diff options
author | Matt Caswell <matt@openssl.org> | 2015-11-24 13:52:07 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-11-27 17:23:14 +0000 |
commit | 2a9b96548afc0d540ab873a31dc1a72c66cba434 (patch) | |
tree | 0ed8536813326785ad51ab62a4b6746efb9c39c9 /ssl/statem | |
parent | 9689a6aeed4ef7a2357cb95191b4313175440e4c (diff) |
Updates to GOST2012
Various updates following feedback from the recent commit of the new
GOST2012 code.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/statem_clnt.c | 18 | ||||
-rw-r--r-- | ssl/statem/statem_lib.c | 5 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 19 |
3 files changed, 23 insertions, 19 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index c6bc86f0fe..527101b126 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2715,6 +2715,7 @@ psk_err: EVP_PKEY_free(srvr_pub_pkey); } #endif /* !OPENSSL_NO_EC */ +#ifndef OPENSSL_NO_GOST else if (alg_k & SSL_kGOST) { /* GOST key exchange message creation */ EVP_PKEY_CTX *pkey_ctx; @@ -2836,6 +2837,7 @@ psk_err: EVP_PKEY_free(pub_key); } +#endif #ifndef OPENSSL_NO_SRP else if (alg_k & SSL_kSRP) { if (s->srp_ctx.A != NULL) { @@ -2964,7 +2966,7 @@ int tls_construct_client_verify(SSL *s) const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys]; EVP_MD_CTX mctx; unsigned u = 0; - unsigned long n; + unsigned long n = 0; long hdatalen = 0; void *hdata; @@ -2984,6 +2986,7 @@ int tls_construct_client_verify(SSL *s) goto err; } p += 2; + n = 2; } #ifdef SSL_DEBUG fprintf(stderr, "Using client alg %s\n", EVP_MD_name(md)); @@ -2998,21 +3001,16 @@ int tls_construct_client_verify(SSL *s) SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_EVP_LIB); goto err; } +#ifndef OPENSSL_NO_GOST if (pkey->type == NID_id_GostR3410_2001 || pkey->type == NID_id_GostR3410_2012_256 || pkey->type == NID_id_GostR3410_2012_512) { - unsigned int i, k; - for (i = u - 1, k = 0; k < u/2; k++, i--) { - char c = p[2 + k]; - p[2 + k] = p[2 + i]; - p[2 + i] = c; - } + BUF_reverse(p + 2, NULL, u); } +#endif s2n(u, p); - n = u + 2; - if (SSL_USE_SIGALGS(s)) - n += 2; + n += u + 2; /* Digest cached records and discard handshake buffer */ if (!ssl3_digest_cached_records(s, 0)) goto err; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 24bbded5eb..ab860f6146 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -623,13 +623,16 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey) ret = SSL_PKEY_ECC; } #endif +#ifndef OPENSSL_NO_GOST else if (i == NID_id_GostR3410_2001) { ret = SSL_PKEY_GOST01; } else if (i == NID_id_GostR3410_2012_256) { ret = SSL_PKEY_GOST12_256; } else if (i == NID_id_GostR3410_2012_512) { ret = SSL_PKEY_GOST12_512; - } else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) { + } +#endif + else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) { /* * For DH two cases: DH certificate signed with RSA and DH * certificate signed with DSA. diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index d1146218a6..dcfb44fdbf 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2761,6 +2761,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) } } else #endif /* OPENSSL_NO_SRP */ +#ifndef OPENSSL_NO_GOST if (alg_k & SSL_kGOST) { EVP_PKEY_CTX *pkey_ctx; EVP_PKEY *client_pub_pkey = NULL, *pk = NULL; @@ -2854,7 +2855,9 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) EVP_PKEY_free(client_pub_pkey); EVP_PKEY_CTX_free(pkey_ctx); goto f_err; - } else { + } else +#endif + { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_UNKNOWN_CIPHER_TYPE); goto f_err; @@ -2988,9 +2991,12 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) * If key is GOST and n is exactly 64, it is bare signature without * length field (CryptoPro implementations at least till CSP 4.0) */ +#ifndef OPENSSL_NO_GOST if (PACKET_remaining(pkt) == 64 && pkey->type == NID_id_GostR3410_2001) { len = 64; - } else { + } else +#endif + { if (SSL_USE_SIGALGS(s)) { int rv; @@ -3049,16 +3055,13 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) goto f_err; } +#ifndef OPENSSL_NO_GOST if (pkey->type == NID_id_GostR3410_2001 || pkey->type == NID_id_GostR3410_2012_256 || pkey->type == NID_id_GostR3410_2012_512) { - unsigned int j1, j2; - for (j1 = len - 1, j2 = 0; j2 < len/2; j2++, j1--) { - char c = data[j2]; - data[j2] = data[j1]; - data[j1] = c; - } + BUF_reverse(data, NULL, len); } +#endif if (s->version == SSL3_VERSION && !EVP_MD_CTX_ctrl(&mctx, EVP_CTRL_SSL3_MASTER_SECRET, |