To whom it may concern. When reviewing the code of the GOST plug-in for openssl to see how it works, I found that there is no check of the UKM ssl3_get_client_key_exchange. The draft .... requires in section 3.6 " Server MUST verify, that keyBlob.transportParameters.ukm is equal to GOSTR3411(client_random|server_random)[0..7], before decrypting the premaster_secret. " It seems to me that this check was omitted since I could not find it either in ssl3_get_client_key_exchange() nor in pkey_GOST94cp_decrypt(). To my opinion, the check should be done in pkey_GOST94cp_decrypt. It may be done in the following way: 1. In function ssl3_get_client_key_exchange: Generate the shared UKM from server_random and client_random the same the client is supposed to have generated it. 2. In function ssl3_get_client_key_exchange: Submit the this UKM to the EVP_PKEY_CTX instance pkey_ctx by calling EVP_PKEY_CTX_ctrl(pkey_ctx,-1,EVP_PKEY_OP_DECRYPT,EVP_PKEY_CTRL_SET_IV,8,shared_ukm). The UKM is to be stored in the GOST specific part of pkey_ctx.
3. In function pkey_GOST94cp_decrypt: Compare the UKM stored in the EVP_PKEY_CTX instance with the one wich was parsed from the key transport blob submitted to this function call. Who is taking care about maintenance of the GOST plug-in? How can I contribute to that work? André Ziermann Senior Solution Engineer SECUDE IT Security GmbH Goebelstrasse 21 64293 Darmstadt / Germany Tel. : +49 (0)6151 82897 21 Fax : +49 (0)6151 82897 26 Mobile : +49 (0) 170 987 81 73 [EMAIL PROTECTED] www.secude.com <http://www.secude.com/>
