
+                                return 0;
+                        return mctx->digest->md_ctrl(mctx, EVP_MD_CTRL_SET_KEY, 32 * 8, key);
+                }
+        }
+        return -2;
+}
+static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx,
+        const char *type, const char *value)
+{
+        if (!value)
+                return 0;
+        if (!strcmp(type, "key")) {
+                void *p = (void *)value;
+                return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, strlen(value), p);
+        }
+        if (!strcmp(type, "hexkey")) {
+                unsigned char *key;
+                int r;
+                long keylen;
+                key = string_to_hex(value, &keylen);
+                if (!key)
+                        return 0;
+                r = pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
+                free(key);
+                return r;
+        }
+        return -2;
+}
+static int pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+        return 1;
+}
+static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, EVP_MD_CTX *mctx)
+{
+        unsigned int tmpsiglen=*siglen; /* for platforms where sizeof(int)!=sizeof(size_t)*/
+        int ret;
+        if (!sig) {
+                *siglen = 4;
+                return 1;
+        }
+        ret = EVP_DigestFinal_ex(mctx, sig, &tmpsiglen);
+        *siglen = tmpsiglen;
+        return ret;
+}
+const EVP_PKEY_METHOD gostimit_pkey_meth = {
+        .pkey_id = EVP_PKEY_GOSTIMIT,
+        .init = pkey_gost_mac_init,
+        .cleanup = pkey_gost_mac_cleanup,
+        .copy = pkey_gost_mac_copy,
+        .keygen = pkey_gost_mac_keygen,
+        .signctx_init = pkey_gost_mac_signctx_init,
+        .signctx = pkey_gost_mac_signctx,
+        .ctrl = pkey_gost_mac_ctrl,
+        .ctrl_str = pkey_gost_mac_ctrl_str,
+};
+#endif
diff --git a/src/lib/libcrypto/gost/gost_asn1.c b/src/lib/libcrypto/gost/gost_asn1.c
new file mode 100644
index 0000000000..b8ed244e49
--- /dev/null
+++ b/src/lib/libcrypto/gost/gost_asn1.c
@@ -0,0 +1,53 @@
+/**********************************************************************
+ *                          gost_keytrans.c                           *
+ *             Copyright (c) 2005-2006 Cryptocom LTD                  *
+ *         This file is distributed under the same license as OpenSSL *
+ *                                                                    *
+ *   ASN1 structure definition for GOST key transport                 *
+ *          Requires OpenSSL 0.9.9 for compilation                    *
+ **********************************************************************/
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/gost.h>
+#include "gost_locl.h"
+#include "gost_asn1.h"
+ASN1_NDEF_SEQUENCE(GOST_KEY_TRANSPORT) = {
+        ASN1_SIMPLE(GOST_KEY_TRANSPORT, key_info, GOST_KEY_INFO),
+        ASN1_IMP(GOST_KEY_TRANSPORT, key_agreement_info, GOST_KEY_AGREEMENT_INFO, 0)
+} ASN1_NDEF_SEQUENCE_END(GOST_KEY_TRANSPORT)
+IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT)
+ASN1_NDEF_SEQUENCE(GOST_KEY_INFO) = {
+        ASN1_SIMPLE(GOST_KEY_INFO, encrypted_key, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(GOST_KEY_INFO, imit, ASN1_OCTET_STRING)
+} ASN1_NDEF_SEQUENCE_END(GOST_KEY_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_INFO)
+ASN1_NDEF_SEQUENCE(GOST_KEY_AGREEMENT_INFO) = {
+        ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, cipher, ASN1_OBJECT),
+        ASN1_IMP_OPT(GOST_KEY_AGREEMENT_INFO, ephem_key, X509_PUBKEY, 0),
+        ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, eph_iv, ASN1_OCTET_STRING)
+} ASN1_NDEF_SEQUENCE_END(GOST_KEY_AGREEMENT_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO)
+ASN1_NDEF_SEQUENCE(GOST_KEY_PARAMS) = {
+        ASN1_SIMPLE(GOST_KEY_PARAMS, key_params, ASN1_OBJECT),
+        ASN1_SIMPLE(GOST_KEY_PARAMS, hash_params, ASN1_OBJECT),
+        ASN1_OPT(GOST_KEY_PARAMS, cipher_params, ASN1_OBJECT),
+} ASN1_NDEF_SEQUENCE_END(GOST_KEY_PARAMS)
+IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_PARAMS)
+ASN1_NDEF_SEQUENCE(GOST_CIPHER_PARAMS) = {
+        ASN1_SIMPLE(GOST_CIPHER_PARAMS, iv, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(GOST_CIPHER_PARAMS, enc_param_set, ASN1_OBJECT),
+} ASN1_NDEF_SEQUENCE_END(GOST_CIPHER_PARAMS)
+IMPLEMENT_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS)
+#endif
diff --git a/src/lib/libcrypto/gost/gost_asn1.h b/src/lib/libcrypto/gost/gost_asn1.h
new file mode 100644
index 0000000000..62719c70cd
--- /dev/null
+++ b/src/lib/libcrypto/gost/gost_asn1.h
@@ -0,0 +1,87 @@
+/* $OpenBSD: gost_asn1.h,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#ifndef HEADER_GOST_ASN1_H
+#define HEADER_GOST_ASN1_H
+#include <openssl/asn1.h>
+typedef struct {
+        ASN1_OCTET_STRING *encrypted_key;
+        ASN1_OCTET_STRING *imit;
+} GOST_KEY_INFO;
+DECLARE_ASN1_FUNCTIONS(GOST_KEY_INFO)
+typedef struct {
+        ASN1_OBJECT *cipher;
+        X509_PUBKEY *ephem_key;
+        ASN1_OCTET_STRING *eph_iv;
+} GOST_KEY_AGREEMENT_INFO;
+DECLARE_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO)
+typedef struct {
+        GOST_KEY_INFO *key_info;
+        GOST_KEY_AGREEMENT_INFO *key_agreement_info;
+} GOST_KEY_TRANSPORT;
+DECLARE_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT)
+typedef struct {
+        ASN1_OBJECT *key_params;
+        ASN1_OBJECT *hash_params;
+        ASN1_OBJECT *cipher_params;
+} GOST_KEY_PARAMS;
+DECLARE_ASN1_FUNCTIONS(GOST_KEY_PARAMS)
+#endif
diff --git a/src/lib/libcrypto/gost/gost_err.c b/src/lib/libcrypto/gost/gost_err.c
new file mode 100644
index 0000000000..a52fe4cd5a
--- /dev/null
+++ b/src/lib/libcrypto/gost/gost_err.c
@@ -0,0 +1,143 @@
+/* crypto/gost/gost_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2014 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/gost.h>
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_GOST,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_GOST,0,reason)
+static ERR_STRING_DATA GOST_str_functs[]=
+        {
+{ERR_FUNC(GOST_F_DECODE_GOST01_ALGOR_PARAMS),   "DECODE_GOST01_ALGOR_PARAMS"},
+{ERR_FUNC(GOST_F_ENCODE_GOST01_ALGOR_PARAMS),   "ENCODE_GOST01_ALGOR_PARAMS"},
+{ERR_FUNC(GOST_F_GOST2001_COMPUTE_PUBLIC),      "GOST2001_COMPUTE_PUBLIC"},
+{ERR_FUNC(GOST_F_GOST2001_DO_SIGN),     "GOST2001_DO_SIGN"},
+{ERR_FUNC(GOST_F_GOST2001_DO_VERIFY),   "GOST2001_DO_VERIFY"},
+{ERR_FUNC(GOST_F_GOST2001_KEYGEN),      "GOST2001_KEYGEN"},
+{ERR_FUNC(GOST_F_GOST89_GET_ASN1_PARAMETERS),   "GOST89_GET_ASN1_PARAMETERS"},
+{ERR_FUNC(GOST_F_GOST89_SET_ASN1_PARAMETERS),   "GOST89_SET_ASN1_PARAMETERS"},
+{ERR_FUNC(GOST_F_GOST_KEY_CHECK_KEY),   "GOST_KEY_check_key"},
+{ERR_FUNC(GOST_F_GOST_KEY_NEW), "GOST_KEY_new"},
+{ERR_FUNC(GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES),   "GOST_KEY_set_public_key_affine_coordinates"},
+{ERR_FUNC(GOST_F_PARAM_COPY_GOST01),    "PARAM_COPY_GOST01"},
+{ERR_FUNC(GOST_F_PARAM_DECODE_GOST01),  "PARAM_DECODE_GOST01"},
+{ERR_FUNC(GOST_F_PKEY_GOST01_CTRL),     "PKEY_GOST01_CTRL"},
+{ERR_FUNC(GOST_F_PKEY_GOST01_DECRYPT),  "PKEY_GOST01_DECRYPT"},
+{ERR_FUNC(GOST_F_PKEY_GOST01_DERIVE),   "PKEY_GOST01_DERIVE"},
+{ERR_FUNC(GOST_F_PKEY_GOST01_ENCRYPT),  "PKEY_GOST01_ENCRYPT"},
+{ERR_FUNC(GOST_F_PKEY_GOST01_PARAMGEN), "PKEY_GOST01_PARAMGEN"},
+{ERR_FUNC(GOST_F_PKEY_GOST01_SIGN),     "PKEY_GOST01_SIGN"},
+{ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL),   "PKEY_GOST_MAC_CTRL"},
+{ERR_FUNC(GOST_F_PKEY_GOST_MAC_KEYGEN), "PKEY_GOST_MAC_KEYGEN"},
+{ERR_FUNC(GOST_F_PRIV_DECODE_GOST01),   "PRIV_DECODE_GOST01"},
+{ERR_FUNC(GOST_F_PUB_DECODE_GOST01),    "PUB_DECODE_GOST01"},
+{ERR_FUNC(GOST_F_PUB_ENCODE_GOST01),    "PUB_ENCODE_GOST01"},
+{ERR_FUNC(GOST_F_PUB_PRINT_GOST01),     "PUB_PRINT_GOST01"},
+{ERR_FUNC(GOST_F_UNPACK_SIGNATURE_CP),  "UNPACK_SIGNATURE_CP"},
+{ERR_FUNC(GOST_F_UNPACK_SIGNATURE_LE),  "UNPACK_SIGNATURE_LE"},
+{0,NULL}
+        };
+static ERR_STRING_DATA GOST_str_reasons[]=
+        {
+{ERR_REASON(GOST_R_BAD_KEY_PARAMETERS_FORMAT),"bad key parameters format"},
+{ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),"bad pkey parameters format"},
+{ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),"cannot pack ephemeral key"},
+{ERR_REASON(GOST_R_CTRL_CALL_FAILED)     ,"ctrl call failed"},
+{ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),"error computing shared key"},
+{ERR_REASON(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO),"error parsing key transport info"},
+{ERR_REASON(GOST_R_INCOMPATIBLE_ALGORITHMS),"incompatible algorithms"},
+{ERR_REASON(GOST_R_INCOMPATIBLE_PEER_KEY),"incompatible peer key"},
+{ERR_REASON(GOST_R_INVALID_DIGEST_TYPE)  ,"invalid digest type"},
+{ERR_REASON(GOST_R_INVALID_IV_LENGTH)    ,"invalid iv length"},
+{ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH),"invalid mac key length"},
+{ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED),"key is not initialized"},
+{ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING),"key parameters missing"},
+{ERR_REASON(GOST_R_MAC_KEY_NOT_SET)      ,"mac key not set"},
+{ERR_REASON(GOST_R_NO_PARAMETERS_SET)    ,"no parameters set"},
+{ERR_REASON(GOST_R_NO_PEER_KEY)          ,"no peer key"},
+{ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR),"no private part of non ephemeral keypair"},
+{ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED) ,"public key undefined"},
+{ERR_REASON(GOST_R_RANDOM_GENERATOR_FAILURE),"random generator failure"},
+{ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED),"random number generator failed"},
+{ERR_REASON(GOST_R_SIGNATURE_MISMATCH)   ,"signature mismatch"},
+{ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q),"signature parts greater than q"},
+{ERR_REASON(GOST_R_UKM_NOT_SET)          ,"ukm not set"},
+{0,NULL}
+        };
+#endif
+void ERR_load_GOST_strings(void)
+        {
+#ifndef OPENSSL_NO_ERR
+        if (ERR_func_error_string(GOST_str_functs[0].error) == NULL)
+                {
+                ERR_load_strings(0,GOST_str_functs);
+                ERR_load_strings(0,GOST_str_reasons);
+                }
+#endif
+        }
diff --git a/src/lib/libcrypto/gost/gost_locl.h b/src/lib/libcrypto/gost/gost_locl.h
new file mode 100644
index 0000000000..b616005dc5
--- /dev/null
+++ b/src/lib/libcrypto/gost/gost_locl.h
@@ -0,0 +1,114 @@
+/* $OpenBSD: gost_locl.h,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#ifndef HEADER_GOST_LOCL_H
+#define HEADER_GOST_LOCL_H
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+/* Internal representation of GOST substitution blocks */
+typedef struct {
+        unsigned char k8[16];
+        unsigned char k7[16];
+        unsigned char k6[16];
+        unsigned char k5[16];
+        unsigned char k4[16];
+        unsigned char k3[16];
+        unsigned char k2[16];
+        unsigned char k1[16];
+} gost_subst_block;             
+#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#  define c2l(c,l)      ((l)=*((const unsigned int *)(c)), (c)+=4)
+#  define l2c(l,c)      (*((unsigned int *)(c))=(l), (c)+=4)
+#else
+#define c2l(c,l)        (l =(((unsigned long)(*((c)++)))    ),          \
+                         l|=(((unsigned long)(*((c)++)))<< 8),          \
+                         l|=(((unsigned long)(*((c)++)))<<16),          \
+                         l|=(((unsigned long)(*((c)++)))<<24))
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)    )&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff))
+#endif
+extern void Gost2814789_encrypt(const unsigned char *in, unsigned char *out,
+        const GOST2814789_KEY *key);
+extern void Gost2814789_decrypt(const unsigned char *in, unsigned char *out,
+        const GOST2814789_KEY *key);
+extern void Gost2814789_cryptopro_key_mesh(GOST2814789_KEY *key);
+/* GOST 28147-89 key wrapping */
+extern int key_unwrap_crypto_pro(int nid, const unsigned char *keyExchangeKey,
+                       const unsigned char *wrappedKey,
+                       unsigned char *sessionKey);
+extern int key_wrap_crypto_pro(int nid, const unsigned char *keyExchangeKey,
+                     const unsigned char *ukm, const unsigned char *sessionKey,
+                     unsigned char *wrappedKey);
+/* Pkey part */
+extern int gost2001_compute_public(GOST_KEY * ec);
+extern ECDSA_SIG *gost2001_do_sign(BIGNUM * md, GOST_KEY * eckey);
+extern int gost2001_do_verify(BIGNUM * md, ECDSA_SIG * sig, GOST_KEY * ec);
+extern int gost2001_keygen(GOST_KEY * ec);
+extern void VKO_compute_key(BIGNUM * X, BIGNUM * Y,
+                            const GOST_KEY * pkey, GOST_KEY * priv_key,
+                            const BIGNUM * ukm);
+extern BIGNUM *GOST_le2bn(const unsigned char * buf, size_t len, BIGNUM * bn);
+extern int GOST_bn2le(BIGNUM * bn, unsigned char * buf, int len);
+/* GOST R 34.10 parameters */
+extern int GostR3410_get_md_digest(int nid);
+extern int GostR3410_get_pk_digest(int nid);
+extern int GostR3410_256_param_id(const char *value);
+extern int GostR3410_512_param_id(const char *value);
+#endif
diff --git a/src/lib/libcrypto/gost/gostr341001.c b/src/lib/libcrypto/gost/gostr341001.c
new file mode 100644
index 0000000000..3c314765f7
--- /dev/null
+++ b/src/lib/libcrypto/gost/gostr341001.c
@@ -0,0 +1,321 @@
+/* $OpenBSD: gostr341001.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/err.h>
+#include <openssl/gost.h>
+#include "gost_locl.h"
+/* Convert little-endian byte array into bignum */
+BIGNUM *GOST_le2bn(const unsigned char * buf, size_t len, BIGNUM * bn)
+{
+        unsigned char temp[64];
+        int i;
+        if (len > 64)
+                return NULL;
+        for (i = 0; i < len; i++) {
+                temp[len - 1 - i] = buf[i];
+        }
+        return BN_bin2bn(temp, len, bn);
+}
+int GOST_bn2le(BIGNUM * bn, unsigned char * buf, int len)
+{
+        unsigned char temp[64];
+        int i, bytes;
+        bytes = BN_num_bytes(bn);
+        if (len > 64 || bytes > len)
+                return 0;
+        BN_bn2bin(bn, temp);
+        for (i = 0; i < bytes; i++) {
+                buf[bytes - 1 - i] = temp[i];
+        }
+        memset(buf + bytes, 0, len - bytes);
+        return 1;
+}
+int gost2001_compute_public(GOST_KEY * ec)
+{
+        const EC_GROUP *group = GOST_KEY_get0_group(ec);
+        EC_POINT *pub_key = NULL;
+        const BIGNUM *priv_key = NULL;
+        BN_CTX *ctx = NULL;
+        int ok = 0;
+        if (!group) {
+                GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,
+                        GOST_R_KEY_IS_NOT_INITIALIZED);
+                return 0;
+        }
+        ctx = BN_CTX_new();
+        BN_CTX_start(ctx);
+        if (!(priv_key = GOST_KEY_get0_private_key(ec))) {
+                GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
+                goto err;
+        }
+        pub_key = EC_POINT_new(group);
+        if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) {
+                GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
+                goto err;
+        }
+        if (!GOST_KEY_set_public_key(ec, pub_key)) {
+                GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
+                goto err;
+        }
+        ok = 256;
+err:
+        BN_CTX_end(ctx);
+        EC_POINT_free(pub_key);
+        BN_CTX_free(ctx);
+        return ok;
+}
+ECDSA_SIG *gost2001_do_sign(BIGNUM * md, GOST_KEY * eckey)
+{
+        ECDSA_SIG *newsig = NULL;
+        BIGNUM *order = NULL;
+        const EC_GROUP *group;
+        const BIGNUM *priv_key;
+        BIGNUM *r = NULL, *s = NULL, *X = NULL, *tmp = NULL, *tmp2 = NULL, *k =
+            NULL, *e = NULL;
+        EC_POINT *C = NULL;
+        BN_CTX *ctx = BN_CTX_new();
+        BN_CTX_start(ctx);
+        newsig = ECDSA_SIG_new();
+        if (!newsig) {
+                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        s = newsig->s;
+        r = newsig->r;
+        group = GOST_KEY_get0_group(eckey);
+        order = BN_CTX_get(ctx);
+        EC_GROUP_get_order(group, order, ctx);
+        priv_key = GOST_KEY_get0_private_key(eckey);
+        e = BN_CTX_get(ctx);
+        BN_mod(e, md, order, ctx);
+        if (BN_is_zero(e)) {
+                BN_one(e);
+        }
+        k = BN_CTX_get(ctx);
+        X = BN_CTX_get(ctx);
+        C = EC_POINT_new(group);
+        do {
+                do {
+                        if (!BN_rand_range(k, order)) {
+                                GOSTerr(GOST_F_GOST2001_DO_SIGN,
+                                        GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
+                                ECDSA_SIG_free(newsig);
+                                newsig = NULL;
+                                goto err;
+                        }
+                        /* We do not want timing information to leak the length of k,
+                         * so we compute G*k using an equivalent scalar of fixed
+                         * bit-length. */
+                        if (!BN_add(k, k, order))
+                                goto err;
+                        if (BN_num_bits(k) <= BN_num_bits(order))
+                                if (!BN_add(k, k, order))
+                                        goto err;
+                        if (!EC_POINT_mul(group, C, k, NULL, NULL, ctx)) {
+                                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
+                                ECDSA_SIG_free(newsig);
+                                newsig = NULL;
+                                goto err;
+                        }
+                        if (!EC_POINT_get_affine_coordinates_GFp
+                            (group, C, X, NULL, ctx)) {
+                                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
+                                ECDSA_SIG_free(newsig);
+                                newsig = NULL;
+                                goto err;
+                        }
+                        BN_nnmod(r, X, order, ctx);
+                }
+                while (BN_is_zero(r));
+                /* s =  (r*priv_key+k*e) mod order */
+                if (!tmp)
+                        tmp = BN_CTX_get(ctx);
+                BN_mod_mul(tmp, priv_key, r, order, ctx);
+                if (!tmp2)
+                        tmp2 = BN_CTX_get(ctx);
+                BN_mod_mul(tmp2, k, e, order, ctx);
+                BN_mod_add(s, tmp, tmp2, order, ctx);
+        }
+        while (BN_is_zero(s));
+err:
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+        EC_POINT_free(C);
+        BN_free(md);
+        return newsig;
+}
+int gost2001_do_verify(BIGNUM * md, ECDSA_SIG * sig, GOST_KEY * ec)
+{
+        BN_CTX *ctx = BN_CTX_new();
+        const EC_GROUP *group = GOST_KEY_get0_group(ec);
+        BIGNUM *order;
+        BIGNUM *e = NULL, *R = NULL, *v = NULL, *z1 = NULL, *z2 = NULL;
+        BIGNUM *X = NULL, *tmp = NULL;
+        EC_POINT *C = NULL;
+        const EC_POINT *pub_key = NULL;
+        int ok = 0;
+        BN_CTX_start(ctx);
+        order = BN_CTX_get(ctx);
+        e = BN_CTX_get(ctx);
+        z1 = BN_CTX_get(ctx);
+        z2 = BN_CTX_get(ctx);
+        tmp = BN_CTX_get(ctx);
+        X = BN_CTX_get(ctx);
+        R = BN_CTX_get(ctx);
+        v = BN_CTX_get(ctx);
+        EC_GROUP_get_order(group, order, ctx);
+        pub_key = GOST_KEY_get0_public_key(ec);
+        if (BN_is_zero(sig->s) || BN_is_zero(sig->r) ||
+            (BN_cmp(sig->s, order) >= 1) || (BN_cmp(sig->r, order) >= 1)) {
+                GOSTerr(GOST_F_GOST2001_DO_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
+                goto err;
+        }
+        BN_mod(e, md, order, ctx);
+        if (BN_is_zero(e))
+                BN_one(e);
+        v = BN_mod_inverse(v, e, order, ctx);
+        BN_mod_mul(z1, sig->s, v, order, ctx);
+        BN_sub(tmp, order, sig->r);
+        BN_mod_mul(z2, tmp, v, order, ctx);
+        C = EC_POINT_new(group);
+        if (!EC_POINT_mul(group, C, z1, pub_key, z2, ctx)) {
+                GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
+                goto err;
+        }
+        if (!EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx)) {
+                GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
+                goto err;
+        }
+        BN_mod(R, X, order, ctx);
+        if (BN_cmp(R, sig->r) != 0) {
+                GOSTerr(GOST_F_GOST2001_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
+        } else {
+                ok = 1;
+        }
+ err:
+        EC_POINT_free(C);
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+        return ok;
+}
+/* Implementation of CryptoPro VKO 34.10-2001 algorithm */
+void VKO_compute_key(BIGNUM * X, BIGNUM * Y,
+                     const GOST_KEY * pkey, GOST_KEY * priv_key,
+                     const BIGNUM * ukm)
+{
+        BIGNUM *p = NULL, *order = NULL;
+        const BIGNUM *key = GOST_KEY_get0_private_key(priv_key);
+        const EC_POINT *pub_key = GOST_KEY_get0_public_key(pkey);
+        EC_POINT *pnt = EC_POINT_new(GOST_KEY_get0_group(priv_key));
+        BN_CTX *ctx = BN_CTX_new();
+        BN_CTX_start(ctx);
+        p = BN_CTX_get(ctx);
+        order = BN_CTX_get(ctx);
+        EC_GROUP_get_order(GOST_KEY_get0_group(priv_key), order, ctx);
+        BN_mod_mul(p, key, ukm, order, ctx);
+        EC_POINT_mul(GOST_KEY_get0_group(priv_key), pnt, NULL, pub_key, p, ctx);
+        EC_POINT_get_affine_coordinates_GFp(GOST_KEY_get0_group(priv_key),
+                                            pnt, X, Y, ctx);
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+        EC_POINT_free(pnt);
+}
+int gost2001_keygen(GOST_KEY * ec)
+{
+        BIGNUM *order = BN_new(), *d = BN_new();
+        const EC_GROUP *group = GOST_KEY_get0_group(ec);
+        EC_GROUP_get_order(group, order, NULL);
+        do {
+                if (!BN_rand_range(d, order)) {
+                        GOSTerr(GOST_F_GOST2001_KEYGEN,
+                                GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
+                        BN_free(d);
+                        BN_free(order);
+                        return 0;
+                }
+        } while (BN_is_zero(d));
+        GOST_KEY_set_private_key(ec, d);
+        BN_free(d);
+        BN_free(order);
+        return gost2001_compute_public(ec);
+}
+#endif
diff --git a/src/lib/libcrypto/gost/gostr341001_ameth.c b/src/lib/libcrypto/gost/gostr341001_ameth.c
new file mode 100644
index 0000000000..09b851cef4
--- /dev/null
+++ b/src/lib/libcrypto/gost/gostr341001_ameth.c
@@ -0,0 +1,656 @@
+/* $OpenBSD: gostr341001_ameth.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/evp.h>
+#include <openssl/ec.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/gost.h>
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
+#include "asn1_locl.h"
+#include "gost_locl.h"
+#include "gost_asn1.h"
+static void pkey_free_gost01(EVP_PKEY *key)
+{
+        GOST_KEY_free(key->pkey.gost);
+}
+/* Parses GOST algorithm parameters from X509_ALGOR and
+ * modifies pkey setting NID and parameters
+ */
+static int decode_gost01_algor_params(EVP_PKEY * pkey, const unsigned char **p, int len)
+{
+        int param_nid = NID_undef, digest_nid = NID_undef;
+        GOST_KEY_PARAMS *gkp = NULL;
+        EC_GROUP *group;
+        GOST_KEY *ec;
+        gkp = d2i_GOST_KEY_PARAMS(NULL, p, len);
+        if (!gkp) {
+                GOSTerr(GOST_F_DECODE_GOST01_ALGOR_PARAMS,
+                        GOST_R_BAD_PKEY_PARAMETERS_FORMAT);
+                return 0;
+        }
+        param_nid = OBJ_obj2nid(gkp->key_params);
+        digest_nid = OBJ_obj2nid(gkp->hash_params);
+        GOST_KEY_PARAMS_free(gkp);
+        ec = pkey->pkey.gost;
+        if (!ec) {
+                ec = GOST_KEY_new();
+                if (!EVP_PKEY_assign_GOST(pkey, ec))
+                        return 0;
+        }
+        group = EC_GROUP_new_by_curve_name(param_nid);
+        if (group == NULL)
+                return 0;
+        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+        if (GOST_KEY_set_group(ec, group) == 0) {
+                EC_GROUP_free(group);
+                return 0;
+        }
+        EC_GROUP_free(group);
+        if (GOST_KEY_set_digest(ec, digest_nid) == 0)
+                return 0;
+        return 1;
+}
+static ASN1_STRING *encode_gost01_algor_params(const EVP_PKEY * key)
+{
+        ASN1_STRING *params = ASN1_STRING_new();
+        GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new();
+        int pkey_param_nid = NID_undef;
+        if (!params || !gkp) {
+                GOSTerr(GOST_F_ENCODE_GOST01_ALGOR_PARAMS, ERR_R_MALLOC_FAILURE);
+                ASN1_STRING_free(params);
+                params = NULL;
+                goto err;
+        }
+        pkey_param_nid = EC_GROUP_get_curve_name(GOST_KEY_get0_group(key->pkey.gost));
+        gkp->key_params = OBJ_nid2obj(pkey_param_nid);
+        gkp->hash_params = OBJ_nid2obj(GOST_KEY_get_digest(key->pkey.gost));
+        /*gkp->cipher_params = OBJ_nid2obj(cipher_param_nid); */
+        params->length = i2d_GOST_KEY_PARAMS(gkp, &params->data);
+        if (params->length <= 0) {
+                GOSTerr(GOST_F_ENCODE_GOST01_ALGOR_PARAMS, ERR_R_MALLOC_FAILURE);
+                ASN1_STRING_free(params);
+                params = NULL;
+                goto err;
+        }
+        params->type = V_ASN1_SEQUENCE;
+err:
+        GOST_KEY_PARAMS_free(gkp);
+        return params;
+}
+static int pub_cmp_gost01(const EVP_PKEY * a, const EVP_PKEY * b)
+{
+        const GOST_KEY *ea = a->pkey.gost;
+        const GOST_KEY *eb = b->pkey.gost;
+        const EC_POINT *ka, *kb;
+        int ret = 0;
+        if (!ea || !eb)
+                return 0;
+        ka = GOST_KEY_get0_public_key(ea);
+        kb = GOST_KEY_get0_public_key(eb);
+        if (!ka || !kb)
+                return 0;
+        ret = (0 == EC_POINT_cmp(GOST_KEY_get0_group(ea), ka, kb, NULL));
+        return ret;
+}
+static int pkey_size_gost01(const EVP_PKEY * pk)
+{
+        if (GOST_KEY_get_digest(pk->pkey.gost) == NID_id_tc26_gost3411_2012_512)
+                return 128;
+        return 64;
+}
+static int pkey_bits_gost01(const EVP_PKEY * pk)
+{
+        if (GOST_KEY_get_digest(pk->pkey.gost) == NID_id_tc26_gost3411_2012_512)
+                return 512;
+        return 256;
+}
+static int pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub)
+{
+        X509_ALGOR *palg = NULL;
+        const unsigned char *pubkey_buf = NULL;
+        const unsigned char *p;
+        ASN1_OBJECT *palgobj = NULL;
+        int pub_len;
+        BIGNUM *X, *Y;
+        ASN1_OCTET_STRING *octet = NULL;
+        int len;
+        int ret;
+        int ptype = V_ASN1_UNDEF;
+        ASN1_STRING *pval = NULL;
+        if (!X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len,
+                                    &palg, pub))
+                return 0;
+        EVP_PKEY_assign_GOST(pk, NULL);
+        X509_ALGOR_get0(NULL, &ptype, (void **)&pval, palg);
+        if (ptype != V_ASN1_SEQUENCE) {
+                GOSTerr(GOST_F_PUB_DECODE_GOST01,
+                        GOST_R_BAD_KEY_PARAMETERS_FORMAT);
+                return 0;
+        }
+        p = pval->data;
+        if (!decode_gost01_algor_params(pk, &p, pval->length))
+                return 0;
+        octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);
+        if (!octet) {
+                GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        len = octet->length / 2;
+        X = GOST_le2bn(octet->data, len, NULL);
+        Y = GOST_le2bn(octet->data + len, len, NULL);
+        ASN1_OCTET_STRING_free(octet);
+        ret = GOST_KEY_set_public_key_affine_coordinates(pk->pkey.gost, X, Y);
+        if (!ret)
+                GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_EC_LIB);
+        BN_free(X);
+        BN_free(Y);
+        return ret;
+}
+static int pub_encode_gost01(X509_PUBKEY * pub, const EVP_PKEY * pk)
+{
+        ASN1_OBJECT *algobj = NULL;
+        ASN1_OCTET_STRING *octet = NULL;
+        void *pval = NULL;
+        unsigned char *buf = NULL, *sptr;
+        int key_size, ret = 0;
+        const EC_POINT *pub_key;
+        BIGNUM *X, *Y;
+        const GOST_KEY *ec = pk->pkey.gost;
+        int ptype = V_ASN1_UNDEF;
+        algobj = OBJ_nid2obj(GostR3410_get_pk_digest(GOST_KEY_get_digest(ec)));
+        if (pk->save_parameters) {
+                ASN1_STRING *params = encode_gost01_algor_params(pk);
+                pval = params;
+                ptype = V_ASN1_SEQUENCE;
+        }
+        key_size = GOST_KEY_get_size(ec);
+        pub_key = GOST_KEY_get0_public_key(ec);
+        if (!pub_key) {
+                GOSTerr(GOST_F_PUB_ENCODE_GOST01, GOST_R_PUBLIC_KEY_UNDEFINED);
+                return 0;
+        }
+        octet = ASN1_OCTET_STRING_new();
+        if (!octet) {
+                GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        ret = ASN1_STRING_set(octet, NULL, 2 * key_size);
+        if (!ret) {
+                GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_INTERNAL_ERROR);
+                ASN1_BIT_STRING_free(octet);
+                return 0;
+        }
+        sptr = ASN1_STRING_data(octet);
+        X = BN_new();
+        Y = BN_new();
+        if (!X || !Y) {
+                GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_MALLOC_FAILURE);
+                ASN1_BIT_STRING_free(octet);
+                BN_free(X);
+                BN_free(Y);
+                return 0;
+        }
+        EC_POINT_get_affine_coordinates_GFp(GOST_KEY_get0_group(ec),
+                                            pub_key, X, Y, NULL);
+        GOST_bn2le(X, sptr, key_size);
+        GOST_bn2le(Y, sptr + key_size, key_size);
+        BN_free(X);
+        BN_free(Y);
+        ret = i2d_ASN1_OCTET_STRING(octet, &buf);
+        ASN1_BIT_STRING_free(octet);
+        if (ret < 0)
+                return 0;
+        return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
+}
+static int param_print_gost01(BIO * out, const EVP_PKEY * pkey, int indent,
+                              ASN1_PCTX * pctx)
+{
+        int param_nid = EC_GROUP_get_curve_name(GOST_KEY_get0_group(pkey->pkey.gost));
+        if (!BIO_indent(out, indent, 128))
+                return 0;
+        BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid));
+        if (!BIO_indent(out, indent, 128))
+                return 0;
+        BIO_printf(out, "Digest Algorithm: %s\n", OBJ_nid2ln(GOST_KEY_get_digest(pkey->pkey.gost)));
+        return 1;
+}
+static int pub_print_gost01(BIO * out, const EVP_PKEY * pkey, int indent,
+                            ASN1_PCTX * pctx)
+{
+        BN_CTX *ctx = BN_CTX_new();
+        BIGNUM *X, *Y;
+        const EC_POINT *pubkey;
+        const EC_GROUP *group;
+        if (!ctx) {
+                GOSTerr(GOST_F_PUB_PRINT_GOST01, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        BN_CTX_start(ctx);
+        X = BN_CTX_get(ctx);
+        Y = BN_CTX_get(ctx);
+        pubkey = GOST_KEY_get0_public_key(pkey->pkey.gost);
+        group = GOST_KEY_get0_group(pkey->pkey.gost);
+        if (!EC_POINT_get_affine_coordinates_GFp(group, pubkey, X, Y, ctx)) {
+                GOSTerr(GOST_F_PUB_PRINT_GOST01, ERR_R_EC_LIB);
+                BN_CTX_free(ctx);
+                return 0;
+        }
+        if (!BIO_indent(out, indent, 128))
+                return 0;
+        BIO_printf(out, "Public key:\n");
+        if (!BIO_indent(out, indent + 3, 128))
+                return 0;
+        BIO_printf(out, "X:");
+        BN_print(out, X);
+        BIO_printf(out, "\n");
+        BIO_indent(out, indent + 3, 128);
+        BIO_printf(out, "Y:");
+        BN_print(out, Y);
+        BIO_printf(out, "\n");
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+        return param_print_gost01(out, pkey, indent, pctx);
+}
+static int priv_print_gost01(BIO * out, const EVP_PKEY * pkey, int indent,
+                             ASN1_PCTX * pctx)
+{
+        const BIGNUM *key;
+        if (!BIO_indent(out, indent, 128))
+                return 0;
+        BIO_printf(out, "Private key: ");
+        key = GOST_KEY_get0_private_key(pkey->pkey.gost);
+        if (!key)
+                BIO_printf(out, "<undefined)");
+        else
+                BN_print(out, key);
+        BIO_printf(out, "\n");
+        return pub_print_gost01(out, pkey, indent, pctx);
+}
+static int priv_decode_gost01(EVP_PKEY * pk, PKCS8_PRIV_KEY_INFO * p8inf)
+{
+        const unsigned char *pkey_buf = NULL, *p = NULL;
+        int priv_len = 0;
+        BIGNUM *pk_num = NULL;
+        int ret = 0;
+        X509_ALGOR *palg = NULL;
+        ASN1_OBJECT *palg_obj = NULL;
+        ASN1_INTEGER *priv_key = NULL;
+        GOST_KEY *ec;
+        int ptype = V_ASN1_UNDEF;
+        ASN1_STRING *pval = NULL;
+        if (!PKCS8_pkey_get0(&palg_obj, &pkey_buf, &priv_len, &palg, p8inf))
+                return 0;
+        EVP_PKEY_assign_GOST(pk, NULL);
+        X509_ALGOR_get0(NULL, &ptype, (void **)&pval, palg);
+        if (ptype != V_ASN1_SEQUENCE) {
+                GOSTerr(GOST_F_PUB_DECODE_GOST01,
+                        GOST_R_BAD_KEY_PARAMETERS_FORMAT);
+                return 0;
+        }
+        p = pval->data;
+        if (!decode_gost01_algor_params(pk, &p, pval->length))
+                return 0;
+        p = pkey_buf;
+        if (V_ASN1_OCTET_STRING == *p) {
+                /* New format - Little endian octet string */
+                unsigned char rev_buf[32];
+                int i;
+                ASN1_OCTET_STRING *s = d2i_ASN1_OCTET_STRING(NULL, &p, priv_len);
+                if (!s || s->length != 32) {
+                        GOSTerr(GOST_F_PRIV_DECODE_GOST01, EVP_R_DECODE_ERROR);
+                        return 0;
+                }
+                for (i = 0; i < 32; i++) {
+                        rev_buf[31 - i] = s->data[i];
+                }
+                ASN1_STRING_free(s);
+                pk_num = BN_bin2bn(rev_buf, 32, NULL);
+        } else {
+                priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len);
+                if (!priv_key)
+                        return 0;
+                ret = ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL)) != NULL);
+                ASN1_INTEGER_free(priv_key);
+                if (!ret) {
+                        GOSTerr(GOST_F_PRIV_DECODE_GOST01, EVP_R_DECODE_ERROR);
+                        return 0;
+                }
+        }
+        ec = pk->pkey.gost;
+        if (!ec) {
+                ec = GOST_KEY_new();
+                EVP_PKEY_assign_GOST(pk, ec);
+        }
+        if (!GOST_KEY_set_private_key(ec, pk_num)) {
+                BN_free(pk_num);
+                return 0;
+        }
+        if (!EVP_PKEY_missing_parameters(pk))
+                gost2001_compute_public(ec);
+        BN_free(pk_num);
+        return 1;
+}
+static int priv_encode_gost01(PKCS8_PRIV_KEY_INFO * p8, const EVP_PKEY * pk)
+{
+        ASN1_OBJECT *algobj = OBJ_nid2obj(GostR3410_get_pk_digest(GOST_KEY_get_digest(pk->pkey.gost)));
+        ASN1_STRING *params = encode_gost01_algor_params(pk);
+        unsigned char *priv_buf = NULL;
+        int priv_len;
+        ASN1_INTEGER *asn1key = NULL;
+        if (!params) {
+                return 0;
+        }
+        asn1key = BN_to_ASN1_INTEGER(GOST_KEY_get0_private_key(pk->pkey.gost), NULL);
+        priv_len = i2d_ASN1_INTEGER(asn1key, &priv_buf);
+        ASN1_INTEGER_free(asn1key);
+        return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params,
+                               priv_buf, priv_len);
+}
+static int param_encode_gost01(const EVP_PKEY * pkey, unsigned char **pder)
+{
+        ASN1_STRING *params = encode_gost01_algor_params(pkey);
+        int len;
+        if (!params)
+                return 0;
+        len = params->length;
+        if (pder)
+                memcpy(*pder, params->data, params->length);
+        ASN1_STRING_free(params);
+        return len;
+}
+static int param_decode_gost01(EVP_PKEY * pkey, const unsigned char **pder,
+                               int derlen)
+{
+        ASN1_OBJECT *obj = NULL;
+        int nid;
+        GOST_KEY *ec;
+        EC_GROUP *group;
+        /* New format */
+        if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == **pder)
+                return decode_gost01_algor_params(pkey, pder, derlen);
+        /* Compatibility */
+        if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
+                GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        nid = OBJ_obj2nid(obj);
+        ASN1_OBJECT_free(obj);
+        ec = GOST_KEY_new();
+        if (!ec) {
+                GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        group = EC_GROUP_new_by_curve_name(nid);
+        if (group == NULL) {
+                GOSTerr(GOST_F_PARAM_DECODE_GOST01, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
+                GOST_KEY_free(ec);
+                return 0;
+        }
+        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+        if (GOST_KEY_set_group(ec, group) == 0) {
+                GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_EC_LIB);
+                EC_GROUP_free(group);
+                GOST_KEY_free(ec);
+                return 0;
+        }
+        EC_GROUP_free(group);
+        if (GOST_KEY_set_digest(ec, NID_id_GostR3411_94_CryptoProParamSet) == 0) {
+                GOSTerr(GOST_F_PARAM_DECODE_GOST01, GOST_R_INVALID_DIGEST_TYPE);
+                GOST_KEY_free(ec);
+                return 0;
+        }
+        EVP_PKEY_assign_GOST(pkey, ec);
+        return 1;
+}
+static int param_missing_gost01(const EVP_PKEY * pk)
+{
+        const GOST_KEY *ec = pk->pkey.gost;
+        if (!ec)
+                return 1;
+        if (!GOST_KEY_get0_group(ec))
+                return 1;
+        if (GOST_KEY_get_digest(ec) == NID_undef)
+                return 1;
+        return 0;
+}
+static int param_copy_gost01(EVP_PKEY * to, const EVP_PKEY * from)
+{
+        GOST_KEY *eto = to->pkey.gost;
+        const GOST_KEY *efrom = from->pkey.gost;
+        if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {
+                GOSTerr(GOST_F_PARAM_COPY_GOST01,
+                        GOST_R_INCOMPATIBLE_ALGORITHMS);
+                return 0;
+        }
+        if (!efrom) {
+                GOSTerr(GOST_F_PARAM_COPY_GOST01,
+                        GOST_R_KEY_PARAMETERS_MISSING);
+                return 0;
+        }
+        if (!eto) {
+                eto = GOST_KEY_new();
+                EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto);
+        }
+        GOST_KEY_set_group(eto, GOST_KEY_get0_group(efrom));
+        GOST_KEY_set_digest(eto, GOST_KEY_get_digest(efrom));
+        if (GOST_KEY_get0_private_key(eto)) {
+                gost2001_compute_public(eto);
+        }
+        return 1;
+}
+static int param_cmp_gost01(const EVP_PKEY * a, const EVP_PKEY * b)
+{
+        if (EC_GROUP_get_curve_name(GOST_KEY_get0_group(a->pkey.gost)) !=
+            EC_GROUP_get_curve_name(GOST_KEY_get0_group(b->pkey.gost))) {
+                return 0;
+        }
+        if (GOST_KEY_get_digest(a->pkey.gost) !=
+            GOST_KEY_get_digest(b->pkey.gost))
+                return 0;
+        return 1;
+}
+static int pkey_ctrl_gost01(EVP_PKEY * pkey, int op, long arg1, void *arg2)
+{
+        X509_ALGOR *alg1 = NULL, *alg2 = NULL, *alg3 = NULL;
+        int digest = GOST_KEY_get_digest(pkey->pkey.gost);
+        switch (op) {
+        case ASN1_PKEY_CTRL_PKCS7_SIGN:
+                if (arg1 == 0)
+                        PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
+                break;
+        case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
+                if (arg1 == 0)
+                        PKCS7_RECIP_INFO_get0_alg(arg2, &alg3);
+                break;
+#ifndef OPENSSL_NO_CMS
+        case ASN1_PKEY_CTRL_CMS_SIGN:
+                if (arg1 == 0)
+                        CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
+                break;
+        case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+                if (arg1 == 0)
+                        CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg3);
+                break;
+#endif
+        case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+                *(int *)arg2 = GostR3410_get_md_digest(digest);
+                return 2;
+        default:
+                return -2;
+        }
+        if (alg1)
+                X509_ALGOR_set0(alg1, OBJ_nid2obj(GostR3410_get_md_digest(digest)), V_ASN1_NULL, 0);
+        if (alg2)
+                X509_ALGOR_set0(alg2, OBJ_nid2obj(GostR3410_get_pk_digest(digest)), V_ASN1_NULL, 0);
+        if (alg3) {
+                ASN1_STRING *params = encode_gost01_algor_params(pkey);
+                if (!params) {
+                        return -1;
+                }
+                X509_ALGOR_set0(alg3, OBJ_nid2obj(GostR3410_get_pk_digest(digest)), V_ASN1_SEQUENCE, params);
+        }
+        return 1;
+}
+const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[] = {
+        {
+                .pkey_id = EVP_PKEY_GOSTR01,
+                .pkey_base_id = EVP_PKEY_GOSTR01,
+                .pkey_flags = ASN1_PKEY_SIGPARAM_NULL,
+                .pem_str = "GOST2001",
+                .info = "GOST R 34.10-2001",
+                .pkey_free = pkey_free_gost01,
+                .pkey_ctrl = pkey_ctrl_gost01,
+                .priv_decode = priv_decode_gost01,
+                .priv_encode = priv_encode_gost01,
+                .priv_print = priv_print_gost01,
+                .param_decode = param_decode_gost01,
+                .param_encode = param_encode_gost01,
+                .param_missing = param_missing_gost01,
+                .param_copy = param_copy_gost01,
+                .param_cmp = param_cmp_gost01,
+                .param_print = param_print_gost01,
+                .pub_decode = pub_decode_gost01,
+                .pub_encode = pub_encode_gost01,
+                .pub_cmp = pub_cmp_gost01,
+                .pub_print = pub_print_gost01,
+                .pkey_size = pkey_size_gost01,
+                .pkey_bits = pkey_bits_gost01,
+        },
+        {
+                .pkey_id = EVP_PKEY_GOSTR12_256,
+                .pkey_base_id = EVP_PKEY_GOSTR01,
+                .pkey_flags = ASN1_PKEY_ALIAS
+        },
+        {
+                .pkey_id = EVP_PKEY_GOSTR12_512,
+                .pkey_base_id = EVP_PKEY_GOSTR01,
+                .pkey_flags = ASN1_PKEY_ALIAS
+        },
+};
+#endif
diff --git a/src/lib/libcrypto/gost/gostr341001_key.c b/src/lib/libcrypto/gost/gostr341001_key.c
new file mode 100644
index 0000000000..9c7f52b769
--- /dev/null
+++ b/src/lib/libcrypto/gost/gostr341001_key.c
@@ -0,0 +1,306 @@
+/* $OpenBSD: gostr341001_key.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/err.h>
+#include <openssl/gost.h>
+#include <openssl/objects.h>
+#include "gost_locl.h"
+struct gost_key_st {
+        EC_GROUP *group;
+        EC_POINT *pub_key;
+        BIGNUM   *priv_key;
+        int     references;
+        int digest_nid;
+};
+GOST_KEY * GOST_KEY_new(void)
+{
+        GOST_KEY *ret;
+        ret = malloc(sizeof(GOST_KEY));
+        if (ret == NULL) {
+                GOSTerr(GOST_F_GOST_KEY_NEW, ERR_R_MALLOC_FAILURE);
+                return (NULL);
+        }
+        ret->group = NULL;
+        ret->pub_key = NULL;
+        ret->priv_key = NULL;
+        ret->references = 1;
+        ret->digest_nid = NID_undef;
+        return (ret);
+}
+void GOST_KEY_free(GOST_KEY * r)
+{
+        int i;
+        if (r == NULL)
+                return;
+        i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC);
+        if (i > 0)
+                return;
+        EC_GROUP_free(r->group);
+        EC_POINT_free(r->pub_key);
+        BN_clear_free(r->priv_key);
+        OPENSSL_cleanse((void *) r, sizeof(GOST_KEY));
+        free(r);
+}
+int GOST_KEY_check_key(const GOST_KEY * key)
+{
+        int ok = 0;
+        BN_CTX *ctx = NULL;
+        BIGNUM *order = NULL;
+        EC_POINT *point = NULL;
+        if (!key || !key->group || !key->pub_key) {
+                GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+        }
+        if (EC_POINT_is_at_infinity(key->group, key->pub_key)) {
+                GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
+                goto err;
+        }
+        if ((ctx = BN_CTX_new()) == NULL)
+                goto err;
+        if ((point = EC_POINT_new(key->group)) == NULL)
+                goto err;
+        /* testing whether the pub_key is on the elliptic curve */
+        if (!EC_POINT_is_on_curve(key->group, key->pub_key, ctx)) {
+                GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
+                goto err;
+        }
+        /* testing whether pub_key * order is the point at infinity */
+        if ((order = BN_new()) == NULL)
+                goto err;
+        if (!EC_GROUP_get_order(key->group, order, ctx)) {
+                GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
+                goto err;
+        }
+        if (!EC_POINT_mul(key->group, point, NULL, key->pub_key, order, ctx)) {
+                GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_EC_LIB);
+                goto err;
+        }
+        if (!EC_POINT_is_at_infinity(key->group, point)) {
+                GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
+                goto err;
+        }
+        /*
+         * in case the priv_key is present : check if generator * priv_key ==
+         * pub_key
+         */
+        if (key->priv_key) {
+                if (BN_cmp(key->priv_key, order) >= 0) {
+                        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
+                        goto err;
+                }
+                if (!EC_POINT_mul(key->group, point, key->priv_key,
+                        NULL, NULL, ctx)) {
+                        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_EC_LIB);
+                        goto err;
+                }
+                if (EC_POINT_cmp(key->group, point, key->pub_key,
+                        ctx) != 0) {
+                        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
+                        goto err;
+                }
+        }
+        ok = 1;
+err:
+        BN_free(order);
+        BN_CTX_free(ctx);
+        EC_POINT_free(point);
+        return (ok);
+}
+int GOST_KEY_set_public_key_affine_coordinates(GOST_KEY * key, BIGNUM * x, BIGNUM * y)
+{
+        BN_CTX *ctx = NULL;
+        BIGNUM *tx, *ty;
+        EC_POINT *point = NULL;
+        int ok = 0;
+        if (!key || !key->group || !x || !y) {
+                GOSTerr(GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
+                    ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+        }
+        ctx = BN_CTX_new();
+        if (!ctx)
+                goto err;
+        point = EC_POINT_new(key->group);
+        if (!point)
+                goto err;
+        tx = BN_CTX_get(ctx);
+        ty = BN_CTX_get(ctx);
+        if (!EC_POINT_set_affine_coordinates_GFp(key->group, point,
+                                x, y, ctx))
+                goto err;
+        if (!EC_POINT_get_affine_coordinates_GFp(key->group, point,
+                                tx, ty, ctx))
+                goto err;
+        /*
+         * Check if retrieved coordinates match originals: if not values are
+         * out of range.
+         */
+        if (BN_cmp(x, tx) || BN_cmp(y, ty)) {
+                GOSTerr(GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
+                    EC_R_COORDINATES_OUT_OF_RANGE);
+                goto err;
+        }
+        if (!GOST_KEY_set_public_key(key, point))
+                goto err;
+        if (GOST_KEY_check_key(key) == 0)
+                goto err;
+        ok = 1;
+err:
+        BN_CTX_free(ctx);
+        EC_POINT_free(point);
+        return ok;
+}
+const EC_GROUP * GOST_KEY_get0_group(const GOST_KEY * key)
+{
+        return key->group;
+}
+int GOST_KEY_set_group(GOST_KEY * key, const EC_GROUP * group)
+{
+        EC_GROUP_free(key->group);
+        key->group = EC_GROUP_dup(group);
+        return (key->group == NULL) ? 0 : 1;
+}
+const BIGNUM * GOST_KEY_get0_private_key(const GOST_KEY * key)
+{
+        return key->priv_key;
+}
+int GOST_KEY_set_private_key(GOST_KEY * key, const BIGNUM * priv_key)
+{
+        BN_clear_free(key->priv_key);
+        key->priv_key = BN_dup(priv_key);
+        return (key->priv_key == NULL) ? 0 : 1;
+}
+const EC_POINT *
+GOST_KEY_get0_public_key(const GOST_KEY * key)
+{
+        return key->pub_key;
+}
+int GOST_KEY_set_public_key(GOST_KEY * key, const EC_POINT * pub_key)
+{
+        EC_POINT_free(key->pub_key);
+        key->pub_key = EC_POINT_dup(pub_key, key->group);
+        return (key->pub_key == NULL) ? 0 : 1;
+}
+int GOST_KEY_get_digest(const GOST_KEY * key)
+{
+        return key->digest_nid;
+}
+int GOST_KEY_set_digest(GOST_KEY * key, int digest_nid)
+{
+        if (digest_nid == NID_id_GostR3411_94_CryptoProParamSet ||
+            digest_nid == NID_id_tc26_gost3411_2012_256 ||
+            digest_nid == NID_id_tc26_gost3411_2012_512) {
+                key->digest_nid = digest_nid;
+                return 1;
+        }
+        return 0;
+}
+size_t GOST_KEY_get_size(const GOST_KEY * r)
+{
+        int i;
+        BIGNUM *order = NULL;
+        const EC_GROUP *group;
+        if (r == NULL)
+                return 0;
+        group = GOST_KEY_get0_group(r);
+        if (group == NULL)
+                return 0;
+        if ((order = BN_new()) == NULL)
+                return 0;
+        if (!EC_GROUP_get_order(group,order,NULL)) {
+                BN_clear_free(order);
+                return 0;
+        }
+        i = BN_num_bytes(order);
+        BN_clear_free(order);
+        return (i);
+}
+#endif
diff --git a/src/lib/libcrypto/gost/gostr341001_params.c b/src/lib/libcrypto/gost/gostr341001_params.c
new file mode 100644
index 0000000000..1c8276e7b0
--- /dev/null
+++ b/src/lib/libcrypto/gost/gostr341001_params.c
@@ -0,0 +1,126 @@
+/* $OpenBSD: gostr341001_params.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <strings.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/objects.h>
+#include <openssl/gost.h>
+#include "gost_locl.h"
+int GostR3410_get_md_digest(int nid)
+{
+        if (nid == NID_id_GostR3411_94_CryptoProParamSet)
+                return NID_id_GostR3411_94;
+        return nid;
+}
+int GostR3410_get_pk_digest(int nid)
+{
+        switch (nid) {
+        case NID_id_GostR3411_94_CryptoProParamSet:
+                return NID_id_GostR3410_2001;
+        case NID_id_tc26_gost3411_2012_256:
+                return NID_id_tc26_gost3410_2012_256;
+        case NID_id_tc26_gost3411_2012_512:
+                return NID_id_tc26_gost3410_2012_512;
+        default:
+                return NID_undef;
+        }
+}
+typedef struct GostR3410_params {
+        const char *name;
+        int nid;
+} GostR3410_params;
+static const GostR3410_params GostR3410_256_params[] = {
+        { "A",  NID_id_GostR3410_2001_CryptoPro_A_ParamSet },
+        { "B",  NID_id_GostR3410_2001_CryptoPro_B_ParamSet },
+        { "C",  NID_id_GostR3410_2001_CryptoPro_C_ParamSet },
+        { "0",  NID_id_GostR3410_2001_TestParamSet },
+        { "XA", NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet },
+        { "XB", NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet },
+        { NULL, NID_undef },
+};
+static const GostR3410_params GostR3410_512_params[] = {
+        { "A",  NID_id_tc26_gost_3410_2012_512_paramSetA },
+        { "B",  NID_id_tc26_gost_3410_2012_512_paramSetB },
+        { NULL, NID_undef },
+};
+int GostR3410_256_param_id(const char *value)
+{
+        int i;
+        for (i = 0; GostR3410_256_params[i].nid != NID_undef; i++) {
+                if (!strcasecmp(GostR3410_256_params[i].name, value))
+                        return GostR3410_256_params[i].nid;
+        }
+        return NID_undef;
+}
+int GostR3410_512_param_id(const char *value)
+{
+        int i;
+        for (i = 0; GostR3410_512_params[i].nid != NID_undef; i++) {
+                if (!strcasecmp(GostR3410_512_params[i].name, value))
+                        return GostR3410_512_params[i].nid;
+        }
+        return NID_undef;
+}
+#endif
diff --git a/src/lib/libcrypto/gost/gostr341001_pmeth.c b/src/lib/libcrypto/gost/gostr341001_pmeth.c
new file mode 100644
index 0000000000..0f82e88a9d
--- /dev/null
+++ b/src/lib/libcrypto/gost/gostr341001_pmeth.c
@@ -0,0 +1,657 @@
+/* $OpenBSD: gostr341001_pmeth.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/gost.h>
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h> /* for RAND_bytes */
+#include "evp_locl.h"
+#include "gost_locl.h"
+#include "gost_asn1.h"
+static ECDSA_SIG *unpack_signature_cp(const unsigned char *sig, size_t siglen)
+{
+        ECDSA_SIG *s;
+        s = ECDSA_SIG_new();
+        if (s == NULL) {
+                GOSTerr(GOST_F_UNPACK_SIGNATURE_CP, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        BN_bin2bn(sig, siglen / 2, s->s);
+        BN_bin2bn(sig + siglen / 2, siglen / 2, s->r);
+        return s;
+}
+static int pack_signature_cp(ECDSA_SIG * s, int order, unsigned char *sig, size_t * siglen)
+{
+        int r_len = BN_num_bytes(s->r);
+        int s_len = BN_num_bytes(s->s);
+        if ((r_len > order) || (s_len > order))
+                return 0;
+        *siglen = 2 * order;
+        memset(sig, 0, *siglen);
+        BN_bn2bin(s->s, sig + order - s_len);
+        BN_bn2bin(s->r, sig + 2 * order - r_len);
+        ECDSA_SIG_free(s);
+        return 1;
+}
+static ECDSA_SIG *unpack_signature_le(const unsigned char *sig, size_t siglen)
+{
+        ECDSA_SIG *s;
+        s = ECDSA_SIG_new();
+        if (s == NULL) {
+                GOSTerr(GOST_F_UNPACK_SIGNATURE_LE, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        GOST_le2bn(sig, siglen / 2, s->r);
+        GOST_le2bn(sig + siglen / 2, siglen / 2, s->s);
+        return s;
+}
+static int pack_signature_le(ECDSA_SIG * s, int order, unsigned char *sig, size_t * siglen)
+{
+        *siglen = 2 * order;
+        memset(sig, 0, *siglen);
+        GOST_bn2le(s->r, sig, order);
+        GOST_bn2le(s->s, sig + order, order);
+        ECDSA_SIG_free(s);
+        return 1;
+}
+struct gost_pmeth_data {
+        int sign_param_nid; /* Should be set whenever parameters are filled */
+        int digest_nid;
+        EVP_MD *md;
+        unsigned char *shared_ukm;
+        int peer_key_used;
+        int sig_format;
+};
+static int pkey_gost01_init(EVP_PKEY_CTX * ctx)
+{
+        struct gost_pmeth_data *data;
+        EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
+        data = malloc(sizeof(struct gost_pmeth_data));
+        if (!data)
+                return 0;
+        memset(data, 0, sizeof(struct gost_pmeth_data));
+        if (pkey && pkey->pkey.gost) {
+                data->sign_param_nid = EC_GROUP_get_curve_name(GOST_KEY_get0_group(pkey->pkey.gost));
+                data->digest_nid = GOST_KEY_get_digest(pkey->pkey.gost);
+        }
+        EVP_PKEY_CTX_set_data(ctx, data);
+        return 1;
+}
+/* Copies contents of gost_pmeth_data structure */
+static int pkey_gost01_copy(EVP_PKEY_CTX * dst, EVP_PKEY_CTX * src)
+{
+        struct gost_pmeth_data *dst_data, *src_data;
+        if (!pkey_gost01_init(dst)) {
+                return 0;
+        }
+        src_data = EVP_PKEY_CTX_get_data(src);
+        dst_data = EVP_PKEY_CTX_get_data(dst);
+        *dst_data = *src_data;
+        if (src_data->shared_ukm) {
+                dst_data->shared_ukm = NULL;
+        }
+        return 1;
+}
+/* Frees up gost_pmeth_data structure */
+static void pkey_gost01_cleanup(EVP_PKEY_CTX * ctx)
+{
+        struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+        free(data->shared_ukm);
+        free(data);
+}
+static int pkey_gost01_paramgen(EVP_PKEY_CTX * ctx, EVP_PKEY * pkey)
+{
+        struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+        EC_GROUP *group;
+        GOST_KEY *gost;
+        int ret;
+        if (data->sign_param_nid == NID_undef || data->digest_nid == NID_undef) {
+                GOSTerr(GOST_F_PKEY_GOST01_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
+                return 0;
+        }
+        group = EC_GROUP_new_by_curve_name(data->sign_param_nid);
+        if (!group)
+                return 0;
+        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+        gost = GOST_KEY_new();
+        if (!gost)
+                return 0;
+        if (!GOST_KEY_set_digest(gost, data->digest_nid))
+                return 0;
+        ret = GOST_KEY_set_group(gost, group);
+        if (ret)
+                EVP_PKEY_assign_GOST(pkey, gost);
+        else
+                GOST_KEY_free(gost);
+        EC_GROUP_free(group);
+        return ret;
+}
+static int pkey_gost01_keygen(EVP_PKEY_CTX * ctx, EVP_PKEY * pkey)
+{
+        if (!pkey_gost01_paramgen(ctx, pkey))
+                return 0;
+        gost2001_keygen(pkey->pkey.gost);
+        return 1;
+}
+static int pkey_gost01_sign(EVP_PKEY_CTX * ctx, unsigned char *sig,
+                            size_t * siglen, const unsigned char *tbs,
+                            size_t tbs_len)
+{
+        ECDSA_SIG *unpacked_sig = NULL;
+        EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
+        struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx);
+        BIGNUM *md;
+        size_t size = GOST_KEY_get_size(pkey->pkey.gost);
+        if (!siglen)
+                return 0;
+        if (!sig) {
+                *siglen = 2 * size;
+                return 1;
+        } else if (*siglen < 2 * size) {
+                GOSTerr(GOST_F_PKEY_GOST01_SIGN, EC_R_BUFFER_TOO_SMALL);
+                return 0;
+        }
+        OPENSSL_assert(tbs_len == 32 || tbs_len == 64);
+        md = GOST_le2bn(tbs, tbs_len, NULL);
+        unpacked_sig = gost2001_do_sign(md, pkey->pkey.gost);
+#ifdef DEBUG_SIGN
+        fprintf(stderr, "S.R=");
+        BN_print_fp(stderr, unpacked_sig->r);
+        fprintf(stderr, "\nS.S=");
+        BN_print_fp(stderr, unpacked_sig->s);
+        fprintf(stderr, "\n");
+#endif
+        if (!unpacked_sig) {
+                return 0;
+        }
+        switch (pctx->sig_format) {
+        case GOST_SIG_FORMAT_SR_BE:
+                return pack_signature_cp(unpacked_sig, size, sig, siglen);
+        case GOST_SIG_FORMAT_RS_LE:
+                return pack_signature_le(unpacked_sig, size, sig, siglen);
+        default:
+                ECDSA_SIG_free(unpacked_sig);
+                return -1;
+        }
+}
+static int pkey_gost01_verify(EVP_PKEY_CTX * ctx, const unsigned char *sig,
+                              size_t siglen, const unsigned char *tbs,
+                              size_t tbs_len)
+{
+        int ok = 0;
+        EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
+        struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx);
+        ECDSA_SIG *s = NULL;
+        BIGNUM *md;
+        if  (!pub_key)
+                return 0;
+        switch (pctx->sig_format) {
+        case GOST_SIG_FORMAT_SR_BE:
+                s = unpack_signature_cp(sig, siglen);
+                break;
+        case GOST_SIG_FORMAT_RS_LE:
+                s = unpack_signature_le(sig, siglen);
+                break;
+        }
+        if (!s)
+                return 0;
+        md = GOST_le2bn(tbs, tbs_len, NULL);
+        if (!md)
+                goto err;
+#ifdef DEBUG_SIGN
+        fprintf(stderr, "V.R=");
+        BN_print_fp(stderr, s->r);
+        fprintf(stderr, "\nV.S=");
+        BN_print_fp(stderr, s->s);
+        fprintf(stderr, "\n");
+#endif
+        ok = gost2001_do_verify(md, s, pub_key->pkey.gost);
+err:
+        BN_free(md);
+        ECDSA_SIG_free(s);
+        return ok;
+}
+static int gost01_VKO_key(EVP_PKEY * pub_key, EVP_PKEY * priv_key,
+                          const unsigned char *ukm, unsigned char *key)
+{
+        unsigned char hashbuf[128];
+        int digest_nid;
+        int ret;
+        BN_CTX *ctx = BN_CTX_new();
+        BIGNUM *UKM, *X, *Y;
+        BN_CTX_start(ctx);
+        UKM = BN_CTX_get(ctx);
+        X = BN_CTX_get(ctx);
+        Y = BN_CTX_get(ctx);
+        GOST_le2bn(ukm, 8, UKM);
+        digest_nid = GOST_KEY_get_digest(priv_key->pkey.gost);
+        VKO_compute_key(X, Y, pub_key->pkey.gost, priv_key->pkey.gost, UKM);
+        switch (digest_nid) {
+        case NID_id_GostR3411_94_CryptoProParamSet:
+                GOST_bn2le(X, hashbuf, 32);
+                GOST_bn2le(Y, hashbuf + 32, 32);
+                GOSTR341194(hashbuf, 64, key, digest_nid);
+                ret = 1;
+                break;
+        case NID_id_tc26_gost3411_2012_256:
+                GOST_bn2le(X, hashbuf, 32);
+                GOST_bn2le(Y, hashbuf + 32, 32);
+                STREEBOG256(hashbuf, 64, key);
+                ret = 1;
+                break;
+        case NID_id_tc26_gost3411_2012_512:
+                GOST_bn2le(X, hashbuf, 64);
+                GOST_bn2le(Y, hashbuf + 64, 64);
+                STREEBOG256(hashbuf, 128, key);
+                ret = 1;
+                break;
+        default:
+                ret = -2;
+                break;
+        }
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+        return ret;
+}
+int pkey_gost01_decrypt(EVP_PKEY_CTX * pctx, unsigned char *key,
+                        size_t * key_len, const unsigned char *in,
+                        size_t in_len)
+{
+        const unsigned char *p = in;
+        EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx);
+        GOST_KEY_TRANSPORT *gkt = NULL;
+        int ret = 0;
+        unsigned char wrappedKey[44];
+        unsigned char sharedKey[32];
+        EVP_PKEY *eph_key = NULL, *peerkey = NULL;
+        int nid;
+        if (!key) {
+                *key_len = 32;
+                return 1;
+        }
+        gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len);
+        if (!gkt) {
+                GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
+                        GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
+                return -1;
+        }
+        /* If key transport structure contains public key, use it */
+        eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
+        if (eph_key) {
+                if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0) {
+                        GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
+                                GOST_R_INCOMPATIBLE_PEER_KEY);
+                        goto err;
+                }
+        } else {
+                /* Set control "public key from client certificate used" */
+                if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0) {
+                        GOSTerr(GOST_F_PKEY_GOST01_DECRYPT, GOST_R_CTRL_CALL_FAILED);
+                        goto err;
+                }
+        }
+        peerkey = EVP_PKEY_CTX_get0_peerkey(pctx);
+        if (!peerkey) {
+                GOSTerr(GOST_F_PKEY_GOST01_DECRYPT, GOST_R_NO_PEER_KEY);
+                goto err;
+        }
+        nid = OBJ_obj2nid(gkt->key_agreement_info->cipher);
+        OPENSSL_assert(gkt->key_agreement_info->eph_iv->length == 8);
+        memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8);
+        OPENSSL_assert(gkt->key_info->encrypted_key->length == 32);
+        memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32);
+        OPENSSL_assert(gkt->key_info->imit->length == 4);
+        memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4);
+        gost01_VKO_key(peerkey, priv, wrappedKey, sharedKey);
+        if (!key_unwrap_crypto_pro(nid, sharedKey, wrappedKey, key)) {
+                GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
+                        GOST_R_ERROR_COMPUTING_SHARED_KEY);
+                goto err;
+        }
+        ret = 1;
+ err:
+        if (eph_key)
+                EVP_PKEY_free(eph_key);
+        if (gkt)
+                GOST_KEY_TRANSPORT_free(gkt);
+        return ret;
+}
+int pkey_gost01_derive(EVP_PKEY_CTX * ctx, unsigned char *key,
+                       size_t * keylen)
+{
+        /* Public key of peer in the ctx field peerkey
+         * Our private key in the ctx pkey
+         * ukm is in the algorithm specific context data
+         */
+        EVP_PKEY *my_key = EVP_PKEY_CTX_get0_pkey(ctx);
+        EVP_PKEY *peer_key = EVP_PKEY_CTX_get0_peerkey(ctx);
+        struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+        if (!data->shared_ukm) {
+                GOSTerr(GOST_F_PKEY_GOST01_DERIVE, GOST_R_UKM_NOT_SET);
+                return 0;
+        }
+        if (key == NULL) {
+                *keylen = 32;
+                return 32;
+        }
+        gost01_VKO_key(peer_key, my_key, data->shared_ukm, key);
+        *keylen = 32;
+        return 1;
+}
+int pkey_gost01_encrypt(EVP_PKEY_CTX * pctx, unsigned char *out,
+                size_t * out_len, const unsigned char *key,
+                size_t key_len)
+{
+        GOST_KEY_TRANSPORT *gkt = NULL;
+        EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx);
+        struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
+        unsigned char ukm[8], shared_key[32], crypted_key[44];
+        int ret = 0;
+        int key_is_ephemeral = 1;
+        EVP_PKEY *sec_key = EVP_PKEY_CTX_get0_peerkey(pctx);
+        int nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
+        if (data->shared_ukm) {
+                memcpy(ukm, data->shared_ukm, 8);
+        } else if (out) {
+                if (RAND_bytes(ukm, 8) <= 0) {
+                        GOSTerr(GOST_F_PKEY_GOST01_ENCRYPT,
+                                GOST_R_RANDOM_GENERATOR_FAILURE);
+                        return 0;
+                }
+        }
+        /* Check for private key in the peer_key of context */
+        if (sec_key) {
+                key_is_ephemeral = 0;
+                if (!GOST_KEY_get0_private_key(sec_key->pkey.gost)) {
+                        GOSTerr(GOST_F_PKEY_GOST01_ENCRYPT,
+                                GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
+                        goto err;
+                }
+        } else {
+                key_is_ephemeral = 1;
+                if (out) {
+                        sec_key = EVP_PKEY_new();
+                        EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk),
+                                        GOST_KEY_new());
+                        EVP_PKEY_copy_parameters(sec_key, pubk);
+                        if (!gost2001_keygen(sec_key->pkey.gost)) {
+                                goto err;
+                        }
+                }
+        }
+        if (out) {
+                gost01_VKO_key(pubk, sec_key, ukm, shared_key);
+                key_wrap_crypto_pro(nid, shared_key, ukm, key, crypted_key);
+        }
+        gkt = GOST_KEY_TRANSPORT_new();
+        if (!gkt) {
+                goto err;
+        }
+        if (!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8)) {
+                goto err;
+        }
+        if (!ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, 4)) {
+                goto err;
+        }
+        if (!ASN1_OCTET_STRING_set(gkt->key_info->encrypted_key, crypted_key + 8, 32)) {
+                goto err;
+        }
+        if (key_is_ephemeral) {
+                if (!X509_PUBKEY_set
+                    (&gkt->key_agreement_info->ephem_key,
+                     out ? sec_key : pubk)) {
+                        GOSTerr(GOST_F_PKEY_GOST01_ENCRYPT,
+                                GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
+                        goto err;
+                }
+        }
+        ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
+        gkt->key_agreement_info->cipher = OBJ_nid2obj(nid);
+        if (key_is_ephemeral && sec_key)
+                EVP_PKEY_free(sec_key);
+        if (!key_is_ephemeral) {
+                /* Set control "public key from client certificate used" */
+                if (EVP_PKEY_CTX_ctrl
+                    (pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0) {
+                        GOSTerr(GOST_F_PKEY_GOST01_ENCRYPT,
+                                GOST_R_CTRL_CALL_FAILED);
+                        goto err;
+                }
+        }
+        if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL)) > 0)
+                ret = 1;
+        GOST_KEY_TRANSPORT_free(gkt);
+        return ret;
+ err:
+        if (key_is_ephemeral && sec_key)
+                EVP_PKEY_free(sec_key);
+        GOST_KEY_TRANSPORT_free(gkt);
+        return -1;
+}
+static int pkey_gost01_ctrl(EVP_PKEY_CTX * ctx, int type, int p1, void *p2)
+{
+        struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx);
+        switch (type) {
+        case EVP_PKEY_CTRL_MD:
+                if (EVP_MD_type(p2) != GostR3410_get_md_digest(pctx->digest_nid)) {
+                        GOSTerr(GOST_F_PKEY_GOST01_CTRL, GOST_R_INVALID_DIGEST_TYPE);
+                        return 0;
+                }
+                pctx->md = p2;
+                return 1;
+        case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
+        case EVP_PKEY_CTRL_PKCS7_DECRYPT:
+        case EVP_PKEY_CTRL_PKCS7_SIGN:
+        case EVP_PKEY_CTRL_DIGESTINIT:
+#ifndef OPENSSL_NO_CMS
+        case EVP_PKEY_CTRL_CMS_ENCRYPT:
+        case EVP_PKEY_CTRL_CMS_DECRYPT:
+        case EVP_PKEY_CTRL_CMS_SIGN:
+#endif
+                return 1;
+        case EVP_PKEY_CTRL_GOST_PARAMSET:
+                pctx->sign_param_nid = (int)p1;
+                return 1;
+        case EVP_PKEY_CTRL_SET_IV:
+                pctx->shared_ukm = malloc((int)p1);
+                memcpy(pctx->shared_ukm, p2, (int)p1);
+                return 1;
+        case EVP_PKEY_CTRL_PEER_KEY:
+                if (p1 == 0 || p1 == 1) /* call from EVP_PKEY_derive_set_peer */
+                        return 1;
+                if (p1 == 2)    /* TLS: peer key used? */
+                        return pctx->peer_key_used;
+                if (p1 == 3)    /* TLS: peer key used! */
+                        return (pctx->peer_key_used = 1);
+                return -2;
+        case EVP_PKEY_CTRL_GOST_SIG_FORMAT:
+                switch (p1) {
+                case GOST_SIG_FORMAT_SR_BE:
+                case GOST_SIG_FORMAT_RS_LE:
+                        pctx->sig_format = p1;
+                        return 1;
+                default:
+                        return 0;
+                }
+                break;
+        case EVP_PKEY_CTRL_GOST_SET_DIGEST:
+                pctx->digest_nid = (int)p1;
+                return 1;
+        case EVP_PKEY_CTRL_GOST_GET_DIGEST:
+                *(int *)p2 = pctx->digest_nid;
+                return 1;
+        default:
+                return -2;
+        }
+}
+static int pkey_gost01_ctrl_str(EVP_PKEY_CTX * ctx,
+                                const char *type, const char *value)
+{
+        int param_nid = NID_undef;
+        int digest_nid = NID_undef;
+        if (!strcmp(type, "paramset")) {
+                if (!value) {
+                        return 0;
+                }
+                if (!pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_GET_DIGEST, 0, &digest_nid))
+                        return 0;
+                if (digest_nid == NID_id_tc26_gost3411_2012_512)
+                        param_nid = GostR3410_512_param_id(value);
+                else
+                        param_nid = GostR3410_256_param_id(value);
+                if (param_nid == NID_undef)
+                        param_nid = OBJ_txt2nid(value);
+                if (param_nid == NID_undef)
+                        return 0;
+                return pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
+                                      param_nid, NULL);
+        }
+        if (!strcmp(type, "dgst")) {
+                if (!value)
+                        return 0;
+                else if (!strcmp(value, "gost94") || !strcmp(value, "md_gost94"))
+                        digest_nid = NID_id_GostR3411_94_CryptoProParamSet;
+                else if (!strcmp(value, "streebog256"))
+                        digest_nid = NID_id_tc26_gost3411_2012_256;
+                else if (!strcmp(value, "streebog512"))
+                        digest_nid = NID_id_tc26_gost3411_2012_512;
+                if (digest_nid == NID_undef)
+                        return 0;
+                return pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_SET_DIGEST,
+                                        digest_nid, NULL);
+        }
+        return -2;
+}
+const EVP_PKEY_METHOD gostr01_pkey_meth = {
+        .pkey_id = EVP_PKEY_GOSTR01,
+        .init = pkey_gost01_init,
+        .copy = pkey_gost01_copy,
+        .cleanup = pkey_gost01_cleanup,
+        .paramgen = pkey_gost01_paramgen,
+        .keygen = pkey_gost01_keygen,
+        .sign = pkey_gost01_sign,
+        .verify = pkey_gost01_verify,
+        .encrypt = pkey_gost01_encrypt,
+        .decrypt = pkey_gost01_decrypt,
+        .derive = pkey_gost01_derive,
+        .ctrl = pkey_gost01_ctrl,
+        .ctrl_str = pkey_gost01_ctrl_str,
+};
+#endif
diff --git a/src/lib/libcrypto/gost/gostr341194.c b/src/lib/libcrypto/gost/gostr341194.c
new file mode 100644
index 0000000000..706bf3d431
--- /dev/null
+++ b/src/lib/libcrypto/gost/gostr341194.c
@@ -0,0 +1,259 @@
+/* $OpenBSD: gostr341194.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/crypto.h>
+#include <openssl/objects.h>
+#include <openssl/gost.h>
+#include "gost_locl.h"
+/* Following functions are various bit meshing routines used in
+ * GOST R 34.11-94 algorithms */
+static void swap_bytes(unsigned char *w, unsigned char *k)
+{
+        int i, j;
+        for (i = 0; i < 4; i++)
+                for (j = 0; j < 8; j++)
+                        k[i + 4 * j] = w[8 * i + j];
+}
+/* was A_A */
+static void circle_xor8(const unsigned char *w, unsigned char *k)
+{
+        unsigned char buf[8];
+        int i;
+        memcpy(buf, w, 8);
+        memmove(k, w + 8, 24);
+        for (i = 0; i < 8; i++)
+                k[i + 24] = buf[i] ^ k[i];
+}
+/* was R_R */
+static void transform_3(unsigned char *data)
+{
+        unsigned short int acc;
+        acc = (data[0] ^ data[2] ^ data[4] ^ data[6] ^ data[24] ^ data[30]) |
+             ((data[1] ^ data[3] ^ data[5] ^ data[7] ^ data[25] ^ data[31]) << 8);
+        memmove(data, data + 2, 30);
+        data[30] = acc & 0xff;
+        data[31] = acc >> 8;
+}
+/* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/
+static int add_blocks(int n, unsigned char *left, const unsigned char *right)
+{
+        int i;
+        int carry = 0;
+        int sum;
+        for (i = 0; i < n; i++) {
+                sum = (int)left[i] + (int)right[i] + carry;
+                left[i] = sum & 0xff;
+                carry = sum >> 8;
+        }
+        return carry;
+}
+/* Xor two sequences of bytes */
+static void xor_blocks(unsigned char *result, const unsigned char *a,
+                       const unsigned char *b, size_t len)
+{
+        size_t i;
+        for (i = 0; i < len; i++)
+                result[i] = a[i] ^ b[i];
+}
+/* 
+ *      Calculate H(i+1) = Hash(Hi,Mi) 
+ *      Where H and M are 32 bytes long
+ */
+static int hash_step(GOSTR341194_CTX *c, unsigned char *H, const unsigned char *M)
+{
+        unsigned char U[32], W[32], V[32], S[32], Key[32];
+        int i;
+        /* Compute first key */
+        xor_blocks(W, H, M, 32);
+        swap_bytes(W, Key);
+        /* Encrypt first 8 bytes of H with first key */
+        Gost2814789_set_key(&c->cipher, Key, 256);
+        Gost2814789_encrypt(H, S, &c->cipher);
+        /* Compute second key */
+        circle_xor8(H, U);
+        circle_xor8(M, V);
+        circle_xor8(V, V);
+        xor_blocks(W, U, V, 32);
+        swap_bytes(W, Key);
+        /* encrypt second 8 bytes of H with second key */
+        Gost2814789_set_key(&c->cipher, Key, 256);
+        Gost2814789_encrypt(H+8, S+8, &c->cipher);
+        /* compute third key */
+        circle_xor8(U, U);
+        U[31] = ~U[31];
+        U[29] = ~U[29];
+        U[28] = ~U[28];
+        U[24] = ~U[24];
+        U[23] = ~U[23];
+        U[20] = ~U[20];
+        U[18] = ~U[18];
+        U[17] = ~U[17];
+        U[14] = ~U[14];
+        U[12] = ~U[12];
+        U[10] = ~U[10];
+        U[8] = ~U[8];
+        U[7] = ~U[7];
+        U[5] = ~U[5];
+        U[3] = ~U[3];
+        U[1] = ~U[1];
+        circle_xor8(V, V);
+        circle_xor8(V, V);
+        xor_blocks(W, U, V, 32);
+        swap_bytes(W, Key);
+        /* encrypt third 8 bytes of H with third key */
+        Gost2814789_set_key(&c->cipher, Key, 256);
+        Gost2814789_encrypt(H+16, S+16, &c->cipher);
+        /* Compute fourth key */
+        circle_xor8(U, U);
+        circle_xor8(V, V);
+        circle_xor8(V, V);
+        xor_blocks(W, U, V, 32);
+        swap_bytes(W, Key);
+        /* Encrypt last 8 bytes with fourth key */
+        Gost2814789_set_key(&c->cipher, Key, 256);
+        Gost2814789_encrypt(H+24, S+24, &c->cipher);
+        for (i = 0; i < 12; i++)
+                transform_3(S);
+        xor_blocks(S, S, M, 32);
+        transform_3(S);
+        xor_blocks(S, S, H, 32);
+        for (i = 0; i < 61; i++)
+                transform_3(S);
+        memcpy(H, S, 32);
+        return 1;
+}
+int GOSTR341194_Init(GOSTR341194_CTX *c, int nid)
+{
+        memset (c,0,sizeof(*c));
+        return Gost2814789_set_sbox(&c->cipher, nid);
+}
+static void GOSTR341194_block_data_order(GOSTR341194_CTX *ctx, const void *p, size_t num)
+{
+        int i;
+        for (i = 0; i < num; i++) {
+                hash_step(ctx, ctx->H, p);
+                add_blocks(32, ctx->S, p);
+                p += 32;
+        }
+}
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+#define HASH_CBLOCK     GOSTR341194_CBLOCK
+#define HASH_LONG       GOSTR341194_LONG
+#define HASH_CTX        GOSTR341194_CTX
+#define HASH_UPDATE     GOSTR341194_Update
+#define HASH_TRANSFORM  GOSTR341194_Transform
+#define HASH_NO_FINAL   1
+#define HASH_BLOCK_DATA_ORDER   GOSTR341194_block_data_order
+#include "md32_common.h"
+int GOSTR341194_Final(unsigned char *md, GOSTR341194_CTX * c)
+{
+        unsigned char *p = (unsigned char *)c->data;
+        unsigned char T[32];
+        if (c->num > 0) {
+                memset(p + c->num, 0, 32);
+                hash_step(c, c->H, p);
+                add_blocks(32, c->S, p);
+        }
+        p = T;
+        HOST_l2c(c->Nl, p);
+        HOST_l2c(c->Nh, p);
+        memset(p, 0, 32-8);
+        hash_step(c, c->H, T);
+        hash_step(c, c->H, c->S);
+        memcpy(md, c->H, 32);
+        return 1;
+}
+unsigned char *GOSTR341194(const unsigned char *d, size_t n, unsigned char *md, int nid)
+{
+        GOSTR341194_CTX c;
+        static unsigned char m[GOSTR341194_LENGTH];
+        if (md == NULL)
+                md = m;
+        if (!GOSTR341194_Init(&c, nid))
+                return 0;
+        GOSTR341194_Update(&c, d, n);
+        GOSTR341194_Final(md, &c);
+        OPENSSL_cleanse(&c, sizeof(c));
+        return (md);
+}
+#endif
diff --git a/src/lib/libcrypto/gost/streebog.c b/src/lib/libcrypto/gost/streebog.c
new file mode 100644
index 0000000000..c621c41daa
--- /dev/null
+++ b/src/lib/libcrypto/gost/streebog.c
@@ -0,0 +1,1436 @@
+/* $OpenBSD: streebog.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/crypto.h>
+#include <openssl/objects.h>
+#include <openssl/gost.h>
+#include "gost_locl.h"
+static const STREEBOG_LONG64 A_PI_table[8][256] =
+{
+        { /* 0 */
+                U64(0xd01f715b5c7ef8e6), U64(0x16fa240980778325),
+                U64(0xa8a42e857ee049c8), U64(0x6ac1068fa186465b),
+                U64(0x6e417bd7a2e9320b), U64(0x665c8167a437daab),
+                U64(0x7666681aa89617f6), U64(0x4b959163700bdcf5),
+                U64(0xf14be6b78df36248), U64(0xc585bd689a625cff),
+                U64(0x9557d7fca67d82cb), U64(0x89f0b969af6dd366),
+                U64(0xb0833d48749f6c35), U64(0xa1998c23b1ecbc7c),
+                U64(0x8d70c431ac02a736), U64(0xd6dfbc2fd0a8b69e),
+                U64(0x37aeb3e551fa198b), U64(0x0b7d128a40b5cf9c),
+                U64(0x5a8f2008b5780cbc), U64(0xedec882284e333e5),
+                U64(0xd25fc177d3c7c2ce), U64(0x5e0f5d50b61778ec),
+                U64(0x1d873683c0c24cb9), U64(0xad040bcbb45d208c),
+                U64(0x2f89a0285b853c76), U64(0x5732fff6791b8d58),
+                U64(0x3e9311439ef6ec3f), U64(0xc9183a809fd3c00f),
+                U64(0x83adf3f5260a01ee), U64(0xa6791941f4e8ef10),
+                U64(0x103ae97d0ca1cd5d), U64(0x2ce948121dee1b4a),
+                U64(0x39738421dbf2bf53), U64(0x093da2a6cf0cf5b4),
+                U64(0xcd9847d89cbcb45f), U64(0xf9561c078b2d8ae8),
+                U64(0x9c6a755a6971777f), U64(0xbc1ebaa0712ef0c5),
+                U64(0x72e61542abf963a6), U64(0x78bb5fde229eb12e),
+                U64(0x14ba94250fceb90d), U64(0x844d6697630e5282),
+                U64(0x98ea08026a1e032f), U64(0xf06bbea144217f5c),
+                U64(0xdb6263d11ccb377a), U64(0x641c314b2b8ee083),
+                U64(0x320e96ab9b4770cf), U64(0x1ee7deb986a96b85),
+                U64(0xe96cf57a878c47b5), U64(0xfdd6615f8842feb8),
+                U64(0xc83862965601dd1b), U64(0x2ea9f83e92572162),
+                U64(0xf876441142ff97fc), U64(0xeb2c455608357d9d),
+                U64(0x5612a7e0b0c9904c), U64(0x6c01cbfb2d500823),
+                U64(0x4548a6a7fa037a2d), U64(0xabc4c6bf388b6ef4),
+                U64(0xbade77d4fdf8bebd), U64(0x799b07c8eb4cac3a),
+                U64(0x0c9d87e805b19cf0), U64(0xcb588aac106afa27),
+                U64(0xea0c1d40c1e76089), U64(0x2869354a1e816f1a),
+                U64(0xff96d17307fbc490), U64(0x9f0a9d602f1a5043),
+                U64(0x96373fc6e016a5f7), U64(0x5292dab8b3a6e41c),
+                U64(0x9b8ae0382c752413), U64(0x4f15ec3b7364a8a5),
+                U64(0x3fb349555724f12b), U64(0xc7c50d4415db66d7),
+                U64(0x92b7429ee379d1a7), U64(0xd37f99611a15dfda),
+                U64(0x231427c05e34a086), U64(0xa439a96d7b51d538),
+                U64(0xb403401077f01865), U64(0xdda2aea5901d7902),
+                U64(0x0a5d4a9c8967d288), U64(0xc265280adf660f93),
+                U64(0x8bb0094520d4e94e), U64(0x2a29856691385532),
+                U64(0x42a833c5bf072941), U64(0x73c64d54622b7eb2),
+                U64(0x07e095624504536c), U64(0x8a905153e906f45a),
+                U64(0x6f6123c16b3b2f1f), U64(0xc6e55552dc097bc3),
+                U64(0x4468feb133d16739), U64(0xe211e7f0c7398829),
+                U64(0xa2f96419f7879b40), U64(0x19074bdbc3ad38e9),
+                U64(0xf4ebc3f9474e0b0c), U64(0x43886bd376d53455),
+                U64(0xd8028beb5aa01046), U64(0x51f23282f5cdc320),
+                U64(0xe7b1c2be0d84e16d), U64(0x081dfab006dee8a0),
+                U64(0x3b33340d544b857b), U64(0x7f5bcabc679ae242),
+                U64(0x0edd37c48a08a6d8), U64(0x81ed43d9a9b33bc6),
+                U64(0xb1a3655ebd4d7121), U64(0x69a1eeb5e7ed6167),
+                U64(0xf6ab73d5c8f73124), U64(0x1a67a3e185c61fd5),
+                U64(0x2dc91004d43c065e), U64(0x0240b02c8fb93a28),
+                U64(0x90f7f2b26cc0eb8f), U64(0x3cd3a16f114fd617),
+                U64(0xaae49ea9f15973e0), U64(0x06c0cd748cd64e78),
+                U64(0xda423bc7d5192a6e), U64(0xc345701c16b41287),
+                U64(0x6d2193ede4821537), U64(0xfcf639494190e3ac),
+                U64(0x7c3b228621f1c57e), U64(0xfb16ac2b0494b0c0),
+                U64(0xbf7e529a3745d7f9), U64(0x6881b6a32e3f7c73),
+                U64(0xca78d2bad9b8e733), U64(0xbbfe2fc2342aa3a9),
+                U64(0x0dbddffecc6381e4), U64(0x70a6a56e2440598e),
+                U64(0xe4d12a844befc651), U64(0x8c509c2765d0ba22),
+                U64(0xee8c6018c28814d9), U64(0x17da7c1f49a59e31),
+                U64(0x609c4c1328e194d3), U64(0xb3e3d57232f44b09),
+                U64(0x91d7aaa4a512f69b), U64(0x0ffd6fd243dabbcc),
+                U64(0x50d26a943c1fde34), U64(0x6be15e9968545b4f),
+                U64(0x94778fea6faf9fdf), U64(0x2b09dd7058ea4826),
+                U64(0x677cd9716de5c7bf), U64(0x49d5214fffb2e6dd),
+                U64(0x0360e83a466b273c), U64(0x1fc786af4f7b7691),
+                U64(0xa0b9d435783ea168), U64(0xd49f0c035f118cb6),
+                U64(0x01205816c9d21d14), U64(0xac2453dd7d8f3d98),
+                U64(0x545217cc3f70aa64), U64(0x26b4028e9489c9c2),
+                U64(0xdec2469fd6765e3e), U64(0x04807d58036f7450),
+                U64(0xe5f17292823ddb45), U64(0xf30b569b024a5860),
+                U64(0x62dcfc3fa758aefb), U64(0xe84cad6c4e5e5aa1),
+                U64(0xccb81fce556ea94b), U64(0x53b282ae7a74f908),
+                U64(0x1b47fbf74c1402c1), U64(0x368eebf39828049f),
+                U64(0x7afbeff2ad278b06), U64(0xbe5e0a8cfe97caed),
+                U64(0xcfd8f7f413058e77), U64(0xf78b2bc301252c30),
+                U64(0x4d555c17fcdd928d), U64(0x5f2f05467fc565f8),
+                U64(0x24f4b2a21b30f3ea), U64(0x860dd6bbecb768aa),
+                U64(0x4c750401350f8f99), U64(0x0000000000000000),
+                U64(0xecccd0344d312ef1), U64(0xb5231806be220571),
+                U64(0xc105c030990d28af), U64(0x653c695de25cfd97),
+                U64(0x159acc33c61ca419), U64(0xb89ec7f872418495),
+                U64(0xa9847693b73254dc), U64(0x58cf90243ac13694),
+                U64(0x59efc832f3132b80), U64(0x5c4fed7c39ae42c4),
+                U64(0x828dabe3efd81cfa), U64(0xd13f294d95ace5f2),
+                U64(0x7d1b7a90e823d86a), U64(0xb643f03cf849224d),
+                U64(0x3df3f979d89dcb03), U64(0x7426d836272f2dde),
+                U64(0xdfe21e891fa4432a), U64(0x3a136c1b9d99986f),
+                U64(0xfa36f43dcd46add4), U64(0xc025982650df35bb),
+                U64(0x856d3e81aadc4f96), U64(0xc4a5e57e53b041eb),
+                U64(0x4708168b75ba4005), U64(0xaf44bbe73be41aa4),
+                U64(0x971767d029c4b8e3), U64(0xb9be9feebb939981),
+                U64(0x215497ecd18d9aae), U64(0x316e7e91dd2c57f3),
+                U64(0xcef8afe2dad79363), U64(0x3853dc371220a247),
+                U64(0x35ee03c9de4323a3), U64(0xe6919aa8c456fc79),
+                U64(0xe05157dc4880b201), U64(0x7bdbb7e464f59612),
+                U64(0x127a59518318f775), U64(0x332ecebd52956ddb),
+                U64(0x8f30741d23bb9d1e), U64(0xd922d3fd93720d52),
+                U64(0x7746300c61440ae2), U64(0x25d4eab4d2e2eefe),
+                U64(0x75068020eefd30ca), U64(0x135a01474acaea61),
+                U64(0x304e268714fe4ae7), U64(0xa519f17bb283c82c),
+                U64(0xdc82f6b359cf6416), U64(0x5baf781e7caa11a8),
+                U64(0xb2c38d64fb26561d), U64(0x34ce5bdf17913eb7),
+                U64(0x5d6fb56af07c5fd0), U64(0x182713cd0a7f25fd),
+                U64(0x9e2ac576e6c84d57), U64(0x9aaab82ee5a73907),
+                U64(0xa3d93c0f3e558654), U64(0x7e7b92aaae48ff56),
+                U64(0x872d8ead256575be), U64(0x41c8dbfff96c0e7d),
+                U64(0x99ca5014a3cc1e3b), U64(0x40e883e930be1369),
+                U64(0x1ca76e95091051ad), U64(0x4e35b42dbab6b5b1),
+                U64(0x05a0254ecabd6944), U64(0xe1710fca8152af15),
+                U64(0xf22b0e8dcb984574), U64(0xb763a82a319b3f59),
+                U64(0x63fca4296e8ab3ef), U64(0x9d4a2d4ca0a36a6b),
+                U64(0xe331bfe60eeb953d), U64(0xd5bf541596c391a2),
+                U64(0xf5cb9bef8e9c1618), U64(0x46284e9dbc685d11),
+                U64(0x2074cffa185f87ba), U64(0xbd3ee2b6b8fcedd1),
+                U64(0xae64e3f1f23607b0), U64(0xfeb68965ce29d984),
+                U64(0x55724fdaf6a2b770), U64(0x29496d5cd753720e),
+                U64(0xa75941573d3af204), U64(0x8e102c0bea69800a),
+                U64(0x111ab16bc573d049), U64(0xd7ffe439197aab8a),
+                U64(0xefac380e0b5a09cd), U64(0x48f579593660fbc9),
+                U64(0x22347fd697e6bd92), U64(0x61bc1405e13389c7),
+                U64(0x4ab5c975b9d9c1e1), U64(0x80cd1bcf606126d2),
+                U64(0x7186fd78ed92449a), U64(0x93971a882aabccb3),
+                U64(0x88d0e17f66bfce72), U64(0x27945a985d5bd4d6)
+        }, { /* 1 */
+                U64(0xde553f8c05a811c8), U64(0x1906b59631b4f565),
+                U64(0x436e70d6b1964ff7), U64(0x36d343cb8b1e9d85),
+                U64(0x843dfacc858aab5a), U64(0xfdfc95c299bfc7f9),
+                U64(0x0f634bdea1d51fa2), U64(0x6d458b3b76efb3cd),
+                U64(0x85c3f77cf8593f80), U64(0x3c91315fbe737cb2),
+                U64(0x2148b03366ace398), U64(0x18f8b8264c6761bf),
+                U64(0xc830c1c495c9fb0f), U64(0x981a76102086a0aa),
+                U64(0xaa16012142f35760), U64(0x35cc54060c763cf6),
+                U64(0x42907d66cc45db2d), U64(0x8203d44b965af4bc),
+                U64(0x3d6f3cefc3a0e868), U64(0xbc73ff69d292bda7),
+                U64(0x8722ed0102e20a29), U64(0x8f8185e8cd34deb7),
+                U64(0x9b0561dda7ee01d9), U64(0x5335a0193227fad6),
+                U64(0xc9cecc74e81a6fd5), U64(0x54f5832e5c2431ea),
+                U64(0x99e47ba05d553470), U64(0xf7bee756acd226ce),
+                U64(0x384e05a5571816fd), U64(0xd1367452a47d0e6a),
+                U64(0xf29fde1c386ad85b), U64(0x320c77316275f7ca),
+                U64(0xd0c879e2d9ae9ab0), U64(0xdb7406c69110ef5d),
+                U64(0x45505e51a2461011), U64(0xfc029872e46c5323),
+                U64(0xfa3cb6f5f7bc0cc5), U64(0x031f17cd8768a173),
+                U64(0xbd8df2d9af41297d), U64(0x9d3b4f5ab43e5e3f),
+                U64(0x4071671b36feee84), U64(0x716207e7d3e3b83d),
+                U64(0x48d20ff2f9283a1a), U64(0x27769eb4757cbc7e),
+                U64(0x5c56ebc793f2e574), U64(0xa48b474f9ef5dc18),
+                U64(0x52cbada94ff46e0c), U64(0x60c7da982d8199c6),
+                U64(0x0e9d466edc068b78), U64(0x4eec2175eaf865fc),
+                U64(0x550b8e9e21f7a530), U64(0x6b7ba5bc653fec2b),
+                U64(0x5eb7f1ba6949d0dd), U64(0x57ea94e3db4c9099),
+                U64(0xf640eae6d101b214), U64(0xdd4a284182c0b0bb),
+                U64(0xff1d8fbf6304f250), U64(0xb8accb933bf9d7e8),
+                U64(0xe8867c478eb68c4d), U64(0x3f8e2692391bddc1),
+                U64(0xcb2fd60912a15a7c), U64(0xaec935dbab983d2f),
+                U64(0xf55ffd2b56691367), U64(0x80e2ce366ce1c115),
+                U64(0x179bf3f8edb27e1d), U64(0x01fe0db07dd394da),
+                U64(0xda8a0b76ecc37b87), U64(0x44ae53e1df9584cb),
+                U64(0xb310b4b77347a205), U64(0xdfab323c787b8512),
+                U64(0x3b511268d070b78e), U64(0x65e6e3d2b9396753),
+                U64(0x6864b271e2574d58), U64(0x259784c98fc789d7),
+                U64(0x02e11a7dfabb35a9), U64(0x8841a6dfa337158b),
+                U64(0x7ade78c39b5dcdd0), U64(0xb7cf804d9a2cc84a),
+                U64(0x20b6bd831b7f7742), U64(0x75bd331d3a88d272),
+                U64(0x418f6aab4b2d7a5e), U64(0xd9951cbb6babdaf4),
+                U64(0xb6318dfde7ff5c90), U64(0x1f389b112264aa83),
+                U64(0x492c024284fbaec0), U64(0xe33a0363c608f9a0),
+                U64(0x2688930408af28a4), U64(0xc7538a1a341ce4ad),
+                U64(0x5da8e677ee2171ae), U64(0x8c9e92254a5c7fc4),
+                U64(0x63d8cd55aae938b5), U64(0x29ebd8daa97a3706),
+                U64(0x959827b37be88aa1), U64(0x1484e4356adadf6e),
+                U64(0xa7945082199d7d6b), U64(0xbf6ce8a455fa1cd4),
+                U64(0x9cc542eac9edcae5), U64(0x79c16f0e1c356ca3),
+                U64(0x89bfab6fdee48151), U64(0xd4174d1830c5f0ff),
+                U64(0x9258048415eb419d), U64(0x6139d72850520d1c),
+                U64(0x6a85a80c18ec78f1), U64(0xcd11f88e0171059a),
+                U64(0xcceff53e7ca29140), U64(0xd229639f2315af19),
+                U64(0x90b91ef9ef507434), U64(0x5977d28d074a1be1),
+                U64(0x311360fce51d56b9), U64(0xc093a92d5a1f2f91),
+                U64(0x1a19a25bb6dc5416), U64(0xeb996b8a09de2d3e),
+                U64(0xfee3820f1ed7668a), U64(0xd7085ad5b7ad518c),
+                U64(0x7fff41890fe53345), U64(0xec5948bd67dde602),
+                U64(0x2fd5f65dbaaa68e0), U64(0xa5754affe32648c2),
+                U64(0xf8ddac880d07396c), U64(0x6fa491468c548664),
+                U64(0x0c7c5c1326bdbed1), U64(0x4a33158f03930fb3),
+                U64(0x699abfc19f84d982), U64(0xe4fa2054a80b329c),
+                U64(0x6707f9af438252fa), U64(0x08a368e9cfd6d49e),
+                U64(0x47b1442c58fd25b8), U64(0xbbb3dc5ebc91769b),
+                U64(0x1665fe489061eac7), U64(0x33f27a811fa66310),
+                U64(0x93a609346838d547), U64(0x30ed6d4c98cec263),
+                U64(0x1dd9816cd8df9f2a), U64(0x94662a03063b1e7b),
+                U64(0x83fdd9fbeb896066), U64(0x7b207573e68e590a),
+                U64(0x5f49fc0a149a4407), U64(0x343259b671a5a82c),
+                U64(0xfbc2bb458a6f981f), U64(0xc272b350a0a41a38),
+                U64(0x3aaf1fd8ada32354), U64(0x6cbb868b0b3c2717),
+                U64(0xa2b569c88d2583fe), U64(0xf180c9d1bf027928),
+                U64(0xaf37386bd64ba9f5), U64(0x12bacab2790a8088),
+                U64(0x4c0d3b0810435055), U64(0xb2eeb9070e9436df),
+                U64(0xc5b29067cea7d104), U64(0xdcb425f1ff132461),
+                U64(0x4f122cc5972bf126), U64(0xac282fa651230886),
+                U64(0xe7e537992f6393ef), U64(0xe61b3a2952b00735),
+                U64(0x709c0a57ae302ce7), U64(0xe02514ae416058d3),
+                U64(0xc44c9dd7b37445de), U64(0x5a68c5408022ba92),
+                U64(0x1c278cdca50c0bf0), U64(0x6e5a9cf6f18712be),
+                U64(0x86dce0b17f319ef3), U64(0x2d34ec2040115d49),
+                U64(0x4bcd183f7e409b69), U64(0x2815d56ad4a9a3dc),
+                U64(0x24698979f2141d0d), U64(0x0000000000000000),
+                U64(0x1ec696a15fb73e59), U64(0xd86b110b16784e2e),
+                U64(0x8e7f8858b0e74a6d), U64(0x063e2e8713d05fe6),
+                U64(0xe2c40ed3bbdb6d7a), U64(0xb1f1aeca89fc97ac),
+                U64(0xe1db191e3cb3cc09), U64(0x6418ee62c4eaf389),
+                U64(0xc6ad87aa49cf7077), U64(0xd6f65765ca7ec556),
+                U64(0x9afb6c6dda3d9503), U64(0x7ce05644888d9236),
+                U64(0x8d609f95378feb1e), U64(0x23a9aa4e9c17d631),
+                U64(0x6226c0e5d73aac6f), U64(0x56149953a69f0443),
+                U64(0xeeb852c09d66d3ab), U64(0x2b0ac2a753c102af),
+                U64(0x07c023376e03cb3c), U64(0x2ccae1903dc2c993),
+                U64(0xd3d76e2f5ec63bc3), U64(0x9e2458973356ff4c),
+                U64(0xa66a5d32644ee9b1), U64(0x0a427294356de137),
+                U64(0x783f62be61e6f879), U64(0x1344c70204d91452),
+                U64(0x5b96c8f0fdf12e48), U64(0xa90916ecc59bf613),
+                U64(0xbe92e5142829880e), U64(0x727d102a548b194e),
+                U64(0x1be7afebcb0fc0cc), U64(0x3e702b2244c8491b),
+                U64(0xd5e940a84d166425), U64(0x66f9f41f3e51c620),
+                U64(0xabe80c913f20c3ba), U64(0xf07ec461c2d1edf2),
+                U64(0xf361d3ac45b94c81), U64(0x0521394a94b8fe95),
+                U64(0xadd622162cf09c5c), U64(0xe97871f7f3651897),
+                U64(0xf4a1f09b2bba87bd), U64(0x095d6559b2054044),
+                U64(0x0bbc7f2448be75ed), U64(0x2af4cf172e129675),
+                U64(0x157ae98517094bb4), U64(0x9fda55274e856b96),
+                U64(0x914713499283e0ee), U64(0xb952c623462a4332),
+                U64(0x74433ead475b46a8), U64(0x8b5eb112245fb4f8),
+                U64(0xa34b6478f0f61724), U64(0x11a5dd7ffe6221fb),
+                U64(0xc16da49d27ccbb4b), U64(0x76a224d0bde07301),
+                U64(0x8aa0bca2598c2022), U64(0x4df336b86d90c48f),
+                U64(0xea67663a740db9e4), U64(0xef465f70e0b54771),
+                U64(0x39b008152acb8227), U64(0x7d1e5bf4f55e06ec),
+                U64(0x105bd0cf83b1b521), U64(0x775c2960c033e7db),
+                U64(0x7e014c397236a79f), U64(0x811cc386113255cf),
+                U64(0xeda7450d1a0e72d8), U64(0x5889df3d7a998f3b),
+                U64(0x2e2bfbedc779fc3a), U64(0xce0eef438619a4e9),
+                U64(0x372d4e7bf6cd095f), U64(0x04df34fae96b6a4f),
+                U64(0xf923a13870d4adb6), U64(0xa1aa7e050a4d228d),
+                U64(0xa8f71b5cb84862c9), U64(0xb52e9a306097fde3),
+                U64(0x0d8251a35b6e2a0b), U64(0x2257a7fee1c442eb),
+                U64(0x73831d9a29588d94), U64(0x51d4ba64c89ccf7f),
+                U64(0x502ab7d4b54f5ba5), U64(0x97793dce8153bf08),
+                U64(0xe5042de4d5d8a646), U64(0x9687307efc802bd2),
+                U64(0xa05473b5779eb657), U64(0xb4d097801d446939),
+                U64(0xcff0e2f3fbca3033), U64(0xc38cbee0dd778ee2),
+                U64(0x464f499c252eb162), U64(0xcad1dbb96f72cea6),
+                U64(0xba4dd1eec142e241), U64(0xb00fa37af42f0376)
+        }, { /* 2 */
+                U64(0xcce4cd3aa968b245), U64(0x089d5484e80b7faf),
+                U64(0x638246c1b3548304), U64(0xd2fe0ec8c2355492),
+                U64(0xa7fbdf7ff2374eee), U64(0x4df1600c92337a16),
+                U64(0x84e503ea523b12fb), U64(0x0790bbfd53ab0c4a),
+                U64(0x198a780f38f6ea9d), U64(0x2ab30c8f55ec48cb),
+                U64(0xe0f7fed6b2c49db5), U64(0xb6ecf3f422cadbdc),
+                U64(0x409c9a541358df11), U64(0xd3ce8a56dfde3fe3),
+                U64(0xc3e9224312c8c1a0), U64(0x0d6dfa58816ba507),
+                U64(0xddf3e1b179952777), U64(0x04c02a42748bb1d9),
+                U64(0x94c2abff9f2decb8), U64(0x4f91752da8f8acf4),
+                U64(0x78682befb169bf7b), U64(0xe1c77a48af2ff6c4),
+                U64(0x0c5d7ec69c80ce76), U64(0x4cc1e4928fd81167),
+                U64(0xfeed3d24d9997b62), U64(0x518bb6dfc3a54a23),
+                U64(0x6dbf2d26151f9b90), U64(0xb5bc624b05ea664f),
+                U64(0xe86aaa525acfe21a), U64(0x4801ced0fb53a0be),
+                U64(0xc91463e6c00868ed), U64(0x1027a815cd16fe43),
+                U64(0xf67069a0319204cd), U64(0xb04ccc976c8abce7),
+                U64(0xc0b9b3fc35e87c33), U64(0xf380c77c58f2de65),
+                U64(0x50bb3241de4e2152), U64(0xdf93f490435ef195),
+                U64(0xf1e0d25d62390887), U64(0xaf668bfb1a3c3141),
+                U64(0xbc11b251f00a7291), U64(0x73a5eed47e427d47),
+                U64(0x25bee3f6ee4c3b2e), U64(0x43cc0beb34786282),
+                U64(0xc824e778dde3039c), U64(0xf97d86d98a327728),
+                U64(0xf2b043e24519b514), U64(0xe297ebf7880f4b57),
+                U64(0x3a94a49a98fab688), U64(0x868516cb68f0c419),
+                U64(0xeffa11af0964ee50), U64(0xa4ab4ec0d517f37d),
+                U64(0xa9c6b498547c567a), U64(0x8e18424f80fbbbb6),
+                U64(0x0bcdc53bcf2bc23c), U64(0x137739aaea3643d0),
+                U64(0x2c1333ec1bac2ff0), U64(0x8d48d3f0a7db0625),
+                U64(0x1e1ac3f26b5de6d7), U64(0xf520f81f16b2b95e),
+                U64(0x9f0f6ec450062e84), U64(0x0130849e1deb6b71),
+                U64(0xd45e31ab8c7533a9), U64(0x652279a2fd14e43f),
+                U64(0x3209f01e70f1c927), U64(0xbe71a770cac1a473),
+                U64(0x0e3d6be7a64b1894), U64(0x7ec8148cff29d840),
+                U64(0xcb7476c7fac3be0f), U64(0x72956a4a63a91636),
+                U64(0x37f95ec21991138f), U64(0x9e3fea5a4ded45f5),
+                U64(0x7b38ba50964902e8), U64(0x222e580bbde73764),
+                U64(0x61e253e0899f55e6), U64(0xfc8d2805e352ad80),
+                U64(0x35994be3235ac56d), U64(0x09add01af5e014de),
+                U64(0x5e8659a6780539c6), U64(0xb17c48097161d796),
+                U64(0x026015213acbd6e2), U64(0xd1ae9f77e515e901),
+                U64(0xb7dc776a3f21b0ad), U64(0xaba6a1b96eb78098),
+                U64(0x9bcf4486248d9f5d), U64(0x582666c536455efd),
+                U64(0xfdbdac9bfeb9c6f1), U64(0xc47999be4163cdea),
+                U64(0x765540081722a7ef), U64(0x3e548ed8ec710751),
+                U64(0x3d041f67cb51bac2), U64(0x7958af71ac82d40a),
+                U64(0x36c9da5c047a78fe), U64(0xed9a048e33af38b2),
+                U64(0x26ee7249c96c86bd), U64(0x900281bdeba65d61),
+                U64(0x11172c8bd0fd9532), U64(0xea0abf73600434f8),
+                U64(0x42fc8f75299309f3), U64(0x34a9cf7d3eb1ae1c),
+                U64(0x2b838811480723ba), U64(0x5ce64c8742ceef24),
+                U64(0x1adae9b01fd6570e), U64(0x3c349bf9d6bad1b3),
+                U64(0x82453c891c7b75c0), U64(0x97923a40b80d512b),
+                U64(0x4a61dbf1c198765c), U64(0xb48ce6d518010d3e),
+                U64(0xcfb45c858e480fd6), U64(0xd933cbf30d1e96ae),
+                U64(0xd70ea014ab558e3a), U64(0xc189376228031742),
+                U64(0x9262949cd16d8b83), U64(0xeb3a3bed7def5f89),
+                U64(0x49314a4ee6b8cbcf), U64(0xdcc3652f647e4c06),
+                U64(0xda635a4c2a3e2b3d), U64(0x470c21a940f3d35b),
+                U64(0x315961a157d174b4), U64(0x6672e81dda3459ac),
+                U64(0x5b76f77a1165e36e), U64(0x445cb01667d36ec8),
+                U64(0xc5491d205c88a69b), U64(0x456c34887a3805b9),
+                U64(0xffddb9bac4721013), U64(0x99af51a71e4649bf),
+                U64(0xa15be01cbc7729d5), U64(0x52db2760e485f7b0),
+                U64(0x8c78576eba306d54), U64(0xae560f6507d75a30),
+                U64(0x95f22f6182c687c9), U64(0x71c5fbf54489aba5),
+                U64(0xca44f259e728d57e), U64(0x88b87d2ccebbdc8d),
+                U64(0xbab18d32be4a15aa), U64(0x8be8ec93e99b611e),
+                U64(0x17b713e89ebdf209), U64(0xb31c5d284baa0174),
+                U64(0xeeca9531148f8521), U64(0xb8d198138481c348),
+                U64(0x8988f9b2d350b7fc), U64(0xb9e11c8d996aa839),
+                U64(0x5a4673e40c8e881f), U64(0x1687977683569978),
+                U64(0xbf4123eed72acf02), U64(0x4ea1f1b3b513c785),
+                U64(0xe767452be16f91ff), U64(0x7505d1b730021a7c),
+                U64(0xa59bca5ec8fc980c), U64(0xad069eda20f7e7a3),
+                U64(0x38f4b1bba231606a), U64(0x60d2d77e94743e97),
+                U64(0x9affc0183966f42c), U64(0x248e6768f3a7505f),
+                U64(0xcdd449a4b483d934), U64(0x87b59255751baf68),
+                U64(0x1bea6d2e023d3c7f), U64(0x6b1f12455b5ffcab),
+                U64(0x743555292de9710d), U64(0xd8034f6d10f5fddf),
+                U64(0xc6198c9f7ba81b08), U64(0xbb8109aca3a17edb),
+                U64(0xfa2d1766ad12cabb), U64(0xc729080166437079),
+                U64(0x9c5fff7b77269317), U64(0x0000000000000000),
+                U64(0x15d706c9a47624eb), U64(0x6fdf38072fd44d72),
+                U64(0x5fb6dd3865ee52b7), U64(0xa33bf53d86bcff37),
+                U64(0xe657c1b5fc84fa8e), U64(0xaa962527735cebe9),
+                U64(0x39c43525bfda0b1b), U64(0x204e4d2a872ce186),
+                U64(0x7a083ece8ba26999), U64(0x554b9c9db72efbfa),
+                U64(0xb22cd9b656416a05), U64(0x96a2bedea5e63a5a),
+                U64(0x802529a826b0a322), U64(0x8115ad363b5bc853),
+                U64(0x8375b81701901eb1), U64(0x3069e53f4a3a1fc5),
+                U64(0xbd2136cfede119e0), U64(0x18bafc91251d81ec),
+                U64(0x1d4a524d4c7d5b44), U64(0x05f0aedc6960daa8),
+                U64(0x29e39d3072ccf558), U64(0x70f57f6b5962c0d4),
+                U64(0x989fd53903ad22ce), U64(0xf84d024797d91c59),
+                U64(0x547b1803aac5908b), U64(0xf0d056c37fd263f6),
+                U64(0xd56eb535919e58d8), U64(0x1c7ad6d351963035),
+                U64(0x2e7326cd2167f912), U64(0xac361a443d1c8cd2),
+                U64(0x697f076461942a49), U64(0x4b515f6fdc731d2d),
+                U64(0x8ad8680df4700a6f), U64(0x41ac1eca0eb3b460),
+                U64(0x7d988533d80965d3), U64(0xa8f6300649973d0b),
+                U64(0x7765c4960ac9cc9e), U64(0x7ca801adc5e20ea2),
+                U64(0xdea3700e5eb59ae4), U64(0xa06b6482a19c42a4),
+                U64(0x6a2f96db46b497da), U64(0x27def6d7d487edcc),
+                U64(0x463ca5375d18b82a), U64(0xa6cb5be1efdc259f),
+                U64(0x53eba3fef96e9cc1), U64(0xce84d81b93a364a7),
+                U64(0xf4107c810b59d22f), U64(0x333974806d1aa256),
+                U64(0x0f0def79bba073e5), U64(0x231edc95a00c5c15),
+                U64(0xe437d494c64f2c6c), U64(0x91320523f64d3610),
+                U64(0x67426c83c7df32dd), U64(0x6eefbc99323f2603),
+                U64(0x9d6f7be56acdf866), U64(0x5916e25b2bae358c),
+                U64(0x7ff89012e2c2b331), U64(0x035091bf2720bd93),
+                U64(0x561b0d22900e4669), U64(0x28d319ae6f279e29),
+                U64(0x2f43a2533c8c9263), U64(0xd09e1be9f8fe8270),
+                U64(0xf740ed3e2c796fbc), U64(0xdb53ded237d5404c),
+                U64(0x62b2c25faebfe875), U64(0x0afd41a5d2c0a94d),
+                U64(0x6412fd3ce0ff8f4e), U64(0xe3a76f6995e42026),
+                U64(0x6c8fa9b808f4f0e1), U64(0xc2d9a6dd0f23aad1),
+                U64(0x8f28c6d19d10d0c7), U64(0x85d587744fd0798a),
+                U64(0xa20b71a39b579446), U64(0x684f83fa7c7f4138),
+                U64(0xe507500adba4471d), U64(0x3f640a46f19a6c20),
+                U64(0x1247bd34f7dd28a1), U64(0x2d23b77206474481),
+                U64(0x93521002cc86e0f2), U64(0x572b89bc8de52d18),
+                U64(0xfb1d93f8b0f9a1ca), U64(0xe95a2ecc4724896b),
+                U64(0x3ba420048511ddf9), U64(0xd63e248ab6bee54b),
+                U64(0x5dd6c8195f258455), U64(0x06a03f634e40673b),
+                U64(0x1f2a476c76b68da6), U64(0x217ec9b49ac78af7),
+                U64(0xecaa80102e4453c3), U64(0x14e78257b99d4f9a)
+        }, { /* 3 */
+                U64(0x20329b2cc87bba05), U64(0x4f5eb6f86546a531),
+                U64(0xd4f44775f751b6b1), U64(0x8266a47b850dfa8b),
+                U64(0xbb986aa15a6ca985), U64(0xc979eb08f9ae0f99),
+                U64(0x2da6f447a2375ea1), U64(0x1e74275dcd7d8576),
+                U64(0xbc20180a800bc5f8), U64(0xb4a2f701b2dc65be),
+                U64(0xe726946f981b6d66), U64(0x48e6c453bf21c94c),
+                U64(0x42cad9930f0a4195), U64(0xefa47b64aacccd20),
+                U64(0x71180a8960409a42), U64(0x8bb3329bf6a44e0c),
+                U64(0xd34c35de2d36dacc), U64(0xa92f5b7cbc23dc96),
+                U64(0xb31a85aa68bb09c3), U64(0x13e04836a73161d2),
+                U64(0xb24dfc4129c51d02), U64(0x8ae44b70b7da5acd),
+                U64(0xe671ed84d96579a7), U64(0xa4bb3417d66f3832),
+                U64(0x4572ab38d56d2de8), U64(0xb1b47761ea47215c),
+                U64(0xe81c09cf70aba15d), U64(0xffbdb872ce7f90ac),
+                U64(0xa8782297fd5dc857), U64(0x0d946f6b6a4ce4a4),
+                U64(0xe4df1f4f5b995138), U64(0x9ebc71edca8c5762),
+                U64(0x0a2c1dc0b02b88d9), U64(0x3b503c115d9d7b91),
+                U64(0xc64376a8111ec3a2), U64(0xcec199a323c963e4),
+                U64(0xdc76a87ec58616f7), U64(0x09d596e073a9b487),
+                U64(0x14583a9d7d560daf), U64(0xf4c6dc593f2a0cb4),
+                U64(0xdd21d19584f80236), U64(0x4a4836983ddde1d3),
+                U64(0xe58866a41ae745f9), U64(0xf591a5b27e541875),
+                U64(0x891dc05074586693), U64(0x5b068c651810a89e),
+                U64(0xa30346bc0c08544f), U64(0x3dbf3751c684032d),
+                U64(0x2a1e86ec785032dc), U64(0xf73f5779fca830ea),
+                U64(0xb60c05ca30204d21), U64(0x0cc316802b32f065),
+                U64(0x8770241bdd96be69), U64(0xb861e18199ee95db),
+                U64(0xf805cad91418fcd1), U64(0x29e70dccbbd20e82),
+                U64(0xc7140f435060d763), U64(0x0f3a9da0e8b0cc3b),
+                U64(0xa2543f574d76408e), U64(0xbd7761e1c175d139),
+                U64(0x4b1f4f737ca3f512), U64(0x6dc2df1f2fc137ab),
+                U64(0xf1d05c3967b14856), U64(0xa742bf3715ed046c),
+                U64(0x654030141d1697ed), U64(0x07b872abda676c7d),
+                U64(0x3ce84eba87fa17ec), U64(0xc1fb0403cb79afdf),
+                U64(0x3e46bc7105063f73), U64(0x278ae987121cd678),
+                U64(0xa1adb4778ef47cd0), U64(0x26dd906c5362c2b9),
+                U64(0x05168060589b44e2), U64(0xfbfc41f9d79ac08f),
+                U64(0x0e6de44ba9ced8fa), U64(0x9feb08068bf243a3),
+                U64(0x7b341749d06b129b), U64(0x229c69e74a87929a),
+                U64(0xe09ee6c4427c011b), U64(0x5692e30e725c4c3a),
+                U64(0xda99a33e5e9f6e4b), U64(0x353dd85af453a36b),
+                U64(0x25241b4c90e0fee7), U64(0x5de987258309d022),
+                U64(0xe230140fc0802984), U64(0x93281e86a0c0b3c6),
+                U64(0xf229d719a4337408), U64(0x6f6c2dd4ad3d1f34),
+                U64(0x8ea5b2fbae3f0aee), U64(0x8331dd90c473ee4a),
+                U64(0x346aa1b1b52db7aa), U64(0xdf8f235e06042aa9),
+                U64(0xcc6f6b68a1354b7b), U64(0x6c95a6f46ebf236a),
+                U64(0x52d31a856bb91c19), U64(0x1a35ded6d498d555),
+                U64(0xf37eaef2e54d60c9), U64(0x72e181a9a3c2a61c),
+                U64(0x98537aad51952fde), U64(0x16f6c856ffaa2530),
+                U64(0xd960281e9d1d5215), U64(0x3a0745fa1ce36f50),
+                U64(0x0b7b642bf1559c18), U64(0x59a87eae9aec8001),
+                U64(0x5e100c05408bec7c), U64(0x0441f98b19e55023),
+                U64(0xd70dcc5534d38aef), U64(0x927f676de1bea707),
+                U64(0x9769e70db925e3e5), U64(0x7a636ea29115065a),
+                U64(0x468b201816ef11b6), U64(0xab81a9b73edff409),
+                U64(0xc0ac7de88a07bb1e), U64(0x1f235eb68c0391b7),
+                U64(0x6056b074458dd30f), U64(0xbe8eeac102f7ed67),
+                U64(0xcd381283e04b5fba), U64(0x5cbefecec277c4e3),
+                U64(0xd21b4c356c48ce0d), U64(0x1019c31664b35d8c),
+                U64(0x247362a7d19eea26), U64(0xebe582efb3299d03),
+                U64(0x02aef2cb82fc289f), U64(0x86275df09ce8aaa8),
+                U64(0x28b07427faac1a43), U64(0x38a9b7319e1f47cf),
+                U64(0xc82e92e3b8d01b58), U64(0x06ef0b409b1978bc),
+                U64(0x62f842bfc771fb90), U64(0x9904034610eb3b1f),
+                U64(0xded85ab5477a3e68), U64(0x90d195a663428f98),
+                U64(0x5384636e2ac708d8), U64(0xcbd719c37b522706),
+                U64(0xae9729d76644b0eb), U64(0x7c8c65e20a0c7ee6),
+                U64(0x80c856b007f1d214), U64(0x8c0b40302cc32271),
+                U64(0xdbcedad51fe17a8a), U64(0x740e8ae938dbdea0),
+                U64(0xa615c6dc549310ad), U64(0x19cc55f6171ae90b),
+                U64(0x49b1bdb8fe5fdd8d), U64(0xed0a89af2830e5bf),
+                U64(0x6a7aadb4f5a65bd6), U64(0x7e22972988f05679),
+                U64(0xf952b3325566e810), U64(0x39fecedadf61530e),
+                U64(0x6101c99f04f3c7ce), U64(0x2e5f7f6761b562ff),
+                U64(0xf08725d226cf5c97), U64(0x63af3b54860fef51),
+                U64(0x8ff2cb10ef411e2f), U64(0x884ab9bb35267252),
+                U64(0x4df04433e7ba8dae), U64(0x9afd8866d3690741),
+                U64(0x66b9bb34de94abb3), U64(0x9baaf18d92171380),
+                U64(0x543c11c5f0a064a5), U64(0x17a1b1bdbed431f1),
+                U64(0xb5f58eeaf3a2717f), U64(0xc355f6c849858740),
+                U64(0xec5df044694ef17e), U64(0xd83751f5dc6346d4),
+                U64(0xfc4433520dfdacf2), U64(0x0000000000000000),
+                U64(0x5a51f58e596ebc5f), U64(0x3285aaf12e34cf16),
+                U64(0x8d5c39db6dbd36b0), U64(0x12b731dde64f7513),
+                U64(0x94906c2d7aa7dfbb), U64(0x302b583aacc8e789),
+                U64(0x9d45facd090e6b3c), U64(0x2165e2c78905aec4),
+                U64(0x68d45f7f775a7349), U64(0x189b2c1d5664fdca),
+                U64(0xe1c99f2f030215da), U64(0x6983269436246788),
+                U64(0x8489af3b1e148237), U64(0xe94b702431d5b59c),
+                U64(0x33d2d31a6f4adbd7), U64(0xbfd9932a4389f9a6),
+                U64(0xb0e30e8aab39359d), U64(0xd1e2c715afcaf253),
+                U64(0x150f43763c28196e), U64(0xc4ed846393e2eb3d),
+                U64(0x03f98b20c3823c5e), U64(0xfd134ab94c83b833),
+                U64(0x556b682eb1de7064), U64(0x36c4537a37d19f35),
+                U64(0x7559f30279a5ca61), U64(0x799ae58252973a04),
+                U64(0x9c12832648707ffd), U64(0x78cd9c6913e92ec5),
+                U64(0x1d8dac7d0effb928), U64(0x439da0784e745554),
+                U64(0x413352b3cc887dcb), U64(0xbacf134a1b12bd44),
+                U64(0x114ebafd25cd494d), U64(0x2f08068c20cb763e),
+                U64(0x76a07822ba27f63f), U64(0xeab2fb04f25789c2),
+                U64(0xe3676de481fe3d45), U64(0x1b62a73d95e6c194),
+                U64(0x641749ff5c68832c), U64(0xa5ec4dfc97112cf3),
+                U64(0xf6682e92bdd6242b), U64(0x3f11c59a44782bb2),
+                U64(0x317c21d1edb6f348), U64(0xd65ab5be75ad9e2e),
+                U64(0x6b2dd45fb4d84f17), U64(0xfaab381296e4d44e),
+                U64(0xd0b5befeeeb4e692), U64(0x0882ef0b32d7a046),
+                U64(0x512a91a5a83b2047), U64(0x963e9ee6f85bf724),
+                U64(0x4e09cf132438b1f0), U64(0x77f701c9fb59e2fe),
+                U64(0x7ddb1c094b726a27), U64(0x5f4775ee01f5f8bd),
+                U64(0x9186ec4d223c9b59), U64(0xfeeac1998f01846d),
+                U64(0xac39db1ce4b89874), U64(0xb75b7c21715e59e0),
+                U64(0xafc0503c273aa42a), U64(0x6e3b543fec430bf5),
+                U64(0x704f7362213e8e83), U64(0x58ff0745db9294c0),
+                U64(0x67eec2df9feabf72), U64(0xa0facd9ccf8a6811),
+                U64(0xb936986ad890811a), U64(0x95c715c63bd9cb7a),
+                U64(0xca8060283a2c33c7), U64(0x507de84ee9453486),
+                U64(0x85ded6d05f6a96f6), U64(0x1cdad5964f81ade9),
+                U64(0xd5a33e9eb62fa270), U64(0x40642b588df6690a),
+                U64(0x7f75eec2c98e42b8), U64(0x2cf18dace3494a60),
+                U64(0x23cb100c0bf9865b), U64(0xeef3028febb2d9e1),
+                U64(0x4425d2d394133929), U64(0xaad6d05c7fa1e0c8),
+                U64(0xad6ea2f7a5c68cb5), U64(0xc2028f2308fb9381),
+                U64(0x819f2f5b468fc6d5), U64(0xc5bafd88d29cfffc),
+                U64(0x47dc59f357910577), U64(0x2b49ff07392e261d),
+                U64(0x57c59ae5332258fb), U64(0x73b6f842e2bcb2dd),
+                U64(0xcf96e04862b77725), U64(0x4ca73dd8a6c4996f),
+                U64(0x015779eb417e14c1), U64(0x37932a9176af8bf4)
+        }, { /* 4 */
+                U64(0x190a2c9b249df23e), U64(0x2f62f8b62263e1e9),
+                U64(0x7a7f754740993655), U64(0x330b7ba4d5564d9f),
+                U64(0x4c17a16a46672582), U64(0xb22f08eb7d05f5b8),
+                U64(0x535f47f40bc148cc), U64(0x3aec5d27d4883037),
+                U64(0x10ed0a1825438f96), U64(0x516101f72c233d17),
+                U64(0x13cc6f949fd04eae), U64(0x739853c441474bfd),
+                U64(0x653793d90d3f5b1b), U64(0x5240647b96b0fc2f),
+                U64(0x0c84890ad27623e0), U64(0xd7189b32703aaea3),
+                U64(0x2685de3523bd9c41), U64(0x99317c5b11bffefa),
+                U64(0x0d9baa854f079703), U64(0x70b93648fbd48ac5),
+                U64(0xa80441fce30bc6be), U64(0x7287704bdc36ff1e),
+                U64(0xb65384ed33dc1f13), U64(0xd36417343ee34408),
+                U64(0x39cd38ab6e1bf10f), U64(0x5ab861770a1f3564),
+                U64(0x0ebacf09f594563b), U64(0xd04572b884708530),
+                U64(0x3cae9722bdb3af47), U64(0x4a556b6f2f5cbaf2),
+                U64(0xe1704f1f76c4bd74), U64(0x5ec4ed7144c6dfcf),
+                U64(0x16afc01d4c7810e6), U64(0x283f113cd629ca7a),
+                U64(0xaf59a8761741ed2d), U64(0xeed5a3991e215fac),
+                U64(0x3bf37ea849f984d4), U64(0xe413e096a56ce33c),
+                U64(0x2c439d3a98f020d1), U64(0x637559dc6404c46b),
+                U64(0x9e6c95d1e5f5d569), U64(0x24bb9836045fe99a),
+                U64(0x44efa466dac8ecc9), U64(0xc6eab2a5c80895d6),
+                U64(0x803b50c035220cc4), U64(0x0321658cba93c138),
+                U64(0x8f9ebc465dc7ee1c), U64(0xd15a5137190131d3),
+                U64(0x0fa5ec8668e5e2d8), U64(0x91c979578d1037b1),
+                U64(0x0642ca05693b9f70), U64(0xefca80168350eb4f),
+                U64(0x38d21b24f36a45ec), U64(0xbeab81e1af73d658),
+                U64(0x8cbfd9cae7542f24), U64(0xfd19cc0d81f11102),
+                U64(0x0ac6430fbb4dbc90), U64(0x1d76a09d6a441895),
+                U64(0x2a01573ff1cbbfa1), U64(0xb572e161894fde2b),
+                U64(0x8124734fa853b827), U64(0x614b1fdf43e6b1b0),
+                U64(0x68ac395c4238cc18), U64(0x21d837bfd7f7b7d2),
+                U64(0x20c714304a860331), U64(0x5cfaab726324aa14),
+                U64(0x74c5ba4eb50d606e), U64(0xf3a3030474654739),
+                U64(0x23e671bcf015c209), U64(0x45f087e947b9582a),
+                U64(0xd8bd77b418df4c7b), U64(0xe06f6c90ebb50997),
+                U64(0x0bd96080263c0873), U64(0x7e03f9410e40dcfe),
+                U64(0xb8e94be4c6484928), U64(0xfb5b0608e8ca8e72),
+                U64(0x1a2b49179e0e3306), U64(0x4e29e76961855059),
+                U64(0x4f36c4e6fcf4e4ba), U64(0x49740ee395cf7bca),
+                U64(0xc2963ea386d17f7d), U64(0x90d65ad810618352),
+                U64(0x12d34c1b02a1fa4d), U64(0xfa44258775bb3a91),
+                U64(0x18150f14b9ec46dd), U64(0x1491861e6b9a653d),
+                U64(0x9a1019d7ab2c3fc2), U64(0x3668d42d06fe13d7),
+                U64(0xdcc1fbb25606a6d0), U64(0x969490dd795a1c22),
+                U64(0x3549b1a1bc6dd2ef), U64(0xc94f5e23a0ed770e),
+                U64(0xb9f6686b5b39fdcb), U64(0xc4d4f4a6efeae00d),
+                U64(0xe732851a1fff2204), U64(0x94aad6de5eb869f9),
+                U64(0x3f8ff2ae07206e7f), U64(0xfe38a9813b62d03a),
+                U64(0xa7a1ad7a8bee2466), U64(0x7b6056c8dde882b6),
+                U64(0x302a1e286fc58ca7), U64(0x8da0fa457a259bc7),
+                U64(0xb3302b64e074415b), U64(0x5402ae7eff8b635f),
+                U64(0x08f8050c9cafc94b), U64(0xae468bf98a3059ce),
+                U64(0x88c355cca98dc58f), U64(0xb10e6d67c7963480),
+                U64(0xbad70de7e1aa3cf3), U64(0xbfb4a26e320262bb),
+                U64(0xcb711820870f02d5), U64(0xce12b7a954a75c9d),
+                U64(0x563ce87dd8691684), U64(0x9f73b65e7884618a),
+                U64(0x2b1e74b06cba0b42), U64(0x47cec1ea605b2df1),
+                U64(0x1c698312f735ac76), U64(0x5fdbcefed9b76b2c),
+                U64(0x831a354c8fb1cdfc), U64(0x820516c312c0791f),
+                U64(0xb74ca762aeadabf0), U64(0xfc06ef821c80a5e1),
+                U64(0x5723cbf24518a267), U64(0x9d4df05d5f661451),
+                U64(0x588627742dfd40bf), U64(0xda8331b73f3d39a0),
+                U64(0x17b0e392d109a405), U64(0xf965400bcf28fba9),
+                U64(0x7c3dbf4229a2a925), U64(0x023e460327e275db),
+                U64(0x6cd0b55a0ce126b3), U64(0xe62da695828e96e7),
+                U64(0x42ad6e63b3f373b9), U64(0xe50cc319381d57df),
+                U64(0xc5cbd729729b54ee), U64(0x46d1e265fd2a9912),
+                U64(0x6428b056904eeff8), U64(0x8be23040131e04b7),
+                U64(0x6709d5da2add2ec0), U64(0x075de98af44a2b93),
+                U64(0x8447dcc67bfbe66f), U64(0x6616f655b7ac9a23),
+                U64(0xd607b8bded4b1a40), U64(0x0563af89d3a85e48),
+                U64(0x3db1b4ad20c21ba4), U64(0x11f22997b8323b75),
+                U64(0x292032b34b587e99), U64(0x7f1cdace9331681d),
+                U64(0x8e819fc9c0b65aff), U64(0xa1e3677fe2d5bb16),
+                U64(0xcd33d225ee349da5), U64(0xd9a2543b85aef898),
+                U64(0x795e10cbfa0af76d), U64(0x25a4bbb9992e5d79),
+                U64(0x78413344677b438e), U64(0xf0826688cef68601),
+                U64(0xd27b34bba392f0eb), U64(0x551d8df162fad7bc),
+                U64(0x1e57c511d0d7d9ad), U64(0xdeffbdb171e4d30b),
+                U64(0xf4feea8e802f6caa), U64(0xa480c8f6317de55e),
+                U64(0xa0fc44f07fa40ff5), U64(0x95b5f551c3c9dd1a),
+                U64(0x22f952336d6476ea), U64(0x0000000000000000),
+                U64(0xa6be8ef5169f9085), U64(0xcc2cf1aa73452946),
+                U64(0x2e7ddb39bf12550a), U64(0xd526dd3157d8db78),
+                U64(0x486b2d6c08becf29), U64(0x9b0f3a58365d8b21),
+                U64(0xac78cdfaadd22c15), U64(0xbc95c7e28891a383),
+                U64(0x6a927f5f65dab9c3), U64(0xc3891d2c1ba0cb9e),
+                U64(0xeaa92f9f50f8b507), U64(0xcf0d9426c9d6e87e),
+                U64(0xca6e3baf1a7eb636), U64(0xab25247059980786),
+                U64(0x69b31ad3df4978fb), U64(0xe2512a93cc577c4c),
+                U64(0xff278a0ea61364d9), U64(0x71a615c766a53e26),
+                U64(0x89dc764334fc716c), U64(0xf87a638452594f4a),
+                U64(0xf2bc208be914f3da), U64(0x8766b94ac1682757),
+                U64(0xbbc82e687cdb8810), U64(0x626a7a53f9757088),
+                U64(0xa2c202f358467a2e), U64(0x4d0882e5db169161),
+                U64(0x09e7268301de7da8), U64(0xe897699c771ac0dc),
+                U64(0xc8507dac3d9cc3ed), U64(0xc0a878a0a1330aa6),
+                U64(0x978bb352e42ba8c1), U64(0xe9884a13ea6b743f),
+                U64(0x279afdbabecc28a2), U64(0x047c8c064ed9eaab),
+                U64(0x507e2278b15289f4), U64(0x599904fbb08cf45c),
+                U64(0xbd8ae46d15e01760), U64(0x31353da7f2b43844),
+                U64(0x8558ff49e68a528c), U64(0x76fbfc4d92ef15b5),
+                U64(0x3456922e211c660c), U64(0x86799ac55c1993b4),
+                U64(0x3e90d1219a51da9c), U64(0x2d5cbeb505819432),
+                U64(0x982e5fd48cce4a19), U64(0xdb9c1238a24c8d43),
+                U64(0xd439febecaa96f9b), U64(0x418c0bef0960b281),
+                U64(0x158ea591f6ebd1de), U64(0x1f48e69e4da66d4e),
+                U64(0x8afd13cf8e6fb054), U64(0xf5e1c9011d5ed849),
+                U64(0xe34e091c5126c8af), U64(0xad67ee7530a398f6),
+                U64(0x43b24dec2e82c75a), U64(0x75da99c1287cd48d),
+                U64(0x92e81cdb3783f689), U64(0xa3dd217cc537cecd),
+                U64(0x60543c50de970553), U64(0x93f73f54aaf2426a),
+                U64(0xa91b62737e7a725d), U64(0xf19d4507538732e2),
+                U64(0x77e4dfc20f9ea156), U64(0x7d229ccdb4d31dc6),
+                U64(0x1b346a98037f87e5), U64(0xedf4c615a4b29e94),
+                U64(0x4093286094110662), U64(0xb0114ee85ae78063),
+                U64(0x6ff1d0d6b672e78b), U64(0x6dcf96d591909250),
+                U64(0xdfe09e3eec9567e8), U64(0x3214582b4827f97c),
+                U64(0xb46dc2ee143e6ac8), U64(0xf6c0ac8da7cd1971),
+                U64(0xebb60c10cd8901e4), U64(0xf7df8f023abcad92),
+                U64(0x9c52d3d2c217a0b2), U64(0x6b8d5cd0f8ab0d20),
+                U64(0x3777f7a29b8fa734), U64(0x011f238f9d71b4e3),
+                U64(0xc1b75b2f3c42be45), U64(0x5de588fdfe551ef7),
+                U64(0x6eeef3592b035368), U64(0xaa3a07ffc4e9b365),
+                U64(0xecebe59a39c32a77), U64(0x5ba742f8976e8187),
+                U64(0x4b4a48e0b22d0e11), U64(0xddded83dcb771233),
+                U64(0xa59feb79ac0c51bd), U64(0xc7f5912a55792135)
+        }, { /* 5 */
+                U64(0x6d6ae04668a9b08a), U64(0x3ab3f04b0be8c743),
+                U64(0xe51e166b54b3c908), U64(0xbe90a9eb35c2f139),
+                U64(0xb2c7066637f2bec1), U64(0xaa6945613392202c),
+                U64(0x9a28c36f3b5201eb), U64(0xddce5a93ab536994),
+                U64(0x0e34133ef6382827), U64(0x52a02ba1ec55048b),
+                U64(0xa2f88f97c4b2a177), U64(0x8640e513ca2251a5),
+                U64(0xcdf1d36258137622), U64(0xfe6cb708dedf8ddb),
+                U64(0x8a174a9ec8121e5d), U64(0x679896036b81560e),
+                U64(0x59ed033395795fee), U64(0x1dd778ab8b74edaf),
+                U64(0xee533ef92d9f926d), U64(0x2a8c79baf8a8d8f5),
+                U64(0x6bcf398e69b119f6), U64(0xe20491742fafdd95),
+                U64(0x276488e0809c2aec), U64(0xea955b82d88f5cce),
+                U64(0x7102c63a99d9e0c4), U64(0xf9763017a5c39946),
+                U64(0x429fa2501f151b3d), U64(0x4659c72bea05d59e),
+                U64(0x984b7fdccf5a6634), U64(0xf742232953fbb161),
+                U64(0x3041860e08c021c7), U64(0x747bfd9616cd9386),
+                U64(0x4bb1367192312787), U64(0x1b72a1638a6c44d3),
+                U64(0x4a0e68a6e8359a66), U64(0x169a5039f258b6ca),
+                U64(0xb98a2ef44edee5a4), U64(0xd9083fe85e43a737),
+                U64(0x967f6ce239624e13), U64(0x8874f62d3c1a7982),
+                U64(0x3c1629830af06e3f), U64(0x9165ebfd427e5a8e),
+                U64(0xb5dd81794ceeaa5c), U64(0x0de8f15a7834f219),
+                U64(0x70bd98ede3dd5d25), U64(0xaccc9ca9328a8950),
+                U64(0x56664eda1945ca28), U64(0x221db34c0f8859ae),
+                U64(0x26dbd637fa98970d), U64(0x1acdffb4f068f932),
+                U64(0x4585254f64090fa0), U64(0x72de245e17d53afa),
+                U64(0x1546b25d7c546cf4), U64(0x207e0ffffb803e71),
+                U64(0xfaaad2732bcf4378), U64(0xb462dfae36ea17bd),
+                U64(0xcf926fd1ac1b11fd), U64(0xe0672dc7dba7ba4a),
+                U64(0xd3fa49ad5d6b41b3), U64(0x8ba81449b216a3bc),
+                U64(0x14f9ec8a0650d115), U64(0x40fc1ee3eb1d7ce2),
+                U64(0x23a2ed9b758ce44f), U64(0x782c521b14fddc7e),
+                U64(0x1c68267cf170504e), U64(0xbcf31558c1ca96e6),
+                U64(0xa781b43b4ba6d235), U64(0xf6fd7dfe29ff0c80),
+                U64(0xb0a4bad5c3fad91e), U64(0xd199f51ea963266c),
+                U64(0x414340349119c103), U64(0x5405f269ed4dadf7),
+                U64(0xabd61bb649969dcd), U64(0x6813dbeae7bdc3c8),
+                U64(0x65fb2ab09f8931d1), U64(0xf1e7fae152e3181d),
+                U64(0xc1a67cef5a2339da), U64(0x7a4feea8e0f5bba1),
+                U64(0x1e0b9acf05783791), U64(0x5b8ebf8061713831),
+                U64(0x80e53cdbcb3af8d9), U64(0x7e898bd315e57502),
+                U64(0xc6bcfbf0213f2d47), U64(0x95a38e86b76e942d),
+                U64(0x092e94218d243cba), U64(0x8339debf453622e7),
+                U64(0xb11be402b9fe64ff), U64(0x57d9100d634177c9),
+                U64(0xcc4e8db52217cbc3), U64(0x3b0cae9c71ec7aa2),
+                U64(0xfb158ca451cbfe99), U64(0x2b33276d82ac6514),
+                U64(0x01bf5ed77a04bde1), U64(0xc5601994af33f779),
+                U64(0x75c4a3416cc92e67), U64(0xf3844652a6eb7fc2),
+                U64(0x3487e375fdd0ef64), U64(0x18ae430704609eed),
+                U64(0x4d14efb993298efb), U64(0x815a620cb13e4538),
+                U64(0x125c354207487869), U64(0x9eeea614ce42cf48),
+                U64(0xce2d3106d61fac1c), U64(0xbbe99247bad6827b),
+                U64(0x071a871f7b1c149d), U64(0x2e4a1cc10db81656),
+                U64(0x77a71ff298c149b8), U64(0x06a5d9c80118a97c),
+                U64(0xad73c27e488e34b1), U64(0x443a7b981e0db241),
+                U64(0xe3bbcfa355ab6074), U64(0x0af276450328e684),
+                U64(0x73617a896dd1871b), U64(0x58525de4ef7de20f),
+                U64(0xb7be3dcab8e6cd83), U64(0x19111dd07e64230c),
+                U64(0x842359a03e2a367a), U64(0x103f89f1f3401fb6),
+                U64(0xdc710444d157d475), U64(0xb835702334da5845),
+                U64(0x4320fc876511a6dc), U64(0xd026abc9d3679b8d),
+                U64(0x17250eee885c0b2b), U64(0x90dab52a387ae76f),
+                U64(0x31fed8d972c49c26), U64(0x89cba8fa461ec463),
+                U64(0x2ff5421677bcabb7), U64(0x396f122f85e41d7d),
+                U64(0xa09b332430bac6a8), U64(0xc888e8ced7070560),
+                U64(0xaeaf201ac682ee8f), U64(0x1180d7268944a257),
+                U64(0xf058a43628e7a5fc), U64(0xbd4c4b8fbbce2b07),
+                U64(0xa1246df34abe7b49), U64(0x7d5569b79be9af3c),
+                U64(0xa9b5a705bd9efa12), U64(0xdb6b835baa4bc0e8),
+                U64(0x05793bac8f147342), U64(0x21c1512881848390),
+                U64(0xfdb0556c50d357e5), U64(0x613d4fcb6a99ff72),
+                U64(0x03dce2648e0cda3e), U64(0xe949b9e6568386f0),
+                U64(0xfc0f0bbb2ad7ea04), U64(0x6a70675913b5a417),
+                U64(0x7f36d5046fe1c8e3), U64(0x0c57af8d02304ff8),
+                U64(0x32223abdfcc84618), U64(0x0891caf6f720815b),
+                U64(0xa63eeaec31a26fd4), U64(0x2507345374944d33),
+                U64(0x49d28ac266394058), U64(0xf5219f9aa7f3d6be),
+                U64(0x2d96fea583b4cc68), U64(0x5a31e1571b7585d0),
+                U64(0x8ed12fe53d02d0fe), U64(0xdfade6205f5b0e4b),
+                U64(0x4cabb16ee92d331a), U64(0x04c6657bf510cea3),
+                U64(0xd73c2cd6a87b8f10), U64(0xe1d87310a1a307ab),
+                U64(0x6cd5be9112ad0d6b), U64(0x97c032354366f3f2),
+                U64(0xd4e0ceb22677552e), U64(0x0000000000000000),
+                U64(0x29509bde76a402cb), U64(0xc27a9e8bd42fe3e4),
+                U64(0x5ef7842cee654b73), U64(0xaf107ecdbc86536e),
+                U64(0x3fcacbe784fcb401), U64(0xd55f90655c73e8cf),
+                U64(0xe6c2f40fdabf1336), U64(0xe8f6e7312c873b11),
+                U64(0xeb2a0555a28be12f), U64(0xe4a148bc2eb774e9),
+                U64(0x9b979db84156bc0a), U64(0x6eb60222e6a56ab4),
+                U64(0x87ffbbc4b026ec44), U64(0xc703a5275b3b90a6),
+                U64(0x47e699fc9001687f), U64(0x9c8d1aa73a4aa897),
+                U64(0x7cea3760e1ed12dd), U64(0x4ec80ddd1d2554c5),
+                U64(0x13e36b957d4cc588), U64(0x5d2b66486069914d),
+                U64(0x92b90999cc7280b0), U64(0x517cc9c56259deb5),
+                U64(0xc937b619ad03b881), U64(0xec30824ad997f5b2),
+                U64(0xa45d565fc5aa080b), U64(0xd6837201d27f32f1),
+                U64(0x635ef3789e9198ad), U64(0x531f75769651b96a),
+                U64(0x4f77530a6721e924), U64(0x486dd4151c3dfdb9),
+                U64(0x5f48dafb9461f692), U64(0x375b011173dc355a),
+                U64(0x3da9775470f4d3de), U64(0x8d0dcd81b30e0ac0),
+                U64(0x36e45fc609d888bb), U64(0x55baacbe97491016),
+                U64(0x8cb29356c90ab721), U64(0x76184125e2c5f459),
+                U64(0x99f4210bb55edbd5), U64(0x6f095cf59ca1d755),
+                U64(0x9f51f8c3b44672a9), U64(0x3538bda287d45285),
+                U64(0x50c39712185d6354), U64(0xf23b1885dcefc223),
+                U64(0x79930ccc6ef9619f), U64(0xed8fdc9da3934853),
+                U64(0xcb540aaa590bdf5e), U64(0x5c94389f1a6d2cac),
+                U64(0xe77daad8a0bbaed7), U64(0x28efc5090ca0bf2a),
+                U64(0xbf2ff73c4fc64cd8), U64(0xb37858b14df60320),
+                U64(0xf8c96ec0dfc724a7), U64(0x828680683f329f06),
+                U64(0x941cd051cd6a29cc), U64(0xc3c5c05cae2b5e05),
+                U64(0xb601631dc2e27062), U64(0xc01922382027843b),
+                U64(0x24b86a840e90f0d2), U64(0xd245177a276ffc52),
+                U64(0x0f8b4de98c3c95c6), U64(0x3e759530fef809e0),
+                U64(0x0b4d2892792c5b65), U64(0xc4df4743d5374a98),
+                U64(0xa5e20888bfaeb5ea), U64(0xba56cc90c0d23f9a),
+                U64(0x38d04cf8ffe0a09c), U64(0x62e1adafe495254c),
+                U64(0x0263bcb3f40867df), U64(0xcaeb547d230f62bf),
+                U64(0x6082111c109d4293), U64(0xdad4dd8cd04f7d09),
+                U64(0xefec602e579b2f8c), U64(0x1fb4c4187f7c8a70),
+                U64(0xffd3e9dfa4db303a), U64(0x7bf0b07f9af10640),
+                U64(0xf49ec14dddf76b5f), U64(0x8f6e713247066d1f),
+                U64(0x339d646a86ccfbf9), U64(0x64447467e58d8c30),
+                U64(0x2c29a072f9b07189), U64(0xd8b7613f24471ad6),
+                U64(0x6627c8d41185ebef), U64(0xa347d140beb61c96),
+                U64(0xde12b8f7255fb3aa), U64(0x9d324470404e1576),
+                U64(0x9306574eb6763d51), U64(0xa80af9d2c79a47f3),
+                U64(0x859c0777442e8b9b), U64(0x69ac853d9db97e29)
+        }, { /* 6 */
+                U64(0xc3407dfc2de6377e), U64(0x5b9e93eea4256f77),
+                U64(0xadb58fdd50c845e0), U64(0x5219ff11a75bed86),
+                U64(0x356b61cfd90b1de9), U64(0xfb8f406e25abe037),
+                U64(0x7a5a0231c0f60796), U64(0x9d3cd216e1f5020b),
+                U64(0x0c6550fb6b48d8f3), U64(0xf57508c427ff1c62),
+                U64(0x4ad35ffa71cb407d), U64(0x6290a2da1666aa6d),
+                U64(0xe284ec2349355f9f), U64(0xb3c307c53d7c84ec),
+                U64(0x05e23c0468365a02), U64(0x190bac4d6c9ebfa8),
+                U64(0x94bbbee9e28b80fa), U64(0xa34fc777529cb9b5),
+                U64(0xcc7b39f095bcd978), U64(0x2426addb0ce532e3),
+                U64(0x7e79329312ce4fc7), U64(0xab09a72eebec2917),
+                U64(0xf8d15499f6b9d6c2), U64(0x1a55b8babf8c895d),
+                U64(0xdb8add17fb769a85), U64(0xb57f2f368658e81b),
+                U64(0x8acd36f18f3f41f6), U64(0x5ce3b7bba50f11d3),
+                U64(0x114dcc14d5ee2f0a), U64(0xb91a7fcded1030e8),
+                U64(0x81d5425fe55de7a1), U64(0xb6213bc1554adeee),
+                U64(0x80144ef95f53f5f2), U64(0x1e7688186db4c10c),
+                U64(0x3b912965db5fe1bc), U64(0xc281715a97e8252d),
+                U64(0x54a5d7e21c7f8171), U64(0x4b12535ccbc5522e),
+                U64(0x1d289cefbea6f7f9), U64(0x6ef5f2217d2e729e),
+                U64(0xe6a7dc819b0d17ce), U64(0x1b94b41c05829b0e),
+                U64(0x33d7493c622f711e), U64(0xdcf7f942fa5ce421),
+                U64(0x600fba8b7f7a8ecb), U64(0x46b60f011a83988e),
+                U64(0x235b898e0dcf4c47), U64(0x957ab24f588592a9),
+                U64(0x4354330572b5c28c), U64(0xa5f3ef84e9b8d542),
+                U64(0x8c711e02341b2d01), U64(0x0b1874ae6a62a657),
+                U64(0x1213d8e306fc19ff), U64(0xfe6d7c6a4d9dba35),
+                U64(0x65ed868f174cd4c9), U64(0x88522ea0e6236550),
+                U64(0x899322065c2d7703), U64(0xc01e690bfef4018b),
+                U64(0x915982ed8abddaf8), U64(0xbe675b98ec3a4e4c),
+                U64(0xa996bf7f82f00db1), U64(0xe1daf8d49a27696a),
+                U64(0x2effd5d3dc8986e7), U64(0xd153a51f2b1a2e81),
+                U64(0x18caa0ebd690adfb), U64(0x390e3134b243c51a),
+                U64(0x2778b92cdff70416), U64(0x029f1851691c24a6),
+                U64(0x5e7cafeacc133575), U64(0xfa4e4cc89fa5f264),
+                U64(0x5a5f9f481e2b7d24), U64(0x484c47ab18d764db),
+                U64(0x400a27f2a1a7f479), U64(0xaeeb9b2a83da7315),
+                U64(0x721c626879869734), U64(0x042330a2d2384851),
+                U64(0x85f672fd3765aff0), U64(0xba446b3a3e02061d),
+                U64(0x73dd6ecec3888567), U64(0xffac70ccf793a866),
+                U64(0xdfa9edb5294ed2d4), U64(0x6c6aea7014325638),
+                U64(0x834a5a0e8c41c307), U64(0xcdba35562fb2cb2b),
+                U64(0x0ad97808d06cb404), U64(0x0f3b440cb85aee06),
+                U64(0xe5f9c876481f213b), U64(0x98deee1289c35809),
+                U64(0x59018bbfcd394bd1), U64(0xe01bf47220297b39),
+                U64(0xde68e1139340c087), U64(0x9fa3ca4788e926ad),
+                U64(0xbb85679c840c144e), U64(0x53d8f3b71d55ffd5),
+                U64(0x0da45c5dd146caa0), U64(0x6f34fe87c72060cd),
+                U64(0x57fbc315cf6db784), U64(0xcee421a1fca0fdde),
+                U64(0x3d2d0196607b8d4b), U64(0x642c8a29ad42c69a),
+                U64(0x14aff010bdd87508), U64(0xac74837beac657b3),
+                U64(0x3216459ad821634d), U64(0x3fb219c70967a9ed),
+                U64(0x06bc28f3bb246cf7), U64(0xf2082c9126d562c6),
+                U64(0x66b39278c45ee23c), U64(0xbd394f6f3f2878b9),
+                U64(0xfd33689d9e8f8cc0), U64(0x37f4799eb017394f),
+                U64(0x108cc0b26fe03d59), U64(0xda4bd1b1417888d6),
+                U64(0xb09d1332ee6eb219), U64(0x2f3ed975668794b4),
+                U64(0x58c0871977375982), U64(0x7561463d78ace990),
+                U64(0x09876cff037e82f1), U64(0x7fb83e35a8c05d94),
+                U64(0x26b9b58a65f91645), U64(0xef20b07e9873953f),
+                U64(0x3148516d0b3355b8), U64(0x41cb2b541ba9e62a),
+                U64(0x790416c613e43163), U64(0xa011d380818e8f40),
+                U64(0x3a5025c36151f3ef), U64(0xd57095bdf92266d0),
+                U64(0x498d4b0da2d97688), U64(0x8b0c3a57353153a5),
+                U64(0x21c491df64d368e1), U64(0x8f2f0af5e7091bf4),
+                U64(0x2da1c1240f9bb012), U64(0xc43d59a92ccc49da),
+                U64(0xbfa6573e56345c1f), U64(0x828b56a8364fd154),
+                U64(0x9a41f643e0df7caf), U64(0xbcf843c985266aea),
+                U64(0x2b1de9d7b4bfdce5), U64(0x20059d79dedd7ab2),
+                U64(0x6dabe6d6ae3c446b), U64(0x45e81bf6c991ae7b),
+                U64(0x6351ae7cac68b83e), U64(0xa432e32253b6c711),
+                U64(0xd092a9b991143cd2), U64(0xcac711032e98b58f),
+                U64(0xd8d4c9e02864ac70), U64(0xc5fc550f96c25b89),
+                U64(0xd7ef8dec903e4276), U64(0x67729ede7e50f06f),
+                U64(0xeac28c7af045cf3d), U64(0xb15c1f945460a04a),
+                U64(0x9cfddeb05bfb1058), U64(0x93c69abce3a1fe5e),
+                U64(0xeb0380dc4a4bdd6e), U64(0xd20db1e8f8081874),
+                U64(0x229a8528b7c15e14), U64(0x44291750739fbc28),
+                U64(0xd3ccbd4e42060a27), U64(0xf62b1c33f4ed2a97),
+                U64(0x86a8660ae4779905), U64(0xd62e814a2a305025),
+                U64(0x477703a7a08d8add), U64(0x7b9b0e977af815c5),
+                U64(0x78c51a60a9ea2330), U64(0xa6adfb733aaae3b7),
+                U64(0x97e5aa1e3199b60f), U64(0x0000000000000000),
+                U64(0xf4b404629df10e31), U64(0x5564db44a6719322),
+                U64(0x9207961a59afec0d), U64(0x9624a6b88b97a45c),
+                U64(0x363575380a192b1c), U64(0x2c60cd82b595a241),
+                U64(0x7d272664c1dc7932), U64(0x7142769faa94a1c1),
+                U64(0xa1d0df263b809d13), U64(0x1630e841d4c451ae),
+                U64(0xc1df65ad44fa13d8), U64(0x13d2d445bcf20bac),
+                U64(0xd915c546926abe23), U64(0x38cf3d92084dd749),
+                U64(0xe766d0272103059d), U64(0xc7634d5effde7f2f),
+                U64(0x077d2455012a7ea4), U64(0xedbfa82ff16fb199),
+                U64(0xaf2a978c39d46146), U64(0x42953fa3c8bbd0df),
+                U64(0xcb061da59496a7dc), U64(0x25e7a17db6eb20b0),
+                U64(0x34aa6d6963050fba), U64(0xa76cf7d580a4f1e4),
+                U64(0xf7ea10954ee338c4), U64(0xfcf2643b24819e93),
+                U64(0xcf252d0746aeef8d), U64(0x4ef06f58a3f3082c),
+                U64(0x563acfb37563a5d7), U64(0x5086e740ce47c920),
+                U64(0x2982f186dda3f843), U64(0x87696aac5e798b56),
+                U64(0x5d22bb1d1f010380), U64(0x035e14f7d31236f5),
+                U64(0x3cec0d30da759f18), U64(0xf3c920379cdb7095),
+                U64(0xb8db736b571e22bb), U64(0xdd36f5e44052f672),
+                U64(0xaac8ab8851e23b44), U64(0xa857b3d938fe1fe2),
+                U64(0x17f1e4e76eca43fd), U64(0xec7ea4894b61a3ca),
+                U64(0x9e62c6e132e734fe), U64(0xd4b1991b432c7483),
+                U64(0x6ad6c283af163acf), U64(0x1ce9904904a8e5aa),
+                U64(0x5fbda34c761d2726), U64(0xf910583f4cb7c491),
+                U64(0xc6a241f845d06d7c), U64(0x4f3163fe19fd1a7f),
+                U64(0xe99c988d2357f9c8), U64(0x8eee06535d0709a7),
+                U64(0x0efa48aa0254fc55), U64(0xb4be23903c56fa48),
+                U64(0x763f52caabbedf65), U64(0xeee1bcd8227d876c),
+                U64(0xe345e085f33b4dcc), U64(0x3e731561b369bbbe),
+                U64(0x2843fd2067adea10), U64(0x2adce5710eb1ceb6),
+                U64(0xb7e03767ef44ccbd), U64(0x8db012a48e153f52),
+                U64(0x61ceb62dc5749c98), U64(0xe85d942b9959eb9b),
+                U64(0x4c6f7709caef2c8a), U64(0x84377e5b8d6bbda3),
+                U64(0x30895dcbb13d47eb), U64(0x74a04a9bc2a2fbc3),
+                U64(0x6b17ce251518289c), U64(0xe438c4d0f2113368),
+                U64(0x1fb784bed7bad35f), U64(0x9b80fae55ad16efc),
+                U64(0x77fe5e6c11b0cd36), U64(0xc858095247849129),
+                U64(0x08466059b97090a2), U64(0x01c10ca6ba0e1253),
+                U64(0x6988d6747c040c3a), U64(0x6849dad2c60a1e69),
+                U64(0x5147ebe67449db73), U64(0xc99905f4fd8a837a),
+                U64(0x991fe2b433cd4a5a), U64(0xf09734c04fc94660),
+                U64(0xa28ecbd1e892abe6), U64(0xf1563866f5c75433),
+                U64(0x4dae7baf70e13ed9), U64(0x7ce62ac27bd26b61),
+                U64(0x70837a39109ab392), U64(0x90988e4b30b3c8ab),
+                U64(0xb2020b63877296bf), U64(0x156efcb607d6675b)
+        }, { /* 7 */
+                U64(0xe63f55ce97c331d0), U64(0x25b506b0015bba16),
+                U64(0xc8706e29e6ad9ba8), U64(0x5b43d3775d521f6a),
+                U64(0x0bfa3d577035106e), U64(0xab95fc172afb0e66),
+                U64(0xf64b63979e7a3276), U64(0xf58b4562649dad4b),
+                U64(0x48f7c3dbae0c83f1), U64(0xff31916642f5c8c5),
+                U64(0xcbb048dc1c4a0495), U64(0x66b8f83cdf622989),
+                U64(0x35c130e908e2b9b0), U64(0x7c761a61f0b34fa1),
+                U64(0x3601161cf205268d), U64(0x9e54ccfe2219b7d6),
+                U64(0x8b7d90a538940837), U64(0x9cd403588ea35d0b),
+                U64(0xbc3c6fea9ccc5b5a), U64(0xe5ff733b6d24aeed),
+                U64(0xceed22de0f7eb8d2), U64(0xec8581cab1ab545e),
+                U64(0xb96105e88ff8e71d), U64(0x8ca03501871a5ead),
+                U64(0x76ccce65d6db2a2f), U64(0x5883f582a7b58057),
+                U64(0x3f7be4ed2e8adc3e), U64(0x0fe7be06355cd9c9),
+                U64(0xee054e6c1d11be83), U64(0x1074365909b903a6),
+                U64(0x5dde9f80b4813c10), U64(0x4a770c7d02b6692c),
+                U64(0x5379c8d5d7809039), U64(0xb4067448161ed409),
+                U64(0x5f5e5026183bd6cd), U64(0xe898029bf4c29df9),
+                U64(0x7fb63c940a54d09c), U64(0xc5171f897f4ba8bc),
+                U64(0xa6f28db7b31d3d72), U64(0x2e4f3be7716eaa78),
+                U64(0x0d6771a099e63314), U64(0x82076254e41bf284),
+                U64(0x2f0fd2b42733df98), U64(0x5c9e76d3e2dc49f0),
+                U64(0x7aeb569619606cdb), U64(0x83478b07b2468764),
+                U64(0xcfadcb8d5923cd32), U64(0x85dac7f05b95a41e),
+                U64(0xb5469d1b4043a1e9), U64(0xb821ecbbd9a592fd),
+                U64(0x1b8e0b0e798c13c8), U64(0x62a57b6d9a0be02e),
+                U64(0xfcf1b793b81257f8), U64(0x9d94ea0bd8fe28eb),
+                U64(0x4cea408aeb654a56), U64(0x23284a47e888996c),
+                U64(0x2d8f1d128b893545), U64(0xf4cbac3132c0d8ab),
+                U64(0xbd7c86b9ca912eba), U64(0x3a268eef3dbe6079),
+                U64(0xf0d62f6077a9110c), U64(0x2735c916ade150cb),
+                U64(0x89fd5f03942ee2ea), U64(0x1acee25d2fd16628),
+                U64(0x90f39bab41181bff), U64(0x430dfe8cde39939f),
+                U64(0xf70b8ac4c8274796), U64(0x1c53aeaac6024552),
+                U64(0x13b410acf35e9c9b), U64(0xa532ab4249faa24f),
+                U64(0x2b1251e5625a163f), U64(0xd7e3e676da4841c7),
+                U64(0xa7b264e4e5404892), U64(0xda8497d643ae72d3),
+                U64(0x861ae105a1723b23), U64(0x38a6414991048aa4),
+                U64(0x6578dec92585b6b4), U64(0x0280cfa6acbaeadd),
+                U64(0x88bdb650c273970a), U64(0x9333bd5ebbff84c2),
+                U64(0x4e6a8f2c47dfa08b), U64(0x321c954db76cef2a),
+                U64(0x418d312a72837942), U64(0xb29b38bfffcdf773),
+                U64(0x6c022c38f90a4c07), U64(0x5a033a240b0f6a8a),
+                U64(0x1f93885f3ce5da6f), U64(0xc38a537e96988bc6),
+                U64(0x39e6a81ac759ff44), U64(0x29929e43cee0fce2),
+                U64(0x40cdd87924de0ca2), U64(0xe9d8ebc8a29fe819),
+                U64(0x0c2798f3cfbb46f4), U64(0x55e484223e53b343),
+                U64(0x4650948ecd0d2fd8), U64(0x20e86cb2126f0651),
+                U64(0x6d42c56baf5739e7), U64(0xa06fc1405ace1e08),
+                U64(0x7babbfc54f3d193b), U64(0x424d17df8864e67f),
+                U64(0xd8045870ef14980e), U64(0xc6d7397c85ac3781),
+                U64(0x21a885e1443273b1), U64(0x67f8116f893f5c69),
+                U64(0x24f5efe35706cff6), U64(0xd56329d076f2ab1a),
+                U64(0x5e1eb9754e66a32d), U64(0x28d2771098bd8902),
+                U64(0x8f6013f47dfdc190), U64(0x17a993fdb637553c),
+                U64(0xe0a219397e1012aa), U64(0x786b9930b5da8606),
+                U64(0x6e82e39e55b0a6da), U64(0x875a0856f72f4ec3),
+                U64(0x3741ff4fa458536d), U64(0xac4859b3957558fc),
+                U64(0x7ef6d5c75c09a57c), U64(0xc04a758b6c7f14fb),
+                U64(0xf9acdd91ab26ebbf), U64(0x7391a467c5ef9668),
+                U64(0x335c7c1ee1319aca), U64(0xa91533b18641e4bb),
+                U64(0xe4bf9a683b79db0d), U64(0x8e20faa72ba0b470),
+                U64(0x51f907737b3a7ae4), U64(0x2268a314bed5ec8c),
+                U64(0xd944b123b949edee), U64(0x31dcb3b84d8b7017),
+                U64(0xd3fe65279f218860), U64(0x097af2f1dc8ffab3),
+                U64(0x9b09a6fc312d0b91), U64(0xcc6ded78a3c4520f),
+                U64(0x3481d9ba5ebfcc50), U64(0x4f2a667f1182d56b),
+                U64(0xdfd9fdd4509ace94), U64(0x26752045fbbc252b),
+                U64(0xbffc491f662bc467), U64(0xdd593272fc202449),
+                U64(0x3cbbc218d46d4303), U64(0x91b372f817456e1f),
+                U64(0x681faf69bc6385a0), U64(0xb686bbeebaa43ed4),
+                U64(0x1469b5084cd0ca01), U64(0x98c98009cbca94ac),
+                U64(0x6438379a73d8c354), U64(0xc2caba2dc0c5fe26),
+                U64(0x3e3b0dbe78d7a9de), U64(0x50b9ee202d670f04),
+                U64(0x4590b27b37eab0e5), U64(0x6025b4cb36b10af3),
+                U64(0xfb2c1237079c0162), U64(0xa12f28130c936be8),
+                U64(0x4b37e52e54eb1ccc), U64(0x083a1ba28ad28f53),
+                U64(0xc10a9cd83a22611b), U64(0x9f1425ad7444c236),
+                U64(0x069d4cf7e9d3237a), U64(0xedc56899e7f621be),
+                U64(0x778c273680865fcf), U64(0x309c5aeb1bd605f7),
+                U64(0x8de0dc52d1472b4d), U64(0xf8ec34c2fd7b9e5f),
+                U64(0xea18cd3d58787724), U64(0xaad515447ca67b86),
+                U64(0x9989695a9d97e14c), U64(0x0000000000000000),
+                U64(0xf196c63321f464ec), U64(0x71116bc169557cb5),
+                U64(0xaf887f466f92c7c1), U64(0x972e3e0ffe964d65),
+                U64(0x190ec4a8d536f915), U64(0x95aef1a9522ca7b8),
+                U64(0xdc19db21aa7d51a9), U64(0x94ee18fa0471d258),
+                U64(0x8087adf248a11859), U64(0xc457f6da2916dd5c),
+                U64(0xfa6cfb6451c17482), U64(0xf256e0c6db13fbd1),
+                U64(0x6a9f60cf10d96f7d), U64(0x4daaa9d9bd383fb6),
+                U64(0x03c026f5fae79f3d), U64(0xde99148706c7bb74),
+                U64(0x2a52b8b6340763df), U64(0x6fc20acd03edd33a),
+                U64(0xd423c08320afdefa), U64(0xbbe1ca4e23420dc0),
+                U64(0x966ed75ca8cb3885), U64(0xeb58246e0e2502c4),
+                U64(0x055d6a021334bc47), U64(0xa47242111fa7d7af),
+                U64(0xe3623fcc84f78d97), U64(0x81c744a11efc6db9),
+                U64(0xaec8961539cfb221), U64(0xf31609958d4e8e31),
+                U64(0x63e5923ecc5695ce), U64(0x47107ddd9b505a38),
+                U64(0xa3afe7b5a0298135), U64(0x792b7063e387f3e6),
+                U64(0x0140e953565d75e0), U64(0x12f4f9ffa503e97b),
+                U64(0x750ce8902c3cb512), U64(0xdbc47e8515f30733),
+                U64(0x1ed3610c6ab8af8f), U64(0x5239218681dde5d9),
+                U64(0xe222d69fd2aaf877), U64(0xfe71783514a8bd25),
+                U64(0xcaf0a18f4a177175), U64(0x61655d9860ec7f13),
+                U64(0xe77fbc9dc19e4430), U64(0x2ccff441ddd440a5),
+                U64(0x16e97aaee06a20dc), U64(0xa855dae2d01c915b),
+                U64(0x1d1347f9905f30b2), U64(0xb7c652bdecf94b34),
+                U64(0xd03e43d265c6175d), U64(0xfdb15ec0ee4f2218),
+                U64(0x57644b8492e9599e), U64(0x07dda5a4bf8e569a),
+                U64(0x54a46d71680ec6a3), U64(0x5624a2d7c4b42c7e),
+                U64(0xbebca04c3076b187), U64(0x7d36f332a6ee3a41),
+                U64(0x3b6667bc6be31599), U64(0x695f463aea3ef040),
+                U64(0xad08b0e0c3282d1c), U64(0xb15b1e4a052a684e),
+                U64(0x44d05b2861b7c505), U64(0x15295c5b1a8dbfe1),
+                U64(0x744c01c37a61c0f2), U64(0x59c31cd1f1e8f5b7),
+                U64(0xef45a73f4b4ccb63), U64(0x6bdf899c46841a9d),
+                U64(0x3dfb2b4b823036e3), U64(0xa2ef0ee6f674f4d5),
+                U64(0x184e2dfb836b8cf5), U64(0x1134df0a5fe47646),
+                U64(0xbaa1231d751f7820), U64(0xd17eaa81339b62bd),
+                U64(0xb01bf71953771dae), U64(0x849a2ea30dc8d1fe),
+                U64(0x705182923f080955), U64(0x0ea757556301ac29),
+                U64(0x041d83514569c9a7), U64(0x0abad4042668658e),
+                U64(0x49b72a88f851f611), U64(0x8a3d79f66ec97dd7),
+                U64(0xcd2d042bf59927ef), U64(0xc930877ab0f0ee48),
+                U64(0x9273540deda2f122), U64(0xc797d02fd3f14261),
+                U64(0xe1e2f06a284d674a), U64(0xd2be8c74c97cfd80),
+                U64(0x9a494faf67707e71), U64(0xb3dbd1eca9908293),
+                U64(0x72d14d3493b2e388), U64(0xd6a30f258c153427)
+        },
+};
+static const STREEBOG_LONG64 C16[12][8] =
+{
+        {
+                U64(0xdd806559f2a64507), U64(0x05767436cc744d23),
+                U64(0xa2422a08a460d315), U64(0x4b7ce09192676901),
+                U64(0x714eb88d7585c4fc), U64(0x2f6a76432e45d016),
+                U64(0xebcb2f81c0657c1f), U64(0xb1085bda1ecadae9)
+        }, {
+                U64(0xe679047021b19bb7), U64(0x55dda21bd7cbcd56),
+                U64(0x5cb561c2db0aa7ca), U64(0x9ab5176b12d69958),
+                U64(0x61d55e0f16b50131), U64(0xf3feea720a232b98),
+                U64(0x4fe39d460f70b5d7), U64(0x6fa3b58aa99d2f1a)
+        }, {
+                U64(0x991e96f50aba0ab2), U64(0xc2b6f443867adb31),
+                U64(0xc1c93a376062db09), U64(0xd3e20fe490359eb1),
+                U64(0xf2ea7514b1297b7b), U64(0x06f15e5f529c1f8b),
+                U64(0x0a39fc286a3d8435), U64(0xf574dcac2bce2fc7)
+        }, {
+                U64(0x220cbebc84e3d12e), U64(0x3453eaa193e837f1),
+                U64(0xd8b71333935203be), U64(0xa9d72c82ed03d675),
+                U64(0x9d721cad685e353f), U64(0x488e857e335c3c7d),
+                U64(0xf948e1a05d71e4dd), U64(0xef1fdfb3e81566d2)
+        }, {
+                U64(0x601758fd7c6cfe57), U64(0x7a56a27ea9ea63f5),
+                U64(0xdfff00b723271a16), U64(0xbfcd1747253af5a3),
+                U64(0x359e35d7800fffbd), U64(0x7f151c1f1686104a),
+                U64(0x9a3f410c6ca92363), U64(0x4bea6bacad474799)
+        }, {
+                U64(0xfa68407a46647d6e), U64(0xbf71c57236904f35),
+                U64(0x0af21f66c2bec6b6), U64(0xcffaa6b71c9ab7b4),
+                U64(0x187f9ab49af08ec6), U64(0x2d66c4f95142a46c),
+                U64(0x6fa4c33b7a3039c0), U64(0xae4faeae1d3ad3d9)
+        }, {
+                U64(0x8886564d3a14d493), U64(0x3517454ca23c4af3),
+                U64(0x06476983284a0504), U64(0x0992abc52d822c37),
+                U64(0xd3473e33197a93c9), U64(0x399ec6c7e6bf87c9),
+                U64(0x51ac86febf240954), U64(0xf4c70e16eeaac5ec)
+        }, {
+                U64(0xa47f0dd4bf02e71e), U64(0x36acc2355951a8d9),
+                U64(0x69d18d2bd1a5c42f), U64(0xf4892bcb929b0690),
+                U64(0x89b4443b4ddbc49a), U64(0x4eb7f8719c36de1e),
+                U64(0x03e7aa020c6e4141), U64(0x9b1f5b424d93c9a7)
+        }, {
+                U64(0x7261445183235adb), U64(0x0e38dc92cb1f2a60),
+                U64(0x7b2b8a9aa6079c54), U64(0x800a440bdbb2ceb1),
+                U64(0x3cd955b7e00d0984), U64(0x3a7d3a1b25894224),
+                U64(0x944c9ad8ec165fde), U64(0x378f5a541631229b)
+        }, {
+                U64(0x74b4c7fb98459ced), U64(0x3698fad1153bb6c3),
+                U64(0x7a1e6c303b7652f4), U64(0x9fe76702af69334b),
+                U64(0x1fffe18a1b336103), U64(0x8941e71cff8a78db),
+                U64(0x382ae548b2e4f3f3), U64(0xabbedea680056f52)
+        }, {
+                U64(0x6bcaa4cd81f32d1b), U64(0xdea2594ac06fd85d),
+                U64(0xefbacd1d7d476e98), U64(0x8a1d71efea48b9ca),
+                U64(0x2001802114846679), U64(0xd8fa6bbbebab0761),
+                U64(0x3002c6cd635afe94), U64(0x7bcd9ed0efc889fb)
+        }, {
+                U64(0x48bc924af11bd720), U64(0xfaf417d5d9b21b99),
+                U64(0xe71da4aa88e12852), U64(0x5d80ef9d1891cc86),
+                U64(0xf82012d430219f9b), U64(0xcda43c32bcdf1d77),
+                U64(0xd21380b00449b17a), U64(0x378ee767f11631ba)
+        },
+};
+#define B(x,i,j)        (((STREEBOG_LONG64)(*(((const unsigned char *)(&x))+i)))<<(j*8))
+#define PULL64(x) (B(x,0,0)|B(x,1,1)|B(x,2,2)|B(x,3,3)|B(x,4,4)|B(x,5,5)|B(x,6,6)|B(x,7,7))
+#define SWAB64(x) (B(x,0,7)|B(x,1,6)|B(x,2,5)|B(x,3,4)|B(x,4,3)|B(x,5,2)|B(x,6,1)|B(x,7,0))
+static inline STREEBOG_LONG64 multipermute(const STREEBOG_LONG64 *in, int i) {
+        STREEBOG_LONG64 t = 0;
+        t ^= A_PI_table[0][(in[0] >> (i * 8)) & 0xff];
+        t ^= A_PI_table[1][(in[1] >> (i * 8)) & 0xff];
+        t ^= A_PI_table[2][(in[2] >> (i * 8)) & 0xff];
+        t ^= A_PI_table[3][(in[3] >> (i * 8)) & 0xff];
+        t ^= A_PI_table[4][(in[4] >> (i * 8)) & 0xff];
+        t ^= A_PI_table[5][(in[5] >> (i * 8)) & 0xff];
+        t ^= A_PI_table[6][(in[6] >> (i * 8)) & 0xff];
+        t ^= A_PI_table[7][(in[7] >> (i * 8)) & 0xff];
+        return t;
+}
+static void transform(STREEBOG_LONG64 *out, const STREEBOG_LONG64 *a, const STREEBOG_LONG64 *b)
+{
+  STREEBOG_LONG64 tmp[8];
+  tmp[0] = a[0] ^ b[0];
+  tmp[1] = a[1] ^ b[1];
+  tmp[2] = a[2] ^ b[2];
+  tmp[3] = a[3] ^ b[3];
+  tmp[4] = a[4] ^ b[4];
+  tmp[5] = a[5] ^ b[5];
+  tmp[6] = a[6] ^ b[6];
+  tmp[7] = a[7] ^ b[7];
+  out[0] = multipermute(tmp, 0);
+  out[1] = multipermute(tmp, 1);
+  out[2] = multipermute(tmp, 2);
+  out[3] = multipermute(tmp, 3);
+  out[4] = multipermute(tmp, 4);
+  out[5] = multipermute(tmp, 5);
+  out[6] = multipermute(tmp, 6);
+  out[7] = multipermute(tmp, 7);
+}
+static inline void gN(STREEBOG_LONG64 *h, STREEBOG_LONG64 *m, STREEBOG_LONG64 *N)
+{
+        STREEBOG_LONG64 K[8];
+        STREEBOG_LONG64 T[8];
+        int i;
+        transform(K, h, N);
+        transform(T, K, m);
+        transform(K, K, C16[0]);
+        for (i = 1; i < 12; i++) {
+                transform(T, K, T);
+                transform(K, K, C16[i]);
+        }
+        h[0] ^= T[0] ^ K[0] ^ m[0];
+        h[1] ^= T[1] ^ K[1] ^ m[1];
+        h[2] ^= T[2] ^ K[2] ^ m[2];
+        h[3] ^= T[3] ^ K[3] ^ m[3];
+        h[4] ^= T[4] ^ K[4] ^ m[4];
+        h[5] ^= T[5] ^ K[5] ^ m[5];
+        h[6] ^= T[6] ^ K[6] ^ m[6];
+        h[7] ^= T[7] ^ K[7] ^ m[7];
+}
+static void streebog_single_block(STREEBOG_CTX * ctx, const unsigned char *in, size_t num)
+{
+        STREEBOG_LONG64 M[8], l;
+        int i;
+        for (i = 0; i < 8; i++)
+                M[i] = PULL64(in[i*8]);
+        gN(ctx->h, M, ctx->N);
+        l = ctx->N[0];
+        ctx->N[0] += num;
+        if (ctx->N[0] < l || ctx->N[0] < num) {
+                for (i = 1; i < 8; i++) {
+                        ctx->N[i]++;
+                        if (ctx->N[i] != 0)
+                                break;
+                }
+        }
+        ctx->Sigma[0] += M[0];
+        for (i = 1; i < 8; i++)
+                if (ctx->Sigma[i-1] < M[i-1])
+                        ctx->Sigma[i] += M[i] + 1;
+                else
+                        ctx->Sigma[i] += M[i];
+}
+static void streebog_block_data_order(STREEBOG_CTX * ctx, const void *in, size_t num)
+{
+        int i;
+        for (i = 0; i < num; i++)
+                streebog_single_block(ctx, in + i * STREEBOG_CBLOCK, 64 * 8);
+}
+int STREEBOG512_Final(unsigned char *md, STREEBOG_CTX * c)
+{
+        int n;
+        unsigned char *p = (unsigned char *)c->data;
+        STREEBOG_LONG64 Z[STREEBOG_LBLOCK] = {};
+        if (c->num == STREEBOG_CBLOCK) {
+                streebog_block_data_order(c, c->data, 1);
+                c->num -= STREEBOG_CBLOCK;
+        }
+        n = c->num;
+        p[n++] = 1;
+        memset(p+n, 0, STREEBOG_CBLOCK - n);
+        streebog_single_block(c, p, c->num * 8);
+        gN(c->h, c->N, Z);
+        gN(c->h, c->Sigma, Z);
+        for (n = 0; n < STREEBOG_LBLOCK; n++)
+                c->h[n] = SWAB64(c->h[n]);
+        if (md == 0)
+                return 0;
+        switch (c->md_len) {
+                /* Let compiler decide if it's appropriate to unroll... */
+        case STREEBOG256_LENGTH:
+                for (n = 0; n < STREEBOG256_LENGTH / 8; n++) {
+                        STREEBOG_LONG64 t = c->h[4+n];
+                        *(md++) = (unsigned char)(t >> 56);
+                        *(md++) = (unsigned char)(t >> 48);
+                        *(md++) = (unsigned char)(t >> 40);
+                        *(md++) = (unsigned char)(t >> 32);
+                        *(md++) = (unsigned char)(t >> 24);
+                        *(md++) = (unsigned char)(t >> 16);
+                        *(md++) = (unsigned char)(t >> 8);
+                        *(md++) = (unsigned char)(t);
+                }
+                break;
+        case STREEBOG512_LENGTH:
+                for (n = 0; n < STREEBOG512_LENGTH / 8; n++) {
+                        STREEBOG_LONG64 t = c->h[n];
+                        *(md++) = (unsigned char)(t >> 56);
+                        *(md++) = (unsigned char)(t >> 48);
+                        *(md++) = (unsigned char)(t >> 40);
+                        *(md++) = (unsigned char)(t >> 32);
+                        *(md++) = (unsigned char)(t >> 24);
+                        *(md++) = (unsigned char)(t >> 16);
+                        *(md++) = (unsigned char)(t >> 8);
+                        *(md++) = (unsigned char)(t);
+                }
+                break;
+                /* ... as well as make sure md_len is not abused. */
+        default:
+                return 0;
+        }
+        return 1;
+}
+int STREEBOG256_Final(unsigned char *md, STREEBOG_CTX * c)
+{
+        return STREEBOG512_Final(md, c);
+}
+int STREEBOG512_Update(STREEBOG_CTX * c, const void *_data, size_t len)
+{
+        unsigned char *p = (unsigned char *)c->data;
+        const unsigned char *data = (const unsigned char *)_data;
+        if (len == 0)
+                return 1;
+        if (c->num != 0) {
+                size_t n = STREEBOG_CBLOCK - c->num;
+                if (len < n) {
+                        memcpy(p + c->num, data, len);
+                        c->num += (unsigned int)len;
+                        return 1;
+                } else {
+                        memcpy(p + c->num, data, n);
+                        c->num = 0;
+                        len -= n;
+                        data += n;
+                        streebog_block_data_order(c, p, 1);
+                }
+        }
+        if (len >= STREEBOG_CBLOCK) {
+                streebog_block_data_order(c, data, len / STREEBOG_CBLOCK);
+                data += len;
+                len %= STREEBOG_CBLOCK;
+                data -= len;
+        }
+        if (len != 0) {
+                memcpy(p, data, len);
+                c->num = (int)len;
+        }
+        return 1;
+}
+int STREEBOG256_Update(STREEBOG_CTX * c, const void *data, size_t len)
+{
+        return STREEBOG512_Update(c, data, len);
+}
+void STREEBOG512_Transform(STREEBOG_CTX * c, const unsigned char *data)
+{
+        streebog_block_data_order(c, data, 1);
+}
+int STREEBOG256_Init(STREEBOG_CTX * c)
+{
+        memset(c, 0, sizeof(*c));
+        memset(c->h, 1, sizeof(c->h));
+        c->md_len = STREEBOG256_LENGTH;
+        return 1;
+}
+int STREEBOG512_Init(STREEBOG_CTX * c)
+{
+        memset(c, 0, sizeof(*c));
+        memset(c->h, 0, sizeof(c->h));
+        c->num = 0;
+        c->md_len = STREEBOG512_LENGTH;
+        return 1;
+}
+unsigned char *STREEBOG256(const unsigned char *d, size_t n, unsigned char *md)
+{
+        STREEBOG_CTX c;
+        static unsigned char m[STREEBOG256_LENGTH];
+        if (md == NULL)
+                md = m;
+        STREEBOG256_Init(&c);
+        STREEBOG256_Update(&c, d, n);
+        STREEBOG256_Final(md, &c);
+        OPENSSL_cleanse(&c, sizeof(c));
+        return (md);
+}
+unsigned char *STREEBOG512(const unsigned char *d, size_t n, unsigned char *md)
+{
+        STREEBOG_CTX c;
+        static unsigned char m[STREEBOG512_LENGTH];
+        if (md == NULL)
+                md = m;
+        STREEBOG512_Init(&c);
+        STREEBOG512_Update(&c, d, n);
+        STREEBOG512_Final(md, &c);
+        OPENSSL_cleanse(&c, sizeof(c));
+        return (md);
+}
+#endif
diff --git a/src/lib/libcrypto/objects/obj_mac.num b/src/lib/libcrypto/objects/obj_mac.num
index bcdda5163e..d3a658e59c 100644
--- a/src/lib/libcrypto/objects/obj_mac.num
+++ b/src/lib/libcrypto/objects/obj_mac.num
@@ -935,3 +935,15 @@ brainpoolP512r1		934
 brainpoolP512t1         935
 FRP256v1                936
 chacha20                937
+gost89_ecb              938
+gost89_cbc              939
+tc26            940
+id_tc26_gost3411_2012_256               941
+id_tc26_gost3411_2012_512               942
+id_tc26_gost_3410_2012_512_paramSetA            943
+id_tc26_gost_3410_2012_512_paramSetB            944
+id_tc26_gost_28147_param_Z              945
+id_tc26_gost3410_2012_256               946
+id_tc26_gost3410_2012_512               947
+id_tc26_signwithdigest_gost3410_2012_256                948
+id_tc26_signwithdigest_gost3410_2012_512                949
diff --git a/src/lib/libcrypto/objects/obj_xref.h b/src/lib/libcrypto/objects/obj_xref.h
index fec28d1127..4499456694 100644
--- a/src/lib/libcrypto/objects/obj_xref.h
+++ b/src/lib/libcrypto/objects/obj_xref.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: obj_xref.h,v 1.2 2014/06/12 15:49:30 deraadt Exp $ */
+/* $OpenBSD: obj_xref.h,v 1.3 2014/11/09 19:17:13 miod Exp $ */
 /* AUTOGENERATED BY objxref.pl, DO NOT EDIT */
 typedef struct
@@ -40,6 +40,8 @@ static const nid_triple sigoid_srt[] =
        {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, NID_id_GostR3410_94_cc},
        {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, NID_id_GostR3410_2001_cc},
        {NID_rsassaPss, NID_undef, NID_rsaEncryption},
+        {NID_id_tc26_signwithdigest_gost3410_2012_256, NID_id_tc26_gost3411_2012_256, NID_id_GostR3410_2001},
+        {NID_id_tc26_signwithdigest_gost3410_2012_512, NID_id_tc26_gost3411_2012_512, NID_id_GostR3410_2001},
        };
 static const nid_triple * const sigoid_srt_xref[] =
@@ -74,5 +76,7 @@ static const nid_triple * const sigoid_srt_xref[] =
        &sigoid_srt[26],
        &sigoid_srt[27],
        &sigoid_srt[28],
+        &sigoid_srt[30],
+        &sigoid_srt[31],
        };
diff --git a/src/lib/libcrypto/objects/obj_xref.txt b/src/lib/libcrypto/objects/obj_xref.txt
index cb917182ee..dde52d8143 100644
--- a/src/lib/libcrypto/objects/obj_xref.txt
+++ b/src/lib/libcrypto/objects/obj_xref.txt
@@ -44,3 +44,5 @@ id_GostR3411_94_with_GostR3410_2001	id_GostR3411_94 id_GostR3410_2001
 id_GostR3411_94_with_GostR3410_94       id_GostR3411_94 id_GostR3410_94
 id_GostR3411_94_with_GostR3410_94_cc    id_GostR3411_94 id_GostR3410_94_cc
 id_GostR3411_94_with_GostR3410_2001_cc  id_GostR3411_94 id_GostR3410_2001_cc
+id_tc26_signwithdigest_gost3410_2012_256        id_tc26_gost3411_2012_256 id_tc26_gost3410_2012_256
+id_tc26_signwithdigest_gost3410_2012_512        id_tc26_gost3411_2012_512 id_tc26_gost3410_2012_512
diff --git a/src/lib/libcrypto/objects/objects.txt b/src/lib/libcrypto/objects/objects.txt
index bb44aa77a3..1ce73cc984 100644
--- a/src/lib/libcrypto/objects/objects.txt
+++ b/src/lib/libcrypto/objects/objects.txt
@@ -1313,3 +1313,18 @@ brainpool 1 14 : brainpoolP512t1
 # ChaCha Stream Cipher
 !Cname chacha20
                        : ChaCha                : chacha
+                        : gost89-ecb
+                        : gost89-cbc
+member-body 643 7 1     : tc26
+!Cname id-tc26-gost3411-2012-256
+tc26 1 2 2              : streebog256 : GOST R 34.11-2012 (256 bit)
+!Cname id-tc26-gost3411-2012-512
+tc26 1 2 3              : streebog512 : GOST R 34-11-2012 (512 bit)
+tc26 2 1 2 1            : id-tc26-gost-3410-2012-512-paramSetA
+tc26 2 1 2 2            : id-tc26-gost-3410-2012-512-paramSetB
+tc26 2 5 1 1            : id-tc26-gost-28147-param-Z
+tc26 1 1 1              : id-tc26-gost3410-2012-256 : GOST R 34.10-2012 (256 bit)
+tc26 1 1 2              : id-tc26-gost3410-2012-512 : GOST R 34.10-2012 (512 bit)
+tc26 1 3 2              : id-tc26-signwithdigest-gost3410-2012-256 : GOST R 34.11-2012 with GOST R 34.10-2012 (256 bit)
+tc26 1 3 3              : id-tc26-signwithdigest-gost3410-2012-512 : GOST R 34.11-2012 with GOST R 34.10-2012 (512 bit)
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
index b76e2b1915..576866f5c2 100644
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_smime.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_smime.c,v 1.18 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: pk7_smime.c,v 1.19 2014/11/09 19:17:13 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -192,6 +192,8 @@ PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey,
                        }
                        if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) ||
                            !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) ||
+                            !add_digest_smcap(smcap, NID_id_tc26_gost3411_2012_256, -1) ||
+                            !add_digest_smcap(smcap, NID_id_tc26_gost3411_2012_512, -1) ||
                            !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) ||
                            !add_cipher_smcap(smcap, NID_aes_192_cbc, -1) ||
                            !add_cipher_smcap(smcap, NID_aes_128_cbc, -1) ||
diff --git a/src/lib/libssl/src/crypto/asn1/ameth_lib.c b/src/lib/libssl/src/crypto/asn1/ameth_lib.c
index e88496cc9d..168321618c 100644
--- a/src/lib/libssl/src/crypto/asn1/ameth_lib.c
+++ b/src/lib/libssl/src/crypto/asn1/ameth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ameth_lib.c,v 1.14 2014/07/13 16:03:09 beck Exp $ */
+/* $OpenBSD: ameth_lib.c,v 1.15 2014/11/09 19:17:13 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -74,6 +74,8 @@ extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[];
 extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
 extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[];
+extern const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
@@ -96,8 +98,16 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
 #ifndef OPENSSL_NO_EC
        &eckey_asn1_meth,
 #endif
+#ifndef OPENSSL_NO_GOST
+        &gostr01_asn1_meths[0],
+        &gostimit_asn1_meth,
+#endif
        &hmac_asn1_meth,
-        &cmac_asn1_meth
+        &cmac_asn1_meth,
+#ifndef OPENSSL_NO_GOST
+        &gostr01_asn1_meths[1],
+        &gostr01_asn1_meths[2],
+#endif
 };
 typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
diff --git a/src/lib/libssl/src/crypto/cms/cms_sd.c b/src/lib/libssl/src/crypto/cms/cms_sd.c
index 70ad897bda..f4119f7a1c 100644
--- a/src/lib/libssl/src/crypto/cms/cms_sd.c
+++ b/src/lib/libssl/src/crypto/cms/cms_sd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_sd.c,v 1.8 2014/07/12 16:03:37 miod Exp $ */
+/* $OpenBSD: cms_sd.c,v 1.9 2014/11/09 19:17:13 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -920,6 +920,8 @@ CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
 {
        if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) ||
            !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) ||
+            !cms_add_digest_smcap(smcap, NID_id_tc26_gost3411_2012_256, -1) ||
+            !cms_add_digest_smcap(smcap, NID_id_tc26_gost3411_2012_512, -1) ||
            !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) ||
            !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) ||
            !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) ||
diff --git a/src/lib/libssl/src/crypto/ec/ec_curve.c b/src/lib/libssl/src/crypto/ec/ec_curve.c
index 9d36d0bf22..0159dbe530 100644
--- a/src/lib/libssl/src/crypto/ec/ec_curve.c
+++ b/src/lib/libssl/src/crypto/ec/ec_curve.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_curve.c,v 1.7 2014/07/12 16:03:37 miod Exp $ */
+/* $OpenBSD: ec_curve.c,v 1.8 2014/11/09 19:17:13 miod Exp $ */
 /*
 * Written by Nils Larsch for the OpenSSL project.
 */
@@ -2766,6 +2766,315 @@ static const struct {
        }
 };
+#ifndef OPENSSL_NO_GOST
+static const struct {
+        EC_CURVE_DATA h;
+        unsigned char data[0 + 32 * 6];
+}
+ _EC_GOST_2001_Test = {
+        {
+                NID_X9_62_prime_field, 0, 32, 1
+        },
+        {                       /* no seed */
+                0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x04, 0x31,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x07,
+                0x5F, 0xBF, 0xF4, 0x98, 0xAA, 0x93, 0x8C, 0xE7, 0x39, 0xB8,     /* b */
+                0xE0, 0x22, 0xFB, 0xAF, 0xEF, 0x40, 0x56, 0x3F, 0x6E, 0x6A,
+                0x34, 0x72, 0xFC, 0x2A, 0x51, 0x4C, 0x0C, 0xE9, 0xDA, 0xE2,
+                0x3B, 0x7E,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* x */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x02,
+                0x08, 0xE2, 0xA8, 0xA0, 0xE6, 0x51, 0x47, 0xD4, 0xBD, 0x63,     /* y */
+                0x16, 0x03, 0x0E, 0x16, 0xD1, 0x9C, 0x85, 0xC9, 0x7F, 0x0A,
+                0x9C, 0xA2, 0x67, 0x12, 0x2B, 0x96, 0xAB, 0xBC, 0xEA, 0x7E,
+                0x8F, 0xC8,
+                0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* order */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x50, 0xFE, 0x8A, 0x18,
+                0x92, 0x97, 0x61, 0x54, 0xC5, 0x9C, 0xFC, 0x19, 0x3A, 0xCC,
+                0xF5, 0xB3,
+        }
+};
+static const struct {
+        EC_CURVE_DATA h;
+        unsigned char data[0 + 32 * 6];
+}
+ _EC_GOST_2001_CryptoPro_A = {
+        {
+                NID_X9_62_prime_field, 0, 32, 1
+        },
+        {                       /* no seed */
+                0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,     /* p */
+                0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+                0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+                0xFD, 0x97,
+                0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,     /* a */
+                0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+                0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+                0xFD, 0x94,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* b */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0xA6,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* x */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x01,
+                0x8D, 0x91, 0xE4, 0x71, 0xE0, 0x98, 0x9C, 0xDA, 0x27, 0xDF,     /* y */
+                0x50, 0x5A, 0x45, 0x3F, 0x2B, 0x76, 0x35, 0x29, 0x4F, 0x2D,
+                0xDF, 0x23, 0xE3, 0xB1, 0x22, 0xAC, 0xC9, 0x9C, 0x9E, 0x9F,
+                0x1E, 0x14,
+                0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,     /* order */
+                0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x6C, 0x61, 0x10, 0x70,
+                0x99, 0x5A, 0xD1, 0x00, 0x45, 0x84, 0x1B, 0x09, 0xB7, 0x61,
+                0xB8, 0x93,
+        }
+};
+static const struct {
+        EC_CURVE_DATA h;
+        unsigned char data[0 + 32 * 6];
+}
+ _EC_GOST_2001_CryptoPro_B = {
+        {
+                NID_X9_62_prime_field, 0, 32, 1
+        },
+        {                       /* no seed */
+                0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x0C, 0x99,
+                0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x0C, 0x96,
+                0x3E, 0x1A, 0xF4, 0x19, 0xA2, 0x69, 0xA5, 0xF8, 0x66, 0xA7,     /* b */
+                0xD3, 0xC2, 0x5C, 0x3D, 0xF8, 0x0A, 0xE9, 0x79, 0x25, 0x93,
+                0x73, 0xFF, 0x2B, 0x18, 0x2F, 0x49, 0xD4, 0xCE, 0x7E, 0x1B,
+                0xBC, 0x8B,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* x */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x01,
+                0x3F, 0xA8, 0x12, 0x43, 0x59, 0xF9, 0x66, 0x80, 0xB8, 0x3D,     /* y */
+                0x1C, 0x3E, 0xB2, 0xC0, 0x70, 0xE5, 0xC5, 0x45, 0xC9, 0x85,
+                0x8D, 0x03, 0xEC, 0xFB, 0x74, 0x4B, 0xF8, 0xD7, 0x17, 0x71,
+                0x7E, 0xFC,
+                0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* order */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x5F, 0x70, 0x0C, 0xFF,
+                0xF1, 0xA6, 0x24, 0xE5, 0xE4, 0x97, 0x16, 0x1B, 0xCC, 0x8A,
+                0x19, 0x8F,
+        }
+};
+static const struct {
+        EC_CURVE_DATA h;
+        unsigned char data[0 + 32 * 6];
+}
+ _EC_GOST_2001_CryptoPro_C = {
+        {
+                NID_X9_62_prime_field, 0, 32, 1
+        },
+        {                       /* no seed */
+                0x9B, 0x9F, 0x60, 0x5F, 0x5A, 0x85, 0x81, 0x07, 0xAB, 0x1E,     /* p */
+                0xC8, 0x5E, 0x6B, 0x41, 0xC8, 0xAA, 0xCF, 0x84, 0x6E, 0x86,
+                0x78, 0x90, 0x51, 0xD3, 0x79, 0x98, 0xF7, 0xB9, 0x02, 0x2D,
+                0x75, 0x9B,
+                0x9B, 0x9F, 0x60, 0x5F, 0x5A, 0x85, 0x81, 0x07, 0xAB, 0x1E,     /* a */
+                0xC8, 0x5E, 0x6B, 0x41, 0xC8, 0xAA, 0xCF, 0x84, 0x6E, 0x86,
+                0x78, 0x90, 0x51, 0xD3, 0x79, 0x98, 0xF7, 0xB9, 0x02, 0x2D,
+                0x75, 0x98,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* b */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x80, 0x5A,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* x */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00,
+                0x41, 0xEC, 0xE5, 0x57, 0x43, 0x71, 0x1A, 0x8C, 0x3C, 0xBF,     /* y */
+                0x37, 0x83, 0xCD, 0x08, 0xC0, 0xEE, 0x4D, 0x4D, 0xC4, 0x40,
+                0xD4, 0x64, 0x1A, 0x8F, 0x36, 0x6E, 0x55, 0x0D, 0xFD, 0xB3,
+                0xBB, 0x67,
+                0x9B, 0x9F, 0x60, 0x5F, 0x5A, 0x85, 0x81, 0x07, 0xAB, 0x1E,     /* order */
+                0xC8, 0x5E, 0x6B, 0x41, 0xC8, 0xAA, 0x58, 0x2C, 0xA3, 0x51,
+                0x1E, 0xDD, 0xFB, 0x74, 0xF0, 0x2F, 0x3A, 0x65, 0x98, 0x98,
+                0x0B, 0xB9,
+        }
+};
+static const struct {
+        EC_CURVE_DATA h;
+        unsigned char data[0 + 64 * 6];
+}
+ _EC_GOST_2012_Test = {
+        {
+                NID_X9_62_prime_field, 0, 64, 1
+        },
+        {                       /* no seed */
+                0x45, 0x31, 0xac, 0xd1, 0xfe, 0x00, 0x23, 0xc7, 0x55, 0x0d,     /* p */
+                0x26, 0x7b, 0x6b, 0x2f, 0xee, 0x80, 0x92, 0x2b, 0x14, 0xb2,
+                0xff, 0xb9, 0x0f, 0x04, 0xd4, 0xeb, 0x7c, 0x09, 0xb5, 0xd2,
+                0xd1, 0x5d, 0xf1, 0xd8, 0x52, 0x74, 0x1a, 0xf4, 0x70, 0x4a,
+                0x04, 0x58, 0x04, 0x7e, 0x80, 0xe4, 0x54, 0x6d, 0x35, 0xb8,
+                0x33, 0x6f, 0xac, 0x22, 0x4d, 0xd8, 0x16, 0x64, 0xbb, 0xf5,
+                0x28, 0xbe, 0x63, 0x73,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x07,
+                0x1c, 0xff, 0x08, 0x06, 0xa3, 0x11, 0x16, 0xda, 0x29, 0xd8,     /* b */
+                0xcf, 0xa5, 0x4e, 0x57, 0xeb, 0x74, 0x8b, 0xc5, 0xf3, 0x77,
+                0xe4, 0x94, 0x00, 0xfd, 0xd7, 0x88, 0xb6, 0x49, 0xec, 0xa1,
+                0xac, 0x43, 0x61, 0x83, 0x40, 0x13, 0xb2, 0xad, 0x73, 0x22,
+                0x48, 0x0a, 0x89, 0xca, 0x58, 0xe0, 0xcf, 0x74, 0xbc, 0x9e,
+                0x54, 0x0c, 0x2a, 0xdd, 0x68, 0x97, 0xfa, 0xd0, 0xa3, 0x08,
+                0x4f, 0x30, 0x2a, 0xdc,
+                0x24, 0xd1, 0x9c, 0xc6, 0x45, 0x72, 0xee, 0x30, 0xf3, 0x96,     /* x */
+                0xbf, 0x6e, 0xbb, 0xfd, 0x7a, 0x6c, 0x52, 0x13, 0xb3, 0xb3,
+                0xd7, 0x05, 0x7c, 0xc8, 0x25, 0xf9, 0x10, 0x93, 0xa6, 0x8c,
+                0xd7, 0x62, 0xfd, 0x60, 0x61, 0x12, 0x62, 0xcd, 0x83, 0x8d,
+                0xc6, 0xb6, 0x0a, 0xa7, 0xee, 0xe8, 0x04, 0xe2, 0x8b, 0xc8,
+                0x49, 0x97, 0x7f, 0xac, 0x33, 0xb4, 0xb5, 0x30, 0xf1, 0xb1,
+                0x20, 0x24, 0x8a, 0x9a,
+                0x2b, 0xb3, 0x12, 0xa4, 0x3b, 0xd2, 0xce, 0x6e, 0x0d, 0x02,     /* y */
+                0x06, 0x13, 0xc8, 0x57, 0xac, 0xdd, 0xcf, 0xbf, 0x06, 0x1e,
+                0x91, 0xe5, 0xf2, 0xc3, 0xf3, 0x24, 0x47, 0xc2, 0x59, 0xf3,
+                0x9b, 0x2c, 0x83, 0xab, 0x15, 0x6d, 0x77, 0xf1, 0x49, 0x6b,
+                0xf7, 0xeb, 0x33, 0x51, 0xe1, 0xee, 0x4e, 0x43, 0xdc, 0x1a,
+                0x18, 0xb9, 0x1b, 0x24, 0x64, 0x0b, 0x6d, 0xbb, 0x92, 0xcb,
+                0x1a, 0xdd, 0x37, 0x1e,
+                0x45, 0x31, 0xac, 0xd1, 0xfe, 0x00, 0x23, 0xc7, 0x55, 0x0d,     /* order */
+                0x26, 0x7b, 0x6b, 0x2f, 0xee, 0x80, 0x92, 0x2b, 0x14, 0xb2,
+                0xff, 0xb9, 0x0f, 0x04, 0xd4, 0xeb, 0x7c, 0x09, 0xb5, 0xd2,
+                0xd1, 0x5d, 0xa8, 0x2f, 0x2d, 0x7e, 0xcb, 0x1d, 0xba, 0xc7,
+                0x19, 0x90, 0x5c, 0x5e, 0xec, 0xc4, 0x23, 0xf1, 0xd8, 0x6e,
+                0x25, 0xed, 0xbe, 0x23, 0xc5, 0x95, 0xd6, 0x44, 0xaa, 0xf1,
+                0x87, 0xe6, 0xe6, 0xdf,
+        }
+};
+static const struct {
+        EC_CURVE_DATA h;
+        unsigned char data[0 + 64 * 6];
+}
+ _EC_GOST_2012_TC26_A = {
+        {
+                NID_X9_62_prime_field, 0, 64, 1
+        },
+        {                       /* no seed */
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,     /* p */
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xfd, 0xc7,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,     /* a */
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xfd, 0xc4,
+                0xe8, 0xc2, 0x50, 0x5d, 0xed, 0xfc, 0x86, 0xdd, 0xc1, 0xbd,     /* b */
+                0x0b, 0x2b, 0x66, 0x67, 0xf1, 0xda, 0x34, 0xb8, 0x25, 0x74,
+                0x76, 0x1c, 0xb0, 0xe8, 0x79, 0xbd, 0x08, 0x1c, 0xfd, 0x0b,
+                0x62, 0x65, 0xee, 0x3c, 0xb0, 0x90, 0xf3, 0x0d, 0x27, 0x61,
+                0x4c, 0xb4, 0x57, 0x40, 0x10, 0xda, 0x90, 0xdd, 0x86, 0x2e,
+                0xf9, 0xd4, 0xeb, 0xee, 0x47, 0x61, 0x50, 0x31, 0x90, 0x78,
+                0x5a, 0x71, 0xc7, 0x60,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* x */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x03,
+                0x75, 0x03, 0xcf, 0xe8, 0x7a, 0x83, 0x6a, 0xe3, 0xa6, 0x1b,     /* y */
+                0x88, 0x16, 0xe2, 0x54, 0x50, 0xe6, 0xce, 0x5e, 0x1c, 0x93,
+                0xac, 0xf1, 0xab, 0xc1, 0x77, 0x80, 0x64, 0xfd, 0xcb, 0xef,
+                0xa9, 0x21, 0xdf, 0x16, 0x26, 0xbe, 0x4f, 0xd0, 0x36, 0xe9,
+                0x3d, 0x75, 0xe6, 0xa5, 0x0e, 0x3a, 0x41, 0xe9, 0x80, 0x28,
+                0xfe, 0x5f, 0xc2, 0x35, 0xf5, 0xb8, 0x89, 0xa5, 0x89, 0xcb,
+                0x52, 0x15, 0xf2, 0xa4,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,     /* order */
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+                0xff, 0xff, 0x27, 0xe6, 0x95, 0x32, 0xf4, 0x8d, 0x89, 0x11,
+                0x6f, 0xf2, 0x2b, 0x8d, 0x4e, 0x05, 0x60, 0x60, 0x9b, 0x4b,
+                0x38, 0xab, 0xfa, 0xd2, 0xb8, 0x5d, 0xca, 0xcd, 0xb1, 0x41,
+                0x1f, 0x10, 0xb2, 0x75
+        }
+};
+static const struct {
+        EC_CURVE_DATA h;
+        unsigned char data[0 + 64 * 6];
+}
+ _EC_GOST_2012_TC26_B = {
+        {
+                NID_X9_62_prime_field, 0, 64, 1
+        },
+        {                       /* no seed */
+                0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x6f,
+                0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x6c,
+                0x68, 0x7d, 0x1b, 0x45, 0x9d, 0xc8, 0x41, 0x45, 0x7e, 0x3e,     /* b */
+                0x06, 0xcf, 0x6f, 0x5e, 0x25, 0x17, 0xb9, 0x7c, 0x7d, 0x61,
+                0x4a, 0xf1, 0x38, 0xbc, 0xbf, 0x85, 0xdc, 0x80, 0x6c, 0x4b,
+                0x28, 0x9f, 0x3e, 0x96, 0x5d, 0x2d, 0xb1, 0x41, 0x6d, 0x21,
+                0x7f, 0x8b, 0x27, 0x6f, 0xad, 0x1a, 0xb6, 0x9c, 0x50, 0xf7,
+                0x8b, 0xee, 0x1f, 0xa3, 0x10, 0x6e, 0xfb, 0x8c, 0xcb, 0xc7,
+                0xc5, 0x14, 0x01, 0x16,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* x */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x02,
+                0x1a, 0x8f, 0x7e, 0xda, 0x38, 0x9b, 0x09, 0x4c, 0x2c, 0x07,     /* y */
+                0x1e, 0x36, 0x47, 0xa8, 0x94, 0x0f, 0x3c, 0x12, 0x3b, 0x69,
+                0x75, 0x78, 0xc2, 0x13, 0xbe, 0x6d, 0xd9, 0xe6, 0xc8, 0xec,
+                0x73, 0x35, 0xdc, 0xb2, 0x28, 0xfd, 0x1e, 0xdf, 0x4a, 0x39,
+                0x15, 0x2c, 0xbc, 0xaa, 0xf8, 0xc0, 0x39, 0x88, 0x28, 0x04,
+                0x10, 0x55, 0xf9, 0x4c, 0xee, 0xec, 0x7e, 0x21, 0x34, 0x07,
+                0x80, 0xfe, 0x41, 0xbd,
+                0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* order */
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0x00, 0x01, 0x49, 0xa1, 0xec, 0x14, 0x25, 0x65, 0xa5, 0x45,
+                0xac, 0xfd, 0xb7, 0x7b, 0xd9, 0xd4, 0x0c, 0xfa, 0x8b, 0x99,
+                0x67, 0x12, 0x10, 0x1b, 0xea, 0x0e, 0xc6, 0x34, 0x6c, 0x54,
+                0x37, 0x4f, 0x25, 0xbd
+        }
+};
+#endif
 typedef struct _ec_list_element_st {
        int nid;
        const EC_CURVE_DATA *data;
@@ -2890,7 +3199,18 @@ static const ec_list_element curve_list[] = {
        {NID_brainpoolP512r1, &_EC_brainpoolP512r1.h, 0, "RFC 5639 curve over a 512 bit prime field"},
        {NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0, "RFC 5639 curve over a 512 bit prime field"},
        /* ANSSI */
-        {NID_FRP256v1, &_EC_FRP256v1.h, 0, "FRP256v1"}
+        {NID_FRP256v1, &_EC_FRP256v1.h, 0, "FRP256v1"},
+#ifndef OPENSSL_NO_GOST
+        /* GOST R 34.10-2001 */
+        {NID_id_GostR3410_2001_TestParamSet, &_EC_GOST_2001_Test.h, 0, "GOST R 34.10-2001 Test Curve"},
+        {NID_id_GostR3410_2001_CryptoPro_A_ParamSet, &_EC_GOST_2001_CryptoPro_A.h, 0, "GOST R 34.10-2001 CryptoPro-A"},
+        {NID_id_GostR3410_2001_CryptoPro_B_ParamSet, &_EC_GOST_2001_CryptoPro_B.h, 0, "GOST R 34.10-2001 CryptoPro-B"},
+        {NID_id_GostR3410_2001_CryptoPro_C_ParamSet, &_EC_GOST_2001_CryptoPro_C.h, 0, "GOST R 34.10-2001 CryptoPro-C"},
+        {NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet, &_EC_GOST_2001_CryptoPro_A.h, 0, "GOST R 34.10-2001 CryptoPro-XchA"},
+        {NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet, &_EC_GOST_2001_CryptoPro_C.h, 0, "GOST R 34.10-2001 CryptoPro-XchB"},
+        {NID_id_tc26_gost_3410_2012_512_paramSetA, &_EC_GOST_2012_TC26_A.h, 0, "GOST R 34.10-2012 TC26-A"},
+        {NID_id_tc26_gost_3410_2012_512_paramSetB, &_EC_GOST_2012_TC26_B.h, 0, "GOST R 34.10-2012 TC26-A"},
+#endif
 };
 #define curve_list_length (sizeof(curve_list)/sizeof(ec_list_element))
diff --git a/src/lib/libssl/src/crypto/err/err.c b/src/lib/libssl/src/crypto/err/err.c
index 75a1d0181e..f06320247c 100644
--- a/src/lib/libssl/src/crypto/err/err.c
+++ b/src/lib/libssl/src/crypto/err/err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: err.c,v 1.40 2014/10/05 15:21:48 deraadt Exp $ */
+/* $OpenBSD: err.c,v 1.41 2014/11/09 19:17:13 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -157,6 +157,7 @@ static ERR_STRING_DATA ERR_str_libraries[] = {
        {ERR_PACK(ERR_LIB_FIPS,0,0),            "FIPS routines"},
        {ERR_PACK(ERR_LIB_CMS,0,0),             "CMS routines"},
        {ERR_PACK(ERR_LIB_HMAC,0,0),            "HMAC routines"},
+        {ERR_PACK(ERR_LIB_GOST,0,0),            "GOST routines"},
        {0, NULL},
 };
diff --git a/src/lib/libssl/src/crypto/err/err.h b/src/lib/libssl/src/crypto/err/err.h
index ced340ea80..87bb96eec7 100644
--- a/src/lib/libssl/src/crypto/err/err.h
+++ b/src/lib/libssl/src/crypto/err/err.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: err.h,v 1.21 2014/07/11 09:25:24 jsing Exp $ */
+/* $OpenBSD: err.h,v 1.22 2014/11/09 19:17:13 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -195,6 +195,7 @@ typedef struct err_state_st {
 #define ERR_LIB_TS              47
 #define ERR_LIB_HMAC            48
 #define ERR_LIB_JPAKE           49
+#define ERR_LIB_GOST            50
 #define ERR_LIB_USER            128
@@ -231,6 +232,7 @@ typedef struct err_state_st {
 #define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
 #define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
 #define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
+#define GOSTerr(f,r) ERR_PUT_error(ERR_LIB_GOST,(f),(r),__FILE__,__LINE__)
 #define ERR_PACK(l,f,r)         (((((unsigned long)l)&0xffL)<<24L)| \
                                ((((unsigned long)f)&0xfffL)<<12L)| \
diff --git a/src/lib/libssl/src/crypto/err/err_all.c b/src/lib/libssl/src/crypto/err/err_all.c
index 7362220824..c880f1fbf3 100644
--- a/src/lib/libssl/src/crypto/err/err_all.c
+++ b/src/lib/libssl/src/crypto/err/err_all.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: err_all.c,v 1.18 2014/10/18 17:08:32 jsing Exp $ */
+/* $OpenBSD: err_all.c,v 1.19 2014/11/09 19:17:13 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -105,6 +105,9 @@
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
+#ifndef OPENSSL_NO_GOST
+#include <openssl/gost.h>
+#endif
 void
 ERR_load_crypto_strings(void)
@@ -157,5 +160,8 @@ ERR_load_crypto_strings(void)
 #ifndef OPENSSL_NO_CMS
        ERR_load_CMS_strings();
 #endif
+#ifndef OPENSSL_NO_GOST
+        ERR_load_GOST_strings();
+#endif
 #endif
 }
diff --git a/src/lib/libssl/src/crypto/err/openssl.ec b/src/lib/libssl/src/crypto/err/openssl.ec
index c513734e94..dcebbba6c4 100644
--- a/src/lib/libssl/src/crypto/err/openssl.ec
+++ b/src/lib/libssl/src/crypto/err/openssl.ec
@@ -34,6 +34,7 @@ L STORE		crypto/store/store.h		crypto/store/str_err.c
 L TS            crypto/ts/ts.h                  crypto/ts/ts_err.c
 L HMAC          crypto/hmac/hmac.h              crypto/hmac/hmac_err.c
 L CMS           crypto/cms/cms.h                crypto/cms/cms_err.c
+L GOST          crypto/gost/gost.h              crypto/gost/gost_err.c
 # additional header files to be scanned for function names
 L NONE          crypto/x509/x509_vfy.h          NONE
diff --git a/src/lib/libssl/src/crypto/evp/c_allc.c b/src/lib/libssl/src/crypto/evp/c_allc.c
index 657e14f86f..26a5cc6179 100644
--- a/src/lib/libssl/src/crypto/evp/c_allc.c
+++ b/src/lib/libssl/src/crypto/evp/c_allc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: c_allc.c,v 1.13 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: c_allc.c,v 1.14 2014/11/09 19:17:13 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -225,4 +225,10 @@ OpenSSL_add_all_ciphers(void)
 #ifndef OPENSSL_NO_CHACHA
        EVP_add_cipher(EVP_chacha20());
 #endif
+#ifndef OPENSSL_NO_GOST
+        EVP_add_cipher(EVP_gost2814789_ecb());
+        EVP_add_cipher(EVP_gost2814789_cfb64());
+        EVP_add_cipher(EVP_gost2814789_cnt());
+#endif
 }
diff --git a/src/lib/libssl/src/crypto/evp/c_alld.c b/src/lib/libssl/src/crypto/evp/c_alld.c
index 8f59100caa..99da8acdae 100644
--- a/src/lib/libssl/src/crypto/evp/c_alld.c
+++ b/src/lib/libssl/src/crypto/evp/c_alld.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: c_alld.c,v 1.11 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: c_alld.c,v 1.12 2014/11/09 19:17:13 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -95,6 +95,12 @@ OpenSSL_add_all_digests(void)
        EVP_add_digest(EVP_ecdsa());
 #endif
 #endif
+#ifndef OPENSSL_NO_GOST
+        EVP_add_digest(EVP_gostr341194());
+        EVP_add_digest(EVP_gost2814789imit());
+        EVP_add_digest(EVP_streebog256());
+        EVP_add_digest(EVP_streebog512());
+#endif
 #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
        EVP_add_digest(EVP_mdc2());
 #endif
diff --git a/src/lib/libssl/src/crypto/evp/e_gost2814789.c b/src/lib/libssl/src/crypto/evp/e_gost2814789.c
new file mode 100644
index 0000000000..678c7af09d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/e_gost2814789.c
@@ -0,0 +1,216 @@
+/* $OpenBSD: e_gost2814789.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/gost.h>
+#include "evp_locl.h"
+typedef struct {
+        GOST2814789_KEY ks;
+        int param_nid;
+} EVP_GOST2814789_CTX;
+static int gost2814789_ctl(EVP_CIPHER_CTX *ctx,int type,int arg,void *ptr)
+{
+        EVP_GOST2814789_CTX *c = ctx->cipher_data;
+        switch (type) {
+        case EVP_CTRL_PBE_PRF_NID:
+                if (ptr) {
+                        *((int *)ptr) = NID_id_HMACGostR3411_94;
+                        return 1;
+                } else {
+                        return 0;
+                }
+        case EVP_CTRL_INIT:
+                /* Default value to have any s-box set at all */
+                c->param_nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
+                return Gost2814789_set_sbox(&c->ks, c->param_nid);
+        case EVP_CTRL_GOST_SET_SBOX:
+                return Gost2814789_set_sbox(&c->ks, arg);
+        default:
+                return -1;
+        }
+}
+static int gost2814789_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+        const unsigned char *iv, int enc)
+{
+        EVP_GOST2814789_CTX *c = ctx->cipher_data;
+        return Gost2814789_set_key(&c->ks, key, ctx->key_len * 8);
+}
+int gost2814789_set_asn1_params(EVP_CIPHER_CTX * ctx, ASN1_TYPE * params)
+{
+        int len = 0;
+        unsigned char *buf = NULL;
+        unsigned char *p = NULL;
+        EVP_GOST2814789_CTX *c = ctx->cipher_data;
+        GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new();
+        ASN1_OCTET_STRING *os = NULL;
+        if (!gcp) {
+                GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        if (!ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len)) {
+                GOST_CIPHER_PARAMS_free(gcp);
+                GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_ASN1_LIB);
+                return 0;
+        }
+        ASN1_OBJECT_free(gcp->enc_param_set);
+        gcp->enc_param_set = OBJ_nid2obj(c->param_nid);
+        len = i2d_GOST_CIPHER_PARAMS(gcp, NULL);
+        p = buf = malloc(len);
+        if (!buf) {
+                GOST_CIPHER_PARAMS_free(gcp);
+                GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        i2d_GOST_CIPHER_PARAMS(gcp, &p);
+        GOST_CIPHER_PARAMS_free(gcp);
+        os = ASN1_OCTET_STRING_new();
+        if (!os || !ASN1_OCTET_STRING_set(os, buf, len)) {
+                free(buf);
+                GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_ASN1_LIB);
+                return 0;
+        }
+        free(buf);
+        ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
+        return 1;
+}
+int gost2814789_get_asn1_params(EVP_CIPHER_CTX * ctx, ASN1_TYPE * params)
+{
+        int ret = -1;
+        int len;
+        GOST_CIPHER_PARAMS *gcp = NULL;
+        EVP_GOST2814789_CTX *c = ctx->cipher_data;
+        unsigned char *p;
+        if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE) {
+                return ret;
+        }
+        p = params->value.sequence->data;
+        gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p,
+                                     params->value.sequence->length);
+        len = gcp->iv->length;
+        if (len != ctx->cipher->iv_len) {
+                GOST_CIPHER_PARAMS_free(gcp);
+                GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS,
+                        GOST_R_INVALID_IV_LENGTH);
+                return -1;
+        }
+        if (!Gost2814789_set_sbox(&c->ks, OBJ_obj2nid(gcp->enc_param_set))) {
+                GOST_CIPHER_PARAMS_free(gcp);
+                return -1;
+        }
+        c->param_nid = OBJ_obj2nid(gcp->enc_param_set);
+        memcpy(ctx->oiv, gcp->iv->data, len);
+        memcpy(ctx->iv, gcp->iv->data, len);
+        GOST_CIPHER_PARAMS_free(gcp);
+        return 1;
+}
+BLOCK_CIPHER_func_ecb(gost2814789, Gost2814789, EVP_GOST2814789_CTX, ks)
+BLOCK_CIPHER_func_cfb(gost2814789, Gost2814789, 64, EVP_GOST2814789_CTX, ks)
+static int gost2814789_cnt_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
+                                  const unsigned char *in, size_t inl)
+{
+        EVP_GOST2814789_CTX *c = ctx->cipher_data;
+        while (inl >= EVP_MAXCHUNK) {
+                Gost2814789_cnt_encrypt(in, out, (long)EVP_MAXCHUNK, &c->ks,
+                                        ctx->iv, ctx->buf, &ctx->num);
+                inl -= EVP_MAXCHUNK;
+                in += EVP_MAXCHUNK;
+                out += EVP_MAXCHUNK;
+        }
+        if (inl)
+                Gost2814789_cnt_encrypt(in, out, inl, &c->ks,
+                                        ctx->iv, ctx->buf, &ctx->num);
+        return 1;
+}
+/* gost89 is CFB-64 */
+#define NID_gost89_cfb64 NID_id_Gost28147_89
+BLOCK_CIPHER_def_ecb(gost2814789, EVP_GOST2814789_CTX, NID_gost89, 8, 32,
+                     EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT,
+                     gost2814789_init_key, NULL, gost2814789_set_asn1_params,
+                     gost2814789_get_asn1_params, gost2814789_ctl)
+BLOCK_CIPHER_def_cfb(gost2814789, EVP_GOST2814789_CTX, NID_gost89, 32, 8, 64,
+                     EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT,
+                     gost2814789_init_key, NULL, gost2814789_set_asn1_params,
+                     gost2814789_get_asn1_params, gost2814789_ctl)
+BLOCK_CIPHER_def1(gost2814789, cnt, cnt, OFB, EVP_GOST2814789_CTX, NID_gost89,
+                  1, 32, 8, EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT,
+                  gost2814789_init_key, NULL, gost2814789_set_asn1_params,
+                  gost2814789_get_asn1_params, gost2814789_ctl)
+#endif
diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h
index 9de7c3f9ef..6c1bf6c7cd 100644
--- a/src/lib/libssl/src/crypto/evp/evp.h
+++ b/src/lib/libssl/src/crypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.39 2014/07/11 15:28:27 tedu Exp $ */
+/* $OpenBSD: evp.h,v 1.40 2014/11/09 19:17:13 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -107,8 +107,12 @@
 #define EVP_PKEY_DSA4   NID_dsaWithSHA1_2
 #define EVP_PKEY_DH     NID_dhKeyAgreement
 #define EVP_PKEY_EC     NID_X9_62_id_ecPublicKey
+#define EVP_PKEY_GOSTR01 NID_id_GostR3410_2001
+#define EVP_PKEY_GOSTIMIT NID_id_Gost28147_89_MAC
 #define EVP_PKEY_HMAC   NID_hmac
 #define EVP_PKEY_CMAC   NID_cmac
+#define EVP_PKEY_GOSTR12_256 NID_id_tc26_gost3410_2012_256
+#define EVP_PKEY_GOSTR12_512 NID_id_tc26_gost3410_2012_512
 #ifdef  __cplusplus
 extern "C" {
@@ -137,6 +141,9 @@ struct evp_pkey_st {
 #ifndef OPENSSL_NO_EC
                struct ec_key_st *ec;   /* ECC */
 #endif
+#ifndef OPENSSL_NO_GOST
+                struct gost_key_st *gost; /* GOST */
+#endif
        } pkey;
        int save_parameters;
        STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
@@ -213,6 +220,8 @@ typedef int evp_verify_method(int type, const unsigned char *m,
 #define EVP_MD_CTRL_DIGALGID                    0x1
 #define EVP_MD_CTRL_MICALG                      0x2
+#define EVP_MD_CTRL_SET_KEY                     0x3
+#define EVP_MD_CTRL_GOST_SET_SBOX               0x4
 /* Minimum Algorithm specific ctrl value */
@@ -381,6 +390,8 @@ struct evp_cipher_st {
 #define         EVP_CTRL_AEAD_SET_MAC_KEY       0x17
 /* Set the GCM invocation field, decrypt only */
 #define         EVP_CTRL_GCM_SET_IV_INV         0x18
+/* Set the S-BOX NID for GOST ciphers */
+#define         EVP_CTRL_GOST_SET_SBOX          0x19
 /* GCM TLS constants */
 /* Length of fixed part of IV derived from PRF */
@@ -451,6 +462,11 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                                        (char *)(eckey))
 #endif
+#ifndef OPENSSL_NO_GOST
+#define EVP_PKEY_assign_GOST(pkey,gostkey) EVP_PKEY_assign((pkey),EVP_PKEY_GOSTR01,\
+                                        (char *)(gostkey))
+#endif
 /* Add some extra combinations */
 #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
 #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
@@ -530,6 +546,7 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
 int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
 void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
 void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
+int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr);
 int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
@@ -665,6 +682,12 @@ const EVP_MD *EVP_ripemd160(void);
 #ifndef OPENSSL_NO_WHIRLPOOL
 const EVP_MD *EVP_whirlpool(void);
 #endif
+#ifndef OPENSSL_NO_GOST
+const EVP_MD *EVP_gostr341194(void);
+const EVP_MD *EVP_gost2814789imit(void);
+const EVP_MD *EVP_streebog256(void);
+const EVP_MD *EVP_streebog512(void);
+#endif
 const EVP_CIPHER *EVP_enc_null(void);           /* does nothing :-) */
 #ifndef OPENSSL_NO_DES
 const EVP_CIPHER *EVP_des_ecb(void);
@@ -804,6 +827,12 @@ const EVP_CIPHER *EVP_camellia_256_ofb(void);
 const EVP_CIPHER *EVP_chacha20(void);
 #endif
+#ifndef OPENSSL_NO_GOST
+const EVP_CIPHER *EVP_gost2814789_ecb(void);
+const EVP_CIPHER *EVP_gost2814789_cfb64(void);
+const EVP_CIPHER *EVP_gost2814789_cnt(void);
+#endif
 void OPENSSL_add_all_algorithms_noconf(void);
 void OPENSSL_add_all_algorithms_conf(void);
@@ -871,6 +900,9 @@ struct ec_key_st;
 int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
 struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
 #endif
+#ifndef OPENSSL_NO_GOST
+struct gost_key_st;
+#endif
 EVP_PKEY *EVP_PKEY_new(void);
 void EVP_PKEY_free(EVP_PKEY *pkey);
@@ -1337,6 +1369,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_EVP_DIGESTINIT_EX                          128
 #define EVP_F_EVP_ENCRYPTFINAL_EX                        127
 #define EVP_F_EVP_MD_CTX_COPY_EX                         110
+#define EVP_F_EVP_MD_CTX_CTRL                            195
 #define EVP_F_EVP_MD_SIZE                                162
 #define EVP_F_EVP_OPENINIT                               102
 #define EVP_F_EVP_PBE_ALG_ADD                            115
diff --git a/src/lib/libssl/src/crypto/evp/m_gost2814789.c b/src/lib/libssl/src/crypto/evp/m_gost2814789.c
new file mode 100644
index 0000000000..ff3f489e46
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/m_gost2814789.c
@@ -0,0 +1,105 @@
+/* $OpenBSD: m_gost2814789.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/evp.h>
+#include <openssl/gost.h>
+#include <openssl/objects.h>
+static int init(EVP_MD_CTX *ctx)
+{
+        return GOST2814789IMIT_Init(ctx->md_data, NID_id_Gost28147_89_CryptoPro_A_ParamSet);
+}
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+        return GOST2814789IMIT_Update(ctx->md_data, data, count);
+}
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+        return GOST2814789IMIT_Final(md, ctx->md_data);
+}
+static int md_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
+{
+        GOST2814789IMIT_CTX *gctx = ctx->md_data;
+        switch (cmd) {
+        case EVP_MD_CTRL_SET_KEY:
+                return Gost2814789_set_key(&gctx->cipher, p2, p1);
+        case EVP_MD_CTRL_GOST_SET_SBOX:
+                return Gost2814789_set_sbox(&gctx->cipher, p1);
+        }
+        return -2;
+}
+static const EVP_MD gost2814789imit_md = {
+        .type = NID_id_Gost28147_89_MAC,
+        .pkey_type = NID_undef,
+        .md_size = GOST2814789IMIT_LENGTH,
+        .flags = 0,
+        .init = init,
+        .update = update,
+        .final = final,
+        .block_size = GOST2814789IMIT_CBLOCK,
+        .ctx_size = sizeof(EVP_MD *) + sizeof(GOST2814789IMIT_CTX),
+        .md_ctrl = md_ctrl,
+};
+const EVP_MD *
+EVP_gost2814789imit(void)
+{
+        return (&gost2814789imit_md);
+}
+#endif
diff --git a/src/lib/libssl/src/crypto/evp/m_gostr341194.c b/src/lib/libssl/src/crypto/evp/m_gostr341194.c
new file mode 100644
index 0000000000..380d92d508
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/m_gostr341194.c
@@ -0,0 +1,93 @@
+/* $OpenBSD: m_gostr341194.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <stdio.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/evp.h>
+#include <openssl/gost.h>
+#include <openssl/objects.h>
+static int init(EVP_MD_CTX *ctx)
+{
+        return GOSTR341194_Init(ctx->md_data, NID_id_GostR3411_94_CryptoProParamSet);
+}
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+        return GOSTR341194_Update(ctx->md_data, data, count);
+}
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+        return GOSTR341194_Final(md, ctx->md_data);
+}
+static const EVP_MD gostr341194_md = {
+        .type = NID_id_GostR3411_94,
+        .pkey_type = NID_undef,
+        .md_size = GOSTR341194_LENGTH,
+        .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
+        .init = init,
+        .update = update,
+        .final = final,
+        .block_size = GOSTR341194_CBLOCK,
+        .ctx_size = sizeof(EVP_MD *) + sizeof(GOSTR341194_CTX),
+};
+const EVP_MD *
+EVP_gostr341194(void)
+{
+        return (&gostr341194_md);
+}
+#endif
diff --git a/src/lib/libssl/src/crypto/evp/m_streebog.c b/src/lib/libssl/src/crypto/evp/m_streebog.c
new file mode 100644
index 0000000000..cf4b159f43
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/m_streebog.c
@@ -0,0 +1,125 @@
+/* $OpenBSD: m_streebog.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/evp.h>
+#include <openssl/gost.h>
+#include <openssl/objects.h>
+static int init256(EVP_MD_CTX *ctx)
+{
+        return STREEBOG256_Init(ctx->md_data);
+}
+static int update256(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+        return STREEBOG256_Update(ctx->md_data, data, count);
+}
+static int final256(EVP_MD_CTX *ctx, unsigned char *md)
+{
+        return STREEBOG256_Final(md, ctx->md_data);
+}
+static int init512(EVP_MD_CTX *ctx)
+{
+        return STREEBOG512_Init(ctx->md_data);
+}
+static int update512(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+        return STREEBOG512_Update(ctx->md_data, data, count);
+}
+static int final512(EVP_MD_CTX *ctx, unsigned char *md)
+{
+        return STREEBOG512_Final(md, ctx->md_data);
+}
+static const EVP_MD streebog256_md = {
+        .type = NID_id_tc26_gost3411_2012_256,
+        .pkey_type = NID_undef,
+        .md_size = STREEBOG256_LENGTH,
+        .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
+        .init = init256,
+        .update = update256,
+        .final = final256,
+        .block_size = STREEBOG_CBLOCK,
+        .ctx_size = sizeof(EVP_MD *) + sizeof(STREEBOG_CTX),
+};
+static const EVP_MD streebog512_md = {
+        .type = NID_id_tc26_gost3411_2012_512,
+        .pkey_type = NID_undef,
+        .md_size = STREEBOG512_LENGTH,
+        .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
+        .init = init512,
+        .update = update512,
+        .final = final512,
+        .block_size = STREEBOG_CBLOCK,
+        .ctx_size = sizeof(EVP_MD *) + sizeof(STREEBOG_CTX),
+};
+const EVP_MD *
+EVP_streebog256(void)
+{
+        return (&streebog256_md);
+}
+const EVP_MD *
+EVP_streebog512(void)
+{
+        return (&streebog512_md);
+}
+#endif
diff --git a/src/lib/libssl/src/crypto/evp/pmeth_lib.c b/src/lib/libssl/src/crypto/evp/pmeth_lib.c
index 12267a6d93..24cdfdd1d0 100644
--- a/src/lib/libssl/src/crypto/evp/pmeth_lib.c
+++ b/src/lib/libssl/src/crypto/evp/pmeth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_lib.c,v 1.9 2014/07/12 16:03:37 miod Exp $ */
+/* $OpenBSD: pmeth_lib.c,v 1.10 2014/11/09 19:17:13 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -79,6 +79,7 @@ STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
 extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth;
 extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth;
+extern const EVP_PKEY_METHOD gostimit_pkey_meth, gostr01_pkey_meth;
 static const EVP_PKEY_METHOD *standard_methods[] = {
 #ifndef OPENSSL_NO_RSA
@@ -93,8 +94,12 @@ static const EVP_PKEY_METHOD *standard_methods[] = {
 #ifndef OPENSSL_NO_EC
        &ec_pkey_meth,
 #endif
+#ifndef OPENSSL_NO_GOST
+        &gostr01_pkey_meth,
+        &gostimit_pkey_meth,
+#endif
        &hmac_pkey_meth,
-        &cmac_pkey_meth
+        &cmac_pkey_meth,
 };
 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
diff --git a/src/lib/libssl/src/crypto/gost/gost.h b/src/lib/libssl/src/crypto/gost/gost.h
new file mode 100644
index 0000000000..5296e7b9c2
--- /dev/null
+++ b/src/lib/libssl/src/crypto/gost/gost.h
@@ -0,0 +1,263 @@
+/* $OpenBSD: gost.h,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#ifndef HEADER_GOST_H
+#define HEADER_GOST_H
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_GOST
+#error GOST is disabled.
+#endif
+#include <openssl/asn1t.h>
+#include <openssl/ec.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
+typedef struct gost2814789_key_st {
+        unsigned int key[8];
+        unsigned int k87[256],k65[256],k43[256],k21[256];
+        unsigned int count;
+        unsigned key_meshing : 1;
+} GOST2814789_KEY;
+int Gost2814789_set_sbox(GOST2814789_KEY *key, int nid);
+int Gost2814789_set_key(GOST2814789_KEY *key,
+                const unsigned char *userKey, const int bits);
+void Gost2814789_ecb_encrypt(const unsigned char *in, unsigned char *out,
+        GOST2814789_KEY *key, const int enc);
+void Gost2814789_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+        size_t length, GOST2814789_KEY *key,
+        unsigned char *ivec, int *num, const int enc);
+void Gost2814789_cnt_encrypt(const unsigned char *in, unsigned char *out,
+        size_t length, GOST2814789_KEY *key,
+        unsigned char *ivec, unsigned char *cnt_buf, int *num);
+typedef struct {
+        ASN1_OCTET_STRING *iv;
+        ASN1_OBJECT *enc_param_set;
+} GOST_CIPHER_PARAMS;
+DECLARE_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS)
+#define GOST2814789IMIT_LENGTH 4
+#define GOST2814789IMIT_CBLOCK 8
+#define GOST2814789IMIT_LONG unsigned int
+typedef struct GOST2814789IMITstate_st {
+        GOST2814789IMIT_LONG    Nl, Nh;
+        unsigned char           data[GOST2814789IMIT_CBLOCK];
+        unsigned int            num;
+        GOST2814789_KEY         cipher;
+        unsigned char           mac[GOST2814789IMIT_CBLOCK];
+} GOST2814789IMIT_CTX;
+/* Note, also removed second parameter and removed dctx->cipher setting */
+int GOST2814789IMIT_Init(GOST2814789IMIT_CTX *c, int nid);
+int GOST2814789IMIT_Update(GOST2814789IMIT_CTX *c, const void *data, size_t len);
+int GOST2814789IMIT_Final(unsigned char *md, GOST2814789IMIT_CTX *c);
+void GOST2814789IMIT_Transform(GOST2814789IMIT_CTX *c, const unsigned char *data);
+unsigned char *GOST2814789IMIT(const unsigned char *d, size_t n,
+                unsigned char *md, int nid,
+                const unsigned char *key, const unsigned char *iv);
+#define GOSTR341194_LONG unsigned int
+#define GOSTR341194_LENGTH      32
+#define GOSTR341194_CBLOCK      32
+#define GOSTR341194_LBLOCK      (GOSTR341194_CBLOCK/4)
+typedef struct GOSTR341194state_st {
+        GOSTR341194_LONG        Nl, Nh;
+        GOSTR341194_LONG        data[GOSTR341194_LBLOCK];
+        unsigned int            num;
+        GOST2814789_KEY         cipher;
+        unsigned char           H[GOSTR341194_CBLOCK];
+        unsigned char           S[GOSTR341194_CBLOCK];
+} GOSTR341194_CTX;
+/* Note, also removed second parameter and removed dctx->cipher setting */
+int GOSTR341194_Init(GOSTR341194_CTX *c, int nid);
+int GOSTR341194_Update(GOSTR341194_CTX *c, const void *data, size_t len);
+int GOSTR341194_Final(unsigned char *md, GOSTR341194_CTX *c);
+void GOSTR341194_Transform(GOSTR341194_CTX *c, const unsigned char *data);
+unsigned char *GOSTR341194(const unsigned char *d, size_t n,unsigned char *md, int nid);
+#if defined(_LP64)
+#define STREEBOG_LONG64 unsigned long
+#define U64(C)     C##UL
+#else
+#define STREEBOG_LONG64 unsigned long long
+#define U64(C)     C##ULL
+#endif
+#define STREEBOG_LBLOCK 8
+#define STREEBOG_CBLOCK 64
+#define STREEBOG256_LENGTH 32
+#define STREEBOG512_LENGTH 64
+typedef struct STREEBOGstate_st {
+        STREEBOG_LONG64 data[STREEBOG_LBLOCK];
+        unsigned int    num;
+        unsigned int    md_len;
+        STREEBOG_LONG64 h[STREEBOG_LBLOCK];
+        STREEBOG_LONG64 N[STREEBOG_LBLOCK];
+        STREEBOG_LONG64 Sigma[STREEBOG_LBLOCK];
+} STREEBOG_CTX;
+int STREEBOG256_Init(STREEBOG_CTX *c);
+int STREEBOG256_Update(STREEBOG_CTX *c, const void *data, size_t len);
+int STREEBOG256_Final(unsigned char *md, STREEBOG_CTX *c);
+void STREEBOG256_Transform(STREEBOG_CTX *c, const unsigned char *data);
+unsigned char *STREEBOG256(const unsigned char *d, size_t n,unsigned char *md);
+int STREEBOG512_Init(STREEBOG_CTX *c);
+int STREEBOG512_Update(STREEBOG_CTX *c, const void *data, size_t len);
+int STREEBOG512_Final(unsigned char *md, STREEBOG_CTX *c);
+void STREEBOG512_Transform(STREEBOG_CTX *c, const unsigned char *data);
+unsigned char *STREEBOG512(const unsigned char *d, size_t n,unsigned char *md);
+typedef struct gost_key_st GOST_KEY;
+GOST_KEY *GOST_KEY_new(void);
+void GOST_KEY_free(GOST_KEY * r);
+int GOST_KEY_check_key(const GOST_KEY * eckey);
+int GOST_KEY_set_public_key_affine_coordinates(GOST_KEY * key, BIGNUM * x, BIGNUM * y);
+const EC_GROUP * GOST_KEY_get0_group(const GOST_KEY * key);
+int GOST_KEY_set_group(GOST_KEY * key, const EC_GROUP * group);
+int GOST_KEY_get_digest(const GOST_KEY * key);
+int GOST_KEY_set_digest(GOST_KEY * key, int digest_nid);
+const BIGNUM * GOST_KEY_get0_private_key(const GOST_KEY * key);
+int GOST_KEY_set_private_key(GOST_KEY * key, const BIGNUM * priv_key);
+const EC_POINT * GOST_KEY_get0_public_key(const GOST_KEY * key);
+int GOST_KEY_set_public_key(GOST_KEY * key, const EC_POINT * pub_key);
+size_t GOST_KEY_get_size(const GOST_KEY * r);
+/* Gost-specific pmeth control-function parameters */
+/* For GOST R34.10 parameters */
+#define EVP_PKEY_CTRL_GOST_PARAMSET     (EVP_PKEY_ALG_CTRL+1)
+#define EVP_PKEY_CTRL_GOST_SIG_FORMAT   (EVP_PKEY_ALG_CTRL+2)
+#define EVP_PKEY_CTRL_GOST_SET_DIGEST   (EVP_PKEY_ALG_CTRL+3)
+#define EVP_PKEY_CTRL_GOST_GET_DIGEST   (EVP_PKEY_ALG_CTRL+4)
+#define GOST_SIG_FORMAT_SR_BE   0
+#define GOST_SIG_FORMAT_RS_LE   1
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_GOST_strings(void);
+/* Error codes for the GOST functions. */
+/* Function codes. */
+#define GOST_F_DECODE_GOST01_ALGOR_PARAMS                104
+#define GOST_F_ENCODE_GOST01_ALGOR_PARAMS                105
+#define GOST_F_GOST2001_COMPUTE_PUBLIC                   106
+#define GOST_F_GOST2001_DO_SIGN                          107
+#define GOST_F_GOST2001_DO_VERIFY                        108
+#define GOST_F_GOST2001_KEYGEN                           109
+#define GOST_F_GOST89_GET_ASN1_PARAMETERS                102
+#define GOST_F_GOST89_SET_ASN1_PARAMETERS                103
+#define GOST_F_GOST_KEY_CHECK_KEY                        124
+#define GOST_F_GOST_KEY_NEW                              125
+#define GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 126
+#define GOST_F_PARAM_COPY_GOST01                         110
+#define GOST_F_PARAM_DECODE_GOST01                       111
+#define GOST_F_PKEY_GOST01_CTRL                          116
+#define GOST_F_PKEY_GOST01_DECRYPT                       112
+#define GOST_F_PKEY_GOST01_DERIVE                        113
+#define GOST_F_PKEY_GOST01_ENCRYPT                       114
+#define GOST_F_PKEY_GOST01_PARAMGEN                      115
+#define GOST_F_PKEY_GOST01_SIGN                          123
+#define GOST_F_PKEY_GOST_MAC_CTRL                        100
+#define GOST_F_PKEY_GOST_MAC_KEYGEN                      101
+#define GOST_F_PRIV_DECODE_GOST01                        117
+#define GOST_F_PUB_DECODE_GOST01                         118
+#define GOST_F_PUB_ENCODE_GOST01                         119
+#define GOST_F_PUB_PRINT_GOST01                          120
+#define GOST_F_UNPACK_SIGNATURE_CP                       121
+#define GOST_F_UNPACK_SIGNATURE_LE                       122
+/* Reason codes. */
+#define GOST_R_BAD_KEY_PARAMETERS_FORMAT                 104
+#define GOST_R_BAD_PKEY_PARAMETERS_FORMAT                105
+#define GOST_R_CANNOT_PACK_EPHEMERAL_KEY                 106
+#define GOST_R_CTRL_CALL_FAILED                          107
+#define GOST_R_ERROR_COMPUTING_SHARED_KEY                108
+#define GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO          109
+#define GOST_R_INCOMPATIBLE_ALGORITHMS                   110
+#define GOST_R_INCOMPATIBLE_PEER_KEY                     111
+#define GOST_R_INVALID_DIGEST_TYPE                       100
+#define GOST_R_INVALID_IV_LENGTH                         103
+#define GOST_R_INVALID_MAC_KEY_LENGTH                    101
+#define GOST_R_KEY_IS_NOT_INITIALIZED                    112
+#define GOST_R_KEY_PARAMETERS_MISSING                    113
+#define GOST_R_MAC_KEY_NOT_SET                           102
+#define GOST_R_NO_PARAMETERS_SET                         115
+#define GOST_R_NO_PEER_KEY                               116
+#define GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR  117
+#define GOST_R_PUBLIC_KEY_UNDEFINED                      118
+#define GOST_R_RANDOM_GENERATOR_FAILURE                  119
+#define GOST_R_RANDOM_NUMBER_GENERATOR_FAILED            120
+#define GOST_R_SIGNATURE_MISMATCH                        121
+#define GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q            122
+#define GOST_R_UKM_NOT_SET                               123
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/gost/gost2814789.c b/src/lib/libssl/src/crypto/gost/gost2814789.c
new file mode 100644
index 0000000000..b80f692f10
--- /dev/null
+++ b/src/lib/libssl/src/crypto/gost/gost2814789.c
@@ -0,0 +1,453 @@
+/* $OpenBSD: gost2814789.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/objects.h>
+#include <openssl/gost.h>
+#include "gost_locl.h"
+static inline unsigned int f(const GOST2814789_KEY *c, unsigned int x)
+{
+        return  c->k87[(x>>24) & 255] | c->k65[(x>>16) & 255]|
+                c->k43[(x>> 8) & 255] | c->k21[(x    ) & 255];
+}
+void Gost2814789_encrypt(const unsigned char *in, unsigned char *out,
+        const GOST2814789_KEY *key)
+{
+        unsigned int n1, n2; /* As named in the GOST */
+        c2l(in, n1);
+        c2l(in, n2);
+        /* Instead of swapping halves, swap names each round */
+        n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
+        n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
+        n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
+        n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
+        n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
+        n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
+        n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
+        n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
+        n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
+        n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
+        n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
+        n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
+        n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]);
+        n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]);
+        n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]);
+        n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]);
+        l2c(n2, out);
+        l2c(n1, out);
+}
+void Gost2814789_decrypt(const unsigned char *in, unsigned char *out,
+        const GOST2814789_KEY *key)
+{
+        unsigned int n1, n2; /* As named in the GOST */
+        c2l(in, n1);
+        c2l(in, n2);
+        /* Instead of swapping halves, swap names each round */
+        n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
+        n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
+        n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
+        n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
+        n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]);
+        n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]);
+        n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]);
+        n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]);
+        n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]);
+        n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]);
+        n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]);
+        n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]);
+        n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]);
+        n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]);
+        n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]);
+        n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]);
+        l2c(n2, out);
+        l2c(n1, out);
+}
+static void Gost2814789_mac(const unsigned char *in,
+                unsigned char *mac,
+                GOST2814789_KEY *key)
+{
+        unsigned int n1, n2; /* As named in the GOST */
+        unsigned char *p;
+        int i;
+        for (i = 0; i < 8; i++)
+                mac[i] ^= in[i];
+        p = mac;
+        c2l(p, n1);
+        c2l(p, n2);
+        /* Instead of swapping halves, swap names each round */
+        n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
+        n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
+        n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
+        n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
+        n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]);
+        n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]);
+        n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]);
+        n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]);
+        p = mac;
+        l2c(n1, p);
+        l2c(n2, p);
+}
+void Gost2814789_ecb_encrypt(const unsigned char *in, unsigned char *out,
+        GOST2814789_KEY *key, const int enc)
+{
+        if (key->key_meshing && key->count == 1024) {
+                Gost2814789_cryptopro_key_mesh(key);
+                key->count = 0;
+        }
+        if (enc)
+                Gost2814789_encrypt(in, out, key);
+        else
+                Gost2814789_decrypt(in, out, key);
+}
+static inline void Gost2814789_encrypt_mesh(unsigned char *iv, GOST2814789_KEY *key)
+{
+        if (key->key_meshing && key->count == 1024) {
+                Gost2814789_cryptopro_key_mesh(key);
+                Gost2814789_encrypt(iv, iv, key);
+                key->count = 0;
+        }
+        Gost2814789_encrypt(iv, iv, key);
+        key->count += 8;
+}
+static inline void Gost2814789_mac_mesh(const unsigned char *data,
+                unsigned char *mac,
+                GOST2814789_KEY *key)
+{
+        if (key->key_meshing && key->count == 1024) {
+                Gost2814789_cryptopro_key_mesh(key);
+                key->count = 0;
+        }
+        Gost2814789_mac(data, mac, key);
+        key->count += 8;
+}
+void Gost2814789_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+        size_t len, GOST2814789_KEY *key,
+        unsigned char *ivec, int *num, const int enc)
+{
+    unsigned int n;
+    size_t l = 0;
+    OPENSSL_assert(in && out && key && ivec && num);
+    n = *num;
+    if (enc) {
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (8%sizeof(size_t) == 0) do { /* always true actually */
+                while (n && len) {
+                        *(out++) = ivec[n] ^= *(in++);
+                        --len;
+                        n = (n+1) % 8;
+                }
+#ifdef __STRICT_ALIGNMENT
+                if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
+                        break;
+#endif
+                while (len>=8) {
+                        Gost2814789_encrypt_mesh(ivec, key);
+                        for (; n<8; n+=sizeof(size_t)) {
+                                *(size_t*)(out+n) =
+                                *(size_t*)(ivec+n) ^= *(size_t*)(in+n);
+                        }
+                        len -= 8;
+                        out += 8;
+                        in  += 8;
+                        n = 0;
+                }
+                if (len) {
+                        Gost2814789_encrypt_mesh(ivec, key);
+                        while (len--) {
+                                out[n] = ivec[n] ^= in[n];
+                                ++n;
+                        }
+                }
+                *num = n;
+                return;
+        } while (0);
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l<len) {
+                if (n == 0) {
+                        Gost2814789_encrypt_mesh(ivec, key);
+                }
+                out[l] = ivec[n] ^= in[l];
+                ++l;
+                n = (n+1) % 8;
+        }
+        *num = n;
+    } else {
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (8%sizeof(size_t) == 0) do { /* always true actually */
+                while (n && len) {
+                        unsigned char c;
+                        *(out++) = ivec[n] ^ (c = *(in++)); ivec[n] = c;
+                        --len;
+                        n = (n+1) % 8;
+                }
+#ifdef __STRICT_ALIGNMENT
+                if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
+                        break;
+#endif
+                while (len>=8) {
+                        Gost2814789_encrypt_mesh(ivec, key);
+                        for (; n<8; n+=sizeof(size_t)) {
+                                size_t t = *(size_t*)(in+n);
+                                *(size_t*)(out+n) = *(size_t*)(ivec+n) ^ t;
+                                *(size_t*)(ivec+n) = t;
+                        }
+                        len -= 8;
+                        out += 8;
+                        in  += 8;
+                        n = 0;
+                }
+                if (len) {
+                        Gost2814789_encrypt_mesh(ivec, key);
+                        while (len--) {
+                                unsigned char c;
+                                out[n] = ivec[n] ^ (c = in[n]); ivec[n] = c;
+                                ++n;
+                        }
+                }
+                *num = n;
+                return;
+        } while (0);
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l<len) {
+                unsigned char c;
+                if (n == 0) {
+                        Gost2814789_encrypt_mesh(ivec, key);
+                }
+                out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c;
+                ++l;
+                n = (n+1) % 8;
+        }
+        *num=n;
+    }
+}
+static inline void Gost2814789_cnt_next(unsigned char *ivec,
+                unsigned char *out,
+                GOST2814789_KEY *key)
+{
+        unsigned char *p = ivec, *p2 = ivec;
+        unsigned int val, val2;
+        if (key->count == 0)
+                Gost2814789_encrypt(ivec, ivec, key);
+        if (key->key_meshing && key->count == 1024) {
+                Gost2814789_cryptopro_key_mesh(key);
+                Gost2814789_encrypt(ivec, ivec, key);
+                key->count = 0;
+        }
+        c2l(p, val);
+        val2 = val + 0x01010101;
+        l2c(val2, p2);
+        c2l(p, val);
+        val2 = val + 0x01010104;
+        if (val > val2) /* overflow */
+                val2++;
+        l2c(val2, p2);
+        Gost2814789_encrypt(ivec, out, key);
+        key->count += 8;
+}
+void Gost2814789_cnt_encrypt(const unsigned char *in, unsigned char *out,
+        size_t len, GOST2814789_KEY *key,
+        unsigned char *ivec, unsigned char *cnt_buf, int *num)
+{
+        unsigned int n;
+        size_t l=0;
+        OPENSSL_assert(in && out && key && cnt_buf && num);
+        n = *num;
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (8%sizeof(size_t) == 0) do { /* always true actually */
+                while (n && len) {
+                        *(out++) = *(in++) ^ cnt_buf[n];
+                        --len;
+                        n = (n+1) % 8;
+                }
+#ifdef __STRICT_ALIGNMENT
+                if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
+                        break;
+#endif
+                while (len>=8) {
+                        Gost2814789_cnt_next(ivec, cnt_buf, key);
+                        for (; n<8; n+=sizeof(size_t))
+                                *(size_t *)(out+n) =
+                                *(size_t *)(in+n) ^ *(size_t *)(cnt_buf+n);
+                        len -= 8;
+                        out += 8;
+                        in  += 8;
+                        n = 0;
+                }
+                if (len) {
+                        Gost2814789_cnt_next(ivec, cnt_buf, key);
+                        while (len--) {
+                                out[n] = in[n] ^ cnt_buf[n];
+                                ++n;
+                        }
+                }
+                *num = n;
+                return;
+        } while(0);
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l<len) {
+                if (n==0)
+                        Gost2814789_cnt_next(ivec, cnt_buf, key);
+                out[l] = in[l] ^ cnt_buf[n];
+                ++l;
+                n = (n+1) % 8;
+        }
+        *num=n;
+}
+int GOST2814789IMIT_Init(GOST2814789IMIT_CTX *c, int nid)
+{
+        c->Nl = c->Nh = c->num = 0;
+        memset(c->mac, 0, 8);
+        return Gost2814789_set_sbox(&c->cipher, nid);
+}
+static void GOST2814789IMIT_block_data_order(GOST2814789IMIT_CTX *ctx, const void *p, size_t num)
+{
+        int i;
+        for (i = 0; i < num; i++) {
+                Gost2814789_mac_mesh(p, ctx->mac, &ctx->cipher);
+                p += 8;
+        }
+}
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+#define HASH_CBLOCK     GOST2814789IMIT_CBLOCK
+#define HASH_LONG       GOST2814789IMIT_LONG
+#define HASH_CTX        GOST2814789IMIT_CTX
+#define HASH_UPDATE     GOST2814789IMIT_Update
+#define HASH_TRANSFORM  GOST2814789IMIT_Transform
+#define HASH_NO_FINAL   1
+#define HASH_BLOCK_DATA_ORDER   GOST2814789IMIT_block_data_order
+#include "md32_common.h"
+int GOST2814789IMIT_Final(unsigned char *md, GOST2814789IMIT_CTX *c)
+{
+        if (c->num) {
+                memset(c->data + c->num, 0, 8 - c->num);
+                Gost2814789_mac_mesh(c->data, c->mac, &c->cipher);
+        }
+        if (c->Nl <= 8 * 8 && c->Nl > 0 && c->Nh == 0) {
+                memset(c->data, 0, 8);
+                Gost2814789_mac_mesh(c->data, c->mac, &c->cipher);
+        }
+        memcpy(md, c->mac, 4);
+        return 1;
+}
+unsigned char *GOST2814789IMIT(const unsigned char *d, size_t n,
+                unsigned char *md, int nid,
+                const unsigned char *key, const unsigned char *iv)
+{
+        GOST2814789IMIT_CTX c;
+        static unsigned char m[GOST2814789IMIT_LENGTH];
+        if (md == NULL)
+                md = m;
+        GOST2814789IMIT_Init(&c, nid);
+        memcpy(c.mac, iv, 8);
+        Gost2814789_set_key(&c.cipher, key, 256);
+        GOST2814789IMIT_Update(&c, d, n);
+        GOST2814789IMIT_Final(md, &c);
+        OPENSSL_cleanse(&c, sizeof(c));
+        return (md);
+}
+#endif
diff --git a/src/lib/libssl/src/crypto/gost/gost89_keywrap.c b/src/lib/libssl/src/crypto/gost/gost89_keywrap.c
new file mode 100644
index 0000000000..8f641b6cef
--- /dev/null
+++ b/src/lib/libssl/src/crypto/gost/gost89_keywrap.c
@@ -0,0 +1,136 @@
+/* $OpenBSD: gost89_keywrap.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/gost.h>
+#include "gost_locl.h"
+static void key_diversify_crypto_pro(GOST2814789_KEY * ctx, const unsigned char *inputKey,
+                           const unsigned char *ukm, unsigned char *outputKey)
+{
+        unsigned long k, s1, s2;
+        int i, mask;
+        unsigned char S[8];
+        unsigned char *p;
+        memcpy(outputKey, inputKey, 32);
+        for (i = 0; i < 8; i++) {
+                /* Make array of integers from key */
+                /* Compute IV S */
+                s1 = 0, s2 = 0;
+                p = outputKey;
+                for (mask = 1; mask < 256; mask <<= 1) {
+                        c2l(p, k);
+                        if (mask & ukm[i]) {
+                                s1 += k;
+                        } else {
+                                s2 += k;
+                        }
+                }
+                p = S;
+                l2c (s1, p);
+                l2c (s2, p);
+                Gost2814789_set_key(ctx, outputKey, 256);
+                mask = 0;
+                Gost2814789_cfb64_encrypt(outputKey, outputKey, 32, ctx, S, &mask, 1);
+        }
+}
+int key_wrap_crypto_pro(int nid, const unsigned char *keyExchangeKey,
+                     const unsigned char *ukm, const unsigned char *sessionKey,
+                     unsigned char *wrappedKey)
+{
+        GOST2814789_KEY ctx;
+        unsigned char kek_ukm[32];
+        Gost2814789_set_sbox(&ctx, nid);
+        key_diversify_crypto_pro(&ctx, keyExchangeKey, ukm, kek_ukm);
+        Gost2814789_set_key(&ctx, kek_ukm, 256);
+        memcpy(wrappedKey, ukm, 8);
+        Gost2814789_encrypt(sessionKey +  0, wrappedKey + 8 +  0, &ctx);
+        Gost2814789_encrypt(sessionKey +  8, wrappedKey + 8 +  8, &ctx);
+        Gost2814789_encrypt(sessionKey + 16, wrappedKey + 8 + 16, &ctx);
+        Gost2814789_encrypt(sessionKey + 24, wrappedKey + 8 + 24, &ctx);
+        GOST2814789IMIT(sessionKey, 32, wrappedKey + 40, nid, kek_ukm, ukm);
+        return 1;
+}
+int key_unwrap_crypto_pro(int nid, const unsigned char *keyExchangeKey,
+                       const unsigned char *wrappedKey,
+                       unsigned char *sessionKey)
+{
+        unsigned char kek_ukm[32], cek_mac[4];
+        GOST2814789_KEY ctx;
+        Gost2814789_set_sbox(&ctx, nid);
+        /* First 8 bytes of wrapped Key is ukm */
+        key_diversify_crypto_pro(&ctx, keyExchangeKey, wrappedKey, kek_ukm);
+        Gost2814789_set_key(&ctx, kek_ukm, 256);
+        Gost2814789_decrypt(wrappedKey + 8 +  0, sessionKey +  0, &ctx);
+        Gost2814789_decrypt(wrappedKey + 8 +  8, sessionKey +  8, &ctx);
+        Gost2814789_decrypt(wrappedKey + 8 + 16, sessionKey + 16, &ctx);
+        Gost2814789_decrypt(wrappedKey + 8 + 24, sessionKey + 24, &ctx);
+        GOST2814789IMIT(sessionKey, 32, cek_mac, nid, kek_ukm, wrappedKey);
+        if (memcmp(cek_mac, wrappedKey + 40, 4)) {
+                printf("IMIT Missmatch!\n");
+                return 0;
+        }
+        return 1;
+}
+#endif
diff --git a/src/lib/libssl/src/crypto/gost/gost89_params.c b/src/lib/libssl/src/crypto/gost/gost89_params.c
new file mode 100644
index 0000000000..2b2607d24b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/gost/gost89_params.c
@@ -0,0 +1,241 @@
+/* $OpenBSD: gost89_params.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <stdlib.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/objects.h>
+#include <openssl/gost.h>
+#include "gost_locl.h"
+/* Substitution blocks from test examples for GOST R 34.11-94*/
+static const gost_subst_block GostR3411_94_TestParamSet = {
+        {0x1,0xF,0xD,0x0,0x5,0x7,0xA,0x4,0x9,0x2,0x3,0xE,0x6,0xB,0x8,0xC},
+        {0xD,0xB,0x4,0x1,0x3,0xF,0x5,0x9,0x0,0xA,0xE,0x7,0x6,0x8,0x2,0xC},
+        {0x4,0xB,0xA,0x0,0x7,0x2,0x1,0xD,0x3,0x6,0x8,0x5,0x9,0xC,0xF,0xE},
+        {0x6,0xC,0x7,0x1,0x5,0xF,0xD,0x8,0x4,0xA,0x9,0xE,0x0,0x3,0xB,0x2},
+        {0x7,0xD,0xA,0x1,0x0,0x8,0x9,0xF,0xE,0x4,0x6,0xC,0xB,0x2,0x5,0x3},
+        {0x5,0x8,0x1,0xD,0xA,0x3,0x4,0x2,0xE,0xF,0xC,0x7,0x6,0x0,0x9,0xB},
+        {0xE,0xB,0x4,0xC,0x6,0xD,0xF,0xA,0x2,0x3,0x8,0x1,0x0,0x7,0x5,0x9},
+        {0x4,0xA,0x9,0x2,0xD,0x8,0x0,0xE,0x6,0xB,0x1,0xC,0x7,0xF,0x5,0x3}
+};
+/* Substitution blocks for hash function 1.2.643.2.9.1.6.1  */
+static const gost_subst_block GostR3411_94_CryptoProParamSet = {
+        {0x1,0x3,0xA,0x9,0x5,0xB,0x4,0xF,0x8,0x6,0x7,0xE,0xD,0x0,0x2,0xC},
+        {0xD,0xE,0x4,0x1,0x7,0x0,0x5,0xA,0x3,0xC,0x8,0xF,0x6,0x2,0x9,0xB},
+        {0x7,0x6,0x2,0x4,0xD,0x9,0xF,0x0,0xA,0x1,0x5,0xB,0x8,0xE,0xC,0x3},
+        {0x7,0x6,0x4,0xB,0x9,0xC,0x2,0xA,0x1,0x8,0x0,0xE,0xF,0xD,0x3,0x5},
+        {0x4,0xA,0x7,0xC,0x0,0xF,0x2,0x8,0xE,0x1,0x6,0x5,0xD,0xB,0x9,0x3},
+        {0x7,0xF,0xC,0xE,0x9,0x4,0x1,0x0,0x3,0xB,0x5,0x2,0x6,0xA,0x8,0xD},
+        {0x5,0xF,0x4,0x0,0x2,0xD,0xB,0x9,0x1,0x7,0x6,0x3,0xC,0xE,0xA,0x8},
+        {0xA,0x4,0x5,0x6,0x8,0x1,0x3,0x7,0xD,0xC,0xE,0x0,0x9,0x2,0xB,0xF}
+};
+/* Test paramset from GOST 28147 */
+gost_subst_block Gost28147_TestParamSet = {
+        {0xC,0x6,0x5,0x2,0xB,0x0,0x9,0xD,0x3,0xE,0x7,0xA,0xF,0x4,0x1,0x8},
+        {0x9,0xB,0xC,0x0,0x3,0x6,0x7,0x5,0x4,0x8,0xE,0xF,0x1,0xA,0x2,0xD},
+        {0x8,0xF,0x6,0xB,0x1,0x9,0xC,0x5,0xD,0x3,0x7,0xA,0x0,0xE,0x2,0x4},
+        {0x3,0xE,0x5,0x9,0x6,0x8,0x0,0xD,0xA,0xB,0x7,0xC,0x2,0x1,0xF,0x4},
+        {0xE,0x9,0xB,0x2,0x5,0xF,0x7,0x1,0x0,0xD,0xC,0x6,0xA,0x4,0x3,0x8},
+        {0xD,0x8,0xE,0xC,0x7,0x3,0x9,0xA,0x1,0x5,0x2,0x4,0x6,0xF,0x0,0xB},
+        {0xC,0x9,0xF,0xE,0x8,0x1,0x3,0xA,0x2,0x7,0x4,0xD,0x6,0x0,0xB,0x5},
+        {0x4,0x2,0xF,0x5,0x9,0x1,0x0,0x8,0xE,0x3,0xB,0xC,0xD,0x7,0xA,0x6}
+};
+/* 1.2.643.2.2.31.1 */
+static const gost_subst_block Gost28147_CryptoProParamSetA = {
+        {0xB,0xA,0xF,0x5,0x0,0xC,0xE,0x8,0x6,0x2,0x3,0x9,0x1,0x7,0xD,0x4},
+        {0x1,0xD,0x2,0x9,0x7,0xA,0x6,0x0,0x8,0xC,0x4,0x5,0xF,0x3,0xB,0xE},
+        {0x3,0xA,0xD,0xC,0x1,0x2,0x0,0xB,0x7,0x5,0x9,0x4,0x8,0xF,0xE,0x6},
+        {0xB,0x5,0x1,0x9,0x8,0xD,0xF,0x0,0xE,0x4,0x2,0x3,0xC,0x7,0xA,0x6},
+        {0xE,0x7,0xA,0xC,0xD,0x1,0x3,0x9,0x0,0x2,0xB,0x4,0xF,0x8,0x5,0x6},
+        {0xE,0x4,0x6,0x2,0xB,0x3,0xD,0x8,0xC,0xF,0x5,0xA,0x0,0x7,0x1,0x9},
+        {0x3,0x7,0xE,0x9,0x8,0xA,0xF,0x0,0x5,0x2,0x6,0xC,0xB,0x4,0xD,0x1},
+        {0x9,0x6,0x3,0x2,0x8,0xB,0x1,0x7,0xA,0x4,0xE,0xF,0xC,0x0,0xD,0x5}
+};
+/* 1.2.643.2.2.31.2 */
+static const gost_subst_block Gost28147_CryptoProParamSetB = {
+        {0x0,0x4,0xB,0xE,0x8,0x3,0x7,0x1,0xA,0x2,0x9,0x6,0xF,0xD,0x5,0xC},
+        {0x5,0x2,0xA,0xB,0x9,0x1,0xC,0x3,0x7,0x4,0xD,0x0,0x6,0xF,0x8,0xE},
+        {0x8,0x3,0x2,0x6,0x4,0xD,0xE,0xB,0xC,0x1,0x7,0xF,0xA,0x0,0x9,0x5},
+        {0x2,0x7,0xC,0xF,0x9,0x5,0xA,0xB,0x1,0x4,0x0,0xD,0x6,0x8,0xE,0x3},
+        {0x7,0x5,0x0,0xD,0xB,0x6,0x1,0x2,0x3,0xA,0xC,0xF,0x4,0xE,0x9,0x8},
+        {0xE,0xC,0x0,0xA,0x9,0x2,0xD,0xB,0x7,0x5,0x8,0xF,0x3,0x6,0x1,0x4},
+        {0x0,0x1,0x2,0xA,0x4,0xD,0x5,0xC,0x9,0x7,0x3,0xF,0xB,0x8,0x6,0xE},
+        {0x8,0x4,0xB,0x1,0x3,0x5,0x0,0x9,0x2,0xE,0xA,0xC,0xD,0x6,0x7,0xF}
+};
+/* 1.2.643.2.2.31.3 */
+static const gost_subst_block Gost28147_CryptoProParamSetC = {
+        {0x7,0x4,0x0,0x5,0xA,0x2,0xF,0xE,0xC,0x6,0x1,0xB,0xD,0x9,0x3,0x8},
+        {0xA,0x9,0x6,0x8,0xD,0xE,0x2,0x0,0xF,0x3,0x5,0xB,0x4,0x1,0xC,0x7},
+        {0xC,0x9,0xB,0x1,0x8,0xE,0x2,0x4,0x7,0x3,0x6,0x5,0xA,0x0,0xF,0xD},
+        {0x8,0xD,0xB,0x0,0x4,0x5,0x1,0x2,0x9,0x3,0xC,0xE,0x6,0xF,0xA,0x7},
+        {0x3,0x6,0x0,0x1,0x5,0xD,0xA,0x8,0xB,0x2,0x9,0x7,0xE,0xF,0xC,0x4},
+        {0x8,0x2,0x5,0x0,0x4,0x9,0xF,0xA,0x3,0x7,0xC,0xD,0x6,0xE,0x1,0xB},
+        {0x0,0x1,0x7,0xD,0xB,0x4,0x5,0x2,0x8,0xE,0xF,0xC,0x9,0xA,0x6,0x3},
+        {0x1,0xB,0xC,0x2,0x9,0xD,0x0,0xF,0x4,0x5,0x8,0xE,0xA,0x7,0x6,0x3}
+};
+/* 1.2.643.2.2.31.4 */
+static const gost_subst_block Gost28147_CryptoProParamSetD = {
+        {0x1,0xA,0x6,0x8,0xF,0xB,0x0,0x4,0xC,0x3,0x5,0x9,0x7,0xD,0x2,0xE},
+        {0x3,0x0,0x6,0xF,0x1,0xE,0x9,0x2,0xD,0x8,0xC,0x4,0xB,0xA,0x5,0x7},
+        {0x8,0x0,0xF,0x3,0x2,0x5,0xE,0xB,0x1,0xA,0x4,0x7,0xC,0x9,0xD,0x6},
+        {0x0,0xC,0x8,0x9,0xD,0x2,0xA,0xB,0x7,0x3,0x6,0x5,0x4,0xE,0xF,0x1},
+        {0x1,0x5,0xE,0xC,0xA,0x7,0x0,0xD,0x6,0x2,0xB,0x4,0x9,0x3,0xF,0x8},
+        {0x1,0xC,0xB,0x0,0xF,0xE,0x6,0x5,0xA,0xD,0x4,0x8,0x9,0x3,0x7,0x2},
+        {0xB,0x6,0x3,0x4,0xC,0xF,0xE,0x2,0x7,0xD,0x8,0x0,0x5,0xA,0x9,0x1},
+        {0xF,0xC,0x2,0xA,0x6,0x4,0x5,0x0,0x7,0x9,0xE,0xD,0x1,0xB,0x8,0x3}
+};
+static const gost_subst_block Gost28147_TC26ParamSetZ = {
+        {0x1,0x7,0xe,0xd,0x0,0x5,0x8,0x3,0x4,0xf,0xa,0x6,0x9,0xc,0xb,0x2},
+        {0x8,0xe,0x2,0x5,0x6,0x9,0x1,0xc,0xf,0x4,0xb,0x0,0xd,0xa,0x3,0x7},
+        {0x5,0xd,0xf,0x6,0x9,0x2,0xc,0xa,0xb,0x7,0x8,0x1,0x4,0x3,0xe,0x0},
+        {0x7,0xf,0x5,0xa,0x8,0x1,0x6,0xd,0x0,0x9,0x3,0xe,0xb,0x4,0x2,0xc},
+        {0xc,0x8,0x2,0x1,0xd,0x4,0xf,0x6,0x7,0x0,0xa,0x5,0x3,0xe,0x9,0xb},
+        {0xb,0x3,0x5,0x8,0x2,0xf,0xa,0xd,0xe,0x1,0x7,0x4,0xc,0x9,0x6,0x0},
+        {0x6,0x8,0x2,0x3,0x9,0xa,0x5,0xc,0x1,0xe,0x4,0x7,0xb,0xd,0x0,0xf},
+        {0xc,0x4,0x6,0x2,0xa,0x5,0xb,0x9,0xe,0x8,0xd,0x7,0x0,0x3,0xf,0x1}
+};
+static const unsigned char CryptoProKeyMeshingKey[] = {
+        0x69, 0x00, 0x72, 0x22,   0x64, 0xC9, 0x04, 0x23,
+        0x8D, 0x3A, 0xDB, 0x96,   0x46, 0xE9, 0x2A, 0xC4,
+        0x18, 0xFE, 0xAC, 0x94,   0x00, 0xED, 0x07, 0x12,
+        0xC0, 0x86, 0xDC, 0xC2,   0xEF, 0x4C, 0xA9, 0x2B
+};
+static const struct gost89_parameters_info {
+        int nid;
+        const gost_subst_block *sblock;
+        int key_meshing;
+} gost_cipher_list[] =
+{
+        {NID_id_Gost28147_89_CryptoPro_A_ParamSet,&Gost28147_CryptoProParamSetA,1},
+        {NID_id_Gost28147_89_CryptoPro_B_ParamSet,&Gost28147_CryptoProParamSetB,1},
+        {NID_id_Gost28147_89_CryptoPro_C_ParamSet,&Gost28147_CryptoProParamSetC,1},
+        {NID_id_Gost28147_89_CryptoPro_D_ParamSet,&Gost28147_CryptoProParamSetD,1},
+        {NID_id_tc26_gost_28147_param_Z,&Gost28147_TC26ParamSetZ,1},
+        {NID_id_Gost28147_89_TestParamSet,&Gost28147_TestParamSet,0},
+        {NID_id_GostR3411_94_TestParamSet,&GostR3411_94_TestParamSet,0},
+        {NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0},
+        {NID_undef,NULL,0}
+};
+int Gost2814789_set_sbox(GOST2814789_KEY *key, int nid)
+{
+        int i;
+        const gost_subst_block *b = NULL;
+        unsigned int t;
+        for (i = 0; gost_cipher_list[i].nid != NID_undef; i++) {
+                if (gost_cipher_list[i].nid != nid)
+                        continue;
+                b = gost_cipher_list[i].sblock;
+                key->key_meshing = gost_cipher_list[i].key_meshing;
+                break;
+        }
+        if (!b)
+                return 0;
+        for (i = 0; i < 256; i++) {
+                t = (unsigned int)(b->k8[i >> 4] <<4 | b->k7 [i & 15]) << 24;
+                key->k87[i] = (t << 11) | (t >> 21);
+                t = (unsigned int)(b->k6[i >> 4] <<4 | b->k5 [i & 15]) << 16;
+                key->k65[i] = (t << 11) | (t >> 21);
+                t = (unsigned int)(b->k4[i >> 4] <<4 | b->k3 [i & 15]) << 8;
+                key->k43[i] = (t << 11) | (t >> 21);
+                t = (unsigned int)(b->k2[i >> 4] <<4 | b->k1 [i & 15]) << 0;
+                key->k21[i] = (t << 11) | (t >> 21);
+        }
+        return 1;
+}
+int Gost2814789_set_key(GOST2814789_KEY *key,
+                const unsigned char *userKey, const int bits)
+{
+        int i;
+        if (bits != 256)
+                return 0;
+        for (i = 0; i < 8; i++)
+                c2l(userKey, key->key[i]);
+        key->count = 0;
+        return 1;
+}
+void Gost2814789_cryptopro_key_mesh(GOST2814789_KEY *key)
+{
+        unsigned char newkey[32];
+        Gost2814789_decrypt(CryptoProKeyMeshingKey +  0, newkey +  0, key);
+        Gost2814789_decrypt(CryptoProKeyMeshingKey +  8, newkey +  8, key);
+        Gost2814789_decrypt(CryptoProKeyMeshingKey + 16, newkey + 16, key);
+        Gost2814789_decrypt(CryptoProKeyMeshingKey + 24, newkey + 24, key);
+        Gost2814789_set_key(key, newkey, 256);
+}
+#endif
diff --git a/src/lib/libssl/src/crypto/gost/gost89imit_ameth.c b/src/lib/libssl/src/crypto/gost/gost89imit_ameth.c
new file mode 100644
index 0000000000..879c2b0ca0
--- /dev/null
+++ b/src/lib/libssl/src/crypto/gost/gost89imit_ameth.c
@@ -0,0 +1,88 @@
+/* $OpenBSD: gost89imit_ameth.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/evp.h>
+#include "asn1_locl.h"
+static void mackey_free_gost(EVP_PKEY *pk)
+{
+        if (pk->pkey.ptr) {
+                free(pk->pkey.ptr);
+        }
+}
+static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+        switch (op) {
+        case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+                *(int *)arg2 = NID_id_Gost28147_89_MAC;
+                return 2;
+        }
+        return -2;
+}
+const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth = {
+        .pkey_id = EVP_PKEY_GOSTIMIT,
+        .pkey_base_id = EVP_PKEY_GOSTIMIT,
+        .pkey_flags = ASN1_PKEY_SIGPARAM_NULL,
+        .pem_str = "GOST-MAC",
+        .info = "GOST 28147-89 MAC",
+        .pkey_free = mackey_free_gost,
+        .pkey_ctrl = mac_ctrl_gost,
+};
+#endif
diff --git a/src/lib/libssl/src/crypto/gost/gost89imit_pmeth.c b/src/lib/libssl/src/crypto/gost/gost89imit_pmeth.c
new file mode 100644
index 0000000000..ec9c72372c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/gost/gost89imit_pmeth.c
@@ -0,0 +1,230 @@
+/* $OpenBSD: gost89imit_pmeth.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/gost.h>
+#include <openssl/x509v3.h> /*For string_to_hex */
+#include "evp_locl.h"
+#include "gost_locl.h"
+struct gost_mac_pmeth_data {
+        EVP_MD *md;
+        unsigned char key[32];
+        unsigned key_set : 1;
+};
+static int pkey_gost_mac_init(EVP_PKEY_CTX *ctx)
+{
+        struct gost_mac_pmeth_data *data;
+        data = calloc(1, sizeof(struct gost_mac_pmeth_data));
+        if (!data)
+                return 0;
+        EVP_PKEY_CTX_set_data(ctx,data);
+        return 1;
+}
+static void pkey_gost_mac_cleanup (EVP_PKEY_CTX *ctx)
+{
+        struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+        free(data);
+}
+static int pkey_gost_mac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+        struct gost_mac_pmeth_data *dst_data, *src_data;
+        if (!pkey_gost_mac_init(dst))
+                return 0;
+        src_data = EVP_PKEY_CTX_get_data(src);
+        dst_data = EVP_PKEY_CTX_get_data(dst);
+        *dst_data = *src_data;
+        return 1;
+}
+static int pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+        struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+        unsigned char *keydata;
+        if (!data->key_set) {
+                GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN, GOST_R_MAC_KEY_NOT_SET);
+                return 0;
+        }
+        keydata = malloc(32);
+        memcpy(keydata, data->key, 32);
+        EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata);
+        return 1;
+}
+static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+        struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+        switch (type) {
+        case EVP_PKEY_CTRL_MD:
+                if (EVP_MD_type(p2) != NID_id_Gost28147_89_MAC) {
+                        GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_DIGEST_TYPE);
+                        return 0;
+                }
+                data->md = p2;
+                return 1;
+        case EVP_PKEY_CTRL_SET_MAC_KEY:
+                if (p1 != 32) {
+                        GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
+                        return 0;
+                }
+                memcpy(data->key, p2, 32);
+                data->key_set = 1;
+                return 1;
+        case EVP_PKEY_CTRL_DIGESTINIT:
+                {
+                        EVP_MD_CTX *mctx = p2;
+                        void *key;
+                        if (!data->key_set) {
+                                EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
+                                if (!pkey) {
+                                        GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_MAC_KEY_NOT_SET);
+                                        return 0;
+                                }
+                                key = EVP_PKEY_get0(pkey);
+                                if (!key) {
+                                        GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_MAC_KEY_NOT_SET);
+                                        return 0;
+                                }
+                        } else {
+                                key = &(data->key);
+                        }
+                        if (!mctx->digest->md_ctrl)
+                                return 0;
+                        return mctx->digest->md_ctrl(mctx, EVP_MD_CTRL_SET_KEY, 32 * 8, key);
+                }
+        }
+        return -2;
+}
+static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx,
+        const char *type, const char *value)
+{
+        if (!value)
+                return 0;
+        if (!strcmp(type, "key")) {
+                void *p = (void *)value;
+                return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, strlen(value), p);
+        }
+        if (!strcmp(type, "hexkey")) {
+                unsigned char *key;
+                int r;
+                long keylen;
+                key = string_to_hex(value, &keylen);
+                if (!key)
+                        return 0;
+                r = pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
+                free(key);
+                return r;
+        }
+        return -2;
+}
+static int pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+        return 1;
+}
+static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, EVP_MD_CTX *mctx)
+{
+        unsigned int tmpsiglen=*siglen; /* for platforms where sizeof(int)!=sizeof(size_t)*/
+        int ret;
+        if (!sig) {
+                *siglen = 4;
+                return 1;
+        }
+        ret = EVP_DigestFinal_ex(mctx, sig, &tmpsiglen);
+        *siglen = tmpsiglen;
+        return ret;
+}
+const EVP_PKEY_METHOD gostimit_pkey_meth = {
+        .pkey_id = EVP_PKEY_GOSTIMIT,
+        .init = pkey_gost_mac_init,
+        .cleanup = pkey_gost_mac_cleanup,
+        .copy = pkey_gost_mac_copy,
+        .keygen = pkey_gost_mac_keygen,
+        .signctx_init = pkey_gost_mac_signctx_init,
+        .signctx = pkey_gost_mac_signctx,
+        .ctrl = pkey_gost_mac_ctrl,
+        .ctrl_str = pkey_gost_mac_ctrl_str,
+};
+#endif
diff --git a/src/lib/libssl/src/crypto/gost/gost_asn1.c b/src/lib/libssl/src/crypto/gost/gost_asn1.c
new file mode 100644
index 0000000000..b8ed244e49
--- /dev/null
+++ b/src/lib/libssl/src/crypto/gost/gost_asn1.c
@@ -0,0 +1,53 @@
+/**********************************************************************
+ *                          gost_keytrans.c                           *
+ *             Copyright (c) 2005-2006 Cryptocom LTD                  *
+ *         This file is distributed under the same license as OpenSSL *
+ *                                                                    *
+ *   ASN1 structure definition for GOST key transport                 *
+ *          Requires OpenSSL 0.9.9 for compilation                    *
+ **********************************************************************/
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/gost.h>
+#include "gost_locl.h"
+#include "gost_asn1.h"
+ASN1_NDEF_SEQUENCE(GOST_KEY_TRANSPORT) = {
+        ASN1_SIMPLE(GOST_KEY_TRANSPORT, key_info, GOST_KEY_INFO),
+        ASN1_IMP(GOST_KEY_TRANSPORT, key_agreement_info, GOST_KEY_AGREEMENT_INFO, 0)
+} ASN1_NDEF_SEQUENCE_END(GOST_KEY_TRANSPORT)
+IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT)
+ASN1_NDEF_SEQUENCE(GOST_KEY_INFO) = {
+        ASN1_SIMPLE(GOST_KEY_INFO, encrypted_key, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(GOST_KEY_INFO, imit, ASN1_OCTET_STRING)
+} ASN1_NDEF_SEQUENCE_END(GOST_KEY_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_INFO)
+ASN1_NDEF_SEQUENCE(GOST_KEY_AGREEMENT_INFO) = {
+        ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, cipher, ASN1_OBJECT),
+        ASN1_IMP_OPT(GOST_KEY_AGREEMENT_INFO, ephem_key, X509_PUBKEY, 0),
+        ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, eph_iv, ASN1_OCTET_STRING)
+} ASN1_NDEF_SEQUENCE_END(GOST_KEY_AGREEMENT_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO)
+ASN1_NDEF_SEQUENCE(GOST_KEY_PARAMS) = {
+        ASN1_SIMPLE(GOST_KEY_PARAMS, key_params, ASN1_OBJECT),
+        ASN1_SIMPLE(GOST_KEY_PARAMS, hash_params, ASN1_OBJECT),
+        ASN1_OPT(GOST_KEY_PARAMS, cipher_params, ASN1_OBJECT),
+} ASN1_NDEF_SEQUENCE_END(GOST_KEY_PARAMS)
+IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_PARAMS)
+ASN1_NDEF_SEQUENCE(GOST_CIPHER_PARAMS) = {
+        ASN1_SIMPLE(GOST_CIPHER_PARAMS, iv, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(GOST_CIPHER_PARAMS, enc_param_set, ASN1_OBJECT),
+} ASN1_NDEF_SEQUENCE_END(GOST_CIPHER_PARAMS)
+IMPLEMENT_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS)
+#endif
diff --git a/src/lib/libssl/src/crypto/gost/gost_asn1.h b/src/lib/libssl/src/crypto/gost/gost_asn1.h
new file mode 100644
index 0000000000..62719c70cd
--- /dev/null
+++ b/src/lib/libssl/src/crypto/gost/gost_asn1.h
@@ -0,0 +1,87 @@
+/* $OpenBSD: gost_asn1.h,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#ifndef HEADER_GOST_ASN1_H
+#define HEADER_GOST_ASN1_H
+#include <openssl/asn1.h>
+typedef struct {
+        ASN1_OCTET_STRING *encrypted_key;
+        ASN1_OCTET_STRING *imit;
+} GOST_KEY_INFO;
+DECLARE_ASN1_FUNCTIONS(GOST_KEY_INFO)
+typedef struct {
+        ASN1_OBJECT *cipher;
+        X509_PUBKEY *ephem_key;
+        ASN1_OCTET_STRING *eph_iv;
+} GOST_KEY_AGREEMENT_INFO;
+DECLARE_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO)
+typedef struct {
+        GOST_KEY_INFO *key_info;
+        GOST_KEY_AGREEMENT_INFO *key_agreement_info;
+} GOST_KEY_TRANSPORT;
+DECLARE_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT)
+typedef struct {
+        ASN1_OBJECT *key_params;
+        ASN1_OBJECT *hash_params;
+        ASN1_OBJECT *cipher_params;
+} GOST_KEY_PARAMS;
+DECLARE_ASN1_FUNCTIONS(GOST_KEY_PARAMS)
+#endif
diff --git a/src/lib/libssl/src/crypto/gost/gost_err.c b/src/lib/libssl/src/crypto/gost/gost_err.c
new file mode 100644
index 0000000000..a52fe4cd5a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/gost/gost_err.c
@@ -0,0 +1,143 @@
+/* crypto/gost/gost_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2014 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/gost.h>
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_GOST,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_GOST,0,reason)
+static ERR_STRING_DATA GOST_str_functs[]=
+        {
+{ERR_FUNC(GOST_F_DECODE_GOST01_ALGOR_PARAMS),   "DECODE_GOST01_ALGOR_PARAMS"},
+{ERR_FUNC(GOST_F_ENCODE_GOST01_ALGOR_PARAMS),   "ENCODE_GOST01_ALGOR_PARAMS"},
+{ERR_FUNC(GOST_F_GOST2001_COMPUTE_PUBLIC),      "GOST2001_COMPUTE_PUBLIC"},
+{ERR_FUNC(GOST_F_GOST2001_DO_SIGN),     "GOST2001_DO_SIGN"},
+{ERR_FUNC(GOST_F_GOST2001_DO_VERIFY),   "GOST2001_DO_VERIFY"},
+{ERR_FUNC(GOST_F_GOST2001_KEYGEN),      "GOST2001_KEYGEN"},
+{ERR_FUNC(GOST_F_GOST89_GET_ASN1_PARAMETERS),   "GOST89_GET_ASN1_PARAMETERS"},
+{ERR_FUNC(GOST_F_GOST89_SET_ASN1_PARAMETERS),   "GOST89_SET_ASN1_PARAMETERS"},
+{ERR_FUNC(GOST_F_GOST_KEY_CHECK_KEY),   "GOST_KEY_check_key"},
+{ERR_FUNC(GOST_F_GOST_KEY_NEW), "GOST_KEY_new"},
+{ERR_FUNC(GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES),   "GOST_KEY_set_public_key_affine_coordinates"},
+{ERR_FUNC(GOST_F_PARAM_COPY_GOST01),    "PARAM_COPY_GOST01"},
+{ERR_FUNC(GOST_F_PARAM_DECODE_GOST01),  "PARAM_DECODE_GOST01"},
+{ERR_FUNC(GOST_F_PKEY_GOST01_CTRL),     "PKEY_GOST01_CTRL"},
+{ERR_FUNC(GOST_F_PKEY_GOST01_DECRYPT),  "PKEY_GOST01_DECRYPT"},
+{ERR_FUNC(GOST_F_PKEY_GOST01_DERIVE),   "PKEY_GOST01_DERIVE"},
+{ERR_FUNC(GOST_F_PKEY_GOST01_ENCRYPT),  "PKEY_GOST01_ENCRYPT"},
+{ERR_FUNC(GOST_F_PKEY_GOST01_PARAMGEN), "PKEY_GOST01_PARAMGEN"},
+{ERR_FUNC(GOST_F_PKEY_GOST01_SIGN),     "PKEY_GOST01_SIGN"},
+{ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL),   "PKEY_GOST_MAC_CTRL"},
+{ERR_FUNC(GOST_F_PKEY_GOST_MAC_KEYGEN), "PKEY_GOST_MAC_KEYGEN"},
+{ERR_FUNC(GOST_F_PRIV_DECODE_GOST01),   "PRIV_DECODE_GOST01"},
+{ERR_FUNC(GOST_F_PUB_DECODE_GOST01),    "PUB_DECODE_GOST01"},
+{ERR_FUNC(GOST_F_PUB_ENCODE_GOST01),    "PUB_ENCODE_GOST01"},
+{ERR_FUNC(GOST_F_PUB_PRINT_GOST01),     "PUB_PRINT_GOST01"},
+{ERR_FUNC(GOST_F_UNPACK_SIGNATURE_CP),  "UNPACK_SIGNATURE_CP"},
+{ERR_FUNC(GOST_F_UNPACK_SIGNATURE_LE),  "UNPACK_SIGNATURE_LE"},
+{0,NULL}
+        };
+static ERR_STRING_DATA GOST_str_reasons[]=
+        {
+{ERR_REASON(GOST_R_BAD_KEY_PARAMETERS_FORMAT),"bad key parameters format"},
+{ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),"bad pkey parameters format"},
+{ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),"cannot pack ephemeral key"},
+{ERR_REASON(GOST_R_CTRL_CALL_FAILED)     ,"ctrl call failed"},
+{ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),"error computing shared key"},
+{ERR_REASON(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO),"error parsing key transport info"},
+{ERR_REASON(GOST_R_INCOMPATIBLE_ALGORITHMS),"incompatible algorithms"},
+{ERR_REASON(GOST_R_INCOMPATIBLE_PEER_KEY),"incompatible peer key"},
+{ERR_REASON(GOST_R_INVALID_DIGEST_TYPE)  ,"invalid digest type"},
+{ERR_REASON(GOST_R_INVALID_IV_LENGTH)    ,"invalid iv length"},
+{ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH),"invalid mac key length"},
+{ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED),"key is not initialized"},
+{ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING),"key parameters missing"},
+{ERR_REASON(GOST_R_MAC_KEY_NOT_SET)      ,"mac key not set"},
+{ERR_REASON(GOST_R_NO_PARAMETERS_SET)    ,"no parameters set"},
+{ERR_REASON(GOST_R_NO_PEER_KEY)          ,"no peer key"},
+{ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR),"no private part of non ephemeral keypair"},
+{ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED) ,"public key undefined"},
+{ERR_REASON(GOST_R_RANDOM_GENERATOR_FAILURE),"random generator failure"},
+{ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED),"random number generator failed"},
+{ERR_REASON(GOST_R_SIGNATURE_MISMATCH)   ,"signature mismatch"},
+{ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q),"signature parts greater than q"},
+{ERR_REASON(GOST_R_UKM_NOT_SET)          ,"ukm not set"},
+{0,NULL}
+        };
+#endif
+void ERR_load_GOST_strings(void)
+        {
+#ifndef OPENSSL_NO_ERR
+        if (ERR_func_error_string(GOST_str_functs[0].error) == NULL)
+                {
+                ERR_load_strings(0,GOST_str_functs);
+                ERR_load_strings(0,GOST_str_reasons);
+                }
+#endif
+        }
diff --git a/src/lib/libssl/src/crypto/gost/gost_locl.h b/src/lib/libssl/src/crypto/gost/gost_locl.h
new file mode 100644
index 0000000000..b616005dc5
--- /dev/null
+++ b/src/lib/libssl/src/crypto/gost/gost_locl.h
@@ -0,0 +1,114 @@
+/* $OpenBSD: gost_locl.h,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#ifndef HEADER_GOST_LOCL_H
+#define HEADER_GOST_LOCL_H
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+/* Internal representation of GOST substitution blocks */
+typedef struct {
+        unsigned char k8[16];
+        unsigned char k7[16];
+        unsigned char k6[16];
+        unsigned char k5[16];
+        unsigned char k4[16];
+        unsigned char k3[16];
+        unsigned char k2[16];
+        unsigned char k1[16];
+} gost_subst_block;             
+#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#  define c2l(c,l)      ((l)=*((const unsigned int *)(c)), (c)+=4)
+#  define l2c(l,c)      (*((unsigned int *)(c))=(l), (c)+=4)
+#else
+#define c2l(c,l)        (l =(((unsigned long)(*((c)++)))    ),          \
+                         l|=(((unsigned long)(*((c)++)))<< 8),          \
+                         l|=(((unsigned long)(*((c)++)))<<16),          \
+                         l|=(((unsigned long)(*((c)++)))<<24))
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)    )&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff))
+#endif
+extern void Gost2814789_encrypt(const unsigned char *in, unsigned char *out,
+        const GOST2814789_KEY *key);
+extern void Gost2814789_decrypt(const unsigned char *in, unsigned char *out,
+        const GOST2814789_KEY *key);
+extern void Gost2814789_cryptopro_key_mesh(GOST2814789_KEY *key);
+/* GOST 28147-89 key wrapping */
+extern int key_unwrap_crypto_pro(int nid, const unsigned char *keyExchangeKey,
+                       const unsigned char *wrappedKey,
+                       unsigned char *sessionKey);
+extern int key_wrap_crypto_pro(int nid, const unsigned char *keyExchangeKey,
+                     const unsigned char *ukm, const unsigned char *sessionKey,
+                     unsigned char *wrappedKey);
+/* Pkey part */
+extern int gost2001_compute_public(GOST_KEY * ec);
+extern ECDSA_SIG *gost2001_do_sign(BIGNUM * md, GOST_KEY * eckey);
+extern int gost2001_do_verify(BIGNUM * md, ECDSA_SIG * sig, GOST_KEY * ec);
+extern int gost2001_keygen(GOST_KEY * ec);
+extern void VKO_compute_key(BIGNUM * X, BIGNUM * Y,
+                            const GOST_KEY * pkey, GOST_KEY * priv_key,
+                            const BIGNUM * ukm);
+extern BIGNUM *GOST_le2bn(const unsigned char * buf, size_t len, BIGNUM * bn);
+extern int GOST_bn2le(BIGNUM * bn, unsigned char * buf, int len);
+/* GOST R 34.10 parameters */
+extern int GostR3410_get_md_digest(int nid);
+extern int GostR3410_get_pk_digest(int nid);
+extern int GostR3410_256_param_id(const char *value);
+extern int GostR3410_512_param_id(const char *value);
+#endif
diff --git a/src/lib/libssl/src/crypto/gost/gostr341001.c b/src/lib/libssl/src/crypto/gost/gostr341001.c
new file mode 100644
index 0000000000..3c314765f7
--- /dev/null
+++ b/src/lib/libssl/src/crypto/gost/gostr341001.c
@@ -0,0 +1,321 @@
+/* $OpenBSD: gostr341001.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/err.h>
+#include <openssl/gost.h>
+#include "gost_locl.h"
+/* Convert little-endian byte array into bignum */
+BIGNUM *GOST_le2bn(const unsigned char * buf, size_t len, BIGNUM * bn)
+{
+        unsigned char temp[64];
+        int i;
+        if (len > 64)
+                return NULL;
+        for (i = 0; i < len; i++) {
+                temp[len - 1 - i] = buf[i];
+        }
+        return BN_bin2bn(temp, len, bn);
+}
+int GOST_bn2le(BIGNUM * bn, unsigned char * buf, int len)
+{
+        unsigned char temp[64];
+        int i, bytes;
+        bytes = BN_num_bytes(bn);
+        if (len > 64 || bytes > len)
+                return 0;
+        BN_bn2bin(bn, temp);
+        for (i = 0; i < bytes; i++) {
+                buf[bytes - 1 - i] = temp[i];
+        }
+        memset(buf + bytes, 0, len - bytes);
+        return 1;
+}
+int gost2001_compute_public(GOST_KEY * ec)
+{
+        const EC_GROUP *group = GOST_KEY_get0_group(ec);
+        EC_POINT *pub_key = NULL;
+        const BIGNUM *priv_key = NULL;
+        BN_CTX *ctx = NULL;
+        int ok = 0;
+        if (!group) {
+                GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,
+                        GOST_R_KEY_IS_NOT_INITIALIZED);
+                return 0;
+        }
+        ctx = BN_CTX_new();
+        BN_CTX_start(ctx);
+        if (!(priv_key = GOST_KEY_get0_private_key(ec))) {
+                GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
+                goto err;
+        }
+        pub_key = EC_POINT_new(group);
+        if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) {
+                GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
+                goto err;
+        }
+        if (!GOST_KEY_set_public_key(ec, pub_key)) {
+                GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB);
+                goto err;
+        }
+        ok = 256;
+err:
+        BN_CTX_end(ctx);
+        EC_POINT_free(pub_key);
+        BN_CTX_free(ctx);
+        return ok;
+}
+ECDSA_SIG *gost2001_do_sign(BIGNUM * md, GOST_KEY * eckey)
+{
+        ECDSA_SIG *newsig = NULL;
+        BIGNUM *order = NULL;
+        const EC_GROUP *group;
+        const BIGNUM *priv_key;
+        BIGNUM *r = NULL, *s = NULL, *X = NULL, *tmp = NULL, *tmp2 = NULL, *k =
+            NULL, *e = NULL;
+        EC_POINT *C = NULL;
+        BN_CTX *ctx = BN_CTX_new();
+        BN_CTX_start(ctx);
+        newsig = ECDSA_SIG_new();
+        if (!newsig) {
+                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        s = newsig->s;
+        r = newsig->r;
+        group = GOST_KEY_get0_group(eckey);
+        order = BN_CTX_get(ctx);
+        EC_GROUP_get_order(group, order, ctx);
+        priv_key = GOST_KEY_get0_private_key(eckey);
+        e = BN_CTX_get(ctx);
+        BN_mod(e, md, order, ctx);
+        if (BN_is_zero(e)) {
+                BN_one(e);
+        }
+        k = BN_CTX_get(ctx);
+        X = BN_CTX_get(ctx);
+        C = EC_POINT_new(group);
+        do {
+                do {
+                        if (!BN_rand_range(k, order)) {
+                                GOSTerr(GOST_F_GOST2001_DO_SIGN,
+                                        GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
+                                ECDSA_SIG_free(newsig);
+                                newsig = NULL;
+                                goto err;
+                        }
+                        /* We do not want timing information to leak the length of k,
+                         * so we compute G*k using an equivalent scalar of fixed
+                         * bit-length. */
+                        if (!BN_add(k, k, order))
+                                goto err;
+                        if (BN_num_bits(k) <= BN_num_bits(order))
+                                if (!BN_add(k, k, order))
+                                        goto err;
+                        if (!EC_POINT_mul(group, C, k, NULL, NULL, ctx)) {
+                                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
+                                ECDSA_SIG_free(newsig);
+                                newsig = NULL;
+                                goto err;
+                        }
+                        if (!EC_POINT_get_affine_coordinates_GFp
+                            (group, C, X, NULL, ctx)) {
+                                GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB);
+                                ECDSA_SIG_free(newsig);
+                                newsig = NULL;
+                                goto err;
+                        }
+                        BN_nnmod(r, X, order, ctx);
+                }
+                while (BN_is_zero(r));
+                /* s =  (r*priv_key+k*e) mod order */
+                if (!tmp)
+                        tmp = BN_CTX_get(ctx);
+                BN_mod_mul(tmp, priv_key, r, order, ctx);
+                if (!tmp2)
+                        tmp2 = BN_CTX_get(ctx);
+                BN_mod_mul(tmp2, k, e, order, ctx);
+                BN_mod_add(s, tmp, tmp2, order, ctx);
+        }
+        while (BN_is_zero(s));
+err:
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+        EC_POINT_free(C);
+        BN_free(md);
+        return newsig;
+}
+int gost2001_do_verify(BIGNUM * md, ECDSA_SIG * sig, GOST_KEY * ec)
+{
+        BN_CTX *ctx = BN_CTX_new();
+        const EC_GROUP *group = GOST_KEY_get0_group(ec);
+        BIGNUM *order;
+        BIGNUM *e = NULL, *R = NULL, *v = NULL, *z1 = NULL, *z2 = NULL;
+        BIGNUM *X = NULL, *tmp = NULL;
+        EC_POINT *C = NULL;
+        const EC_POINT *pub_key = NULL;
+        int ok = 0;
+        BN_CTX_start(ctx);
+        order = BN_CTX_get(ctx);
+        e = BN_CTX_get(ctx);
+        z1 = BN_CTX_get(ctx);
+        z2 = BN_CTX_get(ctx);
+        tmp = BN_CTX_get(ctx);
+        X = BN_CTX_get(ctx);
+        R = BN_CTX_get(ctx);
+        v = BN_CTX_get(ctx);
+        EC_GROUP_get_order(group, order, ctx);
+        pub_key = GOST_KEY_get0_public_key(ec);
+        if (BN_is_zero(sig->s) || BN_is_zero(sig->r) ||
+            (BN_cmp(sig->s, order) >= 1) || (BN_cmp(sig->r, order) >= 1)) {
+                GOSTerr(GOST_F_GOST2001_DO_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
+                goto err;
+        }
+        BN_mod(e, md, order, ctx);
+        if (BN_is_zero(e))
+                BN_one(e);
+        v = BN_mod_inverse(v, e, order, ctx);
+        BN_mod_mul(z1, sig->s, v, order, ctx);
+        BN_sub(tmp, order, sig->r);
+        BN_mod_mul(z2, tmp, v, order, ctx);
+        C = EC_POINT_new(group);
+        if (!EC_POINT_mul(group, C, z1, pub_key, z2, ctx)) {
+                GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
+                goto err;
+        }
+        if (!EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx)) {
+                GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
+                goto err;
+        }
+        BN_mod(R, X, order, ctx);
+        if (BN_cmp(R, sig->r) != 0) {
+                GOSTerr(GOST_F_GOST2001_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
+        } else {
+                ok = 1;
+        }
+ err:
+        EC_POINT_free(C);
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+        return ok;
+}
+/* Implementation of CryptoPro VKO 34.10-2001 algorithm */
+void VKO_compute_key(BIGNUM * X, BIGNUM * Y,
+                     const GOST_KEY * pkey, GOST_KEY * priv_key,
+                     const BIGNUM * ukm)
+{
+        BIGNUM *p = NULL, *order = NULL;
+        const BIGNUM *key = GOST_KEY_get0_private_key(priv_key);
+        const EC_POINT *pub_key = GOST_KEY_get0_public_key(pkey);
+        EC_POINT *pnt = EC_POINT_new(GOST_KEY_get0_group(priv_key));
+        BN_CTX *ctx = BN_CTX_new();
+        BN_CTX_start(ctx);
+        p = BN_CTX_get(ctx);
+        order = BN_CTX_get(ctx);
+        EC_GROUP_get_order(GOST_KEY_get0_group(priv_key), order, ctx);
+        BN_mod_mul(p, key, ukm, order, ctx);
+        EC_POINT_mul(GOST_KEY_get0_group(priv_key), pnt, NULL, pub_key, p, ctx);
+        EC_POINT_get_affine_coordinates_GFp(GOST_KEY_get0_group(priv_key),
+                                            pnt, X, Y, ctx);
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+        EC_POINT_free(pnt);
+}
+int gost2001_keygen(GOST_KEY * ec)
+{
+        BIGNUM *order = BN_new(), *d = BN_new();
+        const EC_GROUP *group = GOST_KEY_get0_group(ec);
+        EC_GROUP_get_order(group, order, NULL);
+        do {
+                if (!BN_rand_range(d, order)) {
+                        GOSTerr(GOST_F_GOST2001_KEYGEN,
+                                GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
+                        BN_free(d);
+                        BN_free(order);
+                        return 0;
+                }
+        } while (BN_is_zero(d));
+        GOST_KEY_set_private_key(ec, d);
+        BN_free(d);
+        BN_free(order);
+        return gost2001_compute_public(ec);
+}
+#endif
diff --git a/src/lib/libssl/src/crypto/gost/gostr341001_ameth.c b/src/lib/libssl/src/crypto/gost/gostr341001_ameth.c
new file mode 100644
index 0000000000..09b851cef4
--- /dev/null
+++ b/src/lib/libssl/src/crypto/gost/gostr341001_ameth.c
@@ -0,0 +1,656 @@
+/* $OpenBSD: gostr341001_ameth.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/evp.h>
+#include <openssl/ec.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/gost.h>
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
+#include "asn1_locl.h"
+#include "gost_locl.h"
+#include "gost_asn1.h"
+static void pkey_free_gost01(EVP_PKEY *key)
+{
+        GOST_KEY_free(key->pkey.gost);
+}
+/* Parses GOST algorithm parameters from X509_ALGOR and
+ * modifies pkey setting NID and parameters
+ */
+static int decode_gost01_algor_params(EVP_PKEY * pkey, const unsigned char **p, int len)
+{
+        int param_nid = NID_undef, digest_nid = NID_undef;
+        GOST_KEY_PARAMS *gkp = NULL;
+        EC_GROUP *group;
+        GOST_KEY *ec;
+        gkp = d2i_GOST_KEY_PARAMS(NULL, p, len);
+        if (!gkp) {
+                GOSTerr(GOST_F_DECODE_GOST01_ALGOR_PARAMS,
+                        GOST_R_BAD_PKEY_PARAMETERS_FORMAT);
+                return 0;
+        }
+        param_nid = OBJ_obj2nid(gkp->key_params);
+        digest_nid = OBJ_obj2nid(gkp->hash_params);
+        GOST_KEY_PARAMS_free(gkp);
+        ec = pkey->pkey.gost;
+        if (!ec) {
+                ec = GOST_KEY_new();
+                if (!EVP_PKEY_assign_GOST(pkey, ec))
+                        return 0;
+        }
+        group = EC_GROUP_new_by_curve_name(param_nid);
+        if (group == NULL)
+                return 0;
+        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+        if (GOST_KEY_set_group(ec, group) == 0) {
+                EC_GROUP_free(group);
+                return 0;
+        }
+        EC_GROUP_free(group);
+        if (GOST_KEY_set_digest(ec, digest_nid) == 0)
+                return 0;
+        return 1;
+}
+static ASN1_STRING *encode_gost01_algor_params(const EVP_PKEY * key)
+{
+        ASN1_STRING *params = ASN1_STRING_new();
+        GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new();
+        int pkey_param_nid = NID_undef;
+        if (!params || !gkp) {
+                GOSTerr(GOST_F_ENCODE_GOST01_ALGOR_PARAMS, ERR_R_MALLOC_FAILURE);
+                ASN1_STRING_free(params);
+                params = NULL;
+                goto err;
+        }
+        pkey_param_nid = EC_GROUP_get_curve_name(GOST_KEY_get0_group(key->pkey.gost));
+        gkp->key_params = OBJ_nid2obj(pkey_param_nid);
+        gkp->hash_params = OBJ_nid2obj(GOST_KEY_get_digest(key->pkey.gost));
+        /*gkp->cipher_params = OBJ_nid2obj(cipher_param_nid); */
+        params->length = i2d_GOST_KEY_PARAMS(gkp, &params->data);
+        if (params->length <= 0) {
+                GOSTerr(GOST_F_ENCODE_GOST01_ALGOR_PARAMS, ERR_R_MALLOC_FAILURE);
+                ASN1_STRING_free(params);
+                params = NULL;
+                goto err;
+        }
+        params->type = V_ASN1_SEQUENCE;
+err:
+        GOST_KEY_PARAMS_free(gkp);
+        return params;
+}
+static int pub_cmp_gost01(const EVP_PKEY * a, const EVP_PKEY * b)
+{
+        const GOST_KEY *ea = a->pkey.gost;
+        const GOST_KEY *eb = b->pkey.gost;
+        const EC_POINT *ka, *kb;
+        int ret = 0;
+        if (!ea || !eb)
+                return 0;
+        ka = GOST_KEY_get0_public_key(ea);
+        kb = GOST_KEY_get0_public_key(eb);
+        if (!ka || !kb)
+                return 0;
+        ret = (0 == EC_POINT_cmp(GOST_KEY_get0_group(ea), ka, kb, NULL));
+        return ret;
+}
+static int pkey_size_gost01(const EVP_PKEY * pk)
+{
+        if (GOST_KEY_get_digest(pk->pkey.gost) == NID_id_tc26_gost3411_2012_512)
+                return 128;
+        return 64;
+}
+static int pkey_bits_gost01(const EVP_PKEY * pk)
+{
+        if (GOST_KEY_get_digest(pk->pkey.gost) == NID_id_tc26_gost3411_2012_512)
+                return 512;
+        return 256;
+}
+static int pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub)
+{
+        X509_ALGOR *palg = NULL;
+        const unsigned char *pubkey_buf = NULL;
+        const unsigned char *p;
+        ASN1_OBJECT *palgobj = NULL;
+        int pub_len;
+        BIGNUM *X, *Y;
+        ASN1_OCTET_STRING *octet = NULL;
+        int len;
+        int ret;
+        int ptype = V_ASN1_UNDEF;
+        ASN1_STRING *pval = NULL;
+        if (!X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len,
+                                    &palg, pub))
+                return 0;
+        EVP_PKEY_assign_GOST(pk, NULL);
+        X509_ALGOR_get0(NULL, &ptype, (void **)&pval, palg);
+        if (ptype != V_ASN1_SEQUENCE) {
+                GOSTerr(GOST_F_PUB_DECODE_GOST01,
+                        GOST_R_BAD_KEY_PARAMETERS_FORMAT);
+                return 0;
+        }
+        p = pval->data;
+        if (!decode_gost01_algor_params(pk, &p, pval->length))
+                return 0;
+        octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);
+        if (!octet) {
+                GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        len = octet->length / 2;
+        X = GOST_le2bn(octet->data, len, NULL);
+        Y = GOST_le2bn(octet->data + len, len, NULL);
+        ASN1_OCTET_STRING_free(octet);
+        ret = GOST_KEY_set_public_key_affine_coordinates(pk->pkey.gost, X, Y);
+        if (!ret)
+                GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_EC_LIB);
+        BN_free(X);
+        BN_free(Y);
+        return ret;
+}
+static int pub_encode_gost01(X509_PUBKEY * pub, const EVP_PKEY * pk)
+{
+        ASN1_OBJECT *algobj = NULL;
+        ASN1_OCTET_STRING *octet = NULL;
+        void *pval = NULL;
+        unsigned char *buf = NULL, *sptr;
+        int key_size, ret = 0;
+        const EC_POINT *pub_key;
+        BIGNUM *X, *Y;
+        const GOST_KEY *ec = pk->pkey.gost;
+        int ptype = V_ASN1_UNDEF;
+        algobj = OBJ_nid2obj(GostR3410_get_pk_digest(GOST_KEY_get_digest(ec)));
+        if (pk->save_parameters) {
+                ASN1_STRING *params = encode_gost01_algor_params(pk);
+                pval = params;
+                ptype = V_ASN1_SEQUENCE;
+        }
+        key_size = GOST_KEY_get_size(ec);
+        pub_key = GOST_KEY_get0_public_key(ec);
+        if (!pub_key) {
+                GOSTerr(GOST_F_PUB_ENCODE_GOST01, GOST_R_PUBLIC_KEY_UNDEFINED);
+                return 0;
+        }
+        octet = ASN1_OCTET_STRING_new();
+        if (!octet) {
+                GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        ret = ASN1_STRING_set(octet, NULL, 2 * key_size);
+        if (!ret) {
+                GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_INTERNAL_ERROR);
+                ASN1_BIT_STRING_free(octet);
+                return 0;
+        }
+        sptr = ASN1_STRING_data(octet);
+        X = BN_new();
+        Y = BN_new();
+        if (!X || !Y) {
+                GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_MALLOC_FAILURE);
+                ASN1_BIT_STRING_free(octet);
+                BN_free(X);
+                BN_free(Y);
+                return 0;
+        }
+        EC_POINT_get_affine_coordinates_GFp(GOST_KEY_get0_group(ec),
+                                            pub_key, X, Y, NULL);
+        GOST_bn2le(X, sptr, key_size);
+        GOST_bn2le(Y, sptr + key_size, key_size);
+        BN_free(X);
+        BN_free(Y);
+        ret = i2d_ASN1_OCTET_STRING(octet, &buf);
+        ASN1_BIT_STRING_free(octet);
+        if (ret < 0)
+                return 0;
+        return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret);
+}
+static int param_print_gost01(BIO * out, const EVP_PKEY * pkey, int indent,
+                              ASN1_PCTX * pctx)
+{
+        int param_nid = EC_GROUP_get_curve_name(GOST_KEY_get0_group(pkey->pkey.gost));
+        if (!BIO_indent(out, indent, 128))
+                return 0;
+        BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid));
+        if (!BIO_indent(out, indent, 128))
+                return 0;
+        BIO_printf(out, "Digest Algorithm: %s\n", OBJ_nid2ln(GOST_KEY_get_digest(pkey->pkey.gost)));
+        return 1;
+}
+static int pub_print_gost01(BIO * out, const EVP_PKEY * pkey, int indent,
+                            ASN1_PCTX * pctx)
+{
+        BN_CTX *ctx = BN_CTX_new();
+        BIGNUM *X, *Y;
+        const EC_POINT *pubkey;
+        const EC_GROUP *group;
+        if (!ctx) {
+                GOSTerr(GOST_F_PUB_PRINT_GOST01, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        BN_CTX_start(ctx);
+        X = BN_CTX_get(ctx);
+        Y = BN_CTX_get(ctx);
+        pubkey = GOST_KEY_get0_public_key(pkey->pkey.gost);
+        group = GOST_KEY_get0_group(pkey->pkey.gost);
+        if (!EC_POINT_get_affine_coordinates_GFp(group, pubkey, X, Y, ctx)) {
+                GOSTerr(GOST_F_PUB_PRINT_GOST01, ERR_R_EC_LIB);
+                BN_CTX_free(ctx);
+                return 0;
+        }
+        if (!BIO_indent(out, indent, 128))
+                return 0;
+        BIO_printf(out, "Public key:\n");
+        if (!BIO_indent(out, indent + 3, 128))
+                return 0;
+        BIO_printf(out, "X:");
+        BN_print(out, X);
+        BIO_printf(out, "\n");
+        BIO_indent(out, indent + 3, 128);
+        BIO_printf(out, "Y:");
+        BN_print(out, Y);
+        BIO_printf(out, "\n");
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+        return param_print_gost01(out, pkey, indent, pctx);
+}
+static int priv_print_gost01(BIO * out, const EVP_PKEY * pkey, int indent,
+                             ASN1_PCTX * pctx)
+{
+        const BIGNUM *key;
+        if (!BIO_indent(out, indent, 128))
+                return 0;
+        BIO_printf(out, "Private key: ");
+        key = GOST_KEY_get0_private_key(pkey->pkey.gost);
+        if (!key)
+                BIO_printf(out, "<undefined)");
+        else
+                BN_print(out, key);
+        BIO_printf(out, "\n");
+        return pub_print_gost01(out, pkey, indent, pctx);
+}
+static int priv_decode_gost01(EVP_PKEY * pk, PKCS8_PRIV_KEY_INFO * p8inf)
+{
+        const unsigned char *pkey_buf = NULL, *p = NULL;
+        int priv_len = 0;
+        BIGNUM *pk_num = NULL;
+        int ret = 0;
+        X509_ALGOR *palg = NULL;
+        ASN1_OBJECT *palg_obj = NULL;
+        ASN1_INTEGER *priv_key = NULL;
+        GOST_KEY *ec;
+        int ptype = V_ASN1_UNDEF;
+        ASN1_STRING *pval = NULL;
+        if (!PKCS8_pkey_get0(&palg_obj, &pkey_buf, &priv_len, &palg, p8inf))
+                return 0;
+        EVP_PKEY_assign_GOST(pk, NULL);
+        X509_ALGOR_get0(NULL, &ptype, (void **)&pval, palg);
+        if (ptype != V_ASN1_SEQUENCE) {
+                GOSTerr(GOST_F_PUB_DECODE_GOST01,
+                        GOST_R_BAD_KEY_PARAMETERS_FORMAT);
+                return 0;
+        }
+        p = pval->data;
+        if (!decode_gost01_algor_params(pk, &p, pval->length))
+                return 0;
+        p = pkey_buf;
+        if (V_ASN1_OCTET_STRING == *p) {
+                /* New format - Little endian octet string */
+                unsigned char rev_buf[32];
+                int i;
+                ASN1_OCTET_STRING *s = d2i_ASN1_OCTET_STRING(NULL, &p, priv_len);
+                if (!s || s->length != 32) {
+                        GOSTerr(GOST_F_PRIV_DECODE_GOST01, EVP_R_DECODE_ERROR);
+                        return 0;
+                }
+                for (i = 0; i < 32; i++) {
+                        rev_buf[31 - i] = s->data[i];
+                }
+                ASN1_STRING_free(s);
+                pk_num = BN_bin2bn(rev_buf, 32, NULL);
+        } else {
+                priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len);
+                if (!priv_key)
+                        return 0;
+                ret = ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL)) != NULL);
+                ASN1_INTEGER_free(priv_key);
+                if (!ret) {
+                        GOSTerr(GOST_F_PRIV_DECODE_GOST01, EVP_R_DECODE_ERROR);
+                        return 0;
+                }
+        }
+        ec = pk->pkey.gost;
+        if (!ec) {
+                ec = GOST_KEY_new();
+                EVP_PKEY_assign_GOST(pk, ec);
+        }
+        if (!GOST_KEY_set_private_key(ec, pk_num)) {
+                BN_free(pk_num);
+                return 0;
+        }
+        if (!EVP_PKEY_missing_parameters(pk))
+                gost2001_compute_public(ec);
+        BN_free(pk_num);
+        return 1;
+}
+static int priv_encode_gost01(PKCS8_PRIV_KEY_INFO * p8, const EVP_PKEY * pk)
+{
+        ASN1_OBJECT *algobj = OBJ_nid2obj(GostR3410_get_pk_digest(GOST_KEY_get_digest(pk->pkey.gost)));
+        ASN1_STRING *params = encode_gost01_algor_params(pk);
+        unsigned char *priv_buf = NULL;
+        int priv_len;
+        ASN1_INTEGER *asn1key = NULL;
+        if (!params) {
+                return 0;
+        }
+        asn1key = BN_to_ASN1_INTEGER(GOST_KEY_get0_private_key(pk->pkey.gost), NULL);
+        priv_len = i2d_ASN1_INTEGER(asn1key, &priv_buf);
+        ASN1_INTEGER_free(asn1key);
+        return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params,
+                               priv_buf, priv_len);
+}
+static int param_encode_gost01(const EVP_PKEY * pkey, unsigned char **pder)
+{
+        ASN1_STRING *params = encode_gost01_algor_params(pkey);
+        int len;
+        if (!params)
+                return 0;
+        len = params->length;
+        if (pder)
+                memcpy(*pder, params->data, params->length);
+        ASN1_STRING_free(params);
+        return len;
+}
+static int param_decode_gost01(EVP_PKEY * pkey, const unsigned char **pder,
+                               int derlen)
+{
+        ASN1_OBJECT *obj = NULL;
+        int nid;
+        GOST_KEY *ec;
+        EC_GROUP *group;
+        /* New format */
+        if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == **pder)
+                return decode_gost01_algor_params(pkey, pder, derlen);
+        /* Compatibility */
+        if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
+                GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        nid = OBJ_obj2nid(obj);
+        ASN1_OBJECT_free(obj);
+        ec = GOST_KEY_new();
+        if (!ec) {
+                GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        group = EC_GROUP_new_by_curve_name(nid);
+        if (group == NULL) {
+                GOSTerr(GOST_F_PARAM_DECODE_GOST01, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
+                GOST_KEY_free(ec);
+                return 0;
+        }
+        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+        if (GOST_KEY_set_group(ec, group) == 0) {
+                GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_EC_LIB);
+                EC_GROUP_free(group);
+                GOST_KEY_free(ec);
+                return 0;
+        }
+        EC_GROUP_free(group);
+        if (GOST_KEY_set_digest(ec, NID_id_GostR3411_94_CryptoProParamSet) == 0) {
+                GOSTerr(GOST_F_PARAM_DECODE_GOST01, GOST_R_INVALID_DIGEST_TYPE);
+                GOST_KEY_free(ec);
+                return 0;
+        }
+        EVP_PKEY_assign_GOST(pkey, ec);
+        return 1;
+}
+static int param_missing_gost01(const EVP_PKEY * pk)
+{
+        const GOST_KEY *ec = pk->pkey.gost;
+        if (!ec)
+                return 1;
+        if (!GOST_KEY_get0_group(ec))
+                return 1;
+        if (GOST_KEY_get_digest(ec) == NID_undef)
+                return 1;
+        return 0;
+}
+static int param_copy_gost01(EVP_PKEY * to, const EVP_PKEY * from)
+{
+        GOST_KEY *eto = to->pkey.gost;
+        const GOST_KEY *efrom = from->pkey.gost;
+        if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {
+                GOSTerr(GOST_F_PARAM_COPY_GOST01,
+                        GOST_R_INCOMPATIBLE_ALGORITHMS);
+                return 0;
+        }
+        if (!efrom) {
+                GOSTerr(GOST_F_PARAM_COPY_GOST01,
+                        GOST_R_KEY_PARAMETERS_MISSING);
+                return 0;
+        }
+        if (!eto) {
+                eto = GOST_KEY_new();
+                EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto);
+        }
+        GOST_KEY_set_group(eto, GOST_KEY_get0_group(efrom));
+        GOST_KEY_set_digest(eto, GOST_KEY_get_digest(efrom));
+        if (GOST_KEY_get0_private_key(eto)) {
+                gost2001_compute_public(eto);
+        }
+        return 1;
+}
+static int param_cmp_gost01(const EVP_PKEY * a, const EVP_PKEY * b)
+{
+        if (EC_GROUP_get_curve_name(GOST_KEY_get0_group(a->pkey.gost)) !=
+            EC_GROUP_get_curve_name(GOST_KEY_get0_group(b->pkey.gost))) {
+                return 0;
+        }
+        if (GOST_KEY_get_digest(a->pkey.gost) !=
+            GOST_KEY_get_digest(b->pkey.gost))
+                return 0;
+        return 1;
+}
+static int pkey_ctrl_gost01(EVP_PKEY * pkey, int op, long arg1, void *arg2)
+{
+        X509_ALGOR *alg1 = NULL, *alg2 = NULL, *alg3 = NULL;
+        int digest = GOST_KEY_get_digest(pkey->pkey.gost);
+        switch (op) {
+        case ASN1_PKEY_CTRL_PKCS7_SIGN:
+                if (arg1 == 0)
+                        PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
+                break;
+        case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
+                if (arg1 == 0)
+                        PKCS7_RECIP_INFO_get0_alg(arg2, &alg3);
+                break;
+#ifndef OPENSSL_NO_CMS
+        case ASN1_PKEY_CTRL_CMS_SIGN:
+                if (arg1 == 0)
+                        CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
+                break;
+        case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+                if (arg1 == 0)
+                        CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg3);
+                break;
+#endif
+        case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+                *(int *)arg2 = GostR3410_get_md_digest(digest);
+                return 2;
+        default:
+                return -2;
+        }
+        if (alg1)
+                X509_ALGOR_set0(alg1, OBJ_nid2obj(GostR3410_get_md_digest(digest)), V_ASN1_NULL, 0);
+        if (alg2)
+                X509_ALGOR_set0(alg2, OBJ_nid2obj(GostR3410_get_pk_digest(digest)), V_ASN1_NULL, 0);
+        if (alg3) {
+                ASN1_STRING *params = encode_gost01_algor_params(pkey);
+                if (!params) {
+                        return -1;
+                }
+                X509_ALGOR_set0(alg3, OBJ_nid2obj(GostR3410_get_pk_digest(digest)), V_ASN1_SEQUENCE, params);
+        }
+        return 1;
+}
+const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[] = {
+        {
+                .pkey_id = EVP_PKEY_GOSTR01,
+                .pkey_base_id = EVP_PKEY_GOSTR01,
+                .pkey_flags = ASN1_PKEY_SIGPARAM_NULL,
+                .pem_str = "GOST2001",
+                .info = "GOST R 34.10-2001",
+                .pkey_free = pkey_free_gost01,
+                .pkey_ctrl = pkey_ctrl_gost01,
+                .priv_decode = priv_decode_gost01,
+                .priv_encode = priv_encode_gost01,
+                .priv_print = priv_print_gost01,
+                .param_decode = param_decode_gost01,
+                .param_encode = param_encode_gost01,
+                .param_missing = param_missing_gost01,
+                .param_copy = param_copy_gost01,
+                .param_cmp = param_cmp_gost01,
+                .param_print = param_print_gost01,
+                .pub_decode = pub_decode_gost01,
+                .pub_encode = pub_encode_gost01,
+                .pub_cmp = pub_cmp_gost01,
+                .pub_print = pub_print_gost01,
+                .pkey_size = pkey_size_gost01,
+                .pkey_bits = pkey_bits_gost01,
+        },
+        {
+                .pkey_id = EVP_PKEY_GOSTR12_256,
+                .pkey_base_id = EVP_PKEY_GOSTR01,
+                .pkey_flags = ASN1_PKEY_ALIAS
+        },
+        {
+                .pkey_id = EVP_PKEY_GOSTR12_512,
+                .pkey_base_id = EVP_PKEY_GOSTR01,
+                .pkey_flags = ASN1_PKEY_ALIAS
+        },
+};
+#endif
diff --git a/src/lib/libssl/src/crypto/gost/gostr341001_key.c b/src/lib/libssl/src/crypto/gost/gostr341001_key.c
new file mode 100644
index 0000000000..9c7f52b769
--- /dev/null
+++ b/src/lib/libssl/src/crypto/gost/gostr341001_key.c
@@ -0,0 +1,306 @@
+/* $OpenBSD: gostr341001_key.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/err.h>
+#include <openssl/gost.h>
+#include <openssl/objects.h>
+#include "gost_locl.h"
+struct gost_key_st {
+        EC_GROUP *group;
+        EC_POINT *pub_key;
+        BIGNUM   *priv_key;
+        int     references;
+        int digest_nid;
+};
+GOST_KEY * GOST_KEY_new(void)
+{
+        GOST_KEY *ret;
+        ret = malloc(sizeof(GOST_KEY));
+        if (ret == NULL) {
+                GOSTerr(GOST_F_GOST_KEY_NEW, ERR_R_MALLOC_FAILURE);
+                return (NULL);
+        }
+        ret->group = NULL;
+        ret->pub_key = NULL;
+        ret->priv_key = NULL;
+        ret->references = 1;
+        ret->digest_nid = NID_undef;
+        return (ret);
+}
+void GOST_KEY_free(GOST_KEY * r)
+{
+        int i;
+        if (r == NULL)
+                return;
+        i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC);
+        if (i > 0)
+                return;
+        EC_GROUP_free(r->group);
+        EC_POINT_free(r->pub_key);
+        BN_clear_free(r->priv_key);
+        OPENSSL_cleanse((void *) r, sizeof(GOST_KEY));
+        free(r);
+}
+int GOST_KEY_check_key(const GOST_KEY * key)
+{
+        int ok = 0;
+        BN_CTX *ctx = NULL;
+        BIGNUM *order = NULL;
+        EC_POINT *point = NULL;
+        if (!key || !key->group || !key->pub_key) {
+                GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+        }
+        if (EC_POINT_is_at_infinity(key->group, key->pub_key)) {
+                GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
+                goto err;
+        }
+        if ((ctx = BN_CTX_new()) == NULL)
+                goto err;
+        if ((point = EC_POINT_new(key->group)) == NULL)
+                goto err;
+        /* testing whether the pub_key is on the elliptic curve */
+        if (!EC_POINT_is_on_curve(key->group, key->pub_key, ctx)) {
+                GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
+                goto err;
+        }
+        /* testing whether pub_key * order is the point at infinity */
+        if ((order = BN_new()) == NULL)
+                goto err;
+        if (!EC_GROUP_get_order(key->group, order, ctx)) {
+                GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
+                goto err;
+        }
+        if (!EC_POINT_mul(key->group, point, NULL, key->pub_key, order, ctx)) {
+                GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_EC_LIB);
+                goto err;
+        }
+        if (!EC_POINT_is_at_infinity(key->group, point)) {
+                GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
+                goto err;
+        }
+        /*
+         * in case the priv_key is present : check if generator * priv_key ==
+         * pub_key
+         */
+        if (key->priv_key) {
+                if (BN_cmp(key->priv_key, order) >= 0) {
+                        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
+                        goto err;
+                }
+                if (!EC_POINT_mul(key->group, point, key->priv_key,
+                        NULL, NULL, ctx)) {
+                        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_EC_LIB);
+                        goto err;
+                }
+                if (EC_POINT_cmp(key->group, point, key->pub_key,
+                        ctx) != 0) {
+                        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
+                        goto err;
+                }
+        }
+        ok = 1;
+err:
+        BN_free(order);
+        BN_CTX_free(ctx);
+        EC_POINT_free(point);
+        return (ok);
+}
+int GOST_KEY_set_public_key_affine_coordinates(GOST_KEY * key, BIGNUM * x, BIGNUM * y)
+{
+        BN_CTX *ctx = NULL;
+        BIGNUM *tx, *ty;
+        EC_POINT *point = NULL;
+        int ok = 0;
+        if (!key || !key->group || !x || !y) {
+                GOSTerr(GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
+                    ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+        }
+        ctx = BN_CTX_new();
+        if (!ctx)
+                goto err;
+        point = EC_POINT_new(key->group);
+        if (!point)
+                goto err;
+        tx = BN_CTX_get(ctx);
+        ty = BN_CTX_get(ctx);
+        if (!EC_POINT_set_affine_coordinates_GFp(key->group, point,
+                                x, y, ctx))
+                goto err;
+        if (!EC_POINT_get_affine_coordinates_GFp(key->group, point,
+                                tx, ty, ctx))
+                goto err;
+        /*
+         * Check if retrieved coordinates match originals: if not values are
+         * out of range.
+         */
+        if (BN_cmp(x, tx) || BN_cmp(y, ty)) {
+                GOSTerr(GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
+                    EC_R_COORDINATES_OUT_OF_RANGE);
+                goto err;
+        }
+        if (!GOST_KEY_set_public_key(key, point))
+                goto err;
+        if (GOST_KEY_check_key(key) == 0)
+                goto err;
+        ok = 1;
+err:
+        BN_CTX_free(ctx);
+        EC_POINT_free(point);
+        return ok;
+}
+const EC_GROUP * GOST_KEY_get0_group(const GOST_KEY * key)
+{
+        return key->group;
+}
+int GOST_KEY_set_group(GOST_KEY * key, const EC_GROUP * group)
+{
+        EC_GROUP_free(key->group);
+        key->group = EC_GROUP_dup(group);
+        return (key->group == NULL) ? 0 : 1;
+}
+const BIGNUM * GOST_KEY_get0_private_key(const GOST_KEY * key)
+{
+        return key->priv_key;
+}
+int GOST_KEY_set_private_key(GOST_KEY * key, const BIGNUM * priv_key)
+{
+        BN_clear_free(key->priv_key);
+        key->priv_key = BN_dup(priv_key);
+        return (key->priv_key == NULL) ? 0 : 1;
+}
+const EC_POINT *
+GOST_KEY_get0_public_key(const GOST_KEY * key)
+{
+        return key->pub_key;
+}
+int GOST_KEY_set_public_key(GOST_KEY * key, const EC_POINT * pub_key)
+{
+        EC_POINT_free(key->pub_key);
+        key->pub_key = EC_POINT_dup(pub_key, key->group);
+        return (key->pub_key == NULL) ? 0 : 1;
+}
+int GOST_KEY_get_digest(const GOST_KEY * key)
+{
+        return key->digest_nid;
+}
+int GOST_KEY_set_digest(GOST_KEY * key, int digest_nid)
+{
+        if (digest_nid == NID_id_GostR3411_94_CryptoProParamSet ||
+            digest_nid == NID_id_tc26_gost3411_2012_256 ||
+            digest_nid == NID_id_tc26_gost3411_2012_512) {
+                key->digest_nid = digest_nid;
+                return 1;
+        }
+        return 0;
+}
+size_t GOST_KEY_get_size(const GOST_KEY * r)
+{
+        int i;
+        BIGNUM *order = NULL;
+        const EC_GROUP *group;
+        if (r == NULL)
+                return 0;
+        group = GOST_KEY_get0_group(r);
+        if (group == NULL)
+                return 0;
+        if ((order = BN_new()) == NULL)
+                return 0;
+        if (!EC_GROUP_get_order(group,order,NULL)) {
+                BN_clear_free(order);
+                return 0;
+        }
+        i = BN_num_bytes(order);
+        BN_clear_free(order);
+        return (i);
+}
+#endif
diff --git a/src/lib/libssl/src/crypto/gost/gostr341001_params.c b/src/lib/libssl/src/crypto/gost/gostr341001_params.c
new file mode 100644
index 0000000000..1c8276e7b0
--- /dev/null
+++ b/src/lib/libssl/src/crypto/gost/gostr341001_params.c
@@ -0,0 +1,126 @@
+/* $OpenBSD: gostr341001_params.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <strings.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/objects.h>
+#include <openssl/gost.h>
+#include "gost_locl.h"
+int GostR3410_get_md_digest(int nid)
+{
+        if (nid == NID_id_GostR3411_94_CryptoProParamSet)
+                return NID_id_GostR3411_94;
+        return nid;
+}
+int GostR3410_get_pk_digest(int nid)
+{
+        switch (nid) {
+        case NID_id_GostR3411_94_CryptoProParamSet:
+                return NID_id_GostR3410_2001;
+        case NID_id_tc26_gost3411_2012_256:
+                return NID_id_tc26_gost3410_2012_256;
+        case NID_id_tc26_gost3411_2012_512:
+                return NID_id_tc26_gost3410_2012_512;
+        default:
+                return NID_undef;
+        }
+}
+typedef struct GostR3410_params {
+        const char *name;
+        int nid;
+} GostR3410_params;
+static const GostR3410_params GostR3410_256_params[] = {
+        { "A",  NID_id_GostR3410_2001_CryptoPro_A_ParamSet },
+        { "B",  NID_id_GostR3410_2001_CryptoPro_B_ParamSet },
+        { "C",  NID_id_GostR3410_2001_CryptoPro_C_ParamSet },
+        { "0",  NID_id_GostR3410_2001_TestParamSet },
+        { "XA", NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet },
+        { "XB", NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet },
+        { NULL, NID_undef },
+};
+static const GostR3410_params GostR3410_512_params[] = {
+        { "A",  NID_id_tc26_gost_3410_2012_512_paramSetA },
+        { "B",  NID_id_tc26_gost_3410_2012_512_paramSetB },
+        { NULL, NID_undef },
+};
+int GostR3410_256_param_id(const char *value)
+{
+        int i;
+        for (i = 0; GostR3410_256_params[i].nid != NID_undef; i++) {
+                if (!strcasecmp(GostR3410_256_params[i].name, value))
+                        return GostR3410_256_params[i].nid;
+        }
+        return NID_undef;
+}
+int GostR3410_512_param_id(const char *value)
+{
+        int i;
+        for (i = 0; GostR3410_512_params[i].nid != NID_undef; i++) {
+                if (!strcasecmp(GostR3410_512_params[i].name, value))
+                        return GostR3410_512_params[i].nid;
+        }
+        return NID_undef;
+}
+#endif
diff --git a/src/lib/libssl/src/crypto/gost/gostr341001_pmeth.c b/src/lib/libssl/src/crypto/gost/gostr341001_pmeth.c
new file mode 100644
index 0000000000..0f82e88a9d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/gost/gostr341001_pmeth.c
@@ -0,0 +1,657 @@
+/* $OpenBSD: gostr341001_pmeth.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/gost.h>
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h> /* for RAND_bytes */
+#include "evp_locl.h"
+#include "gost_locl.h"
+#include "gost_asn1.h"
+static ECDSA_SIG *unpack_signature_cp(const unsigned char *sig, size_t siglen)
+{
+        ECDSA_SIG *s;
+        s = ECDSA_SIG_new();
+        if (s == NULL) {
+                GOSTerr(GOST_F_UNPACK_SIGNATURE_CP, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        BN_bin2bn(sig, siglen / 2, s->s);
+        BN_bin2bn(sig + siglen / 2, siglen / 2, s->r);
+        return s;
+}
+static int pack_signature_cp(ECDSA_SIG * s, int order, unsigned char *sig, size_t * siglen)
+{
+        int r_len = BN_num_bytes(s->r);
+        int s_len = BN_num_bytes(s->s);
+        if ((r_len > order) || (s_len > order))
+                return 0;
+        *siglen = 2 * order;
+        memset(sig, 0, *siglen);
+        BN_bn2bin(s->s, sig + order - s_len);
+        BN_bn2bin(s->r, sig + 2 * order - r_len);
+        ECDSA_SIG_free(s);
+        return 1;
+}
+static ECDSA_SIG *unpack_signature_le(const unsigned char *sig, size_t siglen)
+{
+        ECDSA_SIG *s;
+        s = ECDSA_SIG_new();
+        if (s == NULL) {
+                GOSTerr(GOST_F_UNPACK_SIGNATURE_LE, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        GOST_le2bn(sig, siglen / 2, s->r);
+        GOST_le2bn(sig + siglen / 2, siglen / 2, s->s);
+        return s;
+}
+static int pack_signature_le(ECDSA_SIG * s, int order, unsigned char *sig, size_t * siglen)
+{
+        *siglen = 2 * order;
+        memset(sig, 0, *siglen);
+        GOST_bn2le(s->r, sig, order);
+        GOST_bn2le(s->s, sig + order, order);
+        ECDSA_SIG_free(s);
+        return 1;
+}
+struct gost_pmeth_data {
+        int sign_param_nid; /* Should be set whenever parameters are filled */
+        int digest_nid;
+        EVP_MD *md;
+        unsigned char *shared_ukm;
+        int peer_key_used;
+        int sig_format;
+};
+static int pkey_gost01_init(EVP_PKEY_CTX * ctx)
+{
+        struct gost_pmeth_data *data;
+        EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
+        data = malloc(sizeof(struct gost_pmeth_data));
+        if (!data)
+                return 0;
+        memset(data, 0, sizeof(struct gost_pmeth_data));
+        if (pkey && pkey->pkey.gost) {
+                data->sign_param_nid = EC_GROUP_get_curve_name(GOST_KEY_get0_group(pkey->pkey.gost));
+                data->digest_nid = GOST_KEY_get_digest(pkey->pkey.gost);
+        }
+        EVP_PKEY_CTX_set_data(ctx, data);
+        return 1;
+}
+/* Copies contents of gost_pmeth_data structure */
+static int pkey_gost01_copy(EVP_PKEY_CTX * dst, EVP_PKEY_CTX * src)
+{
+        struct gost_pmeth_data *dst_data, *src_data;
+        if (!pkey_gost01_init(dst)) {
+                return 0;
+        }
+        src_data = EVP_PKEY_CTX_get_data(src);
+        dst_data = EVP_PKEY_CTX_get_data(dst);
+        *dst_data = *src_data;
+        if (src_data->shared_ukm) {
+                dst_data->shared_ukm = NULL;
+        }
+        return 1;
+}
+/* Frees up gost_pmeth_data structure */
+static void pkey_gost01_cleanup(EVP_PKEY_CTX * ctx)
+{
+        struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+        free(data->shared_ukm);
+        free(data);
+}
+static int pkey_gost01_paramgen(EVP_PKEY_CTX * ctx, EVP_PKEY * pkey)
+{
+        struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+        EC_GROUP *group;
+        GOST_KEY *gost;
+        int ret;
+        if (data->sign_param_nid == NID_undef || data->digest_nid == NID_undef) {
+                GOSTerr(GOST_F_PKEY_GOST01_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
+                return 0;
+        }
+        group = EC_GROUP_new_by_curve_name(data->sign_param_nid);
+        if (!group)
+                return 0;
+        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+        gost = GOST_KEY_new();
+        if (!gost)
+                return 0;
+        if (!GOST_KEY_set_digest(gost, data->digest_nid))
+                return 0;
+        ret = GOST_KEY_set_group(gost, group);
+        if (ret)
+                EVP_PKEY_assign_GOST(pkey, gost);
+        else
+                GOST_KEY_free(gost);
+        EC_GROUP_free(group);
+        return ret;
+}
+static int pkey_gost01_keygen(EVP_PKEY_CTX * ctx, EVP_PKEY * pkey)
+{
+        if (!pkey_gost01_paramgen(ctx, pkey))
+                return 0;
+        gost2001_keygen(pkey->pkey.gost);
+        return 1;
+}
+static int pkey_gost01_sign(EVP_PKEY_CTX * ctx, unsigned char *sig,
+                            size_t * siglen, const unsigned char *tbs,
+                            size_t tbs_len)
+{
+        ECDSA_SIG *unpacked_sig = NULL;
+        EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
+        struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx);
+        BIGNUM *md;
+        size_t size = GOST_KEY_get_size(pkey->pkey.gost);
+        if (!siglen)
+                return 0;
+        if (!sig) {
+                *siglen = 2 * size;
+                return 1;
+        } else if (*siglen < 2 * size) {
+                GOSTerr(GOST_F_PKEY_GOST01_SIGN, EC_R_BUFFER_TOO_SMALL);
+                return 0;
+        }
+        OPENSSL_assert(tbs_len == 32 || tbs_len == 64);
+        md = GOST_le2bn(tbs, tbs_len, NULL);
+        unpacked_sig = gost2001_do_sign(md, pkey->pkey.gost);
+#ifdef DEBUG_SIGN
+        fprintf(stderr, "S.R=");
+        BN_print_fp(stderr, unpacked_sig->r);
+        fprintf(stderr, "\nS.S=");
+        BN_print_fp(stderr, unpacked_sig->s);
+        fprintf(stderr, "\n");
+#endif
+        if (!unpacked_sig) {
+                return 0;
+        }
+        switch (pctx->sig_format) {
+        case GOST_SIG_FORMAT_SR_BE:
+                return pack_signature_cp(unpacked_sig, size, sig, siglen);
+        case GOST_SIG_FORMAT_RS_LE:
+                return pack_signature_le(unpacked_sig, size, sig, siglen);
+        default:
+                ECDSA_SIG_free(unpacked_sig);
+                return -1;
+        }
+}
+static int pkey_gost01_verify(EVP_PKEY_CTX * ctx, const unsigned char *sig,
+                              size_t siglen, const unsigned char *tbs,
+                              size_t tbs_len)
+{
+        int ok = 0;
+        EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
+        struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx);
+        ECDSA_SIG *s = NULL;
+        BIGNUM *md;
+        if  (!pub_key)
+                return 0;
+        switch (pctx->sig_format) {
+        case GOST_SIG_FORMAT_SR_BE:
+                s = unpack_signature_cp(sig, siglen);
+                break;
+        case GOST_SIG_FORMAT_RS_LE:
+                s = unpack_signature_le(sig, siglen);
+                break;
+        }
+        if (!s)
+                return 0;
+        md = GOST_le2bn(tbs, tbs_len, NULL);
+        if (!md)
+                goto err;
+#ifdef DEBUG_SIGN
+        fprintf(stderr, "V.R=");
+        BN_print_fp(stderr, s->r);
+        fprintf(stderr, "\nV.S=");
+        BN_print_fp(stderr, s->s);
+        fprintf(stderr, "\n");
+#endif
+        ok = gost2001_do_verify(md, s, pub_key->pkey.gost);
+err:
+        BN_free(md);
+        ECDSA_SIG_free(s);
+        return ok;
+}
+static int gost01_VKO_key(EVP_PKEY * pub_key, EVP_PKEY * priv_key,
+                          const unsigned char *ukm, unsigned char *key)
+{
+        unsigned char hashbuf[128];
+        int digest_nid;
+        int ret;
+        BN_CTX *ctx = BN_CTX_new();
+        BIGNUM *UKM, *X, *Y;
+        BN_CTX_start(ctx);
+        UKM = BN_CTX_get(ctx);
+        X = BN_CTX_get(ctx);
+        Y = BN_CTX_get(ctx);
+        GOST_le2bn(ukm, 8, UKM);
+        digest_nid = GOST_KEY_get_digest(priv_key->pkey.gost);
+        VKO_compute_key(X, Y, pub_key->pkey.gost, priv_key->pkey.gost, UKM);
+        switch (digest_nid) {
+        case NID_id_GostR3411_94_CryptoProParamSet:
+                GOST_bn2le(X, hashbuf, 32);
+                GOST_bn2le(Y, hashbuf + 32, 32);
+                GOSTR341194(hashbuf, 64, key, digest_nid);
+                ret = 1;
+                break;
+        case NID_id_tc26_gost3411_2012_256:
+                GOST_bn2le(X, hashbuf, 32);
+                GOST_bn2le(Y, hashbuf + 32, 32);
+                STREEBOG256(hashbuf, 64, key);
+                ret = 1;
+                break;
+        case NID_id_tc26_gost3411_2012_512:
+                GOST_bn2le(X, hashbuf, 64);
+                GOST_bn2le(Y, hashbuf + 64, 64);
+                STREEBOG256(hashbuf, 128, key);
+                ret = 1;
+                break;
+        default:
+                ret = -2;
+                break;
+        }
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+        return ret;
+}
+int pkey_gost01_decrypt(EVP_PKEY_CTX * pctx, unsigned char *key,
+                        size_t * key_len, const unsigned char *in,
+                        size_t in_len)
+{
+        const unsigned char *p = in;
+        EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx);
+        GOST_KEY_TRANSPORT *gkt = NULL;
+        int ret = 0;
+        unsigned char wrappedKey[44];
+        unsigned char sharedKey[32];
+        EVP_PKEY *eph_key = NULL, *peerkey = NULL;
+        int nid;
+        if (!key) {
+                *key_len = 32;
+                return 1;
+        }
+        gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len);
+        if (!gkt) {
+                GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
+                        GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
+                return -1;
+        }
+        /* If key transport structure contains public key, use it */
+        eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
+        if (eph_key) {
+                if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0) {
+                        GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
+                                GOST_R_INCOMPATIBLE_PEER_KEY);
+                        goto err;
+                }
+        } else {
+                /* Set control "public key from client certificate used" */
+                if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0) {
+                        GOSTerr(GOST_F_PKEY_GOST01_DECRYPT, GOST_R_CTRL_CALL_FAILED);
+                        goto err;
+                }
+        }
+        peerkey = EVP_PKEY_CTX_get0_peerkey(pctx);
+        if (!peerkey) {
+                GOSTerr(GOST_F_PKEY_GOST01_DECRYPT, GOST_R_NO_PEER_KEY);
+                goto err;
+        }
+        nid = OBJ_obj2nid(gkt->key_agreement_info->cipher);
+        OPENSSL_assert(gkt->key_agreement_info->eph_iv->length == 8);
+        memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8);
+        OPENSSL_assert(gkt->key_info->encrypted_key->length == 32);
+        memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32);
+        OPENSSL_assert(gkt->key_info->imit->length == 4);
+        memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4);
+        gost01_VKO_key(peerkey, priv, wrappedKey, sharedKey);
+        if (!key_unwrap_crypto_pro(nid, sharedKey, wrappedKey, key)) {
+                GOSTerr(GOST_F_PKEY_GOST01_DECRYPT,
+                        GOST_R_ERROR_COMPUTING_SHARED_KEY);
+                goto err;
+        }
+        ret = 1;
+ err:
+        if (eph_key)
+                EVP_PKEY_free(eph_key);
+        if (gkt)
+                GOST_KEY_TRANSPORT_free(gkt);
+        return ret;
+}
+int pkey_gost01_derive(EVP_PKEY_CTX * ctx, unsigned char *key,
+                       size_t * keylen)
+{
+        /* Public key of peer in the ctx field peerkey
+         * Our private key in the ctx pkey
+         * ukm is in the algorithm specific context data
+         */
+        EVP_PKEY *my_key = EVP_PKEY_CTX_get0_pkey(ctx);
+        EVP_PKEY *peer_key = EVP_PKEY_CTX_get0_peerkey(ctx);
+        struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+        if (!data->shared_ukm) {
+                GOSTerr(GOST_F_PKEY_GOST01_DERIVE, GOST_R_UKM_NOT_SET);
+                return 0;
+        }
+        if (key == NULL) {
+                *keylen = 32;
+                return 32;
+        }
+        gost01_VKO_key(peer_key, my_key, data->shared_ukm, key);
+        *keylen = 32;
+        return 1;
+}
+int pkey_gost01_encrypt(EVP_PKEY_CTX * pctx, unsigned char *out,
+                size_t * out_len, const unsigned char *key,
+                size_t key_len)
+{
+        GOST_KEY_TRANSPORT *gkt = NULL;
+        EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx);
+        struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
+        unsigned char ukm[8], shared_key[32], crypted_key[44];
+        int ret = 0;
+        int key_is_ephemeral = 1;
+        EVP_PKEY *sec_key = EVP_PKEY_CTX_get0_peerkey(pctx);
+        int nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
+        if (data->shared_ukm) {
+                memcpy(ukm, data->shared_ukm, 8);
+        } else if (out) {
+                if (RAND_bytes(ukm, 8) <= 0) {
+                        GOSTerr(GOST_F_PKEY_GOST01_ENCRYPT,
+                                GOST_R_RANDOM_GENERATOR_FAILURE);
+                        return 0;
+                }
+        }
+        /* Check for private key in the peer_key of context */
+        if (sec_key) {
+                key_is_ephemeral = 0;
+                if (!GOST_KEY_get0_private_key(sec_key->pkey.gost)) {
+                        GOSTerr(GOST_F_PKEY_GOST01_ENCRYPT,
+                                GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
+                        goto err;
+                }
+        } else {
+                key_is_ephemeral = 1;
+                if (out) {
+                        sec_key = EVP_PKEY_new();
+                        EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk),
+                                        GOST_KEY_new());
+                        EVP_PKEY_copy_parameters(sec_key, pubk);
+                        if (!gost2001_keygen(sec_key->pkey.gost)) {
+                                goto err;
+                        }
+                }
+        }
+        if (out) {
+                gost01_VKO_key(pubk, sec_key, ukm, shared_key);
+                key_wrap_crypto_pro(nid, shared_key, ukm, key, crypted_key);
+        }
+        gkt = GOST_KEY_TRANSPORT_new();
+        if (!gkt) {
+                goto err;
+        }
+        if (!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8)) {
+                goto err;
+        }
+        if (!ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, 4)) {
+                goto err;
+        }
+        if (!ASN1_OCTET_STRING_set(gkt->key_info->encrypted_key, crypted_key + 8, 32)) {
+                goto err;
+        }
+        if (key_is_ephemeral) {
+                if (!X509_PUBKEY_set
+                    (&gkt->key_agreement_info->ephem_key,
+                     out ? sec_key : pubk)) {
+                        GOSTerr(GOST_F_PKEY_GOST01_ENCRYPT,
+                                GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
+                        goto err;
+                }
+        }
+        ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
+        gkt->key_agreement_info->cipher = OBJ_nid2obj(nid);
+        if (key_is_ephemeral && sec_key)
+                EVP_PKEY_free(sec_key);
+        if (!key_is_ephemeral) {
+                /* Set control "public key from client certificate used" */
+                if (EVP_PKEY_CTX_ctrl
+                    (pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0) {
+                        GOSTerr(GOST_F_PKEY_GOST01_ENCRYPT,
+                                GOST_R_CTRL_CALL_FAILED);
+                        goto err;
+                }
+        }
+        if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL)) > 0)
+                ret = 1;
+        GOST_KEY_TRANSPORT_free(gkt);
+        return ret;
+ err:
+        if (key_is_ephemeral && sec_key)
+                EVP_PKEY_free(sec_key);
+        GOST_KEY_TRANSPORT_free(gkt);
+        return -1;
+}
+static int pkey_gost01_ctrl(EVP_PKEY_CTX * ctx, int type, int p1, void *p2)
+{
+        struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx);
+        switch (type) {
+        case EVP_PKEY_CTRL_MD:
+                if (EVP_MD_type(p2) != GostR3410_get_md_digest(pctx->digest_nid)) {
+                        GOSTerr(GOST_F_PKEY_GOST01_CTRL, GOST_R_INVALID_DIGEST_TYPE);
+                        return 0;
+                }
+                pctx->md = p2;
+                return 1;
+        case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
+        case EVP_PKEY_CTRL_PKCS7_DECRYPT:
+        case EVP_PKEY_CTRL_PKCS7_SIGN:
+        case EVP_PKEY_CTRL_DIGESTINIT:
+#ifndef OPENSSL_NO_CMS
+        case EVP_PKEY_CTRL_CMS_ENCRYPT:
+        case EVP_PKEY_CTRL_CMS_DECRYPT:
+        case EVP_PKEY_CTRL_CMS_SIGN:
+#endif
+                return 1;
+        case EVP_PKEY_CTRL_GOST_PARAMSET:
+                pctx->sign_param_nid = (int)p1;
+                return 1;
+        case EVP_PKEY_CTRL_SET_IV:
+                pctx->shared_ukm = malloc((int)p1);
+                memcpy(pctx->shared_ukm, p2, (int)p1);
+                return 1;
+        case EVP_PKEY_CTRL_PEER_KEY:
+                if (p1 == 0 || p1 == 1) /* call from EVP_PKEY_derive_set_peer */
+                        return 1;
+                if (p1 == 2)    /* TLS: peer key used? */
+                        return pctx->peer_key_used;
+                if (p1 == 3)    /* TLS: peer key used! */
+                        return (pctx->peer_key_used = 1);
+                return -2;
+        case EVP_PKEY_CTRL_GOST_SIG_FORMAT:
+                switch (p1) {
+                case GOST_SIG_FORMAT_SR_BE:
+                case GOST_SIG_FORMAT_RS_LE:
+                        pctx->sig_format = p1;
+                        return 1;
+                default:
+                        return 0;
+                }
+                break;
+        case EVP_PKEY_CTRL_GOST_SET_DIGEST:
+                pctx->digest_nid = (int)p1;
+                return 1;
+        case EVP_PKEY_CTRL_GOST_GET_DIGEST:
+                *(int *)p2 = pctx->digest_nid;
+                return 1;
+        default:
+                return -2;
+        }
+}
+static int pkey_gost01_ctrl_str(EVP_PKEY_CTX * ctx,
+                                const char *type, const char *value)
+{
+        int param_nid = NID_undef;
+        int digest_nid = NID_undef;
+        if (!strcmp(type, "paramset")) {
+                if (!value) {
+                        return 0;
+                }
+                if (!pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_GET_DIGEST, 0, &digest_nid))
+                        return 0;
+                if (digest_nid == NID_id_tc26_gost3411_2012_512)
+                        param_nid = GostR3410_512_param_id(value);
+                else
+                        param_nid = GostR3410_256_param_id(value);
+                if (param_nid == NID_undef)
+                        param_nid = OBJ_txt2nid(value);
+                if (param_nid == NID_undef)
+                        return 0;
+                return pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
+                                      param_nid, NULL);
+        }
+        if (!strcmp(type, "dgst")) {
+                if (!value)
+                        return 0;
+                else if (!strcmp(value, "gost94") || !strcmp(value, "md_gost94"))
+                        digest_nid = NID_id_GostR3411_94_CryptoProParamSet;
+                else if (!strcmp(value, "streebog256"))
+                        digest_nid = NID_id_tc26_gost3411_2012_256;
+                else if (!strcmp(value, "streebog512"))
+                        digest_nid = NID_id_tc26_gost3411_2012_512;
+                if (digest_nid == NID_undef)
+                        return 0;
+                return pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_SET_DIGEST,
+                                        digest_nid, NULL);
+        }
+        return -2;
+}
+const EVP_PKEY_METHOD gostr01_pkey_meth = {
+        .pkey_id = EVP_PKEY_GOSTR01,
+        .init = pkey_gost01_init,
+        .copy = pkey_gost01_copy,
+        .cleanup = pkey_gost01_cleanup,
+        .paramgen = pkey_gost01_paramgen,
+        .keygen = pkey_gost01_keygen,
+        .sign = pkey_gost01_sign,
+        .verify = pkey_gost01_verify,
+        .encrypt = pkey_gost01_encrypt,
+        .decrypt = pkey_gost01_decrypt,
+        .derive = pkey_gost01_derive,
+        .ctrl = pkey_gost01_ctrl,
+        .ctrl_str = pkey_gost01_ctrl_str,
+};
+#endif
diff --git a/src/lib/libssl/src/crypto/gost/gostr341194.c b/src/lib/libssl/src/crypto/gost/gostr341194.c
new file mode 100644
index 0000000000..706bf3d431
--- /dev/null
+++ b/src/lib/libssl/src/crypto/gost/gostr341194.c
@@ -0,0 +1,259 @@
+/* $OpenBSD: gostr341194.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/crypto.h>
+#include <openssl/objects.h>
+#include <openssl/gost.h>
+#include "gost_locl.h"
+/* Following functions are various bit meshing routines used in
+ * GOST R 34.11-94 algorithms */
+static void swap_bytes(unsigned char *w, unsigned char *k)
+{
+        int i, j;
+        for (i = 0; i < 4; i++)
+                for (j = 0; j < 8; j++)
+                        k[i + 4 * j] = w[8 * i + j];
+}
+/* was A_A */
+static void circle_xor8(const unsigned char *w, unsigned char *k)
+{
+        unsigned char buf[8];
+        int i;
+        memcpy(buf, w, 8);
+        memmove(k, w + 8, 24);
+        for (i = 0; i < 8; i++)
+                k[i + 24] = buf[i] ^ k[i];
+}
+/* was R_R */
+static void transform_3(unsigned char *data)
+{
+        unsigned short int acc;
+        acc = (data[0] ^ data[2] ^ data[4] ^ data[6] ^ data[24] ^ data[30]) |
+             ((data[1] ^ data[3] ^ data[5] ^ data[7] ^ data[25] ^ data[31]) << 8);
+        memmove(data, data + 2, 30);
+        data[30] = acc & 0xff;
+        data[31] = acc >> 8;
+}
+/* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/
+static int add_blocks(int n, unsigned char *left, const unsigned char *right)
+{
+        int i;
+        int carry = 0;
+        int sum;
+        for (i = 0; i < n; i++) {
+                sum = (int)left[i] + (int)right[i] + carry;
+                left[i] = sum & 0xff;
+                carry = sum >> 8;
+        }
+        return carry;
+}
+/* Xor two sequences of bytes */
+static void xor_blocks(unsigned char *result, const unsigned char *a,
+                       const unsigned char *b, size_t len)
+{
+        size_t i;
+        for (i = 0; i < len; i++)
+                result[i] = a[i] ^ b[i];
+}
+/* 
+ *      Calculate H(i+1) = Hash(Hi,Mi) 
+ *      Where H and M are 32 bytes long
+ */
+static int hash_step(GOSTR341194_CTX *c, unsigned char *H, const unsigned char *M)
+{
+        unsigned char U[32], W[32], V[32], S[32], Key[32];
+        int i;
+        /* Compute first key */
+        xor_blocks(W, H, M, 32);
+        swap_bytes(W, Key);
+        /* Encrypt first 8 bytes of H with first key */
+        Gost2814789_set_key(&c->cipher, Key, 256);
+        Gost2814789_encrypt(H, S, &c->cipher);
+        /* Compute second key */
+        circle_xor8(H, U);
+        circle_xor8(M, V);
+        circle_xor8(V, V);
+        xor_blocks(W, U, V, 32);
+        swap_bytes(W, Key);
+        /* encrypt second 8 bytes of H with second key */
+        Gost2814789_set_key(&c->cipher, Key, 256);
+        Gost2814789_encrypt(H+8, S+8, &c->cipher);
+        /* compute third key */
+        circle_xor8(U, U);
+        U[31] = ~U[31];
+        U[29] = ~U[29];
+        U[28] = ~U[28];
+        U[24] = ~U[24];
+        U[23] = ~U[23];
+        U[20] = ~U[20];
+        U[18] = ~U[18];
+        U[17] = ~U[17];
+        U[14] = ~U[14];
+        U[12] = ~U[12];
+        U[10] = ~U[10];
+        U[8] = ~U[8];
+        U[7] = ~U[7];
+        U[5] = ~U[5];
+        U[3] = ~U[3];
+        U[1] = ~U[1];
+        circle_xor8(V, V);
+        circle_xor8(V, V);
+        xor_blocks(W, U, V, 32);
+        swap_bytes(W, Key);
+        /* encrypt third 8 bytes of H with third key */
+        Gost2814789_set_key(&c->cipher, Key, 256);
+        Gost2814789_encrypt(H+16, S+16, &c->cipher);
+        /* Compute fourth key */
+        circle_xor8(U, U);
+        circle_xor8(V, V);
+        circle_xor8(V, V);
+        xor_blocks(W, U, V, 32);
+        swap_bytes(W, Key);
+        /* Encrypt last 8 bytes with fourth key */
+        Gost2814789_set_key(&c->cipher, Key, 256);
+        Gost2814789_encrypt(H+24, S+24, &c->cipher);
+        for (i = 0; i < 12; i++)
+                transform_3(S);
+        xor_blocks(S, S, M, 32);
+        transform_3(S);
+        xor_blocks(S, S, H, 32);
+        for (i = 0; i < 61; i++)
+                transform_3(S);
+        memcpy(H, S, 32);
+        return 1;
+}
+int GOSTR341194_Init(GOSTR341194_CTX *c, int nid)
+{
+        memset (c,0,sizeof(*c));
+        return Gost2814789_set_sbox(&c->cipher, nid);
+}
+static void GOSTR341194_block_data_order(GOSTR341194_CTX *ctx, const void *p, size_t num)
+{
+        int i;
+        for (i = 0; i < num; i++) {
+                hash_step(ctx, ctx->H, p);
+                add_blocks(32, ctx->S, p);
+                p += 32;
+        }
+}
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+#define HASH_CBLOCK     GOSTR341194_CBLOCK
+#define HASH_LONG       GOSTR341194_LONG
+#define HASH_CTX        GOSTR341194_CTX
+#define HASH_UPDATE     GOSTR341194_Update
+#define HASH_TRANSFORM  GOSTR341194_Transform
+#define HASH_NO_FINAL   1
+#define HASH_BLOCK_DATA_ORDER   GOSTR341194_block_data_order
+#include "md32_common.h"
+int GOSTR341194_Final(unsigned char *md, GOSTR341194_CTX * c)
+{
+        unsigned char *p = (unsigned char *)c->data;
+        unsigned char T[32];
+        if (c->num > 0) {
+                memset(p + c->num, 0, 32);
+                hash_step(c, c->H, p);
+                add_blocks(32, c->S, p);
+        }
+        p = T;
+        HOST_l2c(c->Nl, p);
+        HOST_l2c(c->Nh, p);
+        memset(p, 0, 32-8);
+        hash_step(c, c->H, T);
+        hash_step(c, c->H, c->S);
+        memcpy(md, c->H, 32);
+        return 1;
+}
+unsigned char *GOSTR341194(const unsigned char *d, size_t n, unsigned char *md, int nid)
+{
+        GOSTR341194_CTX c;
+        static unsigned char m[GOSTR341194_LENGTH];
+        if (md == NULL)
+                md = m;
+        if (!GOSTR341194_Init(&c, nid))
+                return 0;
+        GOSTR341194_Update(&c, d, n);
+        GOSTR341194_Final(md, &c);
+        OPENSSL_cleanse(&c, sizeof(c));
+        return (md);
+}
+#endif
diff --git a/src/lib/libssl/src/crypto/gost/streebog.c b/src/lib/libssl/src/crypto/gost/streebog.c
new file mode 100644
index 0000000000..c621c41daa
--- /dev/null
+++ b/src/lib/libssl/src/crypto/gost/streebog.c
@@ -0,0 +1,1436 @@
+/* $OpenBSD: streebog.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/crypto.h>
+#include <openssl/objects.h>
+#include <openssl/gost.h>
+#include "gost_locl.h"
+static const STREEBOG_LONG64 A_PI_table[8][256] =
+{
+        { /* 0 */
+                U64(0xd01f715b5c7ef8e6), U64(0x16fa240980778325),
+                U64(0xa8a42e857ee049c8), U64(0x6ac1068fa186465b),
+                U64(0x6e417bd7a2e9320b), U64(0x665c8167a437daab),
+                U64(0x7666681aa89617f6), U64(0x4b959163700bdcf5),
+                U64(0xf14be6b78df36248), U64(0xc585bd689a625cff),
+                U64(0x9557d7fca67d82cb), U64(0x89f0b969af6dd366),
+                U64(0xb0833d48749f6c35), U64(0xa1998c23b1ecbc7c),
+                U64(0x8d70c431ac02a736), U64(0xd6dfbc2fd0a8b69e),
+                U64(0x37aeb3e551fa198b), U64(0x0b7d128a40b5cf9c),
+                U64(0x5a8f2008b5780cbc), U64(0xedec882284e333e5),
+                U64(0xd25fc177d3c7c2ce), U64(0x5e0f5d50b61778ec),
+                U64(0x1d873683c0c24cb9), U64(0xad040bcbb45d208c),
+                U64(0x2f89a0285b853c76), U64(0x5732fff6791b8d58),
+                U64(0x3e9311439ef6ec3f), U64(0xc9183a809fd3c00f),
+                U64(0x83adf3f5260a01ee), U64(0xa6791941f4e8ef10),
+                U64(0x103ae97d0ca1cd5d), U64(0x2ce948121dee1b4a),
+                U64(0x39738421dbf2bf53), U64(0x093da2a6cf0cf5b4),
+                U64(0xcd9847d89cbcb45f), U64(0xf9561c078b2d8ae8),
+                U64(0x9c6a755a6971777f), U64(0xbc1ebaa0712ef0c5),
+                U64(0x72e61542abf963a6), U64(0x78bb5fde229eb12e),
+                U64(0x14ba94250fceb90d), U64(0x844d6697630e5282),
+                U64(0x98ea08026a1e032f), U64(0xf06bbea144217f5c),
+                U64(0xdb6263d11ccb377a), U64(0x641c314b2b8ee083),
+                U64(0x320e96ab9b4770cf), U64(0x1ee7deb986a96b85),
+                U64(0xe96cf57a878c47b5), U64(0xfdd6615f8842feb8),
+                U64(0xc83862965601dd1b), U64(0x2ea9f83e92572162),
+                U64(0xf876441142ff97fc), U64(0xeb2c455608357d9d),
+                U64(0x5612a7e0b0c9904c), U64(0x6c01cbfb2d500823),
+                U64(0x4548a6a7fa037a2d), U64(0xabc4c6bf388b6ef4),
+                U64(0xbade77d4fdf8bebd), U64(0x799b07c8eb4cac3a),
+                U64(0x0c9d87e805b19cf0), U64(0xcb588aac106afa27),
+                U64(0xea0c1d40c1e76089), U64(0x2869354a1e816f1a),
+                U64(0xff96d17307fbc490), U64(0x9f0a9d602f1a5043),
+                U64(0x96373fc6e016a5f7), U64(0x5292dab8b3a6e41c),
+                U64(0x9b8ae0382c752413), U64(0x4f15ec3b7364a8a5),
+                U64(0x3fb349555724f12b), U64(0xc7c50d4415db66d7),
+                U64(0x92b7429ee379d1a7), U64(0xd37f99611a15dfda),
+                U64(0x231427c05e34a086), U64(0xa439a96d7b51d538),
+                U64(0xb403401077f01865), U64(0xdda2aea5901d7902),
+                U64(0x0a5d4a9c8967d288), U64(0xc265280adf660f93),
+                U64(0x8bb0094520d4e94e), U64(0x2a29856691385532),
+                U64(0x42a833c5bf072941), U64(0x73c64d54622b7eb2),
+                U64(0x07e095624504536c), U64(0x8a905153e906f45a),
+                U64(0x6f6123c16b3b2f1f), U64(0xc6e55552dc097bc3),
+                U64(0x4468feb133d16739), U64(0xe211e7f0c7398829),
+                U64(0xa2f96419f7879b40), U64(0x19074bdbc3ad38e9),
+                U64(0xf4ebc3f9474e0b0c), U64(0x43886bd376d53455),
+                U64(0xd8028beb5aa01046), U64(0x51f23282f5cdc320),
+                U64(0xe7b1c2be0d84e16d), U64(0x081dfab006dee8a0),
+                U64(0x3b33340d544b857b), U64(0x7f5bcabc679ae242),
+                U64(0x0edd37c48a08a6d8), U64(0x81ed43d9a9b33bc6),
+                U64(0xb1a3655ebd4d7121), U64(0x69a1eeb5e7ed6167),
+                U64(0xf6ab73d5c8f73124), U64(0x1a67a3e185c61fd5),
+                U64(0x2dc91004d43c065e), U64(0x0240b02c8fb93a28),
+                U64(0x90f7f2b26cc0eb8f), U64(0x3cd3a16f114fd617),
+                U64(0xaae49ea9f15973e0), U64(0x06c0cd748cd64e78),
+                U64(0xda423bc7d5192a6e), U64(0xc345701c16b41287),
+                U64(0x6d2193ede4821537), U64(0xfcf639494190e3ac),
+                U64(0x7c3b228621f1c57e), U64(0xfb16ac2b0494b0c0),
+                U64(0xbf7e529a3745d7f9), U64(0x6881b6a32e3f7c73),
+                U64(0xca78d2bad9b8e733), U64(0xbbfe2fc2342aa3a9),
+                U64(0x0dbddffecc6381e4), U64(0x70a6a56e2440598e),
+                U64(0xe4d12a844befc651), U64(0x8c509c2765d0ba22),
+                U64(0xee8c6018c28814d9), U64(0x17da7c1f49a59e31),
+                U64(0x609c4c1328e194d3), U64(0xb3e3d57232f44b09),
+                U64(0x91d7aaa4a512f69b), U64(0x0ffd6fd243dabbcc),
+                U64(0x50d26a943c1fde34), U64(0x6be15e9968545b4f),
+                U64(0x94778fea6faf9fdf), U64(0x2b09dd7058ea4826),
+                U64(0x677cd9716de5c7bf), U64(0x49d5214fffb2e6dd),
+                U64(0x0360e83a466b273c), U64(0x1fc786af4f7b7691),
+                U64(0xa0b9d435783ea168), U64(0xd49f0c035f118cb6),
+                U64(0x01205816c9d21d14), U64(0xac2453dd7d8f3d98),
+                U64(0x545217cc3f70aa64), U64(0x26b4028e9489c9c2),
+                U64(0xdec2469fd6765e3e), U64(0x04807d58036f7450),
+                U64(0xe5f17292823ddb45), U64(0xf30b569b024a5860),
+                U64(0x62dcfc3fa758aefb), U64(0xe84cad6c4e5e5aa1),
+                U64(0xccb81fce556ea94b), U64(0x53b282ae7a74f908),
+                U64(0x1b47fbf74c1402c1), U64(0x368eebf39828049f),
+                U64(0x7afbeff2ad278b06), U64(0xbe5e0a8cfe97caed),
+                U64(0xcfd8f7f413058e77), U64(0xf78b2bc301252c30),
+                U64(0x4d555c17fcdd928d), U64(0x5f2f05467fc565f8),
+                U64(0x24f4b2a21b30f3ea), U64(0x860dd6bbecb768aa),
+                U64(0x4c750401350f8f99), U64(0x0000000000000000),
+                U64(0xecccd0344d312ef1), U64(0xb5231806be220571),
+                U64(0xc105c030990d28af), U64(0x653c695de25cfd97),
+                U64(0x159acc33c61ca419), U64(0xb89ec7f872418495),
+                U64(0xa9847693b73254dc), U64(0x58cf90243ac13694),
+                U64(0x59efc832f3132b80), U64(0x5c4fed7c39ae42c4),
+                U64(0x828dabe3efd81cfa), U64(0xd13f294d95ace5f2),
+                U64(0x7d1b7a90e823d86a), U64(0xb643f03cf849224d),
+                U64(0x3df3f979d89dcb03), U64(0x7426d836272f2dde),
+                U64(0xdfe21e891fa4432a), U64(0x3a136c1b9d99986f),
+                U64(0xfa36f43dcd46add4), U64(0xc025982650df35bb),
+                U64(0x856d3e81aadc4f96), U64(0xc4a5e57e53b041eb),
+                U64(0x4708168b75ba4005), U64(0xaf44bbe73be41aa4),
+                U64(0x971767d029c4b8e3), U64(0xb9be9feebb939981),
+                U64(0x215497ecd18d9aae), U64(0x316e7e91dd2c57f3),
+                U64(0xcef8afe2dad79363), U64(0x3853dc371220a247),
+                U64(0x35ee03c9de4323a3), U64(0xe6919aa8c456fc79),
+                U64(0xe05157dc4880b201), U64(0x7bdbb7e464f59612),
+                U64(0x127a59518318f775), U64(0x332ecebd52956ddb),
+                U64(0x8f30741d23bb9d1e), U64(0xd922d3fd93720d52),
+                U64(0x7746300c61440ae2), U64(0x25d4eab4d2e2eefe),
+                U64(0x75068020eefd30ca), U64(0x135a01474acaea61),
+                U64(0x304e268714fe4ae7), U64(0xa519f17bb283c82c),
+                U64(0xdc82f6b359cf6416), U64(0x5baf781e7caa11a8),
+                U64(0xb2c38d64fb26561d), U64(0x34ce5bdf17913eb7),
+                U64(0x5d6fb56af07c5fd0), U64(0x182713cd0a7f25fd),
+                U64(0x9e2ac576e6c84d57), U64(0x9aaab82ee5a73907),
+                U64(0xa3d93c0f3e558654), U64(0x7e7b92aaae48ff56),
+                U64(0x872d8ead256575be), U64(0x41c8dbfff96c0e7d),
+                U64(0x99ca5014a3cc1e3b), U64(0x40e883e930be1369),
+                U64(0x1ca76e95091051ad), U64(0x4e35b42dbab6b5b1),
+                U64(0x05a0254ecabd6944), U64(0xe1710fca8152af15),
+                U64(0xf22b0e8dcb984574), U64(0xb763a82a319b3f59),
+                U64(0x63fca4296e8ab3ef), U64(0x9d4a2d4ca0a36a6b),
+                U64(0xe331bfe60eeb953d), U64(0xd5bf541596c391a2),
+                U64(0xf5cb9bef8e9c1618), U64(0x46284e9dbc685d11),
+                U64(0x2074cffa185f87ba), U64(0xbd3ee2b6b8fcedd1),
+                U64(0xae64e3f1f23607b0), U64(0xfeb68965ce29d984),
+                U64(0x55724fdaf6a2b770), U64(0x29496d5cd753720e),
+                U64(0xa75941573d3af204), U64(0x8e102c0bea69800a),
+                U64(0x111ab16bc573d049), U64(0xd7ffe439197aab8a),
+                U64(0xefac380e0b5a09cd), U64(0x48f579593660fbc9),
+                U64(0x22347fd697e6bd92), U64(0x61bc1405e13389c7),
+                U64(0x4ab5c975b9d9c1e1), U64(0x80cd1bcf606126d2),
+                U64(0x7186fd78ed92449a), U64(0x93971a882aabccb3),
+                U64(0x88d0e17f66bfce72), U64(0x27945a985d5bd4d6)
+        }, { /* 1 */
+                U64(0xde553f8c05a811c8), U64(0x1906b59631b4f565),
+                U64(0x436e70d6b1964ff7), U64(0x36d343cb8b1e9d85),
+                U64(0x843dfacc858aab5a), U64(0xfdfc95c299bfc7f9),
+                U64(0x0f634bdea1d51fa2), U64(0x6d458b3b76efb3cd),
+                U64(0x85c3f77cf8593f80), U64(0x3c91315fbe737cb2),
+                U64(0x2148b03366ace398), U64(0x18f8b8264c6761bf),
+                U64(0xc830c1c495c9fb0f), U64(0x981a76102086a0aa),
+                U64(0xaa16012142f35760), U64(0x35cc54060c763cf6),
+                U64(0x42907d66cc45db2d), U64(0x8203d44b965af4bc),
+                U64(0x3d6f3cefc3a0e868), U64(0xbc73ff69d292bda7),
+                U64(0x8722ed0102e20a29), U64(0x8f8185e8cd34deb7),
+                U64(0x9b0561dda7ee01d9), U64(0x5335a0193227fad6),
+                U64(0xc9cecc74e81a6fd5), U64(0x54f5832e5c2431ea),
+                U64(0x99e47ba05d553470), U64(0xf7bee756acd226ce),
+                U64(0x384e05a5571816fd), U64(0xd1367452a47d0e6a),
+                U64(0xf29fde1c386ad85b), U64(0x320c77316275f7ca),
+                U64(0xd0c879e2d9ae9ab0), U64(0xdb7406c69110ef5d),
+                U64(0x45505e51a2461011), U64(0xfc029872e46c5323),
+                U64(0xfa3cb6f5f7bc0cc5), U64(0x031f17cd8768a173),
+                U64(0xbd8df2d9af41297d), U64(0x9d3b4f5ab43e5e3f),
+                U64(0x4071671b36feee84), U64(0x716207e7d3e3b83d),
+                U64(0x48d20ff2f9283a1a), U64(0x27769eb4757cbc7e),
+                U64(0x5c56ebc793f2e574), U64(0xa48b474f9ef5dc18),
+                U64(0x52cbada94ff46e0c), U64(0x60c7da982d8199c6),
+                U64(0x0e9d466edc068b78), U64(0x4eec2175eaf865fc),
+                U64(0x550b8e9e21f7a530), U64(0x6b7ba5bc653fec2b),
+                U64(0x5eb7f1ba6949d0dd), U64(0x57ea94e3db4c9099),
+                U64(0xf640eae6d101b214), U64(0xdd4a284182c0b0bb),
+                U64(0xff1d8fbf6304f250), U64(0xb8accb933bf9d7e8),
+                U64(0xe8867c478eb68c4d), U64(0x3f8e2692391bddc1),
+                U64(0xcb2fd60912a15a7c), U64(0xaec935dbab983d2f),
+                U64(0xf55ffd2b56691367), U64(0x80e2ce366ce1c115),
+                U64(0x179bf3f8edb27e1d), U64(0x01fe0db07dd394da),
+                U64(0xda8a0b76ecc37b87), U64(0x44ae53e1df9584cb),
+                U64(0xb310b4b77347a205), U64(0xdfab323c787b8512),
+                U64(0x3b511268d070b78e), U64(0x65e6e3d2b9396753),
+                U64(0x6864b271e2574d58), U64(0x259784c98fc789d7),
+                U64(0x02e11a7dfabb35a9), U64(0x8841a6dfa337158b),
+                U64(0x7ade78c39b5dcdd0), U64(0xb7cf804d9a2cc84a),
+                U64(0x20b6bd831b7f7742), U64(0x75bd331d3a88d272),
+                U64(0x418f6aab4b2d7a5e), U64(0xd9951cbb6babdaf4),
+                U64(0xb6318dfde7ff5c90), U64(0x1f389b112264aa83),
+                U64(0x492c024284fbaec0), U64(0xe33a0363c608f9a0),
+                U64(0x2688930408af28a4), U64(0xc7538a1a341ce4ad),
+                U64(0x5da8e677ee2171ae), U64(0x8c9e92254a5c7fc4),
+                U64(0x63d8cd55aae938b5), U64(0x29ebd8daa97a3706),
+                U64(0x959827b37be88aa1), U64(0x1484e4356adadf6e),
+                U64(0xa7945082199d7d6b), U64(0xbf6ce8a455fa1cd4),
+                U64(0x9cc542eac9edcae5), U64(0x79c16f0e1c356ca3),
+                U64(0x89bfab6fdee48151), U64(0xd4174d1830c5f0ff),
+                U64(0x9258048415eb419d), U64(0x6139d72850520d1c),
+                U64(0x6a85a80c18ec78f1), U64(0xcd11f88e0171059a),
+                U64(0xcceff53e7ca29140), U64(0xd229639f2315af19),
+                U64(0x90b91ef9ef507434), U64(0x5977d28d074a1be1),
+                U64(0x311360fce51d56b9), U64(0xc093a92d5a1f2f91),
+                U64(0x1a19a25bb6dc5416), U64(0xeb996b8a09de2d3e),
+                U64(0xfee3820f1ed7668a), U64(0xd7085ad5b7ad518c),
+                U64(0x7fff41890fe53345), U64(0xec5948bd67dde602),
+                U64(0x2fd5f65dbaaa68e0), U64(0xa5754affe32648c2),
+                U64(0xf8ddac880d07396c), U64(0x6fa491468c548664),
+                U64(0x0c7c5c1326bdbed1), U64(0x4a33158f03930fb3),
+                U64(0x699abfc19f84d982), U64(0xe4fa2054a80b329c),
+                U64(0x6707f9af438252fa), U64(0x08a368e9cfd6d49e),
+                U64(0x47b1442c58fd25b8), U64(0xbbb3dc5ebc91769b),
+                U64(0x1665fe489061eac7), U64(0x33f27a811fa66310),
+                U64(0x93a609346838d547), U64(0x30ed6d4c98cec263),
+                U64(0x1dd9816cd8df9f2a), U64(0x94662a03063b1e7b),
+                U64(0x83fdd9fbeb896066), U64(0x7b207573e68e590a),
+                U64(0x5f49fc0a149a4407), U64(0x343259b671a5a82c),
+                U64(0xfbc2bb458a6f981f), U64(0xc272b350a0a41a38),
+                U64(0x3aaf1fd8ada32354), U64(0x6cbb868b0b3c2717),
+                U64(0xa2b569c88d2583fe), U64(0xf180c9d1bf027928),
+                U64(0xaf37386bd64ba9f5), U64(0x12bacab2790a8088),
+                U64(0x4c0d3b0810435055), U64(0xb2eeb9070e9436df),
+                U64(0xc5b29067cea7d104), U64(0xdcb425f1ff132461),
+                U64(0x4f122cc5972bf126), U64(0xac282fa651230886),
+                U64(0xe7e537992f6393ef), U64(0xe61b3a2952b00735),
+                U64(0x709c0a57ae302ce7), U64(0xe02514ae416058d3),
+                U64(0xc44c9dd7b37445de), U64(0x5a68c5408022ba92),
+                U64(0x1c278cdca50c0bf0), U64(0x6e5a9cf6f18712be),
+                U64(0x86dce0b17f319ef3), U64(0x2d34ec2040115d49),
+                U64(0x4bcd183f7e409b69), U64(0x2815d56ad4a9a3dc),
+                U64(0x24698979f2141d0d), U64(0x0000000000000000),
+                U64(0x1ec696a15fb73e59), U64(0xd86b110b16784e2e),
+                U64(0x8e7f8858b0e74a6d), U64(0x063e2e8713d05fe6),
+                U64(0xe2c40ed3bbdb6d7a), U64(0xb1f1aeca89fc97ac),
+                U64(0xe1db191e3cb3cc09), U64(0x6418ee62c4eaf389),
+                U64(0xc6ad87aa49cf7077), U64(0xd6f65765ca7ec556),
+                U64(0x9afb6c6dda3d9503), U64(0x7ce05644888d9236),
+                U64(0x8d609f95378feb1e), U64(0x23a9aa4e9c17d631),
+                U64(0x6226c0e5d73aac6f), U64(0x56149953a69f0443),
+                U64(0xeeb852c09d66d3ab), U64(0x2b0ac2a753c102af),
+                U64(0x07c023376e03cb3c), U64(0x2ccae1903dc2c993),
+                U64(0xd3d76e2f5ec63bc3), U64(0x9e2458973356ff4c),
+                U64(0xa66a5d32644ee9b1), U64(0x0a427294356de137),
+                U64(0x783f62be61e6f879), U64(0x1344c70204d91452),
+                U64(0x5b96c8f0fdf12e48), U64(0xa90916ecc59bf613),
+                U64(0xbe92e5142829880e), U64(0x727d102a548b194e),
+                U64(0x1be7afebcb0fc0cc), U64(0x3e702b2244c8491b),
+                U64(0xd5e940a84d166425), U64(0x66f9f41f3e51c620),
+                U64(0xabe80c913f20c3ba), U64(0xf07ec461c2d1edf2),
+                U64(0xf361d3ac45b94c81), U64(0x0521394a94b8fe95),
+                U64(0xadd622162cf09c5c), U64(0xe97871f7f3651897),
+                U64(0xf4a1f09b2bba87bd), U64(0x095d6559b2054044),
+                U64(0x0bbc7f2448be75ed), U64(0x2af4cf172e129675),
+                U64(0x157ae98517094bb4), U64(0x9fda55274e856b96),
+                U64(0x914713499283e0ee), U64(0xb952c623462a4332),
+                U64(0x74433ead475b46a8), U64(0x8b5eb112245fb4f8),
+                U64(0xa34b6478f0f61724), U64(0x11a5dd7ffe6221fb),
+                U64(0xc16da49d27ccbb4b), U64(0x76a224d0bde07301),
+                U64(0x8aa0bca2598c2022), U64(0x4df336b86d90c48f),
+                U64(0xea67663a740db9e4), U64(0xef465f70e0b54771),
+                U64(0x39b008152acb8227), U64(0x7d1e5bf4f55e06ec),
+                U64(0x105bd0cf83b1b521), U64(0x775c2960c033e7db),
+                U64(0x7e014c397236a79f), U64(0x811cc386113255cf),
+                U64(0xeda7450d1a0e72d8), U64(0x5889df3d7a998f3b),
+                U64(0x2e2bfbedc779fc3a), U64(0xce0eef438619a4e9),
+                U64(0x372d4e7bf6cd095f), U64(0x04df34fae96b6a4f),
+                U64(0xf923a13870d4adb6), U64(0xa1aa7e050a4d228d),
+                U64(0xa8f71b5cb84862c9), U64(0xb52e9a306097fde3),
+                U64(0x0d8251a35b6e2a0b), U64(0x2257a7fee1c442eb),
+                U64(0x73831d9a29588d94), U64(0x51d4ba64c89ccf7f),
+                U64(0x502ab7d4b54f5ba5), U64(0x97793dce8153bf08),
+                U64(0xe5042de4d5d8a646), U64(0x9687307efc802bd2),
+                U64(0xa05473b5779eb657), U64(0xb4d097801d446939),
+                U64(0xcff0e2f3fbca3033), U64(0xc38cbee0dd778ee2),
+                U64(0x464f499c252eb162), U64(0xcad1dbb96f72cea6),
+                U64(0xba4dd1eec142e241), U64(0xb00fa37af42f0376)
+        }, { /* 2 */
+                U64(0xcce4cd3aa968b245), U64(0x089d5484e80b7faf),
+                U64(0x638246c1b3548304), U64(0xd2fe0ec8c2355492),
+                U64(0xa7fbdf7ff2374eee), U64(0x4df1600c92337a16),
+                U64(0x84e503ea523b12fb), U64(0x0790bbfd53ab0c4a),
+                U64(0x198a780f38f6ea9d), U64(0x2ab30c8f55ec48cb),
+                U64(0xe0f7fed6b2c49db5), U64(0xb6ecf3f422cadbdc),
+                U64(0x409c9a541358df11), U64(0xd3ce8a56dfde3fe3),
+                U64(0xc3e9224312c8c1a0), U64(0x0d6dfa58816ba507),
+                U64(0xddf3e1b179952777), U64(0x04c02a42748bb1d9),
+                U64(0x94c2abff9f2decb8), U64(0x4f91752da8f8acf4),
+                U64(0x78682befb169bf7b), U64(0xe1c77a48af2ff6c4),
+                U64(0x0c5d7ec69c80ce76), U64(0x4cc1e4928fd81167),
+                U64(0xfeed3d24d9997b62), U64(0x518bb6dfc3a54a23),
+                U64(0x6dbf2d26151f9b90), U64(0xb5bc624b05ea664f),
+                U64(0xe86aaa525acfe21a), U64(0x4801ced0fb53a0be),
+                U64(0xc91463e6c00868ed), U64(0x1027a815cd16fe43),
+                U64(0xf67069a0319204cd), U64(0xb04ccc976c8abce7),
+                U64(0xc0b9b3fc35e87c33), U64(0xf380c77c58f2de65),
+                U64(0x50bb3241de4e2152), U64(0xdf93f490435ef195),
+                U64(0xf1e0d25d62390887), U64(0xaf668bfb1a3c3141),
+                U64(0xbc11b251f00a7291), U64(0x73a5eed47e427d47),
+                U64(0x25bee3f6ee4c3b2e), U64(0x43cc0beb34786282),
+                U64(0xc824e778dde3039c), U64(0xf97d86d98a327728),
+                U64(0xf2b043e24519b514), U64(0xe297ebf7880f4b57),
+                U64(0x3a94a49a98fab688), U64(0x868516cb68f0c419),
+                U64(0xeffa11af0964ee50), U64(0xa4ab4ec0d517f37d),
+                U64(0xa9c6b498547c567a), U64(0x8e18424f80fbbbb6),
+                U64(0x0bcdc53bcf2bc23c), U64(0x137739aaea3643d0),
+                U64(0x2c1333ec1bac2ff0), U64(0x8d48d3f0a7db0625),
+                U64(0x1e1ac3f26b5de6d7), U64(0xf520f81f16b2b95e),
+                U64(0x9f0f6ec450062e84), U64(0x0130849e1deb6b71),
+                U64(0xd45e31ab8c7533a9), U64(0x652279a2fd14e43f),
+                U64(0x3209f01e70f1c927), U64(0xbe71a770cac1a473),
+                U64(0x0e3d6be7a64b1894), U64(0x7ec8148cff29d840),
+                U64(0xcb7476c7fac3be0f), U64(0x72956a4a63a91636),
+                U64(0x37f95ec21991138f), U64(0x9e3fea5a4ded45f5),
+                U64(0x7b38ba50964902e8), U64(0x222e580bbde73764),
+                U64(0x61e253e0899f55e6), U64(0xfc8d2805e352ad80),
+                U64(0x35994be3235ac56d), U64(0x09add01af5e014de),
+                U64(0x5e8659a6780539c6), U64(0xb17c48097161d796),
+                U64(0x026015213acbd6e2), U64(0xd1ae9f77e515e901),
+                U64(0xb7dc776a3f21b0ad), U64(0xaba6a1b96eb78098),
+                U64(0x9bcf4486248d9f5d), U64(0x582666c536455efd),
+                U64(0xfdbdac9bfeb9c6f1), U64(0xc47999be4163cdea),
+                U64(0x765540081722a7ef), U64(0x3e548ed8ec710751),
+                U64(0x3d041f67cb51bac2), U64(0x7958af71ac82d40a),
+                U64(0x36c9da5c047a78fe), U64(0xed9a048e33af38b2),
+                U64(0x26ee7249c96c86bd), U64(0x900281bdeba65d61),
+                U64(0x11172c8bd0fd9532), U64(0xea0abf73600434f8),
+                U64(0x42fc8f75299309f3), U64(0x34a9cf7d3eb1ae1c),
+                U64(0x2b838811480723ba), U64(0x5ce64c8742ceef24),
+                U64(0x1adae9b01fd6570e), U64(0x3c349bf9d6bad1b3),
+                U64(0x82453c891c7b75c0), U64(0x97923a40b80d512b),
+                U64(0x4a61dbf1c198765c), U64(0xb48ce6d518010d3e),
+                U64(0xcfb45c858e480fd6), U64(0xd933cbf30d1e96ae),
+                U64(0xd70ea014ab558e3a), U64(0xc189376228031742),
+                U64(0x9262949cd16d8b83), U64(0xeb3a3bed7def5f89),
+                U64(0x49314a4ee6b8cbcf), U64(0xdcc3652f647e4c06),
+                U64(0xda635a4c2a3e2b3d), U64(0x470c21a940f3d35b),
+                U64(0x315961a157d174b4), U64(0x6672e81dda3459ac),
+                U64(0x5b76f77a1165e36e), U64(0x445cb01667d36ec8),
+                U64(0xc5491d205c88a69b), U64(0x456c34887a3805b9),
+                U64(0xffddb9bac4721013), U64(0x99af51a71e4649bf),
+                U64(0xa15be01cbc7729d5), U64(0x52db2760e485f7b0),
+                U64(0x8c78576eba306d54), U64(0xae560f6507d75a30),
+                U64(0x95f22f6182c687c9), U64(0x71c5fbf54489aba5),
+                U64(0xca44f259e728d57e), U64(0x88b87d2ccebbdc8d),
+                U64(0xbab18d32be4a15aa), U64(0x8be8ec93e99b611e),
+                U64(0x17b713e89ebdf209), U64(0xb31c5d284baa0174),
+                U64(0xeeca9531148f8521), U64(0xb8d198138481c348),
+                U64(0x8988f9b2d350b7fc), U64(0xb9e11c8d996aa839),
+                U64(0x5a4673e40c8e881f), U64(0x1687977683569978),
+                U64(0xbf4123eed72acf02), U64(0x4ea1f1b3b513c785),
+                U64(0xe767452be16f91ff), U64(0x7505d1b730021a7c),
+                U64(0xa59bca5ec8fc980c), U64(0xad069eda20f7e7a3),
+                U64(0x38f4b1bba231606a), U64(0x60d2d77e94743e97),
+                U64(0x9affc0183966f42c), U64(0x248e6768f3a7505f),
+                U64(0xcdd449a4b483d934), U64(0x87b59255751baf68),
+                U64(0x1bea6d2e023d3c7f), U64(0x6b1f12455b5ffcab),
+                U64(0x743555292de9710d), U64(0xd8034f6d10f5fddf),
+                U64(0xc6198c9f7ba81b08), U64(0xbb8109aca3a17edb),
+                U64(0xfa2d1766ad12cabb), U64(0xc729080166437079),
+                U64(0x9c5fff7b77269317), U64(0x0000000000000000),
+                U64(0x15d706c9a47624eb), U64(0x6fdf38072fd44d72),
+                U64(0x5fb6dd3865ee52b7), U64(0xa33bf53d86bcff37),
+                U64(0xe657c1b5fc84fa8e), U64(0xaa962527735cebe9),
+                U64(0x39c43525bfda0b1b), U64(0x204e4d2a872ce186),
+                U64(0x7a083ece8ba26999), U64(0x554b9c9db72efbfa),
+                U64(0xb22cd9b656416a05), U64(0x96a2bedea5e63a5a),
+                U64(0x802529a826b0a322), U64(0x8115ad363b5bc853),
+                U64(0x8375b81701901eb1), U64(0x3069e53f4a3a1fc5),
+                U64(0xbd2136cfede119e0), U64(0x18bafc91251d81ec),
+                U64(0x1d4a524d4c7d5b44), U64(0x05f0aedc6960daa8),
+                U64(0x29e39d3072ccf558), U64(0x70f57f6b5962c0d4),
+                U64(0x989fd53903ad22ce), U64(0xf84d024797d91c59),
+                U64(0x547b1803aac5908b), U64(0xf0d056c37fd263f6),
+                U64(0xd56eb535919e58d8), U64(0x1c7ad6d351963035),
+                U64(0x2e7326cd2167f912), U64(0xac361a443d1c8cd2),
+                U64(0x697f076461942a49), U64(0x4b515f6fdc731d2d),
+                U64(0x8ad8680df4700a6f), U64(0x41ac1eca0eb3b460),
+                U64(0x7d988533d80965d3), U64(0xa8f6300649973d0b),
+                U64(0x7765c4960ac9cc9e), U64(0x7ca801adc5e20ea2),
+                U64(0xdea3700e5eb59ae4), U64(0xa06b6482a19c42a4),
+                U64(0x6a2f96db46b497da), U64(0x27def6d7d487edcc),
+                U64(0x463ca5375d18b82a), U64(0xa6cb5be1efdc259f),
+                U64(0x53eba3fef96e9cc1), U64(0xce84d81b93a364a7),
+                U64(0xf4107c810b59d22f), U64(0x333974806d1aa256),
+                U64(0x0f0def79bba073e5), U64(0x231edc95a00c5c15),
+                U64(0xe437d494c64f2c6c), U64(0x91320523f64d3610),
+                U64(0x67426c83c7df32dd), U64(0x6eefbc99323f2603),
+                U64(0x9d6f7be56acdf866), U64(0x5916e25b2bae358c),
+                U64(0x7ff89012e2c2b331), U64(0x035091bf2720bd93),
+                U64(0x561b0d22900e4669), U64(0x28d319ae6f279e29),
+                U64(0x2f43a2533c8c9263), U64(0xd09e1be9f8fe8270),
+                U64(0xf740ed3e2c796fbc), U64(0xdb53ded237d5404c),
+                U64(0x62b2c25faebfe875), U64(0x0afd41a5d2c0a94d),
+                U64(0x6412fd3ce0ff8f4e), U64(0xe3a76f6995e42026),
+                U64(0x6c8fa9b808f4f0e1), U64(0xc2d9a6dd0f23aad1),
+                U64(0x8f28c6d19d10d0c7), U64(0x85d587744fd0798a),
+                U64(0xa20b71a39b579446), U64(0x684f83fa7c7f4138),
+                U64(0xe507500adba4471d), U64(0x3f640a46f19a6c20),
+                U64(0x1247bd34f7dd28a1), U64(0x2d23b77206474481),
+                U64(0x93521002cc86e0f2), U64(0x572b89bc8de52d18),
+                U64(0xfb1d93f8b0f9a1ca), U64(0xe95a2ecc4724896b),
+                U64(0x3ba420048511ddf9), U64(0xd63e248ab6bee54b),
+                U64(0x5dd6c8195f258455), U64(0x06a03f634e40673b),
+                U64(0x1f2a476c76b68da6), U64(0x217ec9b49ac78af7),
+                U64(0xecaa80102e4453c3), U64(0x14e78257b99d4f9a)
+        }, { /* 3 */
+                U64(0x20329b2cc87bba05), U64(0x4f5eb6f86546a531),
+                U64(0xd4f44775f751b6b1), U64(0x8266a47b850dfa8b),
+                U64(0xbb986aa15a6ca985), U64(0xc979eb08f9ae0f99),
+                U64(0x2da6f447a2375ea1), U64(0x1e74275dcd7d8576),
+                U64(0xbc20180a800bc5f8), U64(0xb4a2f701b2dc65be),
+                U64(0xe726946f981b6d66), U64(0x48e6c453bf21c94c),
+                U64(0x42cad9930f0a4195), U64(0xefa47b64aacccd20),
+                U64(0x71180a8960409a42), U64(0x8bb3329bf6a44e0c),
+                U64(0xd34c35de2d36dacc), U64(0xa92f5b7cbc23dc96),
+                U64(0xb31a85aa68bb09c3), U64(0x13e04836a73161d2),
+                U64(0xb24dfc4129c51d02), U64(0x8ae44b70b7da5acd),
+                U64(0xe671ed84d96579a7), U64(0xa4bb3417d66f3832),
+                U64(0x4572ab38d56d2de8), U64(0xb1b47761ea47215c),
+                U64(0xe81c09cf70aba15d), U64(0xffbdb872ce7f90ac),
+                U64(0xa8782297fd5dc857), U64(0x0d946f6b6a4ce4a4),
+                U64(0xe4df1f4f5b995138), U64(0x9ebc71edca8c5762),
+                U64(0x0a2c1dc0b02b88d9), U64(0x3b503c115d9d7b91),
+                U64(0xc64376a8111ec3a2), U64(0xcec199a323c963e4),
+                U64(0xdc76a87ec58616f7), U64(0x09d596e073a9b487),
+                U64(0x14583a9d7d560daf), U64(0xf4c6dc593f2a0cb4),
+                U64(0xdd21d19584f80236), U64(0x4a4836983ddde1d3),
+                U64(0xe58866a41ae745f9), U64(0xf591a5b27e541875),
+                U64(0x891dc05074586693), U64(0x5b068c651810a89e),
+                U64(0xa30346bc0c08544f), U64(0x3dbf3751c684032d),
+                U64(0x2a1e86ec785032dc), U64(0xf73f5779fca830ea),
+                U64(0xb60c05ca30204d21), U64(0x0cc316802b32f065),
+                U64(0x8770241bdd96be69), U64(0xb861e18199ee95db),
+                U64(0xf805cad91418fcd1), U64(0x29e70dccbbd20e82),
+                U64(0xc7140f435060d763), U64(0x0f3a9da0e8b0cc3b),
+                U64(0xa2543f574d76408e), U64(0xbd7761e1c175d139),
+                U64(0x4b1f4f737ca3f512), U64(0x6dc2df1f2fc137ab),
+                U64(0xf1d05c3967b14856), U64(0xa742bf3715ed046c),
+                U64(0x654030141d1697ed), U64(0x07b872abda676c7d),
+                U64(0x3ce84eba87fa17ec), U64(0xc1fb0403cb79afdf),
+                U64(0x3e46bc7105063f73), U64(0x278ae987121cd678),
+                U64(0xa1adb4778ef47cd0), U64(0x26dd906c5362c2b9),
+                U64(0x05168060589b44e2), U64(0xfbfc41f9d79ac08f),
+                U64(0x0e6de44ba9ced8fa), U64(0x9feb08068bf243a3),
+                U64(0x7b341749d06b129b), U64(0x229c69e74a87929a),
+                U64(0xe09ee6c4427c011b), U64(0x5692e30e725c4c3a),
+                U64(0xda99a33e5e9f6e4b), U64(0x353dd85af453a36b),
+                U64(0x25241b4c90e0fee7), U64(0x5de987258309d022),
+                U64(0xe230140fc0802984), U64(0x93281e86a0c0b3c6),
+                U64(0xf229d719a4337408), U64(0x6f6c2dd4ad3d1f34),
+                U64(0x8ea5b2fbae3f0aee), U64(0x8331dd90c473ee4a),
+                U64(0x346aa1b1b52db7aa), U64(0xdf8f235e06042aa9),
+                U64(0xcc6f6b68a1354b7b), U64(0x6c95a6f46ebf236a),
+                U64(0x52d31a856bb91c19), U64(0x1a35ded6d498d555),
+                U64(0xf37eaef2e54d60c9), U64(0x72e181a9a3c2a61c),
+                U64(0x98537aad51952fde), U64(0x16f6c856ffaa2530),
+                U64(0xd960281e9d1d5215), U64(0x3a0745fa1ce36f50),
+                U64(0x0b7b642bf1559c18), U64(0x59a87eae9aec8001),
+                U64(0x5e100c05408bec7c), U64(0x0441f98b19e55023),
+                U64(0xd70dcc5534d38aef), U64(0x927f676de1bea707),
+                U64(0x9769e70db925e3e5), U64(0x7a636ea29115065a),
+                U64(0x468b201816ef11b6), U64(0xab81a9b73edff409),
+                U64(0xc0ac7de88a07bb1e), U64(0x1f235eb68c0391b7),
+                U64(0x6056b074458dd30f), U64(0xbe8eeac102f7ed67),
+                U64(0xcd381283e04b5fba), U64(0x5cbefecec277c4e3),
+                U64(0xd21b4c356c48ce0d), U64(0x1019c31664b35d8c),
+                U64(0x247362a7d19eea26), U64(0xebe582efb3299d03),
+                U64(0x02aef2cb82fc289f), U64(0x86275df09ce8aaa8),
+                U64(0x28b07427faac1a43), U64(0x38a9b7319e1f47cf),
+                U64(0xc82e92e3b8d01b58), U64(0x06ef0b409b1978bc),
+                U64(0x62f842bfc771fb90), U64(0x9904034610eb3b1f),
+                U64(0xded85ab5477a3e68), U64(0x90d195a663428f98),
+                U64(0x5384636e2ac708d8), U64(0xcbd719c37b522706),
+                U64(0xae9729d76644b0eb), U64(0x7c8c65e20a0c7ee6),
+                U64(0x80c856b007f1d214), U64(0x8c0b40302cc32271),
+                U64(0xdbcedad51fe17a8a), U64(0x740e8ae938dbdea0),
+                U64(0xa615c6dc549310ad), U64(0x19cc55f6171ae90b),
+                U64(0x49b1bdb8fe5fdd8d), U64(0xed0a89af2830e5bf),
+                U64(0x6a7aadb4f5a65bd6), U64(0x7e22972988f05679),
+                U64(0xf952b3325566e810), U64(0x39fecedadf61530e),
+                U64(0x6101c99f04f3c7ce), U64(0x2e5f7f6761b562ff),
+                U64(0xf08725d226cf5c97), U64(0x63af3b54860fef51),
+                U64(0x8ff2cb10ef411e2f), U64(0x884ab9bb35267252),
+                U64(0x4df04433e7ba8dae), U64(0x9afd8866d3690741),
+                U64(0x66b9bb34de94abb3), U64(0x9baaf18d92171380),
+                U64(0x543c11c5f0a064a5), U64(0x17a1b1bdbed431f1),
+                U64(0xb5f58eeaf3a2717f), U64(0xc355f6c849858740),
+                U64(0xec5df044694ef17e), U64(0xd83751f5dc6346d4),
+                U64(0xfc4433520dfdacf2), U64(0x0000000000000000),
+                U64(0x5a51f58e596ebc5f), U64(0x3285aaf12e34cf16),
+                U64(0x8d5c39db6dbd36b0), U64(0x12b731dde64f7513),
+                U64(0x94906c2d7aa7dfbb), U64(0x302b583aacc8e789),
+                U64(0x9d45facd090e6b3c), U64(0x2165e2c78905aec4),
+                U64(0x68d45f7f775a7349), U64(0x189b2c1d5664fdca),
+                U64(0xe1c99f2f030215da), U64(0x6983269436246788),
+                U64(0x8489af3b1e148237), U64(0xe94b702431d5b59c),
+                U64(0x33d2d31a6f4adbd7), U64(0xbfd9932a4389f9a6),
+                U64(0xb0e30e8aab39359d), U64(0xd1e2c715afcaf253),
+                U64(0x150f43763c28196e), U64(0xc4ed846393e2eb3d),
+                U64(0x03f98b20c3823c5e), U64(0xfd134ab94c83b833),
+                U64(0x556b682eb1de7064), U64(0x36c4537a37d19f35),
+                U64(0x7559f30279a5ca61), U64(0x799ae58252973a04),
+                U64(0x9c12832648707ffd), U64(0x78cd9c6913e92ec5),
+                U64(0x1d8dac7d0effb928), U64(0x439da0784e745554),
+                U64(0x413352b3cc887dcb), U64(0xbacf134a1b12bd44),
+                U64(0x114ebafd25cd494d), U64(0x2f08068c20cb763e),
+                U64(0x76a07822ba27f63f), U64(0xeab2fb04f25789c2),
+                U64(0xe3676de481fe3d45), U64(0x1b62a73d95e6c194),
+                U64(0x641749ff5c68832c), U64(0xa5ec4dfc97112cf3),
+                U64(0xf6682e92bdd6242b), U64(0x3f11c59a44782bb2),
+                U64(0x317c21d1edb6f348), U64(0xd65ab5be75ad9e2e),
+                U64(0x6b2dd45fb4d84f17), U64(0xfaab381296e4d44e),
+                U64(0xd0b5befeeeb4e692), U64(0x0882ef0b32d7a046),
+                U64(0x512a91a5a83b2047), U64(0x963e9ee6f85bf724),
+                U64(0x4e09cf132438b1f0), U64(0x77f701c9fb59e2fe),
+                U64(0x7ddb1c094b726a27), U64(0x5f4775ee01f5f8bd),
+                U64(0x9186ec4d223c9b59), U64(0xfeeac1998f01846d),
+                U64(0xac39db1ce4b89874), U64(0xb75b7c21715e59e0),
+                U64(0xafc0503c273aa42a), U64(0x6e3b543fec430bf5),
+                U64(0x704f7362213e8e83), U64(0x58ff0745db9294c0),
+                U64(0x67eec2df9feabf72), U64(0xa0facd9ccf8a6811),
+                U64(0xb936986ad890811a), U64(0x95c715c63bd9cb7a),
+                U64(0xca8060283a2c33c7), U64(0x507de84ee9453486),
+                U64(0x85ded6d05f6a96f6), U64(0x1cdad5964f81ade9),
+                U64(0xd5a33e9eb62fa270), U64(0x40642b588df6690a),
+                U64(0x7f75eec2c98e42b8), U64(0x2cf18dace3494a60),
+                U64(0x23cb100c0bf9865b), U64(0xeef3028febb2d9e1),
+                U64(0x4425d2d394133929), U64(0xaad6d05c7fa1e0c8),
+                U64(0xad6ea2f7a5c68cb5), U64(0xc2028f2308fb9381),
+                U64(0x819f2f5b468fc6d5), U64(0xc5bafd88d29cfffc),
+                U64(0x47dc59f357910577), U64(0x2b49ff07392e261d),
+                U64(0x57c59ae5332258fb), U64(0x73b6f842e2bcb2dd),
+                U64(0xcf96e04862b77725), U64(0x4ca73dd8a6c4996f),
+                U64(0x015779eb417e14c1), U64(0x37932a9176af8bf4)
+        }, { /* 4 */
+                U64(0x190a2c9b249df23e), U64(0x2f62f8b62263e1e9),
+                U64(0x7a7f754740993655), U64(0x330b7ba4d5564d9f),
+                U64(0x4c17a16a46672582), U64(0xb22f08eb7d05f5b8),
+                U64(0x535f47f40bc148cc), U64(0x3aec5d27d4883037),
+                U64(0x10ed0a1825438f96), U64(0x516101f72c233d17),
+                U64(0x13cc6f949fd04eae), U64(0x739853c441474bfd),
+                U64(0x653793d90d3f5b1b), U64(0x5240647b96b0fc2f),
+                U64(0x0c84890ad27623e0), U64(0xd7189b32703aaea3),
+                U64(0x2685de3523bd9c41), U64(0x99317c5b11bffefa),
+                U64(0x0d9baa854f079703), U64(0x70b93648fbd48ac5),
+                U64(0xa80441fce30bc6be), U64(0x7287704bdc36ff1e),
+                U64(0xb65384ed33dc1f13), U64(0xd36417343ee34408),
+                U64(0x39cd38ab6e1bf10f), U64(0x5ab861770a1f3564),
+                U64(0x0ebacf09f594563b), U64(0xd04572b884708530),
+                U64(0x3cae9722bdb3af47), U64(0x4a556b6f2f5cbaf2),
+                U64(0xe1704f1f76c4bd74), U64(0x5ec4ed7144c6dfcf),
+                U64(0x16afc01d4c7810e6), U64(0x283f113cd629ca7a),
+                U64(0xaf59a8761741ed2d), U64(0xeed5a3991e215fac),
+                U64(0x3bf37ea849f984d4), U64(0xe413e096a56ce33c),
+                U64(0x2c439d3a98f020d1), U64(0x637559dc6404c46b),
+                U64(0x9e6c95d1e5f5d569), U64(0x24bb9836045fe99a),
+                U64(0x44efa466dac8ecc9), U64(0xc6eab2a5c80895d6),
+                U64(0x803b50c035220cc4), U64(0x0321658cba93c138),
+                U64(0x8f9ebc465dc7ee1c), U64(0xd15a5137190131d3),
+                U64(0x0fa5ec8668e5e2d8), U64(0x91c979578d1037b1),
+                U64(0x0642ca05693b9f70), U64(0xefca80168350eb4f),
+                U64(0x38d21b24f36a45ec), U64(0xbeab81e1af73d658),
+                U64(0x8cbfd9cae7542f24), U64(0xfd19cc0d81f11102),
+                U64(0x0ac6430fbb4dbc90), U64(0x1d76a09d6a441895),
+                U64(0x2a01573ff1cbbfa1), U64(0xb572e161894fde2b),
+                U64(0x8124734fa853b827), U64(0x614b1fdf43e6b1b0),
+                U64(0x68ac395c4238cc18), U64(0x21d837bfd7f7b7d2),
+                U64(0x20c714304a860331), U64(0x5cfaab726324aa14),
+                U64(0x74c5ba4eb50d606e), U64(0xf3a3030474654739),
+                U64(0x23e671bcf015c209), U64(0x45f087e947b9582a),
+                U64(0xd8bd77b418df4c7b), U64(0xe06f6c90ebb50997),
+                U64(0x0bd96080263c0873), U64(0x7e03f9410e40dcfe),
+                U64(0xb8e94be4c6484928), U64(0xfb5b0608e8ca8e72),
+                U64(0x1a2b49179e0e3306), U64(0x4e29e76961855059),
+                U64(0x4f36c4e6fcf4e4ba), U64(0x49740ee395cf7bca),
+                U64(0xc2963ea386d17f7d), U64(0x90d65ad810618352),
+                U64(0x12d34c1b02a1fa4d), U64(0xfa44258775bb3a91),
+                U64(0x18150f14b9ec46dd), U64(0x1491861e6b9a653d),
+                U64(0x9a1019d7ab2c3fc2), U64(0x3668d42d06fe13d7),
+                U64(0xdcc1fbb25606a6d0), U64(0x969490dd795a1c22),
+                U64(0x3549b1a1bc6dd2ef), U64(0xc94f5e23a0ed770e),
+                U64(0xb9f6686b5b39fdcb), U64(0xc4d4f4a6efeae00d),
+                U64(0xe732851a1fff2204), U64(0x94aad6de5eb869f9),
+                U64(0x3f8ff2ae07206e7f), U64(0xfe38a9813b62d03a),
+                U64(0xa7a1ad7a8bee2466), U64(0x7b6056c8dde882b6),
+                U64(0x302a1e286fc58ca7), U64(0x8da0fa457a259bc7),
+                U64(0xb3302b64e074415b), U64(0x5402ae7eff8b635f),
+                U64(0x08f8050c9cafc94b), U64(0xae468bf98a3059ce),
+                U64(0x88c355cca98dc58f), U64(0xb10e6d67c7963480),
+                U64(0xbad70de7e1aa3cf3), U64(0xbfb4a26e320262bb),
+                U64(0xcb711820870f02d5), U64(0xce12b7a954a75c9d),
+                U64(0x563ce87dd8691684), U64(0x9f73b65e7884618a),
+                U64(0x2b1e74b06cba0b42), U64(0x47cec1ea605b2df1),
+                U64(0x1c698312f735ac76), U64(0x5fdbcefed9b76b2c),
+                U64(0x831a354c8fb1cdfc), U64(0x820516c312c0791f),
+                U64(0xb74ca762aeadabf0), U64(0xfc06ef821c80a5e1),
+                U64(0x5723cbf24518a267), U64(0x9d4df05d5f661451),
+                U64(0x588627742dfd40bf), U64(0xda8331b73f3d39a0),
+                U64(0x17b0e392d109a405), U64(0xf965400bcf28fba9),
+                U64(0x7c3dbf4229a2a925), U64(0x023e460327e275db),
+                U64(0x6cd0b55a0ce126b3), U64(0xe62da695828e96e7),
+                U64(0x42ad6e63b3f373b9), U64(0xe50cc319381d57df),
+                U64(0xc5cbd729729b54ee), U64(0x46d1e265fd2a9912),
+                U64(0x6428b056904eeff8), U64(0x8be23040131e04b7),
+                U64(0x6709d5da2add2ec0), U64(0x075de98af44a2b93),
+                U64(0x8447dcc67bfbe66f), U64(0x6616f655b7ac9a23),
+                U64(0xd607b8bded4b1a40), U64(0x0563af89d3a85e48),
+                U64(0x3db1b4ad20c21ba4), U64(0x11f22997b8323b75),
+                U64(0x292032b34b587e99), U64(0x7f1cdace9331681d),
+                U64(0x8e819fc9c0b65aff), U64(0xa1e3677fe2d5bb16),
+                U64(0xcd33d225ee349da5), U64(0xd9a2543b85aef898),
+                U64(0x795e10cbfa0af76d), U64(0x25a4bbb9992e5d79),
+                U64(0x78413344677b438e), U64(0xf0826688cef68601),
+                U64(0xd27b34bba392f0eb), U64(0x551d8df162fad7bc),
+                U64(0x1e57c511d0d7d9ad), U64(0xdeffbdb171e4d30b),
+                U64(0xf4feea8e802f6caa), U64(0xa480c8f6317de55e),
+                U64(0xa0fc44f07fa40ff5), U64(0x95b5f551c3c9dd1a),
+                U64(0x22f952336d6476ea), U64(0x0000000000000000),
+                U64(0xa6be8ef5169f9085), U64(0xcc2cf1aa73452946),
+                U64(0x2e7ddb39bf12550a), U64(0xd526dd3157d8db78),
+                U64(0x486b2d6c08becf29), U64(0x9b0f3a58365d8b21),
+                U64(0xac78cdfaadd22c15), U64(0xbc95c7e28891a383),
+                U64(0x6a927f5f65dab9c3), U64(0xc3891d2c1ba0cb9e),
+                U64(0xeaa92f9f50f8b507), U64(0xcf0d9426c9d6e87e),
+                U64(0xca6e3baf1a7eb636), U64(0xab25247059980786),
+                U64(0x69b31ad3df4978fb), U64(0xe2512a93cc577c4c),
+                U64(0xff278a0ea61364d9), U64(0x71a615c766a53e26),
+                U64(0x89dc764334fc716c), U64(0xf87a638452594f4a),
+                U64(0xf2bc208be914f3da), U64(0x8766b94ac1682757),
+                U64(0xbbc82e687cdb8810), U64(0x626a7a53f9757088),
+                U64(0xa2c202f358467a2e), U64(0x4d0882e5db169161),
+                U64(0x09e7268301de7da8), U64(0xe897699c771ac0dc),
+                U64(0xc8507dac3d9cc3ed), U64(0xc0a878a0a1330aa6),
+                U64(0x978bb352e42ba8c1), U64(0xe9884a13ea6b743f),
+                U64(0x279afdbabecc28a2), U64(0x047c8c064ed9eaab),
+                U64(0x507e2278b15289f4), U64(0x599904fbb08cf45c),
+                U64(0xbd8ae46d15e01760), U64(0x31353da7f2b43844),
+                U64(0x8558ff49e68a528c), U64(0x76fbfc4d92ef15b5),
+                U64(0x3456922e211c660c), U64(0x86799ac55c1993b4),
+                U64(0x3e90d1219a51da9c), U64(0x2d5cbeb505819432),
+                U64(0x982e5fd48cce4a19), U64(0xdb9c1238a24c8d43),
+                U64(0xd439febecaa96f9b), U64(0x418c0bef0960b281),
+                U64(0x158ea591f6ebd1de), U64(0x1f48e69e4da66d4e),
+                U64(0x8afd13cf8e6fb054), U64(0xf5e1c9011d5ed849),
+                U64(0xe34e091c5126c8af), U64(0xad67ee7530a398f6),
+                U64(0x43b24dec2e82c75a), U64(0x75da99c1287cd48d),
+                U64(0x92e81cdb3783f689), U64(0xa3dd217cc537cecd),
+                U64(0x60543c50de970553), U64(0x93f73f54aaf2426a),
+                U64(0xa91b62737e7a725d), U64(0xf19d4507538732e2),
+                U64(0x77e4dfc20f9ea156), U64(0x7d229ccdb4d31dc6),
+                U64(0x1b346a98037f87e5), U64(0xedf4c615a4b29e94),
+                U64(0x4093286094110662), U64(0xb0114ee85ae78063),
+                U64(0x6ff1d0d6b672e78b), U64(0x6dcf96d591909250),
+                U64(0xdfe09e3eec9567e8), U64(0x3214582b4827f97c),
+                U64(0xb46dc2ee143e6ac8), U64(0xf6c0ac8da7cd1971),
+                U64(0xebb60c10cd8901e4), U64(0xf7df8f023abcad92),
+                U64(0x9c52d3d2c217a0b2), U64(0x6b8d5cd0f8ab0d20),
+                U64(0x3777f7a29b8fa734), U64(0x011f238f9d71b4e3),
+                U64(0xc1b75b2f3c42be45), U64(0x5de588fdfe551ef7),
+                U64(0x6eeef3592b035368), U64(0xaa3a07ffc4e9b365),
+                U64(0xecebe59a39c32a77), U64(0x5ba742f8976e8187),
+                U64(0x4b4a48e0b22d0e11), U64(0xddded83dcb771233),
+                U64(0xa59feb79ac0c51bd), U64(0xc7f5912a55792135)
+        }, { /* 5 */
+                U64(0x6d6ae04668a9b08a), U64(0x3ab3f04b0be8c743),
+                U64(0xe51e166b54b3c908), U64(0xbe90a9eb35c2f139),
+                U64(0xb2c7066637f2bec1), U64(0xaa6945613392202c),
+                U64(0x9a28c36f3b5201eb), U64(0xddce5a93ab536994),
+                U64(0x0e34133ef6382827), U64(0x52a02ba1ec55048b),
+                U64(0xa2f88f97c4b2a177), U64(0x8640e513ca2251a5),
+                U64(0xcdf1d36258137622), U64(0xfe6cb708dedf8ddb),
+                U64(0x8a174a9ec8121e5d), U64(0x679896036b81560e),
+                U64(0x59ed033395795fee), U64(0x1dd778ab8b74edaf),
+                U64(0xee533ef92d9f926d), U64(0x2a8c79baf8a8d8f5),
+                U64(0x6bcf398e69b119f6), U64(0xe20491742fafdd95),
+                U64(0x276488e0809c2aec), U64(0xea955b82d88f5cce),
+                U64(0x7102c63a99d9e0c4), U64(0xf9763017a5c39946),
+                U64(0x429fa2501f151b3d), U64(0x4659c72bea05d59e),
+                U64(0x984b7fdccf5a6634), U64(0xf742232953fbb161),
+                U64(0x3041860e08c021c7), U64(0x747bfd9616cd9386),
+                U64(0x4bb1367192312787), U64(0x1b72a1638a6c44d3),
+                U64(0x4a0e68a6e8359a66), U64(0x169a5039f258b6ca),
+                U64(0xb98a2ef44edee5a4), U64(0xd9083fe85e43a737),
+                U64(0x967f6ce239624e13), U64(0x8874f62d3c1a7982),
+                U64(0x3c1629830af06e3f), U64(0x9165ebfd427e5a8e),
+                U64(0xb5dd81794ceeaa5c), U64(0x0de8f15a7834f219),
+                U64(0x70bd98ede3dd5d25), U64(0xaccc9ca9328a8950),
+                U64(0x56664eda1945ca28), U64(0x221db34c0f8859ae),
+                U64(0x26dbd637fa98970d), U64(0x1acdffb4f068f932),
+                U64(0x4585254f64090fa0), U64(0x72de245e17d53afa),
+                U64(0x1546b25d7c546cf4), U64(0x207e0ffffb803e71),
+                U64(0xfaaad2732bcf4378), U64(0xb462dfae36ea17bd),
+                U64(0xcf926fd1ac1b11fd), U64(0xe0672dc7dba7ba4a),
+                U64(0xd3fa49ad5d6b41b3), U64(0x8ba81449b216a3bc),
+                U64(0x14f9ec8a0650d115), U64(0x40fc1ee3eb1d7ce2),
+                U64(0x23a2ed9b758ce44f), U64(0x782c521b14fddc7e),
+                U64(0x1c68267cf170504e), U64(0xbcf31558c1ca96e6),
+                U64(0xa781b43b4ba6d235), U64(0xf6fd7dfe29ff0c80),
+                U64(0xb0a4bad5c3fad91e), U64(0xd199f51ea963266c),
+                U64(0x414340349119c103), U64(0x5405f269ed4dadf7),
+                U64(0xabd61bb649969dcd), U64(0x6813dbeae7bdc3c8),
+                U64(0x65fb2ab09f8931d1), U64(0xf1e7fae152e3181d),
+                U64(0xc1a67cef5a2339da), U64(0x7a4feea8e0f5bba1),
+                U64(0x1e0b9acf05783791), U64(0x5b8ebf8061713831),
+                U64(0x80e53cdbcb3af8d9), U64(0x7e898bd315e57502),
+                U64(0xc6bcfbf0213f2d47), U64(0x95a38e86b76e942d),
+                U64(0x092e94218d243cba), U64(0x8339debf453622e7),
+                U64(0xb11be402b9fe64ff), U64(0x57d9100d634177c9),
+                U64(0xcc4e8db52217cbc3), U64(0x3b0cae9c71ec7aa2),
+                U64(0xfb158ca451cbfe99), U64(0x2b33276d82ac6514),
+                U64(0x01bf5ed77a04bde1), U64(0xc5601994af33f779),
+                U64(0x75c4a3416cc92e67), U64(0xf3844652a6eb7fc2),
+                U64(0x3487e375fdd0ef64), U64(0x18ae430704609eed),
+                U64(0x4d14efb993298efb), U64(0x815a620cb13e4538),
+                U64(0x125c354207487869), U64(0x9eeea614ce42cf48),
+                U64(0xce2d3106d61fac1c), U64(0xbbe99247bad6827b),
+                U64(0x071a871f7b1c149d), U64(0x2e4a1cc10db81656),
+                U64(0x77a71ff298c149b8), U64(0x06a5d9c80118a97c),
+                U64(0xad73c27e488e34b1), U64(0x443a7b981e0db241),
+                U64(0xe3bbcfa355ab6074), U64(0x0af276450328e684),
+                U64(0x73617a896dd1871b), U64(0x58525de4ef7de20f),
+                U64(0xb7be3dcab8e6cd83), U64(0x19111dd07e64230c),
+                U64(0x842359a03e2a367a), U64(0x103f89f1f3401fb6),
+                U64(0xdc710444d157d475), U64(0xb835702334da5845),
+                U64(0x4320fc876511a6dc), U64(0xd026abc9d3679b8d),
+                U64(0x17250eee885c0b2b), U64(0x90dab52a387ae76f),
+                U64(0x31fed8d972c49c26), U64(0x89cba8fa461ec463),
+                U64(0x2ff5421677bcabb7), U64(0x396f122f85e41d7d),
+                U64(0xa09b332430bac6a8), U64(0xc888e8ced7070560),
+                U64(0xaeaf201ac682ee8f), U64(0x1180d7268944a257),
+                U64(0xf058a43628e7a5fc), U64(0xbd4c4b8fbbce2b07),
+                U64(0xa1246df34abe7b49), U64(0x7d5569b79be9af3c),
+                U64(0xa9b5a705bd9efa12), U64(0xdb6b835baa4bc0e8),
+                U64(0x05793bac8f147342), U64(0x21c1512881848390),
+                U64(0xfdb0556c50d357e5), U64(0x613d4fcb6a99ff72),
+                U64(0x03dce2648e0cda3e), U64(0xe949b9e6568386f0),
+                U64(0xfc0f0bbb2ad7ea04), U64(0x6a70675913b5a417),
+                U64(0x7f36d5046fe1c8e3), U64(0x0c57af8d02304ff8),
+                U64(0x32223abdfcc84618), U64(0x0891caf6f720815b),
+                U64(0xa63eeaec31a26fd4), U64(0x2507345374944d33),
+                U64(0x49d28ac266394058), U64(0xf5219f9aa7f3d6be),
+                U64(0x2d96fea583b4cc68), U64(0x5a31e1571b7585d0),
+                U64(0x8ed12fe53d02d0fe), U64(0xdfade6205f5b0e4b),
+                U64(0x4cabb16ee92d331a), U64(0x04c6657bf510cea3),
+                U64(0xd73c2cd6a87b8f10), U64(0xe1d87310a1a307ab),
+                U64(0x6cd5be9112ad0d6b), U64(0x97c032354366f3f2),
+                U64(0xd4e0ceb22677552e), U64(0x0000000000000000),
+                U64(0x29509bde76a402cb), U64(0xc27a9e8bd42fe3e4),
+                U64(0x5ef7842cee654b73), U64(0xaf107ecdbc86536e),
+                U64(0x3fcacbe784fcb401), U64(0xd55f90655c73e8cf),
+                U64(0xe6c2f40fdabf1336), U64(0xe8f6e7312c873b11),
+                U64(0xeb2a0555a28be12f), U64(0xe4a148bc2eb774e9),
+                U64(0x9b979db84156bc0a), U64(0x6eb60222e6a56ab4),
+                U64(0x87ffbbc4b026ec44), U64(0xc703a5275b3b90a6),
+                U64(0x47e699fc9001687f), U64(0x9c8d1aa73a4aa897),
+                U64(0x7cea3760e1ed12dd), U64(0x4ec80ddd1d2554c5),
+                U64(0x13e36b957d4cc588), U64(0x5d2b66486069914d),
+                U64(0x92b90999cc7280b0), U64(0x517cc9c56259deb5),
+                U64(0xc937b619ad03b881), U64(0xec30824ad997f5b2),
+                U64(0xa45d565fc5aa080b), U64(0xd6837201d27f32f1),
+                U64(0x635ef3789e9198ad), U64(0x531f75769651b96a),
+                U64(0x4f77530a6721e924), U64(0x486dd4151c3dfdb9),
+                U64(0x5f48dafb9461f692), U64(0x375b011173dc355a),
+                U64(0x3da9775470f4d3de), U64(0x8d0dcd81b30e0ac0),
+                U64(0x36e45fc609d888bb), U64(0x55baacbe97491016),
+                U64(0x8cb29356c90ab721), U64(0x76184125e2c5f459),
+                U64(0x99f4210bb55edbd5), U64(0x6f095cf59ca1d755),
+                U64(0x9f51f8c3b44672a9), U64(0x3538bda287d45285),
+                U64(0x50c39712185d6354), U64(0xf23b1885dcefc223),
+                U64(0x79930ccc6ef9619f), U64(0xed8fdc9da3934853),
+                U64(0xcb540aaa590bdf5e), U64(0x5c94389f1a6d2cac),
+                U64(0xe77daad8a0bbaed7), U64(0x28efc5090ca0bf2a),
+                U64(0xbf2ff73c4fc64cd8), U64(0xb37858b14df60320),
+                U64(0xf8c96ec0dfc724a7), U64(0x828680683f329f06),
+                U64(0x941cd051cd6a29cc), U64(0xc3c5c05cae2b5e05),
+                U64(0xb601631dc2e27062), U64(0xc01922382027843b),
+                U64(0x24b86a840e90f0d2), U64(0xd245177a276ffc52),
+                U64(0x0f8b4de98c3c95c6), U64(0x3e759530fef809e0),
+                U64(0x0b4d2892792c5b65), U64(0xc4df4743d5374a98),
+                U64(0xa5e20888bfaeb5ea), U64(0xba56cc90c0d23f9a),
+                U64(0x38d04cf8ffe0a09c), U64(0x62e1adafe495254c),
+                U64(0x0263bcb3f40867df), U64(0xcaeb547d230f62bf),
+                U64(0x6082111c109d4293), U64(0xdad4dd8cd04f7d09),
+                U64(0xefec602e579b2f8c), U64(0x1fb4c4187f7c8a70),
+                U64(0xffd3e9dfa4db303a), U64(0x7bf0b07f9af10640),
+                U64(0xf49ec14dddf76b5f), U64(0x8f6e713247066d1f),
+                U64(0x339d646a86ccfbf9), U64(0x64447467e58d8c30),
+                U64(0x2c29a072f9b07189), U64(0xd8b7613f24471ad6),
+                U64(0x6627c8d41185ebef), U64(0xa347d140beb61c96),
+                U64(0xde12b8f7255fb3aa), U64(0x9d324470404e1576),
+                U64(0x9306574eb6763d51), U64(0xa80af9d2c79a47f3),
+                U64(0x859c0777442e8b9b), U64(0x69ac853d9db97e29)
+        }, { /* 6 */
+                U64(0xc3407dfc2de6377e), U64(0x5b9e93eea4256f77),
+                U64(0xadb58fdd50c845e0), U64(0x5219ff11a75bed86),
+                U64(0x356b61cfd90b1de9), U64(0xfb8f406e25abe037),
+                U64(0x7a5a0231c0f60796), U64(0x9d3cd216e1f5020b),
+                U64(0x0c6550fb6b48d8f3), U64(0xf57508c427ff1c62),
+                U64(0x4ad35ffa71cb407d), U64(0x6290a2da1666aa6d),
+                U64(0xe284ec2349355f9f), U64(0xb3c307c53d7c84ec),
+                U64(0x05e23c0468365a02), U64(0x190bac4d6c9ebfa8),
+                U64(0x94bbbee9e28b80fa), U64(0xa34fc777529cb9b5),
+                U64(0xcc7b39f095bcd978), U64(0x2426addb0ce532e3),
+                U64(0x7e79329312ce4fc7), U64(0xab09a72eebec2917),
+                U64(0xf8d15499f6b9d6c2), U64(0x1a55b8babf8c895d),
+                U64(0xdb8add17fb769a85), U64(0xb57f2f368658e81b),
+                U64(0x8acd36f18f3f41f6), U64(0x5ce3b7bba50f11d3),
+                U64(0x114dcc14d5ee2f0a), U64(0xb91a7fcded1030e8),
+                U64(0x81d5425fe55de7a1), U64(0xb6213bc1554adeee),
+                U64(0x80144ef95f53f5f2), U64(0x1e7688186db4c10c),
+                U64(0x3b912965db5fe1bc), U64(0xc281715a97e8252d),
+                U64(0x54a5d7e21c7f8171), U64(0x4b12535ccbc5522e),
+                U64(0x1d289cefbea6f7f9), U64(0x6ef5f2217d2e729e),
+                U64(0xe6a7dc819b0d17ce), U64(0x1b94b41c05829b0e),
+                U64(0x33d7493c622f711e), U64(0xdcf7f942fa5ce421),
+                U64(0x600fba8b7f7a8ecb), U64(0x46b60f011a83988e),
+                U64(0x235b898e0dcf4c47), U64(0x957ab24f588592a9),
+                U64(0x4354330572b5c28c), U64(0xa5f3ef84e9b8d542),
+                U64(0x8c711e02341b2d01), U64(0x0b1874ae6a62a657),
+                U64(0x1213d8e306fc19ff), U64(0xfe6d7c6a4d9dba35),
+                U64(0x65ed868f174cd4c9), U64(0x88522ea0e6236550),
+                U64(0x899322065c2d7703), U64(0xc01e690bfef4018b),
+                U64(0x915982ed8abddaf8), U64(0xbe675b98ec3a4e4c),
+                U64(0xa996bf7f82f00db1), U64(0xe1daf8d49a27696a),
+                U64(0x2effd5d3dc8986e7), U64(0xd153a51f2b1a2e81),
+                U64(0x18caa0ebd690adfb), U64(0x390e3134b243c51a),
+                U64(0x2778b92cdff70416), U64(0x029f1851691c24a6),
+                U64(0x5e7cafeacc133575), U64(0xfa4e4cc89fa5f264),
+                U64(0x5a5f9f481e2b7d24), U64(0x484c47ab18d764db),
+                U64(0x400a27f2a1a7f479), U64(0xaeeb9b2a83da7315),
+                U64(0x721c626879869734), U64(0x042330a2d2384851),
+                U64(0x85f672fd3765aff0), U64(0xba446b3a3e02061d),
+                U64(0x73dd6ecec3888567), U64(0xffac70ccf793a866),
+                U64(0xdfa9edb5294ed2d4), U64(0x6c6aea7014325638),
+                U64(0x834a5a0e8c41c307), U64(0xcdba35562fb2cb2b),
+                U64(0x0ad97808d06cb404), U64(0x0f3b440cb85aee06),
+                U64(0xe5f9c876481f213b), U64(0x98deee1289c35809),
+                U64(0x59018bbfcd394bd1), U64(0xe01bf47220297b39),
+                U64(0xde68e1139340c087), U64(0x9fa3ca4788e926ad),
+                U64(0xbb85679c840c144e), U64(0x53d8f3b71d55ffd5),
+                U64(0x0da45c5dd146caa0), U64(0x6f34fe87c72060cd),
+                U64(0x57fbc315cf6db784), U64(0xcee421a1fca0fdde),
+                U64(0x3d2d0196607b8d4b), U64(0x642c8a29ad42c69a),
+                U64(0x14aff010bdd87508), U64(0xac74837beac657b3),
+                U64(0x3216459ad821634d), U64(0x3fb219c70967a9ed),
+                U64(0x06bc28f3bb246cf7), U64(0xf2082c9126d562c6),
+                U64(0x66b39278c45ee23c), U64(0xbd394f6f3f2878b9),
+                U64(0xfd33689d9e8f8cc0), U64(0x37f4799eb017394f),
+                U64(0x108cc0b26fe03d59), U64(0xda4bd1b1417888d6),
+                U64(0xb09d1332ee6eb219), U64(0x2f3ed975668794b4),
+                U64(0x58c0871977375982), U64(0x7561463d78ace990),
+                U64(0x09876cff037e82f1), U64(0x7fb83e35a8c05d94),
+                U64(0x26b9b58a65f91645), U64(0xef20b07e9873953f),
+                U64(0x3148516d0b3355b8), U64(0x41cb2b541ba9e62a),
+                U64(0x790416c613e43163), U64(0xa011d380818e8f40),
+                U64(0x3a5025c36151f3ef), U64(0xd57095bdf92266d0),
+                U64(0x498d4b0da2d97688), U64(0x8b0c3a57353153a5),
+                U64(0x21c491df64d368e1), U64(0x8f2f0af5e7091bf4),
+                U64(0x2da1c1240f9bb012), U64(0xc43d59a92ccc49da),
+                U64(0xbfa6573e56345c1f), U64(0x828b56a8364fd154),
+                U64(0x9a41f643e0df7caf), U64(0xbcf843c985266aea),
+                U64(0x2b1de9d7b4bfdce5), U64(0x20059d79dedd7ab2),
+                U64(0x6dabe6d6ae3c446b), U64(0x45e81bf6c991ae7b),
+                U64(0x6351ae7cac68b83e), U64(0xa432e32253b6c711),
+                U64(0xd092a9b991143cd2), U64(0xcac711032e98b58f),
+                U64(0xd8d4c9e02864ac70), U64(0xc5fc550f96c25b89),
+                U64(0xd7ef8dec903e4276), U64(0x67729ede7e50f06f),
+                U64(0xeac28c7af045cf3d), U64(0xb15c1f945460a04a),
+                U64(0x9cfddeb05bfb1058), U64(0x93c69abce3a1fe5e),
+                U64(0xeb0380dc4a4bdd6e), U64(0xd20db1e8f8081874),
+                U64(0x229a8528b7c15e14), U64(0x44291750739fbc28),
+                U64(0xd3ccbd4e42060a27), U64(0xf62b1c33f4ed2a97),
+                U64(0x86a8660ae4779905), U64(0xd62e814a2a305025),
+                U64(0x477703a7a08d8add), U64(0x7b9b0e977af815c5),
+                U64(0x78c51a60a9ea2330), U64(0xa6adfb733aaae3b7),
+                U64(0x97e5aa1e3199b60f), U64(0x0000000000000000),
+                U64(0xf4b404629df10e31), U64(0x5564db44a6719322),
+                U64(0x9207961a59afec0d), U64(0x9624a6b88b97a45c),
+                U64(0x363575380a192b1c), U64(0x2c60cd82b595a241),
+                U64(0x7d272664c1dc7932), U64(0x7142769faa94a1c1),
+                U64(0xa1d0df263b809d13), U64(0x1630e841d4c451ae),
+                U64(0xc1df65ad44fa13d8), U64(0x13d2d445bcf20bac),
+                U64(0xd915c546926abe23), U64(0x38cf3d92084dd749),
+                U64(0xe766d0272103059d), U64(0xc7634d5effde7f2f),
+                U64(0x077d2455012a7ea4), U64(0xedbfa82ff16fb199),
+                U64(0xaf2a978c39d46146), U64(0x42953fa3c8bbd0df),
+                U64(0xcb061da59496a7dc), U64(0x25e7a17db6eb20b0),
+                U64(0x34aa6d6963050fba), U64(0xa76cf7d580a4f1e4),
+                U64(0xf7ea10954ee338c4), U64(0xfcf2643b24819e93),
+                U64(0xcf252d0746aeef8d), U64(0x4ef06f58a3f3082c),
+                U64(0x563acfb37563a5d7), U64(0x5086e740ce47c920),
+                U64(0x2982f186dda3f843), U64(0x87696aac5e798b56),
+                U64(0x5d22bb1d1f010380), U64(0x035e14f7d31236f5),
+                U64(0x3cec0d30da759f18), U64(0xf3c920379cdb7095),
+                U64(0xb8db736b571e22bb), U64(0xdd36f5e44052f672),
+                U64(0xaac8ab8851e23b44), U64(0xa857b3d938fe1fe2),
+                U64(0x17f1e4e76eca43fd), U64(0xec7ea4894b61a3ca),
+                U64(0x9e62c6e132e734fe), U64(0xd4b1991b432c7483),
+                U64(0x6ad6c283af163acf), U64(0x1ce9904904a8e5aa),
+                U64(0x5fbda34c761d2726), U64(0xf910583f4cb7c491),
+                U64(0xc6a241f845d06d7c), U64(0x4f3163fe19fd1a7f),
+                U64(0xe99c988d2357f9c8), U64(0x8eee06535d0709a7),
+                U64(0x0efa48aa0254fc55), U64(0xb4be23903c56fa48),
+                U64(0x763f52caabbedf65), U64(0xeee1bcd8227d876c),
+                U64(0xe345e085f33b4dcc), U64(0x3e731561b369bbbe),
+                U64(0x2843fd2067adea10), U64(0x2adce5710eb1ceb6),
+                U64(0xb7e03767ef44ccbd), U64(0x8db012a48e153f52),
+                U64(0x61ceb62dc5749c98), U64(0xe85d942b9959eb9b),
+                U64(0x4c6f7709caef2c8a), U64(0x84377e5b8d6bbda3),
+                U64(0x30895dcbb13d47eb), U64(0x74a04a9bc2a2fbc3),
+                U64(0x6b17ce251518289c), U64(0xe438c4d0f2113368),
+                U64(0x1fb784bed7bad35f), U64(0x9b80fae55ad16efc),
+                U64(0x77fe5e6c11b0cd36), U64(0xc858095247849129),
+                U64(0x08466059b97090a2), U64(0x01c10ca6ba0e1253),
+                U64(0x6988d6747c040c3a), U64(0x6849dad2c60a1e69),
+                U64(0x5147ebe67449db73), U64(0xc99905f4fd8a837a),
+                U64(0x991fe2b433cd4a5a), U64(0xf09734c04fc94660),
+                U64(0xa28ecbd1e892abe6), U64(0xf1563866f5c75433),
+                U64(0x4dae7baf70e13ed9), U64(0x7ce62ac27bd26b61),
+                U64(0x70837a39109ab392), U64(0x90988e4b30b3c8ab),
+                U64(0xb2020b63877296bf), U64(0x156efcb607d6675b)
+        }, { /* 7 */
+                U64(0xe63f55ce97c331d0), U64(0x25b506b0015bba16),
+                U64(0xc8706e29e6ad9ba8), U64(0x5b43d3775d521f6a),
+                U64(0x0bfa3d577035106e), U64(0xab95fc172afb0e66),
+                U64(0xf64b63979e7a3276), U64(0xf58b4562649dad4b),
+                U64(0x48f7c3dbae0c83f1), U64(0xff31916642f5c8c5),
+                U64(0xcbb048dc1c4a0495), U64(0x66b8f83cdf622989),
+                U64(0x35c130e908e2b9b0), U64(0x7c761a61f0b34fa1),
+                U64(0x3601161cf205268d), U64(0x9e54ccfe2219b7d6),
+                U64(0x8b7d90a538940837), U64(0x9cd403588ea35d0b),
+                U64(0xbc3c6fea9ccc5b5a), U64(0xe5ff733b6d24aeed),
+                U64(0xceed22de0f7eb8d2), U64(0xec8581cab1ab545e),
+                U64(0xb96105e88ff8e71d), U64(0x8ca03501871a5ead),
+                U64(0x76ccce65d6db2a2f), U64(0x5883f582a7b58057),
+                U64(0x3f7be4ed2e8adc3e), U64(0x0fe7be06355cd9c9),
+                U64(0xee054e6c1d11be83), U64(0x1074365909b903a6),
+                U64(0x5dde9f80b4813c10), U64(0x4a770c7d02b6692c),
+                U64(0x5379c8d5d7809039), U64(0xb4067448161ed409),
+                U64(0x5f5e5026183bd6cd), U64(0xe898029bf4c29df9),
+                U64(0x7fb63c940a54d09c), U64(0xc5171f897f4ba8bc),
+                U64(0xa6f28db7b31d3d72), U64(0x2e4f3be7716eaa78),
+                U64(0x0d6771a099e63314), U64(0x82076254e41bf284),
+                U64(0x2f0fd2b42733df98), U64(0x5c9e76d3e2dc49f0),
+                U64(0x7aeb569619606cdb), U64(0x83478b07b2468764),
+                U64(0xcfadcb8d5923cd32), U64(0x85dac7f05b95a41e),
+                U64(0xb5469d1b4043a1e9), U64(0xb821ecbbd9a592fd),
+                U64(0x1b8e0b0e798c13c8), U64(0x62a57b6d9a0be02e),
+                U64(0xfcf1b793b81257f8), U64(0x9d94ea0bd8fe28eb),
+                U64(0x4cea408aeb654a56), U64(0x23284a47e888996c),
+                U64(0x2d8f1d128b893545), U64(0xf4cbac3132c0d8ab),
+                U64(0xbd7c86b9ca912eba), U64(0x3a268eef3dbe6079),
+                U64(0xf0d62f6077a9110c), U64(0x2735c916ade150cb),
+                U64(0x89fd5f03942ee2ea), U64(0x1acee25d2fd16628),
+                U64(0x90f39bab41181bff), U64(0x430dfe8cde39939f),
+                U64(0xf70b8ac4c8274796), U64(0x1c53aeaac6024552),
+                U64(0x13b410acf35e9c9b), U64(0xa532ab4249faa24f),
+                U64(0x2b1251e5625a163f), U64(0xd7e3e676da4841c7),
+                U64(0xa7b264e4e5404892), U64(0xda8497d643ae72d3),
+                U64(0x861ae105a1723b23), U64(0x38a6414991048aa4),
+                U64(0x6578dec92585b6b4), U64(0x0280cfa6acbaeadd),
+                U64(0x88bdb650c273970a), U64(0x9333bd5ebbff84c2),
+                U64(0x4e6a8f2c47dfa08b), U64(0x321c954db76cef2a),
+                U64(0x418d312a72837942), U64(0xb29b38bfffcdf773),
+                U64(0x6c022c38f90a4c07), U64(0x5a033a240b0f6a8a),
+                U64(0x1f93885f3ce5da6f), U64(0xc38a537e96988bc6),
+                U64(0x39e6a81ac759ff44), U64(0x29929e43cee0fce2),
+                U64(0x40cdd87924de0ca2), U64(0xe9d8ebc8a29fe819),
+                U64(0x0c2798f3cfbb46f4), U64(0x55e484223e53b343),
+                U64(0x4650948ecd0d2fd8), U64(0x20e86cb2126f0651),
+                U64(0x6d42c56baf5739e7), U64(0xa06fc1405ace1e08),
+                U64(0x7babbfc54f3d193b), U64(0x424d17df8864e67f),
+                U64(0xd8045870ef14980e), U64(0xc6d7397c85ac3781),
+                U64(0x21a885e1443273b1), U64(0x67f8116f893f5c69),
+                U64(0x24f5efe35706cff6), U64(0xd56329d076f2ab1a),
+                U64(0x5e1eb9754e66a32d), U64(0x28d2771098bd8902),
+                U64(0x8f6013f47dfdc190), U64(0x17a993fdb637553c),
+                U64(0xe0a219397e1012aa), U64(0x786b9930b5da8606),
+                U64(0x6e82e39e55b0a6da), U64(0x875a0856f72f4ec3),
+                U64(0x3741ff4fa458536d), U64(0xac4859b3957558fc),
+                U64(0x7ef6d5c75c09a57c), U64(0xc04a758b6c7f14fb),
+                U64(0xf9acdd91ab26ebbf), U64(0x7391a467c5ef9668),
+                U64(0x335c7c1ee1319aca), U64(0xa91533b18641e4bb),
+                U64(0xe4bf9a683b79db0d), U64(0x8e20faa72ba0b470),
+                U64(0x51f907737b3a7ae4), U64(0x2268a314bed5ec8c),
+                U64(0xd944b123b949edee), U64(0x31dcb3b84d8b7017),
+                U64(0xd3fe65279f218860), U64(0x097af2f1dc8ffab3),
+                U64(0x9b09a6fc312d0b91), U64(0xcc6ded78a3c4520f),
+                U64(0x3481d9ba5ebfcc50), U64(0x4f2a667f1182d56b),
+                U64(0xdfd9fdd4509ace94), U64(0x26752045fbbc252b),
+                U64(0xbffc491f662bc467), U64(0xdd593272fc202449),
+                U64(0x3cbbc218d46d4303), U64(0x91b372f817456e1f),
+                U64(0x681faf69bc6385a0), U64(0xb686bbeebaa43ed4),
+                U64(0x1469b5084cd0ca01), U64(0x98c98009cbca94ac),
+                U64(0x6438379a73d8c354), U64(0xc2caba2dc0c5fe26),
+                U64(0x3e3b0dbe78d7a9de), U64(0x50b9ee202d670f04),
+                U64(0x4590b27b37eab0e5), U64(0x6025b4cb36b10af3),
+                U64(0xfb2c1237079c0162), U64(0xa12f28130c936be8),
+                U64(0x4b37e52e54eb1ccc), U64(0x083a1ba28ad28f53),
+                U64(0xc10a9cd83a22611b), U64(0x9f1425ad7444c236),
+                U64(0x069d4cf7e9d3237a), U64(0xedc56899e7f621be),
+                U64(0x778c273680865fcf), U64(0x309c5aeb1bd605f7),
+                U64(0x8de0dc52d1472b4d), U64(0xf8ec34c2fd7b9e5f),
+                U64(0xea18cd3d58787724), U64(0xaad515447ca67b86),
+                U64(0x9989695a9d97e14c), U64(0x0000000000000000),
+                U64(0xf196c63321f464ec), U64(0x71116bc169557cb5),
+                U64(0xaf887f466f92c7c1), U64(0x972e3e0ffe964d65),
+                U64(0x190ec4a8d536f915), U64(0x95aef1a9522ca7b8),
+                U64(0xdc19db21aa7d51a9), U64(0x94ee18fa0471d258),
+                U64(0x8087adf248a11859), U64(0xc457f6da2916dd5c),
+                U64(0xfa6cfb6451c17482), U64(0xf256e0c6db13fbd1),
+                U64(0x6a9f60cf10d96f7d), U64(0x4daaa9d9bd383fb6),
+                U64(0x03c026f5fae79f3d), U64(0xde99148706c7bb74),
+                U64(0x2a52b8b6340763df), U64(0x6fc20acd03edd33a),
+                U64(0xd423c08320afdefa), U64(0xbbe1ca4e23420dc0),
+                U64(0x966ed75ca8cb3885), U64(0xeb58246e0e2502c4),
+                U64(0x055d6a021334bc47), U64(0xa47242111fa7d7af),
+                U64(0xe3623fcc84f78d97), U64(0x81c744a11efc6db9),
+                U64(0xaec8961539cfb221), U64(0xf31609958d4e8e31),
+                U64(0x63e5923ecc5695ce), U64(0x47107ddd9b505a38),
+                U64(0xa3afe7b5a0298135), U64(0x792b7063e387f3e6),
+                U64(0x0140e953565d75e0), U64(0x12f4f9ffa503e97b),
+                U64(0x750ce8902c3cb512), U64(0xdbc47e8515f30733),
+                U64(0x1ed3610c6ab8af8f), U64(0x5239218681dde5d9),
+                U64(0xe222d69fd2aaf877), U64(0xfe71783514a8bd25),
+                U64(0xcaf0a18f4a177175), U64(0x61655d9860ec7f13),
+                U64(0xe77fbc9dc19e4430), U64(0x2ccff441ddd440a5),
+                U64(0x16e97aaee06a20dc), U64(0xa855dae2d01c915b),
+                U64(0x1d1347f9905f30b2), U64(0xb7c652bdecf94b34),
+                U64(0xd03e43d265c6175d), U64(0xfdb15ec0ee4f2218),
+                U64(0x57644b8492e9599e), U64(0x07dda5a4bf8e569a),
+                U64(0x54a46d71680ec6a3), U64(0x5624a2d7c4b42c7e),
+                U64(0xbebca04c3076b187), U64(0x7d36f332a6ee3a41),
+                U64(0x3b6667bc6be31599), U64(0x695f463aea3ef040),
+                U64(0xad08b0e0c3282d1c), U64(0xb15b1e4a052a684e),
+                U64(0x44d05b2861b7c505), U64(0x15295c5b1a8dbfe1),
+                U64(0x744c01c37a61c0f2), U64(0x59c31cd1f1e8f5b7),
+                U64(0xef45a73f4b4ccb63), U64(0x6bdf899c46841a9d),
+                U64(0x3dfb2b4b823036e3), U64(0xa2ef0ee6f674f4d5),
+                U64(0x184e2dfb836b8cf5), U64(0x1134df0a5fe47646),
+                U64(0xbaa1231d751f7820), U64(0xd17eaa81339b62bd),
+                U64(0xb01bf71953771dae), U64(0x849a2ea30dc8d1fe),
+                U64(0x705182923f080955), U64(0x0ea757556301ac29),
+                U64(0x041d83514569c9a7), U64(0x0abad4042668658e),
+                U64(0x49b72a88f851f611), U64(0x8a3d79f66ec97dd7),
+                U64(0xcd2d042bf59927ef), U64(0xc930877ab0f0ee48),
+                U64(0x9273540deda2f122), U64(0xc797d02fd3f14261),
+                U64(0xe1e2f06a284d674a), U64(0xd2be8c74c97cfd80),
+                U64(0x9a494faf67707e71), U64(0xb3dbd1eca9908293),
+                U64(0x72d14d3493b2e388), U64(0xd6a30f258c153427)
+        },
+};
+static const STREEBOG_LONG64 C16[12][8] =
+{
+        {
+                U64(0xdd806559f2a64507), U64(0x05767436cc744d23),
+                U64(0xa2422a08a460d315), U64(0x4b7ce09192676901),
+                U64(0x714eb88d7585c4fc), U64(0x2f6a76432e45d016),
+                U64(0xebcb2f81c0657c1f), U64(0xb1085bda1ecadae9)
+        }, {
+                U64(0xe679047021b19bb7), U64(0x55dda21bd7cbcd56),
+                U64(0x5cb561c2db0aa7ca), U64(0x9ab5176b12d69958),
+                U64(0x61d55e0f16b50131), U64(0xf3feea720a232b98),
+                U64(0x4fe39d460f70b5d7), U64(0x6fa3b58aa99d2f1a)
+        }, {
+                U64(0x991e96f50aba0ab2), U64(0xc2b6f443867adb31),
+                U64(0xc1c93a376062db09), U64(0xd3e20fe490359eb1),
+                U64(0xf2ea7514b1297b7b), U64(0x06f15e5f529c1f8b),
+                U64(0x0a39fc286a3d8435), U64(0xf574dcac2bce2fc7)
+        }, {
+                U64(0x220cbebc84e3d12e), U64(0x3453eaa193e837f1),
+                U64(0xd8b71333935203be), U64(0xa9d72c82ed03d675),
+                U64(0x9d721cad685e353f), U64(0x488e857e335c3c7d),
+                U64(0xf948e1a05d71e4dd), U64(0xef1fdfb3e81566d2)
+        }, {
+                U64(0x601758fd7c6cfe57), U64(0x7a56a27ea9ea63f5),
+                U64(0xdfff00b723271a16), U64(0xbfcd1747253af5a3),
+                U64(0x359e35d7800fffbd), U64(0x7f151c1f1686104a),
+                U64(0x9a3f410c6ca92363), U64(0x4bea6bacad474799)
+        }, {
+                U64(0xfa68407a46647d6e), U64(0xbf71c57236904f35),
+                U64(0x0af21f66c2bec6b6), U64(0xcffaa6b71c9ab7b4),
+                U64(0x187f9ab49af08ec6), U64(0x2d66c4f95142a46c),
+                U64(0x6fa4c33b7a3039c0), U64(0xae4faeae1d3ad3d9)
+        }, {
+                U64(0x8886564d3a14d493), U64(0x3517454ca23c4af3),
+                U64(0x06476983284a0504), U64(0x0992abc52d822c37),
+                U64(0xd3473e33197a93c9), U64(0x399ec6c7e6bf87c9),
+                U64(0x51ac86febf240954), U64(0xf4c70e16eeaac5ec)
+        }, {
+                U64(0xa47f0dd4bf02e71e), U64(0x36acc2355951a8d9),
+                U64(0x69d18d2bd1a5c42f), U64(0xf4892bcb929b0690),
+                U64(0x89b4443b4ddbc49a), U64(0x4eb7f8719c36de1e),
+                U64(0x03e7aa020c6e4141), U64(0x9b1f5b424d93c9a7)
+        }, {
+                U64(0x7261445183235adb), U64(0x0e38dc92cb1f2a60),
+                U64(0x7b2b8a9aa6079c54), U64(0x800a440bdbb2ceb1),
+                U64(0x3cd955b7e00d0984), U64(0x3a7d3a1b25894224),
+                U64(0x944c9ad8ec165fde), U64(0x378f5a541631229b)
+        }, {
+                U64(0x74b4c7fb98459ced), U64(0x3698fad1153bb6c3),
+                U64(0x7a1e6c303b7652f4), U64(0x9fe76702af69334b),
+                U64(0x1fffe18a1b336103), U64(0x8941e71cff8a78db),
+                U64(0x382ae548b2e4f3f3), U64(0xabbedea680056f52)
+        }, {
+                U64(0x6bcaa4cd81f32d1b), U64(0xdea2594ac06fd85d),
+                U64(0xefbacd1d7d476e98), U64(0x8a1d71efea48b9ca),
+                U64(0x2001802114846679), U64(0xd8fa6bbbebab0761),
+                U64(0x3002c6cd635afe94), U64(0x7bcd9ed0efc889fb)
+        }, {
+                U64(0x48bc924af11bd720), U64(0xfaf417d5d9b21b99),
+                U64(0xe71da4aa88e12852), U64(0x5d80ef9d1891cc86),
+                U64(0xf82012d430219f9b), U64(0xcda43c32bcdf1d77),
+                U64(0xd21380b00449b17a), U64(0x378ee767f11631ba)
+        },
+};
+#define B(x,i,j)        (((STREEBOG_LONG64)(*(((const unsigned char *)(&x))+i)))<<(j*8))
+#define PULL64(x) (B(x,0,0)|B(x,1,1)|B(x,2,2)|B(x,3,3)|B(x,4,4)|B(x,5,5)|B(x,6,6)|B(x,7,7))
+#define SWAB64(x) (B(x,0,7)|B(x,1,6)|B(x,2,5)|B(x,3,4)|B(x,4,3)|B(x,5,2)|B(x,6,1)|B(x,7,0))
+static inline STREEBOG_LONG64 multipermute(const STREEBOG_LONG64 *in, int i) {
+        STREEBOG_LONG64 t = 0;
+        t ^= A_PI_table[0][(in[0] >> (i * 8)) & 0xff];
+        t ^= A_PI_table[1][(in[1] >> (i * 8)) & 0xff];
+        t ^= A_PI_table[2][(in[2] >> (i * 8)) & 0xff];
+        t ^= A_PI_table[3][(in[3] >> (i * 8)) & 0xff];
+        t ^= A_PI_table[4][(in[4] >> (i * 8)) & 0xff];
+        t ^= A_PI_table[5][(in[5] >> (i * 8)) & 0xff];
+        t ^= A_PI_table[6][(in[6] >> (i * 8)) & 0xff];
+        t ^= A_PI_table[7][(in[7] >> (i * 8)) & 0xff];
+        return t;
+}
+static void transform(STREEBOG_LONG64 *out, const STREEBOG_LONG64 *a, const STREEBOG_LONG64 *b)
+{
+  STREEBOG_LONG64 tmp[8];
+  tmp[0] = a[0] ^ b[0];
+  tmp[1] = a[1] ^ b[1];
+  tmp[2] = a[2] ^ b[2];
+  tmp[3] = a[3] ^ b[3];
+  tmp[4] = a[4] ^ b[4];
+  tmp[5] = a[5] ^ b[5];
+  tmp[6] = a[6] ^ b[6];
+  tmp[7] = a[7] ^ b[7];
+  out[0] = multipermute(tmp, 0);
+  out[1] = multipermute(tmp, 1);
+  out[2] = multipermute(tmp, 2);
+  out[3] = multipermute(tmp, 3);
+  out[4] = multipermute(tmp, 4);
+  out[5] = multipermute(tmp, 5);
+  out[6] = multipermute(tmp, 6);
+  out[7] = multipermute(tmp, 7);
+}
+static inline void gN(STREEBOG_LONG64 *h, STREEBOG_LONG64 *m, STREEBOG_LONG64 *N)
+{
+        STREEBOG_LONG64 K[8];
+        STREEBOG_LONG64 T[8];
+        int i;
+        transform(K, h, N);
+        transform(T, K, m);
+        transform(K, K, C16[0]);
+        for (i = 1; i < 12; i++) {
+                transform(T, K, T);
+                transform(K, K, C16[i]);
+        }
+        h[0] ^= T[0] ^ K[0] ^ m[0];
+        h[1] ^= T[1] ^ K[1] ^ m[1];
+        h[2] ^= T[2] ^ K[2] ^ m[2];
+        h[3] ^= T[3] ^ K[3] ^ m[3];
+        h[4] ^= T[4] ^ K[4] ^ m[4];
+        h[5] ^= T[5] ^ K[5] ^ m[5];
+        h[6] ^= T[6] ^ K[6] ^ m[6];
+        h[7] ^= T[7] ^ K[7] ^ m[7];
+}
+static void streebog_single_block(STREEBOG_CTX * ctx, const unsigned char *in, size_t num)
+{
+        STREEBOG_LONG64 M[8], l;
+        int i;
+        for (i = 0; i < 8; i++)
+                M[i] = PULL64(in[i*8]);
+        gN(ctx->h, M, ctx->N);
+        l = ctx->N[0];
+        ctx->N[0] += num;
+        if (ctx->N[0] < l || ctx->N[0] < num) {
+                for (i = 1; i < 8; i++) {
+                        ctx->N[i]++;
+                        if (ctx->N[i] != 0)
+                                break;
+                }
+        }
+        ctx->Sigma[0] += M[0];
+        for (i = 1; i < 8; i++)
+                if (ctx->Sigma[i-1] < M[i-1])
+                        ctx->Sigma[i] += M[i] + 1;
+                else
+                        ctx->Sigma[i] += M[i];
+}
+static void streebog_block_data_order(STREEBOG_CTX * ctx, const void *in, size_t num)
+{
+        int i;
+        for (i = 0; i < num; i++)
+                streebog_single_block(ctx, in + i * STREEBOG_CBLOCK, 64 * 8);
+}
+int STREEBOG512_Final(unsigned char *md, STREEBOG_CTX * c)
+{
+        int n;
+        unsigned char *p = (unsigned char *)c->data;
+        STREEBOG_LONG64 Z[STREEBOG_LBLOCK] = {};
+        if (c->num == STREEBOG_CBLOCK) {
+                streebog_block_data_order(c, c->data, 1);
+                c->num -= STREEBOG_CBLOCK;
+        }
+        n = c->num;
+        p[n++] = 1;
+        memset(p+n, 0, STREEBOG_CBLOCK - n);
+        streebog_single_block(c, p, c->num * 8);
+        gN(c->h, c->N, Z);
+        gN(c->h, c->Sigma, Z);
+        for (n = 0; n < STREEBOG_LBLOCK; n++)
+                c->h[n] = SWAB64(c->h[n]);
+        if (md == 0)
+                return 0;
+        switch (c->md_len) {
+                /* Let compiler decide if it's appropriate to unroll... */
+        case STREEBOG256_LENGTH:
+                for (n = 0; n < STREEBOG256_LENGTH / 8; n++) {
+                        STREEBOG_LONG64 t = c->h[4+n];
+                        *(md++) = (unsigned char)(t >> 56);
+                        *(md++) = (unsigned char)(t >> 48);
+                        *(md++) = (unsigned char)(t >> 40);
+                        *(md++) = (unsigned char)(t >> 32);
+                        *(md++) = (unsigned char)(t >> 24);
+                        *(md++) = (unsigned char)(t >> 16);
+                        *(md++) = (unsigned char)(t >> 8);
+                        *(md++) = (unsigned char)(t);
+                }
+                break;
+        case STREEBOG512_LENGTH:
+                for (n = 0; n < STREEBOG512_LENGTH / 8; n++) {
+                        STREEBOG_LONG64 t = c->h[n];
+                        *(md++) = (unsigned char)(t >> 56);
+                        *(md++) = (unsigned char)(t >> 48);
+                        *(md++) = (unsigned char)(t >> 40);
+                        *(md++) = (unsigned char)(t >> 32);
+                        *(md++) = (unsigned char)(t >> 24);
+                        *(md++) = (unsigned char)(t >> 16);
+                        *(md++) = (unsigned char)(t >> 8);
+                        *(md++) = (unsigned char)(t);
+                }
+                break;
+                /* ... as well as make sure md_len is not abused. */
+        default:
+                return 0;
+        }
+        return 1;
+}
+int STREEBOG256_Final(unsigned char *md, STREEBOG_CTX * c)
+{
+        return STREEBOG512_Final(md, c);
+}
+int STREEBOG512_Update(STREEBOG_CTX * c, const void *_data, size_t len)
+{
+        unsigned char *p = (unsigned char *)c->data;
+        const unsigned char *data = (const unsigned char *)_data;
+        if (len == 0)
+                return 1;
+        if (c->num != 0) {
+                size_t n = STREEBOG_CBLOCK - c->num;
+                if (len < n) {
+                        memcpy(p + c->num, data, len);
+                        c->num += (unsigned int)len;
+                        return 1;
+                } else {
+                        memcpy(p + c->num, data, n);
+                        c->num = 0;
+                        len -= n;
+                        data += n;
+                        streebog_block_data_order(c, p, 1);
+                }
+        }
+        if (len >= STREEBOG_CBLOCK) {
+                streebog_block_data_order(c, data, len / STREEBOG_CBLOCK);
+                data += len;
+                len %= STREEBOG_CBLOCK;
+                data -= len;
+        }
+        if (len != 0) {
+                memcpy(p, data, len);
+                c->num = (int)len;
+        }
+        return 1;
+}
+int STREEBOG256_Update(STREEBOG_CTX * c, const void *data, size_t len)
+{
+        return STREEBOG512_Update(c, data, len);
+}
+void STREEBOG512_Transform(STREEBOG_CTX * c, const unsigned char *data)
+{
+        streebog_block_data_order(c, data, 1);
+}
+int STREEBOG256_Init(STREEBOG_CTX * c)
+{
+        memset(c, 0, sizeof(*c));
+        memset(c->h, 1, sizeof(c->h));
+        c->md_len = STREEBOG256_LENGTH;
+        return 1;
+}
+int STREEBOG512_Init(STREEBOG_CTX * c)
+{
+        memset(c, 0, sizeof(*c));
+        memset(c->h, 0, sizeof(c->h));
+        c->num = 0;
+        c->md_len = STREEBOG512_LENGTH;
+        return 1;
+}
+unsigned char *STREEBOG256(const unsigned char *d, size_t n, unsigned char *md)
+{
+        STREEBOG_CTX c;
+        static unsigned char m[STREEBOG256_LENGTH];
+        if (md == NULL)
+                md = m;
+        STREEBOG256_Init(&c);
+        STREEBOG256_Update(&c, d, n);
+        STREEBOG256_Final(md, &c);
+        OPENSSL_cleanse(&c, sizeof(c));
+        return (md);
+}
+unsigned char *STREEBOG512(const unsigned char *d, size_t n, unsigned char *md)
+{
+        STREEBOG_CTX c;
+        static unsigned char m[STREEBOG512_LENGTH];
+        if (md == NULL)
+                md = m;
+        STREEBOG512_Init(&c);
+        STREEBOG512_Update(&c, d, n);
+        STREEBOG512_Final(md, &c);
+        OPENSSL_cleanse(&c, sizeof(c));
+        return (md);
+}
+#endif
diff --git a/src/lib/libssl/src/crypto/objects/obj_mac.num b/src/lib/libssl/src/crypto/objects/obj_mac.num
index bcdda5163e..d3a658e59c 100644
--- a/src/lib/libssl/src/crypto/objects/obj_mac.num
+++ b/src/lib/libssl/src/crypto/objects/obj_mac.num
@@ -935,3 +935,15 @@ brainpoolP512r1		934
 brainpoolP512t1         935
 FRP256v1                936
 chacha20                937
+gost89_ecb              938
+gost89_cbc              939
+tc26            940
+id_tc26_gost3411_2012_256               941
+id_tc26_gost3411_2012_512               942
+id_tc26_gost_3410_2012_512_paramSetA            943
+id_tc26_gost_3410_2012_512_paramSetB            944
+id_tc26_gost_28147_param_Z              945
+id_tc26_gost3410_2012_256               946
+id_tc26_gost3410_2012_512               947
+id_tc26_signwithdigest_gost3410_2012_256                948
+id_tc26_signwithdigest_gost3410_2012_512                949
diff --git a/src/lib/libssl/src/crypto/objects/obj_xref.h b/src/lib/libssl/src/crypto/objects/obj_xref.h
index fec28d1127..4499456694 100644
--- a/src/lib/libssl/src/crypto/objects/obj_xref.h
+++ b/src/lib/libssl/src/crypto/objects/obj_xref.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: obj_xref.h,v 1.2 2014/06/12 15:49:30 deraadt Exp $ */
+/* $OpenBSD: obj_xref.h,v 1.3 2014/11/09 19:17:13 miod Exp $ */
 /* AUTOGENERATED BY objxref.pl, DO NOT EDIT */
 typedef struct
@@ -40,6 +40,8 @@ static const nid_triple sigoid_srt[] =
        {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, NID_id_GostR3410_94_cc},
        {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, NID_id_GostR3410_2001_cc},
        {NID_rsassaPss, NID_undef, NID_rsaEncryption},
+        {NID_id_tc26_signwithdigest_gost3410_2012_256, NID_id_tc26_gost3411_2012_256, NID_id_GostR3410_2001},
+        {NID_id_tc26_signwithdigest_gost3410_2012_512, NID_id_tc26_gost3411_2012_512, NID_id_GostR3410_2001},
        };
 static const nid_triple * const sigoid_srt_xref[] =
@@ -74,5 +76,7 @@ static const nid_triple * const sigoid_srt_xref[] =
        &sigoid_srt[26],
        &sigoid_srt[27],
        &sigoid_srt[28],
+        &sigoid_srt[30],
+        &sigoid_srt[31],
        };
diff --git a/src/lib/libssl/src/crypto/objects/obj_xref.txt b/src/lib/libssl/src/crypto/objects/obj_xref.txt
index cb917182ee..dde52d8143 100644
--- a/src/lib/libssl/src/crypto/objects/obj_xref.txt
+++ b/src/lib/libssl/src/crypto/objects/obj_xref.txt
@@ -44,3 +44,5 @@ id_GostR3411_94_with_GostR3410_2001	id_GostR3411_94 id_GostR3410_2001
 id_GostR3411_94_with_GostR3410_94       id_GostR3411_94 id_GostR3410_94
 id_GostR3411_94_with_GostR3410_94_cc    id_GostR3411_94 id_GostR3410_94_cc
 id_GostR3411_94_with_GostR3410_2001_cc  id_GostR3411_94 id_GostR3410_2001_cc
+id_tc26_signwithdigest_gost3410_2012_256        id_tc26_gost3411_2012_256 id_tc26_gost3410_2012_256
+id_tc26_signwithdigest_gost3410_2012_512        id_tc26_gost3411_2012_512 id_tc26_gost3410_2012_512
diff --git a/src/lib/libssl/src/crypto/objects/objects.txt b/src/lib/libssl/src/crypto/objects/objects.txt
index bb44aa77a3..1ce73cc984 100644
--- a/src/lib/libssl/src/crypto/objects/objects.txt
+++ b/src/lib/libssl/src/crypto/objects/objects.txt
@@ -1313,3 +1313,18 @@ brainpool 1 14 : brainpoolP512t1
 # ChaCha Stream Cipher
 !Cname chacha20
                        : ChaCha                : chacha
+                        : gost89-ecb
+                        : gost89-cbc
+member-body 643 7 1     : tc26
+!Cname id-tc26-gost3411-2012-256
+tc26 1 2 2              : streebog256 : GOST R 34.11-2012 (256 bit)
+!Cname id-tc26-gost3411-2012-512
+tc26 1 2 3              : streebog512 : GOST R 34-11-2012 (512 bit)
+tc26 2 1 2 1            : id-tc26-gost-3410-2012-512-paramSetA
+tc26 2 1 2 2            : id-tc26-gost-3410-2012-512-paramSetB
+tc26 2 5 1 1            : id-tc26-gost-28147-param-Z
+tc26 1 1 1              : id-tc26-gost3410-2012-256 : GOST R 34.10-2012 (256 bit)
+tc26 1 1 2              : id-tc26-gost3410-2012-512 : GOST R 34.10-2012 (512 bit)
+tc26 1 3 2              : id-tc26-signwithdigest-gost3410-2012-256 : GOST R 34.11-2012 with GOST R 34.10-2012 (256 bit)
+tc26 1 3 3              : id-tc26-signwithdigest-gost3410-2012-512 : GOST R 34.11-2012 with GOST R 34.10-2012 (512 bit)
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
index b76e2b1915..576866f5c2 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_smime.c,v 1.18 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: pk7_smime.c,v 1.19 2014/11/09 19:17:13 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -192,6 +192,8 @@ PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey,
                        }
                        if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) ||
                            !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) ||
+                            !add_digest_smcap(smcap, NID_id_tc26_gost3411_2012_256, -1) ||
+                            !add_digest_smcap(smcap, NID_id_tc26_gost3411_2012_512, -1) ||
                            !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) ||
                            !add_cipher_smcap(smcap, NID_aes_192_cbc, -1) ||
                            !add_cipher_smcap(smcap, NID_aes_128_cbc, -1) ||
author	miod <>	2014-11-09 19:17:13 +0000
committer	miod <>	2014-11-09 19:17:13 +0000
commit	12455d6eff265f95b0a7e20595630321799f50a2 (patch)
tree	8f4747a1df4b007feca32e262b38052339c686c1 /src/lib
parent	a3c50c7d270773c83559454fd2b75ec6e04f43ab (diff)
download	openbsd-12455d6eff265f95b0a7e20595630321799f50a2.tar.gz openbsd-12455d6eff265f95b0a7e20595630321799f50a2.tar.bz2 openbsd-12455d6eff265f95b0a7e20595630321799f50a2.zip