case EVP_PKEY_CTRL_SET_IV:
OPENSSL_assert(p2 != NULL);
pctx->shared_ukm = OPENSSL_malloc((int)p1);
- if (!pctx->shared_ukm)
+ if (pctx->shared_ukm == NULL) {
+ GOSTerr(GOST_F_PKEY_GOST_CTRL, ERR_R_MALLOC_FAILURE);
return 0;
+ }
memcpy(pctx->shared_ukm, p2, (int)p1);
return 1;
case EVP_PKEY_CTRL_PEER_KEY:
*/
int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
{
+ const BIGNUM *sig_r = NULL, *sig_s = NULL;
+ DSA_SIG_get0(s, &sig_r, &sig_s);
*siglen = 2 * order;
memset(sig, 0, *siglen);
- store_bignum(s->s, sig, order);
- store_bignum(s->r, sig + order, order);
+ store_bignum(sig_s, sig, order);
+ store_bignum(sig_r, sig + order, order);
DSA_SIG_free(s);
return 1;
}
/* ------------------- verify callbacks ---------------------------*/
/* Unpack signature according to cryptopro rules */
-DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen)
+DSA_SIG *unpack_cp_signature(const unsigned char *sigbuf, size_t siglen)
{
- DSA_SIG *s;
+ DSA_SIG *sig;
+ BIGNUM *r = NULL, *s = NULL;
- s = DSA_SIG_new();
- if (s == NULL) {
+ sig = DSA_SIG_new();
+ if (sig == NULL) {
GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, ERR_R_MALLOC_FAILURE);
return NULL;
}
- s->s = BN_bin2bn(sig, siglen / 2, NULL);
- s->r = BN_bin2bn(sig + siglen / 2, siglen / 2, NULL);
- return s;
+ s = BN_bin2bn(sigbuf, siglen / 2, NULL);
+ r = BN_bin2bn(sigbuf + siglen / 2, siglen / 2, NULL);
+ DSA_SIG_set0(sig, r, s);
+ return sig;
}
static int pkey_gost_ec_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
static int pkey_gost_mac_init(EVP_PKEY_CTX *ctx)
{
struct gost_mac_pmeth_data *data = OPENSSL_malloc(sizeof(*data));
+ EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
if (!data)
return 0;
memset(data, 0, sizeof(*data));
- data->mac_size = 4;
+ data->mac_size = 4;
+ data->mac_param_nid = NID_undef;
+
+ if (pkey) {
+ struct gost_mac_key *key = EVP_PKEY_get0(pkey);
+ if (key) {
+ data->mac_param_nid = key->mac_param_nid;
+ data->mac_size = key->mac_size;
+ }
+ }
+
EVP_PKEY_CTX_set_data(ctx, data);
return 1;
}
memcpy(data->key, p2, 32);
data->key_set = 1;
return 1;
+ case EVP_PKEY_CTRL_GOST_PARAMSET:
+ {
+ struct gost_cipher_info *param = p2;
+ data->mac_param_nid = param->nid;
+ return 1;
+ }
case EVP_PKEY_CTRL_DIGESTINIT:
{
EVP_MD_CTX *mctx = p2;
- void *key;
+ struct gost_mac_key *key;
if (!data->key_set) {
EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
if (!pkey) {
GOST_R_MAC_KEY_NOT_SET);
return 0;
}
+ return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
+ (mctx, EVP_MD_CTRL_SET_KEY, 0, key);
} else {
- key = &(data->key);
+ return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
+ (mctx, EVP_MD_CTRL_SET_KEY, 32, &(data->key));
}
- return mctx->digest->md_ctrl(mctx, EVP_MD_CTRL_SET_KEY, 32, key);
}
- case EVP_PKEY_CTRL_MAC_LEN:
- {
- if (p1<1 || p1>8)
- {
-
- GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,GOST_R_INVALID_MAC_SIZE);
- return 0;
- }
- data->mac_size = p1;
- return 1;
- }
+ case EVP_PKEY_CTRL_MAC_LEN:
+ {
+ if (p1 < 1 || p1 > 8) {
+
+ GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_MAC_SIZE);
+ return 0;
+ }
+ data->mac_size = p1;
+ return 1;
+ }
}
return -2;
}
return ret;
}
- if (!strcmp(type,maclen_ctrl_string)) {
- char *endptr;
- long size=strtol(value,&endptr,10);
- if (*endptr!='\0') {
- GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
- GOST_R_INVALID_MAC_SIZE);
- return 0;
- }
- return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_MAC_LEN,size,NULL);
- }
+ if (!strcmp(type, maclen_ctrl_string)) {
+ char *endptr;
+ long size = strtol(value, &endptr, 10);
+ if (*endptr != '\0') {
+ GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, GOST_R_INVALID_MAC_SIZE);
+ return 0;
+ }
+ return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_MAC_LEN, size, NULL);
+ }
+ if (strcmp(type, param_ctrl_string) == 0) {
+ ASN1_OBJECT *obj = OBJ_txt2obj(value, 0);
+ const struct gost_cipher_info *param = NULL;
+ if (obj == NULL) {
+ GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, GOST_R_INVALID_MAC_PARAMS);
+ return 0;
+ }
+
+ param = get_encryption_params(obj);
+ ASN1_OBJECT_free(obj);
+ if (param == NULL) {
+ GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, GOST_R_INVALID_MAC_PARAMS);
+ return 0;
+ }
+
+
+ return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET, 0,
+ (void *)param);
+ }
return -2;
}
EVP_PKEY *pkey, int mac_nid)
{
struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
- unsigned char *keydata;
+ struct gost_mac_key *keydata;
if (!data || !data->key_set) {
GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN, GOST_R_MAC_KEY_NOT_SET);
return 0;
}
- keydata = OPENSSL_malloc(32);
+ keydata = OPENSSL_malloc(sizeof(struct gost_mac_key));
if (keydata == NULL)
return 0;
- memcpy(keydata, data->key, 32);
+ memcpy(keydata->key, data->key, 32);
+ keydata->mac_param_nid = data->mac_param_nid;
+ keydata->mac_size = data->mac_size;
EVP_PKEY_assign(pkey, mac_nid, keydata);
return 1;
}
static int pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
{
+ struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+
+ if (data == NULL) {
+ pkey_gost_mac_init(ctx);
+ }
+
+ data = EVP_PKEY_CTX_get_data(ctx);
+ if (!data) {
+ GOSTerr(GOST_F_PKEY_GOST_MAC_SIGNCTX_INIT, GOST_R_MAC_KEY_NOT_SET);
+ return 0;
+ }
+
return 1;
}
{
unsigned int tmpsiglen;
int ret;
- struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
+ struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
if (!siglen)
return 0;
return 1;
}
- mctx->digest->md_ctrl(mctx, EVP_MD_CTRL_MAC_LEN, data->mac_size, NULL);
+ EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
+ (mctx, EVP_MD_CTRL_MAC_LEN, data->mac_size, NULL);
ret = EVP_DigestFinal_ex(mctx, sig, &tmpsiglen);
*siglen = data->mac_size;
return ret;