diff options
Diffstat (limited to 'src/lib/libssl/t1_lib.c')
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 39 |
1 files changed, 36 insertions, 3 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index b1b9ac4a87..d593fe6baf 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.66 2014/11/03 17:21:30 tedu Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.67 2014/11/18 05:33:43 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -587,6 +587,9 @@ static unsigned char tls12_sigalgs[] = { | |||
| 587 | TLSEXT_hash_sha512, TLSEXT_signature_rsa, | 587 | TLSEXT_hash_sha512, TLSEXT_signature_rsa, |
| 588 | TLSEXT_hash_sha512, TLSEXT_signature_dsa, | 588 | TLSEXT_hash_sha512, TLSEXT_signature_dsa, |
| 589 | TLSEXT_hash_sha512, TLSEXT_signature_ecdsa, | 589 | TLSEXT_hash_sha512, TLSEXT_signature_ecdsa, |
| 590 | #ifndef OPENSSL_NO_GOST | ||
| 591 | TLSEXT_hash_streebog_512, TLSEXT_signature_gostr12_512, | ||
| 592 | #endif | ||
| 590 | 593 | ||
| 591 | TLSEXT_hash_sha384, TLSEXT_signature_rsa, | 594 | TLSEXT_hash_sha384, TLSEXT_signature_rsa, |
| 592 | TLSEXT_hash_sha384, TLSEXT_signature_dsa, | 595 | TLSEXT_hash_sha384, TLSEXT_signature_dsa, |
| @@ -596,6 +599,11 @@ static unsigned char tls12_sigalgs[] = { | |||
| 596 | TLSEXT_hash_sha256, TLSEXT_signature_dsa, | 599 | TLSEXT_hash_sha256, TLSEXT_signature_dsa, |
| 597 | TLSEXT_hash_sha256, TLSEXT_signature_ecdsa, | 600 | TLSEXT_hash_sha256, TLSEXT_signature_ecdsa, |
| 598 | 601 | ||
| 602 | #ifndef OPENSSL_NO_GOST | ||
| 603 | TLSEXT_hash_streebog_256, TLSEXT_signature_gostr12_256, | ||
| 604 | TLSEXT_hash_gost94, TLSEXT_signature_gostr01, | ||
| 605 | #endif | ||
| 606 | |||
| 599 | TLSEXT_hash_sha224, TLSEXT_signature_rsa, | 607 | TLSEXT_hash_sha224, TLSEXT_signature_rsa, |
| 600 | TLSEXT_hash_sha224, TLSEXT_signature_dsa, | 608 | TLSEXT_hash_sha224, TLSEXT_signature_dsa, |
| 601 | TLSEXT_hash_sha224, TLSEXT_signature_ecdsa, | 609 | TLSEXT_hash_sha224, TLSEXT_signature_ecdsa, |
| @@ -2166,13 +2174,17 @@ static tls12_lookup tls12_md[] = { | |||
| 2166 | {NID_sha224, TLSEXT_hash_sha224}, | 2174 | {NID_sha224, TLSEXT_hash_sha224}, |
| 2167 | {NID_sha256, TLSEXT_hash_sha256}, | 2175 | {NID_sha256, TLSEXT_hash_sha256}, |
| 2168 | {NID_sha384, TLSEXT_hash_sha384}, | 2176 | {NID_sha384, TLSEXT_hash_sha384}, |
| 2169 | {NID_sha512, TLSEXT_hash_sha512} | 2177 | {NID_sha512, TLSEXT_hash_sha512}, |
| 2178 | {NID_id_GostR3411_94, TLSEXT_hash_gost94}, | ||
| 2179 | {NID_id_tc26_gost3411_2012_256, TLSEXT_hash_streebog_256}, | ||
| 2180 | {NID_id_tc26_gost3411_2012_512, TLSEXT_hash_streebog_512} | ||
| 2170 | }; | 2181 | }; |
| 2171 | 2182 | ||
| 2172 | static tls12_lookup tls12_sig[] = { | 2183 | static tls12_lookup tls12_sig[] = { |
| 2173 | {EVP_PKEY_RSA, TLSEXT_signature_rsa}, | 2184 | {EVP_PKEY_RSA, TLSEXT_signature_rsa}, |
| 2174 | {EVP_PKEY_DSA, TLSEXT_signature_dsa}, | 2185 | {EVP_PKEY_DSA, TLSEXT_signature_dsa}, |
| 2175 | {EVP_PKEY_EC, TLSEXT_signature_ecdsa} | 2186 | {EVP_PKEY_EC, TLSEXT_signature_ecdsa}, |
| 2187 | {EVP_PKEY_GOSTR01, TLSEXT_signature_gostr01}, | ||
| 2176 | }; | 2188 | }; |
| 2177 | 2189 | ||
| 2178 | static int | 2190 | static int |
| @@ -2225,6 +2237,14 @@ tls12_get_hash(unsigned char hash_alg) | |||
| 2225 | return EVP_sha384(); | 2237 | return EVP_sha384(); |
| 2226 | case TLSEXT_hash_sha512: | 2238 | case TLSEXT_hash_sha512: |
| 2227 | return EVP_sha512(); | 2239 | return EVP_sha512(); |
| 2240 | #ifndef OPENSSL_NO_GOST | ||
| 2241 | case TLSEXT_hash_gost94: | ||
| 2242 | return EVP_gostr341194(); | ||
| 2243 | case TLSEXT_hash_streebog_256: | ||
| 2244 | return EVP_streebog256(); | ||
| 2245 | case TLSEXT_hash_streebog_512: | ||
| 2246 | return EVP_streebog512(); | ||
| 2247 | #endif | ||
| 2228 | default: | 2248 | default: |
| 2229 | return NULL; | 2249 | return NULL; |
| 2230 | } | 2250 | } |
| @@ -2251,6 +2271,8 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) | |||
| 2251 | c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; | 2271 | c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; |
| 2252 | c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; | 2272 | c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; |
| 2253 | c->pkeys[SSL_PKEY_ECC].digest = NULL; | 2273 | c->pkeys[SSL_PKEY_ECC].digest = NULL; |
| 2274 | c->pkeys[SSL_PKEY_GOST94].digest = NULL; | ||
| 2275 | c->pkeys[SSL_PKEY_GOST01].digest = NULL; | ||
| 2254 | 2276 | ||
| 2255 | for (i = 0; i < dsize; i += 2) { | 2277 | for (i = 0; i < dsize; i += 2) { |
| 2256 | unsigned char hash_alg = data[i], sig_alg = data[i + 1]; | 2278 | unsigned char hash_alg = data[i], sig_alg = data[i + 1]; |
| @@ -2265,6 +2287,11 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) | |||
| 2265 | case TLSEXT_signature_ecdsa: | 2287 | case TLSEXT_signature_ecdsa: |
| 2266 | idx = SSL_PKEY_ECC; | 2288 | idx = SSL_PKEY_ECC; |
| 2267 | break; | 2289 | break; |
| 2290 | case TLSEXT_signature_gostr01: | ||
| 2291 | case TLSEXT_signature_gostr12_256: | ||
| 2292 | case TLSEXT_signature_gostr12_512: | ||
| 2293 | idx = SSL_PKEY_GOST01; | ||
| 2294 | break; | ||
| 2268 | default: | 2295 | default: |
| 2269 | continue; | 2296 | continue; |
| 2270 | } | 2297 | } |
| @@ -2291,5 +2318,11 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) | |||
| 2291 | } | 2318 | } |
| 2292 | if (!c->pkeys[SSL_PKEY_ECC].digest) | 2319 | if (!c->pkeys[SSL_PKEY_ECC].digest) |
| 2293 | c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); | 2320 | c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); |
| 2321 | #ifndef OPENSSL_NO_GOST | ||
| 2322 | if (!c->pkeys[SSL_PKEY_GOST94].digest) | ||
| 2323 | c->pkeys[SSL_PKEY_GOST94].digest = EVP_gostr341194(); | ||
| 2324 | if (!c->pkeys[SSL_PKEY_GOST01].digest) | ||
| 2325 | c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194(); | ||
| 2326 | #endif | ||
| 2294 | return 1; | 2327 | return 1; |
| 2295 | } | 2328 | } |