Update the GOST code in libssl, as contributed by Dmitry Eremin-Solenikov.

This causes a libssl major version bump as this affects the layout of some internal-but-unfortunately-made-visible structs.
author: miod <> 2014-11-18 05:33:43 +0000
committer: miod <> 2014-11-18 05:33:43 +0000
commit: 0c986de0d047d74ccf3708c551b93f60ed6bfafb (patch)
tree: 1ff6097d67d8f3a7af1e40761e736566bcd71b7d /src/lib/libssl/s3_clnt.c
parent: 9555aff2e872287755e956f3b44930bf7de0cdda (diff)
download: openbsd-0c986de0d047d74ccf3708c551b93f60ed6bfafb.tar.gz
openbsd-0c986de0d047d74ccf3708c551b93f60ed6bfafb.tar.bz2
openbsd-0c986de0d047d74ccf3708c551b93f60ed6bfafb.zip
1 files changed, 51 insertions, 20 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 4c086bae83..0a834f12bc 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.93 2014/11/16 14:12:47 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.94 2014/11/18 05:33:43 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -162,6 +162,9 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
+#ifndef OPENSSL_NO_GOST
+#include <openssl/gost.h>
+#endif
 static const SSL_METHOD *ssl3_get_client_method(int ver);
 static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b);
@@ -781,6 +784,7 @@ ssl3_get_server_hello(SSL *s)
        unsigned int             j, cipher_id;
        uint16_t                 cipher_value;
        long                     n;
+        unsigned long            alg_k;
        n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
            SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);
@@ -943,7 +947,9 @@ ssl3_get_server_hello(SSL *s)
         * Don't digest cached records if no sigalgs: we may need them for
         * client authentication.
         */
-        if (!SSL_USE_SIGALGS(s) && !ssl3_digest_cached_records(s)) {
+        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+        if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) &&
+            !ssl3_digest_cached_records(s)) {
                al = SSL_AD_INTERNAL_ERROR;
                goto f_err;
        }
@@ -1937,7 +1943,6 @@ ssl3_get_server_done(SSL *s)
        return (ret);
 }
 int
 ssl3_send_client_key_exchange(SSL *s)
 {
@@ -2273,18 +2278,16 @@ ssl3_send_client_key_exchange(SSL *s)
                        size_t msglen;
                        unsigned int md_len;
-                        int keytype;
                        unsigned char premaster_secret[32], shared_ukm[32],
                            tmp[256];
                        EVP_MD_CTX *ukm_hash;
                        EVP_PKEY *pub_key;
+                        int nid;
                        /* Get server sertificate PKEY and create ctx from it */
-                        peer_cert = s->session->sess_cert->peer_pkeys[(
+                        peer_cert = s->session->sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509;
-                            keytype = SSL_PKEY_GOST01)].x509;
                        if (!peer_cert)
-                                peer_cert = s->session->sess_cert->peer_pkeys[
+                                peer_cert = s->session->sess_cert->peer_pkeys[SSL_PKEY_GOST94].x509;
-                                    (keytype = SSL_PKEY_GOST94)].x509;
                        if (!peer_cert) {
                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
                                    SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
@@ -2329,8 +2332,12 @@ ssl3_send_client_key_exchange(SSL *s)
                                    ERR_R_MALLOC_FAILURE);
                                goto err;
                        }
-                        EVP_DigestInit(ukm_hash,
-                            EVP_get_digestbynid(NID_id_GostR3411_94));
+                        if (ssl_get_algorithm2(s) & SSL_HANDSHAKE_MAC_GOST94)
+                                nid = NID_id_GostR3411_94;
+                        else
+                                nid = NID_id_tc26_gost3411_2012_256;
+                        EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid));
                        EVP_DigestUpdate(ukm_hash,
                            s->s3->client_random, SSL3_RANDOM_SIZE);
                        EVP_DigestUpdate(ukm_hash,
@@ -2498,24 +2505,48 @@ ssl3_send_client_verify(SSL *s)
                        }
                        s2n(j, p);
                        n = j + 2;
+#ifndef OPENSSL_NO_GOST
                } else if (pkey->type == NID_id_GostR3410_94 ||
-                    pkey->type == NID_id_GostR3410_2001) {
+                           pkey->type == NID_id_GostR3410_2001) {
-                        unsigned char signbuf[64];
+                        unsigned char signbuf[128];
-                        int i;
+                        long hdatalen = 0;
-                        size_t sigsize = 64;
+                        void *hdata;
-                        s->method->ssl3_enc->cert_verify_mac(s,
+                        const EVP_MD *md;
-                            NID_id_GostR3411_94, data);
+                        int nid;
-                        if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32)
+                        size_t sigsize;
-                            <= 0) {
+                        hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+                        if (hdatalen <= 0) {
                                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
                                    ERR_R_INTERNAL_ERROR);
                                goto err;
                        }
-                        for (i = 63, j = 0; i >= 0; j++, i--) {
+                        if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
-                                p[2 + j] = signbuf[i];
+                            !(md = EVP_get_digestbynid(nid))) {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
+                                                ERR_R_EVP_LIB);
+                                goto err;
+                        }
+                        if (!EVP_DigestInit_ex(&mctx, md, NULL) ||
+                            !EVP_DigestUpdate(&mctx, hdata, hdatalen) ||
+                            !EVP_DigestFinal(&mctx, signbuf, &u) ||
+                            (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) ||
+                            (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                                               EVP_PKEY_CTRL_GOST_SIG_FORMAT,
+                                               GOST_SIG_FORMAT_RS_LE,
+                                               NULL) <= 0) ||
+                            (EVP_PKEY_sign(pctx, &(p[2]), &sigsize,
+                                           signbuf, u) <= 0)) {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
+                                    ERR_R_EVP_LIB);
+                                goto err;
                        }
+                        if (!ssl3_digest_cached_records(s))
+                                goto err;
+                        j = sigsize;
                        s2n(j, p);
                        n = j + 2;
+#endif
                } else {
                        SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
                            ERR_R_INTERNAL_ERROR);
author	miod <>	2014-11-18 05:33:43 +0000
committer	miod <>	2014-11-18 05:33:43 +0000
commit	0c986de0d047d74ccf3708c551b93f60ed6bfafb (patch)
tree	1ff6097d67d8f3a7af1e40761e736566bcd71b7d /src/lib/libssl/s3_clnt.c
parent	9555aff2e872287755e956f3b44930bf7de0cdda (diff)
download	openbsd-0c986de0d047d74ccf3708c551b93f60ed6bfafb.tar.gz openbsd-0c986de0d047d74ccf3708c551b93f60ed6bfafb.tar.bz2 openbsd-0c986de0d047d74ccf3708c551b93f60ed6bfafb.zip

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 4c086bae83..0a834f12bc 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_clnt.c,v 1.93 2014/11/16 14:12:47 jsing Exp $ */	1	/* $OpenBSD: s3_clnt.c,v 1.94 2014/11/18 05:33:43 miod Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -162,6 +162,9 @@
162	#ifndef OPENSSL_NO_ENGINE	162	#ifndef OPENSSL_NO_ENGINE
163	#include <openssl/engine.h>	163	#include <openssl/engine.h>
164	#endif	164	#endif
		165	#ifndef OPENSSL_NO_GOST
		166	#include <openssl/gost.h>
		167	#endif
165		168
166	static const SSL_METHOD *ssl3_get_client_method(int ver);	169	static const SSL_METHOD *ssl3_get_client_method(int ver);
167	static int ca_dn_cmp(const X509_NAME * const a, const X509_NAME const *b);	170	static int ca_dn_cmp(const X509_NAME * const a, const X509_NAME const *b);
@@ -781,6 +784,7 @@ ssl3_get_server_hello(SSL *s)
781	unsigned int j, cipher_id;	784	unsigned int j, cipher_id;
782	uint16_t cipher_value;	785	uint16_t cipher_value;
783	long n;	786	long n;
		787	unsigned long alg_k;
784		788
785	n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,	789	n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
786	SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);	790	SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);
@@ -943,7 +947,9 @@ ssl3_get_server_hello(SSL *s)
943	* Don't digest cached records if no sigalgs: we may need them for	947	* Don't digest cached records if no sigalgs: we may need them for
944	* client authentication.	948	* client authentication.
945	*/	949	*/
946	if (!SSL_USE_SIGALGS(s) && !ssl3_digest_cached_records(s)) {	950	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
		951	if (!(SSL_USE_SIGALGS(s) \|\| (alg_k & SSL_kGOST)) &&
		952	!ssl3_digest_cached_records(s)) {
947	al = SSL_AD_INTERNAL_ERROR;	953	al = SSL_AD_INTERNAL_ERROR;
948	goto f_err;	954	goto f_err;
949	}	955	}
@@ -1937,7 +1943,6 @@ ssl3_get_server_done(SSL *s)
1937	return (ret);	1943	return (ret);
1938	}	1944	}
1939		1945
1940
1941	int	1946	int
1942	ssl3_send_client_key_exchange(SSL *s)	1947	ssl3_send_client_key_exchange(SSL *s)
1943	{	1948	{
@@ -2273,18 +2278,16 @@ ssl3_send_client_key_exchange(SSL *s)
2273		2278
2274	size_t msglen;	2279	size_t msglen;
2275	unsigned int md_len;	2280	unsigned int md_len;
2276	int keytype;
2277	unsigned char premaster_secret[32], shared_ukm[32],	2281	unsigned char premaster_secret[32], shared_ukm[32],
2278	tmp[256];	2282	tmp[256];
2279	EVP_MD_CTX *ukm_hash;	2283	EVP_MD_CTX *ukm_hash;
2280	EVP_PKEY *pub_key;	2284	EVP_PKEY *pub_key;
		2285	int nid;
2281		2286
2282	/* Get server sertificate PKEY and create ctx from it */	2287	/* Get server sertificate PKEY and create ctx from it */
2283	peer_cert = s->session->sess_cert->peer_pkeys[(	2288	peer_cert = s->session->sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509;
2284	keytype = SSL_PKEY_GOST01)].x509;
2285	if (!peer_cert)	2289	if (!peer_cert)
2286	peer_cert = s->session->sess_cert->peer_pkeys[	2290	peer_cert = s->session->sess_cert->peer_pkeys[SSL_PKEY_GOST94].x509;
2287	(keytype = SSL_PKEY_GOST94)].x509;
2288	if (!peer_cert) {	2291	if (!peer_cert) {
2289	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,	2292	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2290	SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);	2293	SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
@@ -2329,8 +2332,12 @@ ssl3_send_client_key_exchange(SSL *s)
2329	ERR_R_MALLOC_FAILURE);	2332	ERR_R_MALLOC_FAILURE);
2330	goto err;	2333	goto err;
2331	}	2334	}
2332	EVP_DigestInit(ukm_hash,	2335
2333	EVP_get_digestbynid(NID_id_GostR3411_94));	2336	if (ssl_get_algorithm2(s) & SSL_HANDSHAKE_MAC_GOST94)
		2337	nid = NID_id_GostR3411_94;
		2338	else
		2339	nid = NID_id_tc26_gost3411_2012_256;
		2340	EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid));
2334	EVP_DigestUpdate(ukm_hash,	2341	EVP_DigestUpdate(ukm_hash,
2335	s->s3->client_random, SSL3_RANDOM_SIZE);	2342	s->s3->client_random, SSL3_RANDOM_SIZE);
2336	EVP_DigestUpdate(ukm_hash,	2343	EVP_DigestUpdate(ukm_hash,
@@ -2498,24 +2505,48 @@ ssl3_send_client_verify(SSL *s)
2498	}	2505	}
2499	s2n(j, p);	2506	s2n(j, p);
2500	n = j + 2;	2507	n = j + 2;
		2508	#ifndef OPENSSL_NO_GOST
2501	} else if (pkey->type == NID_id_GostR3410_94 \|\|	2509	} else if (pkey->type == NID_id_GostR3410_94 \|\|
2502	pkey->type == NID_id_GostR3410_2001) {	2510	pkey->type == NID_id_GostR3410_2001) {
2503	unsigned char signbuf[64];	2511	unsigned char signbuf[128];
2504	int i;	2512	long hdatalen = 0;
2505	size_t sigsize = 64;	2513	void *hdata;
2506	s->method->ssl3_enc->cert_verify_mac(s,	2514	const EVP_MD *md;
2507	NID_id_GostR3411_94, data);	2515	int nid;
2508	if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32)	2516	size_t sigsize;
2509	<= 0) {	2517
		2518	hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
		2519	if (hdatalen <= 0) {
2510	SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,	2520	SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2511	ERR_R_INTERNAL_ERROR);	2521	ERR_R_INTERNAL_ERROR);
2512	goto err;	2522	goto err;
2513	}	2523	}
2514	for (i = 63, j = 0; i >= 0; j++, i--) {	2524	if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) \|\|
2515	p[2 + j] = signbuf[i];	2525	!(md = EVP_get_digestbynid(nid))) {
		2526	SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
		2527	ERR_R_EVP_LIB);
		2528	goto err;
		2529	}
		2530	if (!EVP_DigestInit_ex(&mctx, md, NULL) \|\|
		2531	!EVP_DigestUpdate(&mctx, hdata, hdatalen) \|\|
		2532	!EVP_DigestFinal(&mctx, signbuf, &u) \|\|
		2533	(EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) \|\|
		2534	(EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
		2535	EVP_PKEY_CTRL_GOST_SIG_FORMAT,
		2536	GOST_SIG_FORMAT_RS_LE,
		2537	NULL) <= 0) \|\|
		2538	(EVP_PKEY_sign(pctx, &(p[2]), &sigsize,
		2539	signbuf, u) <= 0)) {
		2540	SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
		2541	ERR_R_EVP_LIB);
		2542	goto err;
2516	}	2543	}
		2544	if (!ssl3_digest_cached_records(s))
		2545	goto err;
		2546	j = sigsize;
2517	s2n(j, p);	2547	s2n(j, p);
2518	n = j + 2;	2548	n = j + 2;
		2549	#endif
2519	} else {	2550	} else {
2520	SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,	2551	SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2521	ERR_R_INTERNAL_ERROR);	2552	ERR_R_INTERNAL_ERROR);