Updates to GOST2012

[openssl.git] / ssl / statem / statem_lib.c

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 75d151e5e0b8d566e2a565a0dbeed30957f9f763..ab860f6146e731f53d569bdfb2101313f4aec445 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -118,6 +118,7 @@
 #include <string.h>
 #include <stdio.h>
 #include "../ssl_locl.h"
+#include "statem_locl.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
@@ -224,7 +225,7 @@ static void ssl3_take_mac(SSL *s)
 }
 #endif
 
-enum MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
+MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
 {
     int al;
     long remain;
@@ -287,11 +288,11 @@ enum MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
     return MSG_PROCESS_CONTINUE_READING;
  f_err:
     ssl3_send_alert(s, SSL3_AL_FATAL, al);
-    statem_set_error(s);
+    ossl_statem_set_error(s);
     return MSG_PROCESS_ERROR;
 }
 
-enum MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
+MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
 {
     int al, i;
 
@@ -305,7 +306,7 @@ enum MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
 
     i = s->s3->tmp.peer_finish_md_len;
 
-    if (i < 0 || (unsigned long)i != PACKET_remaining(pkt)) {
+    if ((unsigned long)i != PACKET_remaining(pkt)) {
         al = SSL_AD_DECODE_ERROR;
         SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
         goto f_err;
@@ -330,10 +331,10 @@ enum MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
         s->s3->previous_server_finished_len = i;
     }
 
-    return MSG_PROCESS_CONTINUE_PROCESSING;
+    return MSG_PROCESS_FINISHED_READING;
  f_err:
     ssl3_send_alert(s, SSL3_AL_FATAL, al);
-    statem_set_error(s);
+    ossl_statem_set_error(s);
     return MSG_PROCESS_ERROR;
 }
 
@@ -369,13 +370,13 @@ unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk)
     return l + SSL_HM_HEADER_LENGTH(s);
 }
 
-enum WORK_STATE tls_finish_handshake(SSL *s, enum WORK_STATE wst)
+WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst)
 {
     void (*cb) (const SSL *ssl, int type, int val) = NULL;
 
 #ifndef OPENSSL_NO_SCTP
     if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-        enum WORK_STATE ret;
+        WORK_STATE ret;
         ret = dtls_wait_for_dry(s);
         if (ret != WORK_FINISHED_CONTINUE)
             return ret;
@@ -404,19 +405,16 @@ enum WORK_STATE tls_finish_handshake(SSL *s, enum WORK_STATE wst)
         s->new_session = 0;
 
         if (s->server) {
-            s->renegotiate = 0;
-            s->new_session = 0;
-
             ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
 
             s->ctx->stats.sess_accept_good++;
-            s->handshake_func = statem_accept;
+            s->handshake_func = ossl_statem_accept;
         } else {
             ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
             if (s->hit)
                 s->ctx->stats.sess_hit++;
 
-            s->handshake_func = statem_connect;
+            s->handshake_func = ossl_statem_connect;
             s->ctx->stats.sess_connect_good++;
         }
 
@@ -625,9 +623,16 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
         ret = SSL_PKEY_ECC;
     }
 #endif
+#ifndef OPENSSL_NO_GOST
     else if (i == NID_id_GostR3410_2001) {
         ret = SSL_PKEY_GOST01;
-    } else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {
+    } else if (i == NID_id_GostR3410_2012_256) {
+        ret = SSL_PKEY_GOST12_256;
+    } else if (i == NID_id_GostR3410_2012_512) {
+        ret = SSL_PKEY_GOST12_512;
+    }
+#endif
+    else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {
         /*
          * For DH two cases: DH certificate signed with RSA and DH
          * certificate signed with DSA.