Commit 2a9b9654 authored by Matt Caswell's avatar Matt Caswell
Browse files

Updates to GOST2012 



Various updates following feedback from the recent commit of the new
GOST2012 code.

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
parent 9689a6ae

ssl/s3_lib.c

+4 −4
Original line number Diff line number Diff line
@@ -1144,7 +1144,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 
     },



    /* GOST Ciphersuites */



#ifndef OPENSL_NO_GOST

    {

     1,

     "GOST2001-GOST89-GOST89",
@@ -1173,7 +1173,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 
     0,

     0

    },



#endif

#ifndef OPENSSL_NO_CAMELLIA

    /* Camellia ciphersuites from RFC4132 (256-bit portion) */
@@ -3769,7 +3769,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 
     256,

     256,

     },



#ifndef OPENSSL_NO_GOST

    {

     1,

     "GOST2012-GOST8912-GOST8912",
@@ -3796,7 +3796,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256,

     0,

     0},



#endif



/* end of list */

};

ssl/ssl_lib.c

+2 −0
Original line number Diff line number Diff line
@@ -2068,6 +2068,7 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) 
            rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);

#endif



#ifndef OPENSSL_NO_GOST

    cpk = &(c->pkeys[SSL_PKEY_GOST12_512]);

    if (cpk->x509 != NULL && cpk->privatekey != NULL) {

        mask_k |= SSL_kGOST;
@@ -2083,6 +2084,7 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) 
        mask_k |= SSL_kGOST;

        mask_a |= SSL_aGOST01;

    }

#endif



    if (rsa_enc || (rsa_tmp && rsa_sign))

        mask_k |= SSL_kRSA;

ssl/statem/statem_clnt.c

+8 −10
Original line number Diff line number Diff line
@@ -2715,6 +2715,7 @@ psk_err: 
        EVP_PKEY_free(srvr_pub_pkey);

    }

#endif                          /* !OPENSSL_NO_EC */

#ifndef OPENSSL_NO_GOST

    else if (alg_k & SSL_kGOST) {

        /* GOST key exchange message creation */

        EVP_PKEY_CTX *pkey_ctx;
@@ -2836,6 +2837,7 @@ psk_err: 
        EVP_PKEY_free(pub_key);



    }

#endif

#ifndef OPENSSL_NO_SRP

    else if (alg_k & SSL_kSRP) {

        if (s->srp_ctx.A != NULL) {
@@ -2964,7 +2966,7 @@ int tls_construct_client_verify(SSL *s) 
    const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys];

    EVP_MD_CTX mctx;

    unsigned u = 0;

    unsigned long n;

    unsigned long n = 0;

    long hdatalen = 0;

    void *hdata;
@@ -2984,6 +2986,7 @@ int tls_construct_client_verify(SSL *s) 
            goto err;

        }

        p += 2;

        n = 2;

    }

#ifdef SSL_DEBUG

    fprintf(stderr, "Using client alg %s\n", EVP_MD_name(md));
@@ -2998,21 +3001,16 @@ int tls_construct_client_verify(SSL *s) 
        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_EVP_LIB);

        goto err;

    }

#ifndef OPENSSL_NO_GOST

    if (pkey->type == NID_id_GostR3410_2001

            || pkey->type == NID_id_GostR3410_2012_256

            || pkey->type == NID_id_GostR3410_2012_512) {

        unsigned int i, k;

        for (i = u - 1, k = 0; k < u/2; k++, i--) {

            char c = p[2 + k];

            p[2 + k] = p[2 + i];

            p[2 + i] = c;

        }

        BUF_reverse(p + 2, NULL, u);

    }

#endif



    s2n(u, p);

    n = u + 2;

    if (SSL_USE_SIGALGS(s))

        n += 2;

    n += u + 2;

    /* Digest cached records and discard handshake buffer */

    if (!ssl3_digest_cached_records(s, 0))

        goto err;

ssl/statem/statem_lib.c

+4 −1
Original line number Diff line number Diff line
@@ -623,13 +623,16 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey) 
        ret = SSL_PKEY_ECC;

    }

#endif

#ifndef OPENSSL_NO_GOST

    else if (i == NID_id_GostR3410_2001) {

        ret = SSL_PKEY_GOST01;

    } else if (i == NID_id_GostR3410_2012_256) {

        ret = SSL_PKEY_GOST12_256;

    } else if (i == NID_id_GostR3410_2012_512) {

        ret = SSL_PKEY_GOST12_512;

    } else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {

    }

#endif

    else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {

        /*

         * For DH two cases: DH certificate signed with RSA and DH

         * certificate signed with DSA.

ssl/statem/statem_srvr.c

+11 −8
Original line number Diff line number Diff line
@@ -2761,6 +2761,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) 
        }

    } else

#endif                          /* OPENSSL_NO_SRP */

#ifndef OPENSSL_NO_GOST

    if (alg_k & SSL_kGOST) {

        EVP_PKEY_CTX *pkey_ctx;

        EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
@@ -2854,7 +2855,9 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) 
        EVP_PKEY_free(client_pub_pkey);

        EVP_PKEY_CTX_free(pkey_ctx);

        goto f_err;

    } else {

    } else

#endif

    {

        al = SSL_AD_HANDSHAKE_FAILURE;

        SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_UNKNOWN_CIPHER_TYPE);

        goto f_err;
@@ -2988,9 +2991,12 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) 
     * If key is GOST and n is exactly 64, it is bare signature without

     * length field (CryptoPro implementations at least till CSP 4.0)

     */

#ifndef OPENSSL_NO_GOST

    if (PACKET_remaining(pkt) == 64 && pkey->type == NID_id_GostR3410_2001) {

        len = 64;

    } else {

    } else

#endif

    {

        if (SSL_USE_SIGALGS(s)) {

            int rv;
@@ -3049,16 +3055,13 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) 
        goto f_err;

    }



#ifndef OPENSSL_NO_GOST

    if (pkey->type == NID_id_GostR3410_2001

            || pkey->type == NID_id_GostR3410_2012_256

            || pkey->type == NID_id_GostR3410_2012_512) {

        unsigned int j1, j2;

        for (j1 = len - 1, j2 = 0; j2 < len/2; j2++, j1--) {

            char c = data[j2];

            data[j2] = data[j1];

            data[j1] = c;

        }

        BUF_reverse(data, NULL, len);

    }

#endif



    if (s->version == SSL3_VERSION

        && !EVP_MD_CTX_ctrl(&mctx, EVP_CTRL_SSL3_MASTER_SECRET,