summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/engine/eng_all.c3
-rw-r--r--src/lib/libcrypto/engine/engine.h3
-rw-r--r--src/lib/libcrypto/util/mk1mf.pl1
-rw-r--r--src/lib/libcrypto/util/mkfiles.pl1
-rw-r--r--src/lib/libssl/src/crypto/engine/eng_all.c3
-rw-r--r--src/lib/libssl/src/crypto/engine/engine.h3
-rw-r--r--src/lib/libssl/src/engines/Makefile3
-rw-r--r--src/lib/libssl/src/engines/ccgost/Makefile90
-rw-r--r--src/lib/libssl/src/engines/ccgost/README.gost300
-rw-r--r--src/lib/libssl/src/engines/ccgost/e_gost_err.c212
-rw-r--r--src/lib/libssl/src/engines/ccgost/e_gost_err.h156
-rw-r--r--src/lib/libssl/src/engines/ccgost/e_gost_err.proto61
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost.ec5
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost2001.c343
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost2001_keyx.c308
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost2001_keyx.h10
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost89.c421
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost89.h92
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost94_keyx.c291
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost_ameth.c945
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost_asn1.c55
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost_crypt.c634
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost_ctl.c89
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost_eng.c288
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost_keywrap.c109
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost_keywrap.h56
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost_lcl.h218
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost_md.c75
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost_params.c198
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost_params.h34
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost_pmeth.c628
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost_sign.c321
-rw-r--r--src/lib/libssl/src/engines/ccgost/gosthash.c254
-rw-r--r--src/lib/libssl/src/engines/ccgost/gosthash.h48
-rw-r--r--src/lib/libssl/src/engines/ccgost/gostsum.c210
-rw-r--r--src/lib/libssl/src/util/mk1mf.pl1
-rw-r--r--src/lib/libssl/src/util/mkfiles.pl1
37 files changed, 1 insertions, 6469 deletions
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c
index 2fbfc448fd..f318ea69c4 100644
--- a/src/lib/libcrypto/engine/eng_all.c
+++ b/src/lib/libcrypto/engine/eng_all.c
@@ -86,9 +86,6 @@ void ENGINE_load_builtin_engines(void)
86 ENGINE_load_padlock(); 86 ENGINE_load_padlock();
87#endif 87#endif
88#endif 88#endif
89#ifndef OPENSSL_NO_GOST
90 ENGINE_load_gost();
91#endif
92#endif 89#endif
93 ENGINE_register_all_complete(); 90 ENGINE_register_all_complete();
94 } 91 }
diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h
index 425720e988..096c271b61 100644
--- a/src/lib/libcrypto/engine/engine.h
+++ b/src/lib/libcrypto/engine/engine.h
@@ -317,9 +317,6 @@ void ENGINE_load_openssl(void);
317void ENGINE_load_dynamic(void); 317void ENGINE_load_dynamic(void);
318#ifndef OPENSSL_NO_STATIC_ENGINE 318#ifndef OPENSSL_NO_STATIC_ENGINE
319void ENGINE_load_padlock(void); 319void ENGINE_load_padlock(void);
320#ifndef OPENSSL_NO_GOST
321void ENGINE_load_gost(void);
322#endif
323#endif 320#endif
324void ENGINE_load_cryptodev(void); 321void ENGINE_load_cryptodev(void);
325void ENGINE_load_rsax(void); 322void ENGINE_load_rsax(void);
diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl
index 72fa089f6b..48de99f66c 100644
--- a/src/lib/libcrypto/util/mk1mf.pl
+++ b/src/lib/libcrypto/util/mk1mf.pl
@@ -782,7 +782,6 @@ sub var_add
782 return("") if $no_dsa && $dir =~ /\/dsa/; 782 return("") if $no_dsa && $dir =~ /\/dsa/;
783 return("") if $no_dh && $dir =~ /\/dh/; 783 return("") if $no_dh && $dir =~ /\/dh/;
784 return("") if $no_ec && $dir =~ /\/ec/; 784 return("") if $no_ec && $dir =~ /\/ec/;
785 return("") if $no_gost && $dir =~ /\/ccgost/;
786 return("") if $no_cms && $dir =~ /\/cms/; 785 return("") if $no_cms && $dir =~ /\/cms/;
787 return("") if $no_jpake && $dir =~ /\/jpake/; 786 return("") if $no_jpake && $dir =~ /\/jpake/;
788 if ($no_des && $dir =~ /\/des/) 787 if ($no_des && $dir =~ /\/des/)
diff --git a/src/lib/libcrypto/util/mkfiles.pl b/src/lib/libcrypto/util/mkfiles.pl
index 7d9a9d5e5c..3214f69ea5 100644
--- a/src/lib/libcrypto/util/mkfiles.pl
+++ b/src/lib/libcrypto/util/mkfiles.pl
@@ -67,7 +67,6 @@ my @dirs = (
67"ssl", 67"ssl",
68"apps", 68"apps",
69"engines", 69"engines",
70"engines/ccgost",
71"test", 70"test",
72"tools" 71"tools"
73); 72);
diff --git a/src/lib/libssl/src/crypto/engine/eng_all.c b/src/lib/libssl/src/crypto/engine/eng_all.c
index 2fbfc448fd..f318ea69c4 100644
--- a/src/lib/libssl/src/crypto/engine/eng_all.c
+++ b/src/lib/libssl/src/crypto/engine/eng_all.c
@@ -86,9 +86,6 @@ void ENGINE_load_builtin_engines(void)
86 ENGINE_load_padlock(); 86 ENGINE_load_padlock();
87#endif 87#endif
88#endif 88#endif
89#ifndef OPENSSL_NO_GOST
90 ENGINE_load_gost();
91#endif
92#endif 89#endif
93 ENGINE_register_all_complete(); 90 ENGINE_register_all_complete();
94 } 91 }
diff --git a/src/lib/libssl/src/crypto/engine/engine.h b/src/lib/libssl/src/crypto/engine/engine.h
index 425720e988..096c271b61 100644
--- a/src/lib/libssl/src/crypto/engine/engine.h
+++ b/src/lib/libssl/src/crypto/engine/engine.h
@@ -317,9 +317,6 @@ void ENGINE_load_openssl(void);
317void ENGINE_load_dynamic(void); 317void ENGINE_load_dynamic(void);
318#ifndef OPENSSL_NO_STATIC_ENGINE 318#ifndef OPENSSL_NO_STATIC_ENGINE
319void ENGINE_load_padlock(void); 319void ENGINE_load_padlock(void);
320#ifndef OPENSSL_NO_GOST
321void ENGINE_load_gost(void);
322#endif
323#endif 320#endif
324void ENGINE_load_cryptodev(void); 321void ENGINE_load_cryptodev(void);
325void ENGINE_load_rsax(void); 322void ENGINE_load_rsax(void);
diff --git a/src/lib/libssl/src/engines/Makefile b/src/lib/libssl/src/engines/Makefile
index f2a5af220b..bea087832e 100644
--- a/src/lib/libssl/src/engines/Makefile
+++ b/src/lib/libssl/src/engines/Makefile
@@ -9,7 +9,7 @@ INCLUDES= -I../include
9CFLAG=-g 9CFLAG=-g
10MAKEFILE= Makefile 10MAKEFILE= Makefile
11AR= ar r 11AR= ar r
12ENGDIRS= ccgost 12ENGDIRS=
13 13
14RECURSIVE_MAKE= [ -z "$(ENGDIRS)" ] || for i in $(ENGDIRS) ; do \ 14RECURSIVE_MAKE= [ -z "$(ENGDIRS)" ] || for i in $(ENGDIRS) ; do \
15 (cd $$i && echo "making $$target in $(DIR)/$$i..." && \ 15 (cd $$i && echo "making $$target in $(DIR)/$$i..." && \
@@ -109,7 +109,6 @@ errors:
109 $(PERL) ../util/mkerr.pl -conf e_$$l.ec \ 109 $(PERL) ../util/mkerr.pl -conf e_$$l.ec \
110 -nostatic -staticloader -write e_$$l.c; \ 110 -nostatic -staticloader -write e_$$l.c; \
111 done 111 done
112 (cd ccgost; $(MAKE) PERL=$(PERL) errors)
113 112
114tests: 113tests:
115 114
diff --git a/src/lib/libssl/src/engines/ccgost/Makefile b/src/lib/libssl/src/engines/ccgost/Makefile
deleted file mode 100644
index c1fcab6409..0000000000
--- a/src/lib/libssl/src/engines/ccgost/Makefile
+++ /dev/null
@@ -1,90 +0,0 @@
1DIR=ccgost
2TOP=../..
3CC=cc
4INCLUDES= -I../../include
5CFLAG=-g
6MAKEFILE= Makefile
7AR= ar r
8CFLAGS= $(INCLUDES) $(CFLAG)
9LIB=$(TOP)/libcrypto.a
10
11LIBSRC= gost2001.c gost2001_keyx.c gost89.c gost94_keyx.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c gost_sign.c
12
13LIBOBJ= e_gost_err.o gost2001_keyx.o gost2001.o gost89.o gost94_keyx.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o gosthash.o gost_keywrap.o gost_md.o gost_params.o gost_pmeth.o gost_sign.o
14
15SRC=$(LIBSRC)
16
17LIBNAME=gost
18
19top:
20 (cd $(TOP); $(MAKE) DIRS=engines EDIRS=$(DIR) sub_all)
21
22all: lib
23
24tags:
25 ctags $(SRC)
26
27errors:
28 $(PERL) ../../util/mkerr.pl -conf gost.ec -nostatic -write $(SRC)
29
30lib: $(LIBOBJ)
31 if [ -n "$(SHARED_LIBS)" ]; then \
32 $(MAKE) -f $(TOP)/Makefile.shared -e \
33 LIBNAME=$(LIBNAME) \
34 LIBEXTRAS='$(LIBOBJ)' \
35 LIBDEPS='-L$(TOP) -lcrypto' \
36 link_o.$(SHLIB_TARGET); \
37 else \
38 $(AR) $(LIB) $(LIBOBJ); \
39 fi
40 @touch lib
41
42install:
43 [ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
44 if [ -n "$(SHARED_LIBS)" ]; then \
45 set -e; \
46 echo installing $(LIBNAME); \
47 pfx=lib; \
48 if [ "$(PLATFORM)" != "Cygwin" ]; then \
49 case "$(CFLAGS)" in \
50 *DSO_BEOS*) sfx=".so";; \
51 *DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \
52 *DSO_DL*) sfx=".sl";; \
53 *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
54 *) sfx=".bad";; \
55 esac; \
56 cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
57 else \
58 sfx=".so"; \
59 cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
60 fi; \
61 chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
62 mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
63 fi
64
65links:
66
67tests:
68
69depend:
70 @if [ -z "$(THIS)" ]; then \
71 $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
72 else \
73 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC); \
74 fi
75
76files:
77
78
79
80lint:
81 lint -DLINT $(INCLUDES) $(SRC)>fluff
82
83dclean:
84 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
85 mv -f Makefile.new $(MAKEFILE)
86
87clean:
88 rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff *.so *.sl *.dll
89
90# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/src/lib/libssl/src/engines/ccgost/README.gost b/src/lib/libssl/src/engines/ccgost/README.gost
deleted file mode 100644
index c96cccc7b4..0000000000
--- a/src/lib/libssl/src/engines/ccgost/README.gost
+++ /dev/null
@@ -1,300 +0,0 @@
1GOST ENGINE
2
3This engine provides implementation of Russian cryptography standard.
4This is also an example of adding new cryptoalgorithms into OpenSSL
5without changing its core. If OpenSSL is compiled with dynamic engine
6support, new algorithms can be added even without recompilation of
7OpenSSL and applications which use it.
8
9ALGORITHMS SUPPORTED
10
11GOST R 34.10-94 and GOST R 34.10-2001 - digital signature algorithms.
12 Also support key exchange based on public keys. See RFC 4357 for
13 details of VKO key exchange algorithm. These algorithms use
14 256 bit private keys. Public keys are 1024 bit for 94 and 512 bit for
15 2001 (which is elliptic-curve based). Key exchange algorithms
16 (VKO R 34.10) are supported on these keys too.
17
18GOST R 34.11-94 Message digest algorithm. 256-bit hash value
19
20GOST 28147-89 - Symmetric cipher with 256-bit key. Various modes are
21 defined in the standard, but only CFB and CNT modes are implemented
22 in the engine. To make statistical analysis more difficult, key
23 meshing is supported (see RFC 4357).
24
25GOST 28147-89 MAC mode. Message authentication code. While most MAC
26 algorithms out there are based on hash functions using HMAC
27 algorithm, this algoritm is based on symmetric cipher.
28 It has 256-bit symmetric key and only 32 bits of MAC value
29 (while HMAC has same key size and value size).
30
31 It is implemented as combination of EVP_PKEY type and EVP_MD type.
32
33USAGE OF THESE ALGORITHMS
34
35This engine is designed to allow usage of this algorithms in the
36high-level openssl functions, such as PKI, S/MIME and TLS.
37
38See RFC 4490 for S/MIME with GOST algorithms and RFC 4491 for PKI.
39TLS support is implemented according IETF
40draft-chudov-cryptopro-cptls-03.txt and is compatible with
41CryptoPro CSP 3.0 and 3.6 as well as with MagPro CSP.
42GOST ciphersuites implemented in CryptoPro CSP 2.0 are not supported
43because they use ciphersuite numbers used now by AES ciphersuites.
44
45To use the engine you have to load it via openssl configuration
46file. Applications should read openssl configuration file or provide
47their own means to load engines. Also, applications which operate with
48private keys, should use generic EVP_PKEY API instead of using RSA or
49other algorithm-specific API.
50
51CONFIGURATION FILE
52
53Configuration file should include following statement in the global
54section, i.e. before first bracketed section header (see config(5) for details)
55
56 openssl_conf = openssl_def
57
58where openssl_def is name of the section in configuration file which
59describes global defaults.
60
61This section should contain following statement:
62
63 [openssl_def]
64 engines = engine_section
65
66which points to the section which describes list of the engines to be
67loaded. This section should contain:
68
69 [engine_section]
70 gost = gost_section
71
72And section which describes configuration of the engine should contain
73
74 [gost_section]
75 engine_id = gost
76 dynamic_path = /usr/lib/ssl/engines/libgost.so
77 default_algorithms = ALL
78 CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
79
80Where engine_id parameter specifies name of engine (should be "gost").
81dynamic_path is a location of the loadable shared library implementing the
82engine. If the engine is compiled statically or is located in the OpenSSL
83engines directory, this line can be omitted.
84default_algorithms parameter specifies that all algorithms, provided by
85engine, should be used.
86
87The CRYPT_PARAMS parameter is engine-specific. It allows the user to choose
88between different parameter sets of symmetric cipher algorithm. RFC 4357
89specifies several parameters for the GOST 28147-89 algorithm, but OpenSSL
90doesn't provide user interface to choose one when encrypting. So use engine
91configuration parameter instead.
92
93Value of this parameter can be either short name, defined in OpenSSL
94obj_dat.h header file or numeric representation of OID, defined in RFC
954357.
96
97USAGE WITH COMMAND LINE openssl UTILITY
98
991. Generation of private key
100
101 openssl genpkey -algorithm gost2001 -pkeyopt paramset:A -out seckey.pem
102
103 Use -algorithm option to specify algorithm.
104 Use -pkeyopt option to pass paramset to algorithm. The following paramsets
105 are supported by
106 gost94: 0,A,B,C,D,XA,XB,XC
107 gost2001: 0,A,B,C,XA,XB
108 You can also use numeric representation of OID as to destinate
109 paramset.
110
111 Paramsets starting with X are intended to use for key exchange keys.
112 Paramsets without X are for digital signature keys.
113
114 Paramset for both algorithms 0 is the test paramset which should be used
115 only for test purposes.
116
117There are no algorithm-specific things with generation of certificate
118request once you have a private key.
119
1202. Generation of certificate request along with private/public keypar
121
122 openssl req -newkey gost2001 -pkeyopt paramset:A
123
124 Syntax of -pkeyopt parameter is identical with genpkey command.
125
126 You can also use oldstyle syntax -newkey gost2001:paramfile, but in
127 this case you should create parameter file first.
128
129 It can be created with
130
131 openssl genpkey -genparam -algorithm gost2001 -pkeyopt paramset:A\
132 -out paramfile.
133
1343. S/MIME operations
135
136If you want to send encrypted mail using GOST algorithms, don't forget
137to specify -gost89 as encryption algorithm for OpenSSL smime command.
138While OpenSSL is clever enough to find out that GOST R 34.11-94 digest
139must be used for digital signing with GOST private key, it have no way
140to derive symmetric encryption algorithm from key exchange keys.
141
1424. TLS operations
143
144OpenSSL supports all four ciphersuites defined in the IETF draft.
145Once you've loaded GOST key and certificate into your TLS server,
146ciphersuites which use GOST 28147-89 encryption are enabled.
147
148Ciphersuites with NULL encryption should be enabled explicitely if
149needed.
150
151GOST2001-GOST89-GOST89 Uses GOST R 34.10-2001 for auth and key exchange
152 GOST 28147-89 for encryption and GOST 28147-89 MAC
153GOST94-GOST89-GOST89 Uses GOST R 34.10-94 for auth and key exchange
154 GOST 28147-89 for encryption and GOST 28147-89 MAC
155GOST2001-NULL-GOST94 Uses GOST R 34.10-2001 for auth and key exchange,
156 no encryption and HMAC, based on GOST R 34.11-94
157GOST94-NULL-GOST94 Uses GOST R 34.10-94 for auth and key exchange,
158 no encryption and HMAC, based on GOST R 34.11-94
159
160Gost 94 and gost 2001 keys can be used simultaneously in the TLS server.
161RSA, DSA and EC keys can be used simultaneously with GOST keys, if
162server implementation supports loading more than two private
163key/certificate pairs. In this case ciphersuites which use any of loaded
164keys would be supported and clients can negotiate ones they wish.
165
166This allows creation of TLS servers which use GOST ciphersuites for
167Russian clients and RSA/DSA ciphersuites for foreign clients.
168
1695. Calculation of digests and symmetric encryption
170 OpenSSL provides specific commands (like sha1, aes etc) for calculation
171 of digests and symmetric encryption. Since such commands cannot be
172 added dynamically, no such commands are provided for GOST algorithms.
173 Use generic commands 'dgst' and 'enc'.
174
175 Calculation of GOST R 34.11-94 message digest
176
177 openssl dgst -md_gost94 datafile
178
179 Note that GOST R 34.11-94 specifies that digest value should be
180 interpreted as little-endian number, but OpenSSL outputs just hex dump
181 of digest value.
182
183 So, to obtain correct digest value, such as produced by gostsum utility
184 included in the engine distribution, bytes of output should be
185 reversed.
186
187 Calculation of HMAC based on GOST R 34.11-94
188
189 openssl dgst -md_gost94 -mac hmac -macopt key:<32 bytes of key> datafile
190
191 (or use hexkey if key contain NUL bytes)
192 Calculation of GOST 28147 MAC
193
194 openssl dgst -mac gost-mac -macopt key:<32 bytes of key> datafile
195
196 Note absense of an option that specifies digest algorithm. gost-mac
197 algorithm supports only one digest (which is actually part of
198 implementation of this mac) and OpenSSL is clever enough to find out
199 this.
200
201 Encryption with GOST 28147 CFB mode
202 openssl enc -gost89 -out encrypted-file -in plain-text-file -k <passphrase>
203 Encryption with GOST 28147 CNT mode
204 openssl enc -gost89-cnt -out encrypted-file -in plain-text-file -k <passphrase>
205
206
2076. Encrypting private keys and PKCS12
208
209To produce PKCS12 files compatible with MagPro CSP, you need to use
210GOST algorithm for encryption of PKCS12 file and also GOST R 34.11-94
211hash to derive key from password.
212
213openssl pksc12 -export -inkey gost.pem -in gost_cert.pem -keypbe gost89\
214 -certpbe gost89 -macalg md_gost94
215
2167. Testing speed of symmetric ciphers.
217
218To test performance of GOST symmetric ciphers you should use -evp switch
219of the openssl speed command. Engine-provided ciphers couldn't be
220accessed by cipher-specific functions, only via generic evp interface
221
222 openssl speed -evp gost89
223 openssl speed -evp gost89-cnt
224
225
226PROGRAMMING INTERFACES DETAILS
227
228Applications never should access engine directly. They only use provided
229EVP_PKEY API. But there are some details, which should be taken into
230account.
231
232EVP provides two kinds of API for key exchange:
233
2341. EVP_PKEY_encrypt/EVP_PKEY_decrypt functions, intended to use with
235 RSA-like public key encryption algorithms
236
2372. EVP_PKEY_derive, intended to use with Diffie-Hellman-like shared key
238computing algorithms.
239
240Although VKO R 34.10 algorithms, described in the RFC 4357 are
241definitely second case, engine provides BOTH API for GOST R 34.10 keys.
242
243EVP_PKEY_derive just invokes appropriate VKO algorithm and computes
244256 bit shared key. VKO R 34.10-2001 requires 64 bits of random user key
245material (UKM). This UKM should be transmitted to other party, so it is
246not generated inside derive function.
247
248It should be set by EVP_PKEY_CTX_ctrl function using
249EVP_PKEY_CTRL_SET_IV command after call of EVP_PKEY_derive_init, but
250before EVP_PKEY_derive.
251 unsigned char ukm[8];
252 RAND_bytes(ukm,8);
253 EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_DERIVE, 8, ukm)
254
255EVP_PKEY_encrypt encrypts provided session key with VKO shared key and
256packs it into GOST key transport structure, described in the RFC 4490.
257
258It typically uses ephemeral key pair to compute shared key and packs its
259public part along with encrypted key. So, for most cases use of
260EVP_PKEY_encrypt/EVP_PKEY_decrypt with GOST keys is almost same as with
261RSA.
262
263However, if peerkey field in the EVP_PKEY_CTX structure is set (using
264EVP_PKEY_derive_set_peerkey function) to EVP_PKEY structure which has private
265key and uses same parameters as the public key from which this EVP_PKEY_CTX is
266created, EVP_PKEY_encrypt will use this private key to compute shared key and
267set ephemeral key in the GOST_key_transport structure to NULL. In this case
268pkey and peerkey fields in the EVP_PKEY_CTX are used upside-down.
269
270If EVP_PKEY_decrypt encounters GOST_key_transport structure with NULL
271public key field, it tries to use peerkey field from the context to
272compute shared key. In this case peerkey field should really contain
273peer public key.
274
275Encrypt operation supports EVP_PKEY_CTRL_SET_IV operation as well.
276It can be used when some specific restriction on UKM are imposed by
277higher level protocol. For instance, description of GOST ciphersuites
278requires UKM to be derived from shared secret.
279
280If UKM is not set by this control command, encrypt operation would
281generate random UKM.
282
283
284This sources include implementation of GOST 28147-89 and GOST R 34.11-94
285which are completely indepentent from OpenSSL and can be used separately
286(files gost89.c, gost89.h, gosthash.c, gosthash.h) Utility gostsum (file
287gostsum.c) is provided as example of such separate usage. This is
288program, simular to md5sum and sha1sum utilities, but calculates GOST R
28934.11-94 hash.
290
291Makefile doesn't include rule for compiling gostsum.
292Use command
293
294$(CC) -o gostsum gostsum.c gost89.c gosthash.c
295where $(CC) is name of your C compiler.
296
297Implementations of GOST R 34.10-xx, including VKO algorithms heavily
298depends on OpenSSL BIGNUM and Elliptic Curve libraries.
299
300
diff --git a/src/lib/libssl/src/engines/ccgost/e_gost_err.c b/src/lib/libssl/src/engines/ccgost/e_gost_err.c
deleted file mode 100644
index 9a79a374e2..0000000000
--- a/src/lib/libssl/src/engines/ccgost/e_gost_err.c
+++ /dev/null
@@ -1,212 +0,0 @@
1/* e_gost_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "e_gost_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(0,func,0)
69#define ERR_REASON(reason) ERR_PACK(0,0,reason)
70
71static ERR_STRING_DATA GOST_str_functs[]=
72 {
73{ERR_FUNC(GOST_F_DECODE_GOST_ALGOR_PARAMS), "DECODE_GOST_ALGOR_PARAMS"},
74{ERR_FUNC(GOST_F_ENCODE_GOST_ALGOR_PARAMS), "ENCODE_GOST_ALGOR_PARAMS"},
75{ERR_FUNC(GOST_F_FILL_GOST2001_PARAMS), "FILL_GOST2001_PARAMS"},
76{ERR_FUNC(GOST_F_FILL_GOST94_PARAMS), "FILL_GOST94_PARAMS"},
77{ERR_FUNC(GOST_F_GET_ENCRYPTION_PARAMS), "GET_ENCRYPTION_PARAMS"},
78{ERR_FUNC(GOST_F_GOST2001_COMPUTE_PUBLIC), "GOST2001_COMPUTE_PUBLIC"},
79{ERR_FUNC(GOST_F_GOST2001_DO_SIGN), "GOST2001_DO_SIGN"},
80{ERR_FUNC(GOST_F_GOST2001_DO_VERIFY), "GOST2001_DO_VERIFY"},
81{ERR_FUNC(GOST_F_GOST2001_KEYGEN), "GOST2001_KEYGEN"},
82{ERR_FUNC(GOST_F_GOST89_GET_ASN1_PARAMETERS), "GOST89_GET_ASN1_PARAMETERS"},
83{ERR_FUNC(GOST_F_GOST89_SET_ASN1_PARAMETERS), "GOST89_SET_ASN1_PARAMETERS"},
84{ERR_FUNC(GOST_F_GOST94_COMPUTE_PUBLIC), "GOST94_COMPUTE_PUBLIC"},
85{ERR_FUNC(GOST_F_GOST_CIPHER_CTL), "GOST_CIPHER_CTL"},
86{ERR_FUNC(GOST_F_GOST_DO_SIGN), "GOST_DO_SIGN"},
87{ERR_FUNC(GOST_F_GOST_DO_VERIFY), "GOST_DO_VERIFY"},
88{ERR_FUNC(GOST_F_GOST_IMIT_CTRL), "GOST_IMIT_CTRL"},
89{ERR_FUNC(GOST_F_GOST_IMIT_FINAL), "GOST_IMIT_FINAL"},
90{ERR_FUNC(GOST_F_GOST_IMIT_UPDATE), "GOST_IMIT_UPDATE"},
91{ERR_FUNC(GOST_F_PARAM_COPY_GOST01), "PARAM_COPY_GOST01"},
92{ERR_FUNC(GOST_F_PARAM_COPY_GOST94), "PARAM_COPY_GOST94"},
93{ERR_FUNC(GOST_F_PKEY_GOST01CP_DECRYPT), "PKEY_GOST01CP_DECRYPT"},
94{ERR_FUNC(GOST_F_PKEY_GOST01CP_ENCRYPT), "PKEY_GOST01CP_ENCRYPT"},
95{ERR_FUNC(GOST_F_PKEY_GOST01CP_KEYGEN), "PKEY_GOST01CP_KEYGEN"},
96{ERR_FUNC(GOST_F_PKEY_GOST01_PARAMGEN), "PKEY_GOST01_PARAMGEN"},
97{ERR_FUNC(GOST_F_PKEY_GOST2001_DERIVE), "PKEY_GOST2001_DERIVE"},
98{ERR_FUNC(GOST_F_PKEY_GOST94CP_DECRYPT), "PKEY_GOST94CP_DECRYPT"},
99{ERR_FUNC(GOST_F_PKEY_GOST94CP_ENCRYPT), "PKEY_GOST94CP_ENCRYPT"},
100{ERR_FUNC(GOST_F_PKEY_GOST94CP_KEYGEN), "PKEY_GOST94CP_KEYGEN"},
101{ERR_FUNC(GOST_F_PKEY_GOST94_PARAMGEN), "PKEY_GOST94_PARAMGEN"},
102{ERR_FUNC(GOST_F_PKEY_GOST_CTRL), "PKEY_GOST_CTRL"},
103{ERR_FUNC(GOST_F_PKEY_GOST_CTRL01_STR), "PKEY_GOST_CTRL01_STR"},
104{ERR_FUNC(GOST_F_PKEY_GOST_CTRL94_STR), "PKEY_GOST_CTRL94_STR"},
105{ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL), "PKEY_GOST_MAC_CTRL"},
106{ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL_STR), "PKEY_GOST_MAC_CTRL_STR"},
107{ERR_FUNC(GOST_F_PKEY_GOST_MAC_KEYGEN), "PKEY_GOST_MAC_KEYGEN"},
108{ERR_FUNC(GOST_F_PRINT_GOST_01), "PRINT_GOST_01"},
109{ERR_FUNC(GOST_F_PRIV_DECODE_GOST), "PRIV_DECODE_GOST"},
110{ERR_FUNC(GOST_F_PUB_DECODE_GOST01), "PUB_DECODE_GOST01"},
111{ERR_FUNC(GOST_F_PUB_DECODE_GOST94), "PUB_DECODE_GOST94"},
112{ERR_FUNC(GOST_F_PUB_ENCODE_GOST01), "PUB_ENCODE_GOST01"},
113{ERR_FUNC(GOST_F_UNPACK_CC_SIGNATURE), "UNPACK_CC_SIGNATURE"},
114{ERR_FUNC(GOST_F_UNPACK_CP_SIGNATURE), "UNPACK_CP_SIGNATURE"},
115{0,NULL}
116 };
117
118static ERR_STRING_DATA GOST_str_reasons[]=
119 {
120{ERR_REASON(GOST_R_BAD_KEY_PARAMETERS_FORMAT),"bad key parameters format"},
121{ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),"bad pkey parameters format"},
122{ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),"cannot pack ephemeral key"},
123{ERR_REASON(GOST_R_CTRL_CALL_FAILED) ,"ctrl call failed"},
124{ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),"error computing shared key"},
125{ERR_REASON(GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO),"error packing key transport info"},
126{ERR_REASON(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO),"error parsing key transport info"},
127{ERR_REASON(GOST_R_INCOMPATIBLE_ALGORITHMS),"incompatible algorithms"},
128{ERR_REASON(GOST_R_INCOMPATIBLE_PEER_KEY),"incompatible peer key"},
129{ERR_REASON(GOST_R_INVALID_CIPHER_PARAMS),"invalid cipher params"},
130{ERR_REASON(GOST_R_INVALID_CIPHER_PARAM_OID),"invalid cipher param oid"},
131{ERR_REASON(GOST_R_INVALID_DIGEST_TYPE) ,"invalid digest type"},
132{ERR_REASON(GOST_R_INVALID_GOST94_PARMSET),"invalid gost94 parmset"},
133{ERR_REASON(GOST_R_INVALID_IV_LENGTH) ,"invalid iv length"},
134{ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH),"invalid mac key length"},
135{ERR_REASON(GOST_R_INVALID_PARAMSET) ,"invalid paramset"},
136{ERR_REASON(GOST_R_KEY_IS_NOT_INITALIZED),"key is not initalized"},
137{ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED),"key is not initialized"},
138{ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING),"key parameters missing"},
139{ERR_REASON(GOST_R_MAC_KEY_NOT_SET) ,"mac key not set"},
140{ERR_REASON(GOST_R_MALLOC_FAILURE) ,"malloc failure"},
141{ERR_REASON(GOST_R_NO_MEMORY) ,"no memory"},
142{ERR_REASON(GOST_R_NO_PARAMETERS_SET) ,"no parameters set"},
143{ERR_REASON(GOST_R_NO_PEER_KEY) ,"no peer key"},
144{ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR),"no private part of non ephemeral keypair"},
145{ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED) ,"public key undefined"},
146{ERR_REASON(GOST_R_RANDOM_GENERATOR_ERROR),"random generator error"},
147{ERR_REASON(GOST_R_RANDOM_GENERATOR_FAILURE),"random generator failure"},
148{ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED),"random number generator failed"},
149{ERR_REASON(GOST_R_SIGNATURE_MISMATCH) ,"signature mismatch"},
150{ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q),"signature parts greater than q"},
151{ERR_REASON(GOST_R_UKM_NOT_SET) ,"ukm not set"},
152{ERR_REASON(GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND),"unsupported cipher ctl command"},
153{ERR_REASON(GOST_R_UNSUPPORTED_PARAMETER_SET),"unsupported parameter set"},
154{0,NULL}
155 };
156
157#endif
158
159#ifdef GOST_LIB_NAME
160static ERR_STRING_DATA GOST_lib_name[]=
161 {
162{0 ,GOST_LIB_NAME},
163{0,NULL}
164 };
165#endif
166
167
168static int GOST_lib_error_code=0;
169static int GOST_error_init=1;
170
171void ERR_load_GOST_strings(void)
172 {
173 if (GOST_lib_error_code == 0)
174 GOST_lib_error_code=ERR_get_next_error_library();
175
176 if (GOST_error_init)
177 {
178 GOST_error_init=0;
179#ifndef OPENSSL_NO_ERR
180 ERR_load_strings(GOST_lib_error_code,GOST_str_functs);
181 ERR_load_strings(GOST_lib_error_code,GOST_str_reasons);
182#endif
183
184#ifdef GOST_LIB_NAME
185 GOST_lib_name->error = ERR_PACK(GOST_lib_error_code,0,0);
186 ERR_load_strings(0,GOST_lib_name);
187#endif
188 }
189 }
190
191void ERR_unload_GOST_strings(void)
192 {
193 if (GOST_error_init == 0)
194 {
195#ifndef OPENSSL_NO_ERR
196 ERR_unload_strings(GOST_lib_error_code,GOST_str_functs);
197 ERR_unload_strings(GOST_lib_error_code,GOST_str_reasons);
198#endif
199
200#ifdef GOST_LIB_NAME
201 ERR_unload_strings(0,GOST_lib_name);
202#endif
203 GOST_error_init=1;
204 }
205 }
206
207void ERR_GOST_error(int function, int reason, char *file, int line)
208 {
209 if (GOST_lib_error_code == 0)
210 GOST_lib_error_code=ERR_get_next_error_library();
211 ERR_PUT_error(GOST_lib_error_code,function,reason,file,line);
212 }
diff --git a/src/lib/libssl/src/engines/ccgost/e_gost_err.h b/src/lib/libssl/src/engines/ccgost/e_gost_err.h
deleted file mode 100644
index 6dc500079d..0000000000
--- a/src/lib/libssl/src/engines/ccgost/e_gost_err.h
+++ /dev/null
@@ -1,156 +0,0 @@
1/* ====================================================================
2 * Copyright (c) 2001-2005 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_GOST_ERR_H
56#define HEADER_GOST_ERR_H
57
58#ifdef __cplusplus
59extern "C" {
60#endif
61
62/* BEGIN ERROR CODES */
63/* The following lines are auto generated by the script mkerr.pl. Any changes
64 * made after this point may be overwritten when the script is next run.
65 */
66void ERR_load_GOST_strings(void);
67void ERR_unload_GOST_strings(void);
68void ERR_GOST_error(int function, int reason, char *file, int line);
69#define GOSTerr(f,r) ERR_GOST_error((f),(r),__FILE__,__LINE__)
70
71/* Error codes for the GOST functions. */
72
73/* Function codes. */
74#define GOST_F_DECODE_GOST_ALGOR_PARAMS 99
75#define GOST_F_ENCODE_GOST_ALGOR_PARAMS 100
76#define GOST_F_FILL_GOST2001_PARAMS 101
77#define GOST_F_FILL_GOST94_PARAMS 102
78#define GOST_F_GET_ENCRYPTION_PARAMS 103
79#define GOST_F_GOST2001_COMPUTE_PUBLIC 104
80#define GOST_F_GOST2001_DO_SIGN 105
81#define GOST_F_GOST2001_DO_VERIFY 106
82#define GOST_F_GOST2001_KEYGEN 107
83#define GOST_F_GOST89_GET_ASN1_PARAMETERS 108
84#define GOST_F_GOST89_SET_ASN1_PARAMETERS 109
85#define GOST_F_GOST94_COMPUTE_PUBLIC 110
86#define GOST_F_GOST_CIPHER_CTL 111
87#define GOST_F_GOST_DO_SIGN 112
88#define GOST_F_GOST_DO_VERIFY 113
89#define GOST_F_GOST_IMIT_CTRL 114
90#define GOST_F_GOST_IMIT_FINAL 140
91#define GOST_F_GOST_IMIT_UPDATE 115
92#define GOST_F_PARAM_COPY_GOST01 116
93#define GOST_F_PARAM_COPY_GOST94 117
94#define GOST_F_PKEY_GOST01CP_DECRYPT 118
95#define GOST_F_PKEY_GOST01CP_ENCRYPT 119
96#define GOST_F_PKEY_GOST01CP_KEYGEN 120
97#define GOST_F_PKEY_GOST01_PARAMGEN 138
98#define GOST_F_PKEY_GOST2001_DERIVE 121
99#define GOST_F_PKEY_GOST94CP_DECRYPT 122
100#define GOST_F_PKEY_GOST94CP_ENCRYPT 123
101#define GOST_F_PKEY_GOST94CP_KEYGEN 124
102#define GOST_F_PKEY_GOST94_PARAMGEN 139
103#define GOST_F_PKEY_GOST_CTRL 125
104#define GOST_F_PKEY_GOST_CTRL01_STR 126
105#define GOST_F_PKEY_GOST_CTRL94_STR 127
106#define GOST_F_PKEY_GOST_MAC_CTRL 128
107#define GOST_F_PKEY_GOST_MAC_CTRL_STR 129
108#define GOST_F_PKEY_GOST_MAC_KEYGEN 130
109#define GOST_F_PRINT_GOST_01 131
110#define GOST_F_PRIV_DECODE_GOST 132
111#define GOST_F_PUB_DECODE_GOST01 133
112#define GOST_F_PUB_DECODE_GOST94 134
113#define GOST_F_PUB_ENCODE_GOST01 135
114#define GOST_F_UNPACK_CC_SIGNATURE 136
115#define GOST_F_UNPACK_CP_SIGNATURE 137
116
117/* Reason codes. */
118#define GOST_R_BAD_KEY_PARAMETERS_FORMAT 99
119#define GOST_R_BAD_PKEY_PARAMETERS_FORMAT 100
120#define GOST_R_CANNOT_PACK_EPHEMERAL_KEY 101
121#define GOST_R_CTRL_CALL_FAILED 132
122#define GOST_R_ERROR_COMPUTING_SHARED_KEY 102
123#define GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO 103
124#define GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO 104
125#define GOST_R_INCOMPATIBLE_ALGORITHMS 105
126#define GOST_R_INCOMPATIBLE_PEER_KEY 131
127#define GOST_R_INVALID_CIPHER_PARAMS 106
128#define GOST_R_INVALID_CIPHER_PARAM_OID 107
129#define GOST_R_INVALID_DIGEST_TYPE 108
130#define GOST_R_INVALID_GOST94_PARMSET 109
131#define GOST_R_INVALID_IV_LENGTH 110
132#define GOST_R_INVALID_MAC_KEY_LENGTH 111
133#define GOST_R_INVALID_PARAMSET 112
134#define GOST_R_KEY_IS_NOT_INITALIZED 113
135#define GOST_R_KEY_IS_NOT_INITIALIZED 114
136#define GOST_R_KEY_PARAMETERS_MISSING 115
137#define GOST_R_MAC_KEY_NOT_SET 116
138#define GOST_R_MALLOC_FAILURE 117
139#define GOST_R_NO_MEMORY 118
140#define GOST_R_NO_PARAMETERS_SET 119
141#define GOST_R_NO_PEER_KEY 120
142#define GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR 121
143#define GOST_R_PUBLIC_KEY_UNDEFINED 122
144#define GOST_R_RANDOM_GENERATOR_ERROR 123
145#define GOST_R_RANDOM_GENERATOR_FAILURE 124
146#define GOST_R_RANDOM_NUMBER_GENERATOR_FAILED 125
147#define GOST_R_SIGNATURE_MISMATCH 126
148#define GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q 127
149#define GOST_R_UKM_NOT_SET 128
150#define GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND 129
151#define GOST_R_UNSUPPORTED_PARAMETER_SET 130
152
153#ifdef __cplusplus
154}
155#endif
156#endif
diff --git a/src/lib/libssl/src/engines/ccgost/e_gost_err.proto b/src/lib/libssl/src/engines/ccgost/e_gost_err.proto
deleted file mode 100644
index c57bd1bd8f..0000000000
--- a/src/lib/libssl/src/engines/ccgost/e_gost_err.proto
+++ /dev/null
@@ -1,61 +0,0 @@
1/* ====================================================================
2 * Copyright (c) 2001-2005 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_GOST_ERR_H
56#define HEADER_GOST_ERR_H
57
58#define GOST_LIB_NAME "GOST engine"
59#ifdef __cplusplus
60 extern "C" {
61#endif
diff --git a/src/lib/libssl/src/engines/ccgost/gost.ec b/src/lib/libssl/src/engines/ccgost/gost.ec
deleted file mode 100644
index 6c2c85e57c..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gost.ec
+++ /dev/null
@@ -1,5 +0,0 @@
1L GOST e_gost_err.h e_gost_err.c
2L NONE asymm.h NONE
3L NONE md.h NONE
4L NONE crypt.h NONE
5L NONE gostkeyx.h NONE
diff --git a/src/lib/libssl/src/engines/ccgost/gost2001.c b/src/lib/libssl/src/engines/ccgost/gost2001.c
deleted file mode 100644
index dacd82d2b9..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gost2001.c
+++ /dev/null
@@ -1,343 +0,0 @@
1/**********************************************************************
2 * gost2001.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * Implementation of GOST R 34.10-2001 *
7 * Requires OpenSSL 0.9.9 for compilation *
8 **********************************************************************/
9#include "gost_lcl.h"
10#include "gost_params.h"
11#include <string.h>
12#include <openssl/rand.h>
13#include <openssl/ecdsa.h>
14#include <openssl/err.h>
15#include "e_gost_err.h"
16#ifdef DEBUG_SIGN
17extern
18void dump_signature(const char *message,const unsigned char *buffer,size_t len);
19void dump_dsa_sig(const char *message, DSA_SIG *sig);
20#else
21
22#define dump_signature(a,b,c)
23#define dump_dsa_sig(a,b)
24#endif
25
26/*
27 * Fills EC_KEY structure hidden in the app_data field of DSA structure
28 * with parameter information, extracted from parameter array in
29 * params.c file.
30 *
31 * Also fils DSA->q field with copy of EC_GROUP order field to make
32 * DSA_size function work
33 */
34int fill_GOST2001_params(EC_KEY *eckey, int nid)
35 {
36 R3410_2001_params *params = R3410_2001_paramset;
37 EC_GROUP *grp=NULL;
38 BIGNUM *p=NULL,*q=NULL,*a=NULL,*b=NULL,*x=NULL,*y=NULL;
39 EC_POINT *P=NULL;
40 BN_CTX *ctx=BN_CTX_new();
41 int ok=0;
42
43 BN_CTX_start(ctx);
44 p=BN_CTX_get(ctx);
45 a=BN_CTX_get(ctx);
46 b=BN_CTX_get(ctx);
47 x=BN_CTX_get(ctx);
48 y=BN_CTX_get(ctx);
49 q=BN_CTX_get(ctx);
50 while (params->nid!=NID_undef && params->nid != nid) params++;
51 if (params->nid == NID_undef)
52 {
53 GOSTerr(GOST_F_FILL_GOST2001_PARAMS,GOST_R_UNSUPPORTED_PARAMETER_SET);
54 goto err;
55 }
56 BN_hex2bn(&p,params->p);
57 BN_hex2bn(&a,params->a);
58 BN_hex2bn(&b,params->b);
59
60 grp = EC_GROUP_new_curve_GFp(p,a,b,ctx);
61
62 P = EC_POINT_new(grp);
63
64 BN_hex2bn(&x,params->x);
65 BN_hex2bn(&y,params->y);
66 EC_POINT_set_affine_coordinates_GFp(grp,P,x,y,ctx);
67 BN_hex2bn(&q,params->q);
68#ifdef DEBUG_KEYS
69 fprintf(stderr,"Set params index %d oid %s\nq=",
70 (params-R3410_2001_paramset),OBJ_nid2sn(params->nid));
71 BN_print_fp(stderr,q);
72 fprintf(stderr,"\n");
73#endif
74
75 EC_GROUP_set_generator(grp,P,q,NULL);
76 EC_GROUP_set_curve_name(grp,params->nid);
77
78 EC_KEY_set_group(eckey,grp);
79 ok=1;
80 err:
81 EC_POINT_free(P);
82 EC_GROUP_free(grp);
83 BN_CTX_end(ctx);
84 BN_CTX_free(ctx);
85 return ok;
86 }
87
88
89/*
90 * Computes gost2001 signature as DSA_SIG structure
91 *
92 *
93 */
94DSA_SIG *gost2001_do_sign(const unsigned char *dgst,int dlen, EC_KEY *eckey)
95 {
96 DSA_SIG *newsig = NULL;
97 BIGNUM *md = hashsum2bn(dgst);
98 BIGNUM *order = NULL;
99 const EC_GROUP *group;
100 const BIGNUM *priv_key;
101 BIGNUM *r=NULL,*s=NULL,*X=NULL,*tmp=NULL,*tmp2=NULL, *k=NULL,*e=NULL;
102 EC_POINT *C=NULL;
103 BN_CTX *ctx = BN_CTX_new();
104 BN_CTX_start(ctx);
105 OPENSSL_assert(dlen==32);
106 newsig=DSA_SIG_new();
107 if (!newsig)
108 {
109 GOSTerr(GOST_F_GOST2001_DO_SIGN,GOST_R_NO_MEMORY);
110 goto err;
111 }
112 group = EC_KEY_get0_group(eckey);
113 order=BN_CTX_get(ctx);
114 EC_GROUP_get_order(group,order,ctx);
115 priv_key = EC_KEY_get0_private_key(eckey);
116 e = BN_CTX_get(ctx);
117 BN_mod(e,md,order,ctx);
118#ifdef DEBUG_SIGN
119 fprintf(stderr,"digest as bignum=");
120 BN_print_fp(stderr,md);
121 fprintf(stderr,"\ndigest mod q=");
122 BN_print_fp(stderr,e);
123 fprintf(stderr,"\n");
124#endif
125 if (BN_is_zero(e))
126 {
127 BN_one(e);
128 }
129 k =BN_CTX_get(ctx);
130 C=EC_POINT_new(group);
131 do
132 {
133 do
134 {
135 if (!BN_rand_range(k,order))
136 {
137 GOSTerr(GOST_F_GOST2001_DO_SIGN,GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
138 DSA_SIG_free(newsig);
139 newsig = NULL;
140 goto err;
141 }
142 if (!EC_POINT_mul(group,C,k,NULL,NULL,ctx))
143 {
144 GOSTerr(GOST_F_GOST2001_DO_SIGN,ERR_R_EC_LIB);
145 DSA_SIG_free(newsig);
146 newsig = NULL;
147 goto err;
148 }
149 if (!X) X=BN_CTX_get(ctx);
150 if (!EC_POINT_get_affine_coordinates_GFp(group,C,X,NULL,ctx))
151 {
152 GOSTerr(GOST_F_GOST2001_DO_SIGN,ERR_R_EC_LIB);
153 DSA_SIG_free(newsig);
154 newsig = NULL;
155 goto err;
156 }
157 if (!r) r=BN_CTX_get(ctx);
158 BN_nnmod(r,X,order,ctx);
159 }
160 while (BN_is_zero(r));
161 /* s = (r*priv_key+k*e) mod order */
162 if (!tmp) tmp = BN_CTX_get(ctx);
163 BN_mod_mul(tmp,priv_key,r,order,ctx);
164 if (!tmp2) tmp2 = BN_CTX_get(ctx);
165 BN_mod_mul(tmp2,k,e,order,ctx);
166 if (!s) s=BN_CTX_get(ctx);
167 BN_mod_add(s,tmp,tmp2,order,ctx);
168 }
169 while (BN_is_zero(s));
170
171 newsig->s=BN_dup(s);
172 newsig->r=BN_dup(r);
173 err:
174 BN_CTX_end(ctx);
175 BN_CTX_free(ctx);
176 EC_POINT_free(C);
177 BN_free(md);
178 return newsig;
179 }
180/*
181 * Verifies gost 2001 signature
182 *
183 */
184int gost2001_do_verify(const unsigned char *dgst,int dgst_len,
185 DSA_SIG *sig, EC_KEY *ec)
186 {
187 BN_CTX *ctx=BN_CTX_new();
188 const EC_GROUP *group = EC_KEY_get0_group(ec);
189 BIGNUM *order;
190 BIGNUM *md = NULL,*e=NULL,*R=NULL,*v=NULL,*z1=NULL,*z2=NULL;
191 BIGNUM *X=NULL,*tmp=NULL;
192 EC_POINT *C = NULL;
193 const EC_POINT *pub_key=NULL;
194 int ok=0;
195
196 BN_CTX_start(ctx);
197 order = BN_CTX_get(ctx);
198 e = BN_CTX_get(ctx);
199 z1 = BN_CTX_get(ctx);
200 z2 = BN_CTX_get(ctx);
201 tmp = BN_CTX_get(ctx);
202 X= BN_CTX_get(ctx);
203 R=BN_CTX_get(ctx);
204 v=BN_CTX_get(ctx);
205
206 EC_GROUP_get_order(group,order,ctx);
207 pub_key = EC_KEY_get0_public_key(ec);
208 if (BN_is_zero(sig->s) || BN_is_zero(sig->r) ||
209 (BN_cmp(sig->s,order)>=1) || (BN_cmp(sig->r,order)>=1))
210 {
211 GOSTerr(GOST_F_GOST2001_DO_VERIFY,GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
212 goto err;
213
214 }
215 md = hashsum2bn(dgst);
216
217 BN_mod(e,md,order,ctx);
218#ifdef DEBUG_SIGN
219 fprintf(stderr,"digest as bignum: ");
220 BN_print_fp(stderr,md);
221 fprintf(stderr,"\ndigest mod q: ");
222 BN_print_fp(stderr,e);
223#endif
224 if (BN_is_zero(e)) BN_one(e);
225 v=BN_mod_inverse(v,e,order,ctx);
226 BN_mod_mul(z1,sig->s,v,order,ctx);
227 BN_sub(tmp,order,sig->r);
228 BN_mod_mul(z2,tmp,v,order,ctx);
229#ifdef DEBUG_SIGN
230 fprintf(stderr,"\nInverted digest value: ");
231 BN_print_fp(stderr,v);
232 fprintf(stderr,"\nz1: ");
233 BN_print_fp(stderr,z1);
234 fprintf(stderr,"\nz2: ");
235 BN_print_fp(stderr,z2);
236#endif
237 C = EC_POINT_new(group);
238 if (!EC_POINT_mul(group,C,z1,pub_key,z2,ctx))
239 {
240 GOSTerr(GOST_F_GOST2001_DO_VERIFY,ERR_R_EC_LIB);
241 goto err;
242 }
243 if (!EC_POINT_get_affine_coordinates_GFp(group,C,X,NULL,ctx))
244 {
245 GOSTerr(GOST_F_GOST2001_DO_VERIFY,ERR_R_EC_LIB);
246 goto err;
247 }
248 BN_mod(R,X,order,ctx);
249#ifdef DEBUG_SIGN
250 fprintf(stderr,"\nX=");
251 BN_print_fp(stderr,X);
252 fprintf(stderr,"\nX mod q=");
253 BN_print_fp(stderr,R);
254 fprintf(stderr,"\n");
255#endif
256 if (BN_cmp(R,sig->r)!=0)
257 {
258 GOSTerr(GOST_F_GOST2001_DO_VERIFY,GOST_R_SIGNATURE_MISMATCH);
259 }
260 else
261 {
262 ok = 1;
263 }
264 err:
265 EC_POINT_free(C);
266 BN_CTX_end(ctx);
267 BN_CTX_free(ctx);
268 BN_free(md);
269 return ok;
270 }
271/*
272 * Computes GOST R 34.10-2001 public key
273 *
274 *
275 */
276int gost2001_compute_public(EC_KEY *ec)
277 {
278 const EC_GROUP *group = EC_KEY_get0_group(ec);
279 EC_POINT *pub_key=NULL;
280 const BIGNUM *priv_key=NULL;
281 BN_CTX *ctx=NULL;
282 int ok=0;
283
284 if (!group)
285 {
286 GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,GOST_R_KEY_IS_NOT_INITIALIZED);
287 return 0;
288 }
289 ctx=BN_CTX_new();
290 BN_CTX_start(ctx);
291 if (!(priv_key=EC_KEY_get0_private_key(ec)))
292 {
293 GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,ERR_R_EC_LIB);
294 goto err;
295 }
296
297 pub_key = EC_POINT_new(group);
298 if (!EC_POINT_mul(group,pub_key,priv_key,NULL,NULL,ctx))
299 {
300 GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,ERR_R_EC_LIB);
301 goto err;
302 }
303 if (!EC_KEY_set_public_key(ec,pub_key))
304 {
305 GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,ERR_R_EC_LIB);
306 goto err;
307 }
308 ok = 256;
309 err:
310 BN_CTX_end(ctx);
311 EC_POINT_free(pub_key);
312 BN_CTX_free(ctx);
313 return ok;
314 }
315/*
316 *
317 * Generates GOST R 34.10-2001 keypair
318 *
319 *
320 */
321int gost2001_keygen(EC_KEY *ec)
322 {
323 BIGNUM *order = BN_new(),*d=BN_new();
324 const EC_GROUP *group = EC_KEY_get0_group(ec);
325 EC_GROUP_get_order(group,order,NULL);
326
327 do
328 {
329 if (!BN_rand_range(d,order))
330 {
331 GOSTerr(GOST_F_GOST2001_KEYGEN,GOST_R_RANDOM_NUMBER_GENERATOR_FAILED);
332 BN_free(d);
333 BN_free(order);
334 return 0;
335 }
336 }
337 while (BN_is_zero(d));
338 EC_KEY_set_private_key(ec,d);
339 BN_free(d);
340 BN_free(order);
341 return gost2001_compute_public(ec);
342 }
343
diff --git a/src/lib/libssl/src/engines/ccgost/gost2001_keyx.c b/src/lib/libssl/src/engines/ccgost/gost2001_keyx.c
deleted file mode 100644
index c748102857..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gost2001_keyx.c
+++ /dev/null
@@ -1,308 +0,0 @@
1/**********************************************************************
2 * gost_keyx.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * VK0 34.10-2001 key exchange and GOST R 34.10-2001 *
7 * based PKCS7/SMIME support *
8 * Requires OpenSSL 0.9.9 for compilation *
9 **********************************************************************/
10#include <openssl/evp.h>
11#include <openssl/rand.h>
12#include <string.h>
13#include <openssl/objects.h>
14#include "gost89.h"
15#include "gosthash.h"
16#include "e_gost_err.h"
17#include "gost_keywrap.h"
18#include "gost_lcl.h"
19#include "gost2001_keyx.h"
20
21
22
23/* Implementation of CryptoPro VKO 34.10-2001 algorithm */
24static int VKO_compute_key(unsigned char *shared_key,size_t shared_key_size,const EC_POINT *pub_key,EC_KEY *priv_key,const unsigned char *ukm)
25 {
26 unsigned char ukm_be[8],databuf[64],hashbuf[64];
27 BIGNUM *UKM=NULL,*p=NULL,*order=NULL,*X=NULL,*Y=NULL;
28 const BIGNUM* key=EC_KEY_get0_private_key(priv_key);
29 EC_POINT *pnt=EC_POINT_new(EC_KEY_get0_group(priv_key));
30 int i;
31 gost_hash_ctx hash_ctx;
32 BN_CTX *ctx = BN_CTX_new();
33
34 for (i=0;i<8;i++)
35 {
36 ukm_be[7-i]=ukm[i];
37 }
38 BN_CTX_start(ctx);
39 UKM=getbnfrombuf(ukm_be,8);
40 p=BN_CTX_get(ctx);
41 order = BN_CTX_get(ctx);
42 X=BN_CTX_get(ctx);
43 Y=BN_CTX_get(ctx);
44 EC_GROUP_get_order(EC_KEY_get0_group(priv_key),order,ctx);
45 BN_mod_mul(p,key,UKM,order,ctx);
46 EC_POINT_mul(EC_KEY_get0_group(priv_key),pnt,NULL,pub_key,p,ctx);
47 EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(priv_key),
48 pnt,X,Y,ctx);
49 /*Serialize elliptic curve point same way as we do it when saving
50 * key */
51 store_bignum(Y,databuf,32);
52 store_bignum(X,databuf+32,32);
53 /* And reverse byte order of whole buffer */
54 for (i=0;i<64;i++)
55 {
56 hashbuf[63-i]=databuf[i];
57 }
58 init_gost_hash_ctx(&hash_ctx,&GostR3411_94_CryptoProParamSet);
59 start_hash(&hash_ctx);
60 hash_block(&hash_ctx,hashbuf,64);
61 finish_hash(&hash_ctx,shared_key);
62 done_gost_hash_ctx(&hash_ctx);
63 BN_free(UKM);
64 BN_CTX_end(ctx);
65 BN_CTX_free(ctx);
66 EC_POINT_free(pnt);
67 return 32;
68 }
69
70
71/*
72 * EVP_PKEY_METHOD callback derive. Implements VKO R 34.10-2001
73 * algorithm
74 */
75int pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
76{
77 /* Public key of peer in the ctx field peerkey
78 * Our private key in the ctx pkey
79 * ukm is in the algorithm specific context data
80 */
81 EVP_PKEY *my_key = EVP_PKEY_CTX_get0_pkey(ctx);
82 EVP_PKEY *peer_key = EVP_PKEY_CTX_get0_peerkey(ctx);
83 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
84
85 if (!data->shared_ukm) {
86 GOSTerr(GOST_F_PKEY_GOST2001_DERIVE, GOST_R_UKM_NOT_SET);
87 return 0;
88 }
89
90 if (key == NULL) {
91 *keylen = 32;
92 return 32;
93 }
94
95 *keylen=VKO_compute_key(key, 32, EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)),
96 (EC_KEY *)EVP_PKEY_get0(my_key),data->shared_ukm);
97 return 1;
98}
99
100
101
102
103/*
104 * EVP_PKEY_METHOD callback encrypt
105 * Implementation of GOST2001 key transport, cryptocom variation
106 */
107/* Generates ephemeral key based on pubk algorithm
108 * computes shared key using VKO and returns filled up
109 * GOST_KEY_TRANSPORT structure
110 */
111
112/*
113 * EVP_PKEY_METHOD callback encrypt
114 * Implementation of GOST2001 key transport, cryptopo variation
115 */
116
117int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len, const unsigned char *key,size_t key_len)
118 {
119 GOST_KEY_TRANSPORT *gkt=NULL;
120 EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx);
121 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
122 const struct gost_cipher_info *param=get_encryption_params(NULL);
123 unsigned char ukm[8], shared_key[32], crypted_key[44];
124 int ret=0;
125 int key_is_ephemeral=1;
126 gost_ctx cctx;
127 EVP_PKEY *sec_key=EVP_PKEY_CTX_get0_peerkey(pctx);
128 if (data->shared_ukm)
129 {
130 memcpy(ukm, data->shared_ukm,8);
131 }
132 else if (out)
133 {
134
135 if (RAND_bytes(ukm,8)<=0)
136 {
137 GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
138 GOST_R_RANDOM_GENERATOR_FAILURE);
139 return 0;
140 }
141 }
142 /* Check for private key in the peer_key of context */
143 if (sec_key)
144 {
145 key_is_ephemeral=0;
146 if (!gost_get0_priv_key(sec_key))
147 {
148 GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
149 GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
150 goto err;
151 }
152 }
153 else
154 {
155 key_is_ephemeral=1;
156 if (out)
157 {
158 sec_key = EVP_PKEY_new();
159 EVP_PKEY_assign(sec_key,EVP_PKEY_base_id(pubk),EC_KEY_new());
160 EVP_PKEY_copy_parameters(sec_key,pubk);
161 if (!gost2001_keygen(EVP_PKEY_get0(sec_key)))
162 {
163 goto err;
164 }
165 }
166 }
167 if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS) && param == gost_cipher_list)
168 {
169 param= gost_cipher_list+1;
170 }
171 if (out)
172 {
173 VKO_compute_key(shared_key,32,EC_KEY_get0_public_key(EVP_PKEY_get0(pubk)),EVP_PKEY_get0(sec_key),ukm);
174 gost_init(&cctx,param->sblock);
175 keyWrapCryptoPro(&cctx,shared_key,ukm,key,crypted_key);
176 }
177 gkt = GOST_KEY_TRANSPORT_new();
178 if (!gkt)
179 {
180 goto err;
181 }
182 if(!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv,
183 ukm,8))
184 {
185 goto err;
186 }
187 if (!ASN1_OCTET_STRING_set(gkt->key_info->imit,crypted_key+40,4))
188 {
189 goto err;
190 }
191 if (!ASN1_OCTET_STRING_set(gkt->key_info->encrypted_key,crypted_key+8,32))
192 {
193 goto err;
194 }
195 if (key_is_ephemeral) {
196 if (!X509_PUBKEY_set(&gkt->key_agreement_info->ephem_key,out?sec_key:pubk))
197 {
198 GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
199 GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
200 goto err;
201 }
202 }
203 ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
204 gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
205 if (key_is_ephemeral && sec_key) EVP_PKEY_free(sec_key);
206 if (!key_is_ephemeral)
207 {
208 /* Set control "public key from client certificate used" */
209 if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0)
210 {
211 GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
212 GOST_R_CTRL_CALL_FAILED);
213 goto err;
214 }
215 }
216 if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt,out?&out:NULL))>0) ret =1;
217 GOST_KEY_TRANSPORT_free(gkt);
218 return ret;
219 err:
220 if (key_is_ephemeral && sec_key) EVP_PKEY_free(sec_key);
221 GOST_KEY_TRANSPORT_free(gkt);
222 return -1;
223 }
224/*
225 * EVP_PKEY_METHOD callback decrypt
226 * Implementation of GOST2001 key transport, cryptopo variation
227 */
228int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t * key_len, const unsigned char *in, size_t in_len)
229 {
230 const unsigned char *p = in;
231 EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx);
232 GOST_KEY_TRANSPORT *gkt = NULL;
233 int ret=0;
234 unsigned char wrappedKey[44];
235 unsigned char sharedKey[32];
236 gost_ctx ctx;
237 const struct gost_cipher_info *param=NULL;
238 EVP_PKEY *eph_key=NULL, *peerkey=NULL;
239
240 if (!key)
241 {
242 *key_len = 32;
243 return 1;
244 }
245 gkt = d2i_GOST_KEY_TRANSPORT(NULL,(const unsigned char **)&p,
246 in_len);
247 if (!gkt)
248 {
249 GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
250 return -1;
251 }
252
253 /* If key transport structure contains public key, use it */
254 eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
255 if (eph_key)
256 {
257 if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0)
258 {
259 GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,
260 GOST_R_INCOMPATIBLE_PEER_KEY);
261 goto err;
262 }
263 }
264 else
265 {
266 /* Set control "public key from client certificate used" */
267 if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0)
268 {
269 GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,
270 GOST_R_CTRL_CALL_FAILED);
271 goto err;
272 }
273 }
274 peerkey = EVP_PKEY_CTX_get0_peerkey(pctx);
275 if (!peerkey)
276 {
277 GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,
278 GOST_R_NO_PEER_KEY);
279 goto err;
280 }
281
282 param = get_encryption_params(gkt->key_agreement_info->cipher);
283 if(!param){
284 goto err;
285 }
286
287 gost_init(&ctx,param->sblock);
288 OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8);
289 memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8);
290 OPENSSL_assert(gkt->key_info->encrypted_key->length==32);
291 memcpy(wrappedKey+8,gkt->key_info->encrypted_key->data,32);
292 OPENSSL_assert(gkt->key_info->imit->length==4);
293 memcpy(wrappedKey+40,gkt->key_info->imit->data,4);
294 VKO_compute_key(sharedKey,32,EC_KEY_get0_public_key(EVP_PKEY_get0(peerkey)),
295 EVP_PKEY_get0(priv),wrappedKey);
296 if (!keyUnwrapCryptoPro(&ctx,sharedKey,wrappedKey,key))
297 {
298 GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,
299 GOST_R_ERROR_COMPUTING_SHARED_KEY);
300 goto err;
301 }
302
303 ret=1;
304err:
305 if (eph_key) EVP_PKEY_free(eph_key);
306 if (gkt) GOST_KEY_TRANSPORT_free(gkt);
307 return ret;
308 }
diff --git a/src/lib/libssl/src/engines/ccgost/gost2001_keyx.h b/src/lib/libssl/src/engines/ccgost/gost2001_keyx.h
deleted file mode 100644
index a014d9c1e2..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gost2001_keyx.h
+++ /dev/null
@@ -1,10 +0,0 @@
1GOST_KEY_TRANSPORT *
2make_rfc4490_keytransport_2001(EVP_PKEY *pubk, BIGNUM *eph_key,
3 const unsigned char *key, size_t keylen,
4 unsigned char *ukm, size_t ukm_len);
5
6int decrypt_rfc4490_shared_key_2001(EVP_PKEY *priv,
7 GOST_KEY_TRANSPORT *gkt,
8 unsigned char *key_buf,
9 int key_buf_len) ;
10
diff --git a/src/lib/libssl/src/engines/ccgost/gost89.c b/src/lib/libssl/src/engines/ccgost/gost89.c
deleted file mode 100644
index b0568c6b3c..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gost89.c
+++ /dev/null
@@ -1,421 +0,0 @@
1/**********************************************************************
2 * gost89.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * Implementation of GOST 28147-89 encryption algorithm *
7 * No OpenSSL libraries required to compile and use *
8 * this code *
9 **********************************************************************/
10#include <string.h>
11#include "gost89.h"
12/* Substitution blocks from RFC 4357
13
14 Note: our implementation of gost 28147-89 algorithm
15 uses S-box matrix rotated 90 degrees counterclockwise, relative to
16 examples given in RFC.
17
18
19*/
20
21/* Substitution blocks from test examples for GOST R 34.11-94*/
22gost_subst_block GostR3411_94_TestParamSet = {
23 {0X1,0XF,0XD,0X0,0X5,0X7,0XA,0X4,0X9,0X2,0X3,0XE,0X6,0XB,0X8,0XC},
24 {0XD,0XB,0X4,0X1,0X3,0XF,0X5,0X9,0X0,0XA,0XE,0X7,0X6,0X8,0X2,0XC},
25 {0X4,0XB,0XA,0X0,0X7,0X2,0X1,0XD,0X3,0X6,0X8,0X5,0X9,0XC,0XF,0XE},
26 {0X6,0XC,0X7,0X1,0X5,0XF,0XD,0X8,0X4,0XA,0X9,0XE,0X0,0X3,0XB,0X2},
27 {0X7,0XD,0XA,0X1,0X0,0X8,0X9,0XF,0XE,0X4,0X6,0XC,0XB,0X2,0X5,0X3},
28 {0X5,0X8,0X1,0XD,0XA,0X3,0X4,0X2,0XE,0XF,0XC,0X7,0X6,0X0,0X9,0XB},
29 {0XE,0XB,0X4,0XC,0X6,0XD,0XF,0XA,0X2,0X3,0X8,0X1,0X0,0X7,0X5,0X9},
30 {0X4,0XA,0X9,0X2,0XD,0X8,0X0,0XE,0X6,0XB,0X1,0XC,0X7,0XF,0X5,0X3}
31 };
32/* Substitution blocks for hash function 1.2.643.2.9.1.6.1 */
33gost_subst_block GostR3411_94_CryptoProParamSet= {
34 {0x1,0x3,0xA,0x9,0x5,0xB,0x4,0xF,0x8,0x6,0x7,0xE,0xD,0x0,0x2,0xC},
35 {0xD,0xE,0x4,0x1,0x7,0x0,0x5,0xA,0x3,0xC,0x8,0xF,0x6,0x2,0x9,0xB},
36 {0x7,0x6,0x2,0x4,0xD,0x9,0xF,0x0,0xA,0x1,0x5,0xB,0x8,0xE,0xC,0x3},
37 {0x7,0x6,0x4,0xB,0x9,0xC,0x2,0xA,0x1,0x8,0x0,0xE,0xF,0xD,0x3,0x5},
38 {0x4,0xA,0x7,0xC,0x0,0xF,0x2,0x8,0xE,0x1,0x6,0x5,0xD,0xB,0x9,0x3},
39 {0x7,0xF,0xC,0xE,0x9,0x4,0x1,0x0,0x3,0xB,0x5,0x2,0x6,0xA,0x8,0xD},
40 {0x5,0xF,0x4,0x0,0x2,0xD,0xB,0x9,0x1,0x7,0x6,0x3,0xC,0xE,0xA,0x8},
41 {0xA,0x4,0x5,0x6,0x8,0x1,0x3,0x7,0xD,0xC,0xE,0x0,0x9,0x2,0xB,0xF}
42 } ;
43
44/* Test paramset from GOST 28147 */
45gost_subst_block Gost28147_TestParamSet =
46 {
47 {0xC,0x6,0x5,0x2,0xB,0x0,0x9,0xD,0x3,0xE,0x7,0xA,0xF,0x4,0x1,0x8},
48 {0x9,0xB,0xC,0x0,0x3,0x6,0x7,0x5,0x4,0x8,0xE,0xF,0x1,0xA,0x2,0xD},
49 {0x8,0xF,0x6,0xB,0x1,0x9,0xC,0x5,0xD,0x3,0x7,0xA,0x0,0xE,0x2,0x4},
50 {0x3,0xE,0x5,0x9,0x6,0x8,0x0,0xD,0xA,0xB,0x7,0xC,0x2,0x1,0xF,0x4},
51 {0xE,0x9,0xB,0x2,0x5,0xF,0x7,0x1,0x0,0xD,0xC,0x6,0xA,0x4,0x3,0x8},
52 {0xD,0x8,0xE,0xC,0x7,0x3,0x9,0xA,0x1,0x5,0x2,0x4,0x6,0xF,0x0,0xB},
53 {0xC,0x9,0xF,0xE,0x8,0x1,0x3,0xA,0x2,0x7,0x4,0xD,0x6,0x0,0xB,0x5},
54 {0x4,0x2,0xF,0x5,0x9,0x1,0x0,0x8,0xE,0x3,0xB,0xC,0xD,0x7,0xA,0x6}
55 };
56
57
58
59
60/* 1.2.643.2.2.31.1 */
61gost_subst_block Gost28147_CryptoProParamSetA= {
62 {0xB,0xA,0xF,0x5,0x0,0xC,0xE,0x8,0x6,0x2,0x3,0x9,0x1,0x7,0xD,0x4},
63 {0x1,0xD,0x2,0x9,0x7,0xA,0x6,0x0,0x8,0xC,0x4,0x5,0xF,0x3,0xB,0xE},
64 {0x3,0xA,0xD,0xC,0x1,0x2,0x0,0xB,0x7,0x5,0x9,0x4,0x8,0xF,0xE,0x6},
65 {0xB,0x5,0x1,0x9,0x8,0xD,0xF,0x0,0xE,0x4,0x2,0x3,0xC,0x7,0xA,0x6},
66 {0xE,0x7,0xA,0xC,0xD,0x1,0x3,0x9,0x0,0x2,0xB,0x4,0xF,0x8,0x5,0x6},
67 {0xE,0x4,0x6,0x2,0xB,0x3,0xD,0x8,0xC,0xF,0x5,0xA,0x0,0x7,0x1,0x9},
68 {0x3,0x7,0xE,0x9,0x8,0xA,0xF,0x0,0x5,0x2,0x6,0xC,0xB,0x4,0xD,0x1},
69 {0x9,0x6,0x3,0x2,0x8,0xB,0x1,0x7,0xA,0x4,0xE,0xF,0xC,0x0,0xD,0x5}
70 };
71/* 1.2.643.2.2.31.2 */
72gost_subst_block Gost28147_CryptoProParamSetB=
73 {
74 {0x0,0x4,0xB,0xE,0x8,0x3,0x7,0x1,0xA,0x2,0x9,0x6,0xF,0xD,0x5,0xC},
75 {0x5,0x2,0xA,0xB,0x9,0x1,0xC,0x3,0x7,0x4,0xD,0x0,0x6,0xF,0x8,0xE},
76 {0x8,0x3,0x2,0x6,0x4,0xD,0xE,0xB,0xC,0x1,0x7,0xF,0xA,0x0,0x9,0x5},
77 {0x2,0x7,0xC,0xF,0x9,0x5,0xA,0xB,0x1,0x4,0x0,0xD,0x6,0x8,0xE,0x3},
78 {0x7,0x5,0x0,0xD,0xB,0x6,0x1,0x2,0x3,0xA,0xC,0xF,0x4,0xE,0x9,0x8},
79 {0xE,0xC,0x0,0xA,0x9,0x2,0xD,0xB,0x7,0x5,0x8,0xF,0x3,0x6,0x1,0x4},
80 {0x0,0x1,0x2,0xA,0x4,0xD,0x5,0xC,0x9,0x7,0x3,0xF,0xB,0x8,0x6,0xE},
81 {0x8,0x4,0xB,0x1,0x3,0x5,0x0,0x9,0x2,0xE,0xA,0xC,0xD,0x6,0x7,0xF}
82 };
83/* 1.2.643.2.2.31.3 */
84gost_subst_block Gost28147_CryptoProParamSetC=
85 {
86 {0x7,0x4,0x0,0x5,0xA,0x2,0xF,0xE,0xC,0x6,0x1,0xB,0xD,0x9,0x3,0x8},
87 {0xA,0x9,0x6,0x8,0xD,0xE,0x2,0x0,0xF,0x3,0x5,0xB,0x4,0x1,0xC,0x7},
88 {0xC,0x9,0xB,0x1,0x8,0xE,0x2,0x4,0x7,0x3,0x6,0x5,0xA,0x0,0xF,0xD},
89 {0x8,0xD,0xB,0x0,0x4,0x5,0x1,0x2,0x9,0x3,0xC,0xE,0x6,0xF,0xA,0x7},
90 {0x3,0x6,0x0,0x1,0x5,0xD,0xA,0x8,0xB,0x2,0x9,0x7,0xE,0xF,0xC,0x4},
91 {0x8,0x2,0x5,0x0,0x4,0x9,0xF,0xA,0x3,0x7,0xC,0xD,0x6,0xE,0x1,0xB},
92 {0x0,0x1,0x7,0xD,0xB,0x4,0x5,0x2,0x8,0xE,0xF,0xC,0x9,0xA,0x6,0x3},
93 {0x1,0xB,0xC,0x2,0x9,0xD,0x0,0xF,0x4,0x5,0x8,0xE,0xA,0x7,0x6,0x3}
94 };
95
96/* 1.2.643.2.2.31.4 */
97gost_subst_block Gost28147_CryptoProParamSetD=
98 {
99 {0x1,0xA,0x6,0x8,0xF,0xB,0x0,0x4,0xC,0x3,0x5,0x9,0x7,0xD,0x2,0xE},
100 {0x3,0x0,0x6,0xF,0x1,0xE,0x9,0x2,0xD,0x8,0xC,0x4,0xB,0xA,0x5,0x7},
101 {0x8,0x0,0xF,0x3,0x2,0x5,0xE,0xB,0x1,0xA,0x4,0x7,0xC,0x9,0xD,0x6},
102 {0x0,0xC,0x8,0x9,0xD,0x2,0xA,0xB,0x7,0x3,0x6,0x5,0x4,0xE,0xF,0x1},
103 {0x1,0x5,0xE,0xC,0xA,0x7,0x0,0xD,0x6,0x2,0xB,0x4,0x9,0x3,0xF,0x8},
104 {0x1,0xC,0xB,0x0,0xF,0xE,0x6,0x5,0xA,0xD,0x4,0x8,0x9,0x3,0x7,0x2},
105 {0xB,0x6,0x3,0x4,0xC,0xF,0xE,0x2,0x7,0xD,0x8,0x0,0x5,0xA,0x9,0x1},
106 {0xF,0xC,0x2,0xA,0x6,0x4,0x5,0x0,0x7,0x9,0xE,0xD,0x1,0xB,0x8,0x3}
107 };
108
109
110const byte CryptoProKeyMeshingKey[]={
111 0x69, 0x00, 0x72, 0x22, 0x64, 0xC9, 0x04, 0x23,
112 0x8D, 0x3A, 0xDB, 0x96, 0x46, 0xE9, 0x2A, 0xC4,
113 0x18, 0xFE, 0xAC, 0x94, 0x00, 0xED, 0x07, 0x12,
114 0xC0, 0x86, 0xDC, 0xC2, 0xEF, 0x4C, 0xA9, 0x2B
115 };
116/* Initialization of gost_ctx subst blocks*/
117static void kboxinit(gost_ctx *c, const gost_subst_block *b)
118 {
119 int i;
120
121 for (i = 0; i < 256; i++)
122 {
123 c->k87[i] = (b->k8[i>>4] <<4 | b->k7 [i &15])<<24;
124 c->k65[i] = (b->k6[i>>4] << 4 | b->k5 [i &15])<<16;
125 c->k43[i] = (b->k4[i>>4] <<4 | b->k3 [i &15])<<8;
126 c->k21[i] = b->k2[i>>4] <<4 | b->k1 [i &15];
127
128 }
129 }
130
131/* Part of GOST 28147 algorithm moved into separate function */
132static word32 f(gost_ctx *c,word32 x)
133 {
134 x = c->k87[x>>24 & 255] | c->k65[x>>16 & 255]|
135 c->k43[x>> 8 & 255] | c->k21[x & 255];
136 /* Rotate left 11 bits */
137 return x<<11 | x>>(32-11);
138 }
139/* Low-level encryption routine - encrypts one 64 bit block*/
140void gostcrypt(gost_ctx *c, const byte *in, byte *out)
141 {
142 register word32 n1, n2; /* As named in the GOST */
143 n1 = in[0]|(in[1]<<8)|(in[2]<<16)|(in[3]<<24);
144 n2 = in[4]|(in[5]<<8)|(in[6]<<16)|(in[7]<<24);
145 /* Instead of swapping halves, swap names each round */
146
147 n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]);
148 n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]);
149 n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]);
150 n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]);
151
152 n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]);
153 n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]);
154 n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]);
155 n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]);
156
157 n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]);
158 n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]);
159 n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]);
160 n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]);
161
162 n2 ^= f(c,n1+c->k[7]); n1 ^= f(c,n2+c->k[6]);
163 n2 ^= f(c,n1+c->k[5]); n1 ^= f(c,n2+c->k[4]);
164 n2 ^= f(c,n1+c->k[3]); n1 ^= f(c,n2+c->k[2]);
165 n2 ^= f(c,n1+c->k[1]); n1 ^= f(c,n2+c->k[0]);
166
167 out[0] = (byte)(n2&0xff); out[1] = (byte)((n2>>8)&0xff);
168 out[2] = (byte)((n2>>16)&0xff); out[3]=(byte)(n2>>24);
169 out[4] = (byte)(n1&0xff); out[5] = (byte)((n1>>8)&0xff);
170 out[6] = (byte)((n1>>16)&0xff); out[7] = (byte)(n1>>24);
171 }
172/* Low-level decryption routine. Decrypts one 64-bit block */
173void gostdecrypt(gost_ctx *c, const byte *in,byte *out)
174 {
175 register word32 n1, n2; /* As named in the GOST */
176 n1 = in[0]|(in[1]<<8)|(in[2]<<16)|(in[3]<<24);
177 n2 = in[4]|(in[5]<<8)|(in[6]<<16)|(in[7]<<24);
178
179 n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]);
180 n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]);
181 n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]);
182 n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]);
183
184 n2 ^= f(c,n1+c->k[7]); n1 ^= f(c,n2+c->k[6]);
185 n2 ^= f(c,n1+c->k[5]); n1 ^= f(c,n2+c->k[4]);
186 n2 ^= f(c,n1+c->k[3]); n1 ^= f(c,n2+c->k[2]);
187 n2 ^= f(c,n1+c->k[1]); n1 ^= f(c,n2+c->k[0]);
188
189 n2 ^= f(c,n1+c->k[7]); n1 ^= f(c,n2+c->k[6]);
190 n2 ^= f(c,n1+c->k[5]); n1 ^= f(c,n2+c->k[4]);
191 n2 ^= f(c,n1+c->k[3]); n1 ^= f(c,n2+c->k[2]);
192 n2 ^= f(c,n1+c->k[1]); n1 ^= f(c,n2+c->k[0]);
193
194 n2 ^= f(c,n1+c->k[7]); n1 ^= f(c,n2+c->k[6]);
195 n2 ^= f(c,n1+c->k[5]); n1 ^= f(c,n2+c->k[4]);
196 n2 ^= f(c,n1+c->k[3]); n1 ^= f(c,n2+c->k[2]);
197 n2 ^= f(c,n1+c->k[1]); n1 ^= f(c,n2+c->k[0]);
198
199 out[0] = (byte)(n2&0xff); out[1] = (byte)((n2>>8)&0xff);
200 out[2] = (byte)((n2>>16)&0xff); out[3]=(byte)(n2>>24);
201 out[4] = (byte)(n1&0xff); out[5] = (byte)((n1>>8)&0xff);
202 out[6] = (byte)((n1>>16)&0xff); out[7] = (byte)(n1>>24);
203 }
204
205/* Encrypts several blocks in ECB mode */
206void gost_enc(gost_ctx *c,const byte *clear,byte *cipher, int blocks)
207 {
208 int i;
209 for(i=0;i<blocks;i++)
210 {
211 gostcrypt(c,clear,cipher);
212 clear+=8;
213 cipher+=8;
214 }
215 }
216/* Decrypts several blocks in ECB mode */
217void gost_dec(gost_ctx *c, const byte *cipher,byte *clear, int blocks)
218 {
219 int i;
220 for(i=0;i<blocks;i++)
221 {
222 gostdecrypt(c,cipher,clear);
223 clear+=8;
224 cipher+=8;
225 }
226 }
227
228/* Encrypts several full blocks in CFB mode using 8byte IV */
229void gost_enc_cfb(gost_ctx *ctx,const byte *iv,const byte *clear,byte *cipher, int blocks)
230 {
231 byte cur_iv[8];
232 byte gamma[8];
233 int i,j;
234 const byte *in;
235 byte *out;
236 memcpy(cur_iv,iv,8);
237 for(i=0,in=clear,out=cipher;i<blocks;i++,in+=8,out+=8)
238 {
239 gostcrypt(ctx,cur_iv,gamma);
240 for (j=0;j<8;j++)
241 {
242 cur_iv[j]=out[j]=in[j]^gamma[j];
243 }
244 }
245 }
246/* Decrypts several full blocks in CFB mode using 8byte IV */
247void gost_dec_cfb(gost_ctx *ctx,const byte *iv,const byte *cipher,byte *clear, int blocks)
248 {
249 byte cur_iv[8];
250 byte gamma[8];
251 int i,j;
252 const byte *in;
253 byte *out;
254 memcpy(cur_iv,iv,8);
255 for(i=0,in=cipher,out=clear;i<blocks;i++,in+=8,out+=8)
256 {
257 gostcrypt(ctx,cur_iv,gamma);
258 for (j=0;j<8;j++)
259 {
260 out[j]=(cur_iv[j]=in[j])^gamma[j];
261 }
262 }
263 }
264
265/* Encrypts one block using specified key */
266void gost_enc_with_key(gost_ctx *c,byte *key,byte *inblock,byte *outblock)
267 {
268 gost_key(c,key);
269 gostcrypt(c,inblock,outblock);
270 }
271
272/* Set 256 bit key into context */
273void gost_key(gost_ctx *c, const byte *k)
274 {
275 int i,j;
276 for(i=0,j=0;i<8;i++,j+=4)
277 {
278 c->k[i]=k[j]|(k[j+1]<<8)|(k[j+2]<<16)|(k[j+3]<<24);
279 }
280 }
281
282/* Retrieve 256-bit key from context */
283void gost_get_key(gost_ctx *c, byte *k)
284 {
285 int i,j;
286 for(i=0,j=0;i<8;i++,j+=4)
287 {
288 k[j]=(byte)(c->k[i]& 0xFF);
289 k[j+1]=(byte)((c->k[i]>>8 )&0xFF);
290 k[j+2]=(byte)((c->k[i]>>16) &0xFF);
291 k[j+3]=(byte)((c->k[i]>>24) &0xFF);
292 }
293 }
294
295/* Initalize context. Provides default value for subst_block */
296void gost_init(gost_ctx *c, const gost_subst_block *b)
297 {
298 if(!b)
299 {
300 b=&GostR3411_94_TestParamSet;
301 }
302 kboxinit(c,b);
303 }
304
305/* Cleans up key from context */
306void gost_destroy(gost_ctx *c)
307 {
308 int i; for(i=0;i<8;i++) c->k[i]=0;
309 }
310
311/* Compute GOST 28147 mac block
312 *
313 * Parameters
314 * gost_ctx *c - context initalized with substitution blocks and key
315 * buffer - 8-byte mac state buffer
316 * block 8-byte block to process.
317 * */
318void mac_block(gost_ctx *c,byte *buffer,const byte *block)
319 {
320 register word32 n1, n2; /* As named in the GOST */
321 int i;
322 for (i=0; i<8; i++)
323 {
324 buffer[i]^=block[i];
325 }
326 n1 = buffer[0]|(buffer[1]<<8)|(buffer[2]<<16)|(buffer[3]<<24);
327 n2 = buffer[4]|(buffer[5]<<8)|(buffer[6]<<16)|(buffer[7]<<24);
328 /* Instead of swapping halves, swap names each round */
329
330 n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]);
331 n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]);
332 n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]);
333 n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]);
334
335 n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]);
336 n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]);
337 n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]);
338 n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]);
339
340 buffer[0] = (byte)(n1&0xff); buffer[1] = (byte)((n1>>8)&0xff);
341 buffer[2] = (byte)((n1>>16)&0xff); buffer[3] = (byte)(n1>>24);
342 buffer[4] = (byte)(n2&0xff); buffer[5] = (byte)((n2>>8)&0xff);
343 buffer[6] = (byte)((n2>>16)&0xff); buffer[7] = (byte)(n2>>24);
344 }
345
346/* Get mac with specified number of bits from MAC state buffer */
347void get_mac(byte *buffer,int nbits,byte *out)
348 {
349 int nbytes= nbits >> 3;
350 int rembits = nbits & 7;
351 int mask =rembits?((1<rembits)-1):0;
352 int i;
353 for (i=0;i<nbytes;i++) out[i]=buffer[i];
354 if (rembits) out[i]=buffer[i]&mask;
355 }
356
357/* Compute mac of specified length (in bits) from data.
358 * Context should be initialized with key and subst blocks */
359int gost_mac(gost_ctx *ctx,int mac_len,const unsigned char *data,
360 unsigned int data_len,unsigned char *mac)
361 {
362 byte buffer[8]={0,0,0,0,0,0,0,0};
363 byte buf2[8];
364 unsigned int i;
365 for (i=0;i+8<=data_len;i+=8)
366 mac_block(ctx,buffer,data+i);
367 if (i<data_len)
368 {
369 memset(buf2,0,8);
370 memcpy(buf2,data+i,data_len-i);
371 mac_block(ctx,buffer,buf2);
372 i+=8;
373 }
374 if (i==8)
375 {
376 memset(buf2,0,8);
377 mac_block(ctx,buffer,buf2);
378 }
379 get_mac(buffer,mac_len,mac);
380 return 1;
381 }
382
383/* Compute MAC with non-zero IV. Used in some RFC 4357 algorithms */
384int gost_mac_iv(gost_ctx *ctx,int mac_len,const unsigned char *iv,const unsigned char *data,
385 unsigned int data_len,unsigned char *mac)
386 {
387 byte buffer[8];
388 byte buf2[8];
389 unsigned int i;
390 memcpy (buffer,iv,8);
391 for (i=0;i+8<=data_len;i+=8)
392 mac_block(ctx,buffer,data+i);
393 if (i<data_len)
394 {
395 memset(buf2,0,8);
396 memcpy(buf2,data+i,data_len-i);
397 mac_block(ctx,buffer,buf2);
398 i+=8;
399 }
400 if (i==8)
401 {
402 memset(buf2,0,8);
403 mac_block(ctx,buffer,buf2);
404 }
405 get_mac(buffer,mac_len,mac);
406 return 1;
407 }
408
409/* Implements key meshing algorithm by modifing ctx and IV in place */
410void cryptopro_key_meshing(gost_ctx *ctx, unsigned char *iv)
411 {
412 unsigned char newkey[32],newiv[8];
413 /* Set static keymeshing key */
414 /* "Decrypt" key with keymeshing key */
415 gost_dec(ctx,CryptoProKeyMeshingKey,newkey,4);
416 /* set new key */
417 gost_key(ctx,newkey);
418 /* Encrypt iv with new key */
419 gostcrypt(ctx,iv,newiv);
420 memcpy(iv,newiv,8);
421 }
diff --git a/src/lib/libssl/src/engines/ccgost/gost89.h b/src/lib/libssl/src/engines/ccgost/gost89.h
deleted file mode 100644
index 8da2407b03..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gost89.h
+++ /dev/null
@@ -1,92 +0,0 @@
1/**********************************************************************
2 * gost89.h *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * Declarations for GOST 28147-89 encryption algorithm *
7 * No OpenSSL libraries required to compile and use *
8 * this code *
9 **********************************************************************/
10#ifndef GOST89_H
11#define GOST89_H
12
13/* Typedef for unsigned 32-bit integer */
14#if __LONG_MAX__ > 2147483647L
15typedef unsigned int u4;
16#else
17typedef unsigned long u4;
18#endif
19/* Typedef for unsigned 8-bit integer */
20typedef unsigned char byte;
21
22/* Internal representation of GOST substitution blocks */
23typedef struct {
24 byte k8[16];
25 byte k7[16];
26 byte k6[16];
27 byte k5[16];
28 byte k4[16];
29 byte k3[16];
30 byte k2[16];
31 byte k1[16];
32} gost_subst_block;
33
34
35/* Cipher context includes key and preprocessed substitution block */
36typedef struct {
37 u4 k[8];
38 /* Constant s-boxes -- set up in gost_init(). */
39 u4 k87[256],k65[256],k43[256],k21[256];
40} gost_ctx;
41/* Note: encrypt and decrypt expect full blocks--padding blocks is
42 caller's responsibility. All bulk encryption is done in
43 ECB mode by these calls. Other modes may be added easily
44 enough. */
45/* Encrypt several full blocks in ECB mode */
46void gost_enc(gost_ctx *ctx, const byte *clear,byte *cipher, int blocks);
47/* Decrypt several full blocks in ECB mode */
48void gost_dec(gost_ctx *ctx, const byte *cipher,byte *clear, int blocks);
49/* Encrypts several full blocks in CFB mode using 8byte IV */
50void gost_enc_cfb(gost_ctx *ctx,const byte *iv,const byte *clear,byte *cipher,int blocks);
51/* Decrypts several full blocks in CFB mode using 8byte IV */
52void gost_dec_cfb(gost_ctx *ctx,const byte *iv,const byte *cipher,byte *clear,int blocks);
53
54/* Encrypt one block */
55void gostcrypt(gost_ctx *c, const byte *in, byte *out);
56/* Decrypt one block */
57void gostdecrypt(gost_ctx *c, const byte *in,byte *out);
58/* Set key into context */
59void gost_key(gost_ctx *ctx, const byte *key);
60/* Get key from context */
61void gost_get_key(gost_ctx *ctx, byte *key);
62/* Set S-blocks into context */
63void gost_init(gost_ctx *ctx, const gost_subst_block *subst_block);
64/* Clean up context */
65void gost_destroy(gost_ctx *ctx);
66/* Intermediate function used for calculate hash */
67void gost_enc_with_key(gost_ctx *,byte *key,byte *inblock,byte *outblock);
68/* Compute MAC of given length in bits from data */
69int gost_mac(gost_ctx *ctx,int hmac_len,const unsigned char *data,
70 unsigned int data_len,unsigned char *hmac) ;
71/* Compute MAC of given length in bits from data, using non-zero 8-byte
72 * IV (non-standard, for use in CryptoPro key transport only */
73int gost_mac_iv(gost_ctx *ctx,int hmac_len,const unsigned char *iv,const unsigned char *data,
74 unsigned int data_len,unsigned char *hmac) ;
75/* Perform one step of MAC calculation like gostcrypt */
76void mac_block(gost_ctx *c,byte *buffer,const byte *block);
77/* Extracts MAC value from mac state buffer */
78void get_mac(byte *buffer,int nbits,byte *out);
79/* Implements cryptopro key meshing algorithm. Expect IV to be 8-byte size*/
80void cryptopro_key_meshing(gost_ctx *ctx, unsigned char *iv);
81/* Parameter sets specified in RFC 4357 */
82extern gost_subst_block GostR3411_94_TestParamSet;
83extern gost_subst_block GostR3411_94_CryptoProParamSet;
84extern gost_subst_block Gost28147_TestParamSet;
85extern gost_subst_block Gost28147_CryptoProParamSetA;
86extern gost_subst_block Gost28147_CryptoProParamSetB;
87extern gost_subst_block Gost28147_CryptoProParamSetC;
88extern gost_subst_block Gost28147_CryptoProParamSetD;
89extern const byte CryptoProKeyMeshingKey[];
90typedef unsigned int word32;
91
92#endif
diff --git a/src/lib/libssl/src/engines/ccgost/gost94_keyx.c b/src/lib/libssl/src/engines/ccgost/gost94_keyx.c
deleted file mode 100644
index 0d7d3ffe6a..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gost94_keyx.c
+++ /dev/null
@@ -1,291 +0,0 @@
1/**********************************************************************
2 * gost94_keyx.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * Implements generation and parsing of GOST_KEY_TRANSPORT for *
7 * GOST R 34.10-94 algorithms *
8 * *
9 * Requires OpenSSL 0.9.9 for compilation *
10 **********************************************************************/
11#include <string.h>
12#include <openssl/dh.h>
13#include <openssl/rand.h>
14#include <openssl/evp.h>
15#include <openssl/objects.h>
16
17#include "gost89.h"
18#include "gosthash.h"
19#include "e_gost_err.h"
20#include "gost_keywrap.h"
21#include "gost_lcl.h"
22/* Common functions for both 94 and 2001 key exchange schemes */
23/* Implementation of the Diffi-Hellman key agreement scheme based on
24 * GOST-94 keys */
25
26/* Computes Diffie-Hellman key and stores it into buffer in
27 * little-endian byte order as expected by both versions of GOST 94
28 * algorithm
29 */
30static int compute_pair_key_le(unsigned char *pair_key,BIGNUM *pub_key,DH *dh)
31 {
32 unsigned char be_key[128];
33 int i,key_size;
34 key_size=DH_compute_key(be_key,pub_key,dh);
35 if (!key_size) return 0;
36 memset(pair_key,0,128);
37 for (i=0;i<key_size;i++)
38 {
39 pair_key[i]=be_key[key_size-1-i];
40 }
41 return key_size;
42 }
43
44/*
45 * Computes 256 bit Key exchange key as specified in RFC 4357
46 */
47static int make_cp_exchange_key(BIGNUM *priv_key,EVP_PKEY *pubk, unsigned char *shared_key)
48 {
49 unsigned char dh_key [128];
50 int ret;
51 gost_hash_ctx hash_ctx;
52 DH *dh = DH_new();
53
54 if (!dh)
55 return 0;
56 memset(dh_key,0,128);
57 dh->g = BN_dup(pubk->pkey.dsa->g);
58 dh->p = BN_dup(pubk->pkey.dsa->p);
59 dh->priv_key = BN_dup(priv_key);
60 ret=compute_pair_key_le(dh_key,((DSA *)(EVP_PKEY_get0(pubk)))->pub_key,dh) ;
61 DH_free(dh);
62 if (!ret) return 0;
63 init_gost_hash_ctx(&hash_ctx,&GostR3411_94_CryptoProParamSet);
64 start_hash(&hash_ctx);
65 hash_block(&hash_ctx,dh_key,128);
66 finish_hash(&hash_ctx,shared_key);
67 done_gost_hash_ctx(&hash_ctx);
68 return 1;
69 }
70
71/* EVP_PKEY_METHOD callback derive. Implements VKO R 34.10-94 */
72
73int pkey_gost94_derive(EVP_PKEY_CTX *ctx,unsigned char *key,size_t *keylen)
74 {
75 EVP_PKEY *pubk = EVP_PKEY_CTX_get0_peerkey(ctx);
76 EVP_PKEY *mykey = EVP_PKEY_CTX_get0_pkey(ctx);
77 *keylen = 32;
78 if (key == NULL) return 1;
79
80 return make_cp_exchange_key(gost_get0_priv_key(mykey), pubk, key);
81 }
82
83/* EVP_PKEY_METHOD callback encrypt for
84 * GOST R 34.10-94 cryptopro modification
85 */
86
87
88int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* key, size_t key_len )
89 {
90 GOST_KEY_TRANSPORT *gkt=NULL;
91 unsigned char shared_key[32], ukm[8],crypted_key[44];
92 const struct gost_cipher_info *param=get_encryption_params(NULL);
93 EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(ctx);
94 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
95 gost_ctx cctx;
96 int key_is_ephemeral=1;
97 EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx);
98
99 /* Do not use vizir cipher parameters with cryptopro */
100 if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS) && param == gost_cipher_list)
101 {
102 param= gost_cipher_list+1;
103 }
104
105 if (mykey)
106 {
107 /* If key already set, it is not ephemeral */
108 key_is_ephemeral=0;
109 if (!gost_get0_priv_key(mykey))
110 {
111 GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
112 GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
113 goto err;
114 }
115 }
116 else
117 {
118 /* Otherwise generate ephemeral key */
119 key_is_ephemeral = 1;
120 if (out)
121 {
122 mykey = EVP_PKEY_new();
123 EVP_PKEY_assign(mykey, EVP_PKEY_base_id(pubk),DSA_new());
124 EVP_PKEY_copy_parameters(mykey,pubk);
125 if (!gost_sign_keygen(EVP_PKEY_get0(mykey)))
126 {
127 goto err;
128 }
129 }
130 }
131 if (out)
132 make_cp_exchange_key(gost_get0_priv_key(mykey),pubk,shared_key);
133 if (data->shared_ukm)
134 {
135 memcpy(ukm,data->shared_ukm,8);
136 }
137 else if (out)
138 {
139 if (RAND_bytes(ukm,8)<=0)
140 {
141 GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
142 GOST_R_RANDOM_GENERATOR_FAILURE);
143 goto err;
144 }
145 }
146
147 if (out) {
148 gost_init(&cctx,param->sblock);
149 keyWrapCryptoPro(&cctx,shared_key,ukm,key,crypted_key);
150 }
151 gkt = GOST_KEY_TRANSPORT_new();
152 if (!gkt)
153 {
154 goto memerr;
155 }
156 if(!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv,
157 ukm,8))
158 {
159 goto memerr;
160 }
161 if (!ASN1_OCTET_STRING_set(gkt->key_info->imit,crypted_key+40,4))
162 {
163 goto memerr;
164 }
165 if (!ASN1_OCTET_STRING_set(gkt->key_info->encrypted_key,crypted_key+8,32))
166 {
167 goto memerr;
168 }
169 if (key_is_ephemeral) {
170 if (!X509_PUBKEY_set(&gkt->key_agreement_info->ephem_key,out?mykey:pubk))
171 {
172 GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
173 goto err;
174 }
175 if (out) EVP_PKEY_free(mykey);
176 }
177 ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
178 gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
179 *outlen = i2d_GOST_KEY_TRANSPORT(gkt,out?&out:NULL);
180 if (*outlen <= 0)
181 {
182 GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO);
183 goto err;
184 }
185 if (!key_is_ephemeral)
186 {
187 /* Set control "public key from client certificate used" */
188 if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0)
189 {
190 GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
191 GOST_R_CTRL_CALL_FAILED);
192 goto err;
193 }
194 }
195 GOST_KEY_TRANSPORT_free(gkt);
196 return 1;
197 memerr:
198 if (key_is_ephemeral) {
199 EVP_PKEY_free(mykey);
200 }
201 GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
202 GOST_R_MALLOC_FAILURE);
203 err:
204 GOST_KEY_TRANSPORT_free(gkt);
205 return -1;
206 }
207
208
209/* EVP_PLEY_METHOD callback decrypt for
210 * GOST R 34.10-94 cryptopro modification
211 */
212int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *key_len,const unsigned char *in, size_t in_len) {
213 const unsigned char *p = in;
214 GOST_KEY_TRANSPORT *gkt = NULL;
215 unsigned char wrappedKey[44];
216 unsigned char sharedKey[32];
217 gost_ctx cctx;
218 const struct gost_cipher_info *param=NULL;
219 EVP_PKEY *eph_key=NULL, *peerkey=NULL;
220 EVP_PKEY *priv= EVP_PKEY_CTX_get0_pkey(ctx);
221
222 if (!key)
223 {
224 *key_len = 32;
225 return 1;
226 }
227
228 gkt = d2i_GOST_KEY_TRANSPORT(NULL,(const unsigned char **)&p,
229 in_len);
230 if (!gkt)
231 {
232 GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
233 return 0;
234 }
235 eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key);
236 if (eph_key)
237 {
238 if (EVP_PKEY_derive_set_peer(ctx, eph_key) <= 0)
239 {
240 GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
241 GOST_R_INCOMPATIBLE_PEER_KEY);
242 goto err;
243 }
244 }
245 else
246 {
247 /* Set control "public key from client certificate used" */
248 if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0)
249 {
250 GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
251 GOST_R_CTRL_CALL_FAILED);
252 goto err;
253 }
254 }
255 peerkey = EVP_PKEY_CTX_get0_peerkey(ctx);
256 if (!peerkey)
257 {
258 GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
259 GOST_R_NO_PEER_KEY);
260 goto err;
261 }
262
263 param = get_encryption_params(gkt->key_agreement_info->cipher);
264 if(!param){
265 goto err;
266 }
267
268 gost_init(&cctx,param->sblock);
269 OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8);
270 memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8);
271 OPENSSL_assert(gkt->key_info->encrypted_key->length==32);
272 memcpy(wrappedKey+8,gkt->key_info->encrypted_key->data,32);
273 OPENSSL_assert(gkt->key_info->imit->length==4);
274 memcpy(wrappedKey+40,gkt->key_info->imit->data,4);
275 make_cp_exchange_key(gost_get0_priv_key(priv),peerkey,sharedKey);
276 if (!keyUnwrapCryptoPro(&cctx,sharedKey,wrappedKey,key))
277 {
278 GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,
279 GOST_R_ERROR_COMPUTING_SHARED_KEY);
280 goto err;
281 }
282
283 EVP_PKEY_free(eph_key);
284 GOST_KEY_TRANSPORT_free(gkt);
285 return 1;
286err:
287 EVP_PKEY_free(eph_key);
288 GOST_KEY_TRANSPORT_free(gkt);
289 return -1;
290 }
291
diff --git a/src/lib/libssl/src/engines/ccgost/gost_ameth.c b/src/lib/libssl/src/engines/ccgost/gost_ameth.c
deleted file mode 100644
index 2cde1fcfd9..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gost_ameth.c
+++ /dev/null
@@ -1,945 +0,0 @@
1/**********************************************************************
2 * gost_ameth.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * Implementation of RFC 4490/4491 ASN1 method *
7 * for OpenSSL *
8 * Requires OpenSSL 0.9.9 for compilation *
9 **********************************************************************/
10#include <string.h>
11#include <openssl/crypto.h>
12#include <openssl/err.h>
13#include <openssl/engine.h>
14#include <openssl/evp.h>
15#include <openssl/asn1.h>
16#ifndef OPENSSL_NO_CMS
17#include <openssl/cms.h>
18#endif
19#include "gost_params.h"
20#include "gost_lcl.h"
21#include "e_gost_err.h"
22
23int gost94_nid_by_params(DSA *p)
24 {
25 R3410_params *gost_params;
26 BIGNUM *q=BN_new();
27 for (gost_params = R3410_paramset;gost_params->q!=NULL; gost_params++)
28 {
29 BN_dec2bn(&q,gost_params->q);
30 if (!BN_cmp(q,p->q))
31 {
32 BN_free(q);
33 return gost_params->nid;
34 }
35 }
36 BN_free(q);
37 return NID_undef;
38 }
39
40static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key)
41 {
42 ASN1_STRING *params = ASN1_STRING_new();
43 GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new();
44 int pkey_param_nid = NID_undef;
45
46 if (!params || !gkp)
47 {
48 GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS,
49 ERR_R_MALLOC_FAILURE);
50 ASN1_STRING_free(params);
51 params = NULL;
52 goto err;
53 }
54 switch (EVP_PKEY_base_id(key))
55 {
56 case NID_id_GostR3410_2001:
57 pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)key)));
58 break;
59 case NID_id_GostR3410_94:
60 pkey_param_nid = (int) gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)key));
61 if (pkey_param_nid == NID_undef)
62 {
63 GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS,
64 GOST_R_INVALID_GOST94_PARMSET);
65 ASN1_STRING_free(params);
66 params=NULL;
67 goto err;
68 }
69 break;
70 }
71 gkp->key_params = OBJ_nid2obj(pkey_param_nid);
72 gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet);
73 /*gkp->cipher_params = OBJ_nid2obj(cipher_param_nid);*/
74 params->length = i2d_GOST_KEY_PARAMS(gkp, &params->data);
75 if (params->length <=0 )
76 {
77 GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS,
78 ERR_R_MALLOC_FAILURE);
79 ASN1_STRING_free(params);
80 params = NULL;
81 goto err;
82 }
83 params ->type = V_ASN1_SEQUENCE;
84 err:
85 GOST_KEY_PARAMS_free(gkp);
86 return params;
87 }
88
89/* Parses GOST algorithm parameters from X509_ALGOR and
90 * modifies pkey setting NID and parameters
91 */
92static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg)
93 {
94 ASN1_OBJECT *palg_obj =NULL;
95 int ptype = V_ASN1_UNDEF;
96 int pkey_nid = NID_undef,param_nid = NID_undef;
97 void *_pval;
98 ASN1_STRING *pval = NULL;
99 const unsigned char *p;
100 GOST_KEY_PARAMS *gkp = NULL;
101
102 X509_ALGOR_get0(&palg_obj, &ptype, &_pval, palg);
103 pval = _pval;
104 if (ptype != V_ASN1_SEQUENCE)
105 {
106 GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS,
107 GOST_R_BAD_KEY_PARAMETERS_FORMAT);
108 return 0;
109 }
110 p=pval->data;
111 pkey_nid = OBJ_obj2nid(palg_obj);
112
113 gkp = d2i_GOST_KEY_PARAMS(NULL,&p,pval->length);
114 if (!gkp)
115 {
116 GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS,
117 GOST_R_BAD_PKEY_PARAMETERS_FORMAT);
118 return 0;
119 }
120 param_nid = OBJ_obj2nid(gkp->key_params);
121 GOST_KEY_PARAMS_free(gkp);
122 EVP_PKEY_set_type(pkey,pkey_nid);
123 switch (pkey_nid)
124 {
125 case NID_id_GostR3410_94:
126 {
127 DSA *dsa= EVP_PKEY_get0(pkey);
128 if (!dsa)
129 {
130 dsa = DSA_new();
131 if (!EVP_PKEY_assign(pkey,pkey_nid,dsa)) return 0;
132 }
133 if (!fill_GOST94_params(dsa,param_nid)) return 0;
134 break;
135 }
136 case NID_id_GostR3410_2001:
137 {
138 EC_KEY *ec = EVP_PKEY_get0(pkey);
139 if (!ec)
140 {
141 ec = EC_KEY_new();
142 if (!EVP_PKEY_assign(pkey,pkey_nid,ec)) return 0;
143 }
144 if (!fill_GOST2001_params(ec,param_nid)) return 0;
145 }
146 }
147
148 return 1;
149 }
150
151static int gost_set_priv_key(EVP_PKEY *pkey,BIGNUM *priv)
152 {
153 switch (EVP_PKEY_base_id(pkey))
154 {
155 case NID_id_GostR3410_94:
156 {
157 DSA *dsa = EVP_PKEY_get0(pkey);
158 if (!dsa)
159 {
160 dsa = DSA_new();
161 EVP_PKEY_assign(pkey,EVP_PKEY_base_id(pkey),dsa);
162 }
163 dsa->priv_key = BN_dup(priv);
164 if (!EVP_PKEY_missing_parameters(pkey))
165 gost94_compute_public(dsa);
166 break;
167 }
168 case NID_id_GostR3410_2001:
169 {
170 EC_KEY *ec = EVP_PKEY_get0(pkey);
171 if (!ec)
172 {
173 ec = EC_KEY_new();
174 EVP_PKEY_assign(pkey,EVP_PKEY_base_id(pkey),ec);
175 }
176 if (!EC_KEY_set_private_key(ec,priv)) return 0;
177 if (!EVP_PKEY_missing_parameters(pkey))
178 gost2001_compute_public(ec);
179 break;
180 }
181 }
182 return 1;
183 }
184BIGNUM* gost_get0_priv_key(const EVP_PKEY *pkey)
185 {
186 switch (EVP_PKEY_base_id(pkey))
187 {
188 case NID_id_GostR3410_94:
189 {
190 DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pkey);
191 if (!dsa)
192 {
193 return NULL;
194 }
195 if (!dsa->priv_key) return NULL;
196 return dsa->priv_key;
197 break;
198 }
199 case NID_id_GostR3410_2001:
200 {
201 EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey);
202 const BIGNUM* priv;
203 if (!ec)
204 {
205 return NULL;
206 }
207 if (!(priv=EC_KEY_get0_private_key(ec))) return NULL;
208 return (BIGNUM *)priv;
209 break;
210 }
211 }
212 return NULL;
213 }
214
215static int pkey_ctrl_gost(EVP_PKEY *pkey, int op,
216 long arg1, void *arg2)
217 {
218 switch (op)
219 {
220 case ASN1_PKEY_CTRL_PKCS7_SIGN:
221 if (arg1 == 0)
222 {
223 X509_ALGOR *alg1 = NULL, *alg2 = NULL;
224 int nid = EVP_PKEY_base_id(pkey);
225 PKCS7_SIGNER_INFO_get0_algs((PKCS7_SIGNER_INFO*)arg2,
226 NULL, &alg1, &alg2);
227 X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_id_GostR3411_94),
228 V_ASN1_NULL, 0);
229 if (nid == NID_undef)
230 {
231 return (-1);
232 }
233 X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
234 }
235 return 1;
236#ifndef OPENSSL_NO_CMS
237 case ASN1_PKEY_CTRL_CMS_SIGN:
238 if (arg1 == 0)
239 {
240 X509_ALGOR *alg1 = NULL, *alg2 = NULL;
241 int nid = EVP_PKEY_base_id(pkey);
242 CMS_SignerInfo_get0_algs((CMS_SignerInfo *)arg2,
243 NULL, NULL, &alg1, &alg2);
244 X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_id_GostR3411_94),
245 V_ASN1_NULL, 0);
246 if (nid == NID_undef)
247 {
248 return (-1);
249 }
250 X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
251 }
252 return 1;
253#endif
254 case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
255 if (arg1 == 0)
256 {
257 X509_ALGOR *alg;
258 ASN1_STRING * params = encode_gost_algor_params(pkey);
259 if (!params)
260 {
261 return -1;
262 }
263 PKCS7_RECIP_INFO_get0_alg((PKCS7_RECIP_INFO*)arg2, &alg);
264 X509_ALGOR_set0(alg, OBJ_nid2obj(pkey->type),
265 V_ASN1_SEQUENCE, params);
266 }
267 return 1;
268#ifndef OPENSSL_NO_CMS
269 case ASN1_PKEY_CTRL_CMS_ENVELOPE:
270 if (arg1 == 0)
271 {
272 X509_ALGOR *alg;
273 ASN1_STRING * params = encode_gost_algor_params(pkey);
274 if (!params)
275 {
276 return -1;
277 }
278 CMS_RecipientInfo_ktri_get0_algs((CMS_RecipientInfo *)arg2, NULL, NULL, &alg);
279 X509_ALGOR_set0(alg, OBJ_nid2obj(pkey->type),
280 V_ASN1_SEQUENCE, params);
281 }
282 return 1;
283#endif
284 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
285 *(int *)arg2 = NID_id_GostR3411_94;
286 return 2;
287 }
288
289 return -2;
290 }
291/*----------------------- free functions * ------------------------------*/
292static void pkey_free_gost94(EVP_PKEY *key)
293 {
294 if (key->pkey.dsa)
295 {
296 DSA_free(key->pkey.dsa);
297 }
298 }
299
300static void pkey_free_gost01(EVP_PKEY *key)
301 {
302 if (key->pkey.ec)
303 {
304 EC_KEY_free(key->pkey.ec);
305 }
306 }
307
308/* ------------------ private key functions -----------------------------*/
309static int priv_decode_gost( EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf)
310 {
311 const unsigned char *pkey_buf = NULL,*p=NULL;
312 int priv_len = 0;
313 BIGNUM *pk_num=NULL;
314 int ret =0;
315 X509_ALGOR *palg =NULL;
316 ASN1_OBJECT *palg_obj = NULL;
317 ASN1_INTEGER *priv_key=NULL;
318
319 if (!PKCS8_pkey_get0(&palg_obj,&pkey_buf,&priv_len,&palg,p8inf))
320 return 0;
321 p = pkey_buf;
322 if (!decode_gost_algor_params(pk,palg))
323 {
324 return 0;
325 }
326 if (V_ASN1_OCTET_STRING == *p)
327 {
328 /* New format - Little endian octet string */
329 unsigned char rev_buf[32];
330 int i;
331 ASN1_OCTET_STRING *s = d2i_ASN1_OCTET_STRING(NULL,&p,priv_len);
332 if (!s||s->length !=32)
333 {
334 GOSTerr(GOST_F_PRIV_DECODE_GOST,
335 EVP_R_DECODE_ERROR);
336 return 0;
337 }
338 for (i=0;i<32;i++)
339 {
340 rev_buf[31-i]=s->data[i];
341 }
342 ASN1_STRING_free(s);
343 pk_num = getbnfrombuf(rev_buf,32);
344 }
345 else
346 {
347 priv_key=d2i_ASN1_INTEGER(NULL,&p,priv_len);
348 if (!priv_key) return 0;
349 ret= ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL))!=NULL) ;
350 ASN1_INTEGER_free(priv_key);
351 if (!ret)
352 {
353 GOSTerr(GOST_F_PRIV_DECODE_GOST,
354 EVP_R_DECODE_ERROR);
355 return 0;
356 }
357 }
358
359 ret= gost_set_priv_key(pk,pk_num);
360 BN_free(pk_num);
361 return ret;
362 }
363
364/* ----------------------------------------------------------------------*/
365static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
366 {
367 ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
368 ASN1_STRING *params = encode_gost_algor_params(pk);
369 unsigned char *priv_buf = NULL;
370 int priv_len;
371
372 ASN1_INTEGER *asn1key=NULL;
373 if (!params)
374 {
375 return 0;
376 }
377 asn1key = BN_to_ASN1_INTEGER(gost_get0_priv_key(pk),NULL);
378 priv_len = i2d_ASN1_INTEGER(asn1key,&priv_buf);
379 ASN1_INTEGER_free(asn1key);
380 return PKCS8_pkey_set0(p8,algobj,0,V_ASN1_SEQUENCE,params,
381 priv_buf,priv_len);
382 }
383/* --------- printing keys --------------------------------*/
384static int print_gost_94(BIO *out, const EVP_PKEY *pkey, int indent,
385 ASN1_PCTX *pctx, int type)
386 {
387 int param_nid = NID_undef;
388
389 if (type == 2)
390 {
391 BIGNUM *key;
392
393 if (!BIO_indent(out,indent,128)) return 0;
394 BIO_printf(out,"Private key: ");
395 key = gost_get0_priv_key(pkey);
396 if (!key)
397 BIO_printf(out,"<undefined>");
398 else
399 BN_print(out,key);
400 BIO_printf(out,"\n");
401 }
402 if (type >= 1)
403 {
404 BIGNUM *pubkey;
405
406 pubkey = ((DSA *)EVP_PKEY_get0((EVP_PKEY *)pkey))->pub_key;
407 BIO_indent(out,indent,128);
408 BIO_printf(out,"Public key: ");
409 BN_print(out,pubkey);
410 BIO_printf(out,"\n");
411 }
412
413 param_nid = gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey));
414 BIO_indent(out,indent,128);
415 BIO_printf(out, "Parameter set: %s\n",OBJ_nid2ln(param_nid));
416 return 1;
417}
418
419static int param_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
420 ASN1_PCTX *pctx)
421 {
422 return print_gost_94(out, pkey, indent, pctx,0);
423 }
424
425static int pub_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent,
426 ASN1_PCTX *pctx)
427 {
428 return print_gost_94(out,pkey, indent, pctx,1);
429 }
430static int priv_print_gost94(BIO *out,const EVP_PKEY *pkey, int indent,
431 ASN1_PCTX *pctx)
432 {
433 return print_gost_94(out,pkey,indent,pctx,2);
434 }
435
436static int print_gost_01(BIO *out, const EVP_PKEY *pkey, int indent,
437 ASN1_PCTX *pctx, int type)
438 {
439 int param_nid = NID_undef;
440 if (type == 2)
441 {
442 BIGNUM *key;
443
444 if (!BIO_indent(out,indent,128)) return 0;
445 BIO_printf(out,"Private key: ");
446 key = gost_get0_priv_key(pkey);
447 if (!key)
448 BIO_printf(out,"<undefined)");
449 else
450 BN_print(out,key);
451 BIO_printf(out,"\n");
452 }
453 if (type >= 1)
454 {
455 BN_CTX *ctx = BN_CTX_new();
456 BIGNUM *X,*Y;
457 const EC_POINT *pubkey;
458 const EC_GROUP *group;
459
460 if (!ctx)
461 {
462 GOSTerr(GOST_F_PRINT_GOST_01,ERR_R_MALLOC_FAILURE);
463 return 0;
464 }
465 BN_CTX_start(ctx);
466 X = BN_CTX_get(ctx);
467 Y = BN_CTX_get(ctx);
468 pubkey = EC_KEY_get0_public_key((EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey));
469 group = EC_KEY_get0_group((EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey));
470 if (!EC_POINT_get_affine_coordinates_GFp(group,pubkey,X,Y,ctx))
471 {
472 GOSTerr(GOST_F_PRINT_GOST_01,ERR_R_EC_LIB);
473 BN_CTX_free(ctx);
474 return 0;
475 }
476 if (!BIO_indent(out,indent,128)) return 0;
477 BIO_printf(out,"Public key:\n");
478 if (!BIO_indent(out,indent+3,128)) return 0;
479 BIO_printf(out,"X:");
480 BN_print(out,X);
481 BIO_printf(out,"\n");
482 BIO_indent(out,indent+3,128);
483 BIO_printf(out,"Y:");
484 BN_print(out,Y);
485 BIO_printf(out,"\n");
486 BN_CTX_end(ctx);
487 BN_CTX_free(ctx);
488 }
489
490 param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey)));
491 if (!BIO_indent(out,indent,128)) return 0;
492 BIO_printf(out,"Parameter set: %s\n",OBJ_nid2ln(param_nid));
493 return 1;
494}
495static int param_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent,
496 ASN1_PCTX *pctx)
497 {
498 return print_gost_01(out,pkey,indent,pctx,0);
499 }
500static int pub_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent,
501 ASN1_PCTX *pctx)
502 {
503 return print_gost_01(out,pkey, indent, pctx,1);
504 }
505static int priv_print_gost01(BIO *out,const EVP_PKEY *pkey, int indent,
506 ASN1_PCTX *pctx)
507 {
508 return print_gost_01(out,pkey,indent,pctx,2);
509 }
510/* ---------------------------------------------------------------------*/
511static int param_missing_gost94(const EVP_PKEY *pk)
512 {
513 const DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk);
514 if (!dsa) return 1;
515 if (!dsa->q) return 1;
516 return 0;
517 }
518
519static int param_missing_gost01(const EVP_PKEY *pk)
520 {
521 const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
522 if (!ec) return 1;
523 if (!EC_KEY_get0_group(ec)) return 1;
524 return 0;
525 }
526
527static int param_copy_gost94(EVP_PKEY *to, const EVP_PKEY *from)
528 {
529 const DSA *dfrom = EVP_PKEY_get0((EVP_PKEY *)from);
530 DSA *dto = EVP_PKEY_get0(to);
531 if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to))
532 {
533 GOSTerr(GOST_F_PARAM_COPY_GOST94,
534 GOST_R_INCOMPATIBLE_ALGORITHMS);
535 return 0;
536 }
537 if (!dfrom)
538 {
539 GOSTerr(GOST_F_PARAM_COPY_GOST94,
540 GOST_R_KEY_PARAMETERS_MISSING);
541 return 0;
542 }
543 if (!dto)
544 {
545 dto = DSA_new();
546 EVP_PKEY_assign(to,EVP_PKEY_base_id(from),dto);
547 }
548#define COPYBIGNUM(a,b,x) if (a->x) BN_free(a->x); a->x=BN_dup(b->x);
549 COPYBIGNUM(dto,dfrom,p)
550 COPYBIGNUM(dto,dfrom,q)
551 COPYBIGNUM(dto,dfrom,g)
552
553 if (dto->priv_key)
554 gost94_compute_public(dto);
555 return 1;
556 }
557static int param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from)
558 {
559 EC_KEY *eto = EVP_PKEY_get0(to);
560 const EC_KEY *efrom = EVP_PKEY_get0((EVP_PKEY *)from);
561 if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to))
562 {
563 GOSTerr(GOST_F_PARAM_COPY_GOST01,
564 GOST_R_INCOMPATIBLE_ALGORITHMS);
565 return 0;
566 }
567 if (!efrom)
568 {
569 GOSTerr(GOST_F_PARAM_COPY_GOST01,
570 GOST_R_KEY_PARAMETERS_MISSING);
571 return 0;
572 }
573 if (!eto)
574 {
575 eto = EC_KEY_new();
576 EVP_PKEY_assign(to,EVP_PKEY_base_id(from),eto);
577 }
578 EC_KEY_set_group(eto,EC_KEY_get0_group(efrom));
579 if (EC_KEY_get0_private_key(eto))
580 {
581 gost2001_compute_public(eto);
582 }
583 return 1;
584 }
585
586static int param_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b)
587 {
588 const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a);
589 const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b);
590 if (!BN_cmp(da->q,db->q)) return 1;
591 return 0;
592 }
593
594static int param_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b)
595 {
596 if (EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)a)))==
597 EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)b))))
598 {
599 return 1;
600 }
601 return 0;
602
603 }
604
605/* ---------- Public key functions * --------------------------------------*/
606static int pub_decode_gost94(EVP_PKEY *pk, X509_PUBKEY *pub)
607 {
608 X509_ALGOR *palg = NULL;
609 const unsigned char *pubkey_buf = NULL;
610 unsigned char *databuf;
611 ASN1_OBJECT *palgobj = NULL;
612 int pub_len,i,j;
613 DSA *dsa;
614 ASN1_OCTET_STRING *octet= NULL;
615
616 if (!X509_PUBKEY_get0_param(&palgobj,&pubkey_buf,&pub_len,
617 &palg, pub)) return 0;
618 EVP_PKEY_assign(pk,OBJ_obj2nid(palgobj),NULL);
619 if (!decode_gost_algor_params(pk,palg)) return 0;
620 octet = d2i_ASN1_OCTET_STRING(NULL,&pubkey_buf,pub_len);
621 if (!octet)
622 {
623 GOSTerr(GOST_F_PUB_DECODE_GOST94,ERR_R_MALLOC_FAILURE);
624 return 0;
625 }
626 databuf = OPENSSL_malloc(octet->length);
627 for (i=0,j=octet->length-1;i<octet->length;i++,j--)
628 {
629 databuf[j]=octet->data[i];
630 }
631 dsa = EVP_PKEY_get0(pk);
632 dsa->pub_key=BN_bin2bn(databuf,octet->length,NULL);
633 ASN1_OCTET_STRING_free(octet);
634 OPENSSL_free(databuf);
635 return 1;
636
637 }
638
639static int pub_encode_gost94(X509_PUBKEY *pub,const EVP_PKEY *pk)
640 {
641 ASN1_OBJECT *algobj = NULL;
642 ASN1_OCTET_STRING *octet = NULL;
643 void *pval = NULL;
644 unsigned char *buf=NULL,*databuf,*sptr;
645 int i,j,data_len,ret=0;
646
647 int ptype = V_ASN1_UNDEF;
648 DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk);
649 algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
650 if (pk->save_parameters)
651 {
652 ASN1_STRING *params = encode_gost_algor_params(pk);
653 pval = params;
654 ptype = V_ASN1_SEQUENCE;
655 }
656 data_len = BN_num_bytes(dsa->pub_key);
657 databuf = OPENSSL_malloc(data_len);
658 BN_bn2bin(dsa->pub_key,databuf);
659 octet = ASN1_OCTET_STRING_new();
660 ASN1_STRING_set(octet,NULL,data_len);
661 sptr = ASN1_STRING_data(octet);
662 for (i=0,j=data_len-1; i< data_len;i++,j--)
663 {
664 sptr[i]=databuf[j];
665 }
666 OPENSSL_free(databuf);
667 ret = i2d_ASN1_OCTET_STRING(octet,&buf);
668 ASN1_BIT_STRING_free(octet);
669 if (ret <0) return 0;
670 return X509_PUBKEY_set0_param(pub,algobj,ptype,pval,buf,ret);
671 }
672
673static int pub_decode_gost01(EVP_PKEY *pk,X509_PUBKEY *pub)
674 {
675 X509_ALGOR *palg = NULL;
676 const unsigned char *pubkey_buf = NULL;
677 unsigned char *databuf;
678 ASN1_OBJECT *palgobj = NULL;
679 int pub_len,i,j;
680 EC_POINT *pub_key;
681 BIGNUM *X,*Y;
682 ASN1_OCTET_STRING *octet= NULL;
683 int len;
684 const EC_GROUP *group;
685
686 if (!X509_PUBKEY_get0_param(&palgobj,&pubkey_buf,&pub_len,
687 &palg, pub)) return 0;
688 EVP_PKEY_assign(pk,OBJ_obj2nid(palgobj),NULL);
689 if (!decode_gost_algor_params(pk,palg)) return 0;
690 group = EC_KEY_get0_group(EVP_PKEY_get0(pk));
691 octet = d2i_ASN1_OCTET_STRING(NULL,&pubkey_buf,pub_len);
692 if (!octet)
693 {
694 GOSTerr(GOST_F_PUB_DECODE_GOST01,ERR_R_MALLOC_FAILURE);
695 return 0;
696 }
697 databuf = OPENSSL_malloc(octet->length);
698 for (i=0,j=octet->length-1;i<octet->length;i++,j--)
699 {
700 databuf[j]=octet->data[i];
701 }
702 len=octet->length/2;
703 ASN1_OCTET_STRING_free(octet);
704
705 Y= getbnfrombuf(databuf,len);
706 X= getbnfrombuf(databuf+len,len);
707 OPENSSL_free(databuf);
708 pub_key = EC_POINT_new(group);
709 if (!EC_POINT_set_affine_coordinates_GFp(group
710 ,pub_key,X,Y,NULL))
711 {
712 GOSTerr(GOST_F_PUB_DECODE_GOST01,
713 ERR_R_EC_LIB);
714 EC_POINT_free(pub_key);
715 BN_free(X);
716 BN_free(Y);
717 return 0;
718 }
719 BN_free(X);
720 BN_free(Y);
721 if (!EC_KEY_set_public_key(EVP_PKEY_get0(pk),pub_key))
722 {
723 GOSTerr(GOST_F_PUB_DECODE_GOST01,
724 ERR_R_EC_LIB);
725 EC_POINT_free(pub_key);
726 return 0;
727 }
728 EC_POINT_free(pub_key);
729 return 1;
730
731 }
732
733static int pub_encode_gost01(X509_PUBKEY *pub,const EVP_PKEY *pk)
734 {
735 ASN1_OBJECT *algobj = NULL;
736 ASN1_OCTET_STRING *octet = NULL;
737 void *pval = NULL;
738 unsigned char *buf=NULL,*databuf,*sptr;
739 int i,j,data_len,ret=0;
740 const EC_POINT *pub_key;
741 BIGNUM *X,*Y,*order;
742 const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk);
743 int ptype = V_ASN1_UNDEF;
744
745 algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
746 if (pk->save_parameters)
747 {
748 ASN1_STRING *params = encode_gost_algor_params(pk);
749 pval = params;
750 ptype = V_ASN1_SEQUENCE;
751 }
752 order = BN_new();
753 EC_GROUP_get_order(EC_KEY_get0_group(ec),order,NULL);
754 pub_key=EC_KEY_get0_public_key(ec);
755 if (!pub_key)
756 {
757 GOSTerr(GOST_F_PUB_ENCODE_GOST01,
758 GOST_R_PUBLIC_KEY_UNDEFINED);
759 return 0;
760 }
761 X=BN_new();
762 Y=BN_new();
763 EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec),
764 pub_key,X,Y,NULL);
765 data_len = 2*BN_num_bytes(order);
766 BN_free(order);
767 databuf = OPENSSL_malloc(data_len);
768 memset(databuf,0,data_len);
769
770 store_bignum(X,databuf+data_len/2,data_len/2);
771 store_bignum(Y,databuf,data_len/2);
772
773 BN_free(X);
774 BN_free(Y);
775 octet = ASN1_OCTET_STRING_new();
776 ASN1_STRING_set(octet,NULL,data_len);
777 sptr=ASN1_STRING_data(octet);
778 for (i=0,j=data_len-1;i<data_len;i++,j--)
779 {
780 sptr[i]=databuf[j];
781 }
782 OPENSSL_free(databuf);
783 ret = i2d_ASN1_OCTET_STRING(octet,&buf);
784 ASN1_BIT_STRING_free(octet);
785 if (ret <0) return 0;
786 return X509_PUBKEY_set0_param(pub,algobj,ptype,pval,buf,ret);
787 }
788
789static int pub_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b)
790 {
791 const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a);
792 const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b);
793 if (da && db && da->pub_key && db->pub_key
794 && !BN_cmp(da->pub_key,db->pub_key))
795 {
796 return 1;
797 }
798 return 0;
799 }
800
801static int pub_cmp_gost01(const EVP_PKEY *a,const EVP_PKEY *b)
802 {
803 const EC_KEY *ea = EVP_PKEY_get0((EVP_PKEY *)a);
804 const EC_KEY *eb = EVP_PKEY_get0((EVP_PKEY *)b);
805 const EC_POINT *ka,*kb;
806 int ret=0;
807 if (!ea || !eb) return 0;
808 ka = EC_KEY_get0_public_key(ea);
809 kb = EC_KEY_get0_public_key(eb);
810 if (!ka || !kb) return 0;
811 ret = (0==EC_POINT_cmp(EC_KEY_get0_group(ea),ka,kb,NULL)) ;
812 return ret;
813 }
814
815
816
817
818static int pkey_size_gost(const EVP_PKEY *pk)
819 {
820 return 64;
821 }
822
823static int pkey_bits_gost(const EVP_PKEY *pk)
824 {
825 return 256;
826 }
827/*------------------------ ASN1 METHOD for GOST MAC -------------------*/
828static void mackey_free_gost(EVP_PKEY *pk)
829 {
830 if (pk->pkey.ptr) {
831 OPENSSL_free(pk->pkey.ptr);
832 }
833 }
834static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
835{
836 switch (op)
837 {
838 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
839 *(int *)arg2 = NID_id_Gost28147_89_MAC;
840 return 2;
841 }
842 return -2;
843}
844
845static int gost94_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
846{
847 int nid=gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey));
848 return i2d_ASN1_OBJECT(OBJ_nid2obj(nid),pder);
849}
850static int gost2001_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
851{
852 int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey)));
853 return i2d_ASN1_OBJECT(OBJ_nid2obj(nid),pder);
854}
855
856static int gost94_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
857{
858 ASN1_OBJECT *obj=NULL;
859 DSA *dsa = EVP_PKEY_get0(pkey);
860 int nid;
861 if (d2i_ASN1_OBJECT(&obj,pder,derlen)==NULL) {
862 return 0;
863 }
864 nid = OBJ_obj2nid(obj);
865 ASN1_OBJECT_free(obj);
866 if (!dsa)
867 {
868 dsa=DSA_new();
869 if (!EVP_PKEY_assign(pkey,NID_id_GostR3410_94,dsa)) return 0;
870 }
871 if (!fill_GOST94_params(dsa,nid)) return 0;
872 return 1;
873}
874
875static int gost2001_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) {
876 ASN1_OBJECT *obj=NULL;
877 int nid;
878 EC_KEY *ec = EVP_PKEY_get0(pkey);
879 if (d2i_ASN1_OBJECT(&obj,pder,derlen)==NULL) {
880 return 0;
881 }
882 nid = OBJ_obj2nid(obj);
883 ASN1_OBJECT_free(obj);
884 if (!ec)
885 {
886 ec = EC_KEY_new();
887 if (!EVP_PKEY_assign(pkey,NID_id_GostR3410_2001,ec)) return 0;
888 }
889 if (!fill_GOST2001_params(ec, nid)) return 0;
890 return 1;
891}
892
893
894
895
896
897/* ----------------------------------------------------------------------*/
898int register_ameth_gost (int nid, EVP_PKEY_ASN1_METHOD **ameth, const char* pemstr, const char* info)
899 {
900 *ameth = EVP_PKEY_asn1_new(nid,
901 ASN1_PKEY_SIGPARAM_NULL, pemstr, info);
902 if (!*ameth) return 0;
903 switch (nid)
904 {
905 case NID_id_GostR3410_94:
906 EVP_PKEY_asn1_set_free (*ameth, pkey_free_gost94);
907 EVP_PKEY_asn1_set_private (*ameth,
908 priv_decode_gost, priv_encode_gost,
909 priv_print_gost94);
910
911 EVP_PKEY_asn1_set_param (*ameth,
912 gost94_param_decode, gost94_param_encode,
913 param_missing_gost94, param_copy_gost94,
914 param_cmp_gost94,param_print_gost94 );
915 EVP_PKEY_asn1_set_public (*ameth,
916 pub_decode_gost94, pub_encode_gost94,
917 pub_cmp_gost94, pub_print_gost94,
918 pkey_size_gost, pkey_bits_gost);
919
920 EVP_PKEY_asn1_set_ctrl (*ameth, pkey_ctrl_gost);
921 break;
922 case NID_id_GostR3410_2001:
923 EVP_PKEY_asn1_set_free (*ameth, pkey_free_gost01);
924 EVP_PKEY_asn1_set_private (*ameth,
925 priv_decode_gost, priv_encode_gost,
926 priv_print_gost01);
927
928 EVP_PKEY_asn1_set_param (*ameth,
929 gost2001_param_decode, gost2001_param_encode,
930 param_missing_gost01, param_copy_gost01,
931 param_cmp_gost01, param_print_gost01);
932 EVP_PKEY_asn1_set_public (*ameth,
933 pub_decode_gost01, pub_encode_gost01,
934 pub_cmp_gost01, pub_print_gost01,
935 pkey_size_gost, pkey_bits_gost);
936
937 EVP_PKEY_asn1_set_ctrl (*ameth, pkey_ctrl_gost);
938 break;
939 case NID_id_Gost28147_89_MAC:
940 EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost);
941 EVP_PKEY_asn1_set_ctrl(*ameth,mac_ctrl_gost);
942 break;
943 }
944 return 1;
945 }
diff --git a/src/lib/libssl/src/engines/ccgost/gost_asn1.c b/src/lib/libssl/src/engines/ccgost/gost_asn1.c
deleted file mode 100644
index 318ecfce57..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gost_asn1.c
+++ /dev/null
@@ -1,55 +0,0 @@
1/**********************************************************************
2 * gost_keytrans.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * ASN1 structure definition for GOST key transport *
7 * Requires OpenSSL 0.9.9 for compilation *
8 **********************************************************************/
9#include <stdio.h>
10#include <openssl/asn1t.h>
11#include <openssl/x509.h>
12#include "gost_lcl.h"
13
14ASN1_NDEF_SEQUENCE(GOST_KEY_TRANSPORT) = {
15 ASN1_SIMPLE(GOST_KEY_TRANSPORT, key_info, GOST_KEY_INFO),
16 ASN1_IMP(GOST_KEY_TRANSPORT, key_agreement_info, GOST_KEY_AGREEMENT_INFO, 0)
17} ASN1_NDEF_SEQUENCE_END(GOST_KEY_TRANSPORT)
18
19IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT)
20
21ASN1_NDEF_SEQUENCE(GOST_KEY_INFO) = {
22 ASN1_SIMPLE(GOST_KEY_INFO, encrypted_key, ASN1_OCTET_STRING),
23 ASN1_SIMPLE(GOST_KEY_INFO, imit, ASN1_OCTET_STRING)
24} ASN1_NDEF_SEQUENCE_END(GOST_KEY_INFO)
25
26IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_INFO)
27
28ASN1_NDEF_SEQUENCE(GOST_KEY_AGREEMENT_INFO) = {
29 ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, cipher, ASN1_OBJECT),
30 ASN1_IMP_OPT(GOST_KEY_AGREEMENT_INFO, ephem_key, X509_PUBKEY, 0),
31 ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, eph_iv, ASN1_OCTET_STRING)
32} ASN1_NDEF_SEQUENCE_END(GOST_KEY_AGREEMENT_INFO)
33
34IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO)
35
36ASN1_NDEF_SEQUENCE(GOST_KEY_PARAMS) = {
37 ASN1_SIMPLE(GOST_KEY_PARAMS, key_params, ASN1_OBJECT),
38 ASN1_SIMPLE(GOST_KEY_PARAMS, hash_params, ASN1_OBJECT),
39 ASN1_OPT(GOST_KEY_PARAMS, cipher_params, ASN1_OBJECT),
40} ASN1_NDEF_SEQUENCE_END(GOST_KEY_PARAMS)
41
42IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_PARAMS)
43
44ASN1_NDEF_SEQUENCE(GOST_CIPHER_PARAMS) = {
45 ASN1_SIMPLE(GOST_CIPHER_PARAMS, iv, ASN1_OCTET_STRING),
46 ASN1_SIMPLE(GOST_CIPHER_PARAMS, enc_param_set, ASN1_OBJECT),
47} ASN1_NDEF_SEQUENCE_END(GOST_CIPHER_PARAMS)
48
49IMPLEMENT_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS)
50
51ASN1_NDEF_SEQUENCE(GOST_CLIENT_KEY_EXCHANGE_PARAMS) = { /*FIXME incomplete*/
52 ASN1_SIMPLE(GOST_CLIENT_KEY_EXCHANGE_PARAMS, gkt, GOST_KEY_TRANSPORT)
53} ASN1_NDEF_SEQUENCE_END(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
54
55IMPLEMENT_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
diff --git a/src/lib/libssl/src/engines/ccgost/gost_crypt.c b/src/lib/libssl/src/engines/ccgost/gost_crypt.c
deleted file mode 100644
index 52aef15acf..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gost_crypt.c
+++ /dev/null
@@ -1,634 +0,0 @@
1/**********************************************************************
2 * gost_crypt.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * OpenSSL interface to GOST 28147-89 cipher functions *
7 * Requires OpenSSL 0.9.9 for compilation *
8 **********************************************************************/
9#include <string.h>
10#include "gost89.h"
11#include <openssl/rand.h>
12#include "e_gost_err.h"
13#include "gost_lcl.h"
14
15#if !defined(CCGOST_DEBUG) && !defined(DEBUG)
16# ifndef NDEBUG
17# define NDEBUG
18# endif
19#endif
20#include <assert.h>
21
22static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
23 const unsigned char *iv, int enc);
24static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
25 const unsigned char *iv, int enc);
26/* Handles block of data in CFB mode */
27static int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
28 const unsigned char *in, size_t inl);
29/* Handles block of data in CNT mode */
30static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
31 const unsigned char *in, size_t inl);
32/* Cleanup function */
33static int gost_cipher_cleanup(EVP_CIPHER_CTX *);
34/* set/get cipher parameters */
35static int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params);
36static int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params);
37/* Control function */
38static int gost_cipher_ctl(EVP_CIPHER_CTX *ctx,int type,int arg,void *ptr);
39
40EVP_CIPHER cipher_gost =
41 {
42 NID_id_Gost28147_89,
43 1,/*block_size*/
44 32,/*key_size*/
45 8,/*iv_len */
46 EVP_CIPH_CFB_MODE| EVP_CIPH_NO_PADDING |
47 EVP_CIPH_CUSTOM_IV| EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
48 gost_cipher_init,
49 gost_cipher_do_cfb,
50 gost_cipher_cleanup,
51 sizeof(struct ossl_gost_cipher_ctx),/* ctx_size */
52 gost89_set_asn1_parameters,
53 gost89_get_asn1_parameters,
54 gost_cipher_ctl,
55 NULL,
56 };
57
58EVP_CIPHER cipher_gost_cpacnt =
59 {
60 NID_gost89_cnt,
61 1,/*block_size*/
62 32,/*key_size*/
63 8,/*iv_len */
64 EVP_CIPH_OFB_MODE| EVP_CIPH_NO_PADDING |
65 EVP_CIPH_CUSTOM_IV| EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
66 gost_cipher_init_cpa,
67 gost_cipher_do_cnt,
68 gost_cipher_cleanup,
69 sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */
70 gost89_set_asn1_parameters,
71 gost89_get_asn1_parameters,
72 gost_cipher_ctl,
73 NULL,
74 };
75
76/* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */
77/* Init functions which set specific parameters */
78static int gost_imit_init_cpa(EVP_MD_CTX *ctx);
79/* process block of data */
80static int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count);
81/* Return computed value */
82static int gost_imit_final(EVP_MD_CTX *ctx,unsigned char *md);
83/* Copies context */
84static int gost_imit_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from);
85static int gost_imit_cleanup(EVP_MD_CTX *ctx);
86/* Control function, knows how to set MAC key.*/
87static int gost_imit_ctrl(EVP_MD_CTX *ctx,int type, int arg, void *ptr);
88
89EVP_MD imit_gost_cpa =
90 {
91 NID_id_Gost28147_89_MAC,
92 NID_undef,
93 4,
94 0,
95 gost_imit_init_cpa,
96 gost_imit_update,
97 gost_imit_final,
98 gost_imit_copy,
99 gost_imit_cleanup,
100 NULL,
101 NULL,
102 {0,0,0,0,0},
103 8,
104 sizeof(struct ossl_gost_imit_ctx),
105 gost_imit_ctrl
106 };
107
108/*
109 * Correspondence between gost parameter OIDs and substitution blocks
110 * NID field is filed by register_gost_NID function in engine.c
111 * upon engine initialization
112 */
113
114struct gost_cipher_info gost_cipher_list[]=
115 {
116/* NID */ /* Subst block */ /* Key meshing*/
117/*{NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0},*/
118 {NID_id_Gost28147_89_cc,&GostR3411_94_CryptoProParamSet,0},
119 {NID_id_Gost28147_89_CryptoPro_A_ParamSet,&Gost28147_CryptoProParamSetA,1},
120 {NID_id_Gost28147_89_CryptoPro_B_ParamSet,&Gost28147_CryptoProParamSetB,1},
121 {NID_id_Gost28147_89_CryptoPro_C_ParamSet,&Gost28147_CryptoProParamSetC,1},
122 {NID_id_Gost28147_89_CryptoPro_D_ParamSet,&Gost28147_CryptoProParamSetD,1},
123 {NID_id_Gost28147_89_TestParamSet,&Gost28147_TestParamSet,1},
124 {NID_undef,NULL,0}
125 };
126
127/* get encryption parameters from crypto network settings
128 FIXME For now we use environment var CRYPT_PARAMS as place to
129 store these settings. Actually, it is better to use engine control command, read from configuration file to set them */
130const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj)
131 {
132 int nid;
133 struct gost_cipher_info *param;
134 if (!obj)
135 {
136 const char * params = get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS);
137 if (!params || !strlen(params))
138 return &gost_cipher_list[1];
139
140 nid = OBJ_txt2nid(params);
141 if (nid == NID_undef)
142 {
143 GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS,
144 GOST_R_INVALID_CIPHER_PARAM_OID);
145 return NULL;
146 }
147 }
148 else
149 {
150 nid= OBJ_obj2nid(obj);
151 }
152 for (param=gost_cipher_list;param->sblock!=NULL && param->nid!=nid;
153 param++);
154 if (!param->sblock)
155 {
156 GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS,GOST_R_INVALID_CIPHER_PARAMS);
157 return NULL;
158 }
159 return param;
160 }
161
162/* Sets cipher param from paramset NID. */
163static int gost_cipher_set_param(struct ossl_gost_cipher_ctx *c,int nid)
164 {
165 const struct gost_cipher_info *param;
166 param=get_encryption_params((nid==NID_undef?NULL:OBJ_nid2obj(nid)));
167 if (!param) return 0;
168
169 c->paramNID = param->nid;
170 c->key_meshing=param->key_meshing;
171 c->count=0;
172 gost_init(&(c->cctx), param->sblock);
173 return 1;
174 }
175
176/* Initializes EVP_CIPHER_CTX by paramset NID */
177static int gost_cipher_init_param(EVP_CIPHER_CTX *ctx, const unsigned char *key,
178 const unsigned char *iv, int enc, int paramNID,int mode)
179 {
180 struct ossl_gost_cipher_ctx *c=ctx->cipher_data;
181 if (ctx->app_data == NULL)
182 {
183 if (!gost_cipher_set_param(c,paramNID)) return 0;
184 ctx->app_data = ctx->cipher_data;
185 }
186 if (key) gost_key(&(c->cctx),key);
187 if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
188 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
189 return 1;
190 }
191
192static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
193 const unsigned char *iv, int enc)
194 {
195 struct ossl_gost_cipher_ctx *c=ctx->cipher_data;
196 gost_init(&(c->cctx),&Gost28147_CryptoProParamSetA);
197 c->key_meshing=1;
198 c->count=0;
199 if(key) gost_key(&(c->cctx),key);
200 if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
201 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
202 return 1;
203 }
204
205/* Initializes EVP_CIPHER_CTX with default values */
206int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
207 const unsigned char *iv, int enc)
208 {
209 return gost_cipher_init_param(ctx,key,iv,enc,NID_undef,EVP_CIPH_CFB_MODE);
210 }
211/* Wrapper around gostcrypt function from gost89.c which perform
212 * key meshing when nesseccary
213 */
214static void gost_crypt_mesh (void *ctx,unsigned char *iv,unsigned char *buf)
215 {
216 struct ossl_gost_cipher_ctx *c = ctx;
217 assert(c->count%8 == 0 && c->count <= 1024);
218 if (c->key_meshing && c->count==1024)
219 {
220 cryptopro_key_meshing(&(c->cctx),iv);
221 }
222 gostcrypt(&(c->cctx),iv,buf);
223 c->count = c->count%1024 + 8;
224 }
225
226static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf)
227 {
228 struct ossl_gost_cipher_ctx *c = ctx;
229 word32 g,go;
230 unsigned char buf1[8];
231 assert(c->count%8 == 0 && c->count <= 1024);
232 if (c->key_meshing && c->count==1024)
233 {
234 cryptopro_key_meshing(&(c->cctx),iv);
235 }
236 if (c->count==0)
237 {
238 gostcrypt(&(c->cctx),iv,buf1);
239 }
240 else
241 {
242 memcpy(buf1,iv,8);
243 }
244 g = buf1[0]|(buf1[1]<<8)|(buf1[2]<<16)|(buf1[3]<<24);
245 g += 0x01010101;
246 buf1[0]=(unsigned char)(g&0xff);
247 buf1[1]=(unsigned char)((g>>8)&0xff);
248 buf1[2]=(unsigned char)((g>>16)&0xff);
249 buf1[3]=(unsigned char)((g>>24)&0xff);
250 g = buf1[4]|(buf1[5]<<8)|(buf1[6]<<16)|(buf1[7]<<24);
251 go = g;
252 g += 0x01010104;
253 if (go > g) /* overflow*/
254 g++;
255 buf1[4]=(unsigned char)(g&0xff);
256 buf1[5]=(unsigned char)((g>>8)&0xff);
257 buf1[6]=(unsigned char)((g>>16)&0xff);
258 buf1[7]=(unsigned char)((g>>24)&0xff);
259 memcpy(iv,buf1,8);
260 gostcrypt(&(c->cctx),buf1,buf);
261 c->count = c->count%1024 + 8;
262 }
263
264/* GOST encryption in CFB mode */
265int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
266 const unsigned char *in, size_t inl)
267 {
268 const unsigned char *in_ptr=in;
269 unsigned char *out_ptr=out;
270 size_t i=0;
271 size_t j=0;
272/* process partial block if any */
273 if (ctx->num)
274 {
275 for (j=ctx->num,i=0;j<8 && i<inl;j++,i++,in_ptr++,out_ptr++)
276 {
277 if (!ctx->encrypt) ctx->buf[j+8]=*in_ptr;
278 *out_ptr=ctx->buf[j]^(*in_ptr);
279 if (ctx->encrypt) ctx->buf[j+8]=*out_ptr;
280 }
281 if (j==8)
282 {
283 memcpy(ctx->iv,ctx->buf+8,8);
284 ctx->num=0;
285 }
286 else
287 {
288 ctx->num=j;
289 return 1;
290 }
291 }
292
293 for (;i+8<inl;i+=8,in_ptr+=8,out_ptr+=8)
294 {
295 /*block cipher current iv */
296 gost_crypt_mesh(ctx->cipher_data,ctx->iv,ctx->buf);
297 /*xor next block of input text with it and output it*/
298 /*output this block */
299 if (!ctx->encrypt) memcpy(ctx->iv,in_ptr,8);
300 for (j=0;j<8;j++)
301 {
302 out_ptr[j]=ctx->buf[j]^in_ptr[j];
303 }
304 /* Encrypt */
305 /* Next iv is next block of cipher text*/
306 if (ctx->encrypt) memcpy(ctx->iv,out_ptr,8);
307 }
308/* Process rest of buffer */
309 if (i<inl)
310 {
311 gost_crypt_mesh(ctx->cipher_data,ctx->iv,ctx->buf);
312 if (!ctx->encrypt) memcpy(ctx->buf+8,in_ptr,inl-i);
313 for (j=0;i<inl;j++,i++)
314 {
315 out_ptr[j]=ctx->buf[j]^in_ptr[j];
316 }
317 ctx->num = j;
318 if (ctx->encrypt) memcpy(ctx->buf+8,out_ptr,j);
319 }
320 else
321 {
322 ctx->num = 0;
323 }
324 return 1;
325 }
326
327static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
328 const unsigned char *in, size_t inl)
329 {
330 const unsigned char *in_ptr=in;
331 unsigned char *out_ptr=out;
332 size_t i=0;
333 size_t j;
334/* process partial block if any */
335 if (ctx->num)
336 {
337 for (j=ctx->num,i=0;j<8 && i<inl;j++,i++,in_ptr++,out_ptr++)
338 {
339 *out_ptr=ctx->buf[j]^(*in_ptr);
340 }
341 if (j==8)
342 {
343 ctx->num=0;
344 }
345 else
346 {
347 ctx->num=j;
348 return 1;
349 }
350 }
351
352 for (;i+8<inl;i+=8,in_ptr+=8,out_ptr+=8)
353 {
354 /*block cipher current iv */
355 /* Encrypt */
356 gost_cnt_next(ctx->cipher_data,ctx->iv,ctx->buf);
357 /*xor next block of input text with it and output it*/
358 /*output this block */
359 for (j=0;j<8;j++)
360 {
361 out_ptr[j]=ctx->buf[j]^in_ptr[j];
362 }
363 }
364/* Process rest of buffer */
365 if (i<inl)
366 {
367 gost_cnt_next(ctx->cipher_data,ctx->iv,ctx->buf);
368 for (j=0;i<inl;j++,i++)
369 {
370 out_ptr[j]=ctx->buf[j]^in_ptr[j];
371 }
372 ctx->num = j;
373 }
374 else
375 {
376 ctx->num = 0;
377 }
378 return 1;
379 }
380
381/* Cleaning up of EVP_CIPHER_CTX */
382int gost_cipher_cleanup(EVP_CIPHER_CTX *ctx)
383 {
384 gost_destroy(&((struct ossl_gost_cipher_ctx *)ctx->cipher_data)->cctx);
385 ctx->app_data = NULL;
386 return 1;
387 }
388
389/* Control function for gost cipher */
390int gost_cipher_ctl(EVP_CIPHER_CTX *ctx,int type,int arg,void *ptr)
391 {
392 switch (type)
393 {
394 case EVP_CTRL_RAND_KEY:
395 {
396 if (RAND_bytes((unsigned char *)ptr,ctx->key_len)<=0)
397 {
398 GOSTerr(GOST_F_GOST_CIPHER_CTL,GOST_R_RANDOM_GENERATOR_ERROR);
399 return -1;
400 }
401 break;
402 }
403 case EVP_CTRL_PBE_PRF_NID:
404 if (ptr) {
405 *((int *)ptr)= NID_id_HMACGostR3411_94;
406 return 1;
407 } else {
408 return 0;
409 }
410
411 default:
412 GOSTerr(GOST_F_GOST_CIPHER_CTL,GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND);
413 return -1;
414 }
415 return 1;
416 }
417
418/* Set cipher parameters from ASN1 structure */
419int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params)
420 {
421 int len=0;
422 unsigned char *buf=NULL;
423 unsigned char *p=NULL;
424 struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
425 GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new();
426 ASN1_OCTET_STRING *os = NULL;
427 if (!gcp)
428 {
429 GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
430 return 0;
431 }
432 if (!ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len))
433 {
434 GOST_CIPHER_PARAMS_free(gcp);
435 GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
436 return 0;
437 }
438 ASN1_OBJECT_free(gcp->enc_param_set);
439 gcp->enc_param_set = OBJ_nid2obj(c->paramNID);
440
441 len = i2d_GOST_CIPHER_PARAMS(gcp, NULL);
442 p = buf = (unsigned char*)OPENSSL_malloc(len);
443 if (!buf)
444 {
445 GOST_CIPHER_PARAMS_free(gcp);
446 GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
447 return 0;
448 }
449 i2d_GOST_CIPHER_PARAMS(gcp, &p);
450 GOST_CIPHER_PARAMS_free(gcp);
451
452 os = ASN1_OCTET_STRING_new();
453
454 if(!os || !ASN1_OCTET_STRING_set(os, buf, len))
455 {
456 OPENSSL_free(buf);
457 GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
458 return 0;
459 }
460 OPENSSL_free(buf);
461
462 ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
463 return 1;
464 }
465
466/* Store parameters into ASN1 structure */
467int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params)
468 {
469 int ret = -1;
470 int len;
471 GOST_CIPHER_PARAMS *gcp = NULL;
472 unsigned char *p;
473 struct ossl_gost_cipher_ctx *c=ctx->cipher_data;
474 if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE)
475 {
476 return ret;
477 }
478
479 p = params->value.sequence->data;
480
481 gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p,
482 params->value.sequence->length);
483
484 len = gcp->iv->length;
485 if (len != ctx->cipher->iv_len)
486 {
487 GOST_CIPHER_PARAMS_free(gcp);
488 GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS,
489 GOST_R_INVALID_IV_LENGTH);
490 return -1;
491 }
492 if (!gost_cipher_set_param(c,OBJ_obj2nid(gcp->enc_param_set)))
493 {
494 GOST_CIPHER_PARAMS_free(gcp);
495 return -1;
496 }
497 memcpy(ctx->oiv, gcp->iv->data, len);
498
499 GOST_CIPHER_PARAMS_free(gcp);
500
501 return 1;
502 }
503
504
505int gost_imit_init_cpa(EVP_MD_CTX *ctx)
506 {
507 struct ossl_gost_imit_ctx *c = ctx->md_data;
508 memset(c->buffer,0,sizeof(c->buffer));
509 memset(c->partial_block,0,sizeof(c->partial_block));
510 c->count = 0;
511 c->bytes_left=0;
512 c->key_meshing=1;
513 gost_init(&(c->cctx),&Gost28147_CryptoProParamSetA);
514 return 1;
515 }
516
517static void mac_block_mesh(struct ossl_gost_imit_ctx *c,const unsigned char *data)
518 {
519 unsigned char buffer[8];
520 /* We are using local buffer for iv because CryptoPro doesn't
521 * interpret internal state of MAC algorithm as iv during keymeshing
522 * (but does initialize internal state from iv in key transport
523 */
524 assert(c->count%8 == 0 && c->count <= 1024);
525 if (c->key_meshing && c->count==1024)
526 {
527 cryptopro_key_meshing(&(c->cctx),buffer);
528 }
529 mac_block(&(c->cctx),c->buffer,data);
530 c->count = c->count%1024 + 8;
531 }
532
533int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count)
534 {
535 struct ossl_gost_imit_ctx *c = ctx->md_data;
536 const unsigned char *p = data;
537 size_t bytes = count,i;
538 if (!(c->key_set)) {
539 GOSTerr(GOST_F_GOST_IMIT_UPDATE, GOST_R_MAC_KEY_NOT_SET);
540 return 0;
541 }
542 if (c->bytes_left)
543 {
544 for (i=c->bytes_left;i<8&&bytes>0;bytes--,i++,p++)
545 {
546 c->partial_block[i]=*p;
547 }
548 if (i==8)
549 {
550 mac_block_mesh(c,c->partial_block);
551 }
552 else
553 {
554 c->bytes_left = i;
555 return 1;
556 }
557 }
558 while (bytes>8)
559 {
560 mac_block_mesh(c,p);
561 p+=8;
562 bytes-=8;
563 }
564 if (bytes>0)
565 {
566 memcpy(c->partial_block,p,bytes);
567 }
568 c->bytes_left=bytes;
569 return 1;
570 }
571
572int gost_imit_final(EVP_MD_CTX *ctx,unsigned char *md)
573 {
574 struct ossl_gost_imit_ctx *c = ctx->md_data;
575 if (!c->key_set) {
576 GOSTerr(GOST_F_GOST_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET);
577 return 0;
578 }
579 if (c->count==0 && c->bytes_left)
580 {
581 unsigned char buffer[8];
582 memset(buffer, 0, 8);
583 gost_imit_update(ctx, buffer, 8);
584 }
585 if (c->bytes_left)
586 {
587 int i;
588 for (i=c->bytes_left;i<8;i++)
589 {
590 c->partial_block[i]=0;
591 }
592 mac_block_mesh(c,c->partial_block);
593 }
594 get_mac(c->buffer,32,md);
595 return 1;
596 }
597
598int gost_imit_ctrl(EVP_MD_CTX *ctx,int type, int arg, void *ptr)
599 {
600 switch (type)
601 {
602 case EVP_MD_CTRL_KEY_LEN:
603 *((unsigned int*)(ptr)) = 32;
604 return 1;
605 case EVP_MD_CTRL_SET_KEY:
606 {
607 if (arg!=32) {
608 GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
609 return 0;
610 }
611
612 gost_key(&(((struct ossl_gost_imit_ctx*)(ctx->md_data))->cctx),ptr) ;
613 ((struct ossl_gost_imit_ctx*)(ctx->md_data))->key_set = 1;
614 return 1;
615
616 }
617 default:
618 return 0;
619 }
620 }
621
622int gost_imit_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
623 {
624 memcpy(to->md_data,from->md_data,sizeof(struct ossl_gost_imit_ctx));
625 return 1;
626 }
627
628/* Clean up imit ctx */
629int gost_imit_cleanup(EVP_MD_CTX *ctx)
630 {
631 memset(ctx->md_data,0,sizeof(struct ossl_gost_imit_ctx));
632 return 1;
633 }
634
diff --git a/src/lib/libssl/src/engines/ccgost/gost_ctl.c b/src/lib/libssl/src/engines/ccgost/gost_ctl.c
deleted file mode 100644
index d3cd171818..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gost_ctl.c
+++ /dev/null
@@ -1,89 +0,0 @@
1/**********************************************************************
2 * gost_ctl.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * Implementation of control commands for GOST engine *
7 * OpenSSL 0.9.9 libraries required *
8 **********************************************************************/
9#include <stdlib.h>
10#include <string.h>
11#include <openssl/crypto.h>
12#include <openssl/err.h>
13#include <openssl/engine.h>
14#include <openssl/buffer.h>
15#include "gost_lcl.h"
16
17static char *gost_params[GOST_PARAM_MAX+1]={NULL};
18static const char *gost_envnames[]={"CRYPT_PARAMS"};
19const ENGINE_CMD_DEFN gost_cmds[]=
20 {
21/* { GOST_CTRL_RNG,
22 "RNG",
23 "Type of random number generator to use",
24 ENGINE_CMD_FLAG_STRING
25 },
26 { GOST_CTRL_RNG_PARAMS,
27 "RNG_PARAMS",
28 "Parameter for random number generator",
29 ENGINE_CMD_FLAG_STRING
30 },
31*/ { GOST_CTRL_CRYPT_PARAMS,
32 "CRYPT_PARAMS",
33 "OID of default GOST 28147-89 parameters",
34 ENGINE_CMD_FLAG_STRING
35 },
36{0,NULL,NULL,0}
37 };
38
39void gost_param_free()
40{
41 int i;
42 for (i=0;i<=GOST_PARAM_MAX;i++)
43 if (gost_params[i]!=NULL)
44 {
45 OPENSSL_free(gost_params[i]);
46 gost_params[i]=NULL;
47 }
48
49}
50
51int gost_control_func(ENGINE *e,int cmd,long i, void *p, void (*f)(void))
52 {
53 int param = cmd-ENGINE_CMD_BASE;
54 int ret=0;
55 if (param <0 || param >GOST_PARAM_MAX) return -1;
56 ret=gost_set_default_param(param,p);
57 return ret;
58 }
59
60const char *get_gost_engine_param(int param)
61 {
62 char *tmp;
63 if (param <0 || param >GOST_PARAM_MAX) return NULL;
64 if (gost_params[param]!=NULL)
65 {
66 return gost_params[param];
67 }
68 tmp = getenv(gost_envnames[param]);
69 if (tmp)
70 {
71 if (gost_params[param]) OPENSSL_free(gost_params[param]);
72 gost_params[param] = BUF_strdup(tmp);
73 return gost_params[param];
74 }
75 return NULL;
76 }
77
78int gost_set_default_param(int param, const char *value)
79 {
80 const char *tmp;
81 if (param <0 || param >GOST_PARAM_MAX) return 0;
82 tmp = getenv(gost_envnames[param]);
83 /* if there is value in the environment, use it, else -passed string * */
84 if (!tmp) tmp=value;
85 if (gost_params[param]) OPENSSL_free(gost_params[param]);
86 gost_params[param] = BUF_strdup(tmp);
87
88 return 1;
89 }
diff --git a/src/lib/libssl/src/engines/ccgost/gost_eng.c b/src/lib/libssl/src/engines/ccgost/gost_eng.c
deleted file mode 100644
index 8f29bf6f85..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gost_eng.c
+++ /dev/null
@@ -1,288 +0,0 @@
1/**********************************************************************
2 * gost_eng.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * Main file of GOST engine *
7 * for OpenSSL *
8 * Requires OpenSSL 0.9.9 for compilation *
9 **********************************************************************/
10#include <string.h>
11#include <openssl/crypto.h>
12#include <openssl/err.h>
13#include <openssl/evp.h>
14#include <openssl/engine.h>
15#include <openssl/obj_mac.h>
16#include "e_gost_err.h"
17#include "gost_lcl.h"
18static const char *engine_gost_id = "gost";
19static const char *engine_gost_name = "Reference implementation of GOST engine";
20
21/* Symmetric cipher and digest function registrar */
22
23static int gost_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
24 const int **nids, int nid);
25
26static int gost_digests(ENGINE *e, const EVP_MD **digest,
27 const int **nids, int ind);
28
29static int gost_pkey_meths (ENGINE *e, EVP_PKEY_METHOD **pmeth,
30 const int **nids, int nid);
31
32static int gost_pkey_asn1_meths (ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth,
33 const int **nids, int nid);
34
35static int gost_cipher_nids[] =
36 {NID_id_Gost28147_89, NID_gost89_cnt,0};
37
38static int gost_digest_nids[] =
39 {NID_id_GostR3411_94,NID_id_Gost28147_89_MAC, 0};
40
41static int gost_pkey_meth_nids[] =
42 {NID_id_GostR3410_94,
43 NID_id_GostR3410_2001, NID_id_Gost28147_89_MAC, 0};
44
45static EVP_PKEY_METHOD *pmeth_GostR3410_94 = NULL,
46 *pmeth_GostR3410_2001 = NULL,
47 *pmeth_Gost28147_MAC = NULL;
48
49static EVP_PKEY_ASN1_METHOD *ameth_GostR3410_94 = NULL,
50 *ameth_GostR3410_2001 = NULL,
51 *ameth_Gost28147_MAC = NULL;
52
53
54static int gost_engine_init(ENGINE *e)
55 {
56 return 1;
57 }
58
59static int gost_engine_finish(ENGINE *e)
60 {
61 return 1;
62 }
63
64static int gost_engine_destroy(ENGINE *e)
65 {
66 gost_param_free();
67
68 pmeth_GostR3410_94 = NULL;
69 pmeth_GostR3410_2001 = NULL;
70 pmeth_Gost28147_MAC = NULL;
71 ameth_GostR3410_94 = NULL;
72 ameth_GostR3410_2001 = NULL;
73 ameth_Gost28147_MAC = NULL;
74 return 1;
75 }
76
77static int bind_gost (ENGINE *e,const char *id)
78 {
79 int ret = 0;
80 if (id && strcmp(id, engine_gost_id)) return 0;
81 if (ameth_GostR3410_94)
82 {
83 printf("GOST engine already loaded\n");
84 goto end;
85 }
86
87 if (!ENGINE_set_id(e, engine_gost_id))
88 {
89 printf("ENGINE_set_id failed\n");
90 goto end;
91 }
92 if (!ENGINE_set_name(e, engine_gost_name))
93 {
94 printf("ENGINE_set_name failed\n");
95 goto end;
96 }
97 if (!ENGINE_set_digests(e, gost_digests))
98 {
99 printf("ENGINE_set_digests failed\n");
100 goto end;
101 }
102 if (! ENGINE_set_ciphers(e, gost_ciphers))
103 {
104 printf("ENGINE_set_ciphers failed\n");
105 goto end;
106 }
107 if (! ENGINE_set_pkey_meths(e, gost_pkey_meths))
108 {
109 printf("ENGINE_set_pkey_meths failed\n");
110 goto end;
111 }
112 if (! ENGINE_set_pkey_asn1_meths(e, gost_pkey_asn1_meths))
113 {
114 printf("ENGINE_set_pkey_asn1_meths failed\n");
115 goto end;
116 }
117 /* Control function and commands */
118 if (!ENGINE_set_cmd_defns(e,gost_cmds))
119 {
120 fprintf(stderr,"ENGINE_set_cmd_defns failed\n");
121 goto end;
122 }
123 if (!ENGINE_set_ctrl_function(e,gost_control_func))
124 {
125 fprintf(stderr,"ENGINE_set_ctrl_func failed\n");
126 goto end;
127 }
128 if ( ! ENGINE_set_destroy_function(e, gost_engine_destroy)
129 || ! ENGINE_set_init_function(e,gost_engine_init)
130 || ! ENGINE_set_finish_function(e,gost_engine_finish))
131 {
132 goto end;
133 }
134
135 if (!register_ameth_gost(NID_id_GostR3410_94, &ameth_GostR3410_94, "GOST94", "GOST R 34.10-94")) goto end;
136 if (!register_ameth_gost(NID_id_GostR3410_2001, &ameth_GostR3410_2001, "GOST2001", "GOST R 34.10-2001")) goto end;
137 if (!register_ameth_gost(NID_id_Gost28147_89_MAC, &ameth_Gost28147_MAC,
138 "GOST-MAC", "GOST 28147-89 MAC")) goto end;
139
140 if (!register_pmeth_gost(NID_id_GostR3410_94, &pmeth_GostR3410_94, 0)) goto end;
141 if (!register_pmeth_gost(NID_id_GostR3410_2001, &pmeth_GostR3410_2001, 0)) goto end;
142 if (!register_pmeth_gost(NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0))
143 goto end;
144 if ( ! ENGINE_register_ciphers(e)
145 || ! ENGINE_register_digests(e)
146 || ! ENGINE_register_pkey_meths(e)
147 /* These two actually should go in LIST_ADD command */
148 || ! EVP_add_cipher(&cipher_gost)
149 || ! EVP_add_cipher(&cipher_gost_cpacnt)
150 || ! EVP_add_digest(&digest_gost)
151 || ! EVP_add_digest(&imit_gost_cpa)
152 )
153 {
154 goto end;
155 }
156
157 ERR_load_GOST_strings();
158 ret = 1;
159 end:
160 return ret;
161 }
162
163#ifndef OPENSSL_NO_DYNAMIC_ENGINE
164IMPLEMENT_DYNAMIC_BIND_FN(bind_gost)
165IMPLEMENT_DYNAMIC_CHECK_FN()
166#endif /* ndef OPENSSL_NO_DYNAMIC_ENGINE */
167
168static int gost_digests(ENGINE *e, const EVP_MD **digest,
169 const int **nids, int nid)
170 {
171 int ok =1 ;
172 if (!digest)
173 {
174 *nids = gost_digest_nids;
175 return 2;
176 }
177 /*printf("Digest no %d requested\n",nid);*/
178 if(nid == NID_id_GostR3411_94)
179 {
180 *digest = &digest_gost;
181 }
182 else if (nid == NID_id_Gost28147_89_MAC)
183 {
184 *digest = &imit_gost_cpa;
185 }
186 else
187 {
188 ok =0;
189 *digest = NULL;
190 }
191 return ok;
192 }
193
194static int gost_ciphers (ENGINE *e,const EVP_CIPHER **cipher,
195 const int **nids, int nid)
196 {
197 int ok = 1;
198 if (!cipher)
199 {
200 *nids = gost_cipher_nids;
201 return 2; /* two ciphers are supported */
202 }
203
204 if(nid == NID_id_Gost28147_89)
205 {
206 *cipher = &cipher_gost;
207 }
208 else if (nid == NID_gost89_cnt)
209 {
210 *cipher = &cipher_gost_cpacnt;
211 }
212 else
213 {
214 ok = 0;
215 *cipher = NULL;
216 }
217 return ok;
218 }
219
220static int gost_pkey_meths (ENGINE *e, EVP_PKEY_METHOD **pmeth,
221 const int **nids, int nid)
222 {
223 if (!pmeth)
224 {
225 *nids = gost_pkey_meth_nids;
226 return 3;
227 }
228
229 switch (nid)
230 {
231 case NID_id_GostR3410_94: *pmeth = pmeth_GostR3410_94; return 1;
232 case NID_id_GostR3410_2001: *pmeth = pmeth_GostR3410_2001; return 1;
233 case NID_id_Gost28147_89_MAC: *pmeth = pmeth_Gost28147_MAC; return 1;
234 default:;
235 }
236
237 *pmeth = NULL;
238 return 0;
239 }
240
241static int gost_pkey_asn1_meths (ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth,
242 const int **nids, int nid)
243 {
244 if (!ameth)
245 {
246 *nids = gost_pkey_meth_nids;
247 return 3;
248 }
249 switch (nid)
250 {
251 case NID_id_GostR3410_94: *ameth = ameth_GostR3410_94; return 1;
252 case NID_id_GostR3410_2001: *ameth = ameth_GostR3410_2001; return 1;
253 case NID_id_Gost28147_89_MAC: *ameth = ameth_Gost28147_MAC; return 1;
254
255 default:;
256 }
257
258 *ameth = NULL;
259 return 0;
260 }
261
262#ifdef OPENSSL_NO_DYNAMIC_ENGINE
263static ENGINE *engine_gost(void)
264 {
265 ENGINE *ret = ENGINE_new();
266 if (!ret)
267 return NULL;
268 if (!bind_gost(ret,engine_gost_id))
269 {
270 ENGINE_free(ret);
271 return NULL;
272 }
273 return ret;
274 }
275
276void ENGINE_load_gost(void)
277 {
278 ENGINE *toadd;
279 if (pmeth_GostR3410_94)
280 return;
281 toadd = engine_gost();
282 if (!toadd) return;
283 ENGINE_add(toadd);
284 ENGINE_free(toadd);
285 ERR_clear_error();
286 }
287#endif
288
diff --git a/src/lib/libssl/src/engines/ccgost/gost_keywrap.c b/src/lib/libssl/src/engines/ccgost/gost_keywrap.c
deleted file mode 100644
index c618f6da28..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gost_keywrap.c
+++ /dev/null
@@ -1,109 +0,0 @@
1/**********************************************************************
2 * keywrap.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * Implementation of CryptoPro key wrap algorithm, as defined in *
7 * RFC 4357 p 6.3 and 6.4 *
8 * Doesn't need OpenSSL *
9 **********************************************************************/
10#include <string.h>
11#include "gost89.h"
12#include "gost_keywrap.h"
13
14/* Diversifies key using random UserKey Material
15 * Implements RFC 4357 p 6.5 key diversification algorithm
16 *
17 * inputKey - 32byte key to be diversified
18 * ukm - 8byte user key material
19 * outputKey - 32byte buffer to store diversified key
20 *
21 */
22void keyDiversifyCryptoPro(gost_ctx *ctx,const unsigned char *inputKey, const unsigned char *ukm, unsigned char *outputKey)
23 {
24
25 u4 k,s1,s2;
26 int i,j,mask;
27 unsigned char S[8];
28 memcpy(outputKey,inputKey,32);
29 for (i=0;i<8;i++)
30 {
31 /* Make array of integers from key */
32 /* Compute IV S*/
33 s1=0,s2=0;
34 for (j=0,mask=1;j<8;j++,mask<<=1)
35 {
36 k=((u4)outputKey[4*j])|(outputKey[4*j+1]<<8)|
37 (outputKey[4*j+2]<<16)|(outputKey[4*j+3]<<24);
38 if (mask & ukm[i])
39 {
40 s1+=k;
41 }
42 else
43 {
44 s2+=k;
45 }
46 }
47 S[0]=(unsigned char)(s1&0xff);
48 S[1]=(unsigned char)((s1>>8)&0xff);
49 S[2]=(unsigned char)((s1>>16)&0xff);
50 S[3]=(unsigned char)((s1>>24)&0xff);
51 S[4]=(unsigned char)(s2&0xff);
52 S[5]=(unsigned char)((s2>>8)&0xff);
53 S[6]=(unsigned char)((s2>>16)&0xff);
54 S[7]=(unsigned char)((s2>>24)&0xff);
55 gost_key(ctx,outputKey);
56 gost_enc_cfb(ctx,S,outputKey,outputKey,4);
57 }
58 }
59
60
61/*
62 * Wraps key using RFC 4357 6.3
63 * ctx - gost encryption context, initialized with some S-boxes
64 * keyExchangeKey (KEK) 32-byte (256-bit) shared key
65 * ukm - 8 byte (64 bit) user key material,
66 * sessionKey - 32-byte (256-bit) key to be wrapped
67 * wrappedKey - 44-byte buffer to store wrapped key
68 */
69
70int keyWrapCryptoPro(gost_ctx *ctx,const unsigned char *keyExchangeKey, const unsigned char *ukm,
71 const unsigned char *sessionKey, unsigned char *wrappedKey)
72 {
73 unsigned char kek_ukm[32];
74 keyDiversifyCryptoPro(ctx,keyExchangeKey,ukm,kek_ukm);
75 gost_key(ctx,kek_ukm);
76 memcpy(wrappedKey,ukm,8);
77 gost_enc(ctx,sessionKey,wrappedKey+8,4);
78 gost_mac_iv(ctx,32,ukm,sessionKey,32,wrappedKey+40);
79 return 1;
80 }
81/*
82 * Unwraps key using RFC 4357 6.4
83 * ctx - gost encryption context, initialized with some S-boxes
84 * keyExchangeKey 32-byte shared key
85 * wrappedKey 44 byte key to be unwrapped (concatenation of 8-byte UKM,
86 * 32 byte encrypted key and 4 byte MAC
87 *
88 * sessionKEy - 32byte buffer to store sessionKey in
89 * Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match
90 */
91
92int keyUnwrapCryptoPro(gost_ctx *ctx,const unsigned char *keyExchangeKey,
93 const unsigned char *wrappedKey, unsigned char *sessionKey)
94 {
95 unsigned char kek_ukm[32],cek_mac[4];
96 keyDiversifyCryptoPro(ctx,keyExchangeKey,wrappedKey
97 /* First 8 bytes of wrapped Key is ukm */
98 ,kek_ukm);
99 gost_key(ctx,kek_ukm);
100 gost_dec(ctx,wrappedKey+8,sessionKey,4);
101 gost_mac_iv(ctx,32,wrappedKey,sessionKey,32,cek_mac);
102 if (memcmp(cek_mac,wrappedKey+40,4))
103 {
104 return 0;
105 }
106 return 1;
107 }
108
109
diff --git a/src/lib/libssl/src/engines/ccgost/gost_keywrap.h b/src/lib/libssl/src/engines/ccgost/gost_keywrap.h
deleted file mode 100644
index 37c2a0f73d..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gost_keywrap.h
+++ /dev/null
@@ -1,56 +0,0 @@
1/**********************************************************************
2 * gost_keywrap.h *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * Implementation of CryptoPro key wrap algorithm, as defined in *
7 * RFC 4357 p 6.3 and 6.4 *
8 * Doesn't need OpenSSL *
9 **********************************************************************/
10#ifndef GOST_KEYWRAP_H
11#define GOST_KEYWRAP_H
12#include <string.h>
13#include "gost89.h"
14/* Diversifies key using random UserKey Material
15 * Implements RFC 4357 p 6.5 key diversification algorithm
16 *
17 * inputKey - 32byte key to be diversified
18 * ukm - 8byte user key material
19 * outputKey - 32byte buffer to store diversified key
20 *
21 */
22void keyDiversifyCryptoPro(gost_ctx *ctx,
23 const unsigned char *inputKey,
24 const unsigned char *ukm,
25 unsigned char *outputKey);
26/*
27 * Wraps key using RFC 4357 6.3
28 * ctx - gost encryption context, initialized with some S-boxes
29 * keyExchangeKey (KEK) 32-byte (256-bit) shared key
30 * ukm - 8 byte (64 bit) user key material,
31 * sessionKey - 32-byte (256-bit) key to be wrapped
32 * wrappedKey - 44-byte buffer to store wrapped key
33 */
34
35int keyWrapCryptoPro(gost_ctx *ctx,
36 const unsigned char *keyExchangeKey,
37 const unsigned char *ukm,
38 const unsigned char *sessionKey,
39 unsigned char *wrappedKey) ;
40/*
41 * Unwraps key using RFC 4357 6.4
42 * ctx - gost encryption context, initialized with some S-boxes
43 * keyExchangeKey 32-byte shared key
44 * wrappedKey 44 byte key to be unwrapped (concatenation of 8-byte UKM,
45 * 32 byte encrypted key and 4 byte MAC
46 *
47 * sessionKEy - 32byte buffer to store sessionKey in
48 * Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match
49 */
50
51
52int keyUnwrapCryptoPro(gost_ctx *ctx,
53 const unsigned char *keyExchangeKey,
54 const unsigned char *wrappedKey,
55 unsigned char *sessionKey) ;
56#endif
diff --git a/src/lib/libssl/src/engines/ccgost/gost_lcl.h b/src/lib/libssl/src/engines/ccgost/gost_lcl.h
deleted file mode 100644
index 00aa42cea4..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gost_lcl.h
+++ /dev/null
@@ -1,218 +0,0 @@
1#ifndef GOST_TOOLS_H
2#define GOST_TOOLS_H
3/**********************************************************************
4 * gost_lcl.h *
5 * Copyright (c) 2006 Cryptocom LTD *
6 * This file is distributed under the same license as OpenSSL *
7 * *
8 * Internal declarations used in GOST engine *
9 * OpenSSL 0.9.9 libraries required to compile and use *
10 * this code *
11 **********************************************************************/
12#include <openssl/bn.h>
13#include <openssl/evp.h>
14#include <openssl/dsa.h>
15#include <openssl/asn1t.h>
16#include <openssl/x509.h>
17#include <openssl/engine.h>
18#include <openssl/ec.h>
19#include "gost89.h"
20#include "gosthash.h"
21/* Control commands */
22#define GOST_PARAM_CRYPT_PARAMS 0
23#define GOST_PARAM_MAX 0
24#define GOST_CTRL_CRYPT_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_CRYPT_PARAMS)
25
26 extern const ENGINE_CMD_DEFN gost_cmds[];
27 int gost_control_func(ENGINE *e,int cmd, long i, void *p, void (*f)(void));
28 const char *get_gost_engine_param(int param);
29 int gost_set_default_param(int param, const char *value);
30 void gost_param_free(void);
31
32/* method registration */
33
34 int register_ameth_gost (int nid, EVP_PKEY_ASN1_METHOD **ameth, const char* pemstr, const char* info);
35 int register_pmeth_gost (int id, EVP_PKEY_METHOD **pmeth, int flags);
36
37/* Gost-specific pmeth control-function parameters */
38/* For GOST R34.10 parameters */
39#define param_ctrl_string "paramset"
40#define EVP_PKEY_CTRL_GOST_PARAMSET (EVP_PKEY_ALG_CTRL+1)
41/* For GOST 28147 MAC */
42#define key_ctrl_string "key"
43#define hexkey_ctrl_string "hexkey"
44#define EVP_PKEY_CTRL_GOST_MAC_HEXKEY (EVP_PKEY_ALG_CTRL+3)
45/* Pmeth internal representation */
46 struct gost_pmeth_data {
47 int sign_param_nid; /* Should be set whenever parameters are filled */
48 EVP_MD *md;
49 unsigned char *shared_ukm;
50 int peer_key_used;
51 };
52
53 struct gost_mac_pmeth_data {
54 int key_set;
55 EVP_MD *md;
56 unsigned char key[32];
57 } ;
58/* GOST-specific ASN1 structures */
59
60
61typedef struct {
62 ASN1_OCTET_STRING *encrypted_key;
63 ASN1_OCTET_STRING *imit;
64} GOST_KEY_INFO;
65
66DECLARE_ASN1_FUNCTIONS(GOST_KEY_INFO)
67
68typedef struct {
69 ASN1_OBJECT *cipher;
70 X509_PUBKEY *ephem_key;
71 ASN1_OCTET_STRING *eph_iv;
72} GOST_KEY_AGREEMENT_INFO;
73
74DECLARE_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO)
75
76typedef struct {
77 GOST_KEY_INFO *key_info;
78 GOST_KEY_AGREEMENT_INFO *key_agreement_info;
79} GOST_KEY_TRANSPORT;
80
81DECLARE_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT)
82
83typedef struct { /* FIXME incomplete */
84 GOST_KEY_TRANSPORT *gkt;
85} GOST_CLIENT_KEY_EXCHANGE_PARAMS;
86
87/* Hacks to shorten symbols to 31 characters or less, or OpenVMS.
88 This mimics what's done in symhacks.h, but since this is a very
89 local header file, I prefered to put this hack directly here.
90 -- Richard Levitte */
91#ifdef OPENSSL_SYS_VMS
92#undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_it
93#define GOST_CLIENT_KEY_EXCHANGE_PARAMS_it GOST_CLIENT_KEY_EXC_PARAMS_it
94#undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_new
95#define GOST_CLIENT_KEY_EXCHANGE_PARAMS_new GOST_CLIENT_KEY_EXC_PARAMS_new
96#undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_free
97#define GOST_CLIENT_KEY_EXCHANGE_PARAMS_free GOST_CLIENT_KEY_EXC_PARAMS_free
98#undef d2i_GOST_CLIENT_KEY_EXCHANGE_PARAMS
99#define d2i_GOST_CLIENT_KEY_EXCHANGE_PARAMS d2i_GOST_CLIENT_KEY_EXC_PARAMS
100#undef i2d_GOST_CLIENT_KEY_EXCHANGE_PARAMS
101#define i2d_GOST_CLIENT_KEY_EXCHANGE_PARAMS i2d_GOST_CLIENT_KEY_EXC_PARAMS
102#endif /* End of hack */
103DECLARE_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
104typedef struct {
105 ASN1_OBJECT *key_params;
106 ASN1_OBJECT *hash_params;
107 ASN1_OBJECT *cipher_params;
108} GOST_KEY_PARAMS;
109
110DECLARE_ASN1_FUNCTIONS(GOST_KEY_PARAMS)
111
112typedef struct {
113 ASN1_OCTET_STRING *iv;
114 ASN1_OBJECT *enc_param_set;
115} GOST_CIPHER_PARAMS;
116
117DECLARE_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS)
118/*============== Message digest and cipher related structures ==========*/
119 /* Structure used as EVP_MD_CTX-md_data.
120 * It allows to avoid storing in the md-data pointers to
121 * dynamically allocated memory.
122 *
123 * I cannot invent better way to avoid memory leaks, because
124 * openssl insist on invoking Init on Final-ed digests, and there
125 * is no reliable way to find out whether pointer in the passed
126 * md_data is valid or not.
127 * */
128struct ossl_gost_digest_ctx {
129 gost_hash_ctx dctx;
130 gost_ctx cctx;
131};
132/* EVP_MD structure for GOST R 34.11 */
133extern EVP_MD digest_gost;
134/* EVP_MD structure for GOST 28147 in MAC mode */
135extern EVP_MD imit_gost_cpa;
136/* Cipher context used for EVP_CIPHER operation */
137struct ossl_gost_cipher_ctx {
138 int paramNID;
139 unsigned int count;
140 int key_meshing;
141 gost_ctx cctx;
142};
143/* Structure to map parameter NID to S-block */
144struct gost_cipher_info {
145 int nid;
146 gost_subst_block *sblock;
147 int key_meshing;
148};
149/* Context for MAC */
150struct ossl_gost_imit_ctx {
151 gost_ctx cctx;
152 unsigned char buffer[8];
153 unsigned char partial_block[8];
154 unsigned int count;
155 int key_meshing;
156 int bytes_left;
157 int key_set;
158};
159/* Table which maps parameter NID to S-blocks */
160extern struct gost_cipher_info gost_cipher_list[];
161/* Find encryption params from ASN1_OBJECT */
162const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj);
163/* Implementation of GOST 28147-89 cipher in CFB and CNT modes */
164extern EVP_CIPHER cipher_gost;
165extern EVP_CIPHER cipher_gost_cpacnt;
166#define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3)
167#define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4)
168/* EVP_PKEY_METHOD key encryption callbacks */
169/* From gost94_keyx.c */
170int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* key, size_t key_len );
171
172int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* in, size_t in_len );
173/* From gost2001_keyx.c */
174int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* key, size_t key_len );
175
176int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* in, size_t in_len );
177/* derive functions */
178/* From gost2001_keyx.c */
179int pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
180/* From gost94_keyx.c */
181int pkey_gost94_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
182/* Internal functions for signature algorithms */
183int fill_GOST94_params(DSA *dsa,int nid);
184int fill_GOST2001_params(EC_KEY *eckey, int nid);
185int gost_sign_keygen(DSA *dsa) ;
186int gost2001_keygen(EC_KEY *ec) ;
187
188DSA_SIG *gost_do_sign(const unsigned char *dgst,int dlen, DSA *dsa) ;
189DSA_SIG *gost2001_do_sign(const unsigned char *dgst,int dlen, EC_KEY *eckey);
190
191int gost_do_verify(const unsigned char *dgst, int dgst_len,
192 DSA_SIG *sig, DSA *dsa) ;
193int gost2001_do_verify(const unsigned char *dgst,int dgst_len,
194 DSA_SIG *sig, EC_KEY *ec);
195int gost2001_compute_public(EC_KEY *ec) ;
196int gost94_compute_public(DSA *dsa) ;
197/*============== miscellaneous functions============================= */
198/* from gost_sign.c */
199/* Convert GOST R 34.11 hash sum to bignum according to standard */
200BIGNUM *hashsum2bn(const unsigned char *dgst) ;
201/* Store bignum in byte array of given length, prepending by zeros
202 * if nesseccary */
203int store_bignum(BIGNUM *bn, unsigned char *buf,int len);
204/* Read bignum, which can have few MSB all-zeros from buffer*/
205BIGNUM *getbnfrombuf(const unsigned char *buf,size_t len);
206/* Pack GOST R 34.10 signature according to CryptoPro rules */
207int pack_sign_cp(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen);
208/* Unpack GOST R 34.10 signature according to CryptoPro rules */
209DSA_SIG *unpack_cp_signature(const unsigned char *sig,size_t siglen) ;
210/* from ameth.c */
211/* Get private key as BIGNUM from both R 34.10-94 and R 34.10-2001 keys*/
212/* Returns pointer into EVP_PKEY structure */
213BIGNUM* gost_get0_priv_key(const EVP_PKEY *pkey) ;
214/* Find NID by GOST 94 parameters */
215int gost94_nid_by_params(DSA *p) ;
216
217
218#endif
diff --git a/src/lib/libssl/src/engines/ccgost/gost_md.c b/src/lib/libssl/src/engines/ccgost/gost_md.c
deleted file mode 100644
index 417e10887b..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gost_md.c
+++ /dev/null
@@ -1,75 +0,0 @@
1/**********************************************************************
2 * md_gost.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * OpenSSL interface to GOST R 34.11-94 hash functions *
7 * Requires OpenSSL 0.9.9 for compilation *
8 **********************************************************************/
9#include <string.h>
10#include "gost_lcl.h"
11#include "gosthash.h"
12#include "e_gost_err.h"
13
14/* implementation of GOST 34.11 hash function See gost_md.c*/
15static int gost_digest_init(EVP_MD_CTX *ctx);
16static int gost_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count);
17static int gost_digest_final(EVP_MD_CTX *ctx,unsigned char *md);
18static int gost_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from);
19static int gost_digest_cleanup(EVP_MD_CTX *ctx);
20
21EVP_MD digest_gost=
22 {
23 NID_id_GostR3411_94,
24 NID_undef,
25 32,
26 EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
27 gost_digest_init,
28 gost_digest_update,
29 gost_digest_final,
30 gost_digest_copy,
31 gost_digest_cleanup,
32 NULL,
33 NULL,
34 {NID_undef,NID_undef,0,0,0},
35 32,
36 sizeof(struct ossl_gost_digest_ctx ),
37 NULL
38 };
39
40int gost_digest_init(EVP_MD_CTX *ctx)
41 {
42 struct ossl_gost_digest_ctx *c = ctx->md_data;
43 memset(&(c->dctx),0,sizeof(gost_hash_ctx));
44 gost_init(&(c->cctx),&GostR3411_94_CryptoProParamSet);
45 c->dctx.cipher_ctx= &(c->cctx);
46 return 1;
47 }
48
49int gost_digest_update(EVP_MD_CTX *ctx,const void *data,size_t count)
50 {
51 return hash_block((gost_hash_ctx *)ctx->md_data,data,count);
52 }
53
54int gost_digest_final(EVP_MD_CTX *ctx,unsigned char *md)
55 {
56 return finish_hash((gost_hash_ctx *)ctx->md_data,md);
57
58 }
59
60int gost_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
61 {
62 struct ossl_gost_digest_ctx *md_ctx=to->md_data;
63 if (to->md_data && from->md_data) {
64 memcpy(to->md_data,from->md_data,sizeof(struct ossl_gost_digest_ctx));
65 md_ctx->dctx.cipher_ctx=&(md_ctx->cctx);
66 }
67 return 1;
68 }
69
70int gost_digest_cleanup(EVP_MD_CTX *ctx)
71 {
72 if (ctx->md_data)
73 memset(ctx->md_data,0,sizeof(struct ossl_gost_digest_ctx));
74 return 1;
75 }
diff --git a/src/lib/libssl/src/engines/ccgost/gost_params.c b/src/lib/libssl/src/engines/ccgost/gost_params.c
deleted file mode 100644
index 40fc343af1..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gost_params.c
+++ /dev/null
@@ -1,198 +0,0 @@
1/**********************************************************************
2 * params.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * Definitions of GOST R 34.10 parameter sets, defined in RFC 4357 *
7 * OpenSSL 0.9.9 libraries required to compile and use *
8 * this code *
9 **********************************************************************/
10#include "gost_params.h"
11#include <openssl/objects.h>
12/* Parameters of GOST 34.10 */
13
14R3410_params R3410_paramset[]={
15/* Paramset A */
16{NID_id_GostR3410_94_CryptoPro_A_ParamSet,
17"100997906755055304772081815535925224869"
18"8410825720534578748235158755771479905292727772441528526992987964833"
19"5669968284202797289605274717317548059048560713474685214192868091256"
20"1502802222185647539190902656116367847270145019066794290930185446216"
21"3997308722217328898303231940973554032134009725883228768509467406639"
22"62",
23"127021248288932417465907042777176443525"
24"7876535089165358128175072657050312609850984974231883334834011809259"
25"9999512098893413065920561499672425412104927434935707492031276956145"
26"1689224110579311248812610229678534638401693520013288995000362260684"
27"2227508135323070045173416336850045410625869714168836867788425378203"
28"83",
29"683631961449557007844441656118272528951"
30"02170888761442055095051287550314083023"},
31{NID_id_GostR3410_94_CryptoPro_B_ParamSet,
32"429418261486158041438734477379555023926"
33"7234596860714306679811299408947123142002706038521669956384871995765"
34"7284814898909770759462613437669456364882730370838934791080835932647"
35"9767786019153434744009610342313166725786869204821949328786333602033"
36"8479709268434224762105576023501613261478065276102850944540333865234"
37"1",
38"139454871199115825601409655107690713107"
39"0417070599280317977580014543757653577229840941243685222882398330391"
40"1468164807668823692122073732267216074074777170091113455043205380464"
41"7694904686120113087816240740184800477047157336662926249423571248823"
42"9685422217536601433914856808405203368594584948031873412885804895251"
43"63",
44"79885141663410976897627118935756323747307951916507639758300472692338873533959"
45},
46{NID_id_GostR3410_94_CryptoPro_C_ParamSet,
47"816552717970881016017893191415300348226"
48"2544051353358162468249467681876621283478212884286545844013955142622"
49"2087723485023722868022275009502224827866201744494021697716482008353"
50"6398202298024892620480898699335508064332313529725332208819456895108"
51"5155178100221003459370588291073071186553005962149936840737128710832"
52"3",
53"110624679233511963040518952417017040248"
54"5862954819831383774196396298584395948970608956170224210628525560327"
55"8638246716655439297654402921844747893079518669992827880792192992701"
56"1428546551433875806377110443534293554066712653034996277099320715774"
57"3542287621283671843703709141350171945045805050291770503634517804938"
58"01",
59"113468861199819350564868233378875198043"
60"267947776488510997961231672532899549103"
61},
62{NID_id_GostR3410_94_CryptoPro_D_ParamSet,
63"756976611021707301782128757801610628085"
64"5283803109571158829574281419208532589041660017017859858216341400371"
65"4687551412794400562878935266630754392677014598582103365983119173924"
66"4732511225464712252386803315902707727668715343476086350472025298282"
67"7271461690125050616858238384366331089777463541013033926723743254833"
68"7",
69"905457649621929965904290958774625315611"
70"3056083907389766971404812524422262512556054474620855996091570786713"
71"5849550236741915584185990627801066465809510095784713989819413820871"
72"5964648914493053407920737078890520482730623038837767710173664838239"
73"8574828787891286471201460474326612697849693665518073864436497893214"
74"9",
75"108988435796353506912374591498972192620"
76"190487557619582334771735390599299211593"
77},
78
79{NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,
80"1335318132727206734338595199483190012179423759678474868994823595993"
81"6964252873471246159040332773182141032801252925387191478859899310331"
82"0567744136196364803064721377826656898686468463277710150809401182608"
83"7702016153249904683329312949209127762411378780302243557466062839716"
84"59376426832674269780880061631528163475887",
85"14201174159756348119636828602231808974327613839524373876287257344192"
86"74593935127189736311660784676003608489466235676257952827747192122419"
87"29071046134208380636394084512691828894000571524625445295769349356752"
88"72895683154177544176313938445719175509684710784659566254794231229333"
89"8483924514339614727760681880609734239",
90"91771529896554605945588149018382750217296858393520724172743325725474"
91"374979801"
92},
93{NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,
94"8890864727828423151699995801875757891031463338652579140051973659"
95"3048131440685857067369829407947744496306656291505503608252399443"
96"7900272386749145996230867832228661977543992816745254823298629859"
97"8753575466286051738837854736167685769017780335804511440773337196"
98"2538423532919394477873664752824509986617878992443177",
99"1028946126624994859676552074360530315217970499989304888248413244"
100"8474923022758470167998871003604670704877377286176171227694098633"
101"1539089568784129110109512690503345393869871295783467257264868341"
102"7200196629860561193666752429682367397084815179752036423595736533"
103"68957392061769855284593965042530895046088067160269433",
104"9109671391802626916582318050603555673628769498182593088388796888"
105"5281641595199"
106},
107{NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,
108"4430618464297584182473135030809859326863990650118941756995270074"
109"8609973181426950235239623239110557450826919295792878938752101867"
110"7047181623251027516953100431855964837602657827828194249605561893"
111"6965865325513137194483136247773653468410118796740709840825496997"
112"9375560722345106704721086025979309968763193072908334",
113"1246996366993477513607147265794064436203408861395055989217248455"
114"7299870737698999651480662364723992859320868822848751165438350943"
115"3276647222625940615560580450040947211826027729977563540237169063"
116"0448079715771649447778447000597419032457722226253269698374446528"
117"35352729304393746106576383349151001715930924115499549",
118"6787876137336591234380295020065682527118129468050147943114675429"
119"4748422492761"
120},
121
122
123{NID_undef,NULL, NULL, NULL}
124};
125
126R3410_2001_params R3410_2001_paramset[]={
127 /* default_cc_sign01_param 1.2.643.2.9.1.8.1 */
128 {NID_id_GostR3410_2001_ParamSet_cc,
129 /* A */
130 "C0000000000000000000000000000000000000000000000000000000000003c4",
131 /* B */
132 "2d06B4265ebc749ff7d0f1f1f88232e81632e9088fd44b7787d5e407e955080c",
133 /* P */
134 "C0000000000000000000000000000000000000000000000000000000000003C7",
135 /* Q */
136 "5fffffffffffffffffffffffffffffff606117a2f4bde428b7458a54b6e87b85",
137 /* X */
138 "2",
139 /* Y */
140 "a20e034bf8813ef5c18d01105e726a17eb248b264ae9706f440bedc8ccb6b22c"
141 },
142 /* 1.2.643.2.2.35.0 */
143 {NID_id_GostR3410_2001_TestParamSet,
144 "7",
145 "5FBFF498AA938CE739B8E022FBAFEF40563F6E6A3472FC2A514C0CE9DAE23B7E",
146 "8000000000000000000000000000000000000000000000000000000000000431",
147 "8000000000000000000000000000000150FE8A1892976154C59CFC193ACCF5B3",
148 "2",
149 "08E2A8A0E65147D4BD6316030E16D19C85C97F0A9CA267122B96ABBCEA7E8FC8"
150 },
151 /*1.2.643.2.2.35.1*/
152 {NID_id_GostR3410_2001_CryptoPro_A_ParamSet,
153 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94",
154 "a6",
155 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97",
156 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893",
157 "1",
158 "8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14"
159 },
160 /*1.2.643.2.2.35.2*/
161 {NID_id_GostR3410_2001_CryptoPro_B_ParamSet,
162 "8000000000000000000000000000000000000000000000000000000000000C96",
163 "3E1AF419A269A5F866A7D3C25C3DF80AE979259373FF2B182F49D4CE7E1BBC8B",
164 "8000000000000000000000000000000000000000000000000000000000000C99",
165 "800000000000000000000000000000015F700CFFF1A624E5E497161BCC8A198F",
166 "1",
167 "3FA8124359F96680B83D1C3EB2C070E5C545C9858D03ECFB744BF8D717717EFC"
168 },
169 /*1.2.643.2.2.35.3*/
170 {NID_id_GostR3410_2001_CryptoPro_C_ParamSet,
171 "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D7598",
172 "805a",
173 "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D759B",
174 "9B9F605F5A858107AB1EC85E6B41C8AA582CA3511EDDFB74F02F3A6598980BB9",
175 "0",
176 "41ECE55743711A8C3CBF3783CD08C0EE4D4DC440D4641A8F366E550DFDB3BB67"
177 },
178 /*1.2.643.2.2.36.0*/
179 {NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,
180 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94",
181 "a6",
182 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97",
183 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893",
184 "1",
185 "8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14"
186 },
187 /*1.2.643.2.2.36.1*/
188 {NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,
189 "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D7598",
190 "805a",
191 "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D759B",
192 "9B9F605F5A858107AB1EC85E6B41C8AA582CA3511EDDFB74F02F3A6598980BB9",
193 "0",
194 "41ECE55743711A8C3CBF3783CD08C0EE4D4DC440D4641A8F366E550DFDB3BB67"
195 },
196 { 0,NULL,NULL,NULL,NULL,NULL,NULL
197 }
198};
diff --git a/src/lib/libssl/src/engines/ccgost/gost_params.h b/src/lib/libssl/src/engines/ccgost/gost_params.h
deleted file mode 100644
index 4c3f5567d7..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gost_params.h
+++ /dev/null
@@ -1,34 +0,0 @@
1/**********************************************************************
2 * gost_params.h *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * Declaration of structures used to represent GOST R 34.10 *
7 * parameter sets, defined in RFC 4357 *
8 * OpenSSL 0.9.9 libraries required to compile and use *
9 * this code *
10 **********************************************************************/
11#ifndef GOST_PARAMSET_H
12#define GOST_PARAMSET_H
13typedef struct R3410 {
14 int nid;
15 char *a;
16 char *p;
17 char *q;
18} R3410_params;
19
20extern R3410_params R3410_paramset[];
21
22typedef struct R3410_2001 {
23 int nid;
24 char *a;
25 char *b;
26 char *p;
27 char *q;
28 char *x;
29 char *y;
30} R3410_2001_params;
31
32extern R3410_2001_params R3410_2001_paramset[];
33
34#endif
diff --git a/src/lib/libssl/src/engines/ccgost/gost_pmeth.c b/src/lib/libssl/src/engines/ccgost/gost_pmeth.c
deleted file mode 100644
index f91c9b1939..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gost_pmeth.c
+++ /dev/null
@@ -1,628 +0,0 @@
1/**********************************************************************
2 * gost_pmeth.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * Implementation of RFC 4357 (GOST R 34.10) Publick key method *
7 * for OpenSSL *
8 * Requires OpenSSL 0.9.9 for compilation *
9 **********************************************************************/
10#include <openssl/evp.h>
11#include <openssl/objects.h>
12#include <openssl/ec.h>
13#include <openssl/x509v3.h> /*For string_to_hex */
14#include <stdlib.h>
15#include <string.h>
16#include <ctype.h>
17#include "gost_params.h"
18#include "gost_lcl.h"
19#include "e_gost_err.h"
20/*-------init, cleanup, copy - uniform for all algs ---------------*/
21/* Allocates new gost_pmeth_data structure and assigns it as data */
22static int pkey_gost_init(EVP_PKEY_CTX *ctx)
23 {
24 struct gost_pmeth_data *data;
25 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
26 data = OPENSSL_malloc(sizeof(struct gost_pmeth_data));
27 if (!data) return 0;
28 memset(data,0,sizeof(struct gost_pmeth_data));
29 if (pkey && EVP_PKEY_get0(pkey))
30 {
31 switch (EVP_PKEY_base_id(pkey)) {
32 case NID_id_GostR3410_94:
33 data->sign_param_nid = gost94_nid_by_params(EVP_PKEY_get0(pkey));
34 break;
35 case NID_id_GostR3410_2001:
36 data->sign_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey)));
37 break;
38 default:
39 return 0;
40 }
41 }
42 EVP_PKEY_CTX_set_data(ctx,data);
43 return 1;
44 }
45
46/* Copies contents of gost_pmeth_data structure */
47static int pkey_gost_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
48 {
49 struct gost_pmeth_data *dst_data,*src_data;
50 if (!pkey_gost_init(dst))
51 {
52 return 0;
53 }
54 src_data = EVP_PKEY_CTX_get_data(src);
55 dst_data = EVP_PKEY_CTX_get_data(dst);
56 *dst_data = *src_data;
57 if (src_data -> shared_ukm) {
58 dst_data->shared_ukm=NULL;
59 }
60 return 1;
61 }
62
63/* Frees up gost_pmeth_data structure */
64static void pkey_gost_cleanup (EVP_PKEY_CTX *ctx)
65 {
66 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
67 if (data->shared_ukm) OPENSSL_free(data->shared_ukm);
68 OPENSSL_free(data);
69 }
70
71/* --------------------- control functions ------------------------------*/
72static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
73 {
74 struct gost_pmeth_data *pctx = (struct gost_pmeth_data*)EVP_PKEY_CTX_get_data(ctx);
75 switch (type)
76 {
77 case EVP_PKEY_CTRL_MD:
78 {
79 if (EVP_MD_type((const EVP_MD *)p2) != NID_id_GostR3411_94)
80 {
81 GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_INVALID_DIGEST_TYPE);
82 return 0;
83 }
84 pctx->md = (EVP_MD *)p2;
85 return 1;
86 }
87 break;
88
89 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
90 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
91 case EVP_PKEY_CTRL_PKCS7_SIGN:
92 case EVP_PKEY_CTRL_DIGESTINIT:
93#ifndef OPENSSL_NO_CMS
94 case EVP_PKEY_CTRL_CMS_ENCRYPT:
95 case EVP_PKEY_CTRL_CMS_DECRYPT:
96 case EVP_PKEY_CTRL_CMS_SIGN:
97#endif
98 return 1;
99
100 case EVP_PKEY_CTRL_GOST_PARAMSET:
101 pctx->sign_param_nid = (int)p1;
102 return 1;
103 case EVP_PKEY_CTRL_SET_IV:
104 pctx->shared_ukm=OPENSSL_malloc((int)p1);
105 memcpy(pctx->shared_ukm,p2,(int) p1);
106 return 1;
107 case EVP_PKEY_CTRL_PEER_KEY:
108 if (p1 == 0 || p1 == 1) /* call from EVP_PKEY_derive_set_peer */
109 return 1;
110 if (p1 == 2) /* TLS: peer key used? */
111 return pctx->peer_key_used;
112 if (p1 == 3) /* TLS: peer key used! */
113 return (pctx->peer_key_used = 1);
114 return -2;
115 }
116 return -2;
117 }
118
119
120static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx,
121 const char *type, const char *value)
122 {
123 int param_nid=0;
124 if(!strcmp(type, param_ctrl_string))
125 {
126 if (!value)
127 {
128 return 0;
129 }
130 if (strlen(value) == 1)
131 {
132 switch(toupper((unsigned char)value[0]))
133 {
134 case 'A':
135 param_nid = NID_id_GostR3410_94_CryptoPro_A_ParamSet;
136 break;
137 case 'B':
138 param_nid = NID_id_GostR3410_94_CryptoPro_B_ParamSet;
139 break;
140 case 'C':
141 param_nid = NID_id_GostR3410_94_CryptoPro_C_ParamSet;
142 break;
143 case 'D':
144 param_nid = NID_id_GostR3410_94_CryptoPro_D_ParamSet;
145 break;
146 default:
147 return 0;
148 break;
149 }
150 }
151 else if ((strlen(value) == 2) && (toupper((unsigned char)value[0]) == 'X'))
152 {
153 switch (toupper((unsigned char)value[1]))
154 {
155 case 'A':
156 param_nid = NID_id_GostR3410_94_CryptoPro_XchA_ParamSet;
157 break;
158 case 'B':
159 param_nid = NID_id_GostR3410_94_CryptoPro_XchB_ParamSet;
160 break;
161 case 'C':
162 param_nid = NID_id_GostR3410_94_CryptoPro_XchC_ParamSet;
163 break;
164 default:
165 return 0;
166 break;
167 }
168 }
169 else
170 {
171 R3410_params *p = R3410_paramset;
172 param_nid = OBJ_txt2nid(value);
173 if (param_nid == NID_undef)
174 {
175 return 0;
176 }
177 for (;p->nid != NID_undef;p++)
178 {
179 if (p->nid == param_nid) break;
180 }
181 if (p->nid == NID_undef)
182 {
183 GOSTerr(GOST_F_PKEY_GOST_CTRL94_STR,
184 GOST_R_INVALID_PARAMSET);
185 return 0;
186 }
187 }
188
189 return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
190 param_nid, NULL);
191 }
192 return -2;
193 }
194
195static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx,
196 const char *type, const char *value)
197 {
198 int param_nid=0;
199 if(!strcmp(type, param_ctrl_string))
200 {
201 if (!value)
202 {
203 return 0;
204 }
205 if (strlen(value) == 1)
206 {
207 switch(toupper((unsigned char)value[0]))
208 {
209 case 'A':
210 param_nid = NID_id_GostR3410_2001_CryptoPro_A_ParamSet;
211 break;
212 case 'B':
213 param_nid = NID_id_GostR3410_2001_CryptoPro_B_ParamSet;
214 break;
215 case 'C':
216 param_nid = NID_id_GostR3410_2001_CryptoPro_C_ParamSet;
217 break;
218 case '0':
219 param_nid = NID_id_GostR3410_2001_TestParamSet;
220 break;
221 default:
222 return 0;
223 break;
224 }
225 }
226 else if ((strlen(value) == 2) && (toupper((unsigned char)value[0]) == 'X'))
227 {
228 switch (toupper((unsigned char)value[1]))
229 {
230 case 'A':
231 param_nid = NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet;
232 break;
233 case 'B':
234 param_nid = NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet;
235 break;
236 default:
237 return 0;
238 break;
239 }
240 }
241 else
242 {
243 R3410_2001_params *p = R3410_2001_paramset;
244 param_nid = OBJ_txt2nid(value);
245 if (param_nid == NID_undef)
246 {
247 return 0;
248 }
249 for (;p->nid != NID_undef;p++)
250 {
251 if (p->nid == param_nid) break;
252 }
253 if (p->nid == NID_undef)
254 {
255 GOSTerr(GOST_F_PKEY_GOST_CTRL01_STR,
256 GOST_R_INVALID_PARAMSET);
257 return 0;
258 }
259 }
260
261 return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
262 param_nid, NULL);
263 }
264 return -2;
265 }
266
267/* --------------------- key generation --------------------------------*/
268
269static int pkey_gost_paramgen_init(EVP_PKEY_CTX *ctx) {
270 return 1;
271}
272static int pkey_gost94_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
273 {
274 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
275 DSA *dsa=NULL;
276 if (data->sign_param_nid == NID_undef)
277 {
278 GOSTerr(GOST_F_PKEY_GOST94_PARAMGEN,
279 GOST_R_NO_PARAMETERS_SET);
280 return 0;
281 }
282 dsa = DSA_new();
283 if (!fill_GOST94_params(dsa,data->sign_param_nid))
284 {
285 DSA_free(dsa);
286 return 0;
287 }
288 EVP_PKEY_assign(pkey,NID_id_GostR3410_94,dsa);
289 return 1;
290 }
291static int pkey_gost01_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
292 {
293 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
294 EC_KEY *ec=NULL;
295
296 if (data->sign_param_nid == NID_undef)
297 {
298 GOSTerr(GOST_F_PKEY_GOST01_PARAMGEN,
299 GOST_R_NO_PARAMETERS_SET);
300 return 0;
301 }
302 if (!ec)
303 ec = EC_KEY_new();
304 if (!fill_GOST2001_params(ec,data->sign_param_nid))
305 {
306 EC_KEY_free(ec);
307 return 0;
308 }
309 EVP_PKEY_assign(pkey,NID_id_GostR3410_2001,ec);
310 return 1;
311 }
312
313/* Generates Gost_R3410_94_cp key */
314static int pkey_gost94cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
315 {
316 DSA *dsa;
317 if (!pkey_gost94_paramgen(ctx,pkey)) return 0;
318 dsa = EVP_PKEY_get0(pkey);
319 gost_sign_keygen(dsa);
320 return 1;
321 }
322
323/* Generates GOST_R3410 2001 key and assigns it using specified type */
324static int pkey_gost01cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
325 {
326 EC_KEY *ec;
327 if (!pkey_gost01_paramgen(ctx,pkey)) return 0;
328 ec = EVP_PKEY_get0(pkey);
329 gost2001_keygen(ec);
330 return 1;
331 }
332
333
334
335/* ----------- sign callbacks --------------------------------------*/
336
337static int pkey_gost94_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
338 const unsigned char *tbs, size_t tbs_len)
339 {
340 DSA_SIG *unpacked_sig=NULL;
341 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
342 if (!siglen) return 0;
343 if (!sig)
344 {
345 *siglen= 64; /* better to check size of pkey->pkey.dsa-q */
346 return 1;
347 }
348 unpacked_sig = gost_do_sign(tbs,tbs_len,EVP_PKEY_get0(pkey));
349 if (!unpacked_sig)
350 {
351 return 0;
352 }
353 return pack_sign_cp(unpacked_sig,32,sig,siglen);
354 }
355
356static int pkey_gost01_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
357 const unsigned char *tbs, size_t tbs_len)
358 {
359 DSA_SIG *unpacked_sig=NULL;
360 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
361 if (!siglen) return 0;
362 if (!sig)
363 {
364 *siglen= 64; /* better to check size of curve order*/
365 return 1;
366 }
367 unpacked_sig = gost2001_do_sign(tbs,tbs_len,EVP_PKEY_get0(pkey));
368 if (!unpacked_sig)
369 {
370 return 0;
371 }
372 return pack_sign_cp(unpacked_sig,32,sig,siglen);
373 }
374
375/* ------------------- verify callbacks ---------------------------*/
376
377static int pkey_gost94_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
378 size_t siglen, const unsigned char *tbs, size_t tbs_len)
379 {
380 int ok = 0;
381 EVP_PKEY* pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
382 DSA_SIG *s=unpack_cp_signature(sig,siglen);
383 if (!s) return 0;
384 if (pub_key) ok = gost_do_verify(tbs,tbs_len,s,EVP_PKEY_get0(pub_key));
385 DSA_SIG_free(s);
386 return ok;
387 }
388
389
390static int pkey_gost01_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
391 size_t siglen, const unsigned char *tbs, size_t tbs_len)
392 {
393 int ok = 0;
394 EVP_PKEY* pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
395 DSA_SIG *s=unpack_cp_signature(sig,siglen);
396 if (!s) return 0;
397#ifdef DEBUG_SIGN
398 fprintf(stderr,"R=");
399 BN_print_fp(stderr,s->r);
400 fprintf(stderr,"\nS=");
401 BN_print_fp(stderr,s->s);
402 fprintf(stderr,"\n");
403#endif
404 if (pub_key) ok = gost2001_do_verify(tbs,tbs_len,s,EVP_PKEY_get0(pub_key));
405 DSA_SIG_free(s);
406 return ok;
407 }
408
409/* ------------- encrypt init -------------------------------------*/
410/* Generates ephermeral key */
411static int pkey_gost_encrypt_init(EVP_PKEY_CTX *ctx)
412 {
413 return 1;
414 }
415/* --------------- Derive init ------------------------------------*/
416static int pkey_gost_derive_init(EVP_PKEY_CTX *ctx)
417{
418 return 1;
419}
420/* -------- PKEY_METHOD for GOST MAC algorithm --------------------*/
421static int pkey_gost_mac_init(EVP_PKEY_CTX *ctx)
422 {
423 struct gost_mac_pmeth_data *data;
424 data = OPENSSL_malloc(sizeof(struct gost_mac_pmeth_data));
425 if (!data) return 0;
426 memset(data,0,sizeof(struct gost_mac_pmeth_data));
427 EVP_PKEY_CTX_set_data(ctx,data);
428 return 1;
429 }
430static void pkey_gost_mac_cleanup (EVP_PKEY_CTX *ctx)
431 {
432 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
433 OPENSSL_free(data);
434 }
435static int pkey_gost_mac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
436 {
437 struct gost_mac_pmeth_data *dst_data,*src_data;
438 if (!pkey_gost_mac_init(dst))
439 {
440 return 0;
441 }
442 src_data = EVP_PKEY_CTX_get_data(src);
443 dst_data = EVP_PKEY_CTX_get_data(dst);
444 *dst_data = *src_data;
445 return 1;
446 }
447
448static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
449 {
450 struct gost_mac_pmeth_data *data =
451(struct gost_mac_pmeth_data*)EVP_PKEY_CTX_get_data(ctx);
452
453 switch (type)
454 {
455 case EVP_PKEY_CTRL_MD:
456 {
457 if (EVP_MD_type((const EVP_MD *)p2) != NID_id_Gost28147_89_MAC)
458 {
459 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_DIGEST_TYPE);
460 return 0;
461 }
462 data->md = (EVP_MD *)p2;
463 return 1;
464 }
465 break;
466
467 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
468 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
469 case EVP_PKEY_CTRL_PKCS7_SIGN:
470 return 1;
471 case EVP_PKEY_CTRL_SET_MAC_KEY:
472 if (p1 != 32)
473 {
474 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
475 GOST_R_INVALID_MAC_KEY_LENGTH);
476 return 0;
477 }
478
479 memcpy(data->key,p2,32);
480 data->key_set = 1;
481 return 1;
482 case EVP_PKEY_CTRL_DIGESTINIT:
483 {
484 EVP_MD_CTX *mctx = p2;
485 void *key;
486 if (!data->key_set)
487 {
488 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
489 if (!pkey)
490 {
491 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,GOST_R_MAC_KEY_NOT_SET);
492 return 0;
493 }
494 key = EVP_PKEY_get0(pkey);
495 if (!key)
496 {
497 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,GOST_R_MAC_KEY_NOT_SET);
498 return 0;
499 }
500 } else {
501 key = &(data->key);
502 }
503 return mctx->digest->md_ctrl(mctx,EVP_MD_CTRL_SET_KEY,32,key);
504 }
505 }
506 return -2;
507 }
508static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx,
509 const char *type, const char *value)
510 {
511 if (!strcmp(type, key_ctrl_string))
512 {
513 if (strlen(value)!=32)
514 {
515 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
516 GOST_R_INVALID_MAC_KEY_LENGTH);
517 return 0;
518 }
519 return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
520 32,(char *)value);
521 }
522 if (!strcmp(type, hexkey_ctrl_string))
523 {
524 long keylen; int ret;
525 unsigned char *keybuf=string_to_hex(value,&keylen);
526 if (keylen != 32)
527 {
528 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
529 GOST_R_INVALID_MAC_KEY_LENGTH);
530 OPENSSL_free(keybuf);
531 return 0;
532 }
533 ret= pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
534 32,keybuf);
535 OPENSSL_free(keybuf);
536 return ret;
537
538 }
539 return -2;
540 }
541
542static int pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
543 {
544 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
545 unsigned char *keydata;
546 if (!data->key_set)
547 {
548 GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN,GOST_R_MAC_KEY_NOT_SET);
549 return 0;
550 }
551 keydata = OPENSSL_malloc(32);
552 memcpy(keydata,data->key,32);
553 EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata);
554 return 1;
555 }
556
557static int pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
558 {
559 return 1;
560}
561
562static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, EVP_MD_CTX *mctx)
563 {
564 unsigned int tmpsiglen=*siglen; /* for platforms where sizeof(int)!=sizeof(size_t)*/
565 int ret;
566 if (!sig)
567 {
568 *siglen = 4;
569 return 1;
570 }
571 ret=EVP_DigestFinal_ex(mctx,sig,&tmpsiglen);
572 *siglen = tmpsiglen;
573 return ret;
574 }
575/* ----------------------------------------------------------------*/
576int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth,int flags)
577 {
578 *pmeth = EVP_PKEY_meth_new(id, flags);
579 if (!*pmeth) return 0;
580
581 switch (id)
582 {
583 case NID_id_GostR3410_94:
584 EVP_PKEY_meth_set_ctrl(*pmeth,pkey_gost_ctrl, pkey_gost_ctrl94_str);
585 EVP_PKEY_meth_set_keygen(*pmeth,NULL,pkey_gost94cp_keygen);
586 EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost94_cp_sign);
587 EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost94_cp_verify);
588 EVP_PKEY_meth_set_encrypt(*pmeth,
589 pkey_gost_encrypt_init, pkey_GOST94cp_encrypt);
590 EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_GOST94cp_decrypt);
591 EVP_PKEY_meth_set_derive(*pmeth,
592 pkey_gost_derive_init, pkey_gost94_derive);
593 EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,pkey_gost94_paramgen);
594 break;
595 case NID_id_GostR3410_2001:
596 EVP_PKEY_meth_set_ctrl(*pmeth,pkey_gost_ctrl, pkey_gost_ctrl01_str);
597 EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost01_cp_sign);
598 EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost01_cp_verify);
599
600 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost01cp_keygen);
601
602 EVP_PKEY_meth_set_encrypt(*pmeth,
603 pkey_gost_encrypt_init, pkey_GOST01cp_encrypt);
604 EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_GOST01cp_decrypt);
605 EVP_PKEY_meth_set_derive(*pmeth,
606 pkey_gost_derive_init, pkey_gost2001_derive);
607 EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,pkey_gost01_paramgen);
608 break;
609 case NID_id_Gost28147_89_MAC:
610 EVP_PKEY_meth_set_ctrl(*pmeth,pkey_gost_mac_ctrl, pkey_gost_mac_ctrl_str);
611 EVP_PKEY_meth_set_signctx(*pmeth,pkey_gost_mac_signctx_init, pkey_gost_mac_signctx);
612 EVP_PKEY_meth_set_keygen(*pmeth,NULL, pkey_gost_mac_keygen);
613 EVP_PKEY_meth_set_init(*pmeth,pkey_gost_mac_init);
614 EVP_PKEY_meth_set_cleanup(*pmeth,pkey_gost_mac_cleanup);
615 EVP_PKEY_meth_set_copy(*pmeth,pkey_gost_mac_copy);
616 return 1;
617 default: /*Unsupported method*/
618 return 0;
619 }
620 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_init);
621 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_cleanup);
622
623 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_copy);
624 /*FIXME derive etc...*/
625
626 return 1;
627 }
628
diff --git a/src/lib/libssl/src/engines/ccgost/gost_sign.c b/src/lib/libssl/src/engines/ccgost/gost_sign.c
deleted file mode 100644
index 4095654358..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gost_sign.c
+++ /dev/null
@@ -1,321 +0,0 @@
1/**********************************************************************
2 * gost_sign.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * Implementation of GOST R 34.10-94 signature algorithm *
7 * for OpenSSL *
8 * Requires OpenSSL 0.9.9 for compilation *
9 **********************************************************************/
10#include <string.h>
11#include <openssl/rand.h>
12#include <openssl/bn.h>
13#include <openssl/dsa.h>
14#include <openssl/evp.h>
15
16#include "gost_params.h"
17#include "gost_lcl.h"
18#include "e_gost_err.h"
19
20#ifdef DEBUG_SIGN
21void dump_signature(const char *message,const unsigned char *buffer,size_t len)
22 {
23 size_t i;
24 fprintf(stderr,"signature %s Length=%d",message,len);
25 for (i=0; i<len; i++)
26 {
27 if (i% 16 ==0) fputc('\n',stderr);
28 fprintf (stderr," %02x",buffer[i]);
29 }
30 fprintf(stderr,"\nEnd of signature\n");
31 }
32
33void dump_dsa_sig(const char *message, DSA_SIG *sig)
34 {
35 fprintf(stderr,"%s\nR=",message);
36 BN_print_fp(stderr,sig->r);
37 fprintf(stderr,"\nS=");
38 BN_print_fp(stderr,sig->s);
39 fprintf(stderr,"\n");
40 }
41
42#else
43
44#define dump_signature(a,b,c)
45#define dump_dsa_sig(a,b)
46#endif
47
48/*
49 * Computes signature and returns it as DSA_SIG structure
50 */
51DSA_SIG *gost_do_sign(const unsigned char *dgst,int dlen, DSA *dsa)
52 {
53 BIGNUM *k=NULL,*tmp=NULL,*tmp2=NULL;
54 DSA_SIG *newsig = DSA_SIG_new();
55 BIGNUM *md = hashsum2bn(dgst);
56 /* check if H(M) mod q is zero */
57 BN_CTX *ctx=BN_CTX_new();
58 BN_CTX_start(ctx);
59 if (!newsig)
60 {
61 GOSTerr(GOST_F_GOST_DO_SIGN,GOST_R_NO_MEMORY);
62 goto err;
63 }
64 tmp=BN_CTX_get(ctx);
65 k = BN_CTX_get(ctx);
66 tmp2 = BN_CTX_get(ctx);
67 BN_mod(tmp,md,dsa->q,ctx);
68 if (BN_is_zero(tmp))
69 {
70 BN_one(md);
71 }
72 do
73 {
74 do
75 {
76 /*Generate random number k less than q*/
77 BN_rand_range(k,dsa->q);
78 /* generate r = (a^x mod p) mod q */
79 BN_mod_exp(tmp,dsa->g, k, dsa->p,ctx);
80 if (!(newsig->r)) newsig->r=BN_new();
81 BN_mod(newsig->r,tmp,dsa->q,ctx);
82 }
83 while (BN_is_zero(newsig->r));
84 /* generate s = (xr + k(Hm)) mod q */
85 BN_mod_mul(tmp,dsa->priv_key,newsig->r,dsa->q,ctx);
86 BN_mod_mul(tmp2,k,md,dsa->q,ctx);
87 if (!newsig->s) newsig->s=BN_new();
88 BN_mod_add(newsig->s,tmp,tmp2,dsa->q,ctx);
89 }
90 while (BN_is_zero(newsig->s));
91 err:
92 BN_free(md);
93 BN_CTX_end(ctx);
94 BN_CTX_free(ctx);
95 return newsig;
96 }
97
98
99/*
100 * Packs signature according to Cryptocom rules
101 * and frees up DSA_SIG structure
102 */
103/*
104int pack_sign_cc(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen)
105 {
106 *siglen = 2*order;
107 memset(sig,0,*siglen);
108 store_bignum(s->r, sig,order);
109 store_bignum(s->s, sig + order,order);
110 dump_signature("serialized",sig,*siglen);
111 DSA_SIG_free(s);
112 return 1;
113 }
114*/
115/*
116 * Packs signature according to Cryptopro rules
117 * and frees up DSA_SIG structure
118 */
119int pack_sign_cp(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen)
120 {
121 *siglen = 2*order;
122 memset(sig,0,*siglen);
123 store_bignum(s->s, sig, order);
124 store_bignum(s->r, sig+order,order);
125 dump_signature("serialized",sig,*siglen);
126 DSA_SIG_free(s);
127 return 1;
128 }
129
130/*
131 * Verifies signature passed as DSA_SIG structure
132 *
133 */
134
135int gost_do_verify(const unsigned char *dgst, int dgst_len,
136 DSA_SIG *sig, DSA *dsa)
137 {
138 BIGNUM *md, *tmp=NULL;
139 BIGNUM *q2=NULL;
140 BIGNUM *u=NULL,*v=NULL,*z1=NULL,*z2=NULL;
141 BIGNUM *tmp2=NULL,*tmp3=NULL;
142 int ok;
143 BN_CTX *ctx = BN_CTX_new();
144
145 BN_CTX_start(ctx);
146 if (BN_cmp(sig->s,dsa->q)>=1||
147 BN_cmp(sig->r,dsa->q)>=1)
148 {
149 GOSTerr(GOST_F_GOST_DO_VERIFY,GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
150 return 0;
151 }
152 md=hashsum2bn(dgst);
153
154 tmp=BN_CTX_get(ctx);
155 v=BN_CTX_get(ctx);
156 q2=BN_CTX_get(ctx);
157 z1=BN_CTX_get(ctx);
158 z2=BN_CTX_get(ctx);
159 tmp2=BN_CTX_get(ctx);
160 tmp3=BN_CTX_get(ctx);
161 u = BN_CTX_get(ctx);
162
163 BN_mod(tmp,md,dsa->q,ctx);
164 if (BN_is_zero(tmp))
165 {
166 BN_one(md);
167 }
168 BN_copy(q2,dsa->q);
169 BN_sub_word(q2,2);
170 BN_mod_exp(v,md,q2,dsa->q,ctx);
171 BN_mod_mul(z1,sig->s,v,dsa->q,ctx);
172 BN_sub(tmp,dsa->q,sig->r);
173 BN_mod_mul(z2,tmp,v,dsa->p,ctx);
174 BN_mod_exp(tmp,dsa->g,z1,dsa->p,ctx);
175 BN_mod_exp(tmp2,dsa->pub_key,z2,dsa->p,ctx);
176 BN_mod_mul(tmp3,tmp,tmp2,dsa->p,ctx);
177 BN_mod(u,tmp3,dsa->q,ctx);
178 ok= BN_cmp(u,sig->r);
179
180 BN_free(md);
181 BN_CTX_end(ctx);
182 BN_CTX_free(ctx);
183 if (ok!=0)
184 {
185 GOSTerr(GOST_F_GOST_DO_VERIFY,GOST_R_SIGNATURE_MISMATCH);
186 }
187 return (ok==0);
188 }
189
190/*
191 * Computes public keys for GOST R 34.10-94 algorithm
192 *
193 */
194int gost94_compute_public(DSA *dsa)
195 {
196 /* Now fill algorithm parameters with correct values */
197 BN_CTX *ctx = BN_CTX_new();
198 if (!dsa->g)
199 {
200 GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC,GOST_R_KEY_IS_NOT_INITALIZED);
201 return 0;
202 }
203 /* Compute public key y = a^x mod p */
204 dsa->pub_key=BN_new();
205 BN_mod_exp(dsa->pub_key, dsa->g,dsa->priv_key,dsa->p,ctx);
206 BN_CTX_free(ctx);
207 return 1;
208 }
209
210/*
211 * Fill GOST 94 params, searching them in R3410_paramset array
212 * by nid of paramset
213 *
214 */
215int fill_GOST94_params(DSA *dsa,int nid)
216 {
217 R3410_params *params=R3410_paramset;
218 while (params->nid!=NID_undef && params->nid !=nid) params++;
219 if (params->nid == NID_undef)
220 {
221 GOSTerr(GOST_F_FILL_GOST94_PARAMS,GOST_R_UNSUPPORTED_PARAMETER_SET);
222 return 0;
223 }
224#define dump_signature(a,b,c)
225 if (dsa->p) { BN_free(dsa->p); }
226 dsa->p=NULL;
227 BN_dec2bn(&(dsa->p),params->p);
228 if (dsa->q) { BN_free(dsa->q); }
229 dsa->q=NULL;
230 BN_dec2bn(&(dsa->q),params->q);
231 if (dsa->g) { BN_free(dsa->g); }
232 dsa->g=NULL;
233 BN_dec2bn(&(dsa->g),params->a);
234 return 1;
235 }
236
237/*
238 * Generate GOST R 34.10-94 keypair
239 *
240 *
241 */
242int gost_sign_keygen(DSA *dsa)
243 {
244 dsa->priv_key = BN_new();
245 BN_rand_range(dsa->priv_key,dsa->q);
246 return gost94_compute_public( dsa);
247 }
248
249/* Unpack signature according to cryptocom rules */
250/*
251DSA_SIG *unpack_cc_signature(const unsigned char *sig,size_t siglen)
252 {
253 DSA_SIG *s;
254 s = DSA_SIG_new();
255 if (s == NULL)
256 {
257 GOSTerr(GOST_F_UNPACK_CC_SIGNATURE,GOST_R_NO_MEMORY);
258 return(NULL);
259 }
260 s->r = getbnfrombuf(sig, siglen/2);
261 s->s = getbnfrombuf(sig + siglen/2, siglen/2);
262 return s;
263 }
264*/
265/* Unpack signature according to cryptopro rules */
266DSA_SIG *unpack_cp_signature(const unsigned char *sig,size_t siglen)
267 {
268 DSA_SIG *s;
269
270 s = DSA_SIG_new();
271 if (s == NULL)
272 {
273 GOSTerr(GOST_F_UNPACK_CP_SIGNATURE,GOST_R_NO_MEMORY);
274 return NULL;
275 }
276 s->s = getbnfrombuf(sig , siglen/2);
277 s->r = getbnfrombuf(sig + siglen/2, siglen/2);
278 return s;
279 }
280
281/* Convert little-endian byte array into bignum */
282BIGNUM *hashsum2bn(const unsigned char *dgst)
283 {
284 unsigned char buf[32];
285 int i;
286 for (i=0;i<32;i++)
287 {
288 buf[31-i]=dgst[i];
289 }
290 return getbnfrombuf(buf,32);
291 }
292
293/* Convert byte buffer to bignum, skipping leading zeros*/
294BIGNUM *getbnfrombuf(const unsigned char *buf,size_t len)
295 {
296 while (*buf==0&&len>0)
297 {
298 buf++; len--;
299 }
300 if (len)
301 {
302 return BN_bin2bn(buf,len,NULL);
303 }
304 else
305 {
306 BIGNUM *b=BN_new();
307 BN_zero(b);
308 return b;
309 }
310 }
311
312/* Pack bignum into byte buffer of given size, filling all leading bytes
313 * by zeros */
314int store_bignum(BIGNUM *bn, unsigned char *buf,int len)
315 {
316 int bytes = BN_num_bytes(bn);
317 if (bytes>len) return 0;
318 memset(buf,0,len);
319 BN_bn2bin(bn,buf+len-bytes);
320 return 1;
321 }
diff --git a/src/lib/libssl/src/engines/ccgost/gosthash.c b/src/lib/libssl/src/engines/ccgost/gosthash.c
deleted file mode 100644
index 91b2ce8829..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gosthash.c
+++ /dev/null
@@ -1,254 +0,0 @@
1/**********************************************************************
2 * gosthash.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * Implementation of GOST R 34.11-94 hash function *
7 * uses on gost89.c and gost89.h Doesn't need OpenSSL *
8 **********************************************************************/
9#include <string.h>
10
11#include "gost89.h"
12#include "gosthash.h"
13
14
15/* Use OPENSSL_malloc for memory allocation if compiled with
16 * -DOPENSSL_BUILD, and libc malloc otherwise
17 */
18#ifndef MYALLOC
19# ifdef OPENSSL_BUILD
20# include <openssl/crypto.h>
21# define MYALLOC(size) OPENSSL_malloc(size)
22# define MYFREE(ptr) OPENSSL_free(ptr)
23# else
24# define MYALLOC(size) malloc(size)
25# define MYFREE(ptr) free(ptr)
26# endif
27#endif
28/* Following functions are various bit meshing routines used in
29 * GOST R 34.11-94 algorithms */
30static void swap_bytes (byte *w, byte *k)
31 {
32 int i,j;
33 for (i=0;i<4;i++)
34 for (j=0;j<8;j++)
35 k[i+4*j]=w[8*i+j];
36
37 }
38
39/* was A_A */
40static void circle_xor8 (const byte *w, byte *k)
41 {
42 byte buf[8];
43 int i;
44 memcpy(buf,w,8);
45 memmove(k,w+8,24);
46 for(i=0;i<8;i++)
47 k[i+24]=buf[i]^k[i];
48 }
49
50/* was R_R */
51static void transform_3 (byte *data)
52 {
53 unsigned short int acc;
54 acc=(data[0]^data[2]^data[4]^data[6]^data[24]^data[30])|
55 ((data[1]^data[3]^data[5]^data[7]^data[25]^data[31])<<8);
56 memmove(data,data+2,30);
57 data[30]=acc&0xff;
58 data[31]=acc>>8;
59 }
60
61/* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/
62static int add_blocks(int n,byte *left, const byte *right)
63 {
64 int i;
65 int carry=0;
66 int sum;
67 for (i=0;i<n;i++)
68 {
69 sum=(int)left[i]+(int)right[i]+carry;
70 left[i]=sum & 0xff;
71 carry=sum>>8;
72 }
73 return carry;
74 }
75
76/* Xor two sequences of bytes */
77static void xor_blocks (byte *result,const byte *a,const byte *b,size_t len)
78 {
79 size_t i;
80 for (i=0;i<len;i++) result[i]=a[i]^b[i];
81 }
82
83/*
84 * Calculate H(i+1) = Hash(Hi,Mi)
85 * Where H and M are 32 bytes long
86 */
87static int hash_step(gost_ctx *c,byte *H,const byte *M)
88 {
89 byte U[32],W[32],V[32],S[32],Key[32];
90 int i;
91 /* Compute first key */
92 xor_blocks(W,H,M,32);
93 swap_bytes(W,Key);
94 /* Encrypt first 8 bytes of H with first key*/
95 gost_enc_with_key(c,Key,H,S);
96 /* Compute second key*/
97 circle_xor8(H,U);
98 circle_xor8(M,V);
99 circle_xor8(V,V);
100 xor_blocks(W,U,V,32);
101 swap_bytes(W,Key);
102 /* encrypt second 8 bytes of H with second key*/
103 gost_enc_with_key(c,Key,H+8,S+8);
104 /* compute third key */
105 circle_xor8(U,U);
106 U[31]=~U[31]; U[29]=~U[29]; U[28]=~U[28]; U[24]=~U[24];
107 U[23]=~U[23]; U[20]=~U[20]; U[18]=~U[18]; U[17]=~U[17];
108 U[14]=~U[14]; U[12]=~U[12]; U[10]=~U[10]; U[ 8]=~U[ 8];
109 U[ 7]=~U[ 7]; U[ 5]=~U[ 5]; U[ 3]=~U[ 3]; U[ 1]=~U[ 1];
110 circle_xor8(V,V);
111 circle_xor8(V,V);
112 xor_blocks(W,U,V,32);
113 swap_bytes(W,Key);
114 /* encrypt third 8 bytes of H with third key*/
115 gost_enc_with_key(c,Key,H+16,S+16);
116 /* Compute fourth key */
117 circle_xor8(U,U);
118 circle_xor8(V,V);
119 circle_xor8(V,V);
120 xor_blocks(W,U,V,32);
121 swap_bytes(W,Key);
122 /* Encrypt last 8 bytes with fourth key */
123 gost_enc_with_key(c,Key,H+24,S+24);
124 for (i=0;i<12;i++)
125 transform_3(S);
126 xor_blocks(S,S,M,32);
127 transform_3(S);
128 xor_blocks(S,S,H,32);
129 for (i=0;i<61;i++)
130 transform_3(S);
131 memcpy(H,S,32);
132 return 1;
133 }
134
135/* Initialize gost_hash ctx - cleans up temporary structures and
136 * set up substitution blocks
137 */
138int init_gost_hash_ctx(gost_hash_ctx *ctx, const gost_subst_block *subst_block)
139 {
140 memset(ctx,0,sizeof(gost_hash_ctx));
141 ctx->cipher_ctx = (gost_ctx *)MYALLOC(sizeof(gost_ctx));
142 if (!ctx->cipher_ctx)
143 {
144 return 0;
145 }
146 gost_init(ctx->cipher_ctx,subst_block);
147 return 1;
148 }
149
150/*
151 * Free cipher CTX if it is dynamically allocated. Do not use
152 * if cipher ctx is statically allocated as in OpenSSL implementation of
153 * GOST hash algroritm
154 *
155 */
156void done_gost_hash_ctx(gost_hash_ctx *ctx)
157 {
158 /* No need to use gost_destroy, because cipher keys are not really
159 * secret when hashing */
160 MYFREE(ctx->cipher_ctx);
161 }
162
163/*
164 * reset state of hash context to begin hashing new message
165 */
166int start_hash(gost_hash_ctx *ctx)
167 {
168 if (!ctx->cipher_ctx) return 0;
169 memset(&(ctx->H),0,32);
170 memset(&(ctx->S),0,32);
171 ctx->len = 0L;
172 ctx->left=0;
173 return 1;
174 }
175
176/*
177 * Hash block of arbitrary length
178 *
179 *
180 */
181int hash_block(gost_hash_ctx *ctx,const byte *block, size_t length)
182 {
183 if (ctx->left)
184 {
185 /*There are some bytes from previous step*/
186 unsigned int add_bytes = 32-ctx->left;
187 if (add_bytes>length)
188 {
189 add_bytes = length;
190 }
191 memcpy(&(ctx->remainder[ctx->left]),block,add_bytes);
192 ctx->left+=add_bytes;
193 if (ctx->left<32)
194 {
195 return 1;
196 }
197 block+=add_bytes;
198 length-=add_bytes;
199 hash_step(ctx->cipher_ctx,ctx->H,ctx->remainder);
200 add_blocks(32,ctx->S,ctx->remainder);
201 ctx->len+=32;
202 ctx->left=0;
203 }
204 while (length>=32)
205 {
206 hash_step(ctx->cipher_ctx,ctx->H,block);
207
208 add_blocks(32,ctx->S,block);
209 ctx->len+=32;
210 block+=32;
211 length-=32;
212 }
213 if (length)
214 {
215 memcpy(ctx->remainder,block,ctx->left=length);
216 }
217 return 1;
218 }
219
220/*
221 * Compute hash value from current state of ctx
222 * state of hash ctx becomes invalid and cannot be used for further
223 * hashing.
224 */
225int finish_hash(gost_hash_ctx *ctx,byte *hashval)
226 {
227 byte buf[32];
228 byte H[32];
229 byte S[32];
230 ghosthash_len fin_len=ctx->len;
231 byte *bptr;
232 memcpy(H,ctx->H,32);
233 memcpy(S,ctx->S,32);
234 if (ctx->left)
235 {
236 memset(buf,0,32);
237 memcpy(buf,ctx->remainder,ctx->left);
238 hash_step(ctx->cipher_ctx,H,buf);
239 add_blocks(32,S,buf);
240 fin_len+=ctx->left;
241 }
242 memset(buf,0,32);
243 bptr=buf;
244 fin_len<<=3; /* Hash length in BITS!!*/
245 while(fin_len>0)
246 {
247 *(bptr++)=(byte)(fin_len&0xFF);
248 fin_len>>=8;
249 };
250 hash_step(ctx->cipher_ctx,H,buf);
251 hash_step(ctx->cipher_ctx,H,S);
252 memcpy(hashval,H,32);
253 return 1;
254 }
diff --git a/src/lib/libssl/src/engines/ccgost/gosthash.h b/src/lib/libssl/src/engines/ccgost/gosthash.h
deleted file mode 100644
index 4a2e441ece..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gosthash.h
+++ /dev/null
@@ -1,48 +0,0 @@
1/**********************************************************************
2 * gosthash.h *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * Declaration of GOST R 34.11-94 hash functions *
7 * uses and gost89.h Doesn't need OpenSSL *
8 **********************************************************************/
9#ifndef GOSTHASH_H
10#define GOSTHASH_H
11#include "gost89.h"
12#include <stdlib.h>
13
14#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
15typedef __int64 ghosthash_len;
16#elif defined(__arch64__)
17typedef long ghosthash_len;
18#else
19typedef long long ghosthash_len;
20#endif
21
22typedef struct gost_hash_ctx {
23 ghosthash_len len;
24 gost_ctx *cipher_ctx;
25 int left;
26 byte H[32];
27 byte S[32];
28 byte remainder[32];
29} gost_hash_ctx;
30
31
32/* Initalizes gost hash ctx, including creation of gost cipher ctx */
33
34int init_gost_hash_ctx(gost_hash_ctx *ctx, const gost_subst_block *subst_block);
35void done_gost_hash_ctx(gost_hash_ctx *ctx);
36
37/* Cleans up all fields, except cipher ctx preparing ctx for computing
38 * of new hash value */
39int start_hash(gost_hash_ctx *ctx);
40
41/* Hashes block of data */
42int hash_block(gost_hash_ctx *ctx, const byte *block, size_t length);
43
44/* Finalizes computation of hash and fills buffer (which should be at
45 * least 32 bytes long) with value of computed hash. */
46int finish_hash(gost_hash_ctx *ctx, byte *hashval);
47
48#endif
diff --git a/src/lib/libssl/src/engines/ccgost/gostsum.c b/src/lib/libssl/src/engines/ccgost/gostsum.c
deleted file mode 100644
index d57112eb54..0000000000
--- a/src/lib/libssl/src/engines/ccgost/gostsum.c
+++ /dev/null
@@ -1,210 +0,0 @@
1/**********************************************************************
2 * gostsum.c *
3 * Copyright (c) 2005-2006 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
5 * *
6 * Almost drop-in replacement for md5sum and sha1sum *
7 * which computes GOST R 34.11-94 hashsum instead *
8 * *
9 **********************************************************************/
10#include <stdio.h>
11#include <stdlib.h>
12#include <unistd.h>
13#include <limits.h>
14#include <fcntl.h>
15#include <string.h>
16#include "gosthash.h"
17#define BUF_SIZE 262144
18int hash_file(gost_hash_ctx *ctx,char *filename,char *sum,int mode);
19int hash_stream(gost_hash_ctx *ctx,int fd, char *sum);
20int get_line(FILE *f,char *hash,char *filename);
21void help()
22 {
23 fprintf(stderr,"gostsum [-bvt] [-c [file]]| [files]\n"
24 "\t-c check message digests (default is generate)\n"
25 "\t-v verbose, print file names when checking\n"
26 "\t-b read files in binary mode\n"
27 "\t-t use test GOST paramset (default is CryptoPro paramset)\n"
28 "The input for -c should be the list of message digests and file names\n"
29 "that is printed on stdout by this program when it generates digests.\n");
30 exit(3);
31 }
32
33#ifndef O_BINARY
34#define O_BINARY 0
35#endif
36
37int main(int argc,char **argv)
38 {
39 int c,i;
40 int verbose=0;
41 int errors=0;
42 int open_mode = O_RDONLY;
43 gost_subst_block *b= &GostR3411_94_CryptoProParamSet;
44 FILE *check_file = NULL;
45 gost_hash_ctx ctx;
46
47 while( (c=getopt(argc,argv,"bc::tv"))!=-1)
48 {
49 switch (c)
50 {
51 case 'v': verbose=1; break;
52 case 't': b= &GostR3411_94_TestParamSet; break;
53 case 'b': open_mode |= O_BINARY; break;
54 case 'c':
55 if (optarg)
56 {
57 check_file = fopen(optarg,"r");
58 if (!check_file)
59 {
60 perror(optarg);
61 exit(2);
62 }
63 }
64 else
65 {
66 check_file= stdin;
67 }
68 break;
69 default:
70 fprintf(stderr,"invalid option %c",optopt);
71 help();
72 }
73 }
74 init_gost_hash_ctx(&ctx,b);
75 if (check_file)
76 {
77 char inhash[65],calcsum[65],filename[PATH_MAX];
78 int failcount=0,count=0;;
79 if (check_file==stdin && optind<argc)
80 {
81 check_file=fopen(argv[optind],"r");
82 if (!check_file)
83 {
84 perror(argv[optind]);
85 exit(2);
86 }
87 }
88 while (get_line(check_file,inhash,filename))
89 {
90 if (!hash_file(&ctx,filename,calcsum,open_mode))
91 {
92 exit (2);
93 }
94 count++;
95 if (!strncmp(calcsum,inhash,65))
96 {
97 if (verbose)
98 {
99 fprintf(stderr,"%s\tOK\n",filename);
100 }
101 }
102 else
103 {
104 if (verbose)
105 {
106 fprintf(stderr,"%s\tFAILED\n",filename);
107 }
108 else
109 {
110 fprintf(stderr,"%s: GOST hash sum check failed for '%s'\n",
111 argv[0],filename);
112 }
113 failcount++;
114 }
115 }
116 if (verbose && failcount)
117 {
118 fprintf(stderr,"%s: %d of %d file(f) failed GOST hash sum check\n",
119 argv[0],failcount,count);
120 }
121 exit (failcount?1:0);
122 }
123 if (optind==argc)
124 {
125 char sum[65];
126 if (!hash_stream(&ctx,fileno(stdin),sum))
127 {
128 perror("stdin");
129 exit(1);
130 }
131 printf("%s -\n",sum);
132 exit(0);
133 }
134 for (i=optind;i<argc;i++)
135 {
136 char sum[65];
137 if (!hash_file(&ctx,argv[i],sum,open_mode))
138 {
139 errors++;
140 }
141 else
142 {
143 printf("%s %s\n",sum,argv[i]);
144 }
145 }
146 exit(errors?1:0);
147 }
148
149int hash_file(gost_hash_ctx *ctx,char *filename,char *sum,int mode)
150 {
151 int fd;
152 if ((fd=open(filename,mode))<0)
153 {
154 perror(filename);
155 return 0;
156 }
157 if (!hash_stream(ctx,fd,sum))
158 {
159 perror(filename);
160 return 0;
161 }
162 close(fd);
163 return 1;
164 }
165
166int hash_stream(gost_hash_ctx *ctx,int fd, char *sum)
167 {
168 unsigned char buffer[BUF_SIZE];
169 ssize_t bytes;
170 int i;
171 start_hash(ctx);
172 while ((bytes=read(fd,buffer,BUF_SIZE))>0)
173 {
174 hash_block(ctx,buffer,bytes);
175 }
176 if (bytes<0)
177 {
178 return 0;
179 }
180 finish_hash(ctx,buffer);
181 for (i=0;i<32;i++)
182 {
183 sprintf(sum+2*i,"%02x",buffer[31-i]);
184 }
185 return 1;
186 }
187
188int get_line(FILE *f,char *hash,char *filename)
189 {
190 int i;
191 if (fread(hash,1,64,f)<64) return 0;
192 hash[64]=0;
193 for (i=0;i<64;i++)
194 {
195 if (hash[i]<'0' || (hash[i]>'9' && hash[i]<'A') || (hash[i]>'F'
196 && hash[i]<'a')||hash[i]>'f')
197 {
198 fprintf(stderr,"Not a hash value '%s'\n",hash);
199 return 0;
200 }
201 }
202 if (fgetc(f)!=' ')
203 {
204 fprintf(stderr,"Malformed input line\n");
205 return 0;
206 }
207 i=strlen(fgets(filename,PATH_MAX,f));
208 while (filename[--i]=='\n'||filename[i]=='\r') filename[i]=0;
209 return 1;
210 }
diff --git a/src/lib/libssl/src/util/mk1mf.pl b/src/lib/libssl/src/util/mk1mf.pl
index 72fa089f6b..48de99f66c 100644
--- a/src/lib/libssl/src/util/mk1mf.pl
+++ b/src/lib/libssl/src/util/mk1mf.pl
@@ -782,7 +782,6 @@ sub var_add
782 return("") if $no_dsa && $dir =~ /\/dsa/; 782 return("") if $no_dsa && $dir =~ /\/dsa/;
783 return("") if $no_dh && $dir =~ /\/dh/; 783 return("") if $no_dh && $dir =~ /\/dh/;
784 return("") if $no_ec && $dir =~ /\/ec/; 784 return("") if $no_ec && $dir =~ /\/ec/;
785 return("") if $no_gost && $dir =~ /\/ccgost/;
786 return("") if $no_cms && $dir =~ /\/cms/; 785 return("") if $no_cms && $dir =~ /\/cms/;
787 return("") if $no_jpake && $dir =~ /\/jpake/; 786 return("") if $no_jpake && $dir =~ /\/jpake/;
788 if ($no_des && $dir =~ /\/des/) 787 if ($no_des && $dir =~ /\/des/)
diff --git a/src/lib/libssl/src/util/mkfiles.pl b/src/lib/libssl/src/util/mkfiles.pl
index 7d9a9d5e5c..3214f69ea5 100644
--- a/src/lib/libssl/src/util/mkfiles.pl
+++ b/src/lib/libssl/src/util/mkfiles.pl
@@ -67,7 +67,6 @@ my @dirs = (
67"ssl", 67"ssl",
68"apps", 68"apps",
69"engines", 69"engines",
70"engines/ccgost",
71"test", 70"test",
72"tools" 71"tools"
73); 72);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 22:08:19 +0000