-
Notifications
You must be signed in to change notification settings - Fork 43
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
42 additions
and
68 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,18 +1,18 @@ | ||
From fd9e23f9b1bf40b2874d046454b6bd22976b6f53 Mon Sep 17 00:00:00 2001 | ||
From 0df0a5760c3d879a539e310042a22cde25a29520 Mon Sep 17 00:00:00 2001 | ||
From: Dmitrii Pichulin <[email protected]> | ||
Date: Mon, 24 Apr 2017 13:25:48 +0300 | ||
Date: Tue, 6 Jun 2017 11:17:25 +0300 | ||
Subject: [PATCH] added GOSTSSL | ||
|
||
--- | ||
include/openssl/ssl.h | 8 ++++ | ||
ssl/handshake_client.c | 11 +++++ | ||
ssl/internal.h | 68 +++++++++++++++++++++++++- | ||
ssl/internal.h | 63 +++++++++++++++++++++++++ | ||
ssl/ssl_cipher.c | 36 ++++++++++++++ | ||
ssl/ssl_lib.c | 128 +++++++++++++++++++++++++++++++++++++++++++++++++ | ||
5 files changed, 250 insertions(+), 1 deletion(-) | ||
ssl/ssl_lib.c | 125 +++++++++++++++++++++++++++++++++++++++++++++++++ | ||
5 files changed, 243 insertions(+) | ||
|
||
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h | ||
index 3131539..fcc1fd5 100644 | ||
index 6a6cd85..c63a803 100644 | ||
--- a/include/openssl/ssl.h | ||
+++ b/include/openssl/ssl.h | ||
@@ -163,6 +163,10 @@ | ||
|
@@ -26,7 +26,7 @@ index 3131539..fcc1fd5 100644 | |
#if defined(__cplusplus) | ||
extern "C" { | ||
#endif | ||
@@ -4282,6 +4286,10 @@ BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free) | ||
@@ -4453,6 +4457,10 @@ BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free) | ||
|
||
#endif | ||
|
||
|
@@ -38,10 +38,10 @@ index 3131539..fcc1fd5 100644 | |
#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 101 | ||
#define SSL_R_BAD_ALERT 102 | ||
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c | ||
index c4f5e8e..477587c 100644 | ||
index 7eddd35..5c320bd 100644 | ||
--- a/ssl/handshake_client.c | ||
+++ b/ssl/handshake_client.c | ||
@@ -960,6 +960,17 @@ static int ssl3_get_server_hello(SSL_HANDSHAKE *hs) { | ||
@@ -985,6 +985,17 @@ static int ssl3_get_server_hello(SSL_HANDSHAKE *hs) { | ||
} | ||
hs->new_cipher = c; | ||
|
||
|
@@ -60,18 +60,10 @@ index c4f5e8e..477587c 100644 | |
* ServerHello. */ | ||
if (!SSL_TRANSCRIPT_init_hash(&hs->transcript, ssl3_protocol_version(ssl), | ||
diff --git a/ssl/internal.h b/ssl/internal.h | ||
index a6dfad5..e75b435 100644 | ||
index 2504ca0..83dd886 100644 | ||
--- a/ssl/internal.h | ||
+++ b/ssl/internal.h | ||
@@ -162,7 +162,6 @@ OPENSSL_MSVC_PRAGMA(warning(pop)) | ||
extern "C" { | ||
#endif | ||
|
||
- | ||
/* Cipher suites. */ | ||
|
||
/* Bits for |algorithm_mkey| (key exchange algorithm). */ | ||
@@ -173,6 +172,11 @@ extern "C" { | ||
@@ -173,6 +173,11 @@ extern "C" { | ||
#define SSL_kPSK 0x00000008L | ||
#define SSL_kGENERIC 0x00000010L | ||
|
||
|
@@ -83,7 +75,7 @@ index a6dfad5..e75b435 100644 | |
/* Bits for |algorithm_auth| (server authentication). */ | ||
#define SSL_aRSA 0x00000001L | ||
#define SSL_aECDSA 0x00000002L | ||
@@ -180,6 +184,11 @@ extern "C" { | ||
@@ -180,6 +185,11 @@ extern "C" { | ||
#define SSL_aPSK 0x00000004L | ||
#define SSL_aGENERIC 0x00000008L | ||
|
||
|
@@ -95,7 +87,7 @@ index a6dfad5..e75b435 100644 | |
#define SSL_aCERT (SSL_aRSA | SSL_aECDSA) | ||
|
||
/* Bits for |algorithm_enc| (symmetric encryption). */ | ||
@@ -191,6 +200,10 @@ extern "C" { | ||
@@ -191,6 +201,10 @@ extern "C" { | ||
#define SSL_eNULL 0x00000020L | ||
#define SSL_CHACHA20POLY1305 0x00000040L | ||
|
||
|
@@ -106,7 +98,7 @@ index a6dfad5..e75b435 100644 | |
#define SSL_AES (SSL_AES128 | SSL_AES256 | SSL_AES128GCM | SSL_AES256GCM) | ||
|
||
/* Bits for |algorithm_mac| (symmetric authentication). */ | ||
@@ -200,6 +213,10 @@ extern "C" { | ||
@@ -200,6 +214,10 @@ extern "C" { | ||
/* SSL_AEAD is set for all AEADs. */ | ||
#define SSL_AEAD 0x00000008L | ||
|
||
|
@@ -117,7 +109,7 @@ index a6dfad5..e75b435 100644 | |
/* Bits for |algorithm_prf| (handshake digest). */ | ||
#define SSL_HANDSHAKE_MAC_DEFAULT 0x1 | ||
#define SSL_HANDSHAKE_MAC_SHA256 0x2 | ||
@@ -2177,6 +2194,55 @@ void ssl_get_current_time(const SSL *ssl, struct timeval *out_clock); | ||
@@ -2261,6 +2279,51 @@ void ssl_get_current_time(const SSL *ssl, struct OPENSSL_timeval *out_clock); | ||
/* ssl_reset_error_state resets state for |SSL_get_error|. */ | ||
void ssl_reset_error_state(SSL *ssl); | ||
|
||
|
@@ -142,15 +134,11 @@ index a6dfad5..e75b435 100644 | |
+ long ( EXPLICITSSL_CALL * BIO_ctrl )( BIO * bio, int cmd, long larg, void * parg ); | ||
+ _STACK * ( EXPLICITSSL_CALL * sk_new_null )( void ); | ||
+ size_t ( EXPLICITSSL_CALL * sk_push )( _STACK * sk, void * p ); | ||
+ void * ( EXPLICITSSL_CALL * sk_value )( const _STACK * sk, size_t i ); | ||
+ void ( EXPLICITSSL_CALL * sk_pop_free )( _STACK * sk, void( * free_func )( void * ) ); | ||
+ int ( EXPLICITSSL_CALL * ssl_get_new_session )( SSL_HANDSHAKE * hs, int is_server ); | ||
+ X509 * ( EXPLICITSSL_CALL * d2i_X509 )( X509 ** x, const unsigned char ** in, long len ); | ||
+ int ( EXPLICITSSL_CALL * X509_up_ref )( X509 * x ); | ||
+ void ( EXPLICITSSL_CALL * X509_free )( X509 * x ); | ||
+ void ( EXPLICITSSL_CALL * ERR_clear_error )( void ); | ||
+ void ( EXPLICITSSL_CALL * ERR_put_error )( int, int, int, const char * file, unsigned line ); | ||
+ const SSL_CIPHER * ( EXPLICITSSL_CALL * SSL_get_cipher_by_value )( uint16_t value ); | ||
+ CRYPTO_BUFFER * ( EXPLICITSSL_CALL * CRYPTO_BUFFER_new )( const uint8_t * data, size_t len, CRYPTO_BUFFER_POOL * pool ); | ||
+}; | ||
+// | ||
+typedef struct boringssl_method_st BORINGSSL_METHOD; | ||
|
@@ -174,12 +162,12 @@ index a6dfad5..e75b435 100644 | |
#if defined(__cplusplus) | ||
} /* extern C */ | ||
diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c | ||
index 4a7459f..2a51a8a 100644 | ||
index a72b541..1048ad4 100644 | ||
--- a/ssl/ssl_cipher.c | ||
+++ b/ssl/ssl_cipher.c | ||
@@ -273,6 +273,19 @@ static const SSL_CIPHER kCiphers[] = { | ||
SSL_HANDSHAKE_MAC_SHA256, | ||
@@ -279,6 +279,19 @@ static const SSL_CIPHER kCiphers[] = { | ||
}, | ||
#endif | ||
|
||
+#if defined(GOSTSSL) | ||
+ /* Cipher 81 (GOSTSSL) */ | ||
|
@@ -197,7 +185,7 @@ index 4a7459f..2a51a8a 100644 | |
/* PSK cipher suites. */ | ||
|
||
/* Cipher 8C */ | ||
@@ -575,6 +588,19 @@ static const SSL_CIPHER kCiphers[] = { | ||
@@ -583,6 +596,19 @@ static const SSL_CIPHER kCiphers[] = { | ||
SSL_HANDSHAKE_MAC_SHA256, | ||
}, | ||
|
||
|
@@ -217,7 +205,7 @@ index 4a7459f..2a51a8a 100644 | |
}; | ||
|
||
static const size_t kCiphersLen = OPENSSL_ARRAY_SIZE(kCiphers); | ||
@@ -1321,6 +1347,13 @@ ssl_create_cipher_list(const SSL_PROTOCOL_METHOD *ssl_method, | ||
@@ -1333,6 +1359,13 @@ int ssl_create_cipher_list( | ||
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_3DES, ~0u, 0, CIPHER_ADD, -1, 0, &head, | ||
&tail); | ||
|
||
|
@@ -231,7 +219,7 @@ index 4a7459f..2a51a8a 100644 | |
/* Temporarily enable everything else for sorting */ | ||
ssl_cipher_apply_rule(0, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_ADD, -1, 0, &head, | ||
&tail); | ||
@@ -1644,6 +1677,9 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *out_alg_bits) { | ||
@@ -1663,6 +1696,9 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *out_alg_bits) { | ||
|
||
case SSL_AES256: | ||
case SSL_AES256GCM: | ||
|
@@ -242,10 +230,10 @@ index 4a7459f..2a51a8a 100644 | |
alg_bits = 256; | ||
strength_bits = 256; | ||
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c | ||
index e37f9f9..b20c713 100644 | ||
index 7adf103..7f2ce04 100644 | ||
--- a/ssl/ssl_lib.c | ||
+++ b/ssl/ssl_lib.c | ||
@@ -227,6 +227,88 @@ static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) { | ||
@@ -227,6 +227,85 @@ static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) { | ||
return OPENSSL_memcmp(a->session_id, b->session_id, a->session_id_length); | ||
} | ||
|
||
|
@@ -277,15 +265,12 @@ index e37f9f9..b20c713 100644 | |
+ BIO_ctrl, | ||
+ sk_new_null, | ||
+ sk_push, | ||
+ sk_value, | ||
+ sk_pop_free, | ||
+ ssl_get_new_session, | ||
+ d2i_X509, | ||
+ X509_up_ref, | ||
+ X509_free, | ||
+ | ||
+ ERR_clear_error, | ||
+ ERR_put_error, | ||
+ SSL_get_cipher_by_value, | ||
+ CRYPTO_BUFFER_new, | ||
+}; | ||
+ | ||
+GOSTSSL_METHOD * gostssl() | ||
|
@@ -334,7 +319,7 @@ index e37f9f9..b20c713 100644 | |
SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) { | ||
SSL_CTX *ret = NULL; | ||
|
||
@@ -481,6 +563,13 @@ void SSL_free(SSL *ssl) { | ||
@@ -464,6 +543,13 @@ void SSL_free(SSL *ssl) { | ||
return; | ||
} | ||
|
||
|
@@ -345,10 +330,10 @@ index e37f9f9..b20c713 100644 | |
+ } | ||
+#endif | ||
+ | ||
X509_VERIFY_PARAM_free(ssl->param); | ||
|
||
ssl->ctx->x509_method->ssl_free(ssl); | ||
CRYPTO_free_ex_data(&g_ex_data_class_ssl, ssl, &ssl->ex_data); | ||
@@ -597,6 +686,19 @@ int SSL_do_handshake(SSL *ssl) { | ||
|
||
@@ -579,6 +665,19 @@ int SSL_do_handshake(SSL *ssl) { | ||
return -1; | ||
} | ||
|
||
|
@@ -368,7 +353,7 @@ index e37f9f9..b20c713 100644 | |
/* Run the handshake. */ | ||
assert(ssl->s3->hs != NULL); | ||
int ret = ssl->handshake_func(ssl->s3->hs); | ||
@@ -722,6 +824,19 @@ static int ssl_read_impl(SSL *ssl, void *buf, int num, int peek) { | ||
@@ -712,6 +811,19 @@ static int ssl_read_impl(SSL *ssl, void *buf, int num, int peek) { | ||
} | ||
} | ||
|
||
|
@@ -388,7 +373,7 @@ index e37f9f9..b20c713 100644 | |
int got_handshake; | ||
int ret = ssl->method->read_app_data(ssl, &got_handshake, buf, num, peek); | ||
if (ret > 0 || !got_handshake) { | ||
@@ -770,6 +885,19 @@ int SSL_write(SSL *ssl, const void *buf, int num) { | ||
@@ -766,6 +878,19 @@ int SSL_write(SSL *ssl, const void *buf, int num) { | ||
} | ||
} | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters