Remove GOST support code from ssl/

Also remove related quirk, SSL_OP_CRYPTOPRO_TLSEXT_BUG. Glue code is
left in for now.

Change-Id: Ic09593dabf7da6ba3904fffe59f322a7c7cb74f4
This commit is contained in:
Adam Langley 2014-06-23 12:26:07 -07:00
parent ac61fa379f
commit 3213bed728
5 changed files with 26 additions and 182 deletions

View File

@ -2898,28 +2898,6 @@ int ssl3_send_client_verify(SSL *s)
} }
else else
#endif #endif
if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001)
{
unsigned char signbuf[64];
int i, j;
size_t sigsize=64;
s->method->ssl3_enc->cert_verify_mac(s,
NID_id_GostR3411_94,
data);
pctx = EVP_PKEY_CTX_new(pkey, NULL);
EVP_PKEY_sign_init(pctx);
if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
OPENSSL_PUT_ERROR(SSL, ssl3_send_client_verify, ERR_R_INTERNAL_ERROR);
goto err;
}
for (i=63,j=0; i>=0; j++, i--) {
p[2+j]=signbuf[i];
}
s2n(j,p);
n=j+2;
}
else
{ {
OPENSSL_PUT_ERROR(SSL, ssl3_send_client_verify, ERR_R_INTERNAL_ERROR); OPENSSL_PUT_ERROR(SSL, ssl3_send_client_verify, ERR_R_INTERNAL_ERROR);
goto err; goto err;

View File

@ -3956,18 +3956,6 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
#ifndef OPENSSL_NO_GOST
if (s->version >= TLS1_VERSION)
{
if (alg_k & SSL_kGOST)
{
p[ret++]=TLS_CT_GOST94_SIGN;
p[ret++]=TLS_CT_GOST01_SIGN;
return(ret);
}
}
#endif
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
if (alg_k & (SSL_kDHr|SSL_kEDH)) if (alg_k & (SSL_kDHr|SSL_kEDH))
{ {

View File

@ -585,9 +585,6 @@ int ssl3_accept(SSL *s)
* the client sends its ECDH pub key in * the client sends its ECDH pub key in
* a certificate, the CertificateVerify * a certificate, the CertificateVerify
* message is not sent. * message is not sent.
* Also for GOST ciphersuites when
* the client uses its key from the certificate
* for key exchange.
*/ */
s->init_num = 0; s->init_num = 0;
s->state=SSL3_ST_SR_POST_CLIENT_CERT; s->state=SSL3_ST_SR_POST_CLIENT_CERT;
@ -2680,74 +2677,7 @@ int ssl3_get_client_key_exchange(SSL *s)
#endif #endif
else if (alg_k & SSL_kGOST) else if (alg_k & SSL_kGOST)
{ {
int ret = 0; OPENSSL_PUT_ERROR(SSL, ssl3_get_client_key_exchange, SSL_R_GOST_NOT_SUPPORTED);
EVP_PKEY_CTX *pkey_ctx;
EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
unsigned char premaster_secret[32], *start;
size_t outlen=32, inlen;
unsigned long alg_a;
/* Get our certificate private key*/
alg_a = s->s3->tmp.new_cipher->algorithm_auth;
if (alg_a & SSL_aGOST94)
pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
else if (alg_a & SSL_aGOST01)
pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
pkey_ctx = EVP_PKEY_CTX_new(pk,NULL);
EVP_PKEY_decrypt_init(pkey_ctx);
/* If client certificate is present and is of the same type, maybe
* use it for key exchange. Don't mind errors from
* EVP_PKEY_derive_set_peer, because it is completely valid to use
* a client certificate for authorization only. */
client_pub_pkey = X509_get_pubkey(s->session->peer);
if (client_pub_pkey)
{
if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
ERR_clear_error();
}
/* Decrypt session key */
if ((*p!=( V_ASN1_SEQUENCE| V_ASN1_CONSTRUCTED)))
{
OPENSSL_PUT_ERROR(SSL, ssl3_get_client_key_exchange, SSL_R_DECRYPTION_FAILED);
goto gerr;
}
if (p[1] == 0x81)
{
start = p+3;
inlen = p[2];
}
else if (p[1] < 0x80)
{
start = p+2;
inlen = p[1];
}
else
{
OPENSSL_PUT_ERROR(SSL, ssl3_get_client_key_exchange, SSL_R_DECRYPTION_FAILED);
goto gerr;
}
if (EVP_PKEY_decrypt(pkey_ctx,premaster_secret,&outlen,start,inlen) <=0)
{
OPENSSL_PUT_ERROR(SSL, ssl3_get_client_key_exchange, SSL_R_DECRYPTION_FAILED);
goto gerr;
}
/* Generate master secret */
s->session->master_key_length=
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,premaster_secret,32);
/* Check if pubkey from client certificate was used */
if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
ret = 2;
else
ret = 1;
gerr:
EVP_PKEY_free(client_pub_pkey);
EVP_PKEY_CTX_free(pkey_ctx);
if (ret)
return ret;
else
goto err; goto err;
} }
else if (!(alg_k & SSL_kPSK)) else if (!(alg_k & SSL_kPSK))
@ -2842,16 +2772,6 @@ int ssl3_get_cert_verify(SSL *s)
/* we now have a signature that we need to verify */ /* we now have a signature that we need to verify */
p=(unsigned char *)s->init_msg; p=(unsigned char *)s->init_msg;
/* Check for broken implementations of GOST ciphersuites */
/* If key is GOST and n is exactly 64, it is bare
* signature without length field */
if (n==64 && (pkey->type==NID_id_GostR3410_94 ||
pkey->type == NID_id_GostR3410_2001) )
{
i=64;
}
else
{
if (SSL_USE_SIGALGS(s)) if (SSL_USE_SIGALGS(s))
{ {
int rv = tls12_check_peer_sigalg(&md, s, p, pkey); int rv = tls12_check_peer_sigalg(&md, s, p, pkey);
@ -2879,7 +2799,6 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
al=SSL_AD_DECODE_ERROR; al=SSL_AD_DECODE_ERROR;
goto f_err; goto f_err;
} }
}
j=EVP_PKEY_size(pkey); j=EVP_PKEY_size(pkey);
if ((i > j) || (n > j) || (n <= 0)) if ((i > j) || (n > j) || (n <= 0))
{ {
@ -2972,27 +2891,6 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
} }
else else
#endif #endif
if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001)
{ unsigned char signature[64];
int idx;
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey,NULL);
EVP_PKEY_verify_init(pctx);
if (i!=64) {
fprintf(stderr,"GOST signature length is %d",i);
}
for (idx=0;idx<64;idx++) {
signature[63-idx]=p[idx];
}
j=EVP_PKEY_verify(pctx,signature,64,s->s3->tmp.cert_verify_md,32);
EVP_PKEY_CTX_free(pctx);
if (j<=0)
{
al=SSL_AD_DECRYPT_ERROR;
OPENSSL_PUT_ERROR(SSL, ssl3_get_cert_verify, SSL_R_BAD_ECDSA_SIGNATURE);
goto f_err;
}
}
else
{ {
OPENSSL_PUT_ERROR(SSL, ssl3_get_cert_verify, ERR_R_INTERNAL_ERROR); OPENSSL_PUT_ERROR(SSL, ssl3_get_cert_verify, ERR_R_INTERNAL_ERROR);
al=SSL_AD_UNSUPPORTED_CERTIFICATE; al=SSL_AD_UNSUPPORTED_CERTIFICATE;

View File

@ -683,11 +683,6 @@ struct ssl_session_st
#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L #define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L
/* Make server add server-hello extension from early version of
* cryptopro draft, when GOST ciphersuite is negotiated.
* Required for interoperability with CryptoPro CSP 3.x
*/
#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L
/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
* when just a single record has been written): */ * when just a single record has been written): */

View File

@ -1806,21 +1806,6 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
ret+=el; ret+=el;
} }
if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81)
&& (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG))
{ const unsigned char cryptopro_ext[36] = {
0xfd, 0xe8, /*65000*/
0x00, 0x20, /*32 bytes length*/
0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85,
0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06,
0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17};
if (limit-ret<36) return NULL;
memcpy(ret,cryptopro_ext,36);
ret+=36;
}
#ifndef OPENSSL_NO_HEARTBEATS #ifndef OPENSSL_NO_HEARTBEATS
/* Add Heartbeat extension if we've received one */ /* Add Heartbeat extension if we've received one */
if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED)