From fb0bffd55cfc46f60848a22e7f351cb23b47ca3a Mon Sep 17 00:00:00 2001
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date: Sun, 29 Mar 2020 00:24:35 +0300
Subject: [PATCH 72/87] ssl: add support for new GOST CNT-IMIT ciphersuite
 value

Add support for IANA-assigned value {0xc1, 0x02} for GOST CNT-IMIT
CipherSuite (GOST2012256-GOST89-GOST89).

Sponsored by ROSA Linux

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
---
 src/lib/libssl/s3_lib.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index e2fef7258..425420c4a 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1305,6 +1305,23 @@ SSL_CIPHER ssl3_ciphers[] = {
 		.alg_bits = 256,
 	},
 
+	/* Cipher C102 */
+	{
+		.valid = 1,
+		.name = "GOST2012256-GOST89-GOST89",
+		.id = 0x300c102,
+		.algorithm_mkey = SSL_kGOST,
+		.algorithm_auth = SSL_aGOST01,
+		.algorithm_enc = SSL_eGOST2814789CNT,
+		.algorithm_mac = SSL_GOST89MAC,
+		.algorithm_ssl = SSL_TLSV1_2,
+		.algo_strength = SSL_HIGH,
+		.algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256|
+		    TLS1_STREAM_MAC,
+		.strength_bits = 256,
+		.alg_bits = 256
+	},
+
 	/* Cipher CCA8 */
 	{
 		.valid = 1,
-- 
2.17.1