diff options
| author | miod <> | 2014-11-18 05:33:43 +0000 |
|---|---|---|
| committer | miod <> | 2014-11-18 05:33:43 +0000 |
| commit | 0c986de0d047d74ccf3708c551b93f60ed6bfafb (patch) | |
| tree | 1ff6097d67d8f3a7af1e40761e736566bcd71b7d /src | |
| parent | 9555aff2e872287755e956f3b44930bf7de0cdda (diff) | |
| download | openbsd-0c986de0d047d74ccf3708c551b93f60ed6bfafb.tar.gz openbsd-0c986de0d047d74ccf3708c551b93f60ed6bfafb.tar.bz2 openbsd-0c986de0d047d74ccf3708c551b93f60ed6bfafb.zip | |
Update the GOST code in libssl, as contributed by Dmitry Eremin-Solenikov.
This causes a libssl major version bump as this affects the layout of some
internal-but-unfortunately-made-visible structs.
Diffstat (limited to 'src')
26 files changed, 594 insertions, 146 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 4c086bae83..0a834f12bc 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.93 2014/11/16 14:12:47 jsing Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.94 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -162,6 +162,9 @@ | |||
| 162 | #ifndef OPENSSL_NO_ENGINE | 162 | #ifndef OPENSSL_NO_ENGINE |
| 163 | #include <openssl/engine.h> | 163 | #include <openssl/engine.h> |
| 164 | #endif | 164 | #endif |
| 165 | #ifndef OPENSSL_NO_GOST | ||
| 166 | #include <openssl/gost.h> | ||
| 167 | #endif | ||
| 165 | 168 | ||
| 166 | static const SSL_METHOD *ssl3_get_client_method(int ver); | 169 | static const SSL_METHOD *ssl3_get_client_method(int ver); |
| 167 | static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b); | 170 | static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b); |
| @@ -781,6 +784,7 @@ ssl3_get_server_hello(SSL *s) | |||
| 781 | unsigned int j, cipher_id; | 784 | unsigned int j, cipher_id; |
| 782 | uint16_t cipher_value; | 785 | uint16_t cipher_value; |
| 783 | long n; | 786 | long n; |
| 787 | unsigned long alg_k; | ||
| 784 | 788 | ||
| 785 | n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, | 789 | n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, |
| 786 | SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok); | 790 | SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok); |
| @@ -943,7 +947,9 @@ ssl3_get_server_hello(SSL *s) | |||
| 943 | * Don't digest cached records if no sigalgs: we may need them for | 947 | * Don't digest cached records if no sigalgs: we may need them for |
| 944 | * client authentication. | 948 | * client authentication. |
| 945 | */ | 949 | */ |
| 946 | if (!SSL_USE_SIGALGS(s) && !ssl3_digest_cached_records(s)) { | 950 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; |
| 951 | if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) && | ||
| 952 | !ssl3_digest_cached_records(s)) { | ||
| 947 | al = SSL_AD_INTERNAL_ERROR; | 953 | al = SSL_AD_INTERNAL_ERROR; |
| 948 | goto f_err; | 954 | goto f_err; |
| 949 | } | 955 | } |
| @@ -1937,7 +1943,6 @@ ssl3_get_server_done(SSL *s) | |||
| 1937 | return (ret); | 1943 | return (ret); |
| 1938 | } | 1944 | } |
| 1939 | 1945 | ||
| 1940 | |||
| 1941 | int | 1946 | int |
| 1942 | ssl3_send_client_key_exchange(SSL *s) | 1947 | ssl3_send_client_key_exchange(SSL *s) |
| 1943 | { | 1948 | { |
| @@ -2273,18 +2278,16 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2273 | 2278 | ||
| 2274 | size_t msglen; | 2279 | size_t msglen; |
| 2275 | unsigned int md_len; | 2280 | unsigned int md_len; |
| 2276 | int keytype; | ||
| 2277 | unsigned char premaster_secret[32], shared_ukm[32], | 2281 | unsigned char premaster_secret[32], shared_ukm[32], |
| 2278 | tmp[256]; | 2282 | tmp[256]; |
| 2279 | EVP_MD_CTX *ukm_hash; | 2283 | EVP_MD_CTX *ukm_hash; |
| 2280 | EVP_PKEY *pub_key; | 2284 | EVP_PKEY *pub_key; |
| 2285 | int nid; | ||
| 2281 | 2286 | ||
| 2282 | /* Get server sertificate PKEY and create ctx from it */ | 2287 | /* Get server sertificate PKEY and create ctx from it */ |
| 2283 | peer_cert = s->session->sess_cert->peer_pkeys[( | 2288 | peer_cert = s->session->sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509; |
| 2284 | keytype = SSL_PKEY_GOST01)].x509; | ||
| 2285 | if (!peer_cert) | 2289 | if (!peer_cert) |
| 2286 | peer_cert = s->session->sess_cert->peer_pkeys[ | 2290 | peer_cert = s->session->sess_cert->peer_pkeys[SSL_PKEY_GOST94].x509; |
| 2287 | (keytype = SSL_PKEY_GOST94)].x509; | ||
| 2288 | if (!peer_cert) { | 2291 | if (!peer_cert) { |
| 2289 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | 2292 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, |
| 2290 | SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); | 2293 | SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); |
| @@ -2329,8 +2332,12 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2329 | ERR_R_MALLOC_FAILURE); | 2332 | ERR_R_MALLOC_FAILURE); |
| 2330 | goto err; | 2333 | goto err; |
| 2331 | } | 2334 | } |
| 2332 | EVP_DigestInit(ukm_hash, | 2335 | |
| 2333 | EVP_get_digestbynid(NID_id_GostR3411_94)); | 2336 | if (ssl_get_algorithm2(s) & SSL_HANDSHAKE_MAC_GOST94) |
| 2337 | nid = NID_id_GostR3411_94; | ||
| 2338 | else | ||
| 2339 | nid = NID_id_tc26_gost3411_2012_256; | ||
| 2340 | EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)); | ||
| 2334 | EVP_DigestUpdate(ukm_hash, | 2341 | EVP_DigestUpdate(ukm_hash, |
| 2335 | s->s3->client_random, SSL3_RANDOM_SIZE); | 2342 | s->s3->client_random, SSL3_RANDOM_SIZE); |
| 2336 | EVP_DigestUpdate(ukm_hash, | 2343 | EVP_DigestUpdate(ukm_hash, |
| @@ -2498,24 +2505,48 @@ ssl3_send_client_verify(SSL *s) | |||
| 2498 | } | 2505 | } |
| 2499 | s2n(j, p); | 2506 | s2n(j, p); |
| 2500 | n = j + 2; | 2507 | n = j + 2; |
| 2508 | #ifndef OPENSSL_NO_GOST | ||
| 2501 | } else if (pkey->type == NID_id_GostR3410_94 || | 2509 | } else if (pkey->type == NID_id_GostR3410_94 || |
| 2502 | pkey->type == NID_id_GostR3410_2001) { | 2510 | pkey->type == NID_id_GostR3410_2001) { |
| 2503 | unsigned char signbuf[64]; | 2511 | unsigned char signbuf[128]; |
| 2504 | int i; | 2512 | long hdatalen = 0; |
| 2505 | size_t sigsize = 64; | 2513 | void *hdata; |
| 2506 | s->method->ssl3_enc->cert_verify_mac(s, | 2514 | const EVP_MD *md; |
| 2507 | NID_id_GostR3411_94, data); | 2515 | int nid; |
| 2508 | if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) | 2516 | size_t sigsize; |
| 2509 | <= 0) { | 2517 | |
| 2518 | hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); | ||
| 2519 | if (hdatalen <= 0) { | ||
| 2510 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | 2520 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, |
| 2511 | ERR_R_INTERNAL_ERROR); | 2521 | ERR_R_INTERNAL_ERROR); |
| 2512 | goto err; | 2522 | goto err; |
| 2513 | } | 2523 | } |
| 2514 | for (i = 63, j = 0; i >= 0; j++, i--) { | 2524 | if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) || |
| 2515 | p[2 + j] = signbuf[i]; | 2525 | !(md = EVP_get_digestbynid(nid))) { |
| 2526 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | ||
| 2527 | ERR_R_EVP_LIB); | ||
| 2528 | goto err; | ||
| 2529 | } | ||
| 2530 | if (!EVP_DigestInit_ex(&mctx, md, NULL) || | ||
| 2531 | !EVP_DigestUpdate(&mctx, hdata, hdatalen) || | ||
| 2532 | !EVP_DigestFinal(&mctx, signbuf, &u) || | ||
| 2533 | (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) || | ||
| 2534 | (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, | ||
| 2535 | EVP_PKEY_CTRL_GOST_SIG_FORMAT, | ||
| 2536 | GOST_SIG_FORMAT_RS_LE, | ||
| 2537 | NULL) <= 0) || | ||
| 2538 | (EVP_PKEY_sign(pctx, &(p[2]), &sigsize, | ||
| 2539 | signbuf, u) <= 0)) { | ||
| 2540 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | ||
| 2541 | ERR_R_EVP_LIB); | ||
| 2542 | goto err; | ||
| 2516 | } | 2543 | } |
| 2544 | if (!ssl3_digest_cached_records(s)) | ||
| 2545 | goto err; | ||
| 2546 | j = sigsize; | ||
| 2517 | s2n(j, p); | 2547 | s2n(j, p); |
| 2518 | n = j + 2; | 2548 | n = j + 2; |
| 2549 | #endif | ||
| 2519 | } else { | 2550 | } else { |
| 2520 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | 2551 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, |
| 2521 | ERR_R_INTERNAL_ERROR); | 2552 | ERR_R_INTERNAL_ERROR); |
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 21f1367442..f2d2cb040d 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.84 2014/10/31 15:25:55 jsing Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.85 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1759,6 +1759,40 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1759 | }, | 1759 | }, |
| 1760 | #endif | 1760 | #endif |
| 1761 | 1761 | ||
| 1762 | /* Cipher FF85 FIXME IANA */ | ||
| 1763 | { | ||
| 1764 | .valid = 1, | ||
| 1765 | .name = "GOST2012256-GOST89-GOST89", | ||
| 1766 | .id = 0x300ff85, /* FIXME IANA */ | ||
| 1767 | .algorithm_mkey = SSL_kGOST, | ||
| 1768 | .algorithm_auth = SSL_aGOST01, | ||
| 1769 | .algorithm_enc = SSL_eGOST2814789CNT, | ||
| 1770 | .algorithm_mac = SSL_GOST89MAC, | ||
| 1771 | .algorithm_ssl = SSL_TLSV1, | ||
| 1772 | .algo_strength = SSL_HIGH, | ||
| 1773 | .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256| | ||
| 1774 | TLS1_STREAM_MAC, | ||
| 1775 | .strength_bits = 256, | ||
| 1776 | .alg_bits = 256 | ||
| 1777 | }, | ||
| 1778 | |||
| 1779 | /* Cipher FF87 FIXME IANA */ | ||
| 1780 | { | ||
| 1781 | .valid = 1, | ||
| 1782 | .name = "GOST2012256-NULL-STREEBOG256", | ||
| 1783 | .id = 0x300ff87, /* FIXME IANA */ | ||
| 1784 | .algorithm_mkey = SSL_kGOST, | ||
| 1785 | .algorithm_auth = SSL_aGOST01, | ||
| 1786 | .algorithm_enc = SSL_eNULL, | ||
| 1787 | .algorithm_mac = SSL_STREEBOG256, | ||
| 1788 | .algorithm_ssl = SSL_TLSV1, | ||
| 1789 | .algo_strength = SSL_STRONG_NONE, | ||
| 1790 | .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256, | ||
| 1791 | .strength_bits = 0, | ||
| 1792 | .alg_bits = 0 | ||
| 1793 | }, | ||
| 1794 | |||
| 1795 | |||
| 1762 | /* end of list */ | 1796 | /* end of list */ |
| 1763 | }; | 1797 | }; |
| 1764 | 1798 | ||
| @@ -2415,12 +2449,11 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p) | |||
| 2415 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 2449 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; |
| 2416 | 2450 | ||
| 2417 | #ifndef OPENSSL_NO_GOST | 2451 | #ifndef OPENSSL_NO_GOST |
| 2418 | if (s->version >= TLS1_VERSION) { | 2452 | if ((alg_k & SSL_kGOST) && (s->version >= TLS1_VERSION)) { |
| 2419 | if (alg_k & SSL_kGOST) { | 2453 | p[ret++] = TLS_CT_GOST94_SIGN; |
| 2420 | p[ret++] = TLS_CT_GOST94_SIGN; | 2454 | p[ret++] = TLS_CT_GOST01_SIGN; |
| 2421 | p[ret++] = TLS_CT_GOST01_SIGN; | 2455 | p[ret++] = TLS_CT_GOST12_256_SIGN; |
| 2422 | return (ret); | 2456 | p[ret++] = TLS_CT_GOST12_512_SIGN; |
| 2423 | } | ||
| 2424 | } | 2457 | } |
| 2425 | #endif | 2458 | #endif |
| 2426 | 2459 | ||
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index a9f82b39d2..e1b2f9cf2d 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.90 2014/11/16 14:12:47 jsing Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.91 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -159,6 +159,9 @@ | |||
| 159 | #include <openssl/buffer.h> | 159 | #include <openssl/buffer.h> |
| 160 | #include <openssl/evp.h> | 160 | #include <openssl/evp.h> |
| 161 | #include <openssl/dh.h> | 161 | #include <openssl/dh.h> |
| 162 | #ifndef OPENSSL_NO_GOST | ||
| 163 | #include <openssl/gost.h> | ||
| 164 | #endif | ||
| 162 | #include <openssl/hmac.h> | 165 | #include <openssl/hmac.h> |
| 163 | #include <openssl/md5.h> | 166 | #include <openssl/md5.h> |
| 164 | #include <openssl/objects.h> | 167 | #include <openssl/objects.h> |
| @@ -516,6 +519,7 @@ ssl3_accept(SSL *s) | |||
| 516 | ret = ssl3_get_client_key_exchange(s); | 519 | ret = ssl3_get_client_key_exchange(s); |
| 517 | if (ret <= 0) | 520 | if (ret <= 0) |
| 518 | goto end; | 521 | goto end; |
| 522 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 519 | if (ret == 2) { | 523 | if (ret == 2) { |
| 520 | /* | 524 | /* |
| 521 | * For the ECDH ciphersuites when | 525 | * For the ECDH ciphersuites when |
| @@ -535,7 +539,7 @@ ssl3_accept(SSL *s) | |||
| 535 | s->state = SSL3_ST_SR_FINISHED_A; | 539 | s->state = SSL3_ST_SR_FINISHED_A; |
| 536 | #endif | 540 | #endif |
| 537 | s->init_num = 0; | 541 | s->init_num = 0; |
| 538 | } else if (SSL_USE_SIGALGS(s)) { | 542 | } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { |
| 539 | s->state = SSL3_ST_SR_CERT_VRFY_A; | 543 | s->state = SSL3_ST_SR_CERT_VRFY_A; |
| 540 | s->init_num = 0; | 544 | s->init_num = 0; |
| 541 | if (!s->session->peer) | 545 | if (!s->session->peer) |
| @@ -842,6 +846,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 842 | unsigned char *p, *d; | 846 | unsigned char *p, *d; |
| 843 | SSL_CIPHER *c; | 847 | SSL_CIPHER *c; |
| 844 | STACK_OF(SSL_CIPHER) *ciphers = NULL; | 848 | STACK_OF(SSL_CIPHER) *ciphers = NULL; |
| 849 | unsigned long alg_k; | ||
| 845 | 850 | ||
| 846 | /* | 851 | /* |
| 847 | * We do this so that we will respond with our native type. | 852 | * We do this so that we will respond with our native type. |
| @@ -1175,7 +1180,9 @@ ssl3_get_client_hello(SSL *s) | |||
| 1175 | s->s3->tmp.new_cipher = s->session->cipher; | 1180 | s->s3->tmp.new_cipher = s->session->cipher; |
| 1176 | } | 1181 | } |
| 1177 | 1182 | ||
| 1178 | if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER)) { | 1183 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; |
| 1184 | if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) || | ||
| 1185 | !(s->verify_mode & SSL_VERIFY_PEER)) { | ||
| 1179 | if (!ssl3_digest_cached_records(s)) { | 1186 | if (!ssl3_digest_cached_records(s)) { |
| 1180 | al = SSL_AD_INTERNAL_ERROR; | 1187 | al = SSL_AD_INTERNAL_ERROR; |
| 1181 | goto f_err; | 1188 | goto f_err; |
| @@ -2336,7 +2343,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2336 | goto f_err; | 2343 | goto f_err; |
| 2337 | } | 2344 | } |
| 2338 | 2345 | ||
| 2339 | if (EVP_VerifyFinal(&mctx, p , i, pkey) <= 0) { | 2346 | if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) { |
| 2340 | al = SSL_AD_DECRYPT_ERROR; | 2347 | al = SSL_AD_DECRYPT_ERROR; |
| 2341 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 2348 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, |
| 2342 | SSL_R_BAD_SIGNATURE); | 2349 | SSL_R_BAD_SIGNATURE); |
| @@ -2384,38 +2391,65 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2384 | goto f_err; | 2391 | goto f_err; |
| 2385 | } | 2392 | } |
| 2386 | } else | 2393 | } else |
| 2394 | #ifndef OPENSSL_NO_GOST | ||
| 2387 | if (pkey->type == NID_id_GostR3410_94 || | 2395 | if (pkey->type == NID_id_GostR3410_94 || |
| 2388 | pkey->type == NID_id_GostR3410_2001) { | 2396 | pkey->type == NID_id_GostR3410_2001) { |
| 2389 | unsigned char signature[64]; | 2397 | long hdatalen = 0; |
| 2390 | int idx; | 2398 | void *hdata; |
| 2399 | unsigned char signature[128]; | ||
| 2400 | unsigned int siglen = sizeof(signature); | ||
| 2401 | int nid; | ||
| 2391 | EVP_PKEY_CTX *pctx; | 2402 | EVP_PKEY_CTX *pctx; |
| 2392 | 2403 | ||
| 2393 | if (i != 64) { | 2404 | hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); |
| 2405 | if (hdatalen <= 0) { | ||
| 2394 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 2406 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, |
| 2395 | SSL_R_WRONG_SIGNATURE_SIZE); | 2407 | ERR_R_INTERNAL_ERROR); |
| 2396 | al = SSL_AD_DECODE_ERROR; | 2408 | al = SSL_AD_INTERNAL_ERROR; |
| 2409 | goto f_err; | ||
| 2410 | } | ||
| 2411 | if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) || | ||
| 2412 | !(md = EVP_get_digestbynid(nid))) { | ||
| 2413 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2414 | ERR_R_EVP_LIB); | ||
| 2415 | al = SSL_AD_INTERNAL_ERROR; | ||
| 2397 | goto f_err; | 2416 | goto f_err; |
| 2398 | } | 2417 | } |
| 2399 | pctx = EVP_PKEY_CTX_new(pkey, NULL); | 2418 | pctx = EVP_PKEY_CTX_new(pkey, NULL); |
| 2400 | if (pctx == NULL) { | 2419 | if (!pctx) { |
| 2401 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 2420 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, |
| 2402 | ERR_R_INTERNAL_ERROR); | 2421 | ERR_R_EVP_LIB); |
| 2403 | al = SSL_AD_DECODE_ERROR; | 2422 | al = SSL_AD_INTERNAL_ERROR; |
| 2404 | goto f_err; | 2423 | goto f_err; |
| 2405 | } | 2424 | } |
| 2406 | EVP_PKEY_verify_init(pctx); | 2425 | if (!EVP_DigestInit_ex(&mctx, md, NULL) || |
| 2407 | for (idx = 0; idx < 64; idx++) | 2426 | !EVP_DigestUpdate(&mctx, hdata, hdatalen) || |
| 2408 | signature[63 - idx] = p[idx]; | 2427 | !EVP_DigestFinal(&mctx, signature, &siglen) || |
| 2409 | j = EVP_PKEY_verify(pctx, signature, 64, | 2428 | (EVP_PKEY_verify_init(pctx) <= 0) || |
| 2410 | s->s3->tmp.cert_verify_md, 32); | 2429 | (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) || |
| 2411 | EVP_PKEY_CTX_free(pctx); | 2430 | (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY, |
| 2412 | if (j <= 0) { | 2431 | EVP_PKEY_CTRL_GOST_SIG_FORMAT, |
| 2432 | GOST_SIG_FORMAT_RS_LE, | ||
| 2433 | NULL) <= 0)) { | ||
| 2434 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2435 | ERR_R_EVP_LIB); | ||
| 2436 | al = SSL_AD_INTERNAL_ERROR; | ||
| 2437 | EVP_PKEY_CTX_free(pctx); | ||
| 2438 | goto f_err; | ||
| 2439 | } | ||
| 2440 | |||
| 2441 | if (EVP_PKEY_verify(pctx, p, i, signature, siglen) <= 0) { | ||
| 2413 | al = SSL_AD_DECRYPT_ERROR; | 2442 | al = SSL_AD_DECRYPT_ERROR; |
| 2414 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 2443 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, |
| 2415 | SSL_R_BAD_ECDSA_SIGNATURE); | 2444 | SSL_R_BAD_SIGNATURE); |
| 2445 | EVP_PKEY_CTX_free(pctx); | ||
| 2416 | goto f_err; | 2446 | goto f_err; |
| 2417 | } | 2447 | } |
| 2418 | } else { | 2448 | |
| 2449 | EVP_PKEY_CTX_free(pctx); | ||
| 2450 | } else | ||
| 2451 | #endif | ||
| 2452 | { | ||
| 2419 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 2453 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, |
| 2420 | ERR_R_INTERNAL_ERROR); | 2454 | ERR_R_INTERNAL_ERROR); |
| 2421 | al = SSL_AD_UNSUPPORTED_CERTIFICATE; | 2455 | al = SSL_AD_UNSUPPORTED_CERTIFICATE; |
diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version index 295c96b24e..ade1e3940f 100644 --- a/src/lib/libssl/shlib_version +++ b/src/lib/libssl/shlib_version | |||
| @@ -1,2 +1,2 @@ | |||
| 1 | major=28 | 1 | major=29 |
| 2 | minor=0 | 2 | minor=0 |
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index 4c086bae83..0a834f12bc 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.93 2014/11/16 14:12:47 jsing Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.94 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -162,6 +162,9 @@ | |||
| 162 | #ifndef OPENSSL_NO_ENGINE | 162 | #ifndef OPENSSL_NO_ENGINE |
| 163 | #include <openssl/engine.h> | 163 | #include <openssl/engine.h> |
| 164 | #endif | 164 | #endif |
| 165 | #ifndef OPENSSL_NO_GOST | ||
| 166 | #include <openssl/gost.h> | ||
| 167 | #endif | ||
| 165 | 168 | ||
| 166 | static const SSL_METHOD *ssl3_get_client_method(int ver); | 169 | static const SSL_METHOD *ssl3_get_client_method(int ver); |
| 167 | static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b); | 170 | static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b); |
| @@ -781,6 +784,7 @@ ssl3_get_server_hello(SSL *s) | |||
| 781 | unsigned int j, cipher_id; | 784 | unsigned int j, cipher_id; |
| 782 | uint16_t cipher_value; | 785 | uint16_t cipher_value; |
| 783 | long n; | 786 | long n; |
| 787 | unsigned long alg_k; | ||
| 784 | 788 | ||
| 785 | n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, | 789 | n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, |
| 786 | SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok); | 790 | SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok); |
| @@ -943,7 +947,9 @@ ssl3_get_server_hello(SSL *s) | |||
| 943 | * Don't digest cached records if no sigalgs: we may need them for | 947 | * Don't digest cached records if no sigalgs: we may need them for |
| 944 | * client authentication. | 948 | * client authentication. |
| 945 | */ | 949 | */ |
| 946 | if (!SSL_USE_SIGALGS(s) && !ssl3_digest_cached_records(s)) { | 950 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; |
| 951 | if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) && | ||
| 952 | !ssl3_digest_cached_records(s)) { | ||
| 947 | al = SSL_AD_INTERNAL_ERROR; | 953 | al = SSL_AD_INTERNAL_ERROR; |
| 948 | goto f_err; | 954 | goto f_err; |
| 949 | } | 955 | } |
| @@ -1937,7 +1943,6 @@ ssl3_get_server_done(SSL *s) | |||
| 1937 | return (ret); | 1943 | return (ret); |
| 1938 | } | 1944 | } |
| 1939 | 1945 | ||
| 1940 | |||
| 1941 | int | 1946 | int |
| 1942 | ssl3_send_client_key_exchange(SSL *s) | 1947 | ssl3_send_client_key_exchange(SSL *s) |
| 1943 | { | 1948 | { |
| @@ -2273,18 +2278,16 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2273 | 2278 | ||
| 2274 | size_t msglen; | 2279 | size_t msglen; |
| 2275 | unsigned int md_len; | 2280 | unsigned int md_len; |
| 2276 | int keytype; | ||
| 2277 | unsigned char premaster_secret[32], shared_ukm[32], | 2281 | unsigned char premaster_secret[32], shared_ukm[32], |
| 2278 | tmp[256]; | 2282 | tmp[256]; |
| 2279 | EVP_MD_CTX *ukm_hash; | 2283 | EVP_MD_CTX *ukm_hash; |
| 2280 | EVP_PKEY *pub_key; | 2284 | EVP_PKEY *pub_key; |
| 2285 | int nid; | ||
| 2281 | 2286 | ||
| 2282 | /* Get server sertificate PKEY and create ctx from it */ | 2287 | /* Get server sertificate PKEY and create ctx from it */ |
| 2283 | peer_cert = s->session->sess_cert->peer_pkeys[( | 2288 | peer_cert = s->session->sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509; |
| 2284 | keytype = SSL_PKEY_GOST01)].x509; | ||
| 2285 | if (!peer_cert) | 2289 | if (!peer_cert) |
| 2286 | peer_cert = s->session->sess_cert->peer_pkeys[ | 2290 | peer_cert = s->session->sess_cert->peer_pkeys[SSL_PKEY_GOST94].x509; |
| 2287 | (keytype = SSL_PKEY_GOST94)].x509; | ||
| 2288 | if (!peer_cert) { | 2291 | if (!peer_cert) { |
| 2289 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | 2292 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, |
| 2290 | SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); | 2293 | SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); |
| @@ -2329,8 +2332,12 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2329 | ERR_R_MALLOC_FAILURE); | 2332 | ERR_R_MALLOC_FAILURE); |
| 2330 | goto err; | 2333 | goto err; |
| 2331 | } | 2334 | } |
| 2332 | EVP_DigestInit(ukm_hash, | 2335 | |
| 2333 | EVP_get_digestbynid(NID_id_GostR3411_94)); | 2336 | if (ssl_get_algorithm2(s) & SSL_HANDSHAKE_MAC_GOST94) |
| 2337 | nid = NID_id_GostR3411_94; | ||
| 2338 | else | ||
| 2339 | nid = NID_id_tc26_gost3411_2012_256; | ||
| 2340 | EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)); | ||
| 2334 | EVP_DigestUpdate(ukm_hash, | 2341 | EVP_DigestUpdate(ukm_hash, |
| 2335 | s->s3->client_random, SSL3_RANDOM_SIZE); | 2342 | s->s3->client_random, SSL3_RANDOM_SIZE); |
| 2336 | EVP_DigestUpdate(ukm_hash, | 2343 | EVP_DigestUpdate(ukm_hash, |
| @@ -2498,24 +2505,48 @@ ssl3_send_client_verify(SSL *s) | |||
| 2498 | } | 2505 | } |
| 2499 | s2n(j, p); | 2506 | s2n(j, p); |
| 2500 | n = j + 2; | 2507 | n = j + 2; |
| 2508 | #ifndef OPENSSL_NO_GOST | ||
| 2501 | } else if (pkey->type == NID_id_GostR3410_94 || | 2509 | } else if (pkey->type == NID_id_GostR3410_94 || |
| 2502 | pkey->type == NID_id_GostR3410_2001) { | 2510 | pkey->type == NID_id_GostR3410_2001) { |
| 2503 | unsigned char signbuf[64]; | 2511 | unsigned char signbuf[128]; |
| 2504 | int i; | 2512 | long hdatalen = 0; |
| 2505 | size_t sigsize = 64; | 2513 | void *hdata; |
| 2506 | s->method->ssl3_enc->cert_verify_mac(s, | 2514 | const EVP_MD *md; |
| 2507 | NID_id_GostR3411_94, data); | 2515 | int nid; |
| 2508 | if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) | 2516 | size_t sigsize; |
| 2509 | <= 0) { | 2517 | |
| 2518 | hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); | ||
| 2519 | if (hdatalen <= 0) { | ||
| 2510 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | 2520 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, |
| 2511 | ERR_R_INTERNAL_ERROR); | 2521 | ERR_R_INTERNAL_ERROR); |
| 2512 | goto err; | 2522 | goto err; |
| 2513 | } | 2523 | } |
| 2514 | for (i = 63, j = 0; i >= 0; j++, i--) { | 2524 | if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) || |
| 2515 | p[2 + j] = signbuf[i]; | 2525 | !(md = EVP_get_digestbynid(nid))) { |
| 2526 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | ||
| 2527 | ERR_R_EVP_LIB); | ||
| 2528 | goto err; | ||
| 2529 | } | ||
| 2530 | if (!EVP_DigestInit_ex(&mctx, md, NULL) || | ||
| 2531 | !EVP_DigestUpdate(&mctx, hdata, hdatalen) || | ||
| 2532 | !EVP_DigestFinal(&mctx, signbuf, &u) || | ||
| 2533 | (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) || | ||
| 2534 | (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, | ||
| 2535 | EVP_PKEY_CTRL_GOST_SIG_FORMAT, | ||
| 2536 | GOST_SIG_FORMAT_RS_LE, | ||
| 2537 | NULL) <= 0) || | ||
| 2538 | (EVP_PKEY_sign(pctx, &(p[2]), &sigsize, | ||
| 2539 | signbuf, u) <= 0)) { | ||
| 2540 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | ||
| 2541 | ERR_R_EVP_LIB); | ||
| 2542 | goto err; | ||
| 2516 | } | 2543 | } |
| 2544 | if (!ssl3_digest_cached_records(s)) | ||
| 2545 | goto err; | ||
| 2546 | j = sigsize; | ||
| 2517 | s2n(j, p); | 2547 | s2n(j, p); |
| 2518 | n = j + 2; | 2548 | n = j + 2; |
| 2549 | #endif | ||
| 2519 | } else { | 2550 | } else { |
| 2520 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | 2551 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, |
| 2521 | ERR_R_INTERNAL_ERROR); | 2552 | ERR_R_INTERNAL_ERROR); |
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c index 21f1367442..f2d2cb040d 100644 --- a/src/lib/libssl/src/ssl/s3_lib.c +++ b/src/lib/libssl/src/ssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.84 2014/10/31 15:25:55 jsing Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.85 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1759,6 +1759,40 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1759 | }, | 1759 | }, |
| 1760 | #endif | 1760 | #endif |
| 1761 | 1761 | ||
| 1762 | /* Cipher FF85 FIXME IANA */ | ||
| 1763 | { | ||
| 1764 | .valid = 1, | ||
| 1765 | .name = "GOST2012256-GOST89-GOST89", | ||
| 1766 | .id = 0x300ff85, /* FIXME IANA */ | ||
| 1767 | .algorithm_mkey = SSL_kGOST, | ||
| 1768 | .algorithm_auth = SSL_aGOST01, | ||
| 1769 | .algorithm_enc = SSL_eGOST2814789CNT, | ||
| 1770 | .algorithm_mac = SSL_GOST89MAC, | ||
| 1771 | .algorithm_ssl = SSL_TLSV1, | ||
| 1772 | .algo_strength = SSL_HIGH, | ||
| 1773 | .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256| | ||
| 1774 | TLS1_STREAM_MAC, | ||
| 1775 | .strength_bits = 256, | ||
| 1776 | .alg_bits = 256 | ||
| 1777 | }, | ||
| 1778 | |||
| 1779 | /* Cipher FF87 FIXME IANA */ | ||
| 1780 | { | ||
| 1781 | .valid = 1, | ||
| 1782 | .name = "GOST2012256-NULL-STREEBOG256", | ||
| 1783 | .id = 0x300ff87, /* FIXME IANA */ | ||
| 1784 | .algorithm_mkey = SSL_kGOST, | ||
| 1785 | .algorithm_auth = SSL_aGOST01, | ||
| 1786 | .algorithm_enc = SSL_eNULL, | ||
| 1787 | .algorithm_mac = SSL_STREEBOG256, | ||
| 1788 | .algorithm_ssl = SSL_TLSV1, | ||
| 1789 | .algo_strength = SSL_STRONG_NONE, | ||
| 1790 | .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256, | ||
| 1791 | .strength_bits = 0, | ||
| 1792 | .alg_bits = 0 | ||
| 1793 | }, | ||
| 1794 | |||
| 1795 | |||
| 1762 | /* end of list */ | 1796 | /* end of list */ |
| 1763 | }; | 1797 | }; |
| 1764 | 1798 | ||
| @@ -2415,12 +2449,11 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p) | |||
| 2415 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 2449 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; |
| 2416 | 2450 | ||
| 2417 | #ifndef OPENSSL_NO_GOST | 2451 | #ifndef OPENSSL_NO_GOST |
| 2418 | if (s->version >= TLS1_VERSION) { | 2452 | if ((alg_k & SSL_kGOST) && (s->version >= TLS1_VERSION)) { |
| 2419 | if (alg_k & SSL_kGOST) { | 2453 | p[ret++] = TLS_CT_GOST94_SIGN; |
| 2420 | p[ret++] = TLS_CT_GOST94_SIGN; | 2454 | p[ret++] = TLS_CT_GOST01_SIGN; |
| 2421 | p[ret++] = TLS_CT_GOST01_SIGN; | 2455 | p[ret++] = TLS_CT_GOST12_256_SIGN; |
| 2422 | return (ret); | 2456 | p[ret++] = TLS_CT_GOST12_512_SIGN; |
| 2423 | } | ||
| 2424 | } | 2457 | } |
| 2425 | #endif | 2458 | #endif |
| 2426 | 2459 | ||
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index a9f82b39d2..e1b2f9cf2d 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.90 2014/11/16 14:12:47 jsing Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.91 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -159,6 +159,9 @@ | |||
| 159 | #include <openssl/buffer.h> | 159 | #include <openssl/buffer.h> |
| 160 | #include <openssl/evp.h> | 160 | #include <openssl/evp.h> |
| 161 | #include <openssl/dh.h> | 161 | #include <openssl/dh.h> |
| 162 | #ifndef OPENSSL_NO_GOST | ||
| 163 | #include <openssl/gost.h> | ||
| 164 | #endif | ||
| 162 | #include <openssl/hmac.h> | 165 | #include <openssl/hmac.h> |
| 163 | #include <openssl/md5.h> | 166 | #include <openssl/md5.h> |
| 164 | #include <openssl/objects.h> | 167 | #include <openssl/objects.h> |
| @@ -516,6 +519,7 @@ ssl3_accept(SSL *s) | |||
| 516 | ret = ssl3_get_client_key_exchange(s); | 519 | ret = ssl3_get_client_key_exchange(s); |
| 517 | if (ret <= 0) | 520 | if (ret <= 0) |
| 518 | goto end; | 521 | goto end; |
| 522 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 519 | if (ret == 2) { | 523 | if (ret == 2) { |
| 520 | /* | 524 | /* |
| 521 | * For the ECDH ciphersuites when | 525 | * For the ECDH ciphersuites when |
| @@ -535,7 +539,7 @@ ssl3_accept(SSL *s) | |||
| 535 | s->state = SSL3_ST_SR_FINISHED_A; | 539 | s->state = SSL3_ST_SR_FINISHED_A; |
| 536 | #endif | 540 | #endif |
| 537 | s->init_num = 0; | 541 | s->init_num = 0; |
| 538 | } else if (SSL_USE_SIGALGS(s)) { | 542 | } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { |
| 539 | s->state = SSL3_ST_SR_CERT_VRFY_A; | 543 | s->state = SSL3_ST_SR_CERT_VRFY_A; |
| 540 | s->init_num = 0; | 544 | s->init_num = 0; |
| 541 | if (!s->session->peer) | 545 | if (!s->session->peer) |
| @@ -842,6 +846,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 842 | unsigned char *p, *d; | 846 | unsigned char *p, *d; |
| 843 | SSL_CIPHER *c; | 847 | SSL_CIPHER *c; |
| 844 | STACK_OF(SSL_CIPHER) *ciphers = NULL; | 848 | STACK_OF(SSL_CIPHER) *ciphers = NULL; |
| 849 | unsigned long alg_k; | ||
| 845 | 850 | ||
| 846 | /* | 851 | /* |
| 847 | * We do this so that we will respond with our native type. | 852 | * We do this so that we will respond with our native type. |
| @@ -1175,7 +1180,9 @@ ssl3_get_client_hello(SSL *s) | |||
| 1175 | s->s3->tmp.new_cipher = s->session->cipher; | 1180 | s->s3->tmp.new_cipher = s->session->cipher; |
| 1176 | } | 1181 | } |
| 1177 | 1182 | ||
| 1178 | if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER)) { | 1183 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; |
| 1184 | if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) || | ||
| 1185 | !(s->verify_mode & SSL_VERIFY_PEER)) { | ||
| 1179 | if (!ssl3_digest_cached_records(s)) { | 1186 | if (!ssl3_digest_cached_records(s)) { |
| 1180 | al = SSL_AD_INTERNAL_ERROR; | 1187 | al = SSL_AD_INTERNAL_ERROR; |
| 1181 | goto f_err; | 1188 | goto f_err; |
| @@ -2336,7 +2343,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2336 | goto f_err; | 2343 | goto f_err; |
| 2337 | } | 2344 | } |
| 2338 | 2345 | ||
| 2339 | if (EVP_VerifyFinal(&mctx, p , i, pkey) <= 0) { | 2346 | if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) { |
| 2340 | al = SSL_AD_DECRYPT_ERROR; | 2347 | al = SSL_AD_DECRYPT_ERROR; |
| 2341 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 2348 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, |
| 2342 | SSL_R_BAD_SIGNATURE); | 2349 | SSL_R_BAD_SIGNATURE); |
| @@ -2384,38 +2391,65 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2384 | goto f_err; | 2391 | goto f_err; |
| 2385 | } | 2392 | } |
| 2386 | } else | 2393 | } else |
| 2394 | #ifndef OPENSSL_NO_GOST | ||
| 2387 | if (pkey->type == NID_id_GostR3410_94 || | 2395 | if (pkey->type == NID_id_GostR3410_94 || |
| 2388 | pkey->type == NID_id_GostR3410_2001) { | 2396 | pkey->type == NID_id_GostR3410_2001) { |
| 2389 | unsigned char signature[64]; | 2397 | long hdatalen = 0; |
| 2390 | int idx; | 2398 | void *hdata; |
| 2399 | unsigned char signature[128]; | ||
| 2400 | unsigned int siglen = sizeof(signature); | ||
| 2401 | int nid; | ||
| 2391 | EVP_PKEY_CTX *pctx; | 2402 | EVP_PKEY_CTX *pctx; |
| 2392 | 2403 | ||
| 2393 | if (i != 64) { | 2404 | hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); |
| 2405 | if (hdatalen <= 0) { | ||
| 2394 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 2406 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, |
| 2395 | SSL_R_WRONG_SIGNATURE_SIZE); | 2407 | ERR_R_INTERNAL_ERROR); |
| 2396 | al = SSL_AD_DECODE_ERROR; | 2408 | al = SSL_AD_INTERNAL_ERROR; |
| 2409 | goto f_err; | ||
| 2410 | } | ||
| 2411 | if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) || | ||
| 2412 | !(md = EVP_get_digestbynid(nid))) { | ||
| 2413 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2414 | ERR_R_EVP_LIB); | ||
| 2415 | al = SSL_AD_INTERNAL_ERROR; | ||
| 2397 | goto f_err; | 2416 | goto f_err; |
| 2398 | } | 2417 | } |
| 2399 | pctx = EVP_PKEY_CTX_new(pkey, NULL); | 2418 | pctx = EVP_PKEY_CTX_new(pkey, NULL); |
| 2400 | if (pctx == NULL) { | 2419 | if (!pctx) { |
| 2401 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 2420 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, |
| 2402 | ERR_R_INTERNAL_ERROR); | 2421 | ERR_R_EVP_LIB); |
| 2403 | al = SSL_AD_DECODE_ERROR; | 2422 | al = SSL_AD_INTERNAL_ERROR; |
| 2404 | goto f_err; | 2423 | goto f_err; |
| 2405 | } | 2424 | } |
| 2406 | EVP_PKEY_verify_init(pctx); | 2425 | if (!EVP_DigestInit_ex(&mctx, md, NULL) || |
| 2407 | for (idx = 0; idx < 64; idx++) | 2426 | !EVP_DigestUpdate(&mctx, hdata, hdatalen) || |
| 2408 | signature[63 - idx] = p[idx]; | 2427 | !EVP_DigestFinal(&mctx, signature, &siglen) || |
| 2409 | j = EVP_PKEY_verify(pctx, signature, 64, | 2428 | (EVP_PKEY_verify_init(pctx) <= 0) || |
| 2410 | s->s3->tmp.cert_verify_md, 32); | 2429 | (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) || |
| 2411 | EVP_PKEY_CTX_free(pctx); | 2430 | (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY, |
| 2412 | if (j <= 0) { | 2431 | EVP_PKEY_CTRL_GOST_SIG_FORMAT, |
| 2432 | GOST_SIG_FORMAT_RS_LE, | ||
| 2433 | NULL) <= 0)) { | ||
| 2434 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2435 | ERR_R_EVP_LIB); | ||
| 2436 | al = SSL_AD_INTERNAL_ERROR; | ||
| 2437 | EVP_PKEY_CTX_free(pctx); | ||
| 2438 | goto f_err; | ||
| 2439 | } | ||
| 2440 | |||
| 2441 | if (EVP_PKEY_verify(pctx, p, i, signature, siglen) <= 0) { | ||
| 2413 | al = SSL_AD_DECRYPT_ERROR; | 2442 | al = SSL_AD_DECRYPT_ERROR; |
| 2414 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 2443 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, |
| 2415 | SSL_R_BAD_ECDSA_SIGNATURE); | 2444 | SSL_R_BAD_SIGNATURE); |
| 2445 | EVP_PKEY_CTX_free(pctx); | ||
| 2416 | goto f_err; | 2446 | goto f_err; |
| 2417 | } | 2447 | } |
| 2418 | } else { | 2448 | |
| 2449 | EVP_PKEY_CTX_free(pctx); | ||
| 2450 | } else | ||
| 2451 | #endif | ||
| 2452 | { | ||
| 2419 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 2453 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, |
| 2420 | ERR_R_INTERNAL_ERROR); | 2454 | ERR_R_INTERNAL_ERROR); |
| 2421 | al = SSL_AD_UNSUPPORTED_CERTIFICATE; | 2455 | al = SSL_AD_UNSUPPORTED_CERTIFICATE; |
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h index 00a4b5e39b..2416b46d46 100644 --- a/src/lib/libssl/src/ssl/ssl.h +++ b/src/lib/libssl/src/ssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.71 2014/11/16 14:12:47 jsing Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.72 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -295,6 +295,8 @@ extern "C" { | |||
| 295 | #define SSL_TXT_GOST89MAC "GOST89MAC" | 295 | #define SSL_TXT_GOST89MAC "GOST89MAC" |
| 296 | #define SSL_TXT_SHA256 "SHA256" | 296 | #define SSL_TXT_SHA256 "SHA256" |
| 297 | #define SSL_TXT_SHA384 "SHA384" | 297 | #define SSL_TXT_SHA384 "SHA384" |
| 298 | #define SSL_TXT_STREEBOG256 "STREEBOG256" | ||
| 299 | #define SSL_TXT_STREEBOG512 "STREEBOG512" | ||
| 298 | 300 | ||
| 299 | #define SSL_TXT_DTLS1 "DTLSv1" | 301 | #define SSL_TXT_DTLS1 "DTLSv1" |
| 300 | #define SSL_TXT_DTLS1_BAD "DTLSv1-bad" | 302 | #define SSL_TXT_DTLS1_BAD "DTLSv1-bad" |
diff --git a/src/lib/libssl/src/ssl/ssl3.h b/src/lib/libssl/src/ssl/ssl3.h index f10b288f31..5b9e31754b 100644 --- a/src/lib/libssl/src/ssl/ssl3.h +++ b/src/lib/libssl/src/ssl/ssl3.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl3.h,v 1.28 2014/10/31 15:34:06 jsing Exp $ */ | 1 | /* $OpenBSD: ssl3.h,v 1.29 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -353,7 +353,7 @@ typedef struct ssl3_buffer_st { | |||
| 353 | * enough to contain all of the cert types defined either for | 353 | * enough to contain all of the cert types defined either for |
| 354 | * SSLv3 and TLSv1. | 354 | * SSLv3 and TLSv1. |
| 355 | */ | 355 | */ |
| 356 | #define SSL3_CT_NUMBER 9 | 356 | #define SSL3_CT_NUMBER 11 |
| 357 | 357 | ||
| 358 | 358 | ||
| 359 | #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 | 359 | #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 |
diff --git a/src/lib/libssl/src/ssl/ssl_algs.c b/src/lib/libssl/src/ssl/ssl_algs.c index 842d50a762..558d51ce7a 100644 --- a/src/lib/libssl/src/ssl/ssl_algs.c +++ b/src/lib/libssl/src/ssl/ssl_algs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_algs.c,v 1.20 2014/11/16 14:12:47 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_algs.c,v 1.21 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -98,6 +98,10 @@ SSL_library_init(void) | |||
| 98 | EVP_add_cipher(EVP_camellia_128_cbc()); | 98 | EVP_add_cipher(EVP_camellia_128_cbc()); |
| 99 | EVP_add_cipher(EVP_camellia_256_cbc()); | 99 | EVP_add_cipher(EVP_camellia_256_cbc()); |
| 100 | #endif | 100 | #endif |
| 101 | #ifndef OPENSSL_NO_GOST | ||
| 102 | EVP_add_cipher(EVP_gost2814789_cfb64()); | ||
| 103 | EVP_add_cipher(EVP_gost2814789_cnt()); | ||
| 104 | #endif | ||
| 101 | 105 | ||
| 102 | EVP_add_digest(EVP_md5()); | 106 | EVP_add_digest(EVP_md5()); |
| 103 | EVP_add_digest_alias(SN_md5, "ssl2-md5"); | 107 | EVP_add_digest_alias(SN_md5, "ssl2-md5"); |
| @@ -114,6 +118,12 @@ SSL_library_init(void) | |||
| 114 | EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); | 118 | EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); |
| 115 | EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); | 119 | EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); |
| 116 | EVP_add_digest(EVP_ecdsa()); | 120 | EVP_add_digest(EVP_ecdsa()); |
| 121 | #ifndef OPENSSL_NO_GOST | ||
| 122 | EVP_add_digest(EVP_gostr341194()); | ||
| 123 | EVP_add_digest(EVP_gost2814789imit()); | ||
| 124 | EVP_add_digest(EVP_streebog256()); | ||
| 125 | EVP_add_digest(EVP_streebog512()); | ||
| 126 | #endif | ||
| 117 | /* initialize cipher/digest methods table */ | 127 | /* initialize cipher/digest methods table */ |
| 118 | ssl_load_ciphers(); | 128 | ssl_load_ciphers(); |
| 119 | return (1); | 129 | return (1); |
diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c index 7938c82c94..8bbfcd85d1 100644 --- a/src/lib/libssl/src/ssl/ssl_cert.c +++ b/src/lib/libssl/src/ssl/ssl_cert.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_cert.c,v 1.45 2014/11/16 14:12:47 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_cert.c,v 1.46 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -166,6 +166,10 @@ ssl_cert_set_default_md(CERT *cert) | |||
| 166 | cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); | 166 | cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); |
| 167 | cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); | 167 | cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); |
| 168 | cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); | 168 | cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); |
| 169 | #ifndef OPENSSL_NO_GOST | ||
| 170 | cert->pkeys[SSL_PKEY_GOST94].digest = EVP_gostr341194(); | ||
| 171 | cert->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194(); | ||
| 172 | #endif | ||
| 169 | } | 173 | } |
| 170 | 174 | ||
| 171 | CERT * | 175 | CERT * |
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c index 443c2ec660..990fe9876c 100644 --- a/src/lib/libssl/src/ssl/ssl_ciph.c +++ b/src/lib/libssl/src/ssl/ssl_ciph.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_ciph.c,v 1.73 2014/11/16 14:12:47 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_ciph.c,v 1.74 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -175,30 +175,33 @@ static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { | |||
| 175 | #define SSL_MD_GOST89MAC_IDX 3 | 175 | #define SSL_MD_GOST89MAC_IDX 3 |
| 176 | #define SSL_MD_SHA256_IDX 4 | 176 | #define SSL_MD_SHA256_IDX 4 |
| 177 | #define SSL_MD_SHA384_IDX 5 | 177 | #define SSL_MD_SHA384_IDX 5 |
| 178 | #define SSL_MD_STREEBOG256_IDX 6 | ||
| 179 | #define SSL_MD_STREEBOG512_IDX 7 | ||
| 178 | /*Constant SSL_MAX_DIGEST equal to size of digests array should be | 180 | /*Constant SSL_MAX_DIGEST equal to size of digests array should be |
| 179 | * defined in the | 181 | * defined in the |
| 180 | * ssl_locl.h */ | 182 | * ssl_locl.h */ |
| 181 | #define SSL_MD_NUM_IDX SSL_MAX_DIGEST | 183 | #define SSL_MD_NUM_IDX SSL_MAX_DIGEST |
| 182 | static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { | 184 | static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { |
| 183 | NULL, NULL, NULL, NULL, NULL, NULL | 185 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL |
| 184 | }; | 186 | }; |
| 185 | /* PKEY_TYPE for GOST89MAC is known in advance, but, because | 187 | /* PKEY_TYPE for GOST89MAC is known in advance, but, because |
| 186 | * implementation is engine-provided, we'll fill it only if | 188 | * implementation is engine-provided, we'll fill it only if |
| 187 | * corresponding EVP_PKEY_METHOD is found | 189 | * corresponding EVP_PKEY_METHOD is found |
| 188 | */ | 190 | */ |
| 189 | static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { | 191 | static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { |
| 190 | EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef, | 192 | EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_GOSTIMIT, |
| 191 | EVP_PKEY_HMAC, EVP_PKEY_HMAC | 193 | EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, |
| 192 | }; | 194 | }; |
| 193 | 195 | ||
| 194 | static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = { | 196 | static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = { |
| 195 | 0, 0, 0, 0, 0, 0 | 197 | 0, 0, 0, 0, 0, 0, 0, 0 |
| 196 | }; | 198 | }; |
| 197 | 199 | ||
| 198 | static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = { | 200 | static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = { |
| 199 | SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA, | 201 | SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA, |
| 200 | SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, | 202 | SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, |
| 201 | SSL_HANDSHAKE_MAC_SHA384 | 203 | SSL_HANDSHAKE_MAC_SHA384, SSL_HANDSHAKE_MAC_STREEBOG256, |
| 204 | SSL_HANDSHAKE_MAC_STREEBOG512 | ||
| 202 | }; | 205 | }; |
| 203 | 206 | ||
| 204 | #define CIPHER_ADD 1 | 207 | #define CIPHER_ADD 1 |
| @@ -325,7 +328,7 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 325 | .name = SSL_TXT_aGOST, | 328 | .name = SSL_TXT_aGOST, |
| 326 | .algorithm_auth = SSL_aGOST94|SSL_aGOST01, | 329 | .algorithm_auth = SSL_aGOST94|SSL_aGOST01, |
| 327 | }, | 330 | }, |
| 328 | 331 | ||
| 329 | /* aliases combining key exchange and server authentication */ | 332 | /* aliases combining key exchange and server authentication */ |
| 330 | { | 333 | { |
| 331 | .name = SSL_TXT_DHE, | 334 | .name = SSL_TXT_DHE, |
| @@ -450,6 +453,14 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 450 | .name = SSL_TXT_SHA384, | 453 | .name = SSL_TXT_SHA384, |
| 451 | .algorithm_mac = SSL_SHA384, | 454 | .algorithm_mac = SSL_SHA384, |
| 452 | }, | 455 | }, |
| 456 | { | ||
| 457 | .name = SSL_TXT_STREEBOG256, | ||
| 458 | .algorithm_mac = SSL_STREEBOG256, | ||
| 459 | }, | ||
| 460 | { | ||
| 461 | .name = SSL_TXT_STREEBOG512, | ||
| 462 | .algorithm_mac = SSL_STREEBOG512, | ||
| 463 | }, | ||
| 453 | 464 | ||
| 454 | /* protocol version aliases */ | 465 | /* protocol version aliases */ |
| 455 | { | 466 | { |
| @@ -566,7 +577,6 @@ ssl_load_ciphers(void) | |||
| 566 | } | 577 | } |
| 567 | ssl_digest_methods[SSL_MD_GOST89MAC_IDX]= | 578 | ssl_digest_methods[SSL_MD_GOST89MAC_IDX]= |
| 568 | EVP_get_digestbyname(SN_id_Gost28147_89_MAC); | 579 | EVP_get_digestbyname(SN_id_Gost28147_89_MAC); |
| 569 | ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); | ||
| 570 | if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { | 580 | if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { |
| 571 | ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; | 581 | ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; |
| 572 | } | 582 | } |
| @@ -579,6 +589,14 @@ ssl_load_ciphers(void) | |||
| 579 | EVP_get_digestbyname(SN_sha384); | 589 | EVP_get_digestbyname(SN_sha384); |
| 580 | ssl_mac_secret_size[SSL_MD_SHA384_IDX]= | 590 | ssl_mac_secret_size[SSL_MD_SHA384_IDX]= |
| 581 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); | 591 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); |
| 592 | ssl_digest_methods[SSL_MD_STREEBOG256_IDX]= | ||
| 593 | EVP_get_digestbyname(SN_id_tc26_gost3411_2012_256); | ||
| 594 | ssl_mac_secret_size[SSL_MD_STREEBOG256_IDX]= | ||
| 595 | EVP_MD_size(ssl_digest_methods[SSL_MD_STREEBOG256_IDX]); | ||
| 596 | ssl_digest_methods[SSL_MD_STREEBOG512_IDX]= | ||
| 597 | EVP_get_digestbyname(SN_id_tc26_gost3411_2012_512); | ||
| 598 | ssl_mac_secret_size[SSL_MD_STREEBOG512_IDX]= | ||
| 599 | EVP_MD_size(ssl_digest_methods[SSL_MD_STREEBOG512_IDX]); | ||
| 582 | } | 600 | } |
| 583 | 601 | ||
| 584 | int | 602 | int |
| @@ -672,6 +690,12 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | |||
| 672 | case SSL_GOST89MAC: | 690 | case SSL_GOST89MAC: |
| 673 | i = SSL_MD_GOST89MAC_IDX; | 691 | i = SSL_MD_GOST89MAC_IDX; |
| 674 | break; | 692 | break; |
| 693 | case SSL_STREEBOG256: | ||
| 694 | i = SSL_MD_STREEBOG256_IDX; | ||
| 695 | break; | ||
| 696 | case SSL_STREEBOG512: | ||
| 697 | i = SSL_MD_STREEBOG512_IDX; | ||
| 698 | break; | ||
| 675 | default: | 699 | default: |
| 676 | i = -1; | 700 | i = -1; |
| 677 | break; | 701 | break; |
| @@ -829,7 +853,7 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, | |||
| 829 | *auth |= SSL_aGOST01; | 853 | *auth |= SSL_aGOST01; |
| 830 | } | 854 | } |
| 831 | /* Disable GOST key exchange if no GOST signature algs are available. */ | 855 | /* Disable GOST key exchange if no GOST signature algs are available. */ |
| 832 | if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) { | 856 | if (((~*auth) & (SSL_aGOST94|SSL_aGOST01)) == 0) { |
| 833 | *mkey |= SSL_kGOST; | 857 | *mkey |= SSL_kGOST; |
| 834 | } | 858 | } |
| 835 | #ifdef SSL_FORBID_ENULL | 859 | #ifdef SSL_FORBID_ENULL |
| @@ -853,7 +877,9 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, | |||
| 853 | *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0; | 877 | *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0; |
| 854 | *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0; | 878 | *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0; |
| 855 | *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0; | 879 | *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0; |
| 856 | *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef) ? SSL_GOST89MAC : 0; | 880 | *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL) ? SSL_GOST89MAC : 0; |
| 881 | *mac |= (ssl_digest_methods[SSL_MD_STREEBOG256_IDX] == NULL) ? SSL_STREEBOG256 : 0; | ||
| 882 | *mac |= (ssl_digest_methods[SSL_MD_STREEBOG512_IDX] == NULL) ? SSL_STREEBOG512 : 0; | ||
| 857 | 883 | ||
| 858 | } | 884 | } |
| 859 | 885 | ||
| @@ -1581,6 +1607,9 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1581 | case SSL_kECDHE: | 1607 | case SSL_kECDHE: |
| 1582 | kx = "ECDH"; | 1608 | kx = "ECDH"; |
| 1583 | break; | 1609 | break; |
| 1610 | case SSL_kGOST: | ||
| 1611 | kx = "GOST"; | ||
| 1612 | break; | ||
| 1584 | default: | 1613 | default: |
| 1585 | kx = "unknown"; | 1614 | kx = "unknown"; |
| 1586 | } | 1615 | } |
| @@ -1601,6 +1630,12 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1601 | case SSL_aECDSA: | 1630 | case SSL_aECDSA: |
| 1602 | au = "ECDSA"; | 1631 | au = "ECDSA"; |
| 1603 | break; | 1632 | break; |
| 1633 | case SSL_aGOST94: | ||
| 1634 | au = "GOST94"; | ||
| 1635 | break; | ||
| 1636 | case SSL_aGOST01: | ||
| 1637 | au = "GOST01"; | ||
| 1638 | break; | ||
| 1604 | default: | 1639 | default: |
| 1605 | au = "unknown"; | 1640 | au = "unknown"; |
| 1606 | break; | 1641 | break; |
| @@ -1643,6 +1678,9 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1643 | case SSL_CHACHA20POLY1305: | 1678 | case SSL_CHACHA20POLY1305: |
| 1644 | enc = "ChaCha20-Poly1305"; | 1679 | enc = "ChaCha20-Poly1305"; |
| 1645 | break; | 1680 | break; |
| 1681 | case SSL_eGOST2814789CNT: | ||
| 1682 | enc = "GOST-28178-89-CNT"; | ||
| 1683 | break; | ||
| 1646 | default: | 1684 | default: |
| 1647 | enc = "unknown"; | 1685 | enc = "unknown"; |
| 1648 | break; | 1686 | break; |
| @@ -1664,6 +1702,18 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1664 | case SSL_AEAD: | 1702 | case SSL_AEAD: |
| 1665 | mac = "AEAD"; | 1703 | mac = "AEAD"; |
| 1666 | break; | 1704 | break; |
| 1705 | case SSL_GOST94: | ||
| 1706 | mac = "GOST94"; | ||
| 1707 | break; | ||
| 1708 | case SSL_GOST89MAC: | ||
| 1709 | mac = "GOST89IMIT"; | ||
| 1710 | break; | ||
| 1711 | case SSL_STREEBOG256: | ||
| 1712 | mac = "STREEBOG256"; | ||
| 1713 | break; | ||
| 1714 | case SSL_STREEBOG512: | ||
| 1715 | mac = "STREEBOG512"; | ||
| 1716 | break; | ||
| 1667 | default: | 1717 | default: |
| 1668 | mac = "unknown"; | 1718 | mac = "unknown"; |
| 1669 | break; | 1719 | break; |
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index ec8f96e645..74cacd4eec 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.76 2014/11/16 14:12:47 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.77 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -299,6 +299,8 @@ | |||
| 299 | #define SSL_SHA384 0x00000020L | 299 | #define SSL_SHA384 0x00000020L |
| 300 | /* Not a real MAC, just an indication it is part of cipher */ | 300 | /* Not a real MAC, just an indication it is part of cipher */ |
| 301 | #define SSL_AEAD 0x00000040L | 301 | #define SSL_AEAD 0x00000040L |
| 302 | #define SSL_STREEBOG256 0x00000080L | ||
| 303 | #define SSL_STREEBOG512 0x00000100L | ||
| 302 | 304 | ||
| 303 | /* Bits for algorithm_ssl (protocol version) */ | 305 | /* Bits for algorithm_ssl (protocol version) */ |
| 304 | #define SSL_SSLV3 0x00000002L | 306 | #define SSL_SSLV3 0x00000002L |
| @@ -313,11 +315,13 @@ | |||
| 313 | #define SSL_HANDSHAKE_MAC_GOST94 0x40 | 315 | #define SSL_HANDSHAKE_MAC_GOST94 0x40 |
| 314 | #define SSL_HANDSHAKE_MAC_SHA256 0x80 | 316 | #define SSL_HANDSHAKE_MAC_SHA256 0x80 |
| 315 | #define SSL_HANDSHAKE_MAC_SHA384 0x100 | 317 | #define SSL_HANDSHAKE_MAC_SHA384 0x100 |
| 318 | #define SSL_HANDSHAKE_MAC_STREEBOG256 0x200 | ||
| 319 | #define SSL_HANDSHAKE_MAC_STREEBOG512 0x400 | ||
| 316 | #define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) | 320 | #define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) |
| 317 | 321 | ||
| 318 | /* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX | 322 | /* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX |
| 319 | * make sure to update this constant too */ | 323 | * make sure to update this constant too */ |
| 320 | #define SSL_MAX_DIGEST 6 | 324 | #define SSL_MAX_DIGEST 8 |
| 321 | 325 | ||
| 322 | #define SSL3_CK_ID 0x03000000 | 326 | #define SSL3_CK_ID 0x03000000 |
| 323 | #define SSL3_CK_VALUE_MASK 0x0000ffff | 327 | #define SSL3_CK_VALUE_MASK 0x0000ffff |
| @@ -330,6 +334,7 @@ | |||
| 330 | #define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT) | 334 | #define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT) |
| 331 | #define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT) | 335 | #define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT) |
| 332 | #define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT) | 336 | #define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT) |
| 337 | #define TLS1_PRF_STREEBOG256 (SSL_HANDSHAKE_MAC_STREEBOG256 << TLS1_PRF_DGST_SHIFT) | ||
| 333 | #define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) | 338 | #define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) |
| 334 | 339 | ||
| 335 | /* Stream MAC for GOST ciphersuites from cryptopro draft | 340 | /* Stream MAC for GOST ciphersuites from cryptopro draft |
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c index fc313efc2c..620da6ddd0 100644 --- a/src/lib/libssl/src/ssl/t1_enc.c +++ b/src/lib/libssl/src/ssl/t1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_enc.c,v 1.72 2014/11/16 14:12:47 jsing Exp $ */ | 1 | /* $OpenBSD: t1_enc.c,v 1.73 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -448,6 +448,18 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys, | |||
| 448 | mac_secret_size, (unsigned char *)mac_secret); | 448 | mac_secret_size, (unsigned char *)mac_secret); |
| 449 | } | 449 | } |
| 450 | 450 | ||
| 451 | if (s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) { | ||
| 452 | int nid; | ||
| 453 | if (s->s3->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) | ||
| 454 | nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; | ||
| 455 | else | ||
| 456 | nid = NID_id_tc26_gost_28147_param_Z; | ||
| 457 | |||
| 458 | EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0); | ||
| 459 | if (s->s3->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC) | ||
| 460 | EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0); | ||
| 461 | } | ||
| 462 | |||
| 451 | return (1); | 463 | return (1); |
| 452 | 464 | ||
| 453 | err: | 465 | err: |
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index b1b9ac4a87..d593fe6baf 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.66 2014/11/03 17:21:30 tedu Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.67 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -587,6 +587,9 @@ static unsigned char tls12_sigalgs[] = { | |||
| 587 | TLSEXT_hash_sha512, TLSEXT_signature_rsa, | 587 | TLSEXT_hash_sha512, TLSEXT_signature_rsa, |
| 588 | TLSEXT_hash_sha512, TLSEXT_signature_dsa, | 588 | TLSEXT_hash_sha512, TLSEXT_signature_dsa, |
| 589 | TLSEXT_hash_sha512, TLSEXT_signature_ecdsa, | 589 | TLSEXT_hash_sha512, TLSEXT_signature_ecdsa, |
| 590 | #ifndef OPENSSL_NO_GOST | ||
| 591 | TLSEXT_hash_streebog_512, TLSEXT_signature_gostr12_512, | ||
| 592 | #endif | ||
| 590 | 593 | ||
| 591 | TLSEXT_hash_sha384, TLSEXT_signature_rsa, | 594 | TLSEXT_hash_sha384, TLSEXT_signature_rsa, |
| 592 | TLSEXT_hash_sha384, TLSEXT_signature_dsa, | 595 | TLSEXT_hash_sha384, TLSEXT_signature_dsa, |
| @@ -596,6 +599,11 @@ static unsigned char tls12_sigalgs[] = { | |||
| 596 | TLSEXT_hash_sha256, TLSEXT_signature_dsa, | 599 | TLSEXT_hash_sha256, TLSEXT_signature_dsa, |
| 597 | TLSEXT_hash_sha256, TLSEXT_signature_ecdsa, | 600 | TLSEXT_hash_sha256, TLSEXT_signature_ecdsa, |
| 598 | 601 | ||
| 602 | #ifndef OPENSSL_NO_GOST | ||
| 603 | TLSEXT_hash_streebog_256, TLSEXT_signature_gostr12_256, | ||
| 604 | TLSEXT_hash_gost94, TLSEXT_signature_gostr01, | ||
| 605 | #endif | ||
| 606 | |||
| 599 | TLSEXT_hash_sha224, TLSEXT_signature_rsa, | 607 | TLSEXT_hash_sha224, TLSEXT_signature_rsa, |
| 600 | TLSEXT_hash_sha224, TLSEXT_signature_dsa, | 608 | TLSEXT_hash_sha224, TLSEXT_signature_dsa, |
| 601 | TLSEXT_hash_sha224, TLSEXT_signature_ecdsa, | 609 | TLSEXT_hash_sha224, TLSEXT_signature_ecdsa, |
| @@ -2166,13 +2174,17 @@ static tls12_lookup tls12_md[] = { | |||
| 2166 | {NID_sha224, TLSEXT_hash_sha224}, | 2174 | {NID_sha224, TLSEXT_hash_sha224}, |
| 2167 | {NID_sha256, TLSEXT_hash_sha256}, | 2175 | {NID_sha256, TLSEXT_hash_sha256}, |
| 2168 | {NID_sha384, TLSEXT_hash_sha384}, | 2176 | {NID_sha384, TLSEXT_hash_sha384}, |
| 2169 | {NID_sha512, TLSEXT_hash_sha512} | 2177 | {NID_sha512, TLSEXT_hash_sha512}, |
| 2178 | {NID_id_GostR3411_94, TLSEXT_hash_gost94}, | ||
| 2179 | {NID_id_tc26_gost3411_2012_256, TLSEXT_hash_streebog_256}, | ||
| 2180 | {NID_id_tc26_gost3411_2012_512, TLSEXT_hash_streebog_512} | ||
| 2170 | }; | 2181 | }; |
| 2171 | 2182 | ||
| 2172 | static tls12_lookup tls12_sig[] = { | 2183 | static tls12_lookup tls12_sig[] = { |
| 2173 | {EVP_PKEY_RSA, TLSEXT_signature_rsa}, | 2184 | {EVP_PKEY_RSA, TLSEXT_signature_rsa}, |
| 2174 | {EVP_PKEY_DSA, TLSEXT_signature_dsa}, | 2185 | {EVP_PKEY_DSA, TLSEXT_signature_dsa}, |
| 2175 | {EVP_PKEY_EC, TLSEXT_signature_ecdsa} | 2186 | {EVP_PKEY_EC, TLSEXT_signature_ecdsa}, |
| 2187 | {EVP_PKEY_GOSTR01, TLSEXT_signature_gostr01}, | ||
| 2176 | }; | 2188 | }; |
| 2177 | 2189 | ||
| 2178 | static int | 2190 | static int |
| @@ -2225,6 +2237,14 @@ tls12_get_hash(unsigned char hash_alg) | |||
| 2225 | return EVP_sha384(); | 2237 | return EVP_sha384(); |
| 2226 | case TLSEXT_hash_sha512: | 2238 | case TLSEXT_hash_sha512: |
| 2227 | return EVP_sha512(); | 2239 | return EVP_sha512(); |
| 2240 | #ifndef OPENSSL_NO_GOST | ||
| 2241 | case TLSEXT_hash_gost94: | ||
| 2242 | return EVP_gostr341194(); | ||
| 2243 | case TLSEXT_hash_streebog_256: | ||
| 2244 | return EVP_streebog256(); | ||
| 2245 | case TLSEXT_hash_streebog_512: | ||
| 2246 | return EVP_streebog512(); | ||
| 2247 | #endif | ||
| 2228 | default: | 2248 | default: |
| 2229 | return NULL; | 2249 | return NULL; |
| 2230 | } | 2250 | } |
| @@ -2251,6 +2271,8 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) | |||
| 2251 | c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; | 2271 | c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; |
| 2252 | c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; | 2272 | c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; |
| 2253 | c->pkeys[SSL_PKEY_ECC].digest = NULL; | 2273 | c->pkeys[SSL_PKEY_ECC].digest = NULL; |
| 2274 | c->pkeys[SSL_PKEY_GOST94].digest = NULL; | ||
| 2275 | c->pkeys[SSL_PKEY_GOST01].digest = NULL; | ||
| 2254 | 2276 | ||
| 2255 | for (i = 0; i < dsize; i += 2) { | 2277 | for (i = 0; i < dsize; i += 2) { |
| 2256 | unsigned char hash_alg = data[i], sig_alg = data[i + 1]; | 2278 | unsigned char hash_alg = data[i], sig_alg = data[i + 1]; |
| @@ -2265,6 +2287,11 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) | |||
| 2265 | case TLSEXT_signature_ecdsa: | 2287 | case TLSEXT_signature_ecdsa: |
| 2266 | idx = SSL_PKEY_ECC; | 2288 | idx = SSL_PKEY_ECC; |
| 2267 | break; | 2289 | break; |
| 2290 | case TLSEXT_signature_gostr01: | ||
| 2291 | case TLSEXT_signature_gostr12_256: | ||
| 2292 | case TLSEXT_signature_gostr12_512: | ||
| 2293 | idx = SSL_PKEY_GOST01; | ||
| 2294 | break; | ||
| 2268 | default: | 2295 | default: |
| 2269 | continue; | 2296 | continue; |
| 2270 | } | 2297 | } |
| @@ -2291,5 +2318,11 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) | |||
| 2291 | } | 2318 | } |
| 2292 | if (!c->pkeys[SSL_PKEY_ECC].digest) | 2319 | if (!c->pkeys[SSL_PKEY_ECC].digest) |
| 2293 | c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); | 2320 | c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); |
| 2321 | #ifndef OPENSSL_NO_GOST | ||
| 2322 | if (!c->pkeys[SSL_PKEY_GOST94].digest) | ||
| 2323 | c->pkeys[SSL_PKEY_GOST94].digest = EVP_gostr341194(); | ||
| 2324 | if (!c->pkeys[SSL_PKEY_GOST01].digest) | ||
| 2325 | c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194(); | ||
| 2326 | #endif | ||
| 2294 | return 1; | 2327 | return 1; |
| 2295 | } | 2328 | } |
diff --git a/src/lib/libssl/src/ssl/tls1.h b/src/lib/libssl/src/ssl/tls1.h index d2d1657edf..60dc7919a4 100644 --- a/src/lib/libssl/src/ssl/tls1.h +++ b/src/lib/libssl/src/ssl/tls1.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls1.h,v 1.21 2014/10/31 15:50:28 jsing Exp $ */ | 1 | /* $OpenBSD: tls1.h,v 1.22 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -275,6 +275,10 @@ extern "C" { | |||
| 275 | #define TLSEXT_signature_rsa 1 | 275 | #define TLSEXT_signature_rsa 1 |
| 276 | #define TLSEXT_signature_dsa 2 | 276 | #define TLSEXT_signature_dsa 2 |
| 277 | #define TLSEXT_signature_ecdsa 3 | 277 | #define TLSEXT_signature_ecdsa 3 |
| 278 | /* FIXME IANA */ | ||
| 279 | #define TLSEXT_signature_gostr01 237 | ||
| 280 | #define TLSEXT_signature_gostr12_256 238 | ||
| 281 | #define TLSEXT_signature_gostr12_512 239 | ||
| 278 | 282 | ||
| 279 | #define TLSEXT_hash_none 0 | 283 | #define TLSEXT_hash_none 0 |
| 280 | #define TLSEXT_hash_md5 1 | 284 | #define TLSEXT_hash_md5 1 |
| @@ -283,6 +287,10 @@ extern "C" { | |||
| 283 | #define TLSEXT_hash_sha256 4 | 287 | #define TLSEXT_hash_sha256 4 |
| 284 | #define TLSEXT_hash_sha384 5 | 288 | #define TLSEXT_hash_sha384 5 |
| 285 | #define TLSEXT_hash_sha512 6 | 289 | #define TLSEXT_hash_sha512 6 |
| 290 | /* FIXME IANA */ | ||
| 291 | #define TLSEXT_hash_gost94 237 | ||
| 292 | #define TLSEXT_hash_streebog_256 238 | ||
| 293 | #define TLSEXT_hash_streebog_512 239 | ||
| 286 | 294 | ||
| 287 | #define TLSEXT_MAXLEN_host_name 255 | 295 | #define TLSEXT_MAXLEN_host_name 255 |
| 288 | 296 | ||
| @@ -669,9 +677,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 669 | #define TLS_CT_ECDSA_FIXED_ECDH 66 | 677 | #define TLS_CT_ECDSA_FIXED_ECDH 66 |
| 670 | #define TLS_CT_GOST94_SIGN 21 | 678 | #define TLS_CT_GOST94_SIGN 21 |
| 671 | #define TLS_CT_GOST01_SIGN 22 | 679 | #define TLS_CT_GOST01_SIGN 22 |
| 680 | #define TLS_CT_GOST12_256_SIGN 238 /* FIXME: IANA */ | ||
| 681 | #define TLS_CT_GOST12_512_SIGN 239 /* FIXME: IANA */ | ||
| 672 | /* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see | 682 | /* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see |
| 673 | * comment there) */ | 683 | * comment there) */ |
| 674 | #define TLS_CT_NUMBER 9 | 684 | #define TLS_CT_NUMBER 11 |
| 675 | 685 | ||
| 676 | #define TLS1_FINISH_MAC_LENGTH 12 | 686 | #define TLS1_FINISH_MAC_LENGTH 12 |
| 677 | 687 | ||
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 00a4b5e39b..2416b46d46 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.71 2014/11/16 14:12:47 jsing Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.72 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -295,6 +295,8 @@ extern "C" { | |||
| 295 | #define SSL_TXT_GOST89MAC "GOST89MAC" | 295 | #define SSL_TXT_GOST89MAC "GOST89MAC" |
| 296 | #define SSL_TXT_SHA256 "SHA256" | 296 | #define SSL_TXT_SHA256 "SHA256" |
| 297 | #define SSL_TXT_SHA384 "SHA384" | 297 | #define SSL_TXT_SHA384 "SHA384" |
| 298 | #define SSL_TXT_STREEBOG256 "STREEBOG256" | ||
| 299 | #define SSL_TXT_STREEBOG512 "STREEBOG512" | ||
| 298 | 300 | ||
| 299 | #define SSL_TXT_DTLS1 "DTLSv1" | 301 | #define SSL_TXT_DTLS1 "DTLSv1" |
| 300 | #define SSL_TXT_DTLS1_BAD "DTLSv1-bad" | 302 | #define SSL_TXT_DTLS1_BAD "DTLSv1-bad" |
diff --git a/src/lib/libssl/ssl/shlib_version b/src/lib/libssl/ssl/shlib_version index 295c96b24e..ade1e3940f 100644 --- a/src/lib/libssl/ssl/shlib_version +++ b/src/lib/libssl/ssl/shlib_version | |||
| @@ -1,2 +1,2 @@ | |||
| 1 | major=28 | 1 | major=29 |
| 2 | minor=0 | 2 | minor=0 |
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index f10b288f31..5b9e31754b 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl3.h,v 1.28 2014/10/31 15:34:06 jsing Exp $ */ | 1 | /* $OpenBSD: ssl3.h,v 1.29 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -353,7 +353,7 @@ typedef struct ssl3_buffer_st { | |||
| 353 | * enough to contain all of the cert types defined either for | 353 | * enough to contain all of the cert types defined either for |
| 354 | * SSLv3 and TLSv1. | 354 | * SSLv3 and TLSv1. |
| 355 | */ | 355 | */ |
| 356 | #define SSL3_CT_NUMBER 9 | 356 | #define SSL3_CT_NUMBER 11 |
| 357 | 357 | ||
| 358 | 358 | ||
| 359 | #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 | 359 | #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 |
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c index 842d50a762..558d51ce7a 100644 --- a/src/lib/libssl/ssl_algs.c +++ b/src/lib/libssl/ssl_algs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_algs.c,v 1.20 2014/11/16 14:12:47 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_algs.c,v 1.21 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -98,6 +98,10 @@ SSL_library_init(void) | |||
| 98 | EVP_add_cipher(EVP_camellia_128_cbc()); | 98 | EVP_add_cipher(EVP_camellia_128_cbc()); |
| 99 | EVP_add_cipher(EVP_camellia_256_cbc()); | 99 | EVP_add_cipher(EVP_camellia_256_cbc()); |
| 100 | #endif | 100 | #endif |
| 101 | #ifndef OPENSSL_NO_GOST | ||
| 102 | EVP_add_cipher(EVP_gost2814789_cfb64()); | ||
| 103 | EVP_add_cipher(EVP_gost2814789_cnt()); | ||
| 104 | #endif | ||
| 101 | 105 | ||
| 102 | EVP_add_digest(EVP_md5()); | 106 | EVP_add_digest(EVP_md5()); |
| 103 | EVP_add_digest_alias(SN_md5, "ssl2-md5"); | 107 | EVP_add_digest_alias(SN_md5, "ssl2-md5"); |
| @@ -114,6 +118,12 @@ SSL_library_init(void) | |||
| 114 | EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); | 118 | EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); |
| 115 | EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); | 119 | EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); |
| 116 | EVP_add_digest(EVP_ecdsa()); | 120 | EVP_add_digest(EVP_ecdsa()); |
| 121 | #ifndef OPENSSL_NO_GOST | ||
| 122 | EVP_add_digest(EVP_gostr341194()); | ||
| 123 | EVP_add_digest(EVP_gost2814789imit()); | ||
| 124 | EVP_add_digest(EVP_streebog256()); | ||
| 125 | EVP_add_digest(EVP_streebog512()); | ||
| 126 | #endif | ||
| 117 | /* initialize cipher/digest methods table */ | 127 | /* initialize cipher/digest methods table */ |
| 118 | ssl_load_ciphers(); | 128 | ssl_load_ciphers(); |
| 119 | return (1); | 129 | return (1); |
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index 7938c82c94..8bbfcd85d1 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_cert.c,v 1.45 2014/11/16 14:12:47 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_cert.c,v 1.46 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -166,6 +166,10 @@ ssl_cert_set_default_md(CERT *cert) | |||
| 166 | cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); | 166 | cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); |
| 167 | cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); | 167 | cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); |
| 168 | cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); | 168 | cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); |
| 169 | #ifndef OPENSSL_NO_GOST | ||
| 170 | cert->pkeys[SSL_PKEY_GOST94].digest = EVP_gostr341194(); | ||
| 171 | cert->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194(); | ||
| 172 | #endif | ||
| 169 | } | 173 | } |
| 170 | 174 | ||
| 171 | CERT * | 175 | CERT * |
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 443c2ec660..990fe9876c 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_ciph.c,v 1.73 2014/11/16 14:12:47 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_ciph.c,v 1.74 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -175,30 +175,33 @@ static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { | |||
| 175 | #define SSL_MD_GOST89MAC_IDX 3 | 175 | #define SSL_MD_GOST89MAC_IDX 3 |
| 176 | #define SSL_MD_SHA256_IDX 4 | 176 | #define SSL_MD_SHA256_IDX 4 |
| 177 | #define SSL_MD_SHA384_IDX 5 | 177 | #define SSL_MD_SHA384_IDX 5 |
| 178 | #define SSL_MD_STREEBOG256_IDX 6 | ||
| 179 | #define SSL_MD_STREEBOG512_IDX 7 | ||
| 178 | /*Constant SSL_MAX_DIGEST equal to size of digests array should be | 180 | /*Constant SSL_MAX_DIGEST equal to size of digests array should be |
| 179 | * defined in the | 181 | * defined in the |
| 180 | * ssl_locl.h */ | 182 | * ssl_locl.h */ |
| 181 | #define SSL_MD_NUM_IDX SSL_MAX_DIGEST | 183 | #define SSL_MD_NUM_IDX SSL_MAX_DIGEST |
| 182 | static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { | 184 | static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { |
| 183 | NULL, NULL, NULL, NULL, NULL, NULL | 185 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL |
| 184 | }; | 186 | }; |
| 185 | /* PKEY_TYPE for GOST89MAC is known in advance, but, because | 187 | /* PKEY_TYPE for GOST89MAC is known in advance, but, because |
| 186 | * implementation is engine-provided, we'll fill it only if | 188 | * implementation is engine-provided, we'll fill it only if |
| 187 | * corresponding EVP_PKEY_METHOD is found | 189 | * corresponding EVP_PKEY_METHOD is found |
| 188 | */ | 190 | */ |
| 189 | static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { | 191 | static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { |
| 190 | EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef, | 192 | EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_GOSTIMIT, |
| 191 | EVP_PKEY_HMAC, EVP_PKEY_HMAC | 193 | EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, |
| 192 | }; | 194 | }; |
| 193 | 195 | ||
| 194 | static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = { | 196 | static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = { |
| 195 | 0, 0, 0, 0, 0, 0 | 197 | 0, 0, 0, 0, 0, 0, 0, 0 |
| 196 | }; | 198 | }; |
| 197 | 199 | ||
| 198 | static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = { | 200 | static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = { |
| 199 | SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA, | 201 | SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA, |
| 200 | SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, | 202 | SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, |
| 201 | SSL_HANDSHAKE_MAC_SHA384 | 203 | SSL_HANDSHAKE_MAC_SHA384, SSL_HANDSHAKE_MAC_STREEBOG256, |
| 204 | SSL_HANDSHAKE_MAC_STREEBOG512 | ||
| 202 | }; | 205 | }; |
| 203 | 206 | ||
| 204 | #define CIPHER_ADD 1 | 207 | #define CIPHER_ADD 1 |
| @@ -325,7 +328,7 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 325 | .name = SSL_TXT_aGOST, | 328 | .name = SSL_TXT_aGOST, |
| 326 | .algorithm_auth = SSL_aGOST94|SSL_aGOST01, | 329 | .algorithm_auth = SSL_aGOST94|SSL_aGOST01, |
| 327 | }, | 330 | }, |
| 328 | 331 | ||
| 329 | /* aliases combining key exchange and server authentication */ | 332 | /* aliases combining key exchange and server authentication */ |
| 330 | { | 333 | { |
| 331 | .name = SSL_TXT_DHE, | 334 | .name = SSL_TXT_DHE, |
| @@ -450,6 +453,14 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 450 | .name = SSL_TXT_SHA384, | 453 | .name = SSL_TXT_SHA384, |
| 451 | .algorithm_mac = SSL_SHA384, | 454 | .algorithm_mac = SSL_SHA384, |
| 452 | }, | 455 | }, |
| 456 | { | ||
| 457 | .name = SSL_TXT_STREEBOG256, | ||
| 458 | .algorithm_mac = SSL_STREEBOG256, | ||
| 459 | }, | ||
| 460 | { | ||
| 461 | .name = SSL_TXT_STREEBOG512, | ||
| 462 | .algorithm_mac = SSL_STREEBOG512, | ||
| 463 | }, | ||
| 453 | 464 | ||
| 454 | /* protocol version aliases */ | 465 | /* protocol version aliases */ |
| 455 | { | 466 | { |
| @@ -566,7 +577,6 @@ ssl_load_ciphers(void) | |||
| 566 | } | 577 | } |
| 567 | ssl_digest_methods[SSL_MD_GOST89MAC_IDX]= | 578 | ssl_digest_methods[SSL_MD_GOST89MAC_IDX]= |
| 568 | EVP_get_digestbyname(SN_id_Gost28147_89_MAC); | 579 | EVP_get_digestbyname(SN_id_Gost28147_89_MAC); |
| 569 | ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); | ||
| 570 | if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { | 580 | if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { |
| 571 | ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; | 581 | ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; |
| 572 | } | 582 | } |
| @@ -579,6 +589,14 @@ ssl_load_ciphers(void) | |||
| 579 | EVP_get_digestbyname(SN_sha384); | 589 | EVP_get_digestbyname(SN_sha384); |
| 580 | ssl_mac_secret_size[SSL_MD_SHA384_IDX]= | 590 | ssl_mac_secret_size[SSL_MD_SHA384_IDX]= |
| 581 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); | 591 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); |
| 592 | ssl_digest_methods[SSL_MD_STREEBOG256_IDX]= | ||
| 593 | EVP_get_digestbyname(SN_id_tc26_gost3411_2012_256); | ||
| 594 | ssl_mac_secret_size[SSL_MD_STREEBOG256_IDX]= | ||
| 595 | EVP_MD_size(ssl_digest_methods[SSL_MD_STREEBOG256_IDX]); | ||
| 596 | ssl_digest_methods[SSL_MD_STREEBOG512_IDX]= | ||
| 597 | EVP_get_digestbyname(SN_id_tc26_gost3411_2012_512); | ||
| 598 | ssl_mac_secret_size[SSL_MD_STREEBOG512_IDX]= | ||
| 599 | EVP_MD_size(ssl_digest_methods[SSL_MD_STREEBOG512_IDX]); | ||
| 582 | } | 600 | } |
| 583 | 601 | ||
| 584 | int | 602 | int |
| @@ -672,6 +690,12 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | |||
| 672 | case SSL_GOST89MAC: | 690 | case SSL_GOST89MAC: |
| 673 | i = SSL_MD_GOST89MAC_IDX; | 691 | i = SSL_MD_GOST89MAC_IDX; |
| 674 | break; | 692 | break; |
| 693 | case SSL_STREEBOG256: | ||
| 694 | i = SSL_MD_STREEBOG256_IDX; | ||
| 695 | break; | ||
| 696 | case SSL_STREEBOG512: | ||
| 697 | i = SSL_MD_STREEBOG512_IDX; | ||
| 698 | break; | ||
| 675 | default: | 699 | default: |
| 676 | i = -1; | 700 | i = -1; |
| 677 | break; | 701 | break; |
| @@ -829,7 +853,7 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, | |||
| 829 | *auth |= SSL_aGOST01; | 853 | *auth |= SSL_aGOST01; |
| 830 | } | 854 | } |
| 831 | /* Disable GOST key exchange if no GOST signature algs are available. */ | 855 | /* Disable GOST key exchange if no GOST signature algs are available. */ |
| 832 | if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) { | 856 | if (((~*auth) & (SSL_aGOST94|SSL_aGOST01)) == 0) { |
| 833 | *mkey |= SSL_kGOST; | 857 | *mkey |= SSL_kGOST; |
| 834 | } | 858 | } |
| 835 | #ifdef SSL_FORBID_ENULL | 859 | #ifdef SSL_FORBID_ENULL |
| @@ -853,7 +877,9 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, | |||
| 853 | *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0; | 877 | *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0; |
| 854 | *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0; | 878 | *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0; |
| 855 | *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0; | 879 | *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0; |
| 856 | *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef) ? SSL_GOST89MAC : 0; | 880 | *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL) ? SSL_GOST89MAC : 0; |
| 881 | *mac |= (ssl_digest_methods[SSL_MD_STREEBOG256_IDX] == NULL) ? SSL_STREEBOG256 : 0; | ||
| 882 | *mac |= (ssl_digest_methods[SSL_MD_STREEBOG512_IDX] == NULL) ? SSL_STREEBOG512 : 0; | ||
| 857 | 883 | ||
| 858 | } | 884 | } |
| 859 | 885 | ||
| @@ -1581,6 +1607,9 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1581 | case SSL_kECDHE: | 1607 | case SSL_kECDHE: |
| 1582 | kx = "ECDH"; | 1608 | kx = "ECDH"; |
| 1583 | break; | 1609 | break; |
| 1610 | case SSL_kGOST: | ||
| 1611 | kx = "GOST"; | ||
| 1612 | break; | ||
| 1584 | default: | 1613 | default: |
| 1585 | kx = "unknown"; | 1614 | kx = "unknown"; |
| 1586 | } | 1615 | } |
| @@ -1601,6 +1630,12 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1601 | case SSL_aECDSA: | 1630 | case SSL_aECDSA: |
| 1602 | au = "ECDSA"; | 1631 | au = "ECDSA"; |
| 1603 | break; | 1632 | break; |
| 1633 | case SSL_aGOST94: | ||
| 1634 | au = "GOST94"; | ||
| 1635 | break; | ||
| 1636 | case SSL_aGOST01: | ||
| 1637 | au = "GOST01"; | ||
| 1638 | break; | ||
| 1604 | default: | 1639 | default: |
| 1605 | au = "unknown"; | 1640 | au = "unknown"; |
| 1606 | break; | 1641 | break; |
| @@ -1643,6 +1678,9 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1643 | case SSL_CHACHA20POLY1305: | 1678 | case SSL_CHACHA20POLY1305: |
| 1644 | enc = "ChaCha20-Poly1305"; | 1679 | enc = "ChaCha20-Poly1305"; |
| 1645 | break; | 1680 | break; |
| 1681 | case SSL_eGOST2814789CNT: | ||
| 1682 | enc = "GOST-28178-89-CNT"; | ||
| 1683 | break; | ||
| 1646 | default: | 1684 | default: |
| 1647 | enc = "unknown"; | 1685 | enc = "unknown"; |
| 1648 | break; | 1686 | break; |
| @@ -1664,6 +1702,18 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1664 | case SSL_AEAD: | 1702 | case SSL_AEAD: |
| 1665 | mac = "AEAD"; | 1703 | mac = "AEAD"; |
| 1666 | break; | 1704 | break; |
| 1705 | case SSL_GOST94: | ||
| 1706 | mac = "GOST94"; | ||
| 1707 | break; | ||
| 1708 | case SSL_GOST89MAC: | ||
| 1709 | mac = "GOST89IMIT"; | ||
| 1710 | break; | ||
| 1711 | case SSL_STREEBOG256: | ||
| 1712 | mac = "STREEBOG256"; | ||
| 1713 | break; | ||
| 1714 | case SSL_STREEBOG512: | ||
| 1715 | mac = "STREEBOG512"; | ||
| 1716 | break; | ||
| 1667 | default: | 1717 | default: |
| 1668 | mac = "unknown"; | 1718 | mac = "unknown"; |
| 1669 | break; | 1719 | break; |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index ec8f96e645..74cacd4eec 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.76 2014/11/16 14:12:47 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.77 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -299,6 +299,8 @@ | |||
| 299 | #define SSL_SHA384 0x00000020L | 299 | #define SSL_SHA384 0x00000020L |
| 300 | /* Not a real MAC, just an indication it is part of cipher */ | 300 | /* Not a real MAC, just an indication it is part of cipher */ |
| 301 | #define SSL_AEAD 0x00000040L | 301 | #define SSL_AEAD 0x00000040L |
| 302 | #define SSL_STREEBOG256 0x00000080L | ||
| 303 | #define SSL_STREEBOG512 0x00000100L | ||
| 302 | 304 | ||
| 303 | /* Bits for algorithm_ssl (protocol version) */ | 305 | /* Bits for algorithm_ssl (protocol version) */ |
| 304 | #define SSL_SSLV3 0x00000002L | 306 | #define SSL_SSLV3 0x00000002L |
| @@ -313,11 +315,13 @@ | |||
| 313 | #define SSL_HANDSHAKE_MAC_GOST94 0x40 | 315 | #define SSL_HANDSHAKE_MAC_GOST94 0x40 |
| 314 | #define SSL_HANDSHAKE_MAC_SHA256 0x80 | 316 | #define SSL_HANDSHAKE_MAC_SHA256 0x80 |
| 315 | #define SSL_HANDSHAKE_MAC_SHA384 0x100 | 317 | #define SSL_HANDSHAKE_MAC_SHA384 0x100 |
| 318 | #define SSL_HANDSHAKE_MAC_STREEBOG256 0x200 | ||
| 319 | #define SSL_HANDSHAKE_MAC_STREEBOG512 0x400 | ||
| 316 | #define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) | 320 | #define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) |
| 317 | 321 | ||
| 318 | /* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX | 322 | /* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX |
| 319 | * make sure to update this constant too */ | 323 | * make sure to update this constant too */ |
| 320 | #define SSL_MAX_DIGEST 6 | 324 | #define SSL_MAX_DIGEST 8 |
| 321 | 325 | ||
| 322 | #define SSL3_CK_ID 0x03000000 | 326 | #define SSL3_CK_ID 0x03000000 |
| 323 | #define SSL3_CK_VALUE_MASK 0x0000ffff | 327 | #define SSL3_CK_VALUE_MASK 0x0000ffff |
| @@ -330,6 +334,7 @@ | |||
| 330 | #define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT) | 334 | #define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT) |
| 331 | #define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT) | 335 | #define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT) |
| 332 | #define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT) | 336 | #define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT) |
| 337 | #define TLS1_PRF_STREEBOG256 (SSL_HANDSHAKE_MAC_STREEBOG256 << TLS1_PRF_DGST_SHIFT) | ||
| 333 | #define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) | 338 | #define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) |
| 334 | 339 | ||
| 335 | /* Stream MAC for GOST ciphersuites from cryptopro draft | 340 | /* Stream MAC for GOST ciphersuites from cryptopro draft |
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index fc313efc2c..620da6ddd0 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_enc.c,v 1.72 2014/11/16 14:12:47 jsing Exp $ */ | 1 | /* $OpenBSD: t1_enc.c,v 1.73 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -448,6 +448,18 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys, | |||
| 448 | mac_secret_size, (unsigned char *)mac_secret); | 448 | mac_secret_size, (unsigned char *)mac_secret); |
| 449 | } | 449 | } |
| 450 | 450 | ||
| 451 | if (s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) { | ||
| 452 | int nid; | ||
| 453 | if (s->s3->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) | ||
| 454 | nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; | ||
| 455 | else | ||
| 456 | nid = NID_id_tc26_gost_28147_param_Z; | ||
| 457 | |||
| 458 | EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0); | ||
| 459 | if (s->s3->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC) | ||
| 460 | EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0); | ||
| 461 | } | ||
| 462 | |||
| 451 | return (1); | 463 | return (1); |
| 452 | 464 | ||
| 453 | err: | 465 | err: |
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index b1b9ac4a87..d593fe6baf 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.66 2014/11/03 17:21:30 tedu Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.67 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -587,6 +587,9 @@ static unsigned char tls12_sigalgs[] = { | |||
| 587 | TLSEXT_hash_sha512, TLSEXT_signature_rsa, | 587 | TLSEXT_hash_sha512, TLSEXT_signature_rsa, |
| 588 | TLSEXT_hash_sha512, TLSEXT_signature_dsa, | 588 | TLSEXT_hash_sha512, TLSEXT_signature_dsa, |
| 589 | TLSEXT_hash_sha512, TLSEXT_signature_ecdsa, | 589 | TLSEXT_hash_sha512, TLSEXT_signature_ecdsa, |
| 590 | #ifndef OPENSSL_NO_GOST | ||
| 591 | TLSEXT_hash_streebog_512, TLSEXT_signature_gostr12_512, | ||
| 592 | #endif | ||
| 590 | 593 | ||
| 591 | TLSEXT_hash_sha384, TLSEXT_signature_rsa, | 594 | TLSEXT_hash_sha384, TLSEXT_signature_rsa, |
| 592 | TLSEXT_hash_sha384, TLSEXT_signature_dsa, | 595 | TLSEXT_hash_sha384, TLSEXT_signature_dsa, |
| @@ -596,6 +599,11 @@ static unsigned char tls12_sigalgs[] = { | |||
| 596 | TLSEXT_hash_sha256, TLSEXT_signature_dsa, | 599 | TLSEXT_hash_sha256, TLSEXT_signature_dsa, |
| 597 | TLSEXT_hash_sha256, TLSEXT_signature_ecdsa, | 600 | TLSEXT_hash_sha256, TLSEXT_signature_ecdsa, |
| 598 | 601 | ||
| 602 | #ifndef OPENSSL_NO_GOST | ||
| 603 | TLSEXT_hash_streebog_256, TLSEXT_signature_gostr12_256, | ||
| 604 | TLSEXT_hash_gost94, TLSEXT_signature_gostr01, | ||
| 605 | #endif | ||
| 606 | |||
| 599 | TLSEXT_hash_sha224, TLSEXT_signature_rsa, | 607 | TLSEXT_hash_sha224, TLSEXT_signature_rsa, |
| 600 | TLSEXT_hash_sha224, TLSEXT_signature_dsa, | 608 | TLSEXT_hash_sha224, TLSEXT_signature_dsa, |
| 601 | TLSEXT_hash_sha224, TLSEXT_signature_ecdsa, | 609 | TLSEXT_hash_sha224, TLSEXT_signature_ecdsa, |
| @@ -2166,13 +2174,17 @@ static tls12_lookup tls12_md[] = { | |||
| 2166 | {NID_sha224, TLSEXT_hash_sha224}, | 2174 | {NID_sha224, TLSEXT_hash_sha224}, |
| 2167 | {NID_sha256, TLSEXT_hash_sha256}, | 2175 | {NID_sha256, TLSEXT_hash_sha256}, |
| 2168 | {NID_sha384, TLSEXT_hash_sha384}, | 2176 | {NID_sha384, TLSEXT_hash_sha384}, |
| 2169 | {NID_sha512, TLSEXT_hash_sha512} | 2177 | {NID_sha512, TLSEXT_hash_sha512}, |
| 2178 | {NID_id_GostR3411_94, TLSEXT_hash_gost94}, | ||
| 2179 | {NID_id_tc26_gost3411_2012_256, TLSEXT_hash_streebog_256}, | ||
| 2180 | {NID_id_tc26_gost3411_2012_512, TLSEXT_hash_streebog_512} | ||
| 2170 | }; | 2181 | }; |
| 2171 | 2182 | ||
| 2172 | static tls12_lookup tls12_sig[] = { | 2183 | static tls12_lookup tls12_sig[] = { |
| 2173 | {EVP_PKEY_RSA, TLSEXT_signature_rsa}, | 2184 | {EVP_PKEY_RSA, TLSEXT_signature_rsa}, |
| 2174 | {EVP_PKEY_DSA, TLSEXT_signature_dsa}, | 2185 | {EVP_PKEY_DSA, TLSEXT_signature_dsa}, |
| 2175 | {EVP_PKEY_EC, TLSEXT_signature_ecdsa} | 2186 | {EVP_PKEY_EC, TLSEXT_signature_ecdsa}, |
| 2187 | {EVP_PKEY_GOSTR01, TLSEXT_signature_gostr01}, | ||
| 2176 | }; | 2188 | }; |
| 2177 | 2189 | ||
| 2178 | static int | 2190 | static int |
| @@ -2225,6 +2237,14 @@ tls12_get_hash(unsigned char hash_alg) | |||
| 2225 | return EVP_sha384(); | 2237 | return EVP_sha384(); |
| 2226 | case TLSEXT_hash_sha512: | 2238 | case TLSEXT_hash_sha512: |
| 2227 | return EVP_sha512(); | 2239 | return EVP_sha512(); |
| 2240 | #ifndef OPENSSL_NO_GOST | ||
| 2241 | case TLSEXT_hash_gost94: | ||
| 2242 | return EVP_gostr341194(); | ||
| 2243 | case TLSEXT_hash_streebog_256: | ||
| 2244 | return EVP_streebog256(); | ||
| 2245 | case TLSEXT_hash_streebog_512: | ||
| 2246 | return EVP_streebog512(); | ||
| 2247 | #endif | ||
| 2228 | default: | 2248 | default: |
| 2229 | return NULL; | 2249 | return NULL; |
| 2230 | } | 2250 | } |
| @@ -2251,6 +2271,8 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) | |||
| 2251 | c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; | 2271 | c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; |
| 2252 | c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; | 2272 | c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; |
| 2253 | c->pkeys[SSL_PKEY_ECC].digest = NULL; | 2273 | c->pkeys[SSL_PKEY_ECC].digest = NULL; |
| 2274 | c->pkeys[SSL_PKEY_GOST94].digest = NULL; | ||
| 2275 | c->pkeys[SSL_PKEY_GOST01].digest = NULL; | ||
| 2254 | 2276 | ||
| 2255 | for (i = 0; i < dsize; i += 2) { | 2277 | for (i = 0; i < dsize; i += 2) { |
| 2256 | unsigned char hash_alg = data[i], sig_alg = data[i + 1]; | 2278 | unsigned char hash_alg = data[i], sig_alg = data[i + 1]; |
| @@ -2265,6 +2287,11 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) | |||
| 2265 | case TLSEXT_signature_ecdsa: | 2287 | case TLSEXT_signature_ecdsa: |
| 2266 | idx = SSL_PKEY_ECC; | 2288 | idx = SSL_PKEY_ECC; |
| 2267 | break; | 2289 | break; |
| 2290 | case TLSEXT_signature_gostr01: | ||
| 2291 | case TLSEXT_signature_gostr12_256: | ||
| 2292 | case TLSEXT_signature_gostr12_512: | ||
| 2293 | idx = SSL_PKEY_GOST01; | ||
| 2294 | break; | ||
| 2268 | default: | 2295 | default: |
| 2269 | continue; | 2296 | continue; |
| 2270 | } | 2297 | } |
| @@ -2291,5 +2318,11 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) | |||
| 2291 | } | 2318 | } |
| 2292 | if (!c->pkeys[SSL_PKEY_ECC].digest) | 2319 | if (!c->pkeys[SSL_PKEY_ECC].digest) |
| 2293 | c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); | 2320 | c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); |
| 2321 | #ifndef OPENSSL_NO_GOST | ||
| 2322 | if (!c->pkeys[SSL_PKEY_GOST94].digest) | ||
| 2323 | c->pkeys[SSL_PKEY_GOST94].digest = EVP_gostr341194(); | ||
| 2324 | if (!c->pkeys[SSL_PKEY_GOST01].digest) | ||
| 2325 | c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194(); | ||
| 2326 | #endif | ||
| 2294 | return 1; | 2327 | return 1; |
| 2295 | } | 2328 | } |
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index d2d1657edf..60dc7919a4 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls1.h,v 1.21 2014/10/31 15:50:28 jsing Exp $ */ | 1 | /* $OpenBSD: tls1.h,v 1.22 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -275,6 +275,10 @@ extern "C" { | |||
| 275 | #define TLSEXT_signature_rsa 1 | 275 | #define TLSEXT_signature_rsa 1 |
| 276 | #define TLSEXT_signature_dsa 2 | 276 | #define TLSEXT_signature_dsa 2 |
| 277 | #define TLSEXT_signature_ecdsa 3 | 277 | #define TLSEXT_signature_ecdsa 3 |
| 278 | /* FIXME IANA */ | ||
| 279 | #define TLSEXT_signature_gostr01 237 | ||
| 280 | #define TLSEXT_signature_gostr12_256 238 | ||
| 281 | #define TLSEXT_signature_gostr12_512 239 | ||
| 278 | 282 | ||
| 279 | #define TLSEXT_hash_none 0 | 283 | #define TLSEXT_hash_none 0 |
| 280 | #define TLSEXT_hash_md5 1 | 284 | #define TLSEXT_hash_md5 1 |
| @@ -283,6 +287,10 @@ extern "C" { | |||
| 283 | #define TLSEXT_hash_sha256 4 | 287 | #define TLSEXT_hash_sha256 4 |
| 284 | #define TLSEXT_hash_sha384 5 | 288 | #define TLSEXT_hash_sha384 5 |
| 285 | #define TLSEXT_hash_sha512 6 | 289 | #define TLSEXT_hash_sha512 6 |
| 290 | /* FIXME IANA */ | ||
| 291 | #define TLSEXT_hash_gost94 237 | ||
| 292 | #define TLSEXT_hash_streebog_256 238 | ||
| 293 | #define TLSEXT_hash_streebog_512 239 | ||
| 286 | 294 | ||
| 287 | #define TLSEXT_MAXLEN_host_name 255 | 295 | #define TLSEXT_MAXLEN_host_name 255 |
| 288 | 296 | ||
| @@ -669,9 +677,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 669 | #define TLS_CT_ECDSA_FIXED_ECDH 66 | 677 | #define TLS_CT_ECDSA_FIXED_ECDH 66 |
| 670 | #define TLS_CT_GOST94_SIGN 21 | 678 | #define TLS_CT_GOST94_SIGN 21 |
| 671 | #define TLS_CT_GOST01_SIGN 22 | 679 | #define TLS_CT_GOST01_SIGN 22 |
| 680 | #define TLS_CT_GOST12_256_SIGN 238 /* FIXME: IANA */ | ||
| 681 | #define TLS_CT_GOST12_512_SIGN 239 /* FIXME: IANA */ | ||
| 672 | /* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see | 682 | /* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see |
| 673 | * comment there) */ | 683 | * comment there) */ |
| 674 | #define TLS_CT_NUMBER 9 | 684 | #define TLS_CT_NUMBER 11 |
| 675 | 685 | ||
| 676 | #define TLS1_FINISH_MAC_LENGTH 12 | 686 | #define TLS1_FINISH_MAC_LENGTH 12 |
| 677 | 687 | ||