GOST2012 TLS Supported Groups Identifiers Support

For GOST2012-GOST8912-GOST8912 IANA introduce TLS Supported Groups Identifiers
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11568)

diff --git a/Configure b/Configure
index 64e30fe2a05462a48bcc9e6645659c56fe97cc8f..eeb6c91cd2ca853daf8b740bb00f50be24d8a57d 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -518,7 +518,7 @@ my @disable_cascades = (
     "ssl3-method"       => [ "ssl3" ],
     "zlib"              => [ "zlib-dynamic" ],
     "des"               => [ "mdc2" ],
-    "ec"                => [ "ecdsa", "ecdh", "sm2" ],
+    "ec"                => [ "ecdsa", "ecdh", "sm2", "gost" ],
     sub { $disabled{"ec"} && $disabled{"dh"} }
                         => [ "tls1_3" ],
     "dgram"             => [ "dtls", "sctp" ],

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 79f66601be31c6ad010d2e76aaf98ed8ae2adef8..071e55dbf851a2b64314681e6e15a69de93fe38f 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -173,6 +173,15 @@ static const TLS_GROUP_INFO nid_list[] = {
     {EVP_PKEY_X25519, "X25519", 128, TLS_GROUP_CURVE_CUSTOM, 0x001D}, /* X25519 (29) */
     {EVP_PKEY_X448, "X448", 224, TLS_GROUP_CURVE_CUSTOM, 0x001E}, /* X448 (30) */
 # endif /* OPENSSL_NO_EC */
+# ifndef OPENSSL_NO_GOST
+    {NID_id_tc26_gost_3410_2012_256_paramSetA, "GOST_2012_256", 112, TLS_GROUP_CURVE_PRIME, 0x0022}, /* GC256A (34) */
+    {NID_id_tc26_gost_3410_2012_256_paramSetB, "GOST_2012_256", 112, TLS_GROUP_CURVE_PRIME, 0x0023}, /* GC256B (35) */
+    {NID_id_tc26_gost_3410_2012_256_paramSetC, "GOST_2012_256", 112, TLS_GROUP_CURVE_PRIME, 0x0024}, /* GC256C (36) */
+    {NID_id_tc26_gost_3410_2012_256_paramSetD, "GOST_2012_256", 112, TLS_GROUP_CURVE_PRIME, 0x0025}, /* GC256D (37) */
+    {NID_id_tc26_gost_3410_2012_512_paramSetA, "GOST_2012_512", 112, TLS_GROUP_CURVE_PRIME, 0x0026}, /* GC512A (38) */
+    {NID_id_tc26_gost_3410_2012_512_paramSetB, "GOST_2012_512", 112, TLS_GROUP_CURVE_PRIME, 0x0027}, /* GC512B (39) */
+    {NID_id_tc26_gost_3410_2012_512_paramSetC, "GOST_2012_512", 112, TLS_GROUP_CURVE_PRIME, 0x0028}, /* GC512C (40) */
+# endif /* OPENSSL_NO_GOST */
 # ifndef OPENSSL_NO_DH
     /* Security bit values for FFDHE groups are updated as per RFC 7919 */
     {NID_ffdhe2048, "DH", 103, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0100}, /* ffdhe2048 (0x0100) */
@@ -202,6 +211,15 @@ static const uint16_t supported_groups_default[] = {
     25,                      /* secp521r1 (25) */
     24,                      /* secp384r1 (24) */
 # endif
+# ifndef OPENSSL_NO_GOST
+    34,                      /* GC256A (34) */
+    35,                      /* GC256B (35) */
+    36,                      /* GC256C (36) */
+    37,                      /* GC256D (37) */
+    38,                      /* GC512A (38) */
+    39,                      /* GC512B (39) */
+    40,                      /* GC512C (40) */
+# endif
 # ifndef OPENSSL_NO_DH
     0x100,                   /* ffdhe2048 (0x100) */
     0x101,                   /* ffdhe3072 (0x101) */

diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 1cec8b0ec609aaaa1bebf3e35ce9ef0b545dc3d7..9f018ce1ad1179ab30dcdf9014fb31e4e058a8f4 100644 (file)
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -522,6 +522,13 @@ static const ssl_trace_tbl ssl_groups_tbl[] = {
     {28, "brainpoolP512r1"},
     {29, "ecdh_x25519"},
     {30, "ecdh_x448"},
+    {34, "GC256A"},
+    {35, "GC256B"},
+    {36, "GC256C"},
+    {37, "GC256D"},
+    {38, "GC512A"},
+    {39, "GC512B"},
+    {40, "GC512C"},
     {256, "ffdhe2048"},
     {257, "ffdhe3072"},
     {258, "ffdhe4096"},