summaryrefslogtreecommitdiff
path: root/src/lib/libssl/t1_lib.c
diff options
context:
space:
mode:
authormiod <>2014-11-18 05:33:43 +0000
committermiod <>2014-11-18 05:33:43 +0000
commit0c986de0d047d74ccf3708c551b93f60ed6bfafb (patch)
tree1ff6097d67d8f3a7af1e40761e736566bcd71b7d /src/lib/libssl/t1_lib.c
parent9555aff2e872287755e956f3b44930bf7de0cdda (diff)
downloadopenbsd-0c986de0d047d74ccf3708c551b93f60ed6bfafb.tar.gz
openbsd-0c986de0d047d74ccf3708c551b93f60ed6bfafb.tar.bz2
openbsd-0c986de0d047d74ccf3708c551b93f60ed6bfafb.zip
Update the GOST code in libssl, as contributed by Dmitry Eremin-Solenikov.
This causes a libssl major version bump as this affects the layout of some internal-but-unfortunately-made-visible structs.
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/t1_lib.c39
1 files changed, 36 insertions, 3 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index b1b9ac4a87..d593fe6baf 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.66 2014/11/03 17:21:30 tedu Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.67 2014/11/18 05:33:43 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -587,6 +587,9 @@ static unsigned char tls12_sigalgs[] = {
587 TLSEXT_hash_sha512, TLSEXT_signature_rsa, 587 TLSEXT_hash_sha512, TLSEXT_signature_rsa,
588 TLSEXT_hash_sha512, TLSEXT_signature_dsa, 588 TLSEXT_hash_sha512, TLSEXT_signature_dsa,
589 TLSEXT_hash_sha512, TLSEXT_signature_ecdsa, 589 TLSEXT_hash_sha512, TLSEXT_signature_ecdsa,
590#ifndef OPENSSL_NO_GOST
591 TLSEXT_hash_streebog_512, TLSEXT_signature_gostr12_512,
592#endif
590 593
591 TLSEXT_hash_sha384, TLSEXT_signature_rsa, 594 TLSEXT_hash_sha384, TLSEXT_signature_rsa,
592 TLSEXT_hash_sha384, TLSEXT_signature_dsa, 595 TLSEXT_hash_sha384, TLSEXT_signature_dsa,
@@ -596,6 +599,11 @@ static unsigned char tls12_sigalgs[] = {
596 TLSEXT_hash_sha256, TLSEXT_signature_dsa, 599 TLSEXT_hash_sha256, TLSEXT_signature_dsa,
597 TLSEXT_hash_sha256, TLSEXT_signature_ecdsa, 600 TLSEXT_hash_sha256, TLSEXT_signature_ecdsa,
598 601
602#ifndef OPENSSL_NO_GOST
603 TLSEXT_hash_streebog_256, TLSEXT_signature_gostr12_256,
604 TLSEXT_hash_gost94, TLSEXT_signature_gostr01,
605#endif
606
599 TLSEXT_hash_sha224, TLSEXT_signature_rsa, 607 TLSEXT_hash_sha224, TLSEXT_signature_rsa,
600 TLSEXT_hash_sha224, TLSEXT_signature_dsa, 608 TLSEXT_hash_sha224, TLSEXT_signature_dsa,
601 TLSEXT_hash_sha224, TLSEXT_signature_ecdsa, 609 TLSEXT_hash_sha224, TLSEXT_signature_ecdsa,
@@ -2166,13 +2174,17 @@ static tls12_lookup tls12_md[] = {
2166 {NID_sha224, TLSEXT_hash_sha224}, 2174 {NID_sha224, TLSEXT_hash_sha224},
2167 {NID_sha256, TLSEXT_hash_sha256}, 2175 {NID_sha256, TLSEXT_hash_sha256},
2168 {NID_sha384, TLSEXT_hash_sha384}, 2176 {NID_sha384, TLSEXT_hash_sha384},
2169 {NID_sha512, TLSEXT_hash_sha512} 2177 {NID_sha512, TLSEXT_hash_sha512},
2178 {NID_id_GostR3411_94, TLSEXT_hash_gost94},
2179 {NID_id_tc26_gost3411_2012_256, TLSEXT_hash_streebog_256},
2180 {NID_id_tc26_gost3411_2012_512, TLSEXT_hash_streebog_512}
2170}; 2181};
2171 2182
2172static tls12_lookup tls12_sig[] = { 2183static tls12_lookup tls12_sig[] = {
2173 {EVP_PKEY_RSA, TLSEXT_signature_rsa}, 2184 {EVP_PKEY_RSA, TLSEXT_signature_rsa},
2174 {EVP_PKEY_DSA, TLSEXT_signature_dsa}, 2185 {EVP_PKEY_DSA, TLSEXT_signature_dsa},
2175 {EVP_PKEY_EC, TLSEXT_signature_ecdsa} 2186 {EVP_PKEY_EC, TLSEXT_signature_ecdsa},
2187 {EVP_PKEY_GOSTR01, TLSEXT_signature_gostr01},
2176}; 2188};
2177 2189
2178static int 2190static int
@@ -2225,6 +2237,14 @@ tls12_get_hash(unsigned char hash_alg)
2225 return EVP_sha384(); 2237 return EVP_sha384();
2226 case TLSEXT_hash_sha512: 2238 case TLSEXT_hash_sha512:
2227 return EVP_sha512(); 2239 return EVP_sha512();
2240#ifndef OPENSSL_NO_GOST
2241 case TLSEXT_hash_gost94:
2242 return EVP_gostr341194();
2243 case TLSEXT_hash_streebog_256:
2244 return EVP_streebog256();
2245 case TLSEXT_hash_streebog_512:
2246 return EVP_streebog512();
2247#endif
2228 default: 2248 default:
2229 return NULL; 2249 return NULL;
2230 } 2250 }
@@ -2251,6 +2271,8 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
2251 c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; 2271 c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
2252 c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; 2272 c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
2253 c->pkeys[SSL_PKEY_ECC].digest = NULL; 2273 c->pkeys[SSL_PKEY_ECC].digest = NULL;
2274 c->pkeys[SSL_PKEY_GOST94].digest = NULL;
2275 c->pkeys[SSL_PKEY_GOST01].digest = NULL;
2254 2276
2255 for (i = 0; i < dsize; i += 2) { 2277 for (i = 0; i < dsize; i += 2) {
2256 unsigned char hash_alg = data[i], sig_alg = data[i + 1]; 2278 unsigned char hash_alg = data[i], sig_alg = data[i + 1];
@@ -2265,6 +2287,11 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
2265 case TLSEXT_signature_ecdsa: 2287 case TLSEXT_signature_ecdsa:
2266 idx = SSL_PKEY_ECC; 2288 idx = SSL_PKEY_ECC;
2267 break; 2289 break;
2290 case TLSEXT_signature_gostr01:
2291 case TLSEXT_signature_gostr12_256:
2292 case TLSEXT_signature_gostr12_512:
2293 idx = SSL_PKEY_GOST01;
2294 break;
2268 default: 2295 default:
2269 continue; 2296 continue;
2270 } 2297 }
@@ -2291,5 +2318,11 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
2291 } 2318 }
2292 if (!c->pkeys[SSL_PKEY_ECC].digest) 2319 if (!c->pkeys[SSL_PKEY_ECC].digest)
2293 c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); 2320 c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
2321#ifndef OPENSSL_NO_GOST
2322 if (!c->pkeys[SSL_PKEY_GOST94].digest)
2323 c->pkeys[SSL_PKEY_GOST94].digest = EVP_gostr341194();
2324 if (!c->pkeys[SSL_PKEY_GOST01].digest)
2325 c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194();
2326#endif
2294 return 1; 2327 return 1;
2295} 2328}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 15:38:49 +0000