1 files changed, 14 insertions, 3 deletions

diff --git a/lib/cipher_int.c b/lib/cipher_int.c
index 40bf64f8bc..b5308aa629 100644
--- a/lib/cipher_int.c
+++ b/lib/cipher_int.c
@@ -218,6 +218,9 @@ int _gnutls_auth_cipher_init(auth_cipher_hd_st * handle,
 			gnutls_assert();
 			goto cleanup;
 		}
+#ifdef ENABLE_GOST
+		handle->continuous_mac = !!(me->flags & GNUTLS_MAC_FLAG_CONTINUOUS_MAC);
+#endif
 
 		handle->tag_size = _gnutls_mac_get_algo_len(me);
 	} else if (_gnutls_cipher_algo_is_aead(e)) {
@@ -422,15 +425,23 @@ int _gnutls_auth_cipher_tag(auth_cipher_hd_st * handle, void *tag,
 {
 	if (handle->is_mac) {
 #ifdef ENABLE_SSL3
-		int ret;
-
 		if (handle->ssl_hmac) {
-			ret =
+			int ret =
 			    _gnutls_mac_output_ssl3(&handle->mac.dig, tag);
 			if (ret < 0)
 				return gnutls_assert_val(ret);
 		} else
 #endif
+#ifdef ENABLE_GOST
+		/* draft-smyshlyaev-tls12-gost-suites section 4.1.2 */
+		if (handle->continuous_mac) {
+			mac_hd_st temp_mac;
+			int ret = _gnutls_mac_copy(&handle->mac.mac, &temp_mac);
+			if (ret < 0)
+				return gnutls_assert_val(ret);
+			_gnutls_mac_deinit(&temp_mac, tag);
+		} else
+#endif
 			_gnutls_mac_output(&handle->mac.mac, tag);
 	} else if (_gnutls_cipher_is_aead(&handle->cipher)) {
 		_gnutls_cipher_tag(&handle->cipher, tag, tag_size);