Patch containing TLS implementation for GOST 2012

[openssl.git] / ssl / ssl_lib.c

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 36e247a1776317df19a430e3d55c9ea55a792730..5068c15964ca9a9dba88d559d94a830830550ccf 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -969,14 +969,14 @@ long SSL_get_default_timeout(const SSL *s)
     return (s->method->get_timeout());
 }
 
-static int start_async_job(SSL *s, struct ssl_async_args *args,
+static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
                           int (*func)(void *)) {
     int ret;
     switch(ASYNC_start_job(&s->job, &ret, func, args,
         sizeof(struct ssl_async_args))) {
     case ASYNC_ERR:
         s->rwstate = SSL_NOTHING;
-        SSLerr(SSL_F_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC);
+        SSLerr(SSL_F_SSL_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC);
         return -1;
     case ASYNC_PAUSE:
         s->rwstate = SSL_ASYNC_PAUSED;
@@ -986,7 +986,7 @@ static int start_async_job(SSL *s, struct ssl_async_args *args,
         return ret;
     default:
         s->rwstate = SSL_NOTHING;
-        SSLerr(SSL_F_START_ASYNC_JOB, ERR_R_INTERNAL_ERROR);
+        SSLerr(SSL_F_SSL_START_ASYNC_JOB, ERR_R_INTERNAL_ERROR);
         /* Shouldn't happen */
         return -1;
     }
@@ -1030,7 +1030,7 @@ int SSL_read(SSL *s, void *buf, int num)
         args.type = 1;
         args.f.func1 = s->method->ssl_read;
 
-        return start_async_job(s, &args, ssl_io_intern);
+        return ssl_start_async_job(s, &args, ssl_io_intern);
     } else {
         return s->method->ssl_read(s, buf, num);
     }
@@ -1055,7 +1055,7 @@ int SSL_peek(SSL *s, void *buf, int num)
         args.type = 1;
         args.f.func1 = s->method->ssl_peek;
 
-        return start_async_job(s, &args, ssl_io_intern);
+        return ssl_start_async_job(s, &args, ssl_io_intern);
     } else {
         return s->method->ssl_peek(s, buf, num);
     }
@@ -1083,7 +1083,7 @@ int SSL_write(SSL *s, const void *buf, int num)
         args.type = 2;
         args.f.func2 = s->method->ssl_write;
 
-        return start_async_job(s, &args, ssl_io_intern);
+        return ssl_start_async_job(s, &args, ssl_io_intern);
     } else {
         return s->method->ssl_write(s, buf, num);
     }
@@ -2069,6 +2069,16 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
             rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
 #endif
 
+    cpk = &(c->pkeys[SSL_PKEY_GOST12_512]);
+    if (cpk->x509 != NULL && cpk->privatekey != NULL) {
+        mask_k |= SSL_kGOST;
+        mask_a |= SSL_aGOST12;
+    }
+    cpk = &(c->pkeys[SSL_PKEY_GOST12_256]);
+    if (cpk->x509 != NULL && cpk->privatekey != NULL) {
+        mask_k |= SSL_kGOST;
+        mask_a |= SSL_aGOST12;
+    }
     cpk = &(c->pkeys[SSL_PKEY_GOST01]);
     if (cpk->x509 != NULL && cpk->privatekey != NULL) {
         mask_k |= SSL_kGOST;
@@ -2255,6 +2265,16 @@ static int ssl_get_server_cert_index(const SSL *s)
     idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
     if (idx == SSL_PKEY_RSA_ENC && !s->cert->pkeys[SSL_PKEY_RSA_ENC].x509)
         idx = SSL_PKEY_RSA_SIGN;
+    if (idx == SSL_PKEY_GOST_EC) {
+        if (s->cert->pkeys[SSL_PKEY_GOST12_512].x509)
+            idx = SSL_PKEY_GOST12_512;
+        else if (s->cert->pkeys[SSL_PKEY_GOST12_256].x509)
+            idx = SSL_PKEY_GOST12_256;
+        else if (s->cert->pkeys[SSL_PKEY_GOST01].x509)
+            idx = SSL_PKEY_GOST01;
+        else
+            idx = -1;
+    }
     if (idx == -1)
         SSLerr(SSL_F_SSL_GET_SERVER_CERT_INDEX, ERR_R_INTERNAL_ERROR);
     return idx;
@@ -2523,7 +2543,7 @@ int SSL_do_handshake(SSL *s)
 
             args.s = s;
 
-            ret = start_async_job(s, &args, ssl_do_handshake_intern);
+            ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);
         } else {
             ret = s->handshake_func(s);
         }