SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync with OpenBSD -current

Browse source
This commit is contained in:
purplerain 2024-02-04 06:16:28 +00:00
parent 7d66fd8cb0
commit 3f3212838f
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
122 changed files with 1363 additions and 8580 deletions
Download patch file Download diff file Expand all files Collapse all files

86
lib/libssl/s3_lib.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: s3_lib.c,v 1.248 2023/11/29 13:39:34 tb Exp $ */
/* $OpenBSD: s3_lib.c,v 1.249 2024/02/03 15:58:33 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -577,41 +577,6 @@ const SSL_CIPHER ssl3_ciphers[] = {
.alg_bits = 256,
},
/* GOST Ciphersuites */
/* Cipher 81 */
{
.valid = 1,
.name = "GOST2001-GOST89-GOST89",
.id = 0x3000081,
.algorithm_mkey = SSL_kGOST,
.algorithm_auth = SSL_aGOST01,
.algorithm_enc = SSL_eGOST2814789CNT,
.algorithm_mac = SSL_GOST89MAC,
.algorithm_ssl = SSL_TLSV1,
.algo_strength = SSL_HIGH,
.algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|
TLS1_STREAM_MAC,
.strength_bits = 256,
.alg_bits = 256
},
/* Cipher 83 */
{
.valid = 1,
.name = "GOST2001-NULL-GOST94",
.id = 0x3000083,
.algorithm_mkey = SSL_kGOST,
.algorithm_auth = SSL_aGOST01,
.algorithm_enc = SSL_eNULL,
.algorithm_mac = SSL_GOST94,
.algorithm_ssl = SSL_TLSV1,
.algo_strength = SSL_STRONG_NONE,
.algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
.strength_bits = 0,
.alg_bits = 0
},
#ifndef OPENSSL_NO_CAMELLIA
/* Camellia ciphersuites from RFC4132 (256-bit portion) */
@ -1362,40 +1327,6 @@ const SSL_CIPHER ssl3_ciphers[] = {
.alg_bits = 256,
},
/* Cipher FF85 FIXME IANA */
{
.valid = 1,
.name = "GOST2012256-GOST89-GOST89",
.id = 0x300ff85, /* FIXME IANA */
.algorithm_mkey = SSL_kGOST,
.algorithm_auth = SSL_aGOST01,
.algorithm_enc = SSL_eGOST2814789CNT,
.algorithm_mac = SSL_GOST89MAC,
.algorithm_ssl = SSL_TLSV1,
.algo_strength = SSL_HIGH,
.algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256|
TLS1_STREAM_MAC,
.strength_bits = 256,
.alg_bits = 256
},
/* Cipher FF87 FIXME IANA */
{
.valid = 1,
.name = "GOST2012256-NULL-STREEBOG256",
.id = 0x300ff87, /* FIXME IANA */
.algorithm_mkey = SSL_kGOST,
.algorithm_auth = SSL_aGOST01,
.algorithm_enc = SSL_eNULL,
.algorithm_mac = SSL_STREEBOG256,
.algorithm_ssl = SSL_TLSV1,
.algo_strength = SSL_STRONG_NONE,
.algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256,
.strength_bits = 0,
.alg_bits = 0
},
/* end of list */
};
@ -2668,21 +2599,6 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb)
alg_k = s->s3->hs.cipher->algorithm_mkey;
#ifndef OPENSSL_NO_GOST
if ((alg_k & SSL_kGOST) != 0) {
if (!CBB_add_u8(cbb, TLS_CT_GOST01_SIGN))
return 0;
if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN))
return 0;
if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN))
return 0;
if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN_COMPAT))
return 0;
if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN_COMPAT))
return 0;
}
#endif
if ((alg_k & SSL_kDHE) != 0) {
if (!CBB_add_u8(cbb, SSL3_CT_RSA_FIXED_DH))
return 0;

11
lib/libssl/ssl.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl.h,v 1.232 2023/11/22 15:43:42 tb Exp $ */
/* $OpenBSD: ssl.h,v 1.233 2024/02/03 15:58:33 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -245,7 +245,6 @@ extern "C" {
#define SSL_TXT_kECDH "kECDH"
#define SSL_TXT_kEECDH "kEECDH"
#define SSL_TXT_kPSK "kPSK"
#define SSL_TXT_kGOST "kGOST"
#define SSL_TXT_kSRP "kSRP"
#define SSL_TXT_aRSA "aRSA"
@ -255,9 +254,6 @@ extern "C" {
#define SSL_TXT_aKRB5 "aKRB5"
#define SSL_TXT_aECDSA "aECDSA"
#define SSL_TXT_aPSK "aPSK"
#define SSL_TXT_aGOST94 "aGOST94"
#define SSL_TXT_aGOST01 "aGOST01"
#define SSL_TXT_aGOST "aGOST"
#define SSL_TXT_DSS "DSS"
#define SSL_TXT_DH "DH"
@ -293,12 +289,8 @@ extern "C" {
#define SSL_TXT_MD5 "MD5"
#define SSL_TXT_SHA1 "SHA1"
#define SSL_TXT_SHA "SHA" /* same as "SHA1" */
#define SSL_TXT_GOST94 "GOST94"
#define SSL_TXT_GOST89MAC "GOST89MAC"
#define SSL_TXT_SHA256 "SHA256"
#define SSL_TXT_SHA384 "SHA384"
#define SSL_TXT_STREEBOG256 "STREEBOG256"
#define SSL_TXT_STREEBOG512 "STREEBOG512"
#define SSL_TXT_DTLS1 "DTLSv1"
#define SSL_TXT_DTLS1_2 "DTLSv1.2"
@ -2176,7 +2168,6 @@ void ERR_load_SSL_strings(void);
#define SSL_R_NO_CLIENT_CERT_METHOD 331
#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
#define SSL_R_NO_COMPRESSION_SPECIFIED 187
#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330
#define SSL_R_NO_METHOD_SPECIFIED 188
#define SSL_R_NO_PRIVATEKEY 189
#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190

4
lib/libssl/ssl3.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl3.h,v 1.57 2021/09/10 14:49:13 tb Exp $ */
/* $OpenBSD: ssl3.h,v 1.58 2024/02/03 15:58:33 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -325,7 +325,7 @@ extern "C" {
* enough to contain all of the cert types defined either for
* SSLv3 and TLSv1.
*/
#define SSL3_CT_NUMBER 13
#define SSL3_CT_NUMBER 7
#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010

5
lib/libssl/ssl_both.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_both.c,v 1.46 2023/07/07 08:53:55 tb Exp $ */
/* $OpenBSD: ssl_both.c,v 1.47 2024/02/03 15:58:33 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -384,9 +384,6 @@ ssl_cert_type(EVP_PKEY *pkey)
switch (EVP_PKEY_id(pkey)) {
case EVP_PKEY_EC:
return SSL_PKEY_ECC;
case NID_id_GostR3410_2001:
case NID_id_GostR3410_2001_cc:
return SSL_PKEY_GOST01;
case EVP_PKEY_RSA:
case EVP_PKEY_RSA_PSS:
return SSL_PKEY_RSA;

6
lib/libssl/ssl_cert.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_cert.c,v 1.107 2023/07/08 16:40:13 beck Exp $ */
/* $OpenBSD: ssl_cert.c,v 1.108 2024/02/03 15:58:33 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -233,10 +233,6 @@ ssl_cert_dup(SSL_CERT *cert)
/* We have an ECC key */
break;
case SSL_PKEY_GOST01:
/* We have a GOST key */
break;
default:
/* Can't happen. */
SSLerrorx(SSL_R_LIBRARY_BUG);

107
lib/libssl/ssl_ciph.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_ciph.c,v 1.138 2024/01/04 20:02:10 tb Exp $ */
/* $OpenBSD: ssl_ciph.c,v 1.139 2024/02/03 15:58:33 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -212,10 +212,6 @@ static const SSL_CIPHER cipher_aliases[] = {
.name = SSL_TXT_ECDH,
.algorithm_mkey = SSL_kECDHE,
},
{
.name = SSL_TXT_kGOST,
.algorithm_mkey = SSL_kGOST,
},
/* server authentication aliases */
{
@ -242,14 +238,6 @@ static const SSL_CIPHER cipher_aliases[] = {
.name = SSL_TXT_ECDSA,
.algorithm_auth = SSL_aECDSA,
},
{
.name = SSL_TXT_aGOST01,
.algorithm_auth = SSL_aGOST01,
},
{
.name = SSL_TXT_aGOST,
.algorithm_auth = SSL_aGOST01,
},
/* aliases combining key exchange and server authentication */
{
@ -355,14 +343,6 @@ static const SSL_CIPHER cipher_aliases[] = {
.name = SSL_TXT_SHA,
.algorithm_mac = SSL_SHA1,
},
{
.name = SSL_TXT_GOST94,
.algorithm_mac = SSL_GOST94,
},
{
.name = SSL_TXT_GOST89MAC,
.algorithm_mac = SSL_GOST89MAC,
},
{
.name = SSL_TXT_SHA256,
.algorithm_mac = SSL_SHA256,
@ -371,10 +351,6 @@ static const SSL_CIPHER cipher_aliases[] = {
.name = SSL_TXT_SHA384,
.algorithm_mac = SSL_SHA384,
},
{
.name = SSL_TXT_STREEBOG256,
.algorithm_mac = SSL_STREEBOG256,
},
/* protocol version aliases */
{
@ -472,11 +448,6 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
case SSL_CAMELLIA256:
*enc = EVP_camellia_256_cbc();
break;
#ifndef OPENSSL_NO_GOST
case SSL_eGOST2814789CNT:
*enc = EVP_gost2814789_cnt();
break;
#endif
}
switch (ss->cipher->algorithm_mac) {
@ -492,21 +463,11 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
case SSL_SHA384:
*md = EVP_sha384();
break;
#ifndef OPENSSL_NO_GOST
case SSL_GOST89MAC:
*md = EVP_gost2814789imit();
break;
case SSL_GOST94:
*md = EVP_gostr341194();
break;
case SSL_STREEBOG256:
*md = EVP_streebog256();
break;
#endif
}
if (*enc == NULL || *md == NULL)
return 0;
/* XXX remove these from ssl_cipher_get_evp? */
/*
* EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE ciphers are not
* supported via EVP_CIPHER (they should be using EVP_AEAD instead).
@ -515,18 +476,9 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc,
return 0;
if (EVP_CIPHER_mode(*enc) == EVP_CIPH_GCM_MODE)
return 0;
#ifndef OPENSSL_NO_GOST
/* XXX JFC. die in fire already */
if (ss->cipher->algorithm_mac == SSL_GOST89MAC) {
*mac_pkey_type = EVP_PKEY_GOSTIMIT;
*mac_secret_size = 32; /* XXX */
} else {
#endif
*mac_pkey_type = EVP_PKEY_HMAC;
*mac_secret_size = EVP_MD_size(*md);
#ifndef OPENSSL_NO_GOST
}
#endif
*mac_pkey_type = EVP_PKEY_HMAC;
*mac_secret_size = EVP_MD_size(*md);
return 1;
}
@ -581,14 +533,6 @@ ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md)
case SSL_HANDSHAKE_MAC_DEFAULT:
*md = EVP_md5_sha1();
return 1;
#ifndef OPENSSL_NO_GOST
case SSL_HANDSHAKE_MAC_GOST94:
*md = EVP_gostr341194();
return 1;
case SSL_HANDSHAKE_MAC_STREEBOG256:
*md = EVP_streebog256();
return 1;
#endif
case SSL_HANDSHAKE_MAC_SHA256:
*md = EVP_sha256();
return 1;
@ -641,6 +585,7 @@ ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
*head = curr;
}
/* XXX beck: remove this in a followon to removing GOST */
static void
ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
unsigned long *enc, unsigned long *mac, unsigned long *ssl)
@ -651,16 +596,6 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
*mac = 0;
*ssl = 0;
/*
* Check for the availability of GOST 34.10 public/private key
* algorithms. If they are not available disable the associated
* authentication and key exchange algorithms.
*/
#if defined(OPENSSL_NO_GOST) || !defined(EVP_PKEY_GOSTR01)
*auth |= SSL_aGOST01;
*mkey |= SSL_kGOST;
#endif
#ifdef SSL_FORBID_ENULL
*enc |= SSL_eNULL;
#endif
@ -1455,9 +1390,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_kECDHE:
kx = "ECDH";
break;
case SSL_kGOST:
kx = "GOST";
break;
case SSL_kTLS1_3:
kx = "TLSv1.3";
break;
@ -1478,9 +1410,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_aECDSA:
au = "ECDSA";
break;
case SSL_aGOST01:
au = "GOST01";
break;
case SSL_aTLS1_3:
au = "TLSv1.3";
break;
@ -1520,9 +1449,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_CHACHA20POLY1305:
enc = "ChaCha20-Poly1305";
break;
case SSL_eGOST2814789CNT:
enc = "GOST-28178-89-CNT";
break;
default:
enc = "unknown";
break;
@ -1544,15 +1470,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_AEAD:
mac = "AEAD";
break;
case SSL_GOST94:
mac = "GOST94";
break;
case SSL_GOST89MAC:
mac = "GOST89IMIT";
break;
case SSL_STREEBOG256:
mac = "STREEBOG256";
break;
default:
mac = "unknown";
break;
@ -1666,8 +1583,6 @@ SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c)
return NID_des_cbc;
case SSL_RC4:
return NID_rc4;
case SSL_eGOST2814789CNT:
return NID_gost89_cnt;
default:
return NID_undef;
}
@ -1680,10 +1595,6 @@ SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
switch (c->algorithm_mac) {
case SSL_AEAD:
return NID_undef;
case SSL_GOST89MAC:
return NID_id_Gost28147_89_MAC;
case SSL_GOST94:
return NID_id_GostR3411_94;
case SSL_MD5:
return NID_md5;
case SSL_SHA1:
@ -1692,8 +1603,6 @@ SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
return NID_sha256;
case SSL_SHA384:
return NID_sha384;
case SSL_STREEBOG256:
return NID_id_tc26_gost3411_2012_256;
default:
return NID_undef;
}
@ -1708,8 +1617,6 @@ SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
return NID_kx_dhe;
case SSL_kECDHE:
return NID_kx_ecdhe;
case SSL_kGOST:
return NID_kx_gost;
case SSL_kRSA:
return NID_kx_rsa;
default:
@ -1726,8 +1633,6 @@ SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
return NID_auth_null;
case SSL_aECDSA:
return NID_auth_ecdsa;
case SSL_aGOST01:
return NID_auth_gost01;
case SSL_aRSA:
return NID_auth_rsa;
default:

212
lib/libssl/ssl_clnt.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_clnt.c,v 1.163 2023/12/29 12:24:33 tb Exp $ */
/* $OpenBSD: ssl_clnt.c,v 1.165 2024/02/03 18:03:49 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -161,10 +161,6 @@
#include <openssl/objects.h>
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_GOST
#include <openssl/gost.h>
#endif
#include "bytestring.h"
#include "dtls_local.h"
#include "ssl_local.h"
@ -459,12 +455,6 @@ ssl3_connect(SSL *s)
s->s3->hs.state = SSL3_ST_CW_CHANGE_A;
s->s3->change_cipher_spec = 0;
}
if (!SSL_is_dtls(s)) {
if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
s->s3->hs.state = SSL3_ST_CW_CHANGE_A;
s->s3->change_cipher_spec = 0;
}
}
s->init_num = 0;
break;
@ -829,7 +819,6 @@ ssl3_get_server_hello(SSL *s)
uint8_t compression_method;
const SSL_CIPHER *cipher;
const SSL_METHOD *method;
unsigned long alg_k;
int al, ret;
s->first_packet = 1;
@ -1038,8 +1027,7 @@ ssl3_get_server_hello(SSL *s)
* Don't digest cached records if no sigalgs: we may need them for
* client authentication.
*/
alg_k = s->s3->hs.cipher->algorithm_mkey;
if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)))
if (!SSL_USE_SIGALGS(s))
tls1_transcript_free(s);
if (!CBS_get_u8(&cbs, &compression_method))
@ -1930,119 +1918,6 @@ ssl3_send_client_kex_ecdhe(SSL *s, CBB *cbb)
return ret;
}
static int
ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
{
unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
EVP_PKEY_CTX *pkey_ctx = NULL;
EVP_MD_CTX *ukm_hash = NULL;
EVP_PKEY *pkey;
size_t msglen;
unsigned int md_len;
CBB gostblob;
int nid;
int ret = 0;
/* Get server certificate PKEY and create ctx from it */
pkey = X509_get0_pubkey(s->session->peer_cert);
if (pkey == NULL || s->session->peer_cert_type != SSL_PKEY_GOST01) {
SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
goto err;
}
if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
SSLerror(s, ERR_R_MALLOC_FAILURE);
goto err;
}
/*
* If we have send a certificate, and certificate key parameters match
* those of server certificate, use certificate key for key exchange.
* Otherwise, generate ephemeral key pair.
*/
if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0)
goto err;
/* Generate session key. */
arc4random_buf(premaster_secret, sizeof(premaster_secret));
/*
* If we have client certificate, use its secret as peer key.
* XXX - this presumably lacks PFS.
*/
if (s->s3->hs.tls12.cert_request != 0 &&
s->cert->key->privatekey != NULL) {
if (EVP_PKEY_derive_set_peer(pkey_ctx,
s->cert->key->privatekey) <=0) {
/*
* If there was an error - just ignore it.
* Ephemeral key would be used.
*/
ERR_clear_error();
}
}
/*
* Compute shared IV and store it in algorithm-specific context data.
*/
if ((ukm_hash = EVP_MD_CTX_new()) == NULL) {
SSLerror(s, ERR_R_MALLOC_FAILURE);
goto err;
}
/* XXX check handshake hash instead. */
if (s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
nid = NID_id_GostR3411_94;
else
nid = NID_id_tc26_gost3411_2012_256;
if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)))
goto err;
if (!EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE))
goto err;
if (!EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE))
goto err;
if (!EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len))
goto err;
if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
SSLerror(s, SSL_R_LIBRARY_BUG);
goto err;
}
/*
* Make GOST keytransport blob message, encapsulate it into sequence.
*/
msglen = 255;
if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret,
sizeof(premaster_secret)) < 0) {
SSLerror(s, SSL_R_LIBRARY_BUG);
goto err;
}
if (!CBB_add_asn1(cbb, &gostblob, CBS_ASN1_SEQUENCE))
goto err;
if (!CBB_add_bytes(&gostblob, tmp, msglen))
goto err;
if (!CBB_flush(cbb))
goto err;
/* Check if pubkey from client certificate was used. */
if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
NULL) > 0)
s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
if (!tls12_derive_master_secret(s, premaster_secret, 32))
goto err;
ret = 1;
err:
explicit_bzero(premaster_secret, sizeof(premaster_secret));
EVP_PKEY_CTX_free(pkey_ctx);
EVP_MD_CTX_free(ukm_hash);
return ret;
}
static int
ssl3_send_client_key_exchange(SSL *s)
{
@ -2067,9 +1942,6 @@ ssl3_send_client_key_exchange(SSL *s)
} else if (alg_k & SSL_kECDHE) {
if (!ssl3_send_client_kex_ecdhe(s, &kex))
goto err;
} else if (alg_k & SSL_kGOST) {
if (!ssl3_send_client_kex_gost(s, &kex))
goto err;
} else {
ssl3_send_alert(s, SSL3_AL_FATAL,
SSL_AD_HANDSHAKE_FAILURE);
@ -2115,14 +1987,6 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey,
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
#ifndef OPENSSL_NO_GOST
if (sigalg->key_type == EVP_PKEY_GOSTR01 &&
EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) {
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
#endif
if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
(!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) {
@ -2230,72 +2094,6 @@ ssl3_send_client_verify_ec(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
return ret;
}
#ifndef OPENSSL_NO_GOST
static int
ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
{
CBB cbb_signature;
EVP_MD_CTX *mctx;
EVP_PKEY_CTX *pctx;
const EVP_MD *md;
const unsigned char *hdata;
unsigned char *signature = NULL;
size_t signature_len;
size_t hdata_len;
int nid;
int ret = 0;
if ((mctx = EVP_MD_CTX_new()) == NULL)
goto err;
if (!tls1_transcript_data(s, &hdata, &hdata_len)) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
goto err;
}
if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
(md = EVP_get_digestbynid(nid)) == NULL) {
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, pkey)) {
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
#ifndef OPENSSL_NO_GOST
if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) {
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
#endif
if (!EVP_DigestSign(mctx, NULL, &signature_len, hdata, hdata_len)) {
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
if ((signature = calloc(1, signature_len)) == NULL) {
SSLerror(s, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!EVP_DigestSign(mctx, signature, &signature_len, hdata, hdata_len)) {
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
if (!CBB_add_u16_length_prefixed(cert_verify, &cbb_signature))
goto err;
if (!CBB_add_bytes(&cbb_signature, signature, signature_len))
goto err;
if (!CBB_flush(cert_verify))
goto err;
ret = 1;
err:
EVP_MD_CTX_free(mctx);
free(signature);
return ret;
}
#endif
static int
ssl3_send_client_verify(SSL *s)
{
@ -2331,12 +2129,6 @@ ssl3_send_client_verify(SSL *s)
} else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
if (!ssl3_send_client_verify_ec(s, pkey, &cert_verify))
goto err;
#ifndef OPENSSL_NO_GOST
} else if (EVP_PKEY_id(pkey) == NID_id_GostR3410_94 ||
EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) {
if (!ssl3_send_client_verify_gost(s, pkey, &cert_verify))
goto err;
#endif
} else {
SSLerror(s, ERR_R_INTERNAL_ERROR);
goto err;

3
lib/libssl/ssl_err.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_err.c,v 1.46 2023/07/08 16:40:13 beck Exp $ */
/* $OpenBSD: ssl_err.c,v 1.47 2024/02/03 15:58:33 beck Exp $ */
/* ====================================================================
* Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
*
@ -306,7 +306,6 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
{ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) , "no client cert method"},
{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"},
{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"},
{ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"},
{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) , "no method specified"},
{ERR_REASON(SSL_R_NO_PRIVATEKEY) , "no privatekey"},
{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"},

10
lib/libssl/ssl_lib.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_lib.c,v 1.318 2023/12/29 12:24:33 tb Exp $ */
/* $OpenBSD: ssl_lib.c,v 1.319 2024/02/03 15:58:34 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -2297,12 +2297,6 @@ ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher)
mask_a |= SSL_aECDSA;
}
cpk = &(c->pkeys[SSL_PKEY_GOST01]);
if (cpk->x509 != NULL && cpk->privatekey != NULL) {
mask_k |= SSL_kGOST;
mask_a |= SSL_aGOST01;
}
cpk = &(c->pkeys[SSL_PKEY_RSA]);
if (cpk->x509 != NULL && cpk->privatekey != NULL) {
mask_a |= SSL_aRSA;
@ -2363,8 +2357,6 @@ ssl_get_server_send_pkey(const SSL *s)
i = SSL_PKEY_ECC;
} else if (alg_a & SSL_aRSA) {
i = SSL_PKEY_RSA;
} else if (alg_a & SSL_aGOST01) {
i = SSL_PKEY_GOST01;
} else { /* if (alg_a & SSL_aNULL) */
SSLerror(s, ERR_R_INTERNAL_ERROR);
return (NULL);

20
lib/libssl/ssl_local.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_local.h,v 1.12 2023/12/29 12:24:33 tb Exp $ */
/* $OpenBSD: ssl_local.h,v 1.13 2024/02/03 15:58:34 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -197,7 +197,6 @@ __BEGIN_HIDDEN_DECLS
#define SSL_kRSA 0x00000001L /* RSA key exchange */
#define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */
#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */
#define SSL_kGOST 0x00000200L /* GOST key exchange */
#define SSL_kTLS1_3 0x00000400L /* TLSv1.3 key exchange */
/* Bits for algorithm_auth (server authentication) */
@ -205,7 +204,6 @@ __BEGIN_HIDDEN_DECLS
#define SSL_aDSS 0x00000002L /* DSS auth */
#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */
#define SSL_aECDSA 0x00000040L /* ECDSA auth*/
#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */
#define SSL_aTLS1_3 0x00000400L /* TLSv1.3 authentication */
/* Bits for algorithm_enc (symmetric encryption) */
@ -218,7 +216,6 @@ __BEGIN_HIDDEN_DECLS
#define SSL_AES256 0x00000040L
#define SSL_CAMELLIA128 0x00000080L
#define SSL_CAMELLIA256 0x00000100L
#define SSL_eGOST2814789CNT 0x00000200L
#define SSL_AES128GCM 0x00000400L
#define SSL_AES256GCM 0x00000800L
#define SSL_CHACHA20POLY1305 0x00001000L
@ -231,8 +228,6 @@ __BEGIN_HIDDEN_DECLS
#define SSL_MD5 0x00000001L
#define SSL_SHA1 0x00000002L
#define SSL_GOST94 0x00000004L
#define SSL_GOST89MAC 0x00000008L
#define SSL_SHA256 0x00000010L
#define SSL_SHA384 0x00000020L
/* Not a real MAC, just an indication it is part of cipher */
@ -251,10 +246,8 @@ __BEGIN_HIDDEN_DECLS
#define SSL_HANDSHAKE_MAC_MASK 0xff0
#define SSL_HANDSHAKE_MAC_MD5 0x010
#define SSL_HANDSHAKE_MAC_SHA 0x020
#define SSL_HANDSHAKE_MAC_GOST94 0x040
#define SSL_HANDSHAKE_MAC_SHA256 0x080
#define SSL_HANDSHAKE_MAC_SHA384 0x100
#define SSL_HANDSHAKE_MAC_STREEBOG256 0x200
#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
#define SSL3_CK_ID 0x03000000
@ -267,16 +260,8 @@ __BEGIN_HIDDEN_DECLS
#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
#define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)
#define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT)
#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
#define TLS1_PRF_STREEBOG256 (SSL_HANDSHAKE_MAC_STREEBOG256 << TLS1_PRF_DGST_SHIFT)
#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
/*
* Stream MAC for GOST ciphersuites from cryptopro draft
* (currently this also goes into algorithm2).
*/
#define TLS1_STREAM_MAC 0x04
/*
* SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD is an algorithm2 flag that
* indicates that the variable part of the nonce is included as a prefix of
@ -324,8 +309,7 @@ __BEGIN_HIDDEN_DECLS
#define SSL_PKEY_RSA 0
#define SSL_PKEY_ECC 1
#define SSL_PKEY_GOST01 2
#define SSL_PKEY_NUM 3
#define SSL_PKEY_NUM 2
#define SSL_MAX_EMPTY_RECORDS 32

28
lib/libssl/ssl_sigalgs.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_sigalgs.c,v 1.48 2022/11/26 16:08:56 tb Exp $ */
/* $OpenBSD: ssl_sigalgs.c,v 1.49 2024/02/03 15:58:34 beck Exp $ */
/*
* Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
* Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
@ -41,14 +41,6 @@ const struct ssl_sigalg sigalgs[] = {
.security_level = 5,
.group_nid = NID_secp521r1,
},
#ifndef OPENSSL_NO_GOST
{
.value = SIGALG_GOSTR12_512_STREEBOG_512,
.key_type = EVP_PKEY_GOSTR12_512,
.md = EVP_streebog512,
.security_level = 0,
},
#endif
{
.value = SIGALG_RSA_PKCS1_SHA384,
.key_type = EVP_PKEY_RSA,
@ -75,20 +67,6 @@ const struct ssl_sigalg sigalgs[] = {
.security_level = 3,
.group_nid = NID_X9_62_prime256v1,
},
#ifndef OPENSSL_NO_GOST
{
.value = SIGALG_GOSTR12_256_STREEBOG_256,
.key_type = EVP_PKEY_GOSTR12_256,
.md = EVP_streebog256,
.security_level = 0,
},
{
.value = SIGALG_GOSTR01_GOST94,
.key_type = EVP_PKEY_GOSTR01,
.md = EVP_gostr341194,
.security_level = 0, /* XXX */
},
#endif
{
.value = SIGALG_RSA_PSS_RSAE_SHA256,
.key_type = EVP_PKEY_RSA,
@ -283,10 +261,6 @@ ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey)
return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
case EVP_PKEY_EC:
return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
#ifndef OPENSSL_NO_GOST
case EVP_PKEY_GOSTR01:
return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94);
#endif
}
SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
return NULL;

10
lib/libssl/ssl_sigalgs.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_sigalgs.h,v 1.26 2022/07/02 16:00:12 tb Exp $ */
/* $OpenBSD: ssl_sigalgs.h,v 1.27 2024/02/03 15:58:34 beck Exp $ */
/*
* Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
*
@ -47,14 +47,6 @@ __BEGIN_HIDDEN_DECLS
#define SIGALG_PRIVATE_START 0xFE00
#define SIGALG_PRIVATE_END 0xFFFF
/*
* If Russia can elect the US President, surely
* IANA could fix this problem.
*/
#define SIGALG_GOSTR12_512_STREEBOG_512 0xEFEF
#define SIGALG_GOSTR12_256_STREEBOG_256 0xEEEE
#define SIGALG_GOSTR01_GOST94 0xEDED
/* Legacy sigalg for < TLSv1.2 same value as BoringSSL uses. */
#define SIGALG_RSA_PKCS1_MD5_SHA1 0xFF01

150
lib/libssl/ssl_srvr.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_srvr.c,v 1.158 2023/12/29 12:24:33 tb Exp $ */
/* $OpenBSD: ssl_srvr.c,v 1.160 2024/02/03 17:39:17 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -162,10 +162,6 @@
#include <openssl/opensslconf.h>
#include <openssl/x509.h>
#ifndef OPENSSL_NO_GOST
#include <openssl/gost.h>
#endif
#include "bytestring.h"
#include "dtls_local.h"
#include "ssl_local.h"
@ -564,15 +560,7 @@ ssl3_accept(SSL *s)
}
alg_k = s->s3->hs.cipher->algorithm_mkey;
if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
/*
* A GOST client may use the key from its
* certificate for key exchange, in which case
* the CertificateVerify message is not sent.
*/
s->s3->hs.state = SSL3_ST_SR_FINISHED_A;
s->init_num = 0;
} else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
if (SSL_USE_SIGALGS(s)) {
s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A;
s->init_num = 0;
if (!s->session->peer_cert)
@ -795,7 +783,6 @@ ssl3_get_client_hello(SSL *s)
unsigned long id;
SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *ciphers = NULL;
unsigned long alg_k;
const SSL_METHOD *method;
uint16_t shared_version;
@ -1138,9 +1125,7 @@ ssl3_get_client_hello(SSL *s)
if (!tls1_transcript_hash_init(s))
goto err;
alg_k = s->s3->hs.cipher->algorithm_mkey;
if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) ||
!(s->verify_mode & SSL_VERIFY_PEER))
if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER))
tls1_transcript_free(s);
/*
@ -1815,75 +1800,6 @@ ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs)
return ret;
}
static int
ssl3_get_client_kex_gost(SSL *s, CBS *cbs)
{
unsigned char premaster_secret[32];
EVP_PKEY_CTX *pkey_ctx = NULL;
EVP_PKEY *client_pubkey;
EVP_PKEY *pkey = NULL;
size_t outlen;
CBS gostblob;
/* Get our certificate private key*/
#ifndef OPENSSL_NO_GOST
if ((s->s3->hs.cipher->algorithm_auth & SSL_aGOST01) != 0)
pkey = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
#endif
if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL)
goto err;
if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0)
goto err;
/*
* If client certificate is present and is of the same type,
* maybe use it for key exchange.
* Don't mind errors from EVP_PKEY_derive_set_peer, because
* it is completely valid to use a client certificate for
* authorization only.
*/
if ((client_pubkey = X509_get0_pubkey(s->session->peer_cert)) != NULL) {
if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pubkey) <= 0)
ERR_clear_error();
}
/* Decrypt session key */
if (!CBS_get_asn1(cbs, &gostblob, CBS_ASN1_SEQUENCE))
goto decode_err;
if (CBS_len(cbs) != 0)
goto decode_err;
outlen = sizeof(premaster_secret);
if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen,
CBS_data(&gostblob), CBS_len(&gostblob)) <= 0) {
SSLerror(s, SSL_R_DECRYPTION_FAILED);
goto err;
}
if (!tls12_derive_master_secret(s, premaster_secret,
sizeof(premaster_secret)))
goto err;
/* Check if pubkey from client certificate was used */
if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY,
2, NULL) > 0)
s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
explicit_bzero(premaster_secret, sizeof(premaster_secret));
EVP_PKEY_CTX_free(pkey_ctx);
return 1;
decode_err:
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
err:
explicit_bzero(premaster_secret, sizeof(premaster_secret));
EVP_PKEY_CTX_free(pkey_ctx);
return 0;
}
static int
ssl3_get_client_key_exchange(SSL *s)
{
@ -1912,9 +1828,6 @@ ssl3_get_client_key_exchange(SSL *s)
} else if (alg_k & SSL_kECDHE) {
if (!ssl3_get_client_kex_ecdhe(s, &cbs))
goto err;
} else if (alg_k & SSL_kGOST) {
if (!ssl3_get_client_kex_gost(s, &cbs))
goto err;
} else {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_UNKNOWN_CIPHER_TYPE);
@ -2043,15 +1956,6 @@ ssl3_get_cert_verify(SSL *s)
al = SSL_AD_INTERNAL_ERROR;
goto fatal_err;
}
#ifndef OPENSSL_NO_GOST
if (sigalg->key_type == EVP_PKEY_GOSTR01 &&
EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE,
NULL) <= 0) {
al = SSL_AD_INTERNAL_ERROR;
goto fatal_err;
}
#endif
if (EVP_DigestVerify(mctx, CBS_data(&signature),
CBS_len(&signature), hdata, hdatalen) <= 0) {
SSLerror(s, ERR_R_EVP_LIB);
@ -2096,54 +2000,6 @@ ssl3_get_cert_verify(SSL *s)
SSLerror(s, SSL_R_BAD_ECDSA_SIGNATURE);
goto fatal_err;
}
#ifndef OPENSSL_NO_GOST
} else if (EVP_PKEY_id(pkey) == NID_id_GostR3410_94 ||
EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) {
unsigned char sigbuf[128];
unsigned int siglen = sizeof(sigbuf);
EVP_PKEY_CTX *pctx;
const EVP_MD *md;
int nid;
if (!tls1_transcript_data(s, &hdata, &hdatalen)) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
al = SSL_AD_INTERNAL_ERROR;
goto fatal_err;
}
if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
!(md = EVP_get_digestbynid(nid))) {
SSLerror(s, ERR_R_EVP_LIB);
al = SSL_AD_INTERNAL_ERROR;
goto fatal_err;
}
if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
SSLerror(s, ERR_R_EVP_LIB);
al = SSL_AD_INTERNAL_ERROR;
goto fatal_err;
}
if (!EVP_DigestInit_ex(mctx, md, NULL) ||
!EVP_DigestUpdate(mctx, hdata, hdatalen) ||
!EVP_DigestFinal(mctx, sigbuf, &siglen) ||
(EVP_PKEY_verify_init(pctx) <= 0) ||
(EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) ||
(EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
EVP_PKEY_CTRL_GOST_SIG_FORMAT,
GOST_SIG_FORMAT_RS_LE, NULL) <= 0)) {
SSLerror(s, ERR_R_EVP_LIB);
al = SSL_AD_INTERNAL_ERROR;
EVP_PKEY_CTX_free(pctx);
goto fatal_err;
}
if (EVP_PKEY_verify(pctx, CBS_data(&signature),
CBS_len(&signature), sigbuf, siglen) <= 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerror(s, SSL_R_BAD_SIGNATURE);
EVP_PKEY_CTX_free(pctx);
goto fatal_err;
}
EVP_PKEY_CTX_free(pctx);
#endif
} else {
SSLerror(s, ERR_R_INTERNAL_ERROR);
al = SSL_AD_UNSUPPORTED_CERTIFICATE;

10
lib/libssl/tls1.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: tls1.h,v 1.56 2022/07/17 14:39:09 jsing Exp $ */
/* $OpenBSD: tls1.h,v 1.57 2024/02/03 15:58:34 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -741,18 +741,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
#define TLS_CT_DSS_SIGN 2
#define TLS_CT_RSA_FIXED_DH 3
#define TLS_CT_DSS_FIXED_DH 4
#define TLS_CT_GOST94_SIGN 21
#define TLS_CT_GOST01_SIGN 22
#define TLS_CT_ECDSA_SIGN 64
#define TLS_CT_RSA_FIXED_ECDH 65
#define TLS_CT_ECDSA_FIXED_ECDH 66
#define TLS_CT_GOST12_256_SIGN 67
#define TLS_CT_GOST12_512_SIGN 68
#define TLS_CT_GOST12_256_SIGN_COMPAT 238 /* pre-IANA, for compat */
#define TLS_CT_GOST12_512_SIGN_COMPAT 239 /* pre-IANA, for compat */
/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
* comment there) */
#define TLS_CT_NUMBER 13
#define TLS_CT_NUMBER 7
#define TLS1_FINISH_MAC_LENGTH 12

6
lib/libssl/tls12_key_schedule.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: tls12_key_schedule.c,v 1.3 2022/11/26 16:08:56 tb Exp $ */
/* $OpenBSD: tls12_key_schedule.c,v 1.4 2024/02/03 15:58:34 beck Exp $ */
/*
* Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
*
@ -124,10 +124,6 @@ tls12_key_block_generate(struct tls12_key_block *kb, SSL *s,
mac_key_len = EVP_MD_size(mac_hash);
key_len = EVP_CIPHER_key_length(cipher);
iv_len = EVP_CIPHER_iv_length(cipher);
/* Special handling for GOST... */
if (EVP_MD_type(mac_hash) == NID_id_Gost28147_89_MAC)
mac_key_len = 32;
}
if (mac_key_len > EVP_MAX_MD_SIZE)

43
lib/libssl/tls12_record_layer.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: tls12_record_layer.c,v 1.41 2024/01/18 16:30:43 tb Exp $ */
/* $OpenBSD: tls12_record_layer.c,v 1.42 2024/02/03 15:58:34 beck Exp $ */
/*
* Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
*
@ -468,7 +468,6 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
CBS *iv)
{
EVP_PKEY *mac_pkey = NULL;
int gost_param_nid;
int mac_type;
int ret = 0;
@ -484,25 +483,10 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
goto err;
if (EVP_CIPHER_key_length(rl->cipher) != CBS_len(key))
goto err;
#ifndef OPENSSL_NO_GOST
/* XXX die die die */
/* Special handling for GOST... */
if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) {
if (CBS_len(mac_key) != 32)
goto err;
mac_type = EVP_PKEY_GOSTIMIT;
rp->stream_mac = 1;
} else {
#endif
if (CBS_len(mac_key) > INT_MAX)
goto err;
if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key))
goto err;
#ifndef OPENSSL_NO_GOST
}
#endif
if (CBS_len(mac_key) > INT_MAX)
goto err;
if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key))
goto err;
if ((rp->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
goto err;
if ((rp->hash_ctx = EVP_MD_CTX_new()) == NULL)
@ -524,23 +508,6 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
mac_pkey) <= 0)
goto err;
/* More special handling for GOST... */
if (EVP_CIPHER_nid(rl->cipher) == NID_gost89_cnt) {
gost_param_nid = NID_id_tc26_gost_28147_param_Z;
if (EVP_MD_type(rl->handshake_hash) == NID_id_GostR3411_94)
gost_param_nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
if (EVP_CIPHER_CTX_ctrl(rp->cipher_ctx, EVP_CTRL_GOST_SET_SBOX,
gost_param_nid, 0) <= 0)
goto err;
if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) {
if (EVP_MD_CTX_ctrl(rp->hash_ctx, EVP_MD_CTRL_GOST_SET_SBOX,
gost_param_nid, 0) <= 0)
goto err;
}
}
ret = 1;
err:

26
lib/libssl/tls13_handshake.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: tls13_handshake.c,v 1.72 2022/11/26 16:08:56 tb Exp $ */
/* $OpenBSD: tls13_handshake.c,v 1.73 2024/02/03 19:57:14 tb Exp $ */
/*
* Copyright (c) 2018-2021 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@ -546,22 +546,24 @@ tls13_handshake_recv_action(struct tls13_ctx *ctx,
return TLS13_IO_FAILURE;
ret = TLS13_IO_FAILURE;
if (action->recv(ctx, &cbs)) {
if (CBS_len(&cbs) != 0) {
tls13_set_errorx(ctx, TLS13_ERR_TRAILING_DATA, 0,
"trailing data in handshake message", NULL);
ctx->alert = TLS13_ALERT_DECODE_ERROR;
} else {
ret = TLS13_IO_SUCCESS;
}
if (!action->recv(ctx, &cbs))
goto err;
if (CBS_len(&cbs) != 0) {
tls13_set_errorx(ctx, TLS13_ERR_TRAILING_DATA, 0,
"trailing data in handshake message", NULL);
ctx->alert = TLS13_ALERT_DECODE_ERROR;
goto err;
}
ret = TLS13_IO_SUCCESS;
if (ctx->ssl->method->version < TLS1_3_VERSION)
ret = TLS13_IO_USE_LEGACY;
err:
tls13_handshake_msg_free(ctx->hs_msg);
ctx->hs_msg = NULL;
if (ctx->ssl->method->version < TLS1_3_VERSION)
return TLS13_IO_USE_LEGACY;
return ret;
}