+ ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
+ ret = 1;
+
+end:
+ OPENSSL_free(buf);
+ if (ret <= 0 && os)
+ ASN1_OCTET_STRING_free(os);
+
+ GOST2015_CIPHER_PARAMS_free(gcp);
+ return ret;
+}
+
+int gost2015_process_unprotected_attributes(
+ STACK_OF(X509_ATTRIBUTE) *attrs,
+ int encryption, size_t mac_len, unsigned char *final_tag)
+{
+ if (encryption == 0) /*Decrypting*/ {
+ ASN1_OCTET_STRING *osExpectedMac = X509at_get0_data_by_OBJ(attrs,
+ OBJ_txt2obj(OID_GOST_CMS_MAC, 1), -3, V_ASN1_OCTET_STRING);
+
+ if (!osExpectedMac || osExpectedMac->length != (int)mac_len)
+ return -1;
+
+ memcpy(final_tag, osExpectedMac->data, osExpectedMac->length);
+ } else {
+ if (attrs == NULL)
+ return -1;
+ return (X509at_add1_attr_by_OBJ(&attrs,
+ OBJ_txt2obj(OID_GOST_CMS_MAC, 1),
+ V_ASN1_OCTET_STRING, final_tag,
+ mac_len) == NULL) ? -1 : 1;
+ }
+ return 1;
+}
+
+int gost2015_acpkm_omac_init(int nid, int enc, const unsigned char *inkey,
+ EVP_MD_CTX *omac_ctx,
+ unsigned char *outkey, unsigned char *kdf_seed)
+{
+ int ret = 0;
+ unsigned char keys[64];
+ const EVP_MD *md = EVP_get_digestbynid(nid);
+ EVP_PKEY *mac_key;
+
+ if (md == NULL)
+ return 0;
+
+ if (enc) {
+ if (RAND_bytes(kdf_seed, 8) != 1)
+ return 0;
+ }
+
+ if (gost_kdftree2012_256(keys, 64, inkey, 32,
+ (const unsigned char *)"kdf tree", 8, kdf_seed, 8, 1) <= 0)
+ return 0;