Submitted by: Artem Chuprina <ran@cryptocom.ru>
authorDr. Stephen Henson <steve@openssl.org>
Thu, 28 May 2009 18:10:47 +0000 (18:10 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 28 May 2009 18:10:47 +0000 (18:10 +0000)
Reviewed by: steve@openssl.org

Fix to match latest GOST in TLS draft.

ssl/s3_lib.c
ssl/ssl3.h
ssl/tls1.h

index 51ec94b..7aa1c03 100644 (file)
@@ -3087,6 +3087,18 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 
        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 
+#ifndef OPENSSL_NO_GOST
+       if (s->version >= TLS1_VERSION)
+               {
+               if (alg_k & SSL_kGOST)
+                       {
+                       p[ret++]=TLS_CT_GOST94_SIGN;
+                       p[ret++]=TLS_CT_GOST01_SIGN;
+                       return(ret);
+                       }
+               }
+#endif
+
 #ifndef OPENSSL_NO_DH
        if (alg_k & (SSL_kDHr|SSL_kEDH))
                {
index 56f17f6..c2db3bd 100644 (file)
@@ -368,7 +368,7 @@ typedef struct ssl3_buffer_st
  * enough to contain all of the cert types defined either for
  * SSLv3 and TLSv1.
  */
-#define SSL3_CT_NUMBER                 7
+#define SSL3_CT_NUMBER                 9
 
 
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS      0x0001
index 0ecbc6d..b399db1 100644 (file)
@@ -471,7 +471,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS_CT_ECDSA_SIGN              64
 #define TLS_CT_RSA_FIXED_ECDH          65
 #define TLS_CT_ECDSA_FIXED_ECDH        66
-#define TLS_CT_NUMBER                  7
+#define TLS_CT_GOST94_SIGN             21
+#define TLS_CT_GOST01_SIGN             22
+/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
+ * comment there) */
+#define TLS_CT_NUMBER                  9
 
 #define TLS1_FINISH_MAC_LENGTH         12