},
/* GOST Ciphersuites */
-
+#ifndef OPENSL_NO_GOST
{
1,
"GOST2001-GOST89-GOST89",
0,
0
},
-
+#endif
#ifndef OPENSSL_NO_CAMELLIA
/* Camellia ciphersuites from RFC4132 (256-bit portion) */
256,
256,
},
-
+#ifndef OPENSSL_NO_GOST
{
1,
"GOST2012-GOST8912-GOST8912",
SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256,
0,
0},
-
+#endif
/* end of list */
};
rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
#endif
+#ifndef OPENSSL_NO_GOST
cpk = &(c->pkeys[SSL_PKEY_GOST12_512]);
if (cpk->x509 != NULL && cpk->privatekey != NULL) {
mask_k |= SSL_kGOST;
mask_k |= SSL_kGOST;
mask_a |= SSL_aGOST01;
}
+#endif
if (rsa_enc || (rsa_tmp && rsa_sign))
mask_k |= SSL_kRSA;
EVP_PKEY_free(srvr_pub_pkey);
}
#endif /* !OPENSSL_NO_EC */
+#ifndef OPENSSL_NO_GOST
else if (alg_k & SSL_kGOST) {
/* GOST key exchange message creation */
EVP_PKEY_CTX *pkey_ctx;
EVP_PKEY_free(pub_key);
}
+#endif
#ifndef OPENSSL_NO_SRP
else if (alg_k & SSL_kSRP) {
if (s->srp_ctx.A != NULL) {
const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys];
EVP_MD_CTX mctx;
unsigned u = 0;
- unsigned long n;
+ unsigned long n = 0;
long hdatalen = 0;
void *hdata;
goto err;
}
p += 2;
+ n = 2;
}
#ifdef SSL_DEBUG
fprintf(stderr, "Using client alg %s\n", EVP_MD_name(md));
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_EVP_LIB);
goto err;
}
+#ifndef OPENSSL_NO_GOST
if (pkey->type == NID_id_GostR3410_2001
|| pkey->type == NID_id_GostR3410_2012_256
|| pkey->type == NID_id_GostR3410_2012_512) {
- unsigned int i, k;
- for (i = u - 1, k = 0; k < u/2; k++, i--) {
- char c = p[2 + k];
- p[2 + k] = p[2 + i];
- p[2 + i] = c;
- }
+ BUF_reverse(p + 2, NULL, u);
}
+#endif
s2n(u, p);
- n = u + 2;
- if (SSL_USE_SIGALGS(s))
- n += 2;
+ n += u + 2;
/* Digest cached records and discard handshake buffer */
if (!ssl3_digest_cached_records(s, 0))
goto err;
ret = SSL_PKEY_ECC;
}
#endif
+#ifndef OPENSSL_NO_GOST
else if (i == NID_id_GostR3410_2001) {
ret = SSL_PKEY_GOST01;
} else if (i == NID_id_GostR3410_2012_256) {
ret = SSL_PKEY_GOST12_256;
} else if (i == NID_id_GostR3410_2012_512) {
ret = SSL_PKEY_GOST12_512;
- } else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {
+ }
+#endif
+ else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {
/*
* For DH two cases: DH certificate signed with RSA and DH
* certificate signed with DSA.
}
} else
#endif /* OPENSSL_NO_SRP */
+#ifndef OPENSSL_NO_GOST
if (alg_k & SSL_kGOST) {
EVP_PKEY_CTX *pkey_ctx;
EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
EVP_PKEY_free(client_pub_pkey);
EVP_PKEY_CTX_free(pkey_ctx);
goto f_err;
- } else {
+ } else
+#endif
+ {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_UNKNOWN_CIPHER_TYPE);
goto f_err;
* If key is GOST and n is exactly 64, it is bare signature without
* length field (CryptoPro implementations at least till CSP 4.0)
*/
+#ifndef OPENSSL_NO_GOST
if (PACKET_remaining(pkt) == 64 && pkey->type == NID_id_GostR3410_2001) {
len = 64;
- } else {
+ } else
+#endif
+ {
if (SSL_USE_SIGALGS(s)) {
int rv;
goto f_err;
}
+#ifndef OPENSSL_NO_GOST
if (pkey->type == NID_id_GostR3410_2001
|| pkey->type == NID_id_GostR3410_2012_256
|| pkey->type == NID_id_GostR3410_2012_512) {
- unsigned int j1, j2;
- for (j1 = len - 1, j2 = 0; j2 < len/2; j2++, j1--) {
- char c = data[j2];
- data[j2] = data[j1];
- data[j1] = c;
- }
+ BUF_reverse(data, NULL, len);
}
+#endif
if (s->version == SSL3_VERSION
&& !EVP_MD_CTX_ctrl(&mctx, EVP_CTRL_SSL3_MASTER_SECRET,
};
static ssl_trace_tbl ssl_md_tbl[] = {
- {0, "none"},
- {1, "md5"},
- {2, "sha1"},
- {3, "sha224"},
- {4, "sha256"},
- {5, "sha384"},
- {6, "sha512"},
- {237, "md_gost94"},
- {238, "md_gost2012_256"},
- {239, "md_gost2012_512"},
+ {TLSEXT_hash_none, "none"},
+ {TLSEXT_hash_md5, "md5"},
+ {TLSEXT_hash_sha1, "sha1"},
+ {TLSEXT_hash_sha224, "sha224"},
+ {TLSEXT_hash_sha256, "sha256"},
+ {TLSEXT_hash_sha384, "sha384"},
+ {TLSEXT_hash_sha512, "sha512"},
+ {TLSEXT_hash_gostr3411, "md_gost94"},
+ {TLSEXT_hash_gostr34112012_256, "md_gost2012_256"},
+ {TLSEXT_hash_gostr34112012_512, "md_gost2012_512"}
};
static ssl_trace_tbl ssl_sig_tbl[] = {
- {0, "anonymous"},
- {1, "rsa"},
- {2, "dsa"},
- {3, "ecdsa"},
- {237, "gost2001"},
- {238, "gost2012_256"},
- {239, "gost2012_512"},
+ {TLSEXT_signature_anonymous, "anonymous"},
+ {TLSEXT_signature_rsa, "rsa"},
+ {TLSEXT_signature_dsa, "dsa"},
+ {TLSEXT_signature_ecdsa, "ecdsa"},
+ {TLSEXT_signature_gostr34102001, "gost2001"},
+ {TLSEXT_signature_gostr34102012_256, "gost2012_256"},
+ {TLSEXT_signature_gostr34102012_512, "gost2012_512"}
};
static ssl_trace_tbl ssl_hb_tbl[] = {