I found a bug in implementation of gost89 algorithm in gost engine of OpenSSL library.
I installed openssl-SNAP-20081006. Simple program shows an error in decryption of buffer encrypted with gost89 algorithm. #include <openssl/evp.h> #include <stdlib.h> static void print_buffer(void *buffer, int len) { u_int i; u_char *ucp = buffer; for (i = 0; i < len; i++) { printf( "%02x", ucp[i]); if (i%16==15) printf( "\r\n" ); else if (i%2==1) printf( " " ); } printf( "\r\n" ); } int main() { OPENSSL_config( NULL ); ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); // //Initialize key and iv // u_char iv[512]; u_char key[512]; int i; for( i = 0; i < sizeof( iv ); i++ ) { iv[i] = rand(); key[i] = rand(); } // //Initialize cipher context for encryption // EVP_CIPHER_CTX encCtx; EVP_CIPHER_CTX_init( &encCtx ); if ( EVP_CipherInit( &encCtx, EVP_get_cipherbyname( "gost89" ), key, iv, 1 ) ) { // //Initialize plain text and cipher text buffers // char plainText[32] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31 }; printf( "plain text :\n" ); print_buffer( plainText, 32 ); char cipherText[32] = ""; // //Encrypt plaint text // if ( EVP_Cipher( &encCtx, cipherText, plainText, sizeof( cipherText ) ) ) { printf( "cipher text :\n" ); print_buffer( cipherText, 32 ); // //Initialize cipher context for decryption // EVP_CIPHER_CTX decCtx; EVP_CIPHER_CTX_init( &decCtx ); if ( EVP_CipherInit( &decCtx, EVP_get_cipherbyname( "gost89" ), key, iv, 0 ) ) { char decryptedText[32] = ""; // //Decrypt first 8 byte block of cipher text // if ( EVP_Cipher( &decCtx, decryptedText, cipherText, 8 ) ) { printf( "decrypted text after first block decryption :\n" ); print_buffer( decryptedText, 32 ); // //Decrypt rest of cipher text // if ( EVP_Cipher( &decCtx, decryptedText + 8, cipherText + 8, 24 ) ) { printf( "decrypted text after rest blocks decryption :\n" ); print_buffer( decryptedText, 32 ); // //Compare plain text with decrypted text // if( 0 == memcmp( plainText, decryptedText, sizeof( decryptedText ) ) ) { printf( "Success\n" ); } else { printf( "Error\n" ); } } } } EVP_CIPHER_CTX_cleanup( &decCtx ); } } EVP_CIPHER_CTX_cleanup( &encCtx ); EVP_cleanup(); ERR_free_strings(); CONF_modules_free(); return 0; } The output of the program: plain text : 0001 0203 0405 0607 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f cipher text : fa25 cc1e 8c89 5ec1 1939 af98 b105 fc49 6204 1fcb 4586 35cc bdcd d264 80df 2979 decrypted text after first block decryption : 0001 0203 0405 0607 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 decrypted text after rest blocks decryption : 0001 0203 0405 0607 c51a dd70 0553 dffb 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f Error Cipher text is decryted by two parts. First block size is 8 bytes. The decryption of it is correct. The size of rest of cipher text is 24 bytes. The decrypted text is corrupted (first 8 bytes are not correct, other 16 bytes are correct ). If first block size is 16 bytes, then whole decrypted buffer is correct. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]