I found a bug in implementation of gost89 algorithm in gost engine of OpenSSL
library.

I installed openssl-SNAP-20081006.
Simple program shows an error in decryption of buffer encrypted with gost89
algorithm.

#include
#include


static void
print_buffer(void *buffer, int len)
{
u_int i;
u_char *ucp = buffer;

for (i = 0; i < len; i++) {
printf( "%02x", ucp[i]);
if (i%16==15)
printf( "\r\n" );
else if (i%2==1)
printf( " " );
}
printf( "\r\n" );
}

int
main()
{
OPENSSL_config( NULL );
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();

//
//Initialize key and iv
//
u_char iv[512];
u_char key[512];
int i;
for( i = 0; i < sizeof( iv ); i++ )
{
iv[i] = rand();
key[i] = rand();
}
//
//Initialize cipher context for encryption
//
EVP_CIPHER_CTX encCtx;
EVP_CIPHER_CTX_init( &encCtx );
if ( EVP_CipherInit( &encCtx, EVP_get_cipherbyname( "gost89" ), key, iv,
1 ) )
{
//
//Initialize plain text and cipher text buffers
//
char plainText[32] = {
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31 };
printf( "plain text :\n" );
print_buffer( plainText, 32 );
char cipherText[32] = "";
//
//Encrypt plaint text
//
if ( EVP_Cipher( &encCtx, cipherText, plainText, sizeof( cipherText ) ) )
{
printf( "cipher text :\n" );
print_buffer( cipherText, 32 );
//
//Initialize cipher context for decryption
//
EVP_CIPHER_CTX decCtx;
EVP_CIPHER_CTX_init( &decCtx );
if ( EVP_CipherInit( &decCtx, EVP_get_cipherbyname( "gost89" ), key, iv,
0 ) )
{
char decryptedText[32] = "";
//
//Decrypt first 8 byte block of cipher text
//
if ( EVP_Cipher( &decCtx, decryptedText, cipherText, 8 ) )
{
printf( "decrypted text after first block decryption :\n" );
print_buffer( decryptedText, 32 );
//
//Decrypt rest of cipher text
//
if ( EVP_Cipher( &decCtx, decryptedText + 8, cipherText + 8, 24 ) )
{
printf( "decrypted text after rest blocks decryption :\n" );
print_buffer( decryptedText, 32 );
//
//Compare plain text with decrypted text
//
if( 0 == memcmp( plainText, decryptedText, sizeof( decryptedText ) ) )
{
printf( "Success\n" );
}
else
{
printf( "Error\n" );
}
}
}
}
EVP_CIPHER_CTX_cleanup( &decCtx );

}


}

EVP_CIPHER_CTX_cleanup( &encCtx );
EVP_cleanup();
ERR_free_strings();
CONF_modules_free();
return 0;
}

The output of the program:

plain text :
0001 0203 0405 0607 0809 0a0b 0c0d 0e0f
1011 1213 1415 1617 1819 1a1b 1c1d 1e1f

cipher text :
fa25 cc1e 8c89 5ec1 1939 af98 b105 fc49
6204 1fcb 4586 35cc bdcd d264 80df 2979

decrypted text after first block decryption :
0001 0203 0405 0607 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000

decrypted text after rest blocks decryption :
0001 0203 0405 0607 c51a dd70 0553 dffb
1011 1213 1415 1617 1819 1a1b 1c1d 1e1f

Error

Cipher text is decryted by two parts.
First block size is 8 bytes. The decryption of it is correct.
The size of rest of cipher text is 24 bytes.
The decrypted text is corrupted (first 8 bytes are not correct, other 16 bytes
are correct ).
If first block size is 16 bytes, then whole decrypted buffer is correct.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org