Just noticing the wrong goto label in case of EVP_PKEY_CTX_ctrl() failue.
Please find attached corrected patch (gost_server_to_check_ukm_v2.patch)
On 17 April 2011 17:54, Andrey Kulikov amde...@gmail.com wrote:
According to this document:
http://tools.ietf.org/html/draft-chudov-cryptopro-cptls-04#section-3.6
Server, implementing GOST algost MUST check correctness of shared UKM,
send by client.
==
Server MUST verify, that keyBlob.transportParameters.ukm is equal to
GOSTR3411(client_random|server_random)[0..7], before decrypting the
premaster_secret.
==
There is no such checks in 1.0.0d at all.
Attachecd patch implements missing functionality.
To apply patch use following command in root of current OpenSSL
development tree:
patch -p1 -l -u -b -i gost_server_to_check_ukm.patch
Andrey.
P.S. Checked to works fine with two CSP from different vendors, as well as
openssl itself.
Just noticing the wrong goto label in case of EVP_PKEY_CTX_ctrl() failue.Please find attached corrected patch (gost_server_to_check_ukm_v2.patch)On 17 April 2011 17:54, Andrey Kulikov amde...@gmail.com wrote:
According to this document:http://tools.ietf.org/html/draft-chudov-cryptopro-cptls-04#section-3.6
Server, implementing GOST algost MUST check correctness of shared UKM, send by client.
== Server MUST verify, that keyBlob.transportParameters.ukm is equal to GOSTR3411(client_random|server_random)[0..7], before decrypting the premaster_secret.
==There is no such checks in 1.0.0d at all.Attachecd patch implements missing functionality.To apply patch use following command in root of current OpenSSL development tree:
patch -p1 -l -u -b -i gost_server_to_check_ukm.patchAndrey.P.S. Checked to works fine with two CSP from different vendors, as well as openssl itself.
gost_server_to_check_ukm_v2.patch
Description: Binary data