gnutls_status_request_ocsp_func ocsp_func,
void *ocsp_func_ptr);
-#define MAX_CLIENT_SIGN_ALGOS 3
+#define MAX_CLIENT_SIGN_ALGOS 5
#define CERTTYPE_SIZE (MAX_CLIENT_SIGN_ALGOS+1)
-typedef enum CertificateSigType { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64
+typedef enum CertificateSigType { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64,
+#ifdef ENABLE_GOST
+ GOSTR34102012_256_SIGN = 67,
+ GOSTR34102012_512_SIGN = 68
+#endif
} CertificateSigType;
/* Moves data from an internal certificate struct (gnutls_pcert_st) to
return GNUTLS_PK_DSA;
case ECDSA_SIGN:
return GNUTLS_PK_EC;
+#ifdef ENABLE_GOST
+ case GOSTR34102012_256_SIGN:
+ return GNUTLS_PK_GOST_12_256;
+ case GOSTR34102012_512_SIGN:
+ return GNUTLS_PK_GOST_12_512;
+#endif
}
return -1;
gnutls_buffer_st * data)
{
gnutls_certificate_credentials_t cred;
- int ret;
+ int ret, i;
uint8_t tmp_data[CERTTYPE_SIZE];
const version_entry_st *ver = get_version(session);
unsigned init_pos = data->length;
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
- tmp_data[0] = CERTTYPE_SIZE - 1;
- tmp_data[1] = RSA_SIGN;
- tmp_data[2] = DSA_SIGN;
- tmp_data[3] = ECDSA_SIGN; /* only these for now */
+ i = 1;
+#ifdef ENABLE_GOST
+ if (_gnutls_kx_is_vko_gost(session->security_parameters.cs->kx_algorithm)) {
+ tmp_data[i++] = GOSTR34102012_256_SIGN;
+ tmp_data[i++] = GOSTR34102012_512_SIGN;
+ } else
+#endif
+ {
+ tmp_data[i++] = RSA_SIGN;
+ tmp_data[i++] = DSA_SIGN;
+ tmp_data[i++] = ECDSA_SIGN;
+ }
+ tmp_data[0] = i - 1;
- ret = _gnutls_buffer_append_data(data, tmp_data, CERTTYPE_SIZE);
+ ret = _gnutls_buffer_append_data(data, tmp_data, i);
if (ret < 0)
return gnutls_assert_val(ret);
projects / thirdparty / gnutls.git / commitdiff
