From: Rich Salz Date: Tue, 4 Aug 2015 16:32:40 +0000 (-0400) Subject: Remove Gost94 signature algorithm. X-Git-Tag: OpenSSL_1_1_0-pre1~822 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=ade44dcb16141c8a30ca6c56a1fd1a0b14dcc360;p=oweals%2Fopenssl.git Remove Gost94 signature algorithm. This was obsolete in 2001. This is not the same as Gost94 digest. Thanks to Dmitry Belyavsky for review and advice. Reviewed-by: Matt Caswell --- diff --git a/apps/s_cb.c b/apps/s_cb.c index a14e00cd33..2a18f74dc3 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -288,7 +288,6 @@ static STRINT_PAIR cert_type_list[] = { {"ECDSA sign", TLS_CT_ECDSA_SIGN}, {"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH}, {"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH}, - {"GOST94 Sign", TLS_CT_GOST94_SIGN}, {"GOST01 Sign", TLS_CT_GOST01_SIGN}, {NULL} }; diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index 97e5babab1..232ba9bc79 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -93,7 +93,6 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) case EVP_PKEY_DH: ret = EVP_PK_DH | EVP_PKT_EXCH; break; - case NID_id_GostR3410_94: case NID_id_GostR3410_2001: ret = EVP_PKT_EXCH | EVP_PKT_SIGN; break; diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index d7b7bea8e1..5a4a4fdaa3 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -310,11 +310,6 @@ cipher suites using GOST R 34.10 (either 2001 or 94) for authentication cipher suites using GOST R 34.10-2001 authentication. -=item B - -cipher suites using GOST R 34.10-94 authentication (note that R 34.10-94 -standard has been expired so use GOST R 34.10-2001) - =item B cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357. diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile index 57b9c59f17..3c1e4f94cb 100644 --- a/engines/ccgost/Makefile +++ b/engines/ccgost/Makefile @@ -8,9 +8,9 @@ AR= ar r CFLAGS= $(INCLUDES) $(CFLAG) LIB=$(TOP)/libcrypto.a -LIBSRC= gost2001.c gost2001_keyx.c gost89.c gost94_keyx.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c gost_sign.c +LIBSRC= gost2001.c gost2001_keyx.c gost89.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_pmeth.c gost_params.c -LIBOBJ= e_gost_err.o gost2001_keyx.o gost2001.o gost89.o gost94_keyx.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o gosthash.o gost_keywrap.o gost_md.o gost_params.o gost_pmeth.o gost_sign.o +LIBOBJ= e_gost_err.o gost2001_keyx.o gost2001.o gost89.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o gosthash.o gost_keywrap.o gost_md.o gost_pmeth.o gost_params.o SRC=$(LIBSRC) @@ -100,8 +100,7 @@ gost2001.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h gost2001.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h gost2001.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h gost2001.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -gost2001.o: e_gost_err.h gost2001.c gost89.h gost_lcl.h gost_params.h -gost2001.o: gosthash.h +gost2001.o: e_gost_err.h gost2001.c gost89.h gost_lcl.h gosthash.h gost2001_keyx.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h gost2001_keyx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h gost2001_keyx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -120,23 +119,6 @@ gost2001_keyx.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h gost2001_keyx.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost2001_keyx.c gost2001_keyx.o: gost2001_keyx.h gost89.h gost_keywrap.h gost_lcl.h gosthash.h gost89.o: gost89.c gost89.h -gost94_keyx.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -gost94_keyx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -gost94_keyx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -gost94_keyx.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -gost94_keyx.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -gost94_keyx.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -gost94_keyx.o: ../../include/openssl/engine.h ../../include/openssl/err.h -gost94_keyx.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -gost94_keyx.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -gost94_keyx.o: ../../include/openssl/opensslconf.h -gost94_keyx.o: ../../include/openssl/opensslv.h -gost94_keyx.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -gost94_keyx.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -gost94_keyx.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -gost94_keyx.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -gost94_keyx.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h -gost94_keyx.o: gost94_keyx.c gost_keywrap.h gost_lcl.h gosthash.h gost_ameth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h gost_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h gost_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h @@ -152,7 +134,7 @@ gost_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h gost_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h gost_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h gost_ameth.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h -gost_ameth.o: gost_ameth.c gost_lcl.h gost_params.h gosthash.h +gost_ameth.o: gost_ameth.c gost_lcl.h gosthash.h gost_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h gost_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h gost_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -229,14 +211,21 @@ gost_md.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h gost_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h gost_md.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h gost_md.o: e_gost_err.h gost89.h gost_lcl.h gost_md.c gosthash.h -gost_params.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -gost_params.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +gost_params.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +gost_params.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +gost_params.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +gost_params.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +gost_params.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +gost_params.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +gost_params.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h gost_params.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h gost_params.o: ../../include/openssl/opensslconf.h gost_params.o: ../../include/openssl/opensslv.h -gost_params.o: ../../include/openssl/ossl_typ.h -gost_params.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -gost_params.o: ../../include/openssl/symhacks.h gost_params.c gost_params.h +gost_params.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +gost_params.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +gost_params.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +gost_params.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +gost_params.o: gost89.h gost_lcl.h gost_params.c gosthash.h gost_pmeth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h gost_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h gost_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -252,23 +241,5 @@ gost_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h gost_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h gost_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h gost_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -gost_pmeth.o: e_gost_err.h gost89.h gost_lcl.h gost_params.h gost_pmeth.c -gost_pmeth.o: gosthash.h -gost_sign.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -gost_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -gost_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -gost_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -gost_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -gost_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -gost_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h -gost_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -gost_sign.o: ../../include/openssl/objects.h -gost_sign.o: ../../include/openssl/opensslconf.h -gost_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -gost_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -gost_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -gost_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -gost_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -gost_sign.o: e_gost_err.h gost89.h gost_lcl.h gost_params.h gost_sign.c -gost_sign.o: gosthash.h +gost_pmeth.o: e_gost_err.h gost89.h gost_lcl.h gost_pmeth.c gosthash.h gosthash.o: gost89.h gosthash.c gosthash.h diff --git a/engines/ccgost/e_gost_err.c b/engines/ccgost/e_gost_err.c index 0afd91311d..d05ef6143c 100644 --- a/engines/ccgost/e_gost_err.c +++ b/engines/ccgost/e_gost_err.c @@ -73,7 +73,6 @@ static ERR_STRING_DATA GOST_str_functs[] = { {ERR_FUNC(GOST_F_DECODE_GOST_ALGOR_PARAMS), "DECODE_GOST_ALGOR_PARAMS"}, {ERR_FUNC(GOST_F_ENCODE_GOST_ALGOR_PARAMS), "ENCODE_GOST_ALGOR_PARAMS"}, {ERR_FUNC(GOST_F_FILL_GOST2001_PARAMS), "FILL_GOST2001_PARAMS"}, - {ERR_FUNC(GOST_F_FILL_GOST94_PARAMS), "FILL_GOST94_PARAMS"}, {ERR_FUNC(GOST_F_GET_ENCRYPTION_PARAMS), "GET_ENCRYPTION_PARAMS"}, {ERR_FUNC(GOST_F_GOST2001_COMPUTE_PUBLIC), "GOST2001_COMPUTE_PUBLIC"}, {ERR_FUNC(GOST_F_GOST2001_DO_SIGN), "GOST2001_DO_SIGN"}, @@ -83,37 +82,24 @@ static ERR_STRING_DATA GOST_str_functs[] = { "GOST89_GET_ASN1_PARAMETERS"}, {ERR_FUNC(GOST_F_GOST89_SET_ASN1_PARAMETERS), "GOST89_SET_ASN1_PARAMETERS"}, - {ERR_FUNC(GOST_F_GOST94_COMPUTE_PUBLIC), "GOST94_COMPUTE_PUBLIC"}, {ERR_FUNC(GOST_F_GOST_CIPHER_CTL), "GOST_CIPHER_CTL"}, - {ERR_FUNC(GOST_F_GOST_DO_SIGN), "GOST_DO_SIGN"}, - {ERR_FUNC(GOST_F_GOST_DO_VERIFY), "GOST_DO_VERIFY"}, {ERR_FUNC(GOST_F_GOST_IMIT_CTRL), "GOST_IMIT_CTRL"}, {ERR_FUNC(GOST_F_GOST_IMIT_FINAL), "GOST_IMIT_FINAL"}, {ERR_FUNC(GOST_F_GOST_IMIT_UPDATE), "GOST_IMIT_UPDATE"}, - {ERR_FUNC(GOST_F_GOST_SIGN_KEYGEN), "GOST_SIGN_KEYGEN"}, {ERR_FUNC(GOST_F_PARAM_COPY_GOST01), "PARAM_COPY_GOST01"}, - {ERR_FUNC(GOST_F_PARAM_COPY_GOST94), "PARAM_COPY_GOST94"}, {ERR_FUNC(GOST_F_PKEY_GOST01CP_DECRYPT), "PKEY_GOST01CP_DECRYPT"}, {ERR_FUNC(GOST_F_PKEY_GOST01CP_ENCRYPT), "PKEY_GOST01CP_ENCRYPT"}, - {ERR_FUNC(GOST_F_PKEY_GOST01CP_KEYGEN), "PKEY_GOST01CP_KEYGEN"}, {ERR_FUNC(GOST_F_PKEY_GOST01_PARAMGEN), "PKEY_GOST01_PARAMGEN"}, {ERR_FUNC(GOST_F_PKEY_GOST2001_DERIVE), "PKEY_GOST2001_DERIVE"}, - {ERR_FUNC(GOST_F_PKEY_GOST94CP_DECRYPT), "PKEY_GOST94CP_DECRYPT"}, - {ERR_FUNC(GOST_F_PKEY_GOST94CP_ENCRYPT), "PKEY_GOST94CP_ENCRYPT"}, - {ERR_FUNC(GOST_F_PKEY_GOST94CP_KEYGEN), "PKEY_GOST94CP_KEYGEN"}, - {ERR_FUNC(GOST_F_PKEY_GOST94_PARAMGEN), "PKEY_GOST94_PARAMGEN"}, {ERR_FUNC(GOST_F_PKEY_GOST_CTRL), "PKEY_GOST_CTRL"}, {ERR_FUNC(GOST_F_PKEY_GOST_CTRL01_STR), "PKEY_GOST_CTRL01_STR"}, - {ERR_FUNC(GOST_F_PKEY_GOST_CTRL94_STR), "PKEY_GOST_CTRL94_STR"}, {ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL), "PKEY_GOST_MAC_CTRL"}, {ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL_STR), "PKEY_GOST_MAC_CTRL_STR"}, {ERR_FUNC(GOST_F_PKEY_GOST_MAC_KEYGEN), "PKEY_GOST_MAC_KEYGEN"}, {ERR_FUNC(GOST_F_PRINT_GOST_01), "PRINT_GOST_01"}, {ERR_FUNC(GOST_F_PRIV_DECODE_GOST), "PRIV_DECODE_GOST"}, {ERR_FUNC(GOST_F_PUB_DECODE_GOST01), "PUB_DECODE_GOST01"}, - {ERR_FUNC(GOST_F_PUB_DECODE_GOST94), "PUB_DECODE_GOST94"}, {ERR_FUNC(GOST_F_PUB_ENCODE_GOST01), "PUB_ENCODE_GOST01"}, - {ERR_FUNC(GOST_F_UNPACK_CC_SIGNATURE), "UNPACK_CC_SIGNATURE"}, {ERR_FUNC(GOST_F_UNPACK_CP_SIGNATURE), "UNPACK_CP_SIGNATURE"}, {0, NULL} }; @@ -128,8 +114,6 @@ static ERR_STRING_DATA GOST_str_reasons[] = { {ERR_REASON(GOST_R_CTRL_CALL_FAILED), "ctrl call failed"}, {ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY), "error computing shared key"}, - {ERR_REASON(GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO), - "error packing key transport info"}, {ERR_REASON(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO), "error parsing key transport info"}, {ERR_REASON(GOST_R_INCOMPATIBLE_ALGORITHMS), "incompatible algorithms"}, @@ -137,11 +121,9 @@ static ERR_STRING_DATA GOST_str_reasons[] = { {ERR_REASON(GOST_R_INVALID_CIPHER_PARAMS), "invalid cipher params"}, {ERR_REASON(GOST_R_INVALID_CIPHER_PARAM_OID), "invalid cipher param oid"}, {ERR_REASON(GOST_R_INVALID_DIGEST_TYPE), "invalid digest type"}, - {ERR_REASON(GOST_R_INVALID_GOST94_PARMSET), "invalid gost94 parmset"}, {ERR_REASON(GOST_R_INVALID_IV_LENGTH), "invalid iv length"}, {ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH), "invalid mac key length"}, {ERR_REASON(GOST_R_INVALID_PARAMSET), "invalid paramset"}, - {ERR_REASON(GOST_R_KEY_IS_NOT_INITALIZED), "key is not initalized"}, {ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED), "key is not initialized"}, {ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING), "key parameters missing"}, {ERR_REASON(GOST_R_MAC_KEY_NOT_SET), "mac key not set"}, diff --git a/engines/ccgost/gost2001.c b/engines/ccgost/gost2001.c index 6d41f31f21..985795ed7c 100644 --- a/engines/ccgost/gost2001.c +++ b/engines/ccgost/gost2001.c @@ -7,7 +7,6 @@ * Requires OpenSSL 0.9.9 for compilation * **********************************************************************/ #include "gost_lcl.h" -#include "gost_params.h" #include #include #include diff --git a/engines/ccgost/gost94_keyx.c b/engines/ccgost/gost94_keyx.c deleted file mode 100644 index b529c8ee81..0000000000 --- a/engines/ccgost/gost94_keyx.c +++ /dev/null @@ -1,281 +0,0 @@ -/********************************************************************** - * gost94_keyx.c * - * Copyright (c) 2005-2006 Cryptocom LTD * - * This file is distributed under the same license as OpenSSL * - * * - * Implements generation and parsing of GOST_KEY_TRANSPORT for * - * GOST R 34.10-94 algorithms * - * * - * Requires OpenSSL 0.9.9 for compilation * - **********************************************************************/ -#include -#include -#include -#include -#include -#include - -#include "gost89.h" -#include "gosthash.h" -#include "e_gost_err.h" -#include "gost_keywrap.h" -#include "gost_lcl.h" -/* Common functions for both 94 and 2001 key exchange schemes */ -/* - * Implementation of the Diffi-Hellman key agreement scheme based on GOST-94 - * keys - */ - -/* - * Computes Diffie-Hellman key and stores it into buffer in little-endian - * byte order as expected by both versions of GOST 94 algorithm - */ -static int compute_pair_key_le(unsigned char *pair_key, BIGNUM *pub_key, - DH *dh) -{ - unsigned char be_key[128]; - int i, key_size; - key_size = DH_compute_key(be_key, pub_key, dh); - if (!key_size) - return 0; - memset(pair_key, 0, 128); - for (i = 0; i < key_size; i++) { - pair_key[i] = be_key[key_size - 1 - i]; - } - return key_size; -} - -/* - * Computes 256 bit Key exchange key as specified in RFC 4357 - */ -static int make_cp_exchange_key(BIGNUM *priv_key, EVP_PKEY *pubk, - unsigned char *shared_key) -{ - unsigned char dh_key[128]; - int ret; - gost_hash_ctx hash_ctx; - DH *dh = DH_new(); - - if (!dh) - return 0; - memset(dh_key, 0, 128); - dh->g = BN_dup(pubk->pkey.dsa->g); - dh->p = BN_dup(pubk->pkey.dsa->p); - dh->priv_key = BN_dup(priv_key); - ret = - compute_pair_key_le(dh_key, ((DSA *)(EVP_PKEY_get0(pubk)))->pub_key, - dh); - DH_free(dh); - if (!ret) - return 0; - init_gost_hash_ctx(&hash_ctx, &GostR3411_94_CryptoProParamSet); - start_hash(&hash_ctx); - hash_block(&hash_ctx, dh_key, 128); - finish_hash(&hash_ctx, shared_key); - done_gost_hash_ctx(&hash_ctx); - return 1; -} - -/* EVP_PKEY_METHOD callback derive. Implements VKO R 34.10-94 */ - -int pkey_gost94_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) -{ - EVP_PKEY *pubk = EVP_PKEY_CTX_get0_peerkey(ctx); - EVP_PKEY *mykey = EVP_PKEY_CTX_get0_pkey(ctx); - *keylen = 32; - if (key == NULL) - return 1; - - return make_cp_exchange_key(gost_get0_priv_key(mykey), pubk, key); -} - -/* - * EVP_PKEY_METHOD callback encrypt for GOST R 34.10-94 cryptopro - * modification - */ - -int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, - size_t *outlen, const unsigned char *key, - size_t key_len) -{ - GOST_KEY_TRANSPORT *gkt = NULL; - unsigned char shared_key[32], ukm[8], crypted_key[44]; - const struct gost_cipher_info *param = get_encryption_params(NULL); - EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(ctx); - struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); - gost_ctx cctx; - int key_is_ephemeral = 1; - int tmp_outlen; - EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx); - - /* Do not use vizir cipher parameters with cryptopro */ - if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS) - && param == gost_cipher_list) { - param = gost_cipher_list + 1; - } - - if (mykey) { - /* If key already set, it is not ephemeral */ - key_is_ephemeral = 0; - if (!gost_get0_priv_key(mykey)) { - GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, - GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR); - goto err; - } - } else { - /* Otherwise generate ephemeral key */ - key_is_ephemeral = 1; - if (out) { - mykey = EVP_PKEY_new(); - EVP_PKEY_assign(mykey, EVP_PKEY_base_id(pubk), DSA_new()); - EVP_PKEY_copy_parameters(mykey, pubk); - if (!gost_sign_keygen(EVP_PKEY_get0(mykey))) { - goto err; - } - } - } - if (out) - make_cp_exchange_key(gost_get0_priv_key(mykey), pubk, shared_key); - if (data->shared_ukm) { - memcpy(ukm, data->shared_ukm, 8); - } else if (out) { - if (RAND_bytes(ukm, 8) <= 0) { - GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, - GOST_R_RANDOM_GENERATOR_FAILURE); - goto err; - } - } - - if (out) { - gost_init(&cctx, param->sblock); - keyWrapCryptoPro(&cctx, shared_key, ukm, key, crypted_key); - } - gkt = GOST_KEY_TRANSPORT_new(); - if (!gkt) { - goto memerr; - } - if (!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8)) { - goto memerr; - } - if (!ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, 4)) { - goto memerr; - } - if (!ASN1_OCTET_STRING_set - (gkt->key_info->encrypted_key, crypted_key + 8, 32)) { - goto memerr; - } - if (key_is_ephemeral) { - if (!X509_PUBKEY_set - (&gkt->key_agreement_info->ephem_key, out ? mykey : pubk)) { - GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, - GOST_R_CANNOT_PACK_EPHEMERAL_KEY); - goto err; - } - if (out) - EVP_PKEY_free(mykey); - } - ASN1_OBJECT_free(gkt->key_agreement_info->cipher); - gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid); - tmp_outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL); - if (tmp_outlen <= 0) { - GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, - GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO); - goto err; - } - *outlen = tmp_outlen; - if (!key_is_ephemeral) { - /* Set control "public key from client certificate used" */ - if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= - 0) { - GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, GOST_R_CTRL_CALL_FAILED); - goto err; - } - } - GOST_KEY_TRANSPORT_free(gkt); - return 1; - memerr: - if (key_is_ephemeral) { - EVP_PKEY_free(mykey); - } - GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, ERR_R_MALLOC_FAILURE); - err: - GOST_KEY_TRANSPORT_free(gkt); - return -1; -} - -/* - * EVP_PLEY_METHOD callback decrypt for GOST R 34.10-94 cryptopro - * modification - */ -int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *key, - size_t *key_len, const unsigned char *in, - size_t in_len) -{ - const unsigned char *p = in; - GOST_KEY_TRANSPORT *gkt = NULL; - unsigned char wrappedKey[44]; - unsigned char sharedKey[32]; - gost_ctx cctx; - const struct gost_cipher_info *param = NULL; - EVP_PKEY *eph_key = NULL, *peerkey = NULL; - EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(ctx); - - if (!key) { - *key_len = 32; - return 1; - } - - gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len); - if (!gkt) { - GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, - GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO); - return 0; - } - eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key); - if (eph_key) { - if (EVP_PKEY_derive_set_peer(ctx, eph_key) <= 0) { - GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, - GOST_R_INCOMPATIBLE_PEER_KEY); - goto err; - } - } else { - /* Set control "public key from client certificate used" */ - if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= - 0) { - GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, GOST_R_CTRL_CALL_FAILED); - goto err; - } - } - peerkey = EVP_PKEY_CTX_get0_peerkey(ctx); - if (!peerkey) { - GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, GOST_R_NO_PEER_KEY); - goto err; - } - - param = get_encryption_params(gkt->key_agreement_info->cipher); - if (!param) { - goto err; - } - - gost_init(&cctx, param->sblock); - OPENSSL_assert(gkt->key_agreement_info->eph_iv->length == 8); - memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8); - OPENSSL_assert(gkt->key_info->encrypted_key->length == 32); - memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32); - OPENSSL_assert(gkt->key_info->imit->length == 4); - memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4); - make_cp_exchange_key(gost_get0_priv_key(priv), peerkey, sharedKey); - if (!keyUnwrapCryptoPro(&cctx, sharedKey, wrappedKey, key)) { - GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, - GOST_R_ERROR_COMPUTING_SHARED_KEY); - goto err; - } - - EVP_PKEY_free(eph_key); - GOST_KEY_TRANSPORT_free(gkt); - return 1; - err: - EVP_PKEY_free(eph_key); - GOST_KEY_TRANSPORT_free(gkt); - return -1; -} diff --git a/engines/ccgost/gost_ameth.c b/engines/ccgost/gost_ameth.c index 5ca3a6e629..4f3bd90e81 100644 --- a/engines/ccgost/gost_ameth.c +++ b/engines/ccgost/gost_ameth.c @@ -16,23 +16,32 @@ #ifndef OPENSSL_NO_CMS # include #endif -#include "gost_params.h" #include "gost_lcl.h" #include "e_gost_err.h" -int gost94_nid_by_params(DSA *p) + +/* Convert little-endian byte array into bignum */ +BIGNUM *hashsum2bn(const unsigned char *dgst) { - R3410_params *gost_params; - BIGNUM *q = BN_new(); - for (gost_params = R3410_paramset; gost_params->q != NULL; gost_params++) { - BN_dec2bn(&q, gost_params->q); - if (!BN_cmp(q, p->q)) { - BN_free(q); - return gost_params->nid; - } - } - BN_free(q); - return NID_undef; + unsigned char buf[32]; + + BUF_reverse(buf, (unsigned char*)dgst, 32); + return BN_bin2bn(buf, 32, NULL); +} + +/* + * Pack bignum into byte buffer of given size, filling all leading bytes by + * zeros + */ +int store_bignum(BIGNUM *bn, unsigned char *buf, int len) +{ + int bytes = BN_num_bytes(bn); + + if (bytes > len) + return 0; + memset(buf, 0, len); + BN_bn2bin(bn, buf + len - bytes); + return 1; } static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key) @@ -53,17 +62,6 @@ static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key) EC_GROUP_get_curve_name(EC_KEY_get0_group (EVP_PKEY_get0((EVP_PKEY *)key))); break; - case NID_id_GostR3410_94: - pkey_param_nid = - (int)gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)key)); - if (pkey_param_nid == NID_undef) { - GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, - GOST_R_INVALID_GOST94_PARMSET); - ASN1_STRING_free(params); - params = NULL; - goto err; - } - break; } gkp->key_params = OBJ_nid2obj(pkey_param_nid); gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet); @@ -120,18 +118,6 @@ static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg) return 0; } switch (pkey_nid) { - case NID_id_GostR3410_94: - { - DSA *dsa = EVP_PKEY_get0(pkey); - if (!dsa) { - dsa = DSA_new(); - if (!EVP_PKEY_assign(pkey, pkey_nid, dsa)) - return 0; - } - if (!fill_GOST94_params(dsa, param_nid)) - return 0; - break; - } case NID_id_GostR3410_2001: { EC_KEY *ec = EVP_PKEY_get0(pkey); @@ -151,18 +137,6 @@ static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg) static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv) { switch (EVP_PKEY_base_id(pkey)) { - case NID_id_GostR3410_94: - { - DSA *dsa = EVP_PKEY_get0(pkey); - if (!dsa) { - dsa = DSA_new(); - EVP_PKEY_assign(pkey, EVP_PKEY_base_id(pkey), dsa); - } - dsa->priv_key = BN_dup(priv); - if (!EVP_PKEY_missing_parameters(pkey)) - gost94_compute_public(dsa); - break; - } case NID_id_GostR3410_2001: { EC_KEY *ec = EVP_PKEY_get0(pkey); @@ -183,16 +157,6 @@ static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv) BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey) { switch (EVP_PKEY_base_id(pkey)) { - case NID_id_GostR3410_94: - { - DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pkey); - if (!dsa) { - return NULL; - } - if (!dsa->priv_key) - return NULL; - return dsa->priv_key; - } case NID_id_GostR3410_2001: { EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey); @@ -277,11 +241,6 @@ static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2) } /* --------------------- free functions * ------------------------------*/ -static void pkey_free_gost94(EVP_PKEY *key) -{ - DSA_free(key->pkey.dsa); -} - static void pkey_free_gost01(EVP_PKEY *key) { EC_KEY_free(key->pkey.ec); @@ -355,58 +314,6 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk) } /* --------- printing keys --------------------------------*/ -static int print_gost_94(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx, int type) -{ - int param_nid = NID_undef; - - if (type == 2) { - BIGNUM *key; - - if (!BIO_indent(out, indent, 128)) - return 0; - BIO_printf(out, "Private key: "); - key = gost_get0_priv_key(pkey); - if (!key) - BIO_printf(out, ""); - else - BN_print(out, key); - BIO_printf(out, "\n"); - } - if (type >= 1) { - BIGNUM *pubkey; - - pubkey = ((DSA *)EVP_PKEY_get0((EVP_PKEY *)pkey))->pub_key; - BIO_indent(out, indent, 128); - BIO_printf(out, "Public key: "); - BN_print(out, pubkey); - BIO_printf(out, "\n"); - } - - param_nid = gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey)); - BIO_indent(out, indent, 128); - BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid)); - return 1; -} - -static int param_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx) -{ - return print_gost_94(out, pkey, indent, pctx, 0); -} - -static int pub_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx) -{ - return print_gost_94(out, pkey, indent, pctx, 1); -} - -static int priv_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx) -{ - return print_gost_94(out, pkey, indent, pctx, 2); -} - static int print_gost_01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx, int type) { @@ -489,16 +396,6 @@ static int priv_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, } /* ---------------------------------------------------------------------*/ -static int param_missing_gost94(const EVP_PKEY *pk) -{ - const DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk); - if (!dsa) - return 1; - if (!dsa->q) - return 1; - return 0; -} - static int param_missing_gost01(const EVP_PKEY *pk) { const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk); @@ -509,33 +406,6 @@ static int param_missing_gost01(const EVP_PKEY *pk) return 0; } -static int param_copy_gost94(EVP_PKEY *to, const EVP_PKEY *from) -{ - const DSA *dfrom = EVP_PKEY_get0((EVP_PKEY *)from); - DSA *dto = EVP_PKEY_get0(to); - if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) { - GOSTerr(GOST_F_PARAM_COPY_GOST94, GOST_R_INCOMPATIBLE_ALGORITHMS); - return 0; - } - if (!dfrom) { - GOSTerr(GOST_F_PARAM_COPY_GOST94, GOST_R_KEY_PARAMETERS_MISSING); - return 0; - } - if (!dto) { - dto = DSA_new(); - EVP_PKEY_assign(to, EVP_PKEY_base_id(from), dto); - } - BN_free(dto->p); - dto->p = BN_dup(dfrom->p); - BN_free(dto->q); - dto->q = BN_dup(dfrom->q); - BN_free(dto->g); - dto->g = BN_dup(dfrom->g); - - if (dto->priv_key) - gost94_compute_public(dto); - return 1; -} static int param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from) { @@ -570,15 +440,6 @@ static int param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from) return 1; } -static int param_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b) -{ - const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a); - const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b); - if (!BN_cmp(da->q, db->q)) - return 1; - return 0; -} - static int param_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b) { if (EC_GROUP_get_curve_name @@ -592,84 +453,6 @@ static int param_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b) } /* ---------- Public key functions * --------------------------------------*/ -static int pub_decode_gost94(EVP_PKEY *pk, X509_PUBKEY *pub) -{ - X509_ALGOR *palg = NULL; - const unsigned char *pubkey_buf = NULL; - unsigned char *databuf; - ASN1_OBJECT *palgobj = NULL; - int pub_len, i, j; - DSA *dsa; - ASN1_OCTET_STRING *octet = NULL; - - if (!X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub)) - return 0; - EVP_PKEY_assign(pk, OBJ_obj2nid(palgobj), NULL); - if (!decode_gost_algor_params(pk, palg)) - return 0; - octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len); - if (!octet) { - GOSTerr(GOST_F_PUB_DECODE_GOST94, ERR_R_MALLOC_FAILURE); - return 0; - } - databuf = OPENSSL_malloc(octet->length); - if (databuf == NULL) { - GOSTerr(GOST_F_PUB_DECODE_GOST94, ERR_R_MALLOC_FAILURE); - ASN1_OCTET_STRING_free(octet); - return 0; - } - for (i = 0, j = octet->length - 1; i < octet->length; i++, j--) { - databuf[j] = octet->data[i]; - } - dsa = EVP_PKEY_get0(pk); - dsa->pub_key = BN_bin2bn(databuf, octet->length, NULL); - ASN1_OCTET_STRING_free(octet); - OPENSSL_free(databuf); - return 1; - -} - -static int pub_encode_gost94(X509_PUBKEY *pub, const EVP_PKEY *pk) -{ - ASN1_OBJECT *algobj = NULL; - ASN1_OCTET_STRING *octet = NULL; - void *pval = NULL; - unsigned char *buf = NULL, *databuf, *sptr; - int i, j, data_len, ret = 0; - - int ptype = V_ASN1_UNDEF; - DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk); - algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk)); - if (pk->save_parameters) { - ASN1_STRING *params = encode_gost_algor_params(pk); - pval = params; - ptype = V_ASN1_SEQUENCE; - } - data_len = BN_num_bytes(dsa->pub_key); - databuf = OPENSSL_malloc(data_len); - if (databuf == NULL) { - GOSTerr(GOST_F_PUB_ENCODE_GOST94, ERR_R_MALLOC_FAILURE); - return 0; - } - BN_bn2bin(dsa->pub_key, databuf); - octet = ASN1_OCTET_STRING_new(); - if (octet == NULL) { - GOSTerr(GOST_F_PUB_ENCODE_GOST94, ERR_R_MALLOC_FAILURE); - OPENSSL_free(databuf); - return 0; - } - ASN1_STRING_set(octet, NULL, data_len); - sptr = ASN1_STRING_data(octet); - for (i = 0, j = data_len - 1; i < data_len; i++, j--) { - sptr[i] = databuf[j]; - } - OPENSSL_free(databuf); - ret = i2d_ASN1_OCTET_STRING(octet, &buf); - ASN1_BIT_STRING_free(octet); - if (ret < 0) - return 0; - return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret); -} static int pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub) { @@ -808,17 +591,6 @@ static int pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk) return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret); } -static int pub_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b) -{ - const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a); - const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b); - if (da && db && da->pub_key && db->pub_key - && !BN_cmp(da->pub_key, db->pub_key)) { - return 1; - } - return 0; -} - static int pub_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b) { const EC_KEY *ea = EVP_PKEY_get0((EVP_PKEY *)a); @@ -861,12 +633,6 @@ static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2) return -2; } -static int gost94_param_encode(const EVP_PKEY *pkey, unsigned char **pder) -{ - int nid = gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey)); - return i2d_ASN1_OBJECT(OBJ_nid2obj(nid), pder); -} - static int gost2001_param_encode(const EVP_PKEY *pkey, unsigned char **pder) { int nid = @@ -875,27 +641,6 @@ static int gost2001_param_encode(const EVP_PKEY *pkey, unsigned char **pder) return i2d_ASN1_OBJECT(OBJ_nid2obj(nid), pder); } -static int gost94_param_decode(EVP_PKEY *pkey, const unsigned char **pder, - int derlen) -{ - ASN1_OBJECT *obj = NULL; - DSA *dsa = EVP_PKEY_get0(pkey); - int nid; - if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) { - return 0; - } - nid = OBJ_obj2nid(obj); - ASN1_OBJECT_free(obj); - if (!dsa) { - dsa = DSA_new(); - if (!EVP_PKEY_assign(pkey, NID_id_GostR3410_94, dsa)) - return 0; - } - if (!fill_GOST94_params(dsa, nid)) - return 0; - return 1; -} - static int gost2001_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { @@ -925,23 +670,6 @@ int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth, if (!*ameth) return 0; switch (nid) { - case NID_id_GostR3410_94: - EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost94); - EVP_PKEY_asn1_set_private(*ameth, - priv_decode_gost, priv_encode_gost, - priv_print_gost94); - - EVP_PKEY_asn1_set_param(*ameth, - gost94_param_decode, gost94_param_encode, - param_missing_gost94, param_copy_gost94, - param_cmp_gost94, param_print_gost94); - EVP_PKEY_asn1_set_public(*ameth, - pub_decode_gost94, pub_encode_gost94, - pub_cmp_gost94, pub_print_gost94, - pkey_size_gost, pkey_bits_gost); - - EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost); - break; case NID_id_GostR3410_2001: EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost01); EVP_PKEY_asn1_set_private(*ameth, diff --git a/engines/ccgost/gost_asn1.c b/engines/ccgost/gost_asn1.c index 11686339b7..0412d2c7c1 100644 --- a/engines/ccgost/gost_asn1.c +++ b/engines/ccgost/gost_asn1.c @@ -54,3 +54,19 @@ ASN1_NDEF_SEQUENCE(GOST_CLIENT_KEY_EXCHANGE_PARAMS) = { /* FIXME incomplete */ ASN1_NDEF_SEQUENCE_END(GOST_CLIENT_KEY_EXCHANGE_PARAMS) IMPLEMENT_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS) + +/* Convert byte buffer to bignum, skipping leading zeros*/ +BIGNUM *getbnfrombuf(const unsigned char *buf, size_t len) +{ + BIGNUM *b; + + while (*buf == 0 && len > 0) { + buf++; + len--; + } + if (len) + return BN_bin2bn(buf, len, NULL); + b = BN_new(); + BN_zero(b); + return b; +} diff --git a/engines/ccgost/gost_crypt.c b/engines/ccgost/gost_crypt.c index 5f50fccbed..e2a2ff6878 100644 --- a/engines/ccgost/gost_crypt.c +++ b/engines/ccgost/gost_crypt.c @@ -118,7 +118,6 @@ struct gost_cipher_info gost_cipher_list[] = { /* * {NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0}, */ - {NID_id_Gost28147_89_cc, &GostR3411_94_CryptoProParamSet, 0}, {NID_id_Gost28147_89_CryptoPro_A_ParamSet, &Gost28147_CryptoProParamSetA, 1}, {NID_id_Gost28147_89_CryptoPro_B_ParamSet, &Gost28147_CryptoProParamSetB, diff --git a/engines/ccgost/gost_eng.c b/engines/ccgost/gost_eng.c index 5924791b77..4129260286 100644 --- a/engines/ccgost/gost_eng.c +++ b/engines/ccgost/gost_eng.c @@ -19,6 +19,10 @@ static const char *engine_gost_id = "gost"; static const char *engine_gost_name = "Reference implementation of GOST engine"; +static int gost_pkey_meth_nids[] = { + NID_id_GostR3410_2001, NID_id_Gost28147_89_MAC, 0 +}; + /* Symmetric cipher and digest function registrar */ static int gost_ciphers(ENGINE *e, const EVP_CIPHER **cipher, @@ -38,15 +42,11 @@ static int gost_cipher_nids[] = { NID_id_Gost28147_89, NID_gost89_cnt, 0 }; static int gost_digest_nids[] = { NID_id_GostR3411_94, NID_id_Gost28147_89_MAC, 0 }; -static int gost_pkey_meth_nids[] = { NID_id_GostR3410_94, - NID_id_GostR3410_2001, NID_id_Gost28147_89_MAC, 0 -}; - -static EVP_PKEY_METHOD *pmeth_GostR3410_94 = NULL, - *pmeth_GostR3410_2001 = NULL, *pmeth_Gost28147_MAC = NULL; +static EVP_PKEY_METHOD *pmeth_GostR3410_2001 = NULL; +static EVP_PKEY_METHOD *pmeth_Gost28147_MAC = NULL; -static EVP_PKEY_ASN1_METHOD *ameth_GostR3410_94 = NULL, - *ameth_GostR3410_2001 = NULL, *ameth_Gost28147_MAC = NULL; +static EVP_PKEY_ASN1_METHOD *ameth_GostR3410_2001 = NULL; +static EVP_PKEY_ASN1_METHOD *ameth_Gost28147_MAC = NULL; static int gost_engine_init(ENGINE *e) { @@ -62,10 +62,8 @@ static int gost_engine_destroy(ENGINE *e) { gost_param_free(); - pmeth_GostR3410_94 = NULL; pmeth_GostR3410_2001 = NULL; pmeth_Gost28147_MAC = NULL; - ameth_GostR3410_94 = NULL; ameth_GostR3410_2001 = NULL; ameth_Gost28147_MAC = NULL; return 1; @@ -76,7 +74,7 @@ static int bind_gost(ENGINE *e, const char *id) int ret = 0; if (id && strcmp(id, engine_gost_id)) return 0; - if (ameth_GostR3410_94) { + if (ameth_GostR3410_2001) { printf("GOST engine already loaded\n"); goto end; } @@ -120,10 +118,6 @@ static int bind_gost(ENGINE *e, const char *id) goto end; } - if (!register_ameth_gost - (NID_id_GostR3410_94, &ameth_GostR3410_94, "GOST94", - "GOST R 34.10-94")) - goto end; if (!register_ameth_gost (NID_id_GostR3410_2001, &ameth_GostR3410_2001, "GOST2001", "GOST R 34.10-2001")) @@ -132,12 +126,9 @@ static int bind_gost(ENGINE *e, const char *id) "GOST-MAC", "GOST 28147-89 MAC")) goto end; - if (!register_pmeth_gost(NID_id_GostR3410_94, &pmeth_GostR3410_94, 0)) - goto end; if (!register_pmeth_gost(NID_id_GostR3410_2001, &pmeth_GostR3410_2001, 0)) goto end; - if (!register_pmeth_gost - (NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0)) + if (!register_pmeth_gost(NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0)) goto end; if (!ENGINE_register_ciphers(e) || !ENGINE_register_digests(e) @@ -208,13 +199,10 @@ static int gost_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, { if (!pmeth) { *nids = gost_pkey_meth_nids; - return 3; + return 2; } switch (nid) { - case NID_id_GostR3410_94: - *pmeth = pmeth_GostR3410_94; - return 1; case NID_id_GostR3410_2001: *pmeth = pmeth_GostR3410_2001; return 1; @@ -233,12 +221,9 @@ static int gost_pkey_asn1_meths(ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth, { if (!ameth) { *nids = gost_pkey_meth_nids; - return 3; + return 2; } switch (nid) { - case NID_id_GostR3410_94: - *ameth = ameth_GostR3410_94; - return 1; case NID_id_GostR3410_2001: *ameth = ameth_GostR3410_2001; return 1; @@ -269,7 +254,7 @@ static ENGINE *engine_gost(void) void ENGINE_load_gost(void) { ENGINE *toadd; - if (pmeth_GostR3410_94) + if (pmeth_GostR3410_2001) return; toadd = engine_gost(); if (!toadd) diff --git a/engines/ccgost/gost_lcl.h b/engines/ccgost/gost_lcl.h index 3a2c7d5701..27fe0e761a 100644 --- a/engines/ccgost/gost_lcl.h +++ b/engines/ccgost/gost_lcl.h @@ -23,6 +23,18 @@ # define GOST_PARAM_MAX 0 # define GOST_CTRL_CRYPT_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_CRYPT_PARAMS) +typedef struct R3410_2001 { + int nid; + char *a; + char *b; + char *p; + char *q; + char *x; + char *y; +} R3410_2001_params; + +extern R3410_2001_params R3410_2001_paramset[]; + extern const ENGINE_CMD_DEFN gost_cmds[]; int gost_control_func(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); const char *get_gost_engine_param(int param); @@ -167,14 +179,6 @@ extern EVP_CIPHER cipher_gost_cpacnt; # define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3) # define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4) /* EVP_PKEY_METHOD key encryption callbacks */ -/* From gost94_keyx.c */ -int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, - size_t *outlen, const unsigned char *key, - size_t key_len); - -int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, - size_t *outlen, const unsigned char *in, - size_t in_len); /* From gost2001_keyx.c */ int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char *key, @@ -187,10 +191,7 @@ int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, /* From gost2001_keyx.c */ int pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); -/* From gost94_keyx.c */ -int pkey_gost94_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); /* Internal functions for signature algorithms */ -int fill_GOST94_params(DSA *dsa, int nid); int fill_GOST2001_params(EC_KEY *eckey, int nid); int gost_sign_keygen(DSA *dsa); int gost2001_keygen(EC_KEY *ec); @@ -203,7 +204,6 @@ int gost_do_verify(const unsigned char *dgst, int dgst_len, int gost2001_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, EC_KEY *ec); int gost2001_compute_public(EC_KEY *ec); -int gost94_compute_public(DSA *dsa); /*============== miscellaneous functions============================= */ /* from gost_sign.c */ /* Convert GOST R 34.11 hash sum to bignum according to standard */ @@ -220,10 +220,8 @@ int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen); /* Unpack GOST R 34.10 signature according to CryptoPro rules */ DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen); /* from ameth.c */ -/* Get private key as BIGNUM from both R 34.10-94 and R 34.10-2001 keys*/ +/* Get private key as BIGNUM from both 34.10-2001 keys*/ /* Returns pointer into EVP_PKEY structure */ BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey); -/* Find NID by GOST 94 parameters */ -int gost94_nid_by_params(DSA *p); #endif diff --git a/engines/ccgost/gost_params.c b/engines/ccgost/gost_params.c index 0411534b71..2371c9a59e 100644 --- a/engines/ccgost/gost_params.c +++ b/engines/ccgost/gost_params.c @@ -7,138 +7,11 @@ * OpenSSL 0.9.9 libraries required to compile and use * * this code * **********************************************************************/ -#include "gost_params.h" +#include "gost_lcl.h" #include /* Parameters of GOST 34.10 */ -R3410_params R3410_paramset[] = { -/* Paramset A */ - {NID_id_GostR3410_94_CryptoPro_A_ParamSet, - "100997906755055304772081815535925224869" - "8410825720534578748235158755771479905292727772441528526992987964833" - "5669968284202797289605274717317548059048560713474685214192868091256" - "1502802222185647539190902656116367847270145019066794290930185446216" - "3997308722217328898303231940973554032134009725883228768509467406639" - "62", - "127021248288932417465907042777176443525" - "7876535089165358128175072657050312609850984974231883334834011809259" - "9999512098893413065920561499672425412104927434935707492031276956145" - "1689224110579311248812610229678534638401693520013288995000362260684" - "2227508135323070045173416336850045410625869714168836867788425378203" - "83", - "683631961449557007844441656118272528951" - "02170888761442055095051287550314083023"} - , - {NID_id_GostR3410_94_CryptoPro_B_ParamSet, - "429418261486158041438734477379555023926" - "7234596860714306679811299408947123142002706038521669956384871995765" - "7284814898909770759462613437669456364882730370838934791080835932647" - "9767786019153434744009610342313166725786869204821949328786333602033" - "8479709268434224762105576023501613261478065276102850944540333865234" - "1", - "139454871199115825601409655107690713107" - "0417070599280317977580014543757653577229840941243685222882398330391" - "1468164807668823692122073732267216074074777170091113455043205380464" - "7694904686120113087816240740184800477047157336662926249423571248823" - "9685422217536601433914856808405203368594584948031873412885804895251" - "63", - "79885141663410976897627118935756323747307951916507639758300472692338873533959"} - , - {NID_id_GostR3410_94_CryptoPro_C_ParamSet, - "816552717970881016017893191415300348226" - "2544051353358162468249467681876621283478212884286545844013955142622" - "2087723485023722868022275009502224827866201744494021697716482008353" - "6398202298024892620480898699335508064332313529725332208819456895108" - "5155178100221003459370588291073071186553005962149936840737128710832" - "3", - "110624679233511963040518952417017040248" - "5862954819831383774196396298584395948970608956170224210628525560327" - "8638246716655439297654402921844747893079518669992827880792192992701" - "1428546551433875806377110443534293554066712653034996277099320715774" - "3542287621283671843703709141350171945045805050291770503634517804938" - "01", - "113468861199819350564868233378875198043" - "267947776488510997961231672532899549103"} - , - {NID_id_GostR3410_94_CryptoPro_D_ParamSet, - "756976611021707301782128757801610628085" - "5283803109571158829574281419208532589041660017017859858216341400371" - "4687551412794400562878935266630754392677014598582103365983119173924" - "4732511225464712252386803315902707727668715343476086350472025298282" - "7271461690125050616858238384366331089777463541013033926723743254833" - "7", - "905457649621929965904290958774625315611" - "3056083907389766971404812524422262512556054474620855996091570786713" - "5849550236741915584185990627801066465809510095784713989819413820871" - "5964648914493053407920737078890520482730623038837767710173664838239" - "8574828787891286471201460474326612697849693665518073864436497893214" - "9", - "108988435796353506912374591498972192620" - "190487557619582334771735390599299211593"} - , - - {NID_id_GostR3410_94_CryptoPro_XchA_ParamSet, - "1335318132727206734338595199483190012179423759678474868994823595993" - "6964252873471246159040332773182141032801252925387191478859899310331" - "0567744136196364803064721377826656898686468463277710150809401182608" - "7702016153249904683329312949209127762411378780302243557466062839716" - "59376426832674269780880061631528163475887", - "14201174159756348119636828602231808974327613839524373876287257344192" - "74593935127189736311660784676003608489466235676257952827747192122419" - "29071046134208380636394084512691828894000571524625445295769349356752" - "72895683154177544176313938445719175509684710784659566254794231229333" - "8483924514339614727760681880609734239", - "91771529896554605945588149018382750217296858393520724172743325725474" - "374979801"} - , - {NID_id_GostR3410_94_CryptoPro_XchB_ParamSet, - "8890864727828423151699995801875757891031463338652579140051973659" - "3048131440685857067369829407947744496306656291505503608252399443" - "7900272386749145996230867832228661977543992816745254823298629859" - "8753575466286051738837854736167685769017780335804511440773337196" - "2538423532919394477873664752824509986617878992443177", - "1028946126624994859676552074360530315217970499989304888248413244" - "8474923022758470167998871003604670704877377286176171227694098633" - "1539089568784129110109512690503345393869871295783467257264868341" - "7200196629860561193666752429682367397084815179752036423595736533" - "68957392061769855284593965042530895046088067160269433", - "9109671391802626916582318050603555673628769498182593088388796888" - "5281641595199"} - , - {NID_id_GostR3410_94_CryptoPro_XchC_ParamSet, - "4430618464297584182473135030809859326863990650118941756995270074" - "8609973181426950235239623239110557450826919295792878938752101867" - "7047181623251027516953100431855964837602657827828194249605561893" - "6965865325513137194483136247773653468410118796740709840825496997" - "9375560722345106704721086025979309968763193072908334", - "1246996366993477513607147265794064436203408861395055989217248455" - "7299870737698999651480662364723992859320868822848751165438350943" - "3276647222625940615560580450040947211826027729977563540237169063" - "0448079715771649447778447000597419032457722226253269698374446528" - "35352729304393746106576383349151001715930924115499549", - "6787876137336591234380295020065682527118129468050147943114675429" - "4748422492761"} - , - - {NID_undef, NULL, NULL, NULL} -}; - R3410_2001_params R3410_2001_paramset[] = { - /* default_cc_sign01_param 1.2.643.2.9.1.8.1 */ - {NID_id_GostR3410_2001_ParamSet_cc, - /* A */ - "C0000000000000000000000000000000000000000000000000000000000003c4", - /* B */ - "2d06B4265ebc749ff7d0f1f1f88232e81632e9088fd44b7787d5e407e955080c", - /* P */ - "C0000000000000000000000000000000000000000000000000000000000003C7", - /* Q */ - "5fffffffffffffffffffffffffffffff606117a2f4bde428b7458a54b6e87b85", - /* X */ - "2", - /* Y */ - "a20e034bf8813ef5c18d01105e726a17eb248b264ae9706f440bedc8ccb6b22c"} - , /* 1.2.643.2.2.35.0 */ {NID_id_GostR3410_2001_TestParamSet, "7", diff --git a/engines/ccgost/gost_params.h b/engines/ccgost/gost_params.h deleted file mode 100644 index 0773cbfa58..0000000000 --- a/engines/ccgost/gost_params.h +++ /dev/null @@ -1,34 +0,0 @@ -/********************************************************************** - * gost_params.h * - * Copyright (c) 2005-2006 Cryptocom LTD * - * This file is distributed under the same license as OpenSSL * - * * - * Declaration of structures used to represent GOST R 34.10 * - * parameter sets, defined in RFC 4357 * - * OpenSSL 0.9.9 libraries required to compile and use * - * this code * - **********************************************************************/ -#ifndef GOST_PARAMSET_H -# define GOST_PARAMSET_H -typedef struct R3410 { - int nid; - char *a; - char *p; - char *q; -} R3410_params; - -extern R3410_params R3410_paramset[]; - -typedef struct R3410_2001 { - int nid; - char *a; - char *b; - char *p; - char *q; - char *x; - char *y; -} R3410_2001_params; - -extern R3410_2001_params R3410_2001_paramset[]; - -#endif diff --git a/engines/ccgost/gost_pmeth.c b/engines/ccgost/gost_pmeth.c index af1d29e35c..0574d6eee4 100644 --- a/engines/ccgost/gost_pmeth.c +++ b/engines/ccgost/gost_pmeth.c @@ -15,7 +15,6 @@ #include #include #include -#include "gost_params.h" #include "gost_lcl.h" #include "e_gost_err.h" /* -----init, cleanup, copy - uniform for all algs ---------------*/ @@ -31,9 +30,6 @@ static int pkey_gost_init(EVP_PKEY_CTX *ctx) memset(data, 0, sizeof(*data)); if (pkey && EVP_PKEY_get0(pkey)) { switch (EVP_PKEY_base_id(pkey)) { - case NID_id_GostR3410_94: - data->sign_param_nid = gost94_nid_by_params(EVP_PKEY_get0(pkey)); - break; case NID_id_GostR3410_2001: data->sign_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group @@ -126,69 +122,6 @@ static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return -2; } -static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) -{ - int param_nid = 0; - - if (strcmp(type, param_ctrl_string) == 0) { - if (!value) { - return 0; - } - if (strlen(value) == 1) { - switch (toupper((unsigned char)value[0])) { - case 'A': - param_nid = NID_id_GostR3410_94_CryptoPro_A_ParamSet; - break; - case 'B': - param_nid = NID_id_GostR3410_94_CryptoPro_B_ParamSet; - break; - case 'C': - param_nid = NID_id_GostR3410_94_CryptoPro_C_ParamSet; - break; - case 'D': - param_nid = NID_id_GostR3410_94_CryptoPro_D_ParamSet; - break; - default: - return 0; - } - } else if ((strlen(value) == 2) - && (toupper((unsigned char)value[0]) == 'X')) { - switch (toupper((unsigned char)value[1])) { - case 'A': - param_nid = NID_id_GostR3410_94_CryptoPro_XchA_ParamSet; - break; - case 'B': - param_nid = NID_id_GostR3410_94_CryptoPro_XchB_ParamSet; - break; - case 'C': - param_nid = NID_id_GostR3410_94_CryptoPro_XchC_ParamSet; - break; - default: - return 0; - } - } else { - R3410_params *p = R3410_paramset; - param_nid = OBJ_txt2nid(value); - if (param_nid == NID_undef) { - return 0; - } - for (; p->nid != NID_undef; p++) { - if (p->nid == param_nid) - break; - } - if (p->nid == NID_undef) { - GOSTerr(GOST_F_PKEY_GOST_CTRL94_STR, GOST_R_INVALID_PARAMSET); - return 0; - } - } - - return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET, - param_nid, NULL); - } - return -2; -} - static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) { @@ -256,23 +189,6 @@ static int pkey_gost_paramgen_init(EVP_PKEY_CTX *ctx) return 1; } -static int pkey_gost94_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); - DSA *dsa = NULL; - if (data->sign_param_nid == NID_undef) { - GOSTerr(GOST_F_PKEY_GOST94_PARAMGEN, GOST_R_NO_PARAMETERS_SET); - return 0; - } - dsa = DSA_new(); - if (!fill_GOST94_params(dsa, data->sign_param_nid)) { - DSA_free(dsa); - return 0; - } - EVP_PKEY_assign(pkey, NID_id_GostR3410_94, dsa); - return 1; -} - static int pkey_gost01_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); @@ -292,17 +208,6 @@ static int pkey_gost01_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) return 1; } -/* Generates Gost_R3410_94_cp key */ -static int pkey_gost94cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - DSA *dsa; - if (!pkey_gost94_paramgen(ctx, pkey)) - return 0; - dsa = EVP_PKEY_get0(pkey); - gost_sign_keygen(dsa); - return 1; -} - /* Generates GOST_R3410 2001 key and assigns it using specified type */ static int pkey_gost01cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { @@ -315,26 +220,21 @@ static int pkey_gost01cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) } /* ----------- sign callbacks --------------------------------------*/ - -static int pkey_gost94_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbs_len) +/* + * Packs signature according to Cryptopro rules + * and frees up DSA_SIG structure + */ +int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen) { - DSA_SIG *unpacked_sig = NULL; - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); - if (!siglen) - return 0; - if (!sig) { - *siglen = 64; /* better to check size of pkey->pkey.dsa-q */ - return 1; - } - unpacked_sig = gost_do_sign(tbs, tbs_len, EVP_PKEY_get0(pkey)); - if (!unpacked_sig) { - return 0; - } - return pack_sign_cp(unpacked_sig, 32, sig, siglen); + *siglen = 2 * order; + memset(sig, 0, *siglen); + store_bignum(s->s, sig, order); + store_bignum(s->r, sig + order, order); + DSA_SIG_free(s); + return 1; } + static int pkey_gost01_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbs_len) @@ -355,22 +255,22 @@ static int pkey_gost01_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, } /* ------------------- verify callbacks ---------------------------*/ - -static int pkey_gost94_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbs_len) +/* Unpack signature according to cryptopro rules */ +DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen) { - int ok = 0; - EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx); - DSA_SIG *s = unpack_cp_signature(sig, siglen); - if (!s) - return 0; - if (pub_key) - ok = gost_do_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key)); - DSA_SIG_free(s); - return ok; + DSA_SIG *s; + + s = DSA_SIG_new(); + if (s == NULL) { + GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, ERR_R_MALLOC_FAILURE); + return NULL; + } + s->s = BN_bin2bn(sig, siglen / 2, NULL); + s->r = BN_bin2bn(sig + siglen / 2, siglen / 2, NULL); + return s; } + static int pkey_gost01_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbs_len) @@ -570,20 +470,6 @@ int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags) return 0; switch (id) { - case NID_id_GostR3410_94: - EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_ctrl, pkey_gost_ctrl94_str); - EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost94cp_keygen); - EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost94_cp_sign); - EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost94_cp_verify); - EVP_PKEY_meth_set_encrypt(*pmeth, - pkey_gost_encrypt_init, - pkey_GOST94cp_encrypt); - EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_GOST94cp_decrypt); - EVP_PKEY_meth_set_derive(*pmeth, - pkey_gost_derive_init, pkey_gost94_derive); - EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init, - pkey_gost94_paramgen); - break; case NID_id_GostR3410_2001: EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_ctrl, pkey_gost_ctrl01_str); EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost01_cp_sign); diff --git a/engines/ccgost/gost_sign.c b/engines/ccgost/gost_sign.c deleted file mode 100644 index 543c399688..0000000000 --- a/engines/ccgost/gost_sign.c +++ /dev/null @@ -1,365 +0,0 @@ -/********************************************************************** - * gost_sign.c * - * Copyright (c) 2005-2006 Cryptocom LTD * - * This file is distributed under the same license as OpenSSL * - * * - * Implementation of GOST R 34.10-94 signature algorithm * - * for OpenSSL * - * Requires OpenSSL 0.9.9 for compilation * - **********************************************************************/ -#include -#include -#include -#include -#include -#include -#include - -#include "gost_params.h" -#include "gost_lcl.h" -#include "e_gost_err.h" - -#ifdef DEBUG_SIGN -void dump_signature(const char *message, const unsigned char *buffer, - size_t len) -{ - size_t i; - fprintf(stderr, "signature %s Length=%d", message, len); - for (i = 0; i < len; i++) { - if (i % 16 == 0) - fputc('\n', stderr); - fprintf(stderr, " %02x", buffer[i]); - } - fprintf(stderr, "\nEnd of signature\n"); -} - -void dump_dsa_sig(const char *message, DSA_SIG *sig) -{ - fprintf(stderr, "%s\nR=", message); - BN_print_fp(stderr, sig->r); - fprintf(stderr, "\nS="); - BN_print_fp(stderr, sig->s); - fprintf(stderr, "\n"); -} - -#else - -# define dump_signature(a,b,c) -# define dump_dsa_sig(a,b) -#endif - -/* - * Computes signature and returns it as DSA_SIG structure - */ -DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) -{ - BIGNUM *k = NULL, *tmp = NULL, *tmp2 = NULL; - DSA_SIG *newsig = NULL, *ret = NULL; - BIGNUM *md = hashsum2bn(dgst); - /* check if H(M) mod q is zero */ - BN_CTX *ctx = BN_CTX_new(); - if (!ctx) { - GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; - } - BN_CTX_start(ctx); - newsig = DSA_SIG_new(); - if (!newsig) { - GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; - } - tmp = BN_CTX_get(ctx); - k = BN_CTX_get(ctx); - tmp2 = BN_CTX_get(ctx); - if (!tmp || !k || !tmp2) { - GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; - } - BN_mod(tmp, md, dsa->q, ctx); - if (BN_is_zero(tmp)) { - BN_one(md); - } - do { - do { - /* - * Generate random number k less than q - */ - BN_rand_range(k, dsa->q); - /* generate r = (a^x mod p) mod q */ - BN_mod_exp(tmp, dsa->g, k, dsa->p, ctx); - if (!(newsig->r)) { - newsig->r = BN_new(); - if (!newsig->r) { - GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; - } - } - BN_mod(newsig->r, tmp, dsa->q, ctx); - } - while (BN_is_zero(newsig->r)); - /* generate s = (xr + k(Hm)) mod q */ - BN_mod_mul(tmp, dsa->priv_key, newsig->r, dsa->q, ctx); - BN_mod_mul(tmp2, k, md, dsa->q, ctx); - if (!newsig->s) { - newsig->s = BN_new(); - if (!newsig->s) { - GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE); - goto err; - } - } - BN_mod_add(newsig->s, tmp, tmp2, dsa->q, ctx); - } - while (BN_is_zero(newsig->s)); - - ret = newsig; - err: - BN_free(md); - if (ctx) - BN_CTX_end(ctx); - BN_CTX_free(ctx); - if (!ret) - DSA_SIG_free(newsig); - return ret; -} - -/* - * Packs signature according to Cryptocom rules - * and frees up DSA_SIG structure - */ -/*- -int pack_sign_cc(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen) - { - *siglen = 2*order; - memset(sig,0,*siglen); - store_bignum(s->r, sig,order); - store_bignum(s->s, sig + order,order); - dump_signature("serialized",sig,*siglen); - DSA_SIG_free(s); - return 1; - } -*/ -/* - * Packs signature according to Cryptopro rules - * and frees up DSA_SIG structure - */ -int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen) -{ - *siglen = 2 * order; - memset(sig, 0, *siglen); - store_bignum(s->s, sig, order); - store_bignum(s->r, sig + order, order); - dump_signature("serialized", sig, *siglen); - DSA_SIG_free(s); - return 1; -} - -/* - * Verifies signature passed as DSA_SIG structure - * - */ - -int gost_do_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa) -{ - BIGNUM *md = NULL, *tmp = NULL; - BIGNUM *q2 = NULL; - BIGNUM *u = NULL, *v = NULL, *z1 = NULL, *z2 = NULL; - BIGNUM *tmp2 = NULL, *tmp3 = NULL; - int ok = 0; - BN_CTX *ctx = BN_CTX_new(); - if (!ctx) { - GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE); - goto err; - } - - BN_CTX_start(ctx); - if (BN_cmp(sig->s, dsa->q) >= 1 || BN_cmp(sig->r, dsa->q) >= 1) { - GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q); - goto err; - } - md = hashsum2bn(dgst); - - tmp = BN_CTX_get(ctx); - v = BN_CTX_get(ctx); - q2 = BN_CTX_get(ctx); - z1 = BN_CTX_get(ctx); - z2 = BN_CTX_get(ctx); - tmp2 = BN_CTX_get(ctx); - tmp3 = BN_CTX_get(ctx); - u = BN_CTX_get(ctx); - if (!tmp || !v || !q2 || !z1 || !z2 || !tmp2 || !tmp3 || !u) { - GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE); - goto err; - } - - BN_mod(tmp, md, dsa->q, ctx); - if (BN_is_zero(tmp)) { - BN_one(md); - } - BN_copy(q2, dsa->q); - BN_sub_word(q2, 2); - BN_mod_exp(v, md, q2, dsa->q, ctx); - BN_mod_mul(z1, sig->s, v, dsa->q, ctx); - BN_sub(tmp, dsa->q, sig->r); - BN_mod_mul(z2, tmp, v, dsa->p, ctx); - BN_mod_exp(tmp, dsa->g, z1, dsa->p, ctx); - BN_mod_exp(tmp2, dsa->pub_key, z2, dsa->p, ctx); - BN_mod_mul(tmp3, tmp, tmp2, dsa->p, ctx); - BN_mod(u, tmp3, dsa->q, ctx); - ok = (BN_cmp(u, sig->r) == 0); - - if (!ok) { - GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH); - } -err: - BN_free(md); - if (ctx) - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return (ok == 0); -} - -/* - * Computes public keys for GOST R 34.10-94 algorithm - * - */ -int gost94_compute_public(DSA *dsa) -{ - /* Now fill algorithm parameters with correct values */ - BN_CTX *ctx; - if (!dsa->g) { - GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, GOST_R_KEY_IS_NOT_INITALIZED); - return 0; - } - ctx = BN_CTX_new(); - if (!ctx) { - GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE); - return 0; - } - - dsa->pub_key = BN_new(); - if (!dsa->pub_key) { - GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE); - BN_CTX_free(ctx); - return 0; - } - /* Compute public key y = a^x mod p */ - BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx); - BN_CTX_free(ctx); - return 1; -} - -/* - * Fill GOST 94 params, searching them in R3410_paramset array - * by nid of paramset - * - */ -int fill_GOST94_params(DSA *dsa, int nid) -{ - R3410_params *params = R3410_paramset; - while (params->nid != NID_undef && params->nid != nid) - params++; - if (params->nid == NID_undef) { - GOSTerr(GOST_F_FILL_GOST94_PARAMS, GOST_R_UNSUPPORTED_PARAMETER_SET); - return 0; - } -#define dump_signature(a,b,c) - BN_free(dsa->p); - dsa->p = NULL; - BN_dec2bn(&(dsa->p), params->p); - BN_free(dsa->q); - dsa->q = NULL; - BN_dec2bn(&(dsa->q), params->q); - BN_free(dsa->g); - dsa->g = NULL; - BN_dec2bn(&(dsa->g), params->a); - return 1; -} - -/* - * Generate GOST R 34.10-94 keypair - * - * - */ -int gost_sign_keygen(DSA *dsa) -{ - dsa->priv_key = BN_new(); - if (!dsa->priv_key) { - GOSTerr(GOST_F_GOST_SIGN_KEYGEN, ERR_R_MALLOC_FAILURE); - return 0; - } - BN_rand_range(dsa->priv_key, dsa->q); - return gost94_compute_public(dsa); -} - -/* Unpack signature according to cryptocom rules */ -/*- -DSA_SIG *unpack_cc_signature(const unsigned char *sig,size_t siglen) - { - DSA_SIG *s; - s = DSA_SIG_new(); - if (s == NULL) - { - GOSTerr(GOST_F_UNPACK_CC_SIGNATURE,ERR_R_MALLOC_FAILURE); - return(NULL); - } - s->r = getbnfrombuf(sig, siglen/2); - s->s = getbnfrombuf(sig + siglen/2, siglen/2); - return s; - } -*/ -/* Unpack signature according to cryptopro rules */ -DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen) -{ - DSA_SIG *s; - - s = DSA_SIG_new(); - if (s == NULL) { - GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, ERR_R_MALLOC_FAILURE); - return NULL; - } - s->s = getbnfrombuf(sig, siglen / 2); - s->r = getbnfrombuf(sig + siglen / 2, siglen / 2); - return s; -} - -/* Convert little-endian byte array into bignum */ -BIGNUM *hashsum2bn(const unsigned char *dgst) -{ - unsigned char buf[32]; - int i; - for (i = 0; i < 32; i++) { - buf[31 - i] = dgst[i]; - } - return getbnfrombuf(buf, 32); -} - -/* Convert byte buffer to bignum, skipping leading zeros*/ -BIGNUM *getbnfrombuf(const unsigned char *buf, size_t len) -{ - while (*buf == 0 && len > 0) { - buf++; - len--; - } - if (len) { - return BN_bin2bn(buf, len, NULL); - } else { - BIGNUM *b = BN_new(); - BN_zero(b); - return b; - } -} - -/* - * Pack bignum into byte buffer of given size, filling all leading bytes by - * zeros - */ -int store_bignum(BIGNUM *bn, unsigned char *buf, int len) -{ - int bytes = BN_num_bytes(bn); - if (bytes > len) - return 0; - memset(buf, 0, len); - BN_bn2bin(bn, buf + len - bytes); - return 1; -} diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 1eef9cc93a..6e98784480 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -878,7 +878,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS_CT_ECDSA_SIGN 64 # define TLS_CT_RSA_FIXED_ECDH 65 # define TLS_CT_ECDSA_FIXED_ECDH 66 -# define TLS_CT_GOST94_SIGN 21 # define TLS_CT_GOST01_SIGN 22 /* * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 943cf733f0..4d69c2af82 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -618,9 +618,7 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey) ret = SSL_PKEY_ECC; } #endif - else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) { - ret = SSL_PKEY_GOST94; - } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) { + else if (i == NID_id_GostR3410_2001) { ret = SSL_PKEY_GOST01; } else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) { /* diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 1661b0ef8c..01a0a8c43c 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -3059,8 +3059,7 @@ int ssl3_send_client_verify(SSL *s) n = j + 2; } else #endif - if (pkey->type == NID_id_GostR3410_94 - || pkey->type == NID_id_GostR3410_2001) { + if (pkey->type == NID_id_GostR3410_2001) { unsigned char signbuf[64]; int i; size_t sigsize = 64; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 83b8f686bb..0a3bba4890 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1145,19 +1145,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { /* GOST Ciphersuites */ - { - 1, - "GOST94-GOST89-GOST89", - 0x3000080, - SSL_kGOST, - SSL_aGOST94, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH, - SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, - 256, - 256}, { 1, "GOST2001-GOST89-GOST89", @@ -1170,20 +1157,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, 256, - 256}, - { - 1, - "GOST94-NULL-GOST94", - 0x3000082, - SSL_kGOST, - SSL_aGOST94, - SSL_eNULL, - SSL_GOST94, - SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, - 0, - 0}, + 256 + }, { 1, "GOST2001-NULL-GOST94", @@ -1196,7 +1171,8 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_NOT_EXP | SSL_STRONG_NONE, SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, 0, - 0}, + 0 + }, #ifndef OPENSSL_NO_CAMELLIA /* Camellia ciphersuites from RFC4132 (256-bit portion) */ @@ -3474,63 +3450,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256}, #endif -#ifdef TEMP_GOST_TLS -/* Cipher FF00 */ - { - 1, - "GOST-MD5", - 0x0300ff00, - SSL_kRSA, - SSL_aRSA, - SSL_eGOST2814789CNT, - SSL_MD5, - SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - { - 1, - "GOST-GOST94", - 0x0300ff01, - SSL_kRSA, - SSL_aRSA, - SSL_eGOST2814789CNT, - SSL_GOST94, - SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256}, - { - 1, - "GOST-GOST89MAC", - 0x0300ff02, - SSL_kRSA, - SSL_aRSA, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256}, - { - 1, - "GOST-GOST89STREAM", - 0x0300ff03, - SSL_kRSA, - SSL_aRSA, - SSL_eGOST2814789CNT, - SSL_GOST89MAC, - SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF | TLS1_STREAM_MAC, - 256, - 256}, -#endif - /* end of list */ }; @@ -4694,7 +4613,6 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) #ifndef OPENSSL_NO_GOST if (s->version >= TLS1_VERSION) { if (alg_k & SSL_kGOST) { - p[ret++] = TLS_CT_GOST94_SIGN; p[ret++] = TLS_CT_GOST01_SIGN; return (ret); } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 76f49bd837..acb2fa94bc 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2736,9 +2736,7 @@ int ssl3_get_client_key_exchange(SSL *s) /* Get our certificate private key */ alg_a = s->s3->tmp.new_cipher->algorithm_auth; - if (alg_a & SSL_aGOST94) - pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey; - else if (alg_a & SSL_aGOST01) + if (alg_a & SSL_aGOST01) pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; pkey_ctx = EVP_PKEY_CTX_new(pk, NULL); @@ -2874,8 +2872,7 @@ int ssl3_get_cert_verify(SSL *s) * If key is GOST and n is exactly 64, it is bare signature without * length field */ - if (n == 64 && (pkey->type == NID_id_GostR3410_94 || - pkey->type == NID_id_GostR3410_2001)) { + if (n == 64 && pkey->type == NID_id_GostR3410_2001) { len = 64; } else { if (SSL_USE_SIGALGS(s)) { @@ -2984,8 +2981,7 @@ int ssl3_get_cert_verify(SSL *s) } } else #endif - if (pkey->type == NID_id_GostR3410_94 - || pkey->type == NID_id_GostR3410_2001) { + if (pkey->type == NID_id_GostR3410_2001) { unsigned char signature[64]; int idx; EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index da64301b58..08a95f958b 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -331,9 +331,8 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94 | SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_aSRP, 0, 0, SSL_aSRP, 0, 0, 0, 0, 0, 0, 0}, /* aliases combining key exchange and server authentication */ @@ -528,14 +527,12 @@ void ssl_load_ciphers(void) disabled_mac_mask |= SSL_GOST89MAC; } - if (!get_optional_pkey_id("gost94")) - disabled_auth_mask |= SSL_aGOST94; if (!get_optional_pkey_id("gost2001")) disabled_auth_mask |= SSL_aGOST01; /* * Disable GOST key exchange if no GOST signature algs are available * */ - if ((disabled_auth_mask & (SSL_aGOST94 | SSL_aGOST01)) == (SSL_aGOST94 | SSL_aGOST01)) + if ((disabled_auth_mask & SSL_aGOST01) == SSL_aGOST01) disabled_mkey_mask |= SSL_kGOST; } @@ -1673,9 +1670,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_aSRP: au = "SRP"; break; - case SSL_aGOST94: - au = "GOST94"; - break; case SSL_aGOST01: au = "GOST01"; break; @@ -1961,8 +1955,6 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c) return SSL_PKEY_DSA_SIGN; else if (alg_a & SSL_aRSA) return SSL_PKEY_RSA_ENC; - else if (alg_a & SSL_aGOST94) - return SSL_PKEY_GOST94; else if (alg_a & SSL_aGOST01) return SSL_PKEY_GOST01; return -1; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 5a0ec8afc8..2a2eb7827c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2007,11 +2007,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) mask_k |= SSL_kGOST; mask_a |= SSL_aGOST01; } - cpk = &(c->pkeys[SSL_PKEY_GOST94]); - if (cpk->x509 != NULL && cpk->privatekey != NULL) { - mask_k |= SSL_kGOST; - mask_a |= SSL_aGOST94; - } if (rsa_enc || (rsa_tmp && rsa_sign)) mask_k |= SSL_kRSA; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index bc8388ab87..63b547a8f9 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -339,8 +339,6 @@ # define SSL_aECDSA 0x00000040L /* PSK auth */ # define SSL_aPSK 0x00000080L -/* GOST R 34.10-94 signature auth */ -# define SSL_aGOST94 0x00000100L /* GOST R 34.10-2001 signature auth */ # define SSL_aGOST01 0x00000200L /* SRP auth */ @@ -508,7 +506,6 @@ # define SSL_PKEY_DH_RSA 3 # define SSL_PKEY_DH_DSA 4 # define SSL_PKEY_ECC 5 -# define SSL_PKEY_GOST94 6 # define SSL_PKEY_GOST01 7 # define SSL_PKEY_NUM 8