Remove GOST and STREEBOG support from libssl.

This version of GOST is old and not anywhere close to compliant with modern GOST standards. It is also very intrusive in libssl and makes a mess everywhere. Efforts to entice a suitably minded anyone to care about it have been unsuccessful. At this point it is probably best to remove this, and if someone ever showed up who truly needed a working version, it should be a clean implementation from scratch, and have it use something closer to the typical API in libcrypto so it would integrate less painfully here. This removes it from libssl in preparation for it's removal from libcrypto with a future major bump ok tb@
author: beck <> 2024-02-03 15:58:34 +0000
committer: beck <> 2024-02-03 15:58:34 +0000
commit: feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3 (patch)
tree: dc1f0834366a35df8a6de61e2722798629d7c4c2 /src/lib/libssl/ssl_clnt.c
parent: a931b9fe4c471545a30c6975c303fa27abc695af (diff)
download: openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.tar.gz
openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.tar.bz2
openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.zip
1 files changed, 2 insertions, 204 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 52f5de35a4..56fb9ba1c7 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.163 2023/12/29 12:24:33 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.164 2024/02/03 15:58:33 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -161,10 +161,6 @@
 #include <openssl/objects.h>
 #include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_GOST
-#include <openssl/gost.h>
-#endif
 #include "bytestring.h"
 #include "dtls_local.h"
 #include "ssl_local.h"
@@ -829,7 +825,6 @@ ssl3_get_server_hello(SSL *s)
        uint8_t compression_method;
        const SSL_CIPHER *cipher;
        const SSL_METHOD *method;
-        unsigned long alg_k;
        int al, ret;
        s->first_packet = 1;
@@ -1038,8 +1033,7 @@ ssl3_get_server_hello(SSL *s)
         * Don't digest cached records if no sigalgs: we may need them for
         * client authentication.
         */
-        alg_k = s->s3->hs.cipher->algorithm_mkey;
+        if (!SSL_USE_SIGALGS(s))
-        if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)))
                tls1_transcript_free(s);
        if (!CBS_get_u8(&cbs, &compression_method))
@@ -1931,119 +1925,6 @@ ssl3_send_client_kex_ecdhe(SSL *s, CBB *cbb)
 }
 static int
-ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
-{
-        unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
-        EVP_PKEY_CTX *pkey_ctx = NULL;
-        EVP_MD_CTX *ukm_hash = NULL;
-        EVP_PKEY *pkey;
-        size_t msglen;
-        unsigned int md_len;
-        CBB gostblob;
-        int nid;
-        int ret = 0;
-        /* Get server certificate PKEY and create ctx from it */
-        pkey = X509_get0_pubkey(s->session->peer_cert);
-        if (pkey == NULL || s->session->peer_cert_type != SSL_PKEY_GOST01) {
-                SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
-                goto err;
-        }
-        if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        /*
-         * If we have send a certificate, and certificate key parameters match
-         * those of server certificate, use certificate key for key exchange.
-         * Otherwise, generate ephemeral key pair.
-         */
-        if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0)
-                goto err;
-        /* Generate session key. */
-        arc4random_buf(premaster_secret, sizeof(premaster_secret));
-        /*
-         * If we have client certificate, use its secret as peer key.
-         * XXX - this presumably lacks PFS.
-         */
-        if (s->s3->hs.tls12.cert_request != 0 &&
-            s->cert->key->privatekey != NULL) {
-                if (EVP_PKEY_derive_set_peer(pkey_ctx,
-                    s->cert->key->privatekey) <=0) {
-                        /*
-                         * If there was an error - just ignore it.
-                         * Ephemeral key would be used.
-                         */
-                        ERR_clear_error();
-                }
-        }
-        /*
-         * Compute shared IV and store it in algorithm-specific context data.
-         */
-        if ((ukm_hash = EVP_MD_CTX_new()) == NULL) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        /* XXX check handshake hash instead. */
-        if (s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
-                nid = NID_id_GostR3411_94;
-        else
-                nid = NID_id_tc26_gost3411_2012_256;
-        if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)))
-                goto err;
-        if (!EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE))
-                goto err;
-        if (!EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE))
-                goto err;
-        if (!EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len))
-                goto err;
-        if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
-            EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
-                SSLerror(s, SSL_R_LIBRARY_BUG);
-                goto err;
-        }
-        /*
-         * Make GOST keytransport blob message, encapsulate it into sequence.
-         */
-        msglen = 255;
-        if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret,
-            sizeof(premaster_secret)) < 0) {
-                SSLerror(s, SSL_R_LIBRARY_BUG);
-                goto err;
-        }
-        if (!CBB_add_asn1(cbb, &gostblob, CBS_ASN1_SEQUENCE))
-                goto err;
-        if (!CBB_add_bytes(&gostblob, tmp, msglen))
-                goto err;
-        if (!CBB_flush(cbb))
-                goto err;
-        /* Check if pubkey from client certificate was used. */
-        if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
-            NULL) > 0)
-                s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
-        if (!tls12_derive_master_secret(s, premaster_secret, 32))
-                goto err;
-        ret = 1;
- err:
-        explicit_bzero(premaster_secret, sizeof(premaster_secret));
-        EVP_PKEY_CTX_free(pkey_ctx);
-        EVP_MD_CTX_free(ukm_hash);
-        return ret;
-}
-static int
 ssl3_send_client_key_exchange(SSL *s)
 {
        unsigned long alg_k;
@@ -2067,9 +1948,6 @@ ssl3_send_client_key_exchange(SSL *s)
                } else if (alg_k & SSL_kECDHE) {
                        if (!ssl3_send_client_kex_ecdhe(s, &kex))
                                goto err;
-                } else if (alg_k & SSL_kGOST) {
-                        if (!ssl3_send_client_kex_gost(s, &kex))
-                                goto err;
                } else {
                        ssl3_send_alert(s, SSL3_AL_FATAL,
                            SSL_AD_HANDSHAKE_FAILURE);
@@ -2115,14 +1993,6 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey,
                SSLerror(s, ERR_R_EVP_LIB);
                goto err;
        }
-#ifndef OPENSSL_NO_GOST
-        if (sigalg->key_type == EVP_PKEY_GOSTR01 &&
-            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-            EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-#endif
        if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
            (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
            !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) {
@@ -2230,72 +2100,6 @@ ssl3_send_client_verify_ec(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
        return ret;
 }
-#ifndef OPENSSL_NO_GOST
-static int
-ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
-{
-        CBB cbb_signature;
-        EVP_MD_CTX *mctx;
-        EVP_PKEY_CTX *pctx;
-        const EVP_MD *md;
-        const unsigned char *hdata;
-        unsigned char *signature = NULL;
-        size_t signature_len;
-        size_t hdata_len;
-        int nid;
-        int ret = 0;
-        if ((mctx = EVP_MD_CTX_new()) == NULL)
-                goto err;
-        if (!tls1_transcript_data(s, &hdata, &hdata_len)) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                goto err;
-        }
-        if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
-            (md = EVP_get_digestbynid(nid)) == NULL) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-        if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, pkey)) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-#ifndef OPENSSL_NO_GOST
-        if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-            EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-#endif
-        if (!EVP_DigestSign(mctx, NULL, &signature_len, hdata, hdata_len)) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-        if ((signature = calloc(1, signature_len)) == NULL) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        if (!EVP_DigestSign(mctx, signature, &signature_len, hdata, hdata_len)) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-        if (!CBB_add_u16_length_prefixed(cert_verify, &cbb_signature))
-                goto err;
-        if (!CBB_add_bytes(&cbb_signature, signature, signature_len))
-                goto err;
-        if (!CBB_flush(cert_verify))
-                goto err;
-        ret = 1;
- err:
-        EVP_MD_CTX_free(mctx);
-        free(signature);
-        return ret;
-}
-#endif
 static int
 ssl3_send_client_verify(SSL *s)
 {
@@ -2331,12 +2135,6 @@ ssl3_send_client_verify(SSL *s)
                } else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
                        if (!ssl3_send_client_verify_ec(s, pkey, &cert_verify))
                                goto err;
-#ifndef OPENSSL_NO_GOST
-                } else if (EVP_PKEY_id(pkey) == NID_id_GostR3410_94 ||
-                    EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) {
-                        if (!ssl3_send_client_verify_gost(s, pkey, &cert_verify))
-                                goto err;
-#endif
                } else {
                        SSLerror(s, ERR_R_INTERNAL_ERROR);
                        goto err;
author	beck <>	2024-02-03 15:58:34 +0000
committer	beck <>	2024-02-03 15:58:34 +0000
commit	feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3 (patch)
tree	dc1f0834366a35df8a6de61e2722798629d7c4c2 /src/lib/libssl/ssl_clnt.c
parent	a931b9fe4c471545a30c6975c303fa27abc695af (diff)
download	openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.tar.gz openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.tar.bz2 openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.zip

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 52f5de35a4..56fb9ba1c7 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.163 2023/12/29 12:24:33 tb Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.164 2024/02/03 15:58:33 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -161,10 +161,6 @@
161	#include <openssl/objects.h>	161	#include <openssl/objects.h>
162	#include <openssl/opensslconf.h>	162	#include <openssl/opensslconf.h>
163		163
164	#ifndef OPENSSL_NO_GOST
165	#include <openssl/gost.h>
166	#endif
167
168	#include "bytestring.h"	164	#include "bytestring.h"
169	#include "dtls_local.h"	165	#include "dtls_local.h"
170	#include "ssl_local.h"	166	#include "ssl_local.h"
@@ -829,7 +825,6 @@ ssl3_get_server_hello(SSL *s)
829	uint8_t compression_method;	825	uint8_t compression_method;
830	const SSL_CIPHER *cipher;	826	const SSL_CIPHER *cipher;
831	const SSL_METHOD *method;	827	const SSL_METHOD *method;
832	unsigned long alg_k;
833	int al, ret;	828	int al, ret;
834		829
835	s->first_packet = 1;	830	s->first_packet = 1;
@@ -1038,8 +1033,7 @@ ssl3_get_server_hello(SSL *s)
1038	* Don't digest cached records if no sigalgs: we may need them for	1033	* Don't digest cached records if no sigalgs: we may need them for
1039	* client authentication.	1034	* client authentication.
1040	*/	1035	*/
1041	alg_k = s->s3->hs.cipher->algorithm_mkey;	1036	if (!SSL_USE_SIGALGS(s))
1042	if (!(SSL_USE_SIGALGS(s) \|\| (alg_k & SSL_kGOST)))
1043	tls1_transcript_free(s);	1037	tls1_transcript_free(s);
1044		1038
1045	if (!CBS_get_u8(&cbs, &compression_method))	1039	if (!CBS_get_u8(&cbs, &compression_method))
@@ -1931,119 +1925,6 @@ ssl3_send_client_kex_ecdhe(SSL s, CBB cbb)
1931	}	1925	}
1932		1926
1933	static int	1927	static int
1934	ssl3_send_client_kex_gost(SSL s, CBB cbb)
1935	{
1936	unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
1937	EVP_PKEY_CTX *pkey_ctx = NULL;
1938	EVP_MD_CTX *ukm_hash = NULL;
1939	EVP_PKEY *pkey;
1940	size_t msglen;
1941	unsigned int md_len;
1942	CBB gostblob;
1943	int nid;
1944	int ret = 0;
1945
1946	/* Get server certificate PKEY and create ctx from it */
1947	pkey = X509_get0_pubkey(s->session->peer_cert);
1948	if (pkey == NULL \|\| s->session->peer_cert_type != SSL_PKEY_GOST01) {
1949	SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
1950	goto err;
1951	}
1952	if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
1953	SSLerror(s, ERR_R_MALLOC_FAILURE);
1954	goto err;
1955	}
1956
1957	/*
1958	* If we have send a certificate, and certificate key parameters match
1959	* those of server certificate, use certificate key for key exchange.
1960	* Otherwise, generate ephemeral key pair.
1961	*/
1962	if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0)
1963	goto err;
1964
1965	/* Generate session key. */
1966	arc4random_buf(premaster_secret, sizeof(premaster_secret));
1967
1968	/*
1969	* If we have client certificate, use its secret as peer key.
1970	* XXX - this presumably lacks PFS.
1971	*/
1972	if (s->s3->hs.tls12.cert_request != 0 &&
1973	s->cert->key->privatekey != NULL) {
1974	if (EVP_PKEY_derive_set_peer(pkey_ctx,
1975	s->cert->key->privatekey) <=0) {
1976	/*
1977	* If there was an error - just ignore it.
1978	* Ephemeral key would be used.
1979	*/
1980	ERR_clear_error();
1981	}
1982	}
1983
1984	/*
1985	* Compute shared IV and store it in algorithm-specific context data.
1986	*/
1987	if ((ukm_hash = EVP_MD_CTX_new()) == NULL) {
1988	SSLerror(s, ERR_R_MALLOC_FAILURE);
1989	goto err;
1990	}
1991
1992	/* XXX check handshake hash instead. */
1993	if (s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
1994	nid = NID_id_GostR3411_94;
1995	else
1996	nid = NID_id_tc26_gost3411_2012_256;
1997	if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)))
1998	goto err;
1999	if (!EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE))
2000	goto err;
2001	if (!EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE))
2002	goto err;
2003	if (!EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len))
2004	goto err;
2005	if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
2006	EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
2007	SSLerror(s, SSL_R_LIBRARY_BUG);
2008	goto err;
2009	}
2010
2011	/*
2012	* Make GOST keytransport blob message, encapsulate it into sequence.
2013	*/
2014	msglen = 255;
2015	if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret,
2016	sizeof(premaster_secret)) < 0) {
2017	SSLerror(s, SSL_R_LIBRARY_BUG);
2018	goto err;
2019	}
2020
2021	if (!CBB_add_asn1(cbb, &gostblob, CBS_ASN1_SEQUENCE))
2022	goto err;
2023	if (!CBB_add_bytes(&gostblob, tmp, msglen))
2024	goto err;
2025	if (!CBB_flush(cbb))
2026	goto err;
2027
2028	/* Check if pubkey from client certificate was used. */
2029	if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
2030	NULL) > 0)
2031	s->s3->flags \|= TLS1_FLAGS_SKIP_CERT_VERIFY;
2032
2033	if (!tls12_derive_master_secret(s, premaster_secret, 32))
2034	goto err;
2035
2036	ret = 1;
2037
2038	err:
2039	explicit_bzero(premaster_secret, sizeof(premaster_secret));
2040	EVP_PKEY_CTX_free(pkey_ctx);
2041	EVP_MD_CTX_free(ukm_hash);
2042
2043	return ret;
2044	}
2045
2046	static int
2047	ssl3_send_client_key_exchange(SSL *s)	1928	ssl3_send_client_key_exchange(SSL *s)
2048	{	1929	{
2049	unsigned long alg_k;	1930	unsigned long alg_k;
@@ -2067,9 +1948,6 @@ ssl3_send_client_key_exchange(SSL *s)
2067	} else if (alg_k & SSL_kECDHE) {	1948	} else if (alg_k & SSL_kECDHE) {
2068	if (!ssl3_send_client_kex_ecdhe(s, &kex))	1949	if (!ssl3_send_client_kex_ecdhe(s, &kex))
2069	goto err;	1950	goto err;
2070	} else if (alg_k & SSL_kGOST) {
2071	if (!ssl3_send_client_kex_gost(s, &kex))
2072	goto err;
2073	} else {	1951	} else {
2074	ssl3_send_alert(s, SSL3_AL_FATAL,	1952	ssl3_send_alert(s, SSL3_AL_FATAL,
2075	SSL_AD_HANDSHAKE_FAILURE);	1953	SSL_AD_HANDSHAKE_FAILURE);
@@ -2115,14 +1993,6 @@ ssl3_send_client_verify_sigalgs(SSL s, EVP_PKEY pkey,
2115	SSLerror(s, ERR_R_EVP_LIB);	1993	SSLerror(s, ERR_R_EVP_LIB);
2116	goto err;	1994	goto err;
2117	}	1995	}
2118	#ifndef OPENSSL_NO_GOST
2119	if (sigalg->key_type == EVP_PKEY_GOSTR01 &&
2120	EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
2121	EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) {
2122	SSLerror(s, ERR_R_EVP_LIB);
2123	goto err;
2124	}
2125	#endif
2126	if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&	1996	if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
2127	(!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) \|\|	1997	(!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) \|\|
2128	!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) {	1998	!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) {
@@ -2230,72 +2100,6 @@ ssl3_send_client_verify_ec(SSL s, EVP_PKEY pkey, CBB *cert_verify)
2230	return ret;	2100	return ret;
2231	}	2101	}
2232		2102
2233	#ifndef OPENSSL_NO_GOST
2234	static int
2235	ssl3_send_client_verify_gost(SSL s, EVP_PKEY pkey, CBB *cert_verify)
2236	{
2237	CBB cbb_signature;
2238	EVP_MD_CTX *mctx;
2239	EVP_PKEY_CTX *pctx;
2240	const EVP_MD *md;
2241	const unsigned char *hdata;
2242	unsigned char *signature = NULL;
2243	size_t signature_len;
2244	size_t hdata_len;
2245	int nid;
2246	int ret = 0;
2247
2248	if ((mctx = EVP_MD_CTX_new()) == NULL)
2249	goto err;
2250
2251	if (!tls1_transcript_data(s, &hdata, &hdata_len)) {
2252	SSLerror(s, ERR_R_INTERNAL_ERROR);
2253	goto err;
2254	}
2255	if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) \|\|
2256	(md = EVP_get_digestbynid(nid)) == NULL) {
2257	SSLerror(s, ERR_R_EVP_LIB);
2258	goto err;
2259	}
2260	if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, pkey)) {
2261	SSLerror(s, ERR_R_EVP_LIB);
2262	goto err;
2263	}
2264	#ifndef OPENSSL_NO_GOST
2265	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
2266	EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) {
2267	SSLerror(s, ERR_R_EVP_LIB);
2268	goto err;
2269	}
2270	#endif
2271	if (!EVP_DigestSign(mctx, NULL, &signature_len, hdata, hdata_len)) {
2272	SSLerror(s, ERR_R_EVP_LIB);
2273	goto err;
2274	}
2275	if ((signature = calloc(1, signature_len)) == NULL) {
2276	SSLerror(s, ERR_R_MALLOC_FAILURE);
2277	goto err;
2278	}
2279	if (!EVP_DigestSign(mctx, signature, &signature_len, hdata, hdata_len)) {
2280	SSLerror(s, ERR_R_EVP_LIB);
2281	goto err;
2282	}
2283
2284	if (!CBB_add_u16_length_prefixed(cert_verify, &cbb_signature))
2285	goto err;
2286	if (!CBB_add_bytes(&cbb_signature, signature, signature_len))
2287	goto err;
2288	if (!CBB_flush(cert_verify))
2289	goto err;
2290
2291	ret = 1;
2292	err:
2293	EVP_MD_CTX_free(mctx);
2294	free(signature);
2295	return ret;
2296	}
2297	#endif
2298
2299	static int	2103	static int
2300	ssl3_send_client_verify(SSL *s)	2104	ssl3_send_client_verify(SSL *s)
2301	{	2105	{
@@ -2331,12 +2135,6 @@ ssl3_send_client_verify(SSL *s)
2331	} else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {	2135	} else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
2332	if (!ssl3_send_client_verify_ec(s, pkey, &cert_verify))	2136	if (!ssl3_send_client_verify_ec(s, pkey, &cert_verify))
2333	goto err;	2137	goto err;
2334	#ifndef OPENSSL_NO_GOST
2335	} else if (EVP_PKEY_id(pkey) == NID_id_GostR3410_94 \|\|
2336	EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) {
2337	if (!ssl3_send_client_verify_gost(s, pkey, &cert_verify))
2338	goto err;
2339	#endif
2340	} else {	2138	} else {
2341	SSLerror(s, ERR_R_INTERNAL_ERROR);	2139	SSLerror(s, ERR_R_INTERNAL_ERROR);
2342	goto err;	2140	goto err;