[openssl] master update
beldmit at gmail.com
beldmit at gmail.com
Sat Apr 18 10:33:52 UTC 2020
The branch master has been updated
via 7a417606677c646d33d65de2fd298bc93d943edf (commit)
from ccb47dbf47b36da849301aae38c32ed019e75a21 (commit)
- Log -----------------------------------------------------------------
commit 7a417606677c646d33d65de2fd298bc93d943edf
Author: Nikolay Morozov <nmorozoff77 at yandex.ru>
Date: Thu Apr 16 18:55:36 2020 +0300
GOST2012 TLS ClientCertificateType Identifiers support
For GOST2012-GOST8912-GOST8912 IANA introduce ClientCertificateType Identifiers
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-2
Reviewed-by: Paul Dale <paul.dale at oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11558)
-----------------------------------------------------------------------
Summary of changes:
apps/lib/s_cb.c | 2 +-
include/openssl/ssl3.h | 2 +-
include/openssl/tls1.h | 8 +++++---
ssl/s3_lib.c | 6 ++++--
4 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index 2e0e9b2407..959568b282 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -190,7 +190,7 @@ static STRINT_PAIR cert_type_list[] = {
{"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH},
{"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH},
{"GOST01 Sign", TLS_CT_GOST01_SIGN},
- {"GOST12 Sign", TLS_CT_GOST12_SIGN},
+ {"GOST12 Sign", TLS_CT_GOST12_IANA_SIGN},
{NULL}
};
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index efef3ccfeb..261545f23f 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -270,7 +270,7 @@ extern "C" {
* SSL3_CT_NUMBER is used to size arrays and it must be large enough to
* contain all of the cert types defined for *either* SSLv3 and TLSv1.
*/
-# define SSL3_CT_NUMBER 10
+# define SSL3_CT_NUMBER 12
# if defined(TLS_CT_NUMBER)
# if TLS_CT_NUMBER != SSL3_CT_NUMBER
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 9181e0d2c1..d0dbf17d63 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -1116,14 +1116,16 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb
# define TLS_CT_RSA_FIXED_ECDH 65
# define TLS_CT_ECDSA_FIXED_ECDH 66
# define TLS_CT_GOST01_SIGN 22
-# define TLS_CT_GOST12_SIGN 238
-# define TLS_CT_GOST12_512_SIGN 239
+# define TLS_CT_GOST12_IANA_SIGN 67
+# define TLS_CT_GOST12_IANA_512_SIGN 68
+# define TLS_CT_GOST12_LEGACY_SIGN 238
+# define TLS_CT_GOST12_LEGACY_512_SIGN 239
/*
* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
* comment there)
*/
-# define TLS_CT_NUMBER 10
+# define TLS_CT_NUMBER 12
# if defined(SSL3_CT_NUMBER)
# if TLS_CT_NUMBER != SSL3_CT_NUMBER
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 9902fa3811..a99522a006 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4371,8 +4371,10 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
#ifndef OPENSSL_NO_GOST
if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
- && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
- && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
+ && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
+ && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
+ && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
+ && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN);
#endif
if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
More information about the openssl-commits
mailing list