GOST2012 TLS Supported Groups Identifiers Support

For GOST2012-GOST8912-GOST8912 IANA introduce TLS Supported Groups Identifiers https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11568)
2025-01-18 13:44:20 +08:00 · 2020-04-18 23:59:45 +03:00 · 2020-04-18 23:59:45 +03:00 · fa555aa897
commit fa555aa897
parent 28308a2138
3 changed files with 26 additions and 1 deletions
--- a/2
+++ b/2
@ -518,7 +518,7 @@ my @disable_cascades = (
    "ssl3-method"       => [ "ssl3" ],
    "zlib"              => [ "zlib-dynamic" ],
    "des"               => [ "mdc2" ],
-    "ec"                => [ "ecdsa", "ecdh", "sm2" ],
+    "ec"                => [ "ecdsa", "ecdh", "sm2", "gost" ],
    sub { $disabled{"ec"} && $disabled{"dh"} }
                        => [ "tls1_3" ],
    "dgram"             => [ "dtls", "sctp" ],
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -173,6 +173,15 @@ static const TLS_GROUP_INFO nid_list[] = {
    {EVP_PKEY_X25519, "X25519", 128, TLS_GROUP_CURVE_CUSTOM, 0x001D}, /* X25519 (29) */
    {EVP_PKEY_X448, "X448", 224, TLS_GROUP_CURVE_CUSTOM, 0x001E}, /* X448 (30) */
 # endif /* OPENSSL_NO_EC */
+# ifndef OPENSSL_NO_GOST
+    {NID_id_tc26_gost_3410_2012_256_paramSetA, "GOST_2012_256", 112, TLS_GROUP_CURVE_PRIME, 0x0022}, /* GC256A (34) */
+    {NID_id_tc26_gost_3410_2012_256_paramSetB, "GOST_2012_256", 112, TLS_GROUP_CURVE_PRIME, 0x0023}, /* GC256B (35) */
+    {NID_id_tc26_gost_3410_2012_256_paramSetC, "GOST_2012_256", 112, TLS_GROUP_CURVE_PRIME, 0x0024}, /* GC256C (36) */
+    {NID_id_tc26_gost_3410_2012_256_paramSetD, "GOST_2012_256", 112, TLS_GROUP_CURVE_PRIME, 0x0025}, /* GC256D (37) */
+    {NID_id_tc26_gost_3410_2012_512_paramSetA, "GOST_2012_512", 112, TLS_GROUP_CURVE_PRIME, 0x0026}, /* GC512A (38) */
+    {NID_id_tc26_gost_3410_2012_512_paramSetB, "GOST_2012_512", 112, TLS_GROUP_CURVE_PRIME, 0x0027}, /* GC512B (39) */
+    {NID_id_tc26_gost_3410_2012_512_paramSetC, "GOST_2012_512", 112, TLS_GROUP_CURVE_PRIME, 0x0028}, /* GC512C (40) */
+# endif /* OPENSSL_NO_GOST */
 # ifndef OPENSSL_NO_DH
    /* Security bit values for FFDHE groups are updated as per RFC 7919 */
    {NID_ffdhe2048, "DH", 103, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0100}, /* ffdhe2048 (0x0100) */
@ -202,6 +211,15 @@ static const uint16_t supported_groups_default[] = {
    25,                      /* secp521r1 (25) */
    24,                      /* secp384r1 (24) */
 # endif
+# ifndef OPENSSL_NO_GOST
+    34,                      /* GC256A (34) */
+    35,                      /* GC256B (35) */
+    36,                      /* GC256C (36) */
+    37,                      /* GC256D (37) */
+    38,                      /* GC512A (38) */
+    39,                      /* GC512B (39) */
+    40,                      /* GC512C (40) */
+# endif
 # ifndef OPENSSL_NO_DH
    0x100,                   /* ffdhe2048 (0x100) */
    0x101,                   /* ffdhe3072 (0x101) */
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@ -522,6 +522,13 @@ static const ssl_trace_tbl ssl_groups_tbl[] = {
    {28, "brainpoolP512r1"},
    {29, "ecdh_x25519"},
    {30, "ecdh_x448"},
+    {34, "GC256A"},
+    {35, "GC256B"},
+    {36, "GC256C"},
+    {37, "GC256D"},
+    {38, "GC512A"},
+    {39, "GC512B"},
+    {40, "GC512C"},
    {256, "ffdhe2048"},
    {257, "ffdhe3072"},
    {258, "ffdhe4096"},