From 9500ec100b69ef59889bbd9aadffd986a99f9a9b Mon Sep 17 00:00:00 2001 From: Dmitry Baryshkov Date: Thu, 9 Apr 2020 01:32:30 +0300 Subject: [PATCH 61/87] cms: select proper cipher for GOST KeyAgreeement Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/cms/cms_kari.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/lib/libcrypto/cms/cms_kari.c b/src/lib/libcrypto/cms/cms_kari.c index 2c3b50290..0082a7525 100644 --- a/src/lib/libcrypto/cms/cms_kari.c +++ b/src/lib/libcrypto/cms/cms_kari.c @@ -414,6 +414,7 @@ cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, const EVP_CIPHER *cipher) EVP_CIPHER_CTX *ctx = kari->ctx; const EVP_CIPHER *kekcipher; int keylen = EVP_CIPHER_key_length(cipher); + int type = EVP_CIPHER_type(cipher); /* If a suitable wrap algorithm is already set nothing to do */ kekcipher = EVP_CIPHER_CTX_cipher(ctx); @@ -437,6 +438,15 @@ cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, const EVP_CIPHER *cipher) kekcipher = EVP_des_ede3_wrap(); else #endif +#endif +#ifndef OPENSSL_NO_GOST + if (type == NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm || + type == NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac) + kekcipher = EVP_magma_kexp15_wrap(); + else if (type == NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm || + type == NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac) + kekcipher = EVP_kuznyechik_kexp15_wrap(); + else #endif if (keylen <= 16) kekcipher = EVP_aes_128_wrap(); -- 2.17.1