SSL with GOST: processing of client key exchange omits UKM check
To whom it may concern.
I am sorry for having inadvertently sent an incomplete version of this message before.
I'm had a look at the openssl snap shot of April 23rd 2008.
When reviewing the code of the GOST plug-in for openssl to see how it works,
I found that there is no check of the UKM ssl3_get_client_key_exchange.
The draft [url]http://tools.ietf.org/draft/draft-chudov-cryptopro-cptls/draft-chudov-cryptopro-cptls-03.txt[/url] <http://tools.ietf.org/draft/draft-chudov-cryptopro-cptls/draft-chudov-cryptopro-cptls-03.txt> requires in section 3.6 :
" Server MUST verify, that keyBlob.transportParameters.ukm is equal to
GOSTR3411(client_random|server_random)[0..7], before decrypting the
premaster_secret. "
It seems to me that this check was omitted since I could not find it either in function ssl3_get_client_key_exchange() nor in function pkey_GOST94cp_decrypt().
To my opinion, the check should be done in pkey_GOST94cp_decrypt. It may be done in the following way:
1. In function ssl3_get_client_key_exchange: Generate the shared UKM from server_random and client_random the same the client is supposed to have generated it.
2. In function ssl3_get_client_key_exchange: Submit the this UKM to the EVP_PKEY_CTX instance pkey_ctx by calling
EVP_PKEY_CTX_ctrl(pkey_ctx,-1,EVP_PKEY_OP_DECRYPT,EVP_PKEY_CTRL_SET_IV,8,shared_ukm). The UKM is to be stored in the GOST specific part of pkey_ctx.
3. In function pkey_GOST94cp_decrypt: Compare the UKM stored in the EVP_PKEY_CTX instance with the one wich was parsed from the key transport blob submitted to this function call.
Who is taking care about maintenance of the GOST plug-in?
How can I contribute to that work?
Regards
André Ziermann
Senior Solution Engineer
SECUDE IT Security GmbH
Goebelstrasse 21
64293 Darmstadt / Germany
Tel. : +49 (0)6151 82897 21
Fax : +49 (0)6151 82897 26
Mobile : +49 (0) 170 987 81 73
[email]ziermann@secude.com[/email]
[url]www.secude.com[/url] <http://www.secude.com/>
______________________________________________________________________
OpenSSL Project [url]http://www.openssl.org[/url]
Development Mailing List [email]openssl-dev@openssl.org[/email]
Automated List Manager [email]majordomo@openssl.org[/email]
