From d7cd5bfb3c079b3df01fa1c67cabc6194e4c31ce Mon Sep 17 00:00:00 2001 From: Dmitry Baryshkov Date: Sat, 28 Mar 2020 22:19:05 +0300 Subject: [PATCH 69/87] ssl: add support for IANA-allocated GOST sigalgs values Add support for IANA-allocated GOST SignatureAlgorithms values. Values predating IANA allocation are left in place because they are still used by deployed products. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libssl/ssl_sigalgs.c | 12 ++++++++++++ src/lib/libssl/ssl_sigalgs.h | 2 ++ src/regress/lib/libssl/tlsext/tlsexttest.c | 13 +++++++------ 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 224c01af0..ffa6278eb 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c @@ -37,6 +37,11 @@ const struct ssl_sigalg sigalgs[] = { .curve_nid = NID_secp521r1, }, #ifndef OPENSSL_NO_GOST + { + .value = SIGALG_GOSTR12_512, + .md = EVP_streebog512, + .key_type = EVP_PKEY_GOSTR01, + }, { .value = SIGALG_GOSTR12_512_STREEBOG_512, .md = EVP_streebog512, @@ -66,6 +71,11 @@ const struct ssl_sigalg sigalgs[] = { .curve_nid = NID_X9_62_prime256v1, }, #ifndef OPENSSL_NO_GOST + { + .value = SIGALG_GOSTR12_256, + .md = EVP_streebog256, + .key_type = EVP_PKEY_GOSTR01, + }, { .value = SIGALG_GOSTR12_256_STREEBOG_256, .md = EVP_streebog256, @@ -171,7 +181,9 @@ uint16_t tls12_sigalgs[] = { SIGALG_RSA_PKCS1_SHA1, /* XXX */ SIGALG_ECDSA_SHA1, /* XXX */ #ifndef OPENSSL_NO_GOST + SIGALG_GOSTR12_512, SIGALG_GOSTR12_512_STREEBOG_512, + SIGALG_GOSTR12_256, SIGALG_GOSTR12_256_STREEBOG_256, SIGALG_GOSTR01_GOST94, #endif diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h index 13a3597fb..5fe3fc3bb 100644 --- a/src/lib/libssl/ssl_sigalgs.h +++ b/src/lib/libssl/ssl_sigalgs.h @@ -42,6 +42,8 @@ __BEGIN_HIDDEN_DECLS #define SIGALG_RSA_PSS_PSS_SHA256 0x0809 #define SIGALG_RSA_PSS_PSS_SHA384 0x080a #define SIGALG_RSA_PSS_PSS_SHA512 0x080b +#define SIGALG_GOSTR12_256 0x0840 +#define SIGALG_GOSTR12_512 0x0841 #define SIGALG_RSA_PKCS1_SHA1 0x0201 #define SIGALG_ECDSA_SHA1 0x0203 #define SIGALG_PRIVATE_START 0xFE00 diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index 58955cd78..23a922893 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c @@ -1506,10 +1506,11 @@ test_tlsext_ri_server(void) */ static unsigned char tlsext_sigalgs_client[] = { - 0x00, 0x1c, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, + 0x00, 0x20, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, - 0xef, 0xef, 0xee, 0xee, 0xed, 0xed, + 0x08, 0x41, 0xef, 0xef, 0x08, 0x40, 0xee, 0xee, + 0xed, 0xed, }; static int @@ -2714,14 +2715,14 @@ test_tlsext_srtp_server(void) #endif /* OPENSSL_NO_SRTP */ unsigned char tlsext_clienthello_default[] = { - 0x00, 0x38, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, + 0x00, 0x3c, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00, - 0x00, 0x0d, 0x00, 0x1e, 0x00, 0x1c, 0x08, 0x06, + 0x00, 0x0d, 0x00, 0x22, 0x00, 0x20, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, - 0x02, 0x01, 0x02, 0x03, 0xef, 0xef, 0xee, 0xee, - 0xed, 0xed, + 0x02, 0x01, 0x02, 0x03, 0x08, 0x41, 0xef, 0xef, + 0x08, 0x40, 0xee, 0xee, 0xed, 0xed, }; unsigned char tlsext_clienthello_disabled[] = {}; -- 2.17.1