From 92c8d6ae0d741fdca3b72baf627d16908dae64ce Mon Sep 17 00:00:00 2001 From: Dmitry Belyavsky Date: Mon, 19 Sep 2016 16:05:53 +0100 Subject: [PATCH] Avoid KCI attack for GOST Russian GOST ciphersuites are vulnerable to the KCI attack because they use long-term keys to establish the connection when ssl client authorization is on. This change brings the GOST implementation into line with the latest specs in order to avoid the attack. It should not break backwards compatibility. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell --- ssl/s3_clnt.c | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index d2afaa5b9f..218534734d 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -3013,19 +3013,6 @@ int ssl3_send_client_key_exchange(SSL *s) ERR_R_INTERNAL_ERROR); goto err; } - /* - * If we have client certificate, use its secret as peer key - */ - if (s->s3->tmp.cert_req && s->cert->key->privatekey) { - if (EVP_PKEY_derive_set_peer - (pkey_ctx, s->cert->key->privatekey) <= 0) { - /* - * If there was an error - just ignore it. Ephemeral key - * * would be used - */ - ERR_clear_error(); - } - } /* * Compute shared IV and store it in algorithm-specific context * data @@ -3072,12 +3059,6 @@ int ssl3_send_client_key_exchange(SSL *s) n = msglen + 2; } memcpy(p, tmp, msglen); - /* Check if pubkey from client certificate was used */ - if (EVP_PKEY_CTX_ctrl - (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) { - /* Set flag "skip certificate verify" */ - s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; - } EVP_PKEY_CTX_free(pkey_ctx); s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, -- 2.25.1