1 files changed, 56 insertions, 22 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index a9f82b39d2..e1b2f9cf2d 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.90 2014/11/16 14:12:47 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.91 2014/11/18 05:33:43 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -159,6 +159,9 @@
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
 #include <openssl/dh.h>
+#ifndef OPENSSL_NO_GOST
+#include <openssl/gost.h>
+#endif
 #include <openssl/hmac.h>
 #include <openssl/md5.h>
 #include <openssl/objects.h>
@@ -516,6 +519,7 @@ ssl3_accept(SSL *s)
                        ret = ssl3_get_client_key_exchange(s);
                        if (ret <= 0)
                                goto end;
+                        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
                        if (ret == 2) {
                                /*
                                 * For the ECDH ciphersuites when
@@ -535,7 +539,7 @@ ssl3_accept(SSL *s)
                                        s->state = SSL3_ST_SR_FINISHED_A;
 #endif
                                s->init_num = 0;
-                        } else if (SSL_USE_SIGALGS(s)) {
+                        } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
                                s->state = SSL3_ST_SR_CERT_VRFY_A;
                                s->init_num = 0;
                                if (!s->session->peer)
@@ -842,6 +846,7 @@ ssl3_get_client_hello(SSL *s)
        unsigned char *p, *d;
        SSL_CIPHER *c;
        STACK_OF(SSL_CIPHER) *ciphers = NULL;
+        unsigned long alg_k;
        /*
         * We do this so that we will respond with our native type.
@@ -1175,7 +1180,9 @@ ssl3_get_client_hello(SSL *s)
                s->s3->tmp.new_cipher = s->session->cipher;
        }
-        if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER)) {
+        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+        if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) ||
+            !(s->verify_mode & SSL_VERIFY_PEER)) {
                if (!ssl3_digest_cached_records(s)) {
                        al = SSL_AD_INTERNAL_ERROR;
                        goto f_err;
@@ -2336,7 +2343,7 @@ ssl3_get_cert_verify(SSL *s)
                        goto f_err;
                }
-                if (EVP_VerifyFinal(&mctx, p , i, pkey) <= 0) {
+                if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) {
                        al = SSL_AD_DECRYPT_ERROR;
                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
                            SSL_R_BAD_SIGNATURE);
@@ -2384,38 +2391,65 @@ ssl3_get_cert_verify(SSL *s)
                        goto f_err;
                }
        } else
+#ifndef OPENSSL_NO_GOST
        if (pkey->type == NID_id_GostR3410_94 ||
            pkey->type == NID_id_GostR3410_2001) {
-                unsigned char signature[64];
+                long hdatalen = 0;
-                int idx;
+                void *hdata;
+                unsigned char signature[128];
+                unsigned int siglen = sizeof(signature);
+                int nid;
                EVP_PKEY_CTX *pctx;
-               
-                if (i != 64) {
+                hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+                if (hdatalen <= 0) {
                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
-                            SSL_R_WRONG_SIGNATURE_SIZE);
+                            ERR_R_INTERNAL_ERROR);
-                        al = SSL_AD_DECODE_ERROR;
+                        al = SSL_AD_INTERNAL_ERROR;
+                        goto f_err;
+                }
+                if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
+                                !(md = EVP_get_digestbynid(nid))) {
+                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+                                        ERR_R_EVP_LIB);
+                        al = SSL_AD_INTERNAL_ERROR;
                        goto f_err;
                }
                pctx = EVP_PKEY_CTX_new(pkey, NULL);
-                if (pctx == NULL) {
+                if (!pctx) {
                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
-                            ERR_R_INTERNAL_ERROR);
+                            ERR_R_EVP_LIB);
-                        al = SSL_AD_DECODE_ERROR;
+                        al = SSL_AD_INTERNAL_ERROR;
                        goto f_err;
                }
-                EVP_PKEY_verify_init(pctx);
+                if (!EVP_DigestInit_ex(&mctx, md, NULL) ||
-                for (idx = 0; idx < 64; idx++)
+                    !EVP_DigestUpdate(&mctx, hdata, hdatalen) ||
-                        signature[63 - idx] = p[idx];
+                    !EVP_DigestFinal(&mctx, signature, &siglen) ||
-                j = EVP_PKEY_verify(pctx, signature, 64,
+                    (EVP_PKEY_verify_init(pctx) <= 0) ||
-                    s->s3->tmp.cert_verify_md, 32);
+                    (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) ||
-                EVP_PKEY_CTX_free(pctx);
+                    (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
-                if (j <= 0) {
+                                       EVP_PKEY_CTRL_GOST_SIG_FORMAT,
+                                       GOST_SIG_FORMAT_RS_LE,
+                                       NULL) <= 0)) {
+                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+                            ERR_R_EVP_LIB);
+                        al = SSL_AD_INTERNAL_ERROR;
+                        EVP_PKEY_CTX_free(pctx);
+                        goto f_err;
+                }
+                if (EVP_PKEY_verify(pctx, p, i, signature, siglen) <= 0) {
                        al = SSL_AD_DECRYPT_ERROR;
                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
-                            SSL_R_BAD_ECDSA_SIGNATURE);
+                            SSL_R_BAD_SIGNATURE);
+                        EVP_PKEY_CTX_free(pctx);
                        goto f_err;
                }
-        } else {
+                EVP_PKEY_CTX_free(pctx);
+        } else
+#endif
+        {
                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
                    ERR_R_INTERNAL_ERROR);
                al = SSL_AD_UNSUPPORTED_CERTIFICATE;

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index a9f82b39d2..e1b2f9cf2d 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.90 2014/11/16 14:12:47 jsing Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.91 2014/11/18 05:33:43 miod Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -159,6 +159,9 @@
159	#include <openssl/buffer.h>	159	#include <openssl/buffer.h>
160	#include <openssl/evp.h>	160	#include <openssl/evp.h>
161	#include <openssl/dh.h>	161	#include <openssl/dh.h>
		162	#ifndef OPENSSL_NO_GOST
		163	#include <openssl/gost.h>
		164	#endif
162	#include <openssl/hmac.h>	165	#include <openssl/hmac.h>
163	#include <openssl/md5.h>	166	#include <openssl/md5.h>
164	#include <openssl/objects.h>	167	#include <openssl/objects.h>
@@ -516,6 +519,7 @@ ssl3_accept(SSL *s)
516	ret = ssl3_get_client_key_exchange(s);	519	ret = ssl3_get_client_key_exchange(s);
517	if (ret <= 0)	520	if (ret <= 0)
518	goto end;	521	goto end;
		522	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
519	if (ret == 2) {	523	if (ret == 2) {
520	/*	524	/*
521	* For the ECDH ciphersuites when	525	* For the ECDH ciphersuites when
@@ -535,7 +539,7 @@ ssl3_accept(SSL *s)
535	s->state = SSL3_ST_SR_FINISHED_A;	539	s->state = SSL3_ST_SR_FINISHED_A;
536	#endif	540	#endif
537	s->init_num = 0;	541	s->init_num = 0;
538	} else if (SSL_USE_SIGALGS(s)) {	542	} else if (SSL_USE_SIGALGS(s) \|\| (alg_k & SSL_kGOST)) {
539	s->state = SSL3_ST_SR_CERT_VRFY_A;	543	s->state = SSL3_ST_SR_CERT_VRFY_A;
540	s->init_num = 0;	544	s->init_num = 0;
541	if (!s->session->peer)	545	if (!s->session->peer)
@@ -842,6 +846,7 @@ ssl3_get_client_hello(SSL *s)
842	unsigned char p, d;	846	unsigned char p, d;
843	SSL_CIPHER *c;	847	SSL_CIPHER *c;
844	STACK_OF(SSL_CIPHER) *ciphers = NULL;	848	STACK_OF(SSL_CIPHER) *ciphers = NULL;
		849	unsigned long alg_k;
845		850
846	/*	851	/*
847	* We do this so that we will respond with our native type.	852	* We do this so that we will respond with our native type.
@@ -1175,7 +1180,9 @@ ssl3_get_client_hello(SSL *s)
1175	s->s3->tmp.new_cipher = s->session->cipher;	1180	s->s3->tmp.new_cipher = s->session->cipher;
1176	}	1181	}
1177		1182
1178	if (!SSL_USE_SIGALGS(s) \|\| !(s->verify_mode & SSL_VERIFY_PEER)) {	1183	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
		1184	if (!(SSL_USE_SIGALGS(s) \|\| (alg_k & SSL_kGOST)) \|\|
		1185	!(s->verify_mode & SSL_VERIFY_PEER)) {
1179	if (!ssl3_digest_cached_records(s)) {	1186	if (!ssl3_digest_cached_records(s)) {
1180	al = SSL_AD_INTERNAL_ERROR;	1187	al = SSL_AD_INTERNAL_ERROR;
1181	goto f_err;	1188	goto f_err;
@@ -2336,7 +2343,7 @@ ssl3_get_cert_verify(SSL *s)
2336	goto f_err;	2343	goto f_err;
2337	}	2344	}
2338		2345
2339	if (EVP_VerifyFinal(&mctx, p , i, pkey) <= 0) {	2346	if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) {
2340	al = SSL_AD_DECRYPT_ERROR;	2347	al = SSL_AD_DECRYPT_ERROR;
2341	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,	2348	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2342	SSL_R_BAD_SIGNATURE);	2349	SSL_R_BAD_SIGNATURE);
@@ -2384,38 +2391,65 @@ ssl3_get_cert_verify(SSL *s)
2384	goto f_err;	2391	goto f_err;
2385	}	2392	}
2386	} else	2393	} else
		2394	#ifndef OPENSSL_NO_GOST
2387	if (pkey->type == NID_id_GostR3410_94 \|\|	2395	if (pkey->type == NID_id_GostR3410_94 \|\|
2388	pkey->type == NID_id_GostR3410_2001) {	2396	pkey->type == NID_id_GostR3410_2001) {
2389	unsigned char signature[64];	2397	long hdatalen = 0;
2390	int idx;	2398	void *hdata;
		2399	unsigned char signature[128];
		2400	unsigned int siglen = sizeof(signature);
		2401	int nid;
2391	EVP_PKEY_CTX *pctx;	2402	EVP_PKEY_CTX *pctx;
2392		2403
2393	if (i != 64) {	2404	hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
		2405	if (hdatalen <= 0) {
2394	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,	2406	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2395	SSL_R_WRONG_SIGNATURE_SIZE);	2407	ERR_R_INTERNAL_ERROR);
2396	al = SSL_AD_DECODE_ERROR;	2408	al = SSL_AD_INTERNAL_ERROR;
		2409	goto f_err;
		2410	}
		2411	if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) \|\|
		2412	!(md = EVP_get_digestbynid(nid))) {
		2413	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
		2414	ERR_R_EVP_LIB);
		2415	al = SSL_AD_INTERNAL_ERROR;
2397	goto f_err;	2416	goto f_err;
2398	}	2417	}
2399	pctx = EVP_PKEY_CTX_new(pkey, NULL);	2418	pctx = EVP_PKEY_CTX_new(pkey, NULL);
2400	if (pctx == NULL) {	2419	if (!pctx) {
2401	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,	2420	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2402	ERR_R_INTERNAL_ERROR);	2421	ERR_R_EVP_LIB);
2403	al = SSL_AD_DECODE_ERROR;	2422	al = SSL_AD_INTERNAL_ERROR;
2404	goto f_err;	2423	goto f_err;
2405	}	2424	}
2406	EVP_PKEY_verify_init(pctx);	2425	if (!EVP_DigestInit_ex(&mctx, md, NULL) \|\|
2407	for (idx = 0; idx < 64; idx++)	2426	!EVP_DigestUpdate(&mctx, hdata, hdatalen) \|\|
2408	signature[63 - idx] = p[idx];	2427	!EVP_DigestFinal(&mctx, signature, &siglen) \|\|
2409	j = EVP_PKEY_verify(pctx, signature, 64,	2428	(EVP_PKEY_verify_init(pctx) <= 0) \|\|
2410	s->s3->tmp.cert_verify_md, 32);	2429	(EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) \|\|
2411	EVP_PKEY_CTX_free(pctx);	2430	(EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
2412	if (j <= 0) {	2431	EVP_PKEY_CTRL_GOST_SIG_FORMAT,
		2432	GOST_SIG_FORMAT_RS_LE,
		2433	NULL) <= 0)) {
		2434	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
		2435	ERR_R_EVP_LIB);
		2436	al = SSL_AD_INTERNAL_ERROR;
		2437	EVP_PKEY_CTX_free(pctx);
		2438	goto f_err;
		2439	}
		2440
		2441	if (EVP_PKEY_verify(pctx, p, i, signature, siglen) <= 0) {
2413	al = SSL_AD_DECRYPT_ERROR;	2442	al = SSL_AD_DECRYPT_ERROR;
2414	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,	2443	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2415	SSL_R_BAD_ECDSA_SIGNATURE);	2444	SSL_R_BAD_SIGNATURE);
		2445	EVP_PKEY_CTX_free(pctx);
2416	goto f_err;	2446	goto f_err;
2417	}	2447	}
2418	} else {	2448
		2449	EVP_PKEY_CTX_free(pctx);
		2450	} else
		2451	#endif
		2452	{
2419	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,	2453	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2420	ERR_R_INTERNAL_ERROR);	2454	ERR_R_INTERNAL_ERROR);
2421	al = SSL_AD_UNSUPPORTED_CERTIFICATE;	2455	al = SSL_AD_UNSUPPORTED_CERTIFICATE;