Greetings! Here is the patch providing CMS support for ccgost engine.
-- SY, Dmitry Belyavsky
diff -u openssl-1.0.0e_orig/engines/ccgost//gost_ameth.c openssl-1.0.0e/engines/ccgost//gost_ameth.c --- openssl-1.0.0e_orig/engines/ccgost//gost_ameth.c 2012-02-26 00:04:16.000000000 +0400 +++ openssl-1.0.0e/engines/ccgost//gost_ameth.c 2012-02-26 00:11:01.000000000 +0400 @@ -13,6 +13,9 @@ #include <openssl/engine.h> #include <openssl/evp.h> #include <openssl/asn1.h> +#ifndef OPENSSL_NO_CMS +#include <openssl/cms.h> +#endif #include "gost_params.h" #include "gost_lcl.h" #include "e_gost_err.h" @@ -230,6 +233,24 @@ X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0); } return 1; +#ifndef OPENSSL_NO_CMS + case ASN1_PKEY_CTRL_CMS_SIGN: + if (arg1 == 0) + { + X509_ALGOR *alg1 = NULL, *alg2 = NULL; + int nid = EVP_PKEY_base_id(pkey); + CMS_SignerInfo_get0_algs((CMS_SignerInfo *)arg2, + NULL, NULL, &alg1, &alg2); + X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_id_GostR3411_94), + V_ASN1_NULL, 0); + if (nid == NID_undef) + { + return (-1); + } + X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0); + } + return 1; +#endif case ASN1_PKEY_CTRL_PKCS7_ENCRYPT: if (arg1 == 0) { @@ -244,6 +265,22 @@ V_ASN1_SEQUENCE, params); } return 1; +#ifndef OPENSSL_NO_CMS + case ASN1_PKEY_CTRL_CMS_ENVELOPE: + if (arg1 == 0) + { + X509_ALGOR *alg; + ASN1_STRING * params = encode_gost_algor_params(pkey); + if (!params) + { + return -1; + } + CMS_RecipientInfo_ktri_get0_algs((CMS_RecipientInfo *)arg2, NULL, NULL, &alg); + X509_ALGOR_set0(alg, OBJ_nid2obj(pkey->type), + V_ASN1_SEQUENCE, params); + } + return 1; +#endif case ASN1_PKEY_CTRL_DEFAULT_MD_NID: *(int *)arg2 = NID_id_GostR3411_94; return 2; diff -u openssl-1.0.0e_orig/engines/ccgost//gost_pmeth.c openssl-1.0.0e/engines/ccgost//gost_pmeth.c --- openssl-1.0.0e_orig/engines/ccgost//gost_pmeth.c 2012-02-26 00:04:16.000000000 +0400 +++ openssl-1.0.0e/engines/ccgost//gost_pmeth.c 2012-02-27 23:56:46.000000000 +0400 @@ -89,6 +89,12 @@ case EVP_PKEY_CTRL_PKCS7_ENCRYPT: case EVP_PKEY_CTRL_PKCS7_DECRYPT: case EVP_PKEY_CTRL_PKCS7_SIGN: + case EVP_PKEY_CTRL_DIGESTINIT: +#ifndef OPENSSL_NO_CMS + case EVP_PKEY_CTRL_CMS_ENCRYPT: + case EVP_PKEY_CTRL_CMS_DECRYPT: + case EVP_PKEY_CTRL_CMS_SIGN: +#endif return 1; case EVP_PKEY_CTRL_GOST_PARAMSET: