Just noticing the wrong goto label in case of EVP_PKEY_CTX_ctrl() failue. Please find attached corrected patch (gost_server_to_check_ukm_v2.patch)
On 17 April 2011 17:54, Andrey Kulikov <[email protected]> wrote: > According to this document: > > http://tools.ietf.org/html/draft-chudov-cryptopro-cptls-04#section-3.6 > > Server, implementing GOST algost MUST check correctness of shared UKM, > send by client. > > ============== > > Server MUST verify, that keyBlob.transportParameters.ukm is equal to > GOSTR3411(client_random|server_random)[0..7], before decrypting the > premaster_secret. > > ============== > > There is no such checks in 1.0.0d at all. > Attachecd patch implements missing functionality. > > To apply patch use following command in root of current OpenSSL > development tree: > > patch -p1 -l -u -b -i gost_server_to_check_ukm.patch > > Andrey. > > P.S. Checked to works fine with two CSP from different vendors, as well as > openssl itself. >Just noticing the wrong goto label in case of EVP_PKEY_CTX_ctrl() failue.
Please find attached corrected patch (gost_server_to_check_ukm_v2.patch)
On 17 April 2011 17:54, Andrey Kulikov <[email protected]> wrote:
According to this document:
http://tools.ietf.org/html/draft-chudov-cryptopro-cptls-04#section-3.6
Server, implementing GOST algost MUST check correctness of shared UKM, send by client.
==============Server MUST verify, that keyBlob.transportParameters.ukm is equal to==============
GOSTR3411(client_random|server_random)[0..7], before decrypting the
premaster_secret.
There is no such checks in 1.0.0d at all.
Attachecd patch implements missing functionality.
To apply patch use following command in root of current OpenSSL development tree:
patch -p1 -l -u -b -i gost_server_to_check_ukm.patch
Andrey.
P.S. Checked to works fine with two CSP from different vendors, as well as openssl itself.
gost_server_to_check_ukm_v2.patch
Description: Binary data
