From 6f892296038490a7fa24b32ac6f7305687634fb0 Mon Sep 17 00:00:00 2001 From: Nikolay Morozov Date: Tue, 7 Apr 2020 18:08:07 +0300 Subject: [PATCH] TLSEXT_SIGALG_gostr34102012 0x0840 and 0x0841 support For GOST2012-GOST8912-GOST8912 IANA introduce signature Signature Algorithm parametrs https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16 Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/11482) --- ssl/ssl_local.h | 2 ++ ssl/t1_lib.c | 14 ++++++++++++-- ssl/t1_trce.c | 2 ++ 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index c48bcb9a9a..a7e0d71179 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2127,6 +2127,8 @@ typedef enum downgrade_en { #define TLSEXT_SIGALG_dsa_sha512 0x0602 #define TLSEXT_SIGALG_dsa_sha224 0x0302 #define TLSEXT_SIGALG_dsa_sha1 0x0202 +#define TLSEXT_SIGALG_gostr34102012_256_intrinsic 0x0840 +#define TLSEXT_SIGALG_gostr34102012_512_intrinsic 0x0841 #define TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 0xeeee #define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 0xefef #define TLSEXT_SIGALG_gostr34102001_gostr3411 0xeded diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index beadf28f11..ebd094df9b 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -752,6 +752,8 @@ static const uint16_t tls12_sigalgs[] = { TLSEXT_SIGALG_dsa_sha512, #endif #ifndef OPENSSL_NO_GOST + TLSEXT_SIGALG_gostr34102012_256_intrinsic, + TLSEXT_SIGALG_gostr34102012_512_intrinsic, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, TLSEXT_SIGALG_gostr34102001_gostr3411, @@ -840,6 +842,14 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = { NID_dsaWithSHA1, NID_undef}, #endif #ifndef OPENSSL_NO_GOST + {NULL, TLSEXT_SIGALG_gostr34102012_256_intrinsic, + NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX, + NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256, + NID_undef, NID_undef}, + {NULL, TLSEXT_SIGALG_gostr34102012_512_intrinsic, + NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX, + NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512, + NID_undef, NID_undef}, {NULL, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX, NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256, @@ -872,8 +882,8 @@ static const uint16_t tls_default_sigalg[] = { TLSEXT_SIGALG_dsa_sha1, /* SSL_PKEY_DSA_SIGN */ TLSEXT_SIGALG_ecdsa_sha1, /* SSL_PKEY_ECC */ TLSEXT_SIGALG_gostr34102001_gostr3411, /* SSL_PKEY_GOST01 */ - TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, /* SSL_PKEY_GOST12_256 */ - TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, /* SSL_PKEY_GOST12_512 */ + TLSEXT_SIGALG_gostr34102012_256_intrinsic, /* SSL_PKEY_GOST12_256 */ + TLSEXT_SIGALG_gostr34102012_512_intrinsic, /* SSL_PKEY_GOST12_512 */ 0, /* SSL_PKEY_ED25519 */ 0, /* SSL_PKEY_ED448 */ }; diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 7c0b548e31..1cec8b0ec6 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -569,6 +569,8 @@ static const ssl_trace_tbl ssl_sigalg_tbl[] = { {TLSEXT_SIGALG_dsa_sha512, "dsa_sha512"}, {TLSEXT_SIGALG_dsa_sha224, "dsa_sha224"}, {TLSEXT_SIGALG_dsa_sha1, "dsa_sha1"}, + {TLSEXT_SIGALG_gostr34102012_256_intrinsic, "gost2012_256"}, + {TLSEXT_SIGALG_gostr34102012_512_intrinsic, "gost2012_512"}, {TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, "gost2012_256"}, {TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, "gost2012_512"}, {TLSEXT_SIGALG_gostr34102001_gostr3411, "gost2001_gost94"}, -- 2.34.1