aboutsummaryrefslogtreecommitdiff
path: root/openssl/engines
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/engines')
-rw-r--r--openssl/engines/ccgost/gost89.c14
-rw-r--r--openssl/engines/ccgost/gost_crypt.c29
-rw-r--r--openssl/engines/ccgost/gost_eng.c17
-rw-r--r--openssl/engines/ccgost/gost_lcl.h4
-rw-r--r--openssl/engines/ccgost/gosthash.c2
-rw-r--r--openssl/engines/e_capi.c5
6 files changed, 59 insertions, 12 deletions
diff --git a/openssl/engines/ccgost/gost89.c b/openssl/engines/ccgost/gost89.c
index 7ebae0f71..b0568c6b3 100644
--- a/openssl/engines/ccgost/gost89.c
+++ b/openssl/engines/ccgost/gost89.c
@@ -369,7 +369,13 @@ int gost_mac(gost_ctx *ctx,int mac_len,const unsigned char *data,
memset(buf2,0,8);
memcpy(buf2,data+i,data_len-i);
mac_block(ctx,buffer,buf2);
- }
+ i+=8;
+ }
+ if (i==8)
+ {
+ memset(buf2,0,8);
+ mac_block(ctx,buffer,buf2);
+ }
get_mac(buffer,mac_len,mac);
return 1;
}
@@ -389,7 +395,13 @@ int gost_mac_iv(gost_ctx *ctx,int mac_len,const unsigned char *iv,const unsigned
memset(buf2,0,8);
memcpy(buf2,data+i,data_len-i);
mac_block(ctx,buffer,buf2);
+ i+=8;
}
+ if (i==8)
+ {
+ memset(buf2,0,8);
+ mac_block(ctx,buffer,buf2);
+ }
get_mac(buffer,mac_len,mac);
return 1;
}
diff --git a/openssl/engines/ccgost/gost_crypt.c b/openssl/engines/ccgost/gost_crypt.c
index cde58c0e9..52aef15ac 100644
--- a/openssl/engines/ccgost/gost_crypt.c
+++ b/openssl/engines/ccgost/gost_crypt.c
@@ -11,6 +11,14 @@
#include <openssl/rand.h>
#include "e_gost_err.h"
#include "gost_lcl.h"
+
+#if !defined(CCGOST_DEBUG) && !defined(DEBUG)
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -206,12 +214,13 @@ int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
static void gost_crypt_mesh (void *ctx,unsigned char *iv,unsigned char *buf)
{
struct ossl_gost_cipher_ctx *c = ctx;
- if (c->count&&c->key_meshing && c->count%1024==0)
+ assert(c->count%8 == 0 && c->count <= 1024);
+ if (c->key_meshing && c->count==1024)
{
cryptopro_key_meshing(&(c->cctx),iv);
}
gostcrypt(&(c->cctx),iv,buf);
- c->count+=8;
+ c->count = c->count%1024 + 8;
}
static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf)
@@ -219,7 +228,8 @@ static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf)
struct ossl_gost_cipher_ctx *c = ctx;
word32 g,go;
unsigned char buf1[8];
- if (c->count && c->key_meshing && c->count %1024 ==0)
+ assert(c->count%8 == 0 && c->count <= 1024);
+ if (c->key_meshing && c->count==1024)
{
cryptopro_key_meshing(&(c->cctx),iv);
}
@@ -248,7 +258,7 @@ static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf)
buf1[7]=(unsigned char)((g>>24)&0xff);
memcpy(iv,buf1,8);
gostcrypt(&(c->cctx),buf1,buf);
- c->count +=8;
+ c->count = c->count%1024 + 8;
}
/* GOST encryption in CFB mode */
@@ -511,12 +521,13 @@ static void mac_block_mesh(struct ossl_gost_imit_ctx *c,const unsigned char *dat
* interpret internal state of MAC algorithm as iv during keymeshing
* (but does initialize internal state from iv in key transport
*/
- if (c->key_meshing&& c->count && c->count %1024 ==0)
+ assert(c->count%8 == 0 && c->count <= 1024);
+ if (c->key_meshing && c->count==1024)
{
cryptopro_key_meshing(&(c->cctx),buffer);
}
mac_block(&(c->cctx),c->buffer,data);
- c->count +=8;
+ c->count = c->count%1024 + 8;
}
int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count)
@@ -565,6 +576,12 @@ int gost_imit_final(EVP_MD_CTX *ctx,unsigned char *md)
GOSTerr(GOST_F_GOST_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET);
return 0;
}
+ if (c->count==0 && c->bytes_left)
+ {
+ unsigned char buffer[8];
+ memset(buffer, 0, 8);
+ gost_imit_update(ctx, buffer, 8);
+ }
if (c->bytes_left)
{
int i;
diff --git a/openssl/engines/ccgost/gost_eng.c b/openssl/engines/ccgost/gost_eng.c
index d2cbe3b83..8f29bf6f8 100644
--- a/openssl/engines/ccgost/gost_eng.c
+++ b/openssl/engines/ccgost/gost_eng.c
@@ -64,6 +64,13 @@ static int gost_engine_finish(ENGINE *e)
static int gost_engine_destroy(ENGINE *e)
{
gost_param_free();
+
+ pmeth_GostR3410_94 = NULL;
+ pmeth_GostR3410_2001 = NULL;
+ pmeth_Gost28147_MAC = NULL;
+ ameth_GostR3410_94 = NULL;
+ ameth_GostR3410_2001 = NULL;
+ ameth_Gost28147_MAC = NULL;
return 1;
}
@@ -71,6 +78,11 @@ static int bind_gost (ENGINE *e,const char *id)
{
int ret = 0;
if (id && strcmp(id, engine_gost_id)) return 0;
+ if (ameth_GostR3410_94)
+ {
+ printf("GOST engine already loaded\n");
+ goto end;
+ }
if (!ENGINE_set_id(e, engine_gost_id))
{
@@ -263,7 +275,10 @@ static ENGINE *engine_gost(void)
void ENGINE_load_gost(void)
{
- ENGINE *toadd =engine_gost();
+ ENGINE *toadd;
+ if (pmeth_GostR3410_94)
+ return;
+ toadd = engine_gost();
if (!toadd) return;
ENGINE_add(toadd);
ENGINE_free(toadd);
diff --git a/openssl/engines/ccgost/gost_lcl.h b/openssl/engines/ccgost/gost_lcl.h
index 437a48cc8..00aa42cea 100644
--- a/openssl/engines/ccgost/gost_lcl.h
+++ b/openssl/engines/ccgost/gost_lcl.h
@@ -136,7 +136,7 @@ extern EVP_MD imit_gost_cpa;
/* Cipher context used for EVP_CIPHER operation */
struct ossl_gost_cipher_ctx {
int paramNID;
- off_t count;
+ unsigned int count;
int key_meshing;
gost_ctx cctx;
};
@@ -151,7 +151,7 @@ struct ossl_gost_imit_ctx {
gost_ctx cctx;
unsigned char buffer[8];
unsigned char partial_block[8];
- off_t count;
+ unsigned int count;
int key_meshing;
int bytes_left;
int key_set;
diff --git a/openssl/engines/ccgost/gosthash.c b/openssl/engines/ccgost/gosthash.c
index a5c0662ff..8c278aa64 100644
--- a/openssl/engines/ccgost/gosthash.c
+++ b/openssl/engines/ccgost/gosthash.c
@@ -42,7 +42,7 @@ static void circle_xor8 (const byte *w, byte *k)
byte buf[8];
int i;
memcpy(buf,w,8);
- memcpy(k,w+8,24);
+ memmove(k,w+8,24);
for(i=0;i<8;i++)
k[i+24]=buf[i]^k[i];
}
diff --git a/openssl/engines/e_capi.c b/openssl/engines/e_capi.c
index bfedde0eb..c1085b56c 100644
--- a/openssl/engines/e_capi.c
+++ b/openssl/engines/e_capi.c
@@ -1432,10 +1432,13 @@ static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE h
static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec)
{
CAPI_KEY *key;
+ DWORD dwFlags = 0;
key = OPENSSL_malloc(sizeof(CAPI_KEY));
CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
contname, provname, ptype);
- if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, 0))
+ if(ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
+ dwFlags = CRYPT_MACHINE_KEYSET;
+ if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, dwFlags))
{
CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
capi_addlasterror();