libressl/0061-cms-select-proper-cipher-for-GOST-KeyAgreeement.patch

From 9500ec100b69ef59889bbd9aadffd986a99f9a9b Mon Sep 17 00:00:00 2001
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date: Thu, 9 Apr 2020 01:32:30 +0300
Subject: [PATCH 61/87] cms: select proper cipher for GOST KeyAgreeement

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
---
 src/lib/libcrypto/cms/cms_kari.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/lib/libcrypto/cms/cms_kari.c b/src/lib/libcrypto/cms/cms_kari.c
index 2c3b50290..0082a7525 100644
--- a/src/lib/libcrypto/cms/cms_kari.c
+++ b/src/lib/libcrypto/cms/cms_kari.c
@@ -414,6 +414,7 @@ cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, const EVP_CIPHER *cipher)
 	EVP_CIPHER_CTX *ctx = kari->ctx;
 	const EVP_CIPHER *kekcipher;
 	int keylen = EVP_CIPHER_key_length(cipher);
+	int type = EVP_CIPHER_type(cipher);
 
 	/* If a suitable wrap algorithm is already set nothing to do */
 	kekcipher = EVP_CIPHER_CTX_cipher(ctx);
@@ -437,6 +438,15 @@ cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, const EVP_CIPHER *cipher)
 		kekcipher = EVP_des_ede3_wrap();
 	else
 #endif
+#endif
+#ifndef OPENSSL_NO_GOST
+	if (type == NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm ||
+	    type == NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac)
+		kekcipher = EVP_magma_kexp15_wrap();
+	else if (type == NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm ||
+	    type == NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac)
+		kekcipher = EVP_kuznyechik_kexp15_wrap();
+	else
 #endif
 	if (keylen <= 16)
 		kekcipher = EVP_aes_128_wrap();
-- 
2.17.1
Add gost-new patches sponsored by ROSA Linux TODO: add tests 2020-08-05 12:55:25 +03:00			`From 9500ec100b69ef59889bbd9aadffd986a99f9a9b Mon Sep 17 00:00:00 2001`
			`From: Dmitry Baryshkov <dbaryshkov@gmail.com>`
			`Date: Thu, 9 Apr 2020 01:32:30 +0300`
			`Subject: [PATCH 61/87] cms: select proper cipher for GOST KeyAgreeement`

			`Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>`
			`---`
			`src/lib/libcrypto/cms/cms_kari.c \| 10 ++++++++++`
			`1 file changed, 10 insertions(+)`

			`diff --git a/src/lib/libcrypto/cms/cms_kari.c b/src/lib/libcrypto/cms/cms_kari.c`
			`index 2c3b50290..0082a7525 100644`
			`--- a/src/lib/libcrypto/cms/cms_kari.c`
			`+++ b/src/lib/libcrypto/cms/cms_kari.c`
			`@@ -414,6 +414,7 @@ cms_wrap_init(CMS_KeyAgreeRecipientInfo kari, const EVP_CIPHER cipher)`
			`EVP_CIPHER_CTX *ctx = kari->ctx;`
			`const EVP_CIPHER *kekcipher;`
			`int keylen = EVP_CIPHER_key_length(cipher);`
			`+ int type = EVP_CIPHER_type(cipher);`

			`/* If a suitable wrap algorithm is already set nothing to do */`
			`kekcipher = EVP_CIPHER_CTX_cipher(ctx);`
			`@@ -437,6 +438,15 @@ cms_wrap_init(CMS_KeyAgreeRecipientInfo kari, const EVP_CIPHER cipher)`
			`kekcipher = EVP_des_ede3_wrap();`
			`else`
			`#endif`
			`+#endif`
			`+#ifndef OPENSSL_NO_GOST`
			`+ if (type == NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm \|\|`
			`+ type == NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac)`
			`+ kekcipher = EVP_magma_kexp15_wrap();`
			`+ else if (type == NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm \|\|`
			`+ type == NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac)`
			`+ kekcipher = EVP_kuznyechik_kexp15_wrap();`
			`+ else`
			`#endif`
			`if (keylen <= 16)`
			`kekcipher = EVP_aes_128_wrap();`
			`--`
			`2.17.1`