8 files changed, 594 insertions, 5 deletions

diff --git a/src/lib/libcrypto/evp/c_allc.c b/src/lib/libcrypto/evp/c_allc.c
index 657e14f86f..26a5cc6179 100644
--- a/src/lib/libcrypto/evp/c_allc.c
+++ b/src/lib/libcrypto/evp/c_allc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: c_allc.c,v 1.13 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: c_allc.c,v 1.14 2014/11/09 19:17:13 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -225,4 +225,10 @@ OpenSSL_add_all_ciphers(void)
 #ifndef OPENSSL_NO_CHACHA
         EVP_add_cipher(EVP_chacha20());
 #endif
+
+#ifndef OPENSSL_NO_GOST
+        EVP_add_cipher(EVP_gost2814789_ecb());
+        EVP_add_cipher(EVP_gost2814789_cfb64());
+        EVP_add_cipher(EVP_gost2814789_cnt());
+#endif
 }
diff --git a/src/lib/libcrypto/evp/c_alld.c b/src/lib/libcrypto/evp/c_alld.c
index 8f59100caa..99da8acdae 100644
--- a/src/lib/libcrypto/evp/c_alld.c
+++ b/src/lib/libcrypto/evp/c_alld.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: c_alld.c,v 1.11 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: c_alld.c,v 1.12 2014/11/09 19:17:13 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -95,6 +95,12 @@ OpenSSL_add_all_digests(void)
         EVP_add_digest(EVP_ecdsa());
 #endif
 #endif
+#ifndef OPENSSL_NO_GOST
+        EVP_add_digest(EVP_gostr341194());
+        EVP_add_digest(EVP_gost2814789imit());
+        EVP_add_digest(EVP_streebog256());
+        EVP_add_digest(EVP_streebog512());
+#endif
 #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
         EVP_add_digest(EVP_mdc2());
 #endif
diff --git a/src/lib/libcrypto/evp/e_gost2814789.c b/src/lib/libcrypto/evp/e_gost2814789.c
new file mode 100644
index 0000000000..678c7af09d
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_gost2814789.c
@@ -0,0 +1,216 @@
+/* $OpenBSD: e_gost2814789.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_GOST
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/gost.h>
+#include "evp_locl.h"
+
+typedef struct {
+        GOST2814789_KEY ks;
+        int param_nid;
+} EVP_GOST2814789_CTX;
+
+static int gost2814789_ctl(EVP_CIPHER_CTX *ctx,int type,int arg,void *ptr)
+{
+        EVP_GOST2814789_CTX *c = ctx->cipher_data;
+
+        switch (type) {
+        case EVP_CTRL_PBE_PRF_NID:
+                if (ptr) {
+                        *((int *)ptr) = NID_id_HMACGostR3411_94;
+                        return 1;
+                } else {
+                        return 0;
+                }
+        case EVP_CTRL_INIT:
+                /* Default value to have any s-box set at all */
+                c->param_nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
+                return Gost2814789_set_sbox(&c->ks, c->param_nid);
+        case EVP_CTRL_GOST_SET_SBOX:
+                return Gost2814789_set_sbox(&c->ks, arg);
+        default:
+                return -1;
+        }
+}
+
+static int gost2814789_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+        const unsigned char *iv, int enc)
+{
+        EVP_GOST2814789_CTX *c = ctx->cipher_data;
+
+        return Gost2814789_set_key(&c->ks, key, ctx->key_len * 8);
+}
+
+int gost2814789_set_asn1_params(EVP_CIPHER_CTX * ctx, ASN1_TYPE * params)
+{
+        int len = 0;
+        unsigned char *buf = NULL;
+        unsigned char *p = NULL;
+        EVP_GOST2814789_CTX *c = ctx->cipher_data;
+        GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new();
+        ASN1_OCTET_STRING *os = NULL;
+        if (!gcp) {
+                GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        if (!ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len)) {
+                GOST_CIPHER_PARAMS_free(gcp);
+                GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_ASN1_LIB);
+                return 0;
+        }
+        ASN1_OBJECT_free(gcp->enc_param_set);
+        gcp->enc_param_set = OBJ_nid2obj(c->param_nid);
+
+        len = i2d_GOST_CIPHER_PARAMS(gcp, NULL);
+        p = buf = malloc(len);
+        if (!buf) {
+                GOST_CIPHER_PARAMS_free(gcp);
+                GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        i2d_GOST_CIPHER_PARAMS(gcp, &p);
+        GOST_CIPHER_PARAMS_free(gcp);
+
+        os = ASN1_OCTET_STRING_new();
+
+        if (!os || !ASN1_OCTET_STRING_set(os, buf, len)) {
+                free(buf);
+                GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_ASN1_LIB);
+                return 0;
+        }
+        free(buf);
+
+        ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
+        return 1;
+}
+
+int gost2814789_get_asn1_params(EVP_CIPHER_CTX * ctx, ASN1_TYPE * params)
+{
+        int ret = -1;
+        int len;
+        GOST_CIPHER_PARAMS *gcp = NULL;
+        EVP_GOST2814789_CTX *c = ctx->cipher_data;
+        unsigned char *p;
+
+        if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE) {
+                return ret;
+        }
+
+        p = params->value.sequence->data;
+
+        gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p,
+                                     params->value.sequence->length);
+
+        len = gcp->iv->length;
+        if (len != ctx->cipher->iv_len) {
+                GOST_CIPHER_PARAMS_free(gcp);
+                GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS,
+                        GOST_R_INVALID_IV_LENGTH);
+                return -1;
+        }
+
+        if (!Gost2814789_set_sbox(&c->ks, OBJ_obj2nid(gcp->enc_param_set))) {
+                GOST_CIPHER_PARAMS_free(gcp);
+                return -1;
+        }
+        c->param_nid = OBJ_obj2nid(gcp->enc_param_set);
+
+        memcpy(ctx->oiv, gcp->iv->data, len);
+        memcpy(ctx->iv, gcp->iv->data, len);
+
+        GOST_CIPHER_PARAMS_free(gcp);
+
+        return 1;
+}
+
+BLOCK_CIPHER_func_ecb(gost2814789, Gost2814789, EVP_GOST2814789_CTX, ks)
+BLOCK_CIPHER_func_cfb(gost2814789, Gost2814789, 64, EVP_GOST2814789_CTX, ks)
+
+static int gost2814789_cnt_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
+                                  const unsigned char *in, size_t inl)
+{
+        EVP_GOST2814789_CTX *c = ctx->cipher_data;
+
+        while (inl >= EVP_MAXCHUNK) {
+                Gost2814789_cnt_encrypt(in, out, (long)EVP_MAXCHUNK, &c->ks,
+                                        ctx->iv, ctx->buf, &ctx->num);
+                inl -= EVP_MAXCHUNK;
+                in += EVP_MAXCHUNK;
+                out += EVP_MAXCHUNK;
+        }
+
+        if (inl)
+                Gost2814789_cnt_encrypt(in, out, inl, &c->ks,
+                                        ctx->iv, ctx->buf, &ctx->num);
+        return 1;
+}
+
+/* gost89 is CFB-64 */
+#define NID_gost89_cfb64 NID_id_Gost28147_89
+
+BLOCK_CIPHER_def_ecb(gost2814789, EVP_GOST2814789_CTX, NID_gost89, 8, 32,
+                     EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT,
+                     gost2814789_init_key, NULL, gost2814789_set_asn1_params,
+                     gost2814789_get_asn1_params, gost2814789_ctl)
+BLOCK_CIPHER_def_cfb(gost2814789, EVP_GOST2814789_CTX, NID_gost89, 32, 8, 64,
+                     EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT,
+                     gost2814789_init_key, NULL, gost2814789_set_asn1_params,
+                     gost2814789_get_asn1_params, gost2814789_ctl)
+BLOCK_CIPHER_def1(gost2814789, cnt, cnt, OFB, EVP_GOST2814789_CTX, NID_gost89,
+                  1, 32, 8, EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT,
+                  gost2814789_init_key, NULL, gost2814789_set_asn1_params,
+                  gost2814789_get_asn1_params, gost2814789_ctl)
+#endif
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 9de7c3f9ef..6c1bf6c7cd 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.39 2014/07/11 15:28:27 tedu Exp $ */
+/* $OpenBSD: evp.h,v 1.40 2014/11/09 19:17:13 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -107,8 +107,12 @@
 #define EVP_PKEY_DSA4   NID_dsaWithSHA1_2
 #define EVP_PKEY_DH     NID_dhKeyAgreement
 #define EVP_PKEY_EC     NID_X9_62_id_ecPublicKey
+#define EVP_PKEY_GOSTR01 NID_id_GostR3410_2001
+#define EVP_PKEY_GOSTIMIT NID_id_Gost28147_89_MAC
 #define EVP_PKEY_HMAC   NID_hmac
 #define EVP_PKEY_CMAC   NID_cmac
+#define EVP_PKEY_GOSTR12_256 NID_id_tc26_gost3410_2012_256
+#define EVP_PKEY_GOSTR12_512 NID_id_tc26_gost3410_2012_512
 
 #ifdef  __cplusplus
 extern "C" {
@@ -137,6 +141,9 @@ struct evp_pkey_st {
 #ifndef OPENSSL_NO_EC
                 struct ec_key_st *ec;   /* ECC */
 #endif
+#ifndef OPENSSL_NO_GOST
+                struct gost_key_st *gost; /* GOST */
+#endif
         } pkey;
         int save_parameters;
         STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
@@ -213,6 +220,8 @@ typedef int evp_verify_method(int type, const unsigned char *m,
 
 #define EVP_MD_CTRL_DIGALGID                    0x1
 #define EVP_MD_CTRL_MICALG                      0x2
+#define EVP_MD_CTRL_SET_KEY                     0x3
+#define EVP_MD_CTRL_GOST_SET_SBOX               0x4
 
 /* Minimum Algorithm specific ctrl value */
 
@@ -381,6 +390,8 @@ struct evp_cipher_st {
 #define         EVP_CTRL_AEAD_SET_MAC_KEY       0x17
 /* Set the GCM invocation field, decrypt only */
 #define         EVP_CTRL_GCM_SET_IV_INV         0x18
+/* Set the S-BOX NID for GOST ciphers */
+#define         EVP_CTRL_GOST_SET_SBOX          0x19
 
 /* GCM TLS constants */
 /* Length of fixed part of IV derived from PRF */
@@ -451,6 +462,11 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                                         (char *)(eckey))
 #endif
 
+#ifndef OPENSSL_NO_GOST
+#define EVP_PKEY_assign_GOST(pkey,gostkey) EVP_PKEY_assign((pkey),EVP_PKEY_GOSTR01,\
+                                        (char *)(gostkey))
+#endif
+
 /* Add some extra combinations */
 #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
 #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
@@ -530,6 +546,7 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
 int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
 void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
 void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
+int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr);
 int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
@@ -665,6 +682,12 @@ const EVP_MD *EVP_ripemd160(void);
 #ifndef OPENSSL_NO_WHIRLPOOL
 const EVP_MD *EVP_whirlpool(void);
 #endif
+#ifndef OPENSSL_NO_GOST
+const EVP_MD *EVP_gostr341194(void);
+const EVP_MD *EVP_gost2814789imit(void);
+const EVP_MD *EVP_streebog256(void);
+const EVP_MD *EVP_streebog512(void);
+#endif
 const EVP_CIPHER *EVP_enc_null(void);           /* does nothing :-) */
 #ifndef OPENSSL_NO_DES
 const EVP_CIPHER *EVP_des_ecb(void);
@@ -804,6 +827,12 @@ const EVP_CIPHER *EVP_camellia_256_ofb(void);
 const EVP_CIPHER *EVP_chacha20(void);
 #endif
 
+#ifndef OPENSSL_NO_GOST
+const EVP_CIPHER *EVP_gost2814789_ecb(void);
+const EVP_CIPHER *EVP_gost2814789_cfb64(void);
+const EVP_CIPHER *EVP_gost2814789_cnt(void);
+#endif
+
 void OPENSSL_add_all_algorithms_noconf(void);
 void OPENSSL_add_all_algorithms_conf(void);
 
@@ -871,6 +900,9 @@ struct ec_key_st;
 int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
 struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
 #endif
+#ifndef OPENSSL_NO_GOST
+struct gost_key_st;
+#endif
 
 EVP_PKEY *EVP_PKEY_new(void);
 void EVP_PKEY_free(EVP_PKEY *pkey);
@@ -1337,6 +1369,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_EVP_DIGESTINIT_EX                          128
 #define EVP_F_EVP_ENCRYPTFINAL_EX                        127
 #define EVP_F_EVP_MD_CTX_COPY_EX                         110
+#define EVP_F_EVP_MD_CTX_CTRL                            195
 #define EVP_F_EVP_MD_SIZE                                162
 #define EVP_F_EVP_OPENINIT                               102
 #define EVP_F_EVP_PBE_ALG_ADD                            115
diff --git a/src/lib/libcrypto/evp/m_gost2814789.c b/src/lib/libcrypto/evp/m_gost2814789.c
new file mode 100644
index 0000000000..ff3f489e46
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_gost2814789.c
@@ -0,0 +1,105 @@
+/* $OpenBSD: m_gost2814789.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_GOST
+
+#include <openssl/evp.h>
+#include <openssl/gost.h>
+#include <openssl/objects.h>
+
+static int init(EVP_MD_CTX *ctx)
+{
+        return GOST2814789IMIT_Init(ctx->md_data, NID_id_Gost28147_89_CryptoPro_A_ParamSet);
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+        return GOST2814789IMIT_Update(ctx->md_data, data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+        return GOST2814789IMIT_Final(md, ctx->md_data);
+}
+
+static int md_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
+{
+        GOST2814789IMIT_CTX *gctx = ctx->md_data;
+
+        switch (cmd) {
+        case EVP_MD_CTRL_SET_KEY:
+                return Gost2814789_set_key(&gctx->cipher, p2, p1);
+        case EVP_MD_CTRL_GOST_SET_SBOX:
+                return Gost2814789_set_sbox(&gctx->cipher, p1);
+        }
+        return -2;
+}
+
+static const EVP_MD gost2814789imit_md = {
+        .type = NID_id_Gost28147_89_MAC,
+        .pkey_type = NID_undef,
+        .md_size = GOST2814789IMIT_LENGTH,
+        .flags = 0,
+        .init = init,
+        .update = update,
+        .final = final,
+        .block_size = GOST2814789IMIT_CBLOCK,
+        .ctx_size = sizeof(EVP_MD *) + sizeof(GOST2814789IMIT_CTX),
+        .md_ctrl = md_ctrl,
+};
+
+const EVP_MD *
+EVP_gost2814789imit(void)
+{
+        return (&gost2814789imit_md);
+}
+#endif
diff --git a/src/lib/libcrypto/evp/m_gostr341194.c b/src/lib/libcrypto/evp/m_gostr341194.c
new file mode 100644
index 0000000000..380d92d508
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_gostr341194.c
@@ -0,0 +1,93 @@
+/* $OpenBSD: m_gostr341194.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <stdio.h>
+
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_GOST
+
+#include <openssl/evp.h>
+#include <openssl/gost.h>
+#include <openssl/objects.h>
+
+static int init(EVP_MD_CTX *ctx)
+{
+        return GOSTR341194_Init(ctx->md_data, NID_id_GostR3411_94_CryptoProParamSet);
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+        return GOSTR341194_Update(ctx->md_data, data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+        return GOSTR341194_Final(md, ctx->md_data);
+}
+
+static const EVP_MD gostr341194_md = {
+        .type = NID_id_GostR3411_94,
+        .pkey_type = NID_undef,
+        .md_size = GOSTR341194_LENGTH,
+        .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
+        .init = init,
+        .update = update,
+        .final = final,
+        .block_size = GOSTR341194_CBLOCK,
+        .ctx_size = sizeof(EVP_MD *) + sizeof(GOSTR341194_CTX),
+};
+
+const EVP_MD *
+EVP_gostr341194(void)
+{
+        return (&gostr341194_md);
+}
+#endif
diff --git a/src/lib/libcrypto/evp/m_streebog.c b/src/lib/libcrypto/evp/m_streebog.c
new file mode 100644
index 0000000000..cf4b159f43
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_streebog.c
@@ -0,0 +1,125 @@
+/* $OpenBSD: m_streebog.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/*
+ * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_GOST
+
+#include <openssl/evp.h>
+#include <openssl/gost.h>
+#include <openssl/objects.h>
+
+static int init256(EVP_MD_CTX *ctx)
+{
+        return STREEBOG256_Init(ctx->md_data);
+}
+
+static int update256(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+        return STREEBOG256_Update(ctx->md_data, data, count);
+}
+
+static int final256(EVP_MD_CTX *ctx, unsigned char *md)
+{
+        return STREEBOG256_Final(md, ctx->md_data);
+}
+
+static int init512(EVP_MD_CTX *ctx)
+{
+        return STREEBOG512_Init(ctx->md_data);
+}
+
+static int update512(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+        return STREEBOG512_Update(ctx->md_data, data, count);
+}
+
+static int final512(EVP_MD_CTX *ctx, unsigned char *md)
+{
+        return STREEBOG512_Final(md, ctx->md_data);
+}
+
+static const EVP_MD streebog256_md = {
+        .type = NID_id_tc26_gost3411_2012_256,
+        .pkey_type = NID_undef,
+        .md_size = STREEBOG256_LENGTH,
+        .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
+        .init = init256,
+        .update = update256,
+        .final = final256,
+        .block_size = STREEBOG_CBLOCK,
+        .ctx_size = sizeof(EVP_MD *) + sizeof(STREEBOG_CTX),
+};
+
+static const EVP_MD streebog512_md = {
+        .type = NID_id_tc26_gost3411_2012_512,
+        .pkey_type = NID_undef,
+        .md_size = STREEBOG512_LENGTH,
+        .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
+        .init = init512,
+        .update = update512,
+        .final = final512,
+        .block_size = STREEBOG_CBLOCK,
+        .ctx_size = sizeof(EVP_MD *) + sizeof(STREEBOG_CTX),
+};
+
+const EVP_MD *
+EVP_streebog256(void)
+{
+        return (&streebog256_md);
+}
+
+const EVP_MD *
+EVP_streebog512(void)
+{
+        return (&streebog512_md);
+}
+#endif
diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c
index 12267a6d93..24cdfdd1d0 100644
--- a/src/lib/libcrypto/evp/pmeth_lib.c
+++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_lib.c,v 1.9 2014/07/12 16:03:37 miod Exp $ */
+/* $OpenBSD: pmeth_lib.c,v 1.10 2014/11/09 19:17:13 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -79,6 +79,7 @@ STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
 
 extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth;
 extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth;
+extern const EVP_PKEY_METHOD gostimit_pkey_meth, gostr01_pkey_meth;
 
 static const EVP_PKEY_METHOD *standard_methods[] = {
 #ifndef OPENSSL_NO_RSA
@@ -93,8 +94,12 @@ static const EVP_PKEY_METHOD *standard_methods[] = {
 #ifndef OPENSSL_NO_EC
         &ec_pkey_meth,
 #endif
+#ifndef OPENSSL_NO_GOST
+        &gostr01_pkey_meth,
+        &gostimit_pkey_meth,
+#endif
         &hmac_pkey_meth,
-        &cmac_pkey_meth
+        &cmac_pkey_meth,
 };
 
 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,