1 files changed, 40 insertions, 7 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 21f1367442..f2d2cb040d 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.84 2014/10/31 15:25:55 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.85 2014/11/18 05:33:43 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1759,6 +1759,40 @@ SSL_CIPHER ssl3_ciphers[] = {
        },
 #endif
+        /* Cipher FF85 FIXME IANA */
+        {
+                .valid = 1,
+                .name = "GOST2012256-GOST89-GOST89",
+                .id = 0x300ff85, /* FIXME IANA */
+                .algorithm_mkey = SSL_kGOST,
+                .algorithm_auth = SSL_aGOST01,
+                .algorithm_enc = SSL_eGOST2814789CNT,
+                .algorithm_mac = SSL_GOST89MAC,
+                .algorithm_ssl = SSL_TLSV1,
+                .algo_strength = SSL_HIGH,
+                .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256|
+                    TLS1_STREAM_MAC,
+                .strength_bits = 256,
+                .alg_bits = 256
+        },
+        /* Cipher FF87 FIXME IANA */
+        {
+                .valid = 1,
+                .name = "GOST2012256-NULL-STREEBOG256",
+                .id = 0x300ff87, /* FIXME IANA */
+                .algorithm_mkey = SSL_kGOST,
+                .algorithm_auth = SSL_aGOST01,
+                .algorithm_enc = SSL_eNULL,
+                .algorithm_mac = SSL_STREEBOG256,
+                .algorithm_ssl = SSL_TLSV1,
+                .algo_strength = SSL_STRONG_NONE,
+                .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256,
+                .strength_bits = 0,
+                .alg_bits = 0
+        },
        /* end of list */
 };
@@ -2415,12 +2449,11 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 #ifndef OPENSSL_NO_GOST
-        if (s->version >= TLS1_VERSION) {
+        if ((alg_k & SSL_kGOST) && (s->version >= TLS1_VERSION)) {
-                if (alg_k & SSL_kGOST) {
+                p[ret++] = TLS_CT_GOST94_SIGN;
-                        p[ret++] = TLS_CT_GOST94_SIGN;
+                p[ret++] = TLS_CT_GOST01_SIGN;
-                        p[ret++] = TLS_CT_GOST01_SIGN;
+                p[ret++] = TLS_CT_GOST12_256_SIGN;
-                        return (ret);
+                p[ret++] = TLS_CT_GOST12_512_SIGN;
-                }
        }
 #endif

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 21f1367442..f2d2cb040d 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.84 2014/10/31 15:25:55 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.85 2014/11/18 05:33:43 miod Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1759,6 +1759,40 @@ SSL_CIPHER ssl3_ciphers[] = {
1759	},	1759	},
1760	#endif	1760	#endif
1761		1761
		1762	/* Cipher FF85 FIXME IANA */
		1763	{
		1764	.valid = 1,
		1765	.name = "GOST2012256-GOST89-GOST89",
		1766	.id = 0x300ff85, /* FIXME IANA */
		1767	.algorithm_mkey = SSL_kGOST,
		1768	.algorithm_auth = SSL_aGOST01,
		1769	.algorithm_enc = SSL_eGOST2814789CNT,
		1770	.algorithm_mac = SSL_GOST89MAC,
		1771	.algorithm_ssl = SSL_TLSV1,
		1772	.algo_strength = SSL_HIGH,
		1773	.algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256\|TLS1_PRF_STREEBOG256\|
		1774	TLS1_STREAM_MAC,
		1775	.strength_bits = 256,
		1776	.alg_bits = 256
		1777	},
		1778
		1779	/* Cipher FF87 FIXME IANA */
		1780	{
		1781	.valid = 1,
		1782	.name = "GOST2012256-NULL-STREEBOG256",
		1783	.id = 0x300ff87, /* FIXME IANA */
		1784	.algorithm_mkey = SSL_kGOST,
		1785	.algorithm_auth = SSL_aGOST01,
		1786	.algorithm_enc = SSL_eNULL,
		1787	.algorithm_mac = SSL_STREEBOG256,
		1788	.algorithm_ssl = SSL_TLSV1,
		1789	.algo_strength = SSL_STRONG_NONE,
		1790	.algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256\|TLS1_PRF_STREEBOG256,
		1791	.strength_bits = 0,
		1792	.alg_bits = 0
		1793	},
		1794
		1795
1762	/* end of list */	1796	/* end of list */
1763	};	1797	};
1764		1798
@@ -2415,12 +2449,11 @@ ssl3_get_req_cert_type(SSL s, unsigned char p)
2415	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;	2449	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2416		2450
2417	#ifndef OPENSSL_NO_GOST	2451	#ifndef OPENSSL_NO_GOST
2418	if (s->version >= TLS1_VERSION) {	2452	if ((alg_k & SSL_kGOST) && (s->version >= TLS1_VERSION)) {
2419	if (alg_k & SSL_kGOST) {	2453	p[ret++] = TLS_CT_GOST94_SIGN;
2420	p[ret++] = TLS_CT_GOST94_SIGN;	2454	p[ret++] = TLS_CT_GOST01_SIGN;
2421	p[ret++] = TLS_CT_GOST01_SIGN;	2455	p[ret++] = TLS_CT_GOST12_256_SIGN;
2422	return (ret);	2456	p[ret++] = TLS_CT_GOST12_512_SIGN;
2423	}
2424	}	2457	}
2425	#endif	2458	#endif
2426		2459