Updates to GOST2012

Various updates following feedback from the recent commit of the new
GOST2012 code.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

ssl/s3_lib.c

@@ -1144,7 +1144,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
      },
 
     /* GOST Ciphersuites */
-
+#ifndef OPENSL_NO_GOST
     {
      1,
      "GOST2001-GOST89-GOST89",
@@ -1173,7 +1173,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
      0,
      0
     },
-
+#endif
 #ifndef OPENSSL_NO_CAMELLIA
     /* Camellia ciphersuites from RFC4132 (256-bit portion) */
 
@@ -3769,7 +3769,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
      256,
      256,
      },
-
+#ifndef OPENSSL_NO_GOST
     {
      1,
      "GOST2012-GOST8912-GOST8912",
@@ -3796,7 +3796,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256,
      0,
      0},
-
+#endif
 
 /* end of list */
 };

ssl/ssl_lib.c

@@ -2068,6 +2068,7 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
             rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
 #endif
 
+#ifndef OPENSSL_NO_GOST
     cpk = &(c->pkeys[SSL_PKEY_GOST12_512]);
     if (cpk->x509 != NULL && cpk->privatekey != NULL) {
         mask_k |= SSL_kGOST;
@@ -2083,6 +2084,7 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
         mask_k |= SSL_kGOST;
         mask_a |= SSL_aGOST01;
     }
+#endif
 
     if (rsa_enc || (rsa_tmp && rsa_sign))
         mask_k |= SSL_kRSA;

ssl/statem/statem_clnt.c

@@ -2715,6 +2715,7 @@ psk_err:
         EVP_PKEY_free(srvr_pub_pkey);
     }
 #endif                          /* !OPENSSL_NO_EC */
+#ifndef OPENSSL_NO_GOST
     else if (alg_k & SSL_kGOST) {
         /* GOST key exchange message creation */
         EVP_PKEY_CTX *pkey_ctx;
@@ -2836,6 +2837,7 @@ psk_err:
         EVP_PKEY_free(pub_key);
 
     }
+#endif
 #ifndef OPENSSL_NO_SRP
     else if (alg_k & SSL_kSRP) {
         if (s->srp_ctx.A != NULL) {
@@ -2964,7 +2966,7 @@ int tls_construct_client_verify(SSL *s)
     const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys];
     EVP_MD_CTX mctx;
     unsigned u = 0;
-    unsigned long n;
+    unsigned long n = 0;
     long hdatalen = 0;
     void *hdata;
 
@@ -2984,6 +2986,7 @@ int tls_construct_client_verify(SSL *s)
             goto err;
         }
         p += 2;
+        n = 2;
     }
 #ifdef SSL_DEBUG
     fprintf(stderr, "Using client alg %s\n", EVP_MD_name(md));
@@ -2998,21 +3001,16 @@ int tls_construct_client_verify(SSL *s)
         SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_EVP_LIB);
         goto err;
     }
+#ifndef OPENSSL_NO_GOST
     if (pkey->type == NID_id_GostR3410_2001
             || pkey->type == NID_id_GostR3410_2012_256
             || pkey->type == NID_id_GostR3410_2012_512) {
-        unsigned int i, k;
-        for (i = u - 1, k = 0; k < u/2; k++, i--) {
-            char c = p[2 + k];
-            p[2 + k] = p[2 + i];
-            p[2 + i] = c;
-        }
+        BUF_reverse(p + 2, NULL, u);
     }
+#endif
 
     s2n(u, p);
-    n = u + 2;
-    if (SSL_USE_SIGALGS(s))
-        n += 2;
+    n += u + 2;
     /* Digest cached records and discard handshake buffer */
     if (!ssl3_digest_cached_records(s, 0))
         goto err;

ssl/statem/statem_lib.c

@@ -623,13 +623,16 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
         ret = SSL_PKEY_ECC;
     }
 #endif
+#ifndef OPENSSL_NO_GOST
     else if (i == NID_id_GostR3410_2001) {
         ret = SSL_PKEY_GOST01;
     } else if (i == NID_id_GostR3410_2012_256) {
         ret = SSL_PKEY_GOST12_256;
     } else if (i == NID_id_GostR3410_2012_512) {
         ret = SSL_PKEY_GOST12_512;
-    } else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {
+    }
+#endif
+    else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {
         /*
          * For DH two cases: DH certificate signed with RSA and DH
          * certificate signed with DSA.

ssl/statem/statem_srvr.c

@@ -2761,6 +2761,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
         }
     } else
 #endif                          /* OPENSSL_NO_SRP */
+#ifndef OPENSSL_NO_GOST
     if (alg_k & SSL_kGOST) {
         EVP_PKEY_CTX *pkey_ctx;
         EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
@@ -2854,7 +2855,9 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
         EVP_PKEY_free(client_pub_pkey);
         EVP_PKEY_CTX_free(pkey_ctx);
         goto f_err;
-    } else {
+    } else
+#endif
+    {
         al = SSL_AD_HANDSHAKE_FAILURE;
         SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_UNKNOWN_CIPHER_TYPE);
         goto f_err;
@@ -2988,9 +2991,12 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
      * If key is GOST and n is exactly 64, it is bare signature without
      * length field (CryptoPro implementations at least till CSP 4.0)
      */
+#ifndef OPENSSL_NO_GOST
     if (PACKET_remaining(pkt) == 64 && pkey->type == NID_id_GostR3410_2001) {
         len = 64;
-    } else {
+    } else
+#endif
+    {
         if (SSL_USE_SIGALGS(s)) {
             int rv;
 
@@ -3049,16 +3055,13 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
         goto f_err;
     }
 
+#ifndef OPENSSL_NO_GOST
     if (pkey->type == NID_id_GostR3410_2001
             || pkey->type == NID_id_GostR3410_2012_256
             || pkey->type == NID_id_GostR3410_2012_512) {
-        unsigned int j1, j2;
-        for (j1 = len - 1, j2 = 0; j2 < len/2; j2++, j1--) {
-            char c = data[j2];
-            data[j2] = data[j1];
-            data[j1] = c;
-        }
+        BUF_reverse(data, NULL, len);
     }
+#endif
 
     if (s->version == SSL3_VERSION
         && !EVP_MD_CTX_ctrl(&mctx, EVP_CTRL_SSL3_MASTER_SECRET,

ssl/t1_trce.c

@@ -537,26 +537,26 @@ static ssl_trace_tbl ssl_point_tbl[] = {
 };
 
 static ssl_trace_tbl ssl_md_tbl[] = {
-    {0, "none"},
-    {1, "md5"},
-    {2, "sha1"},
-    {3, "sha224"},
-    {4, "sha256"},
-    {5, "sha384"},
-    {6, "sha512"},
-    {237, "md_gost94"},
-    {238, "md_gost2012_256"},
-    {239, "md_gost2012_512"},
+    {TLSEXT_hash_none, "none"},
+    {TLSEXT_hash_md5, "md5"},
+    {TLSEXT_hash_sha1, "sha1"},
+    {TLSEXT_hash_sha224, "sha224"},
+    {TLSEXT_hash_sha256, "sha256"},
+    {TLSEXT_hash_sha384, "sha384"},
+    {TLSEXT_hash_sha512, "sha512"},
+    {TLSEXT_hash_gostr3411, "md_gost94"},
+    {TLSEXT_hash_gostr34112012_256, "md_gost2012_256"},
+    {TLSEXT_hash_gostr34112012_512, "md_gost2012_512"}
 };
 
 static ssl_trace_tbl ssl_sig_tbl[] = {
-    {0, "anonymous"},
-    {1, "rsa"},
-    {2, "dsa"},
-    {3, "ecdsa"},
-    {237, "gost2001"},
-    {238, "gost2012_256"},
-    {239, "gost2012_512"},
+    {TLSEXT_signature_anonymous, "anonymous"},
+    {TLSEXT_signature_rsa, "rsa"},
+    {TLSEXT_signature_dsa, "dsa"},
+    {TLSEXT_signature_ecdsa, "ecdsa"},
+    {TLSEXT_signature_gostr34102001, "gost2001"},
+    {TLSEXT_signature_gostr34102012_256, "gost2012_256"},
+    {TLSEXT_signature_gostr34102012_512, "gost2012_512"}
 };
 
 static ssl_trace_tbl ssl_hb_tbl[] = {