Private key format configure by openssl.cnf file

diff --git a/README.gost b/README.gost
index 9ed86a5b885cd5e48325e0c34d1cc4fb5a4c168d..d6d54648c29d33daf79b1a8a00d2b69befdeb897 100644 (file)
--- a/README.gost
+++ b/README.gost
@@ -81,6 +81,10 @@ And section which describes configuration of the engine should contain
        default_algorithms = ALL
        CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
 
+If you want use unmask private key format, you must add:
+  PK_PARAMS = UNMASK
+to [gost_section]
+
 Where engine_id parameter specifies name of engine (should be "gost").
 dynamic_path is a location of the loadable shared library implementing the
 engine. If the engine is compiled statically or is located in the OpenSSL

diff --git a/gost_ameth.c b/gost_ameth.c
index 005fbf7257a960113fb82f8a3cdef7a42861a1d8..b2d6abacb2544132d9ee9132f332144445d9d298 100644 (file)
--- a/gost_ameth.c
+++ b/gost_ameth.c
@@ -19,6 +19,8 @@
 #include "gost_lcl.h"
 #include "e_gost_err.h"
 
+#define PK_UNMASK_PARAM "UNMASK"
+
 /*
  * Pack bignum into byte buffer of given size, filling all leading bytes by
  * zeros
@@ -415,10 +417,9 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
 {
     ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
     ASN1_STRING *params = encode_gost_algor_params(pk);
-    unsigned char /**priv_buf = NULL,*/ *buf = NULL;
-    int key_len = pkey_bits_gost(pk), /*priv_len = 0,*/ i = 0;
+    unsigned char *buf = NULL;
+    int key_len = pkey_bits_gost(pk), i = 0;
 
-    /*ASN1_STRING *octet = NULL;*/
     if (!params) {
         return 0;
     }
@@ -440,18 +441,25 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
         buf[key_len - 1 - i] = tmp;
     }
 
-/*
-    octet = ASN1_STRING_new();
-    ASN1_OCTET_STRING_set(octet, buf, key_len);
+    /* unmasked private key */
+    const char *pk_param = get_gost_engine_param(GOST_PARAM_PK_PARAMS);
+    if(pk_param != NULL && strcmp(pk_param, PK_UNMASK_PARAM) == 0) {
+        ASN1_STRING *octet = NULL;
+        int priv_len = 0;
+        unsigned char *priv_buf = NULL;
+
+        octet = ASN1_STRING_new();
+        ASN1_OCTET_STRING_set(octet, buf, key_len);
+        priv_len = i2d_ASN1_OCTET_STRING(octet, &priv_buf);
+        ASN1_STRING_free(octet);
+        OPENSSL_free(buf);
 
-    priv_len = i2d_ASN1_OCTET_STRING(octet, &priv_buf);
-    ASN1_STRING_free(octet);
-    OPENSSL_free(buf);
+        return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params,
+                           priv_buf, priv_len); 
+    }
 
     return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params,
-                           priv_buf, priv_len); */
-    return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params,
-                           buf, key_len); 
+                           buf, key_len);
 }
 
 /* --------- printing keys --------------------------------*/

diff --git a/gost_ctl.c b/gost_ctl.c
index 8e3c1c62462adcfbcaba428cdbba676b2cdb8ec9..1387f7680b8a83d91c4f5a2bd6ebc2e6410889db 100644 (file)
--- a/gost_ctl.c
+++ b/gost_ctl.c
@@ -15,7 +15,7 @@
 #include "gost_lcl.h"
 
 static char *gost_params[GOST_PARAM_MAX + 1] = { NULL };
-static const char *gost_envnames[] = { "CRYPT_PARAMS", "GOST_PBE_HMAC" };
+static const char *gost_envnames[] = { "CRYPT_PARAMS", "GOST_PBE_HMAC", "PK_PARAMS" };
 
 const ENGINE_CMD_DEFN gost_cmds[] = {
     {GOST_CTRL_CRYPT_PARAMS,
@@ -26,6 +26,10 @@ const ENGINE_CMD_DEFN gost_cmds[] = {
      "PBE_PARAMS",
      "Shortname of default digest alg for PBE",
      ENGINE_CMD_FLAG_STRING},
+     {GOST_CTRL_PK_PARAMS,
+     "PK_PARAMS",
+     "Private key format params",
+     ENGINE_CMD_FLAG_STRING},
     {0, NULL, NULL, 0}
 };
 
@@ -44,8 +48,9 @@ int gost_control_func(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
 {
     int param = cmd - ENGINE_CMD_BASE;
     int ret = 0;
-    if (param < 0 || param > GOST_PARAM_MAX)
+    if (param < 0 || param > GOST_PARAM_MAX) {
         return -1;
+    }
     ret = gost_set_default_param(param, p);
     return ret;
 }
@@ -73,11 +78,13 @@ int gost_set_default_param(int param, const char *value)
     if (param < 0 || param > GOST_PARAM_MAX)
         return 0;
     tmp = getenv(gost_envnames[param]);
+
     /*
      * if there is value in the environment, use it, else -passed string *
      */
-    if (!tmp)
+    if (!tmp) {
         tmp = value;
+    }
     OPENSSL_free(gost_params[param]);
     gost_params[param] = BUF_strdup(tmp);
 

diff --git a/gost_lcl.h b/gost_lcl.h
index faa454bb380e0b41dbf21ef989f9cadc4df61015..2152257d79cee65d56f446b4ca9156dfe4d607e6 100644 (file)
--- a/gost_lcl.h
+++ b/gost_lcl.h
@@ -21,9 +21,11 @@
 /* Control commands */
 # define GOST_PARAM_CRYPT_PARAMS 0
 # define GOST_PARAM_PBE_PARAMS 1
-# define GOST_PARAM_MAX 1
+# define GOST_PARAM_PK_PARAMS 2
+# define GOST_PARAM_MAX 2
 # define GOST_CTRL_CRYPT_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_CRYPT_PARAMS)
 # define GOST_CTRL_PBE_PARAMS   (ENGINE_CMD_BASE+GOST_PARAM_PBE_PARAMS)
+# define GOST_CTRL_PK_PARAMS   (ENGINE_CMD_BASE+GOST_PARAM_PK_PARAMS)
 
 typedef struct R3410_ec {
     int nid;