Updates to GOST2012

Various updates following feedback from the recent commit of the new GOST2012 code. Reviewed-by: N Andy Polyakov <appro@openssl.org>

Updates to GOST2012
Various updates following feedback from the recent commit of the new GOST2012 code. Reviewed-by: N Andy Polyakov <appro@openssl.org>
2a9b9654 · Matt Caswell · 9689a6ae · 2a9b9654 · 2a9b9654 · 2a9b9654
6 changed file
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1144,7 +1144,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
     },
    /* GOST Ciphersuites */
+#ifndef OPENSL_NO_GOST
    {
     1,
     "GOST2001-GOST89-GOST89",
@@ -1173,7 +1173,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
     0,
     0
    },
+#endif
 #ifndef OPENSSL_NO_CAMELLIA
    /* Camellia ciphersuites from RFC4132 (256-bit portion) */
@@ -3769,7 +3769,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
     256,
     256,
     },
+#ifndef OPENSSL_NO_GOST
    {
     1,
     "GOST2012-GOST8912-GOST8912",
@@ -3796,7 +3796,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256,
     0,
     0},
+#endif
 /* end of list */
 };

--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2068,6 +2068,7 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
            rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
 #endif
+#ifndef OPENSSL_NO_GOST
    cpk = &(c->pkeys[SSL_PKEY_GOST12_512]);
    if (cpk->x509 != NULL && cpk->privatekey != NULL) {
        mask_k |= SSL_kGOST;
@@ -2083,6 +2084,7 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
        mask_k |= SSL_kGOST;
        mask_a |= SSL_aGOST01;
    }
+#endif
    if (rsa_enc || (rsa_tmp && rsa_sign))
        mask_k |= SSL_kRSA;

--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2715,6 +2715,7 @@ psk_err:
        EVP_PKEY_free(srvr_pub_pkey);
    }
 #endif                          /* !OPENSSL_NO_EC */
+#ifndef OPENSSL_NO_GOST
    else if (alg_k & SSL_kGOST) {
        /* GOST key exchange message creation */
        EVP_PKEY_CTX *pkey_ctx;
@@ -2836,6 +2837,7 @@ psk_err:
        EVP_PKEY_free(pub_key);
    }
+#endif
 #ifndef OPENSSL_NO_SRP
    else if (alg_k & SSL_kSRP) {
        if (s->srp_ctx.A != NULL) {
@@ -2964,7 +2966,7 @@ int tls_construct_client_verify(SSL *s)
    const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys];
    EVP_MD_CTX mctx;
    unsigned u = 0;
-    unsigned long n;
+    unsigned long n = 0;
    long hdatalen = 0;
    void *hdata;
@@ -2984,6 +2986,7 @@ int tls_construct_client_verify(SSL *s)
            goto err;
        }
        p += 2;
+        n = 2;
    }
 #ifdef SSL_DEBUG
    fprintf(stderr, "Using client alg %s\n", EVP_MD_name(md));
@@ -2998,21 +3001,16 @@ int tls_construct_client_verify(SSL *s)
        SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_EVP_LIB);
        goto err;
    }
+#ifndef OPENSSL_NO_GOST
    if (pkey->type == NID_id_GostR3410_2001
            || pkey->type == NID_id_GostR3410_2012_256
            || pkey->type == NID_id_GostR3410_2012_512) {
-        unsigned int i, k;
+        BUF_reverse(p + 2, NULL, u);
-        for (i = u - 1, k = 0; k < u/2; k++, i--) {
-            char c = p[2 + k];
-            p[2 + k] = p[2 + i];
-            p[2 + i] = c;
-        }
    }
+#endif
    s2n(u, p);
-    n = u + 2;
+    n += u + 2;
-    if (SSL_USE_SIGALGS(s))
-        n += 2;
    /* Digest cached records and discard handshake buffer */
    if (!ssl3_digest_cached_records(s, 0))
        goto err;

--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -623,13 +623,16 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
        ret = SSL_PKEY_ECC;
    }
 #endif
+#ifndef OPENSSL_NO_GOST
    else if (i == NID_id_GostR3410_2001) {
        ret = SSL_PKEY_GOST01;
    } else if (i == NID_id_GostR3410_2012_256) {
        ret = SSL_PKEY_GOST12_256;
    } else if (i == NID_id_GostR3410_2012_512) {
        ret = SSL_PKEY_GOST12_512;
-    } else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {
+    }
+#endif
+    else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {
        /*
         * For DH two cases: DH certificate signed with RSA and DH
         * certificate signed with DSA.

--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2761,6 +2761,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
        }
    } else
 #endif                          /* OPENSSL_NO_SRP */
+#ifndef OPENSSL_NO_GOST
    if (alg_k & SSL_kGOST) {
        EVP_PKEY_CTX *pkey_ctx;
        EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
@@ -2854,7 +2855,9 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
        EVP_PKEY_free(client_pub_pkey);
        EVP_PKEY_CTX_free(pkey_ctx);
        goto f_err;
-    } else {
+    } else
+#endif
+    {
        al = SSL_AD_HANDSHAKE_FAILURE;
        SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_UNKNOWN_CIPHER_TYPE);
        goto f_err;
@@ -2988,9 +2991,12 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
     * If key is GOST and n is exactly 64, it is bare signature without
     * length field (CryptoPro implementations at least till CSP 4.0)
     */
+#ifndef OPENSSL_NO_GOST
    if (PACKET_remaining(pkt) == 64 && pkey->type == NID_id_GostR3410_2001) {
        len = 64;
-    } else {
+    } else
+#endif
+    {
        if (SSL_USE_SIGALGS(s)) {
            int rv;
@@ -3049,16 +3055,13 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
        goto f_err;
    }
+#ifndef OPENSSL_NO_GOST
    if (pkey->type == NID_id_GostR3410_2001
            || pkey->type == NID_id_GostR3410_2012_256
            || pkey->type == NID_id_GostR3410_2012_512) {
-        unsigned int j1, j2;
+        BUF_reverse(data, NULL, len);
-        for (j1 = len - 1, j2 = 0; j2 < len/2; j2++, j1--) {
-            char c = data[j2];
-            data[j2] = data[j1];
-            data[j1] = c;
-        }
    }
+#endif
    if (s->version == SSL3_VERSION
        && !EVP_MD_CTX_ctrl(&mctx, EVP_CTRL_SSL3_MASTER_SECRET,

--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -537,26 +537,26 @@ static ssl_trace_tbl ssl_point_tbl[] = {
 };
 static ssl_trace_tbl ssl_md_tbl[] = {
-    {0, "none"},
+    {TLSEXT_hash_none, "none"},
-    {1, "md5"},
+    {TLSEXT_hash_md5, "md5"},
-    {2, "sha1"},
+    {TLSEXT_hash_sha1, "sha1"},
-    {3, "sha224"},
+    {TLSEXT_hash_sha224, "sha224"},
-    {4, "sha256"},
+    {TLSEXT_hash_sha256, "sha256"},
-    {5, "sha384"},
+    {TLSEXT_hash_sha384, "sha384"},
-    {6, "sha512"},
+    {TLSEXT_hash_sha512, "sha512"},
-    {237, "md_gost94"},
+    {TLSEXT_hash_gostr3411, "md_gost94"},
-    {238, "md_gost2012_256"},
+    {TLSEXT_hash_gostr34112012_256, "md_gost2012_256"},
-    {239, "md_gost2012_512"},
+    {TLSEXT_hash_gostr34112012_512, "md_gost2012_512"}
 };
 static ssl_trace_tbl ssl_sig_tbl[] = {
-    {0, "anonymous"},
+    {TLSEXT_signature_anonymous, "anonymous"},
-    {1, "rsa"},
+    {TLSEXT_signature_rsa, "rsa"},
-    {2, "dsa"},
+    {TLSEXT_signature_dsa, "dsa"},
-    {3, "ecdsa"},
+    {TLSEXT_signature_ecdsa, "ecdsa"},
-    {237, "gost2001"},
+    {TLSEXT_signature_gostr34102001, "gost2001"},
-    {238, "gost2012_256"},
+    {TLSEXT_signature_gostr34102012_256, "gost2012_256"},
-    {239, "gost2012_512"},
+    {TLSEXT_signature_gostr34102012_512, "gost2012_512"}
 };
 static ssl_trace_tbl ssl_hb_tbl[] = {