TLSEXT_SIGALG_gostr34102012 0x0840 and 0x0841 support

For GOST2012-GOST8912-GOST8912 IANA introduce signature Signature Algorithm parametrs https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11482)
2025-01-30 14:01:55 +08:00 · 2020-04-07 18:08:07 +03:00 · 2020-04-07 18:08:07 +03:00 · 6f89229603
commit 6f89229603
parent 7525c93030
3 changed files with 16 additions and 2 deletions
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@ -2127,6 +2127,8 @@ typedef enum downgrade_en {
 #define TLSEXT_SIGALG_dsa_sha512                                0x0602
 #define TLSEXT_SIGALG_dsa_sha224                                0x0302
 #define TLSEXT_SIGALG_dsa_sha1                                  0x0202
+#define TLSEXT_SIGALG_gostr34102012_256_intrinsic               0x0840
+#define TLSEXT_SIGALG_gostr34102012_512_intrinsic               0x0841
 #define TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256       0xeeee
 #define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512       0xefef
 #define TLSEXT_SIGALG_gostr34102001_gostr3411                   0xeded
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -752,6 +752,8 @@ static const uint16_t tls12_sigalgs[] = {
    TLSEXT_SIGALG_dsa_sha512,
 #endif
 #ifndef OPENSSL_NO_GOST
+    TLSEXT_SIGALG_gostr34102012_256_intrinsic,
+    TLSEXT_SIGALG_gostr34102012_512_intrinsic,
    TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256,
    TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512,
    TLSEXT_SIGALG_gostr34102001_gostr3411,
@ -840,6 +842,14 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
     NID_dsaWithSHA1, NID_undef},
 #endif
 #ifndef OPENSSL_NO_GOST
+    {NULL, TLSEXT_SIGALG_gostr34102012_256_intrinsic,
+     NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
+     NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
+     NID_undef, NID_undef},
+    {NULL, TLSEXT_SIGALG_gostr34102012_512_intrinsic,
+     NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX,
+     NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512,
+     NID_undef, NID_undef},
    {NULL, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256,
     NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
     NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
@ -872,8 +882,8 @@ static const uint16_t tls_default_sigalg[] = {
    TLSEXT_SIGALG_dsa_sha1, /* SSL_PKEY_DSA_SIGN */
    TLSEXT_SIGALG_ecdsa_sha1, /* SSL_PKEY_ECC */
    TLSEXT_SIGALG_gostr34102001_gostr3411, /* SSL_PKEY_GOST01 */
-    TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, /* SSL_PKEY_GOST12_256 */
-    TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, /* SSL_PKEY_GOST12_512 */
+    TLSEXT_SIGALG_gostr34102012_256_intrinsic, /* SSL_PKEY_GOST12_256 */
+    TLSEXT_SIGALG_gostr34102012_512_intrinsic, /* SSL_PKEY_GOST12_512 */
    0, /* SSL_PKEY_ED25519 */
    0, /* SSL_PKEY_ED448 */
 };
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@ -569,6 +569,8 @@ static const ssl_trace_tbl ssl_sigalg_tbl[] = {
    {TLSEXT_SIGALG_dsa_sha512, "dsa_sha512"},
    {TLSEXT_SIGALG_dsa_sha224, "dsa_sha224"},
    {TLSEXT_SIGALG_dsa_sha1, "dsa_sha1"},
+    {TLSEXT_SIGALG_gostr34102012_256_intrinsic, "gost2012_256"},
+    {TLSEXT_SIGALG_gostr34102012_512_intrinsic, "gost2012_512"},
    {TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, "gost2012_256"},
    {TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, "gost2012_512"},
    {TLSEXT_SIGALG_gostr34102001_gostr3411, "gost2001_gost94"},