default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
+BouncyCastle cryptoprovider has some problems with private key parsing from PrivateKeyInfo,
+so if you want to use old private key representation format, which supported by BC,
+you must add:
+ PK_PARAMS = LEGACY_PK_WRAP
+to [gost_section]
+
Where engine_id parameter specifies name of engine (should be "gost").
dynamic_path is a location of the loadable shared library implementing the
engine. If the engine is compiled statically or is located in the OpenSSL
#include "gost_lcl.h"
#include "e_gost_err.h"
+#define PK_WRAP_PARAM "LEGACY_PK_WRAP"
+
/*
* Pack bignum into byte buffer of given size, filling all leading bytes by
* zeros
{
ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
ASN1_STRING *params = encode_gost_algor_params(pk);
- unsigned char /**priv_buf = NULL,*/ *buf = NULL;
- int key_len = pkey_bits_gost(pk), /*priv_len = 0,*/ i = 0;
+ unsigned char *buf = NULL;
+ int key_len = pkey_bits_gost(pk), i = 0;
- /*ASN1_STRING *octet = NULL;*/
if (!params) {
return 0;
}
buf[key_len - 1 - i] = tmp;
}
-/*
- octet = ASN1_STRING_new();
- ASN1_OCTET_STRING_set(octet, buf, key_len);
+ /* unmasked private key */
+ const char *pk_format = get_gost_engine_param(GOST_PARAM_PK_FORMAT);
+ if(pk_format != NULL && strcmp(pk_format, PK_WRAP_PARAM) == 0) {
+ ASN1_STRING *octet = NULL;
+ int priv_len = 0;
+ unsigned char *priv_buf = NULL;
+
+ octet = ASN1_STRING_new();
+ ASN1_OCTET_STRING_set(octet, buf, key_len);
+ priv_len = i2d_ASN1_OCTET_STRING(octet, &priv_buf);
+ ASN1_STRING_free(octet);
+ OPENSSL_free(buf);
- priv_len = i2d_ASN1_OCTET_STRING(octet, &priv_buf);
- ASN1_STRING_free(octet);
- OPENSSL_free(buf);
+ return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params,
+ priv_buf, priv_len);
+ }
return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params,
- priv_buf, priv_len); */
- return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params,
- buf, key_len);
+ buf, key_len);
}
/* --------- printing keys --------------------------------*/
#include "gost_lcl.h"
static char *gost_params[GOST_PARAM_MAX + 1] = { NULL };
-static const char *gost_envnames[] = { "CRYPT_PARAMS", "GOST_PBE_HMAC" };
+static const char *gost_envnames[] = { "CRYPT_PARAMS", "GOST_PBE_HMAC", "GOST_PK_FORMAT" };
const ENGINE_CMD_DEFN gost_cmds[] = {
{GOST_CTRL_CRYPT_PARAMS,
"PBE_PARAMS",
"Shortname of default digest alg for PBE",
ENGINE_CMD_FLAG_STRING},
+ {GOST_CTRL_PK_FORMAT,
+ "GOST_PK_FORMAT",
+ "Private key format params",
+ ENGINE_CMD_FLAG_STRING},
{0, NULL, NULL, 0}
};
{
int param = cmd - ENGINE_CMD_BASE;
int ret = 0;
- if (param < 0 || param > GOST_PARAM_MAX)
+ if (param < 0 || param > GOST_PARAM_MAX) {
return -1;
+ }
ret = gost_set_default_param(param, p);
return ret;
}
if (param < 0 || param > GOST_PARAM_MAX)
return 0;
tmp = getenv(gost_envnames[param]);
+
/*
* if there is value in the environment, use it, else -passed string *
*/
- if (!tmp)
+ if (!tmp) {
tmp = value;
+ }
OPENSSL_free(gost_params[param]);
gost_params[param] = BUF_strdup(tmp);
/* Control commands */
# define GOST_PARAM_CRYPT_PARAMS 0
# define GOST_PARAM_PBE_PARAMS 1
-# define GOST_PARAM_MAX 1
+# define GOST_PARAM_PK_FORMAT 2
+# define GOST_PARAM_MAX 2
# define GOST_CTRL_CRYPT_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_CRYPT_PARAMS)
# define GOST_CTRL_PBE_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_PBE_PARAMS)
+# define GOST_CTRL_PK_FORMAT (ENGINE_CMD_BASE+GOST_PARAM_PK_FORMAT)
typedef struct R3410_ec {
int nid;
projects / openssl-gost / engine.git / commitdiff