From 16736d9b0ee58dedf00478b441aa0987678482af Mon Sep 17 00:00:00 2001 From: Mikhail Mitskevich Date: Thu, 26 Mar 2026 13:10:58 +0300 Subject: [PATCH 1/7] Add support for PSK mode --- btls/patch/OpenSSL_1_1_1i.patch | 92 +++++++++++- btls/patch/openssl-3.3.1.patch | 248 +++++++++++++++++++++++--------- 2 files changed, 266 insertions(+), 74 deletions(-) diff --git a/btls/patch/OpenSSL_1_1_1i.patch b/btls/patch/OpenSSL_1_1_1i.patch index 0750331..7162626 100644 --- a/btls/patch/OpenSSL_1_1_1i.patch +++ b/btls/patch/OpenSSL_1_1_1i.patch @@ -1,3 +1,89 @@ +diff --git a/apps/apps.h b/apps/apps.h +index 34c3fd86..eb68690e 100644 +--- a/apps/apps.h ++++ b/apps/apps.h +@@ -52,6 +52,9 @@ extern BIO *bio_out; + extern BIO *bio_err; + extern const unsigned char tls13_aes128gcmsha256_id[]; + extern const unsigned char tls13_aes256gcmsha384_id[]; ++extern const unsigned char tls13_beltche256hbelt_id[]; ++extern const unsigned char tls13_bashprg2561bash_id[]; ++extern const unsigned char* default_cipher; + extern BIO_ADDR *ourpeer; + + BIO_METHOD *apps_bf_prefix(void); +diff --git a/apps/s_client.c b/apps/s_client.c +index 83b3fc9c..b801bafe 100644 +--- a/apps/s_client.c ++++ b/apps/s_client.c +@@ -177,6 +177,9 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, + + const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 }; + const unsigned char tls13_aes256gcmsha384_id[] = { 0x13, 0x02 }; ++const unsigned char tls13_beltche256hbelt_id[] = { 0xFF, 0x1D }; ++const unsigned char tls13_bashprg2561bash_id[] = { 0xFF, 0x1E }; ++const unsigned char* default_cipher = tls13_aes128gcmsha256_id; + + static int psk_use_session_cb(SSL *s, const EVP_MD *md, + const unsigned char **id, size_t *idlen, +@@ -199,7 +202,7 @@ static int psk_use_session_cb(SSL *s, const EVP_MD *md, + } + + /* We default to SHA-256 */ +- cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id); ++ cipher = SSL_CIPHER_find(s, default_cipher); + if (cipher == NULL) { + BIO_printf(bio_err, "Error finding suitable ciphersuite\n"); + OPENSSL_free(key); +@@ -1145,6 +1148,17 @@ int s_client_main(int argc, char **argv) + BIO_printf(bio_err, "%s: Memory allocation failure\n", prog); + goto end; + } ++ if (!strcmp(opt_flag(), "-ciphersuites")) ++ { ++ if (!strcmp(opt_arg(), "BTLS_BASH_PRG_AE256_BASH256")) { ++ printf("Set default cipher %s\n", opt_arg()); ++ default_cipher = tls13_bashprg2561bash_id; ++ } ++ if (!strcmp(opt_arg(), "BTLS_BELT_CHE256_BELT_HASH")) { ++ printf("Set default cipher %s\n", opt_arg()); ++ default_cipher = tls13_beltche256hbelt_id; ++ } ++ } + break; + case OPT_V_CASES: + if (!opt_verify(o, vpm)) +diff --git a/apps/s_server.c b/apps/s_server.c +index 0ba75999..f1d38c0c 100644 +--- a/apps/s_server.c ++++ b/apps/s_server.c +@@ -208,7 +208,7 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity, + } + + /* We default to SHA256 */ +- cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id); ++ cipher = SSL_CIPHER_find(ssl, default_cipher); + if (cipher == NULL) { + BIO_printf(bio_err, "Error finding suitable ciphersuite\n"); + OPENSSL_free(key); +@@ -1276,6 +1276,17 @@ int s_server_main(int argc, char *argv[]) + BIO_printf(bio_err, "%s: Memory allocation failure\n", prog); + goto end; + } ++ if (!strcmp(opt_flag(), "-ciphersuites")) ++ { ++ if (!strcmp(opt_arg(), "BTLS_BASH_PRG_AE256_BASH256")) { ++ printf("Set default cipher %s\n", opt_arg()); ++ default_cipher = tls13_bashprg2561bash_id; ++ } ++ if (!strcmp(opt_arg(), "BTLS_BELT_CHE256_BELT_HASH")) { ++ printf("Set default cipher %s\n", opt_arg()); ++ default_cipher = tls13_beltche256hbelt_id; ++ } ++ } + break; + case OPT_V_CASES: + if (!opt_verify(o, vpm)) diff --git a/ssl/build.info b/ssl/build.info index bb2f1deb..e15d5cb0 100644 --- a/ssl/build.info @@ -781,7 +867,7 @@ index 48d46f8a..71f861c0 100644 /* User level utility function to check a chain is suitable */ diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c -index e2c397b7..afa46acf 100644 +index e2c397b7..5f2bb5cc 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -443,6 +443,16 @@ static const ssl_trace_tbl ssl_ciphers_tbl[] = { @@ -796,8 +882,8 @@ index e2c397b7..afa46acf 100644 + {0xFF1A, "BDHE-PSK-BIGN_WITH-BELT-DWP-HBELT"}, + {0xFF1B, "BDHT-PSK-BIGN_WITH-BELT-CTR-MAC-HBELT"}, + {0xFF1C, "BDHT-PSK-BIGN_WITH-BELT-DWP-HBELT"}, -+ {0xFF1D, "BELT-CHE256-BELT-HASH"}, -+ {0xFF1E, "BASH-PRG_AE256-BASH256"}, ++ {0xFF1D, "BELT-CHE256-BELT-HASH"}, ++ {0xFF1E, "BASH-PRG_AE256-BASH256"}, }; /* Compression methods */ diff --git a/btls/patch/openssl-3.3.1.patch b/btls/patch/openssl-3.3.1.patch index 87d480b..ed5e1ae 100644 --- a/btls/patch/openssl-3.3.1.patch +++ b/btls/patch/openssl-3.3.1.patch @@ -1,3 +1,89 @@ +diff --git a/apps/include/apps.h b/apps/include/apps.h +index a1b2cbb..ac8753e 100644 +--- a/apps/include/apps.h ++++ b/apps/include/apps.h +@@ -57,6 +57,9 @@ extern BIO *bio_out; + extern BIO *bio_err; + extern const unsigned char tls13_aes128gcmsha256_id[]; + extern const unsigned char tls13_aes256gcmsha384_id[]; ++extern const unsigned char tls13_beltche256hbelt_id[]; ++extern const unsigned char tls13_bashprg2561bash_id[]; ++extern const unsigned char* default_cipher; + extern BIO_ADDR *ourpeer; + + BIO *dup_bio_in(int format); +diff --git a/apps/s_client.c b/apps/s_client.c +index 78a4475..7f2cda0 100644 +--- a/apps/s_client.c ++++ b/apps/s_client.c +@@ -198,6 +198,9 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, + + const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 }; + const unsigned char tls13_aes256gcmsha384_id[] = { 0x13, 0x02 }; ++const unsigned char tls13_beltche256hbelt_id[] = { 0xFF, 0x1D }; ++const unsigned char tls13_bashprg2561bash_id[] = { 0xFF, 0x1E }; ++const unsigned char* default_cipher = tls13_aes128gcmsha256_id; + + static int psk_use_session_cb(SSL *s, const EVP_MD *md, + const unsigned char **id, size_t *idlen, +@@ -220,7 +223,7 @@ static int psk_use_session_cb(SSL *s, const EVP_MD *md, + } + + /* We default to SHA-256 */ +- cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id); ++ cipher = SSL_CIPHER_find(s, default_cipher); + if (cipher == NULL) { + BIO_printf(bio_err, "Error finding suitable ciphersuite\n"); + OPENSSL_free(key); +@@ -1126,6 +1129,17 @@ int s_client_main(int argc, char **argv) + BIO_printf(bio_err, "%s: Memory allocation failure\n", prog); + goto end; + } ++ if (!strcmp(opt_flag(), "-ciphersuites")) ++ { ++ if (!strcmp(opt_arg(), "BTLS_BASH_PRG_AE256_BASH256")) { ++ printf("Set default cipher %s\n", opt_arg()); ++ default_cipher = tls13_bashprg2561bash_id; ++ } ++ if (!strcmp(opt_arg(), "BTLS_BELT_CHE256_BELT_HASH")) { ++ printf("Set default cipher %s\n", opt_arg()); ++ default_cipher = tls13_beltche256hbelt_id; ++ } ++ } + break; + case OPT_V_CASES: + if (!opt_verify(o, vpm)) +diff --git a/apps/s_server.c b/apps/s_server.c +index 4a26c01..9212e00 100644 +--- a/apps/s_server.c ++++ b/apps/s_server.c +@@ -219,7 +219,7 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity, + } + + /* We default to SHA256 */ +- cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id); ++ cipher = SSL_CIPHER_find(ssl, default_cipher); + if (cipher == NULL) { + BIO_printf(bio_err, "Error finding suitable ciphersuite\n"); + OPENSSL_free(key); +@@ -1335,6 +1335,17 @@ int s_server_main(int argc, char *argv[]) + BIO_printf(bio_err, "%s: Memory allocation failure\n", prog); + goto end; + } ++ if (!strcmp(opt_flag(), "-ciphersuites")) ++ { ++ if (!strcmp(opt_arg(), "BTLS_BASH_PRG_AE256_BASH256")) { ++ printf("Set default cipher %s\n", opt_arg()); ++ default_cipher = tls13_bashprg2561bash_id; ++ } ++ if (!strcmp(opt_arg(), "BTLS_BELT_CHE256_BELT_HASH")) { ++ printf("Set default cipher %s\n", opt_arg()); ++ default_cipher = tls13_beltche256hbelt_id; ++ } ++ } + break; + case OPT_V_CASES: + if (!opt_verify(o, vpm)) diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 4deee46..52233ae 100644 --- a/crypto/pem/pem_pkey.c @@ -22,7 +108,7 @@ index 4f076c6..c031c07 100644 */ -# define SSL3_CT_NUMBER 12 +# define SSL3_CT_NUMBER 13 - + # if defined(TLS_CT_NUMBER) # if TLS_CT_NUMBER != SSL3_CT_NUMBER diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h @@ -35,33 +121,33 @@ index 7e3d1a7..f4fca39 100644 */ -# define TLS_CT_NUMBER 12 +# define TLS_CT_NUMBER 13 - + # if defined(SSL3_CT_NUMBER) # if TLS_CT_NUMBER != SSL3_CT_NUMBER - diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c -index f723461..b55f44f 100644 +diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c +index f723461..d763bb4 100644 --- a/providers/common/capabilities.c +++ b/providers/common/capabilities.c @@ -95,6 +95,9 @@ static const TLS_GROUP_CONSTANTS group_list[] = { { OSSL_TLS_GROUP_ID_ffdhe4096, 128, TLS1_3_VERSION, 0, -1, -1 }, { OSSL_TLS_GROUP_ID_ffdhe6144, 128, TLS1_3_VERSION, 0, -1, -1 }, { OSSL_TLS_GROUP_ID_ffdhe8192, 192, TLS1_3_VERSION, 0, -1, -1 }, -+ { 0x0200, 128, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION}, -+ { 0x0201, 192, TLS1_2_VERSION, TLS1_2_VERSION, -1, -1}, -+ { 0x0202, 256, TLS1_2_VERSION, TLS1_2_VERSION, -1, -1}, ++ { 0x0200, 128, TLS1_2_VERSION, TLS1_3_VERSION, DTLS1_VERSION, DTLS1_2_VERSION}, ++ { 0x0201, 192, TLS1_2_VERSION, TLS1_3_VERSION, -1, -1}, ++ { 0x0202, 256, TLS1_2_VERSION, TLS1_3_VERSION, -1, -1}, }; - + #define TLS_GROUP_ENTRY(tlsname, realname, algorithm, idx) \ @@ -206,6 +209,9 @@ static const OSSL_PARAM param_group_list[][10] = { TLS_GROUP_ENTRY("ffdhe6144", "ffdhe6144", "DH", 36), TLS_GROUP_ENTRY("ffdhe8192", "ffdhe8192", "DH", 37), # endif -+ TLS_GROUP_ENTRY("bign-curve256v1", "bign-curve256v1", "EC", 38), -+ TLS_GROUP_ENTRY("bign-curve384v1", "bign-curve384v1", "EC", 39), -+ TLS_GROUP_ENTRY("bign-curve512v1", "bign-curve512v1", "EC", 40), ++ TLS_GROUP_ENTRY("bign-curve256v1", "bign-curve256v1", "bign", 38), ++ TLS_GROUP_ENTRY("bign-curve384v1", "bign-curve384v1", "bign", 39), ++ TLS_GROUP_ENTRY("bign-curve512v1", "bign-curve512v1", "bign", 40), }; #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ - + diff --git a/ssl/build.info b/ssl/build.info index de28a07..4acb3bd 100644 --- a/ssl/build.info @@ -73,7 +159,7 @@ index de28a07..4acb3bd 100644 - tls_depr.c + tls_depr.c\ + btls.c - + # For shared builds we need to include the libcrypto packet.c and quic_vlint.c # in libssl as well. diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c @@ -85,7 +171,7 @@ index 2bc5e79..a1967ea 100644 #include #include "internal/cryptlib.h" +#include "btls.h" - + #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers) #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) @@ -112,7 +113,37 @@ static SSL_CIPHER tls13_ciphers[] = { @@ -125,7 +211,7 @@ index 2bc5e79..a1967ea 100644 + 256, + } }; - + /* @@ -3212,6 +3243,135 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, @@ -261,7 +347,7 @@ index 2bc5e79..a1967ea 100644 + 256, + }, }; - + /* @@ -4400,7 +4560,10 @@ int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt) || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)) @@ -296,7 +382,7 @@ index e4dc806..78b1fe1 100644 + {NID_bign_pubkey, SSL_aBIGN} /* SSL_PKEY_BIGN */ }; diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index ddde21b..904cfa6 100644 +index ddde21b..2316e1b 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -21,6 +21,7 @@ @@ -304,9 +390,9 @@ index ddde21b..904cfa6 100644 #include "internal/thread_once.h" #include "internal/cryptlib.h" +#include "btls.h" - + /* NB: make sure indices in these tables match values above */ - + @@ -55,6 +56,10 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { {SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */ {SSL_MAGMA, NID_magma_ctr_acpkm}, /* SSL_ENC_MAGMA_IDX */ @@ -316,7 +402,7 @@ index ddde21b..904cfa6 100644 + {SSL_BELTCHE, NID_belt_chet}, + {SSL_BASHPRGAE, NID_bash_prg_aet} }; - + #define SSL_COMP_NULL_IDX 0 @@ -80,9 +85,13 @@ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = { {SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */ @@ -332,7 +418,7 @@ index ddde21b..904cfa6 100644 + {SSL_BASH384, NID_bash384}, /* SSL_MD_BASH384_IDX 16 */ + {SSL_BASH512, NID_bash512} /* SSL_MD_BASH512_IDX 17 */ }; - + /* *INDENT-OFF* */ @@ -97,7 +106,11 @@ static const ssl_cipher_table ssl_cipher_table_kx[] = { {SSL_kSRP, NID_kx_srp}, @@ -345,7 +431,7 @@ index ddde21b..904cfa6 100644 + {SSL_kBDHEPSK, NID_kxbdhe_psk}, + {SSL_kBDHTPSK, NID_kxbdht_psk} }; - + static const ssl_cipher_table ssl_cipher_table_auth[] = { @@ -109,7 +122,7 @@ static const ssl_cipher_table ssl_cipher_table_auth[] = { {SSL_aGOST12, NID_auth_gost12}, @@ -355,7 +441,7 @@ index ddde21b..904cfa6 100644 + {SSL_aANY, NID_auth_any}, }; /* *INDENT-ON* */ - + @@ -141,7 +154,9 @@ static const int default_mac_pkey_id[SSL_MD_NUM_IDX] = { /* GOST2012_512 */ EVP_PKEY_HMAC, @@ -365,7 +451,7 @@ index ddde21b..904cfa6 100644 + /* BELTMAC BELTHASH */ + NID_bign_pubkey, NID_bign_pubkey, NID_undef, NID_undef }; - + #define CIPHER_ADD 1 @@ -196,6 +211,10 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_kSRP, NULL, 0, SSL_kSRP}, @@ -375,7 +461,7 @@ index ddde21b..904cfa6 100644 + {0, SSL_TXT_kBDHT, NULL, 0, SSL_kBDHT}, + {0, SSL_TXT_kBDHEPSK, NULL, 0, SSL_kBDHEPSK}, + {0, SSL_TXT_kBDHTPSK, NULL, 0, SSL_kBDHTPSK}, - + /* server authentication aliases */ {0, SSL_TXT_aRSA, NULL, 0, 0, SSL_aRSA}, @@ -209,6 +228,7 @@ static const SSL_CIPHER cipher_aliases[] = { @@ -383,7 +469,7 @@ index ddde21b..904cfa6 100644 {0, SSL_TXT_aGOST, NULL, 0, 0, SSL_aGOST01 | SSL_aGOST12}, {0, SSL_TXT_aSRP, NULL, 0, 0, SSL_aSRP}, + {0, SSL_TXT_aBIGN, NULL, 0, SSL_aBIGN}, - + /* aliases combining key exchange and server authentication */ {0, SSL_TXT_EDH, NULL, 0, SSL_kDHE, ~SSL_aNULL}, @@ -251,6 +271,10 @@ static const SSL_CIPHER cipher_aliases[] = { @@ -394,7 +480,7 @@ index ddde21b..904cfa6 100644 + {0, SSL_TXT_BELTCTR, NULL, 0, 0, 0, SSL_BELTCTR}, + {0, SSL_TXT_BELTCHE, NULL, 0, 0, 0, SSL_BELTCHE}, + {0, SSL_TXT_BASHPRGAE, NULL, 0, 0, 0, SSL_BASHPRGAE}, - + /* MAC aliases */ {0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5}, @@ -261,6 +285,7 @@ static const SSL_CIPHER cipher_aliases[] = { @@ -402,13 +488,13 @@ index ddde21b..904cfa6 100644 {0, SSL_TXT_SHA384, NULL, 0, 0, 0, 0, SSL_SHA384}, {0, SSL_TXT_GOST12, NULL, 0, 0, 0, 0, SSL_GOST12_256}, + {0, SSL_TXT_BELTMAC, NULL, 0, 0, 0, 0, SSL_BELTMAC}, - + /* protocol version aliases */ {0, SSL_TXT_SSLV3, NULL, 0, 0, 0, 0, 0, SSL3_VERSION}, @@ -442,6 +467,18 @@ int ssl_load_ciphers(SSL_CTX *ctx) if ((ctx->disabled_auth_mask & SSL_aGOST12) == SSL_aGOST12) ctx->disabled_mkey_mask |= SSL_kGOST18; - + + ctx->ssl_mac_pkey_id[SSL_MD_BELTMAC_IDX] = get_optional_pkey_id("belt-mac256"); + if (ctx->ssl_mac_pkey_id[SSL_MD_BELTMAC_IDX]) { + ctx->ssl_mac_secret_size[SSL_MD_BELTMAC_IDX] = 32; @@ -423,7 +509,7 @@ index ddde21b..904cfa6 100644 + return 1; } - + @@ -1756,6 +1793,18 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_kGOST18: kx = "GOST18"; @@ -491,16 +577,16 @@ index 70e567b..c71ce9c 100644 #include "sslerr.h" #include "internal/thread_once.h" +#include "btls.h" - + static int stopped; - + @@ -111,6 +112,8 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) == 0) opts |= OPENSSL_INIT_LOAD_CONFIG; #endif + if (!btls_init()) + return 0; - + if (!OPENSSL_init_crypto(opts, settings)) return 0; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c @@ -512,13 +598,13 @@ index 5ec6ac4..ae16116 100644 #include "internal/ktls.h" #include "quic/quic_local.h" +#include "btls.h" - + static int ssl_undefined_function_3(SSL_CONNECTION *sc, unsigned char *r, unsigned char *s, size_t t, size_t *u) @@ -4357,6 +4358,11 @@ void ssl_set_masks(SSL_CONNECTION *s) } #endif - + + if (ssl_has_cert(s, SSL_PKEY_BIGN)){ + mask_k |= SSL_kBDHE | SSL_kBDHT | SSL_kBDHTPSK; + mask_a |= SSL_aBIGN; @@ -526,11 +612,11 @@ index 5ec6ac4..ae16116 100644 + if (rsa_enc) mask_k |= SSL_kRSA; - + @@ -4424,6 +4430,11 @@ void ssl_set_masks(SSL_CONNECTION *s) - + mask_k |= SSL_kECDHE; - + +#ifndef OPENSSL_NO_BDHE_PSK + mask_k |= SSL_kBDHEPSK; +#endif @@ -548,16 +634,16 @@ index f448cfd..02be6fc 100644 # include "internal/ssl.h" # include "record/record.h" +# include "btls.h" - + # ifdef OPENSSL_BUILD_SHLIBSSL # undef OPENSSL_EXTERN @@ -99,7 +100,7 @@ - + /* all PSK */ - + -# define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK) +# define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK | SSL_kBDHEPSK | SSL_kBDHTPSK) - + /* Any appropriate key exchange algorithm (for TLS 1.3 ciphersuites) */ # define SSL_kANY 0x00000000U @@ -125,7 +126,7 @@ @@ -566,7 +652,7 @@ index f448cfd..02be6fc 100644 #define SSL_aCERT \ - (SSL_aRSA | SSL_aDSS | SSL_aECDSA | SSL_aGOST01 | SSL_aGOST12) + (SSL_aRSA | SSL_aDSS | SSL_aECDSA | SSL_aGOST01 | SSL_aGOST12 | SSL_aBIGN) - + /* Bits for algorithm_enc (symmetric encryption) */ # define SSL_DES 0x00000001U @@ -199,7 +200,7 @@ @@ -575,16 +661,16 @@ index f448cfd..02be6fc 100644 # define SSL_MD_KUZNYECHIKOMAC_IDX 13 -# define SSL_MAX_DIGEST 14 +# define SSL_MAX_DIGEST 18 - + #define SSL_MD_NUM_IDX SSL_MAX_DIGEST - + @@ -335,7 +336,7 @@ # define SSL_PKEY_GOST12_512 6 # define SSL_PKEY_ED25519 7 # define SSL_PKEY_ED448 8 -# define SSL_PKEY_NUM 9 +# define SSL_PKEY_NUM 10 - + # define SSL_ENC_DES_IDX 0 # define SSL_ENC_3DES_IDX 1 @@ -361,7 +362,7 @@ @@ -593,7 +679,7 @@ index f448cfd..02be6fc 100644 # define SSL_ENC_KUZNYECHIK_IDX 23 -# define SSL_ENC_NUM_IDX 24 +# define SSL_ENC_NUM_IDX 28 - + /*- * SSL_kRSA <- RSA_ENC diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c @@ -601,7 +687,7 @@ index 381a6c9..abbd4a7 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -129,7 +129,7 @@ static int use_ecc(SSL_CONNECTION *s, int min_version, int max_version) - + alg_k = c->algorithm_mkey; alg_a = c->algorithm_auth; - if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) @@ -635,10 +721,10 @@ index 7d8b140..089bd7c 100644 + | SSL_kSRP | SSL_kBDHE | SSL_kBDHEPSK | SSL_kBDHTPSK)) { return 1; } - + @@ -2422,7 +2422,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL_CONNECTION *s, PACKET *pkt) } - + /* Nothing else to do for plain PSK or RSAPSK */ - if (alg_k & (SSL_kPSK | SSL_kRSAPSK)) { + if (alg_k & (SSL_kPSK | SSL_kRSAPSK | SSL_kBDHTPSK)) { @@ -686,7 +772,7 @@ index 7d8b140..089bd7c 100644 + } return 1; } - + diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 5ff479a..e3c05b7 100644 --- a/ssl/statem/statem_srvr.c @@ -738,13 +824,13 @@ index 5ff479a..e3c05b7 100644 if ((s->srp_ctx.N == NULL) || @@ -2669,7 +2678,7 @@ CON_FUNC_RETURN tls_construct_server_key_exchange(SSL_CONNECTION *s, } - + #ifndef OPENSSL_NO_PSK - if (type & SSL_PSK) { + if ((type & SSL_PSK) && (s->s3.tmp.new_cipher->algorithm_mkey != SSL_kBDHEPSK)) { size_t len = (s->cert->psk_identity_hint == NULL) ? 0 : strlen(s->cert->psk_identity_hint); - + @@ -3427,6 +3436,16 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL_CONNECTION *s, /* SSLfatal() already called */ goto err; @@ -763,7 +849,7 @@ index 5ff479a..e3c05b7 100644 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNKNOWN_CIPHER_TYPE); goto err; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index e9aa078..1d2417f 100644 +index e9aa078..90ca2ec 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -26,6 +26,7 @@ @@ -771,7 +857,7 @@ index e9aa078..1d2417f 100644 #include "quic/quic_local.h" #include +#include "btls.h" - + static const SIGALG_LOOKUP *find_sig_alg(SSL_CONNECTION *s, X509 *x, EVP_PKEY *pkey); static int tls12_sigalg_allowed(const SSL_CONNECTION *s, int op, const SIGALG_LOOKUP *lu); @@ -188,7 +189,10 @@ static const struct { @@ -784,7 +870,7 @@ index e9aa078..1d2417f 100644 + {NID_bign_curve384v1, 0x0201}, /* BIGN_CURVE384V1_ID */ + {NID_bign_curve512v1, 0x0202}, /* BIGN_CURVE512V1_ID */ }; - + static const unsigned char ecformats_default[] = { @@ -216,6 +220,9 @@ static const uint16_t supported_groups_default[] = { OSSL_TLS_GROUP_ID_ffdhe4096, /* ffdhe4096 (0x102) */ @@ -794,9 +880,29 @@ index e9aa078..1d2417f 100644 + 0x0201, + 0x0202 }; - + static const uint16_t suiteb_curves[] = { -@@ -1372,6 +1379,9 @@ static const uint16_t tls12_sigalgs[] = { +@@ -362,6 +369,9 @@ static int add_provider_groups(const OSSL_PARAM params[], void *data) + ginf = NULL; + } + EVP_KEYMGMT_free(keymgmt); ++ } else { ++ ctx->group_list_len++; ++ ginf = NULL; + } + ERR_pop_to_mark(); + err: +@@ -878,7 +888,8 @@ int tls_valid_group(SSL_CONNECTION *s, uint16_t group_id, + ret &= !isec + || strcmp(ginfo->algorithm, "EC") == 0 + || strcmp(ginfo->algorithm, "X25519") == 0 +- || strcmp(ginfo->algorithm, "X448") == 0; ++ || strcmp(ginfo->algorithm, "X448") == 0 ++ || strcmp(ginfo->algorithm, "bign") == 0; + + return ret; + } +@@ -1372,6 +1383,9 @@ static const uint16_t tls12_sigalgs[] = { TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, TLSEXT_SIGALG_gostr34102001_gostr3411, #endif @@ -804,9 +910,9 @@ index e9aa078..1d2417f 100644 + TLSEXT_SIGALG_bign_sign_192, + TLSEXT_SIGALG_bign_sign_256 }; - - -@@ -1479,8 +1489,20 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = { + + +@@ -1479,8 +1493,20 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = { {NULL, TLSEXT_SIGALG_gostr34102001_gostr3411, NID_id_GostR3411_94, SSL_MD_GOST94_IDX, NID_id_GostR3410_2001, SSL_PKEY_GOST01, @@ -828,18 +934,18 @@ index e9aa078..1d2417f 100644 }; /* Legacy sigalgs for TLS < 1.2 RSA TLS signatures */ static const SIGALG_LOOKUP legacy_rsa_sigalg = { -@@ -3398,6 +3420,7 @@ void tls1_set_cert_validity(SSL_CONNECTION *s) +@@ -3398,6 +3424,7 @@ void tls1_set_cert_validity(SSL_CONNECTION *s) tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_512); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED25519); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED448); + tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_BIGN); } - + /* User level utility function to check a chain is suitable */ -@@ -3608,10 +3631,18 @@ static int check_cert_usable(SSL_CONNECTION *s, const SIGALG_LOOKUP *sig, +@@ -3608,10 +3635,18 @@ static int check_cert_usable(SSL_CONNECTION *s, const SIGALG_LOOKUP *sig, const char *mdname = NULL; SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); - + + int default_mdnid = NID_undef; + ERR_set_mark(); + if (EVP_PKEY_get_default_digest_nid(pkey, &default_mdnid) == 2 && @@ -874,7 +980,7 @@ index 29dce65..a034917 100644 + {0xFF1D, "BELT-CHE256-BELT-HASH"}, + {0xFF1E, "BASH-PRG_AE256-BASH256"}, }; - + /* Compression methods */ @@ -597,6 +607,9 @@ static const ssl_trace_tbl ssl_sigalg_tbl[] = { {TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256, "ecdsa_brainpoolP256r1_sha256"}, @@ -884,7 +990,7 @@ index 29dce65..a034917 100644 + {TLSEXT_SIGALG_bign_sign_192, "bign_auth192"}, + {TLSEXT_SIGALG_bign_sign_256, "bign_auth256"}, }; - + static const ssl_trace_tbl ssl_ctype_tbl[] = { diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 772a6fc..11199ca 100644 @@ -895,13 +1001,13 @@ index 772a6fc..11199ca 100644 size_t hashlen; int mode; + uint32_t algenc; - + /* Ensure cast to size_t is safe */ if (!ossl_assert(hashleni >= 0)) { @@ -363,33 +364,36 @@ static int derive_secret_key_and_iv(SSL_CONNECTION *s, const EVP_MD *md, - + *keylen = EVP_CIPHER_get_key_length(ciph); - + + *ivlen = EVP_CCM_TLS_IV_LEN; + if (s->s3.tmp.new_cipher != NULL) { + algenc = s->s3.tmp.new_cipher->algorithm_enc; @@ -940,7 +1046,7 @@ index 772a6fc..11199ca 100644 *taglen = EVP_CCM_TLS_TAG_LEN; } else { int iivlen; - + if (mode == EVP_CIPH_GCM_MODE) { *taglen = EVP_GCM_TLS_TAG_LEN; - } else { From 88f7bbabe66d4c14a732ce59a8ce88944a8272c9 Mon Sep 17 00:00:00 2001 From: Mikhail Mitskevich Date: Fri, 27 Mar 2026 15:31:00 +0300 Subject: [PATCH 2/7] Add ameth search by curves NIDs --- src/bign_ameth.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/bign_ameth.c b/src/bign_ameth.c index cc732b8..17294e5 100644 --- a/src/bign_ameth.c +++ b/src/bign_ameth.c @@ -785,6 +785,8 @@ static int evpBign_pkey_asn1_ctrl(EVP_PKEY* pkey, int op, long arg1, void* arg2) } case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: + if (evpBign_param_missing(pkey)) + return 0; key = (bign_key*)EVP_PKEY_get0(pkey); ASSERT(memIsValid(key, sizeof(bign_key))); if (arg1 != (int)key->params->l / 2) @@ -1093,7 +1095,10 @@ static int evpBign_ameth_enum(ENGINE* e, EVP_PKEY_ASN1_METHOD** ameth, return bign_ameth_count; } // обработать запрос - if (nid == NID_bign_pubkey) + if (nid == NID_bign_pubkey || + nid == NID_bign_curve256v1 || + nid == NID_bign_curve384v1 || + nid == NID_bign_curve512v1) *ameth = EVP_bign_ameth; else if (prev_enum && prev_enum != evpBign_ameth_enum) return prev_enum(e, ameth, nids, nid); @@ -1115,6 +1120,12 @@ int evpBign_ameth_bind(ENGINE* e) // зарегистрировать алгоритмы и получить nid'ы if (BIGN_AMETH_REG(bign_pubkey, tmp) == NID_undef) return 0; + if (BIGN_AMETH_REG(bign_curve256v1, tmp) == NID_undef) + return 0; + if (BIGN_AMETH_REG(bign_curve384v1, tmp) == NID_undef) + return 0; + if (BIGN_AMETH_REG(bign_curve512v1, tmp) == NID_undef) + return 0; // создать описатель методов ключа EVP_bign_ameth = EVP_PKEY_asn1_new(NID_bign_pubkey, 0, "bign", "OpenSSL bign method"); From b8419e94c739b2ad7ad2c81cedfe83e312bed1aa Mon Sep 17 00:00:00 2001 From: Mikhail Mitskevich Date: Fri, 27 Mar 2026 16:07:39 +0300 Subject: [PATCH 3/7] Add DHE+PSK for OpenSSL 1.1.1 patch --- btls/patch/OpenSSL_1_1_1i.patch | 75 ++++++++++++++++++++++++--------- 1 file changed, 56 insertions(+), 19 deletions(-) diff --git a/btls/patch/OpenSSL_1_1_1i.patch b/btls/patch/OpenSSL_1_1_1i.patch index 7162626..a35d88f 100644 --- a/btls/patch/OpenSSL_1_1_1i.patch +++ b/btls/patch/OpenSSL_1_1_1i.patch @@ -13,7 +13,7 @@ index 34c3fd86..eb68690e 100644 BIO_METHOD *apps_bf_prefix(void); diff --git a/apps/s_client.c b/apps/s_client.c -index 83b3fc9c..b801bafe 100644 +index 83b3fc9c..dd749ab2 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -177,6 +177,9 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, @@ -54,7 +54,7 @@ index 83b3fc9c..b801bafe 100644 case OPT_V_CASES: if (!opt_verify(o, vpm)) diff --git a/apps/s_server.c b/apps/s_server.c -index 0ba75999..f1d38c0c 100644 +index 0ba75999..47e1eae7 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -208,7 +208,7 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity, @@ -96,7 +96,7 @@ index bb2f1deb..e15d5cb0 100644 + statem/statem.c record/ssl3_record_tls13.c \ + btls.c diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c -index ab50e376..3aeebc28 100644 +index ab50e376..8a00edc7 100644 --- a/ssl/record/ssl3_record_tls13.c +++ b/ssl/record/ssl3_record_tls13.c @@ -10,6 +10,8 @@ @@ -121,17 +121,8 @@ index ab50e376..3aeebc28 100644 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, ERR_R_INTERNAL_ERROR); return -1; -@@ -171,7 +177,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) - * any AAD. - */ - if (((alg_enc & SSL_AESCCM) != 0 -- && EVP_CipherUpdate(ctx, NULL, &lenu, NULL, -+ && EVP_CipherUpdate(ctx, NULL, &lenu, NULL, - (unsigned int)rec->length) <= 0) - || EVP_CipherUpdate(ctx, NULL, &lenu, recheader, - sizeof(recheader)) <= 0 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index 4511b52c..c8aa86df 100644 +index 4511b52c..3194613c 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -17,6 +17,7 @@ @@ -329,6 +320,32 @@ index 4511b52c..c8aa86df 100644 if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) { #ifndef OPENSSL_NO_DH # ifndef OPENSSL_NO_RSA +@@ -4746,8 +4913,24 @@ EVP_PKEY *ssl_generate_param_group(uint16_t id) + + if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) { + pkey = EVP_PKEY_new(); +- if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid)) ++ if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid)) { ++ if (ginf->nid == NID_bign_curve256v1 || ++ ginf->nid == NID_bign_curve384v1 || ++ ginf->nid == NID_bign_curve512v1 ++ ) { ++ pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL); ++ if (pctx == NULL) ++ goto err; ++ if (EVP_PKEY_paramgen_init(pctx) <= 0) ++ goto err; ++ if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) { ++ EVP_PKEY_free(pkey); ++ pkey = NULL; ++ } ++ EVP_PKEY_CTX_free(pctx); ++ } + return pkey; ++ } + EVP_PKEY_free(pkey); + return NULL; + } diff --git a/ssl/ssl_cert_table.h b/ssl/ssl_cert_table.h index 0c47241c..76c52283 100644 --- a/ssl/ssl_cert_table.h @@ -805,7 +822,7 @@ index cf45a40c..89b1ec42 100644 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index 48d46f8a..71f861c0 100644 +index 48d46f8a..bf444c1d 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -20,6 +20,7 @@ @@ -826,7 +843,17 @@ index 48d46f8a..71f861c0 100644 }; static const unsigned char ecformats_default[] = { -@@ -674,6 +678,9 @@ static const uint16_t tls12_sigalgs[] = { +@@ -184,6 +188,9 @@ static const uint16_t eccurves_default[] = { + 30, /* X448 (30) */ + 25, /* secp521r1 (25) */ + 24, /* secp384r1 (24) */ ++ 31, /* bign-curve256v1 (31) */ ++ 32, /* bign-curve384v1 (32) */ ++ 33, /* bign-curve512v1 (33) */ + }; + + static const uint16_t suiteb_curves[] = { +@@ -674,6 +681,9 @@ static const uint16_t tls12_sigalgs[] = { TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, TLSEXT_SIGALG_gostr34102001_gostr3411, #endif @@ -836,7 +863,7 @@ index 48d46f8a..71f861c0 100644 }; #ifndef OPENSSL_NO_EC -@@ -769,8 +776,20 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = { +@@ -769,8 +779,20 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = { {NULL, TLSEXT_SIGALG_gostr34102001_gostr3411, NID_id_GostR3411_94, SSL_MD_GOST94_IDX, NID_id_GostR3410_2001, SSL_PKEY_GOST01, @@ -858,7 +885,7 @@ index 48d46f8a..71f861c0 100644 }; /* Legacy sigalgs for TLS < 1.2 RSA TLS signatures */ static const SIGALG_LOOKUP legacy_rsa_sigalg = { -@@ -2428,6 +2447,7 @@ void tls1_set_cert_validity(SSL *s) +@@ -2428,6 +2450,7 @@ void tls1_set_cert_validity(SSL *s) tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_512); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED25519); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED448); @@ -867,7 +894,7 @@ index 48d46f8a..71f861c0 100644 /* User level utility function to check a chain is suitable */ diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c -index e2c397b7..5f2bb5cc 100644 +index e2c397b7..bd1c519a 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -443,6 +443,16 @@ static const ssl_trace_tbl ssl_ciphers_tbl[] = { @@ -887,7 +914,17 @@ index e2c397b7..5f2bb5cc 100644 }; /* Compression methods */ -@@ -572,6 +582,9 @@ static const ssl_trace_tbl ssl_sigalg_tbl[] = { +@@ -522,6 +532,9 @@ static const ssl_trace_tbl ssl_groups_tbl[] = { + {28, "brainpoolP512r1"}, + {29, "ecdh_x25519"}, + {30, "ecdh_x448"}, ++ {31, "bign-curve256v1"}, ++ {32, "bign-curve384v1"}, ++ {33, "bign-curve512v1"}, + {256, "ffdhe2048"}, + {257, "ffdhe3072"}, + {258, "ffdhe4096"}, +@@ -572,6 +585,9 @@ static const ssl_trace_tbl ssl_sigalg_tbl[] = { {TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, "gost2012_256"}, {TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, "gost2012_512"}, {TLSEXT_SIGALG_gostr34102001_gostr3411, "gost2001_gost94"}, From 82761a2e582cdac02c87407213d3a981aee10733 Mon Sep 17 00:00:00 2001 From: Mikhail Mitskevich Date: Mon, 30 Mar 2026 08:48:44 +0300 Subject: [PATCH 4/7] Remove unused warnings --- btls/patch/openssl-3.3.1.patch | 2 +- test/src/bign_test.c | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/btls/patch/openssl-3.3.1.patch b/btls/patch/openssl-3.3.1.patch index ed5e1ae..487420a 100644 --- a/btls/patch/openssl-3.3.1.patch +++ b/btls/patch/openssl-3.3.1.patch @@ -888,7 +888,7 @@ index e9aa078..90ca2ec 100644 EVP_KEYMGMT_free(keymgmt); + } else { + ctx->group_list_len++; -+ ginf = NULL; ++ ginf = NULL; } ERR_pop_to_mark(); err: diff --git a/test/src/bign_test.c b/test/src/bign_test.c index 1f4740b..b85853a 100644 --- a/test/src/bign_test.c +++ b/test/src/bign_test.c @@ -330,8 +330,6 @@ bool_t checkPKCS8pem(EVP_PKEY* pkey) bool_t ret = FALSE; char* p; const EVP_CIPHER* cipher = NULL; - int pbe_nid = -1; - int iter = 10000; const char* p8pass = "password"; #if OPENSSL_VERSION_MAJOR >= 3 EVP_CIPHER* ciph = NULL; From 7313ef210db7f070aa741616743815b6c2d1343c Mon Sep 17 00:00:00 2001 From: Mikhail Mitskevich Date: Mon, 30 Mar 2026 14:53:41 +0300 Subject: [PATCH 5/7] Add DHE+PSK patch for OpenSSL 3 --- btls/patch/openssl-3.3.1.patch | 54 ++++++++++++++++++++++++++++++---- 1 file changed, 48 insertions(+), 6 deletions(-) diff --git a/btls/patch/openssl-3.3.1.patch b/btls/patch/openssl-3.3.1.patch index 487420a..2fa1dce 100644 --- a/btls/patch/openssl-3.3.1.patch +++ b/btls/patch/openssl-3.3.1.patch @@ -13,7 +13,7 @@ index a1b2cbb..ac8753e 100644 BIO *dup_bio_in(int format); diff --git a/apps/s_client.c b/apps/s_client.c -index 78a4475..7f2cda0 100644 +index 78a4475..665c806 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -198,6 +198,9 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, @@ -84,6 +84,48 @@ index 4a26c01..9212e00 100644 break; case OPT_V_CASES: if (!opt_verify(o, vpm)) +diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c +index 54e5890..55ee7dd 100644 +--- a/crypto/evp/ctrl_params_translate.c ++++ b/crypto/evp/ctrl_params_translate.c +@@ -2059,6 +2059,25 @@ static int fix_group_ecx(enum state state, + } + } + ++static int fix_bign_ecx(enum state state, ++ const struct translation_st *translation, ++ struct translation_ctx_st *ctx) ++{ ++ switch (state) { ++ case PRE_PARAMS_TO_CTRL: ++ if (!EVP_PKEY_CTX_IS_GEN_OP(ctx->pctx)) ++ return 0; ++ ctx->ctrl_cmd = EVP_PKEY_ALG_CTRL + 1; ++ ctx->p1 = OBJ_sn2nid(ctx->params->data); ++ return 1; ++ case POST_PARAMS_TO_CTRL: ++ ctx->p1 = 1; ++ return 1; ++ default: ++ return 0; ++ } ++} ++ + /*- + * The translation table itself + * ============================ +@@ -2437,6 +2456,11 @@ static const struct translation_st evp_pkey_ctx_translations[] = { + OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx }, + { SET, EVP_PKEY_X448, EVP_PKEY_X448, EVP_PKEY_OP_PARAMGEN, -1, NULL, NULL, + OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx }, ++ ++ { SET, NID_bign_pubkey, NID_bign_pubkey, EVP_PKEY_OP_PARAMGEN, -1, NULL, NULL, ++ OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_bign_ecx }, ++ { SET, NID_bign_pubkey, NID_bign_pubkey, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL, ++ OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_bign_ecx }, + }; + + static const struct translation_st evp_pkey_translations[] = { diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 4deee46..52233ae 100644 --- a/crypto/pem/pem_pkey.c @@ -125,7 +167,7 @@ index 7e3d1a7..f4fca39 100644 # if defined(SSL3_CT_NUMBER) # if TLS_CT_NUMBER != SSL3_CT_NUMBER diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c -index f723461..d763bb4 100644 +index f723461..71ce26b 100644 --- a/providers/common/capabilities.c +++ b/providers/common/capabilities.c @@ -95,6 +95,9 @@ static const TLS_GROUP_CONSTANTS group_list[] = { @@ -142,9 +184,9 @@ index f723461..d763bb4 100644 TLS_GROUP_ENTRY("ffdhe6144", "ffdhe6144", "DH", 36), TLS_GROUP_ENTRY("ffdhe8192", "ffdhe8192", "DH", 37), # endif -+ TLS_GROUP_ENTRY("bign-curve256v1", "bign-curve256v1", "bign", 38), -+ TLS_GROUP_ENTRY("bign-curve384v1", "bign-curve384v1", "bign", 39), -+ TLS_GROUP_ENTRY("bign-curve512v1", "bign-curve512v1", "bign", 40), ++ TLS_GROUP_ENTRY("bign-curve256v1", "bign-curve256v1", "bign-curve256v1", 38), ++ TLS_GROUP_ENTRY("bign-curve384v1", "bign-curve384v1", "bign-curve384v1", 39), ++ TLS_GROUP_ENTRY("bign-curve512v1", "bign-curve512v1", "bign-curve512v1", 40), }; #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ @@ -849,7 +891,7 @@ index 5ff479a..e3c05b7 100644 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNKNOWN_CIPHER_TYPE); goto err; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index e9aa078..90ca2ec 100644 +index e9aa078..d3db1e7 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -26,6 +26,7 @@ From 83dd69b7a9c24e2a71b41a839fa4c6993875b66f Mon Sep 17 00:00:00 2001 From: Mikhail Mitskevich Date: Tue, 31 Mar 2026 11:49:19 +0300 Subject: [PATCH 6/7] Add tests for psk/psk+dhe --- test/btls.py | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/test/btls.py b/test/btls.py index d038231..82d7d8d 100644 --- a/test/btls.py +++ b/test/btls.py @@ -47,6 +47,17 @@ def btls_server(tmpdir, suite, is_tls13, curve, cert, psk): global g_server g_server = openssl2(cmd) +def server_13_psk(tmpdir, suite, curve): + # prepare cmd + cmd = f"s_server -engine bee2evp -tls1_3 -ciphersuites {suite} " + cmd += f" -psk 123456 -nocert -allow_no_dhe_kex -curves {curve} -rev " + # prepare output + output = os.path.join(tmpdir, suite + curve + '.srv') + cmd = cmd + ' >{}'.format(output) + # start server + global g_server + g_server = openssl2(cmd) + def btls_client(tmpdir, suite, is_tls13, curve, cert, psk): assert cert or psk # prepare cmd @@ -70,6 +81,21 @@ def btls_client(tmpdir, suite, is_tls13, curve, cert, psk): echo2 = f.read() process_result('{}[{}]'.format(suite, curve), echo2[::-1]) +def client_13_psk(tmpdir, suite, curve): + # prepare cmd + cmd = f"s_client -engine bee2evp -tls1_3 -ciphersuites {suite}" + cmd += f" -psk 123456 -allow_no_dhe_kex -curves {curve}" + # prepare output + output = os.path.join(tmpdir, suite + curve + '.cli') + cmd = cmd + ' >{}'.format(output) + # run cmd + echo = 'test_{}={}'.format(curve, suite) + openssl(cmd, prefix='(echo ' + echo + '; sleep 1) |') + # test if server returns the reversed initial string + with open(output, 'r') as f: + echo2 = f.read() + process_result('{}[{}]'.format(suite, curve), echo2[::-1]) + def btls_test(): tmpdir = tempfile.mkdtemp() @@ -127,4 +153,24 @@ def btls_test(): # kill server os.killpg(os.getpgid(g_server.pid), signal.SIGTERM) + for suite in tls13_ciphersuites: + n = len(curves_shortlist) + for i, curve in enumerate(curves_shortlist): + for psk_dhe in range(2): + # prepare args + s_args = (tmpdir, suite, curve) + if psk_dhe: + c_args = s_args + else: #psk + c_args = (tmpdir, suite, curves_shortlist[(i+1) % n]) + # run server + server = threading.Thread(target=server_13_psk, args=s_args) + server.run() + # run client + time.sleep(1) + client = threading.Thread(target=client_13_psk, args=c_args) + client.run() + # kill server + os.killpg(os.getpgid(g_server.pid), signal.SIGTERM) + shutil.rmtree(tmpdir) From 759fb1099097e6b2f855874dc6a73c491f72b81f Mon Sep 17 00:00:00 2001 From: Mikhail Mitskevich Date: Wed, 1 Apr 2026 11:12:44 +0300 Subject: [PATCH 7/7] Fix memory cleaning bug in ameth --- src/bign_ameth.c | 64 ++++++++++++++++++++++++++++-------------------- test/btls.py | 2 +- 2 files changed, 39 insertions(+), 27 deletions(-) diff --git a/src/bign_ameth.c b/src/bign_ameth.c index 17294e5..98b5956 100644 --- a/src/bign_ameth.c +++ b/src/bign_ameth.c @@ -1037,11 +1037,11 @@ static int evpBign_get_privkey(const EVP_PKEY* pkey, octet* privkey, ******************************************************************************* */ -static EVP_PKEY_ASN1_METHOD* EVP_bign_ameth; +static EVP_PKEY_ASN1_METHOD* EVP_bign_ameth[] = {NULL, NULL, NULL, NULL}; const EVP_PKEY_ASN1_METHOD* evpBign_ameth() { - return EVP_bign_ameth; + return EVP_bign_ameth[0]; } /* @@ -1095,11 +1095,14 @@ static int evpBign_ameth_enum(ENGINE* e, EVP_PKEY_ASN1_METHOD** ameth, return bign_ameth_count; } // обработать запрос - if (nid == NID_bign_pubkey || - nid == NID_bign_curve256v1 || - nid == NID_bign_curve384v1 || - nid == NID_bign_curve512v1) - *ameth = EVP_bign_ameth; + if (nid == NID_bign_pubkey) + *ameth = EVP_bign_ameth[0]; + else if (nid == NID_bign_curve256v1) + *ameth = EVP_bign_ameth[1]; + else if (nid == NID_bign_curve384v1) + *ameth = EVP_bign_ameth[2]; + else if (nid == NID_bign_curve512v1) + *ameth = EVP_bign_ameth[3]; else if (prev_enum && prev_enum != evpBign_ameth_enum) return prev_enum(e, ameth, nids, nid); else @@ -1113,25 +1116,9 @@ static int evpBign_ameth_enum(ENGINE* e, EVP_PKEY_ASN1_METHOD** ameth, Связывание ******************************************************************************* */ - -int evpBign_ameth_bind(ENGINE* e) +void set_ameth_methods(EVP_PKEY_ASN1_METHOD* EVP_bign_ameth) { - int tmp; - // зарегистрировать алгоритмы и получить nid'ы - if (BIGN_AMETH_REG(bign_pubkey, tmp) == NID_undef) - return 0; - if (BIGN_AMETH_REG(bign_curve256v1, tmp) == NID_undef) - return 0; - if (BIGN_AMETH_REG(bign_curve384v1, tmp) == NID_undef) - return 0; - if (BIGN_AMETH_REG(bign_curve512v1, tmp) == NID_undef) - return 0; - // создать описатель методов ключа - EVP_bign_ameth = EVP_PKEY_asn1_new(NID_bign_pubkey, 0, "bign", - "OpenSSL bign method"); - if (!EVP_bign_ameth) - return 0; - // настроить описатель + // настроить описатель EVP_PKEY_asn1_set_param(EVP_bign_ameth, evpBign_param_decode, evpBign_param_encode, @@ -1162,11 +1149,36 @@ int evpBign_ameth_bind(ENGINE* e) EVP_PKEY_asn1_set_get_pub_key(EVP_bign_ameth, evpBign_get_pubkey); EVP_PKEY_asn1_set_set_priv_key(EVP_bign_ameth, evpBign_set_privkey); EVP_PKEY_asn1_set_get_priv_key(EVP_bign_ameth, evpBign_get_privkey); +} + +int evpBign_ameth_bind(ENGINE* e) +{ + int tmp; + // зарегистрировать алгоритмы и получить nid'ы + if (BIGN_AMETH_REG(bign_pubkey, tmp) == NID_undef) + return 0; + if (BIGN_AMETH_REG(bign_curve256v1, tmp) == NID_undef) + return 0; + if (BIGN_AMETH_REG(bign_curve384v1, tmp) == NID_undef) + return 0; + if (BIGN_AMETH_REG(bign_curve512v1, tmp) == NID_undef) + return 0; + // создать описатель методов ключа + for (int i = 0; i < 4; i++) { + EVP_bign_ameth[i] = EVP_PKEY_asn1_new(NID_bign_pubkey, 0, "bign", + "OpenSSL bign method"); + if (!EVP_bign_ameth[i]) + return 0; + set_ameth_methods(EVP_bign_ameth[i]); + } + // задать перечислитель prev_enum = ENGINE_get_pkey_asn1_meths(e); if (!ENGINE_set_pkey_asn1_meths(e, evpBign_ameth_enum)) { - EVP_PKEY_asn1_free(EVP_bign_ameth); + for (int i = 0; i < 4; i++) + if (EVP_bign_ameth[i]) + EVP_PKEY_asn1_free(EVP_bign_ameth[i]); return 0; } return 1; diff --git a/test/btls.py b/test/btls.py index 82d7d8d..26f1252 100644 --- a/test/btls.py +++ b/test/btls.py @@ -94,7 +94,7 @@ def client_13_psk(tmpdir, suite, curve): # test if server returns the reversed initial string with open(output, 'r') as f: echo2 = f.read() - process_result('{}[{}]'.format(suite, curve), echo2[::-1]) + process_result('{}[{}]PSK'.format(suite, curve), echo2[::-1]) def btls_test(): tmpdir = tempfile.mkdtemp()