]> wagner.pp.ru Git - openssl-gost/engine.git/blob - patches/1.0.2/pkcs12.diff
Adoption to 1.1.0
[openssl-gost/engine.git] / patches / 1.0.2 / pkcs12.diff
1 diff -Nuar openssl-1.0.2d/crypto/evp/evp_pbe.c openssl-work/crypto/evp/evp_pbe.c
2 --- openssl-1.0.2d/crypto/evp/evp_pbe.c 2015-07-09 15:53:21.000000000 +0400
3 +++ openssl-work/crypto/evp/evp_pbe.c   2015-03-26 13:00:21.000000000 +0400
4 @@ -121,6 +121,10 @@
5      {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
6      {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
7      {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
8 +    {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_256, -1,
9 +     NID_id_GostR3411_2012_256, 0},
10 +    {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_512, -1,
11 +     NID_id_GostR3411_2012_512, 0},
12  };
13  
14  #ifdef TEST
15 diff -Nuar openssl-1.0.2d/crypto/pkcs12/p12_mutl.c openssl-work/crypto/pkcs12/p12_mutl.c
16 --- openssl-1.0.2d/crypto/pkcs12/p12_mutl.c     2015-07-09 15:53:21.000000000 +0400
17 +++ openssl-work/crypto/pkcs12/p12_mutl.c       2015-06-17 14:48:18.000000000 +0400
18 @@ -65,6 +65,28 @@
19  # include <openssl/rand.h>
20  # include <openssl/pkcs12.h>
21  
22 +# define TK26_MAC_KEY_LEN 32
23 +
24 +static int PKCS12_gen_gost_mac_key(const char *pass, int passlen,
25 +                                   const unsigned char *salt, int saltlen,
26 +                                   int iter, const EVP_MD *digest, int keylen,
27 +                                   unsigned char *key)
28 +{
29 +    unsigned char out[96];
30 +
31 +    if (keylen != TK26_MAC_KEY_LEN) {
32 +        return 0;
33 +    }
34 +
35 +    if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter,
36 +                           digest, 96, out)) {
37 +        return 0;
38 +    }
39 +    memcpy(key, out + 64, TK26_MAC_KEY_LEN);
40 +    OPENSSL_cleanse(out, 96);
41 +    return 1;
42 +}
43 +
44  /* Generate a MAC */
45  int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
46                     unsigned char *mac, unsigned int *maclen)
47 @@ -73,7 +95,7 @@
48      HMAC_CTX hmac;
49      unsigned char key[EVP_MAX_MD_SIZE], *salt;
50      int saltlen, iter;
51 -    int md_size;
52 +    int md_size = 0;
53  
54      if (!PKCS7_type_is_data(p12->authsafes)) {
55          PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA);
56 @@ -93,8 +115,19 @@
57      md_size = EVP_MD_size(md_type);
58      if (md_size < 0)
59          return 0;
60 -    if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
61 -                        md_size, key, md_type)) {
62 +    if ((md_type->type == NID_id_GostR3411_94
63 +         || md_type->type == NID_id_GostR3411_2012_256
64 +         || md_type->type == NID_id_GostR3411_2012_512)
65 +        && !getenv("LEGACY_GOST_PKCS12")) {
66 +        md_size = TK26_MAC_KEY_LEN;
67 +        if (!PKCS12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter,
68 +                                     md_type, md_size, key)) {
69 +            PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
70 +            return 0;
71 +        }
72 +    } else
73 +        if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
74 +                            md_size, key, md_type)) {
75          PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
76          return 0;
77      }
78