New Russian TLS 1.2 implementation

Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11442)
author: Dmitry Belyavskiy <beldmit@gmail.com> 2020-03-30 17:09:24 +0200
committer: Dmitry Belyavskiy <beldmit@gmail.com> 2020-05-19 12:02:43 +0200
commit: 5a5530a29abcf5d7ab7194d73b3807d568b06cbd (patch)
tree: 4084ebfee1f5e052d892e6b406c5b9358920170c /ssl/s3_lib.c
parent: GOST-related objects changes (diff)
download: openssl-5a5530a29abcf5d7ab7194d73b3807d568b06cbd.tar.xz
openssl-5a5530a29abcf5d7ab7194d73b3807d568b06cbd.zip
1 files changed, 43 insertions, 5 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 2b49e7e51a..054fc468ed 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2687,6 +2687,38 @@ static SSL_CIPHER ssl3_ciphers[] = {
      0,
      0,
      },
+    {
+     1,
+     "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
+     NULL,
+     0x0300C100,
+     SSL_kGOST18,
+     SSL_aGOST12,
+     SSL_KUZNYECHIK,
+     SSL_KUZNYECHIKOMAC,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
+     256,
+     256,
+     },
+    {
+     1,
+     "GOST2012-MAGMA-MAGMAOMAC",
+     NULL,
+     0x0300C101,
+     SSL_kGOST18,
+     SSL_aGOST12,
+     SSL_MAGMA,
+     SSL_MAGMAOMAC,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
+     256,
+     256,
+     },
 #endif                          /* OPENSSL_NO_GOST */
 
 #ifndef OPENSSL_NO_IDEA
@@ -4374,11 +4406,17 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
 
 #ifndef OPENSSL_NO_GOST
     if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
-            return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
-                    && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
-                    && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
-                    && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
-                    && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN);
+        if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
+            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
+            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
+            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
+            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN))
+            return 0;
+
+    if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18))
+        if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
+            || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN))
+            return 0;
 #endif
 
     if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
author	Dmitry Belyavskiy <beldmit@gmail.com>	2020-03-30 17:09:24 +0200
committer	Dmitry Belyavskiy <beldmit@gmail.com>	2020-05-19 12:02:43 +0200
commit	5a5530a29abcf5d7ab7194d73b3807d568b06cbd (patch)
tree	4084ebfee1f5e052d892e6b406c5b9358920170c /ssl/s3_lib.c
parent	GOST-related objects changes (diff)
download	openssl-5a5530a29abcf5d7ab7194d73b3807d568b06cbd.tar.xz openssl-5a5530a29abcf5d7ab7194d73b3807d568b06cbd.zip