projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Updates to GOST2012
[openssl.git]
/
ssl
/
statem
/
statem_lib.c
diff --git
a/ssl/statem/statem_lib.c
b/ssl/statem/statem_lib.c
index 75d151e5e0b8d566e2a565a0dbeed30957f9f763..ab860f6146e731f53d569bdfb2101313f4aec445 100644
(file)
--- a/
ssl/statem/statem_lib.c
+++ b/
ssl/statem/statem_lib.c
@@
-118,6
+118,7
@@
#include <string.h>
#include <stdio.h>
#include "../ssl_locl.h"
#include <string.h>
#include <stdio.h>
#include "../ssl_locl.h"
+#include "statem_locl.h"
#include <openssl/buffer.h>
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/buffer.h>
#include <openssl/rand.h>
#include <openssl/objects.h>
@@
-224,7
+225,7
@@
static void ssl3_take_mac(SSL *s)
}
#endif
}
#endif
-
enum
MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
+MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
{
int al;
long remain;
{
int al;
long remain;
@@
-287,11
+288,11
@@
enum MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
return MSG_PROCESS_CONTINUE_READING;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return MSG_PROCESS_CONTINUE_READING;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
- statem_set_error(s);
+
ossl_
statem_set_error(s);
return MSG_PROCESS_ERROR;
}
return MSG_PROCESS_ERROR;
}
-
enum
MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
+MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
{
int al, i;
{
int al, i;
@@
-305,7
+306,7
@@
enum MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
i = s->s3->tmp.peer_finish_md_len;
i = s->s3->tmp.peer_finish_md_len;
- if (
i < 0 ||
(unsigned long)i != PACKET_remaining(pkt)) {
+ if ((unsigned long)i != PACKET_remaining(pkt)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
goto f_err;
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
goto f_err;
@@
-330,10
+331,10
@@
enum MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
s->s3->previous_server_finished_len = i;
}
s->s3->previous_server_finished_len = i;
}
- return MSG_PROCESS_
CONTINUE_PROCESS
ING;
+ return MSG_PROCESS_
FINISHED_READ
ING;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
- statem_set_error(s);
+
ossl_
statem_set_error(s);
return MSG_PROCESS_ERROR;
}
return MSG_PROCESS_ERROR;
}
@@
-369,13
+370,13
@@
unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk)
return l + SSL_HM_HEADER_LENGTH(s);
}
return l + SSL_HM_HEADER_LENGTH(s);
}
-
enum WORK_STATE tls_finish_handshake(SSL *s, enum
WORK_STATE wst)
+
WORK_STATE tls_finish_handshake(SSL *s,
WORK_STATE wst)
{
void (*cb) (const SSL *ssl, int type, int val) = NULL;
#ifndef OPENSSL_NO_SCTP
if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
{
void (*cb) (const SSL *ssl, int type, int val) = NULL;
#ifndef OPENSSL_NO_SCTP
if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-
enum
WORK_STATE ret;
+ WORK_STATE ret;
ret = dtls_wait_for_dry(s);
if (ret != WORK_FINISHED_CONTINUE)
return ret;
ret = dtls_wait_for_dry(s);
if (ret != WORK_FINISHED_CONTINUE)
return ret;
@@
-404,19
+405,16
@@
enum WORK_STATE tls_finish_handshake(SSL *s, enum WORK_STATE wst)
s->new_session = 0;
if (s->server) {
s->new_session = 0;
if (s->server) {
- s->renegotiate = 0;
- s->new_session = 0;
-
ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
s->ctx->stats.sess_accept_good++;
ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
s->ctx->stats.sess_accept_good++;
- s->handshake_func = statem_accept;
+ s->handshake_func =
ossl_
statem_accept;
} else {
ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
if (s->hit)
s->ctx->stats.sess_hit++;
} else {
ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
if (s->hit)
s->ctx->stats.sess_hit++;
- s->handshake_func = statem_connect;
+ s->handshake_func =
ossl_
statem_connect;
s->ctx->stats.sess_connect_good++;
}
s->ctx->stats.sess_connect_good++;
}
@@
-625,9
+623,16
@@
int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
ret = SSL_PKEY_ECC;
}
#endif
ret = SSL_PKEY_ECC;
}
#endif
+#ifndef OPENSSL_NO_GOST
else if (i == NID_id_GostR3410_2001) {
ret = SSL_PKEY_GOST01;
else if (i == NID_id_GostR3410_2001) {
ret = SSL_PKEY_GOST01;
- } else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {
+ } else if (i == NID_id_GostR3410_2012_256) {
+ ret = SSL_PKEY_GOST12_256;
+ } else if (i == NID_id_GostR3410_2012_512) {
+ ret = SSL_PKEY_GOST12_512;
+ }
+#endif
+ else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {
/*
* For DH two cases: DH certificate signed with RSA and DH
* certificate signed with DSA.
/*
* For DH two cases: DH certificate signed with RSA and DH
* certificate signed with DSA.