Djam/libressl
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/libressl.git synced 2025-02-23 08:02:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
libressl/0016-Use-IANA-allocated-GOST-ClientCertificateTypes.patch

97 lines
3.2 KiB
Diff
Raw Permalink Normal View History

Add gost-new patches sponsored by ROSA Linux TODO: add tests
2020-08-05 12:55:25 +03:00
From 8559d74b6337caf1173ef440c4105e0b0e6d3e54 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Fri, 5 Jun 2020 18:14:05 +0000
Subject: [PATCH 16/87] Use IANA allocated GOST ClientCertificateTypes.
IANA has allocated numbers for GOST ClientCertificateType. Use them in
addition to private values (left in place for compatibility).
Diff from Dmitry Baryshkov <dbaryshkov@gmail.com>
Sponsored by ROSA Linux
ok inoguchi@ tb@
---
src/lib/libssl/s3_lib.c | 6 +++++-
src/lib/libssl/ssl3.h | 4 ++--
src/lib/libssl/tls1.h | 14 ++++++++------
3 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index f98ec3e09..e2fef7258 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.194 2020/06/05 17:58:32 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.195 2020/06/05 18:14:05 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -2553,6 +2553,10 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb)
return 0;
if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN))
return 0;
+ if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN_COMPAT))
+ return 0;
+ if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN_COMPAT))
+ return 0;
}
#endif
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 30dc4c5d7..a102d1143 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.50 2020/03/12 17:01:53 jsing Exp $ */
+/* $OpenBSD: ssl3.h,v 1.51 2020/06/05 18:14:05 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -348,7 +348,7 @@ typedef struct ssl3_buffer_st {
* enough to contain all of the cert types defined either for
* SSLv3 and TLSv1.
*/
-#define SSL3_CT_NUMBER 11
+#define SSL3_CT_NUMBER 13
#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 2230f0bab..8cd522658 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.40 2020/01/02 06:23:16 jsing Exp $ */
+/* $OpenBSD: tls1.h,v 1.41 2020/06/05 18:14:05 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -735,16 +735,18 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
#define TLS_CT_DSS_SIGN 2
#define TLS_CT_RSA_FIXED_DH 3
#define TLS_CT_DSS_FIXED_DH 4
+#define TLS_CT_GOST94_SIGN 21
+#define TLS_CT_GOST01_SIGN 22
#define TLS_CT_ECDSA_SIGN 64
#define TLS_CT_RSA_FIXED_ECDH 65
#define TLS_CT_ECDSA_FIXED_ECDH 66
-#define TLS_CT_GOST94_SIGN 21
-#define TLS_CT_GOST01_SIGN 22
-#define TLS_CT_GOST12_256_SIGN 238 /* FIXME: IANA */
-#define TLS_CT_GOST12_512_SIGN 239 /* FIXME: IANA */
+#define TLS_CT_GOST12_256_SIGN 67
+#define TLS_CT_GOST12_512_SIGN 68
+#define TLS_CT_GOST12_256_SIGN_COMPAT 238 /* pre-IANA, for compat */
+#define TLS_CT_GOST12_512_SIGN_COMPAT 239 /* pre-IANA, for compat */
/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
* comment there) */
-#define TLS_CT_NUMBER 11
+#define TLS_CT_NUMBER 13
#define TLS1_FINISH_MAC_LENGTH 12
--
2.17.1
Reference in a new issue Copy permalink