Currently ccgost engine use configured params (s-boxes) when it works in CFB mode only. For CNT and IMITO parameters are hardcoded to Gost28147_CryptoProParamSetA
Supplied patch allow ccgost engine to really use parameters, specified either in config file, or via engine API. When nothing is configured, parameters selection fails back to default - i.e. Gost28147_CryptoProParamSetA. So regression behavior persists. *WARNING: *Some interoperability issues possible, with SSL for example (uses 28147-CNT by default), if some previously configured parameters start to be used, while previously they where ignored. Patch created using this command: \diff -rupN openssl-1.0.1g/engines/ccgost/ openssl-1.0.1g-debug/engines/ccgost/ > ccgost_CNT_use_params.patch To apply patch use following command in current OpenSSL root dev. directory: patch -p1 -l -u -b -i ccgost_CNT_use_params.patch Patch created against 1.0.1g. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
