Hello Andrey, Thank you for your work, but I do not see the patch :-(
I should say that in practice the CNT mode is used in TLS where usage of the Gost28147_CryptoProParamSetA is required. On Mon, Apr 21, 2014 at 7:40 PM, Andrey Kulikov via RT <r...@openssl.org>wrote: > Currently ccgost engine use configured params (s-boxes) when it works in > CFB mode only. > For CNT and IMITO parameters are hardcoded to Gost28147_CryptoProParamSetA > > Supplied patch allow ccgost engine to really use parameters, specified > either in config file, or via engine API. > > When nothing is configured, parameters selection fails back to default - > i.e. Gost28147_CryptoProParamSetA. > So regression behavior persists. > > *WARNING: *Some interoperability issues possible, with SSL for example > (uses 28147-CNT by default), if some previously configured parameters start > to be used, while previously they where ignored. > > Patch created using this command: > \diff -rupN openssl-1.0.1g/engines/ccgost/ > openssl-1.0.1g-debug/engines/ccgost/ > ccgost_CNT_use_params.patch > > To apply patch use following command in current OpenSSL root dev. > directory: > > patch -p1 -l -u -b -i ccgost_CNT_use_params.patch > > Patch created against 1.0.1g. > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org > -- SY, Dmitry Belyavsky