libressl/0069-ssl-add-support-for-IANA-allocated-GOST-sigalgs-valu.patch

From d7cd5bfb3c079b3df01fa1c67cabc6194e4c31ce Mon Sep 17 00:00:00 2001
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date: Sat, 28 Mar 2020 22:19:05 +0300
Subject: [PATCH 69/87] ssl: add support for IANA-allocated GOST sigalgs values

Add support for IANA-allocated GOST SignatureAlgorithms values. Values
predating IANA allocation are left in place because they are still used
by deployed products.

Sponsored by ROSA Linux

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
---
 src/lib/libssl/ssl_sigalgs.c               | 12 ++++++++++++
 src/lib/libssl/ssl_sigalgs.h               |  2 ++
 src/regress/lib/libssl/tlsext/tlsexttest.c | 13 +++++++------
 3 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index 224c01af0..ffa6278eb 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -37,6 +37,11 @@ const struct ssl_sigalg sigalgs[] = {
 		.curve_nid = NID_secp521r1,
 	},
 #ifndef OPENSSL_NO_GOST
+	{
+		.value = SIGALG_GOSTR12_512,
+		.md = EVP_streebog512,
+		.key_type = EVP_PKEY_GOSTR01,
+	},
 	{
 		.value = SIGALG_GOSTR12_512_STREEBOG_512,
 		.md = EVP_streebog512,
@@ -66,6 +71,11 @@ const struct ssl_sigalg sigalgs[] = {
 		.curve_nid = NID_X9_62_prime256v1,
 	},
 #ifndef OPENSSL_NO_GOST
+	{
+		.value = SIGALG_GOSTR12_256,
+		.md = EVP_streebog256,
+		.key_type = EVP_PKEY_GOSTR01,
+	},
 	{
 		.value = SIGALG_GOSTR12_256_STREEBOG_256,
 		.md = EVP_streebog256,
@@ -171,7 +181,9 @@ uint16_t tls12_sigalgs[] = {
 	SIGALG_RSA_PKCS1_SHA1, /* XXX */
 	SIGALG_ECDSA_SHA1,     /* XXX */
 #ifndef OPENSSL_NO_GOST
+	SIGALG_GOSTR12_512,
 	SIGALG_GOSTR12_512_STREEBOG_512,
+	SIGALG_GOSTR12_256,
 	SIGALG_GOSTR12_256_STREEBOG_256,
 	SIGALG_GOSTR01_GOST94,
 #endif
diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h
index 13a3597fb..5fe3fc3bb 100644
--- a/src/lib/libssl/ssl_sigalgs.h
+++ b/src/lib/libssl/ssl_sigalgs.h
@@ -42,6 +42,8 @@ __BEGIN_HIDDEN_DECLS
 #define SIGALG_RSA_PSS_PSS_SHA256	0x0809
 #define SIGALG_RSA_PSS_PSS_SHA384	0x080a
 #define SIGALG_RSA_PSS_PSS_SHA512	0x080b
+#define SIGALG_GOSTR12_256		0x0840
+#define SIGALG_GOSTR12_512		0x0841
 #define SIGALG_RSA_PKCS1_SHA1		0x0201
 #define SIGALG_ECDSA_SHA1		0x0203
 #define SIGALG_PRIVATE_START		0xFE00
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 58955cd78..23a922893 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1506,10 +1506,11 @@ test_tlsext_ri_server(void)
  */
 
 static unsigned char tlsext_sigalgs_client[] = {
-	0x00, 0x1c, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
+	0x00, 0x20, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
 	0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04,
 	0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
-	0xef, 0xef, 0xee, 0xee, 0xed, 0xed,
+	0x08, 0x41, 0xef, 0xef, 0x08, 0x40, 0xee, 0xee,
+	0xed, 0xed,
 };
 
 static int
@@ -2714,14 +2715,14 @@ test_tlsext_srtp_server(void)
 #endif /* OPENSSL_NO_SRTP */
 
 unsigned char tlsext_clienthello_default[] = {
-	0x00, 0x38, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
+	0x00, 0x3c, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
 	0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d,
 	0x00, 0x17, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00,
-	0x00, 0x0d, 0x00, 0x1e, 0x00, 0x1c, 0x08, 0x06,
+	0x00, 0x0d, 0x00, 0x22, 0x00, 0x20, 0x08, 0x06,
 	0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01,
 	0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03,
-	0x02, 0x01, 0x02, 0x03, 0xef, 0xef, 0xee, 0xee,
-	0xed, 0xed,
+	0x02, 0x01, 0x02, 0x03, 0x08, 0x41, 0xef, 0xef,
+	0x08, 0x40, 0xee, 0xee, 0xed, 0xed,
 };
 
 unsigned char tlsext_clienthello_disabled[] = {};
-- 
2.17.1
Add gost-new patches sponsored by ROSA Linux TODO: add tests 2020-08-05 12:55:25 +03:00			`From d7cd5bfb3c079b3df01fa1c67cabc6194e4c31ce Mon Sep 17 00:00:00 2001`
			`From: Dmitry Baryshkov <dbaryshkov@gmail.com>`
			`Date: Sat, 28 Mar 2020 22:19:05 +0300`
			`Subject: [PATCH 69/87] ssl: add support for IANA-allocated GOST sigalgs values`

			`Add support for IANA-allocated GOST SignatureAlgorithms values. Values`
			`predating IANA allocation are left in place because they are still used`
			`by deployed products.`

			`Sponsored by ROSA Linux`

			`Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>`
			`---`
			`src/lib/libssl/ssl_sigalgs.c \| 12 ++++++++++++`
			`src/lib/libssl/ssl_sigalgs.h \| 2 ++`
			`src/regress/lib/libssl/tlsext/tlsexttest.c \| 13 +++++++------`
			`3 files changed, 21 insertions(+), 6 deletions(-)`

			`diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c`
			`index 224c01af0..ffa6278eb 100644`
			`--- a/src/lib/libssl/ssl_sigalgs.c`
			`+++ b/src/lib/libssl/ssl_sigalgs.c`
			`@@ -37,6 +37,11 @@ const struct ssl_sigalg sigalgs[] = {`
			`.curve_nid = NID_secp521r1,`
			`},`
			`#ifndef OPENSSL_NO_GOST`
			`+ {`
			`+ .value = SIGALG_GOSTR12_512,`
			`+ .md = EVP_streebog512,`
			`+ .key_type = EVP_PKEY_GOSTR01,`
			`+ },`
			`{`
			`.value = SIGALG_GOSTR12_512_STREEBOG_512,`
			`.md = EVP_streebog512,`
			`@@ -66,6 +71,11 @@ const struct ssl_sigalg sigalgs[] = {`
			`.curve_nid = NID_X9_62_prime256v1,`
			`},`
			`#ifndef OPENSSL_NO_GOST`
			`+ {`
			`+ .value = SIGALG_GOSTR12_256,`
			`+ .md = EVP_streebog256,`
			`+ .key_type = EVP_PKEY_GOSTR01,`
			`+ },`
			`{`
			`.value = SIGALG_GOSTR12_256_STREEBOG_256,`
			`.md = EVP_streebog256,`
			`@@ -171,7 +181,9 @@ uint16_t tls12_sigalgs[] = {`
			`SIGALG_RSA_PKCS1_SHA1, /* XXX */`
			`SIGALG_ECDSA_SHA1, /* XXX */`
			`#ifndef OPENSSL_NO_GOST`
			`+ SIGALG_GOSTR12_512,`
			`SIGALG_GOSTR12_512_STREEBOG_512,`
			`+ SIGALG_GOSTR12_256,`
			`SIGALG_GOSTR12_256_STREEBOG_256,`
			`SIGALG_GOSTR01_GOST94,`
			`#endif`
			`diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h`
			`index 13a3597fb..5fe3fc3bb 100644`
			`--- a/src/lib/libssl/ssl_sigalgs.h`
			`+++ b/src/lib/libssl/ssl_sigalgs.h`
			`@@ -42,6 +42,8 @@ __BEGIN_HIDDEN_DECLS`
			`#define SIGALG_RSA_PSS_PSS_SHA256 0x0809`
			`#define SIGALG_RSA_PSS_PSS_SHA384 0x080a`
			`#define SIGALG_RSA_PSS_PSS_SHA512 0x080b`
			`+#define SIGALG_GOSTR12_256 0x0840`
			`+#define SIGALG_GOSTR12_512 0x0841`
			`#define SIGALG_RSA_PKCS1_SHA1 0x0201`
			`#define SIGALG_ECDSA_SHA1 0x0203`
			`#define SIGALG_PRIVATE_START 0xFE00`
			`diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c`
			`index 58955cd78..23a922893 100644`
			`--- a/src/regress/lib/libssl/tlsext/tlsexttest.c`
			`+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c`
			`@@ -1506,10 +1506,11 @@ test_tlsext_ri_server(void)`
			`*/`

			`static unsigned char tlsext_sigalgs_client[] = {`
			`- 0x00, 0x1c, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,`
			`+ 0x00, 0x20, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,`
			`0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04,`
			`0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,`
			`- 0xef, 0xef, 0xee, 0xee, 0xed, 0xed,`
			`+ 0x08, 0x41, 0xef, 0xef, 0x08, 0x40, 0xee, 0xee,`
			`+ 0xed, 0xed,`
			`};`

			`static int`
			`@@ -2714,14 +2715,14 @@ test_tlsext_srtp_server(void)`
			`#endif /* OPENSSL_NO_SRTP */`

			`unsigned char tlsext_clienthello_default[] = {`
			`- 0x00, 0x38, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,`
			`+ 0x00, 0x3c, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,`
			`0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d,`
			`0x00, 0x17, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00,`
			`- 0x00, 0x0d, 0x00, 0x1e, 0x00, 0x1c, 0x08, 0x06,`
			`+ 0x00, 0x0d, 0x00, 0x22, 0x00, 0x20, 0x08, 0x06,`
			`0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01,`
			`0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03,`
			`- 0x02, 0x01, 0x02, 0x03, 0xef, 0xef, 0xee, 0xee,`
			`- 0xed, 0xed,`
			`+ 0x02, 0x01, 0x02, 0x03, 0x08, 0x41, 0xef, 0xef,`
			`+ 0x08, 0x40, 0xee, 0xee, 0xed, 0xed,`
			`};`

			`unsigned char tlsext_clienthello_disabled[] = {};`
			`--`
			`2.17.1`