Add support for IANA-allocated GOST SignatureAlgorithms values. Values
predating IANA allocation are left in place because they are still used
by deployed products.
Sponsored by ROSA Linux
Signed-off-by: Dmitry Baryshkov <dbarysh...@gmail.com>
---
src/lib/libssl/ssl_sigalgs.c | 12 ++++++++++++
src/lib/libssl/ssl_sigalgs.h | 2 ++
2 files changed, 14 insertions(+)
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index 0bf72aea21f0..f4d5f5bc5621 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -37,6 +37,11 @@ const struct ssl_sigalg sigalgs[] = {
.curve_nid = NID_secp521r1,
},
#ifndef OPENSSL_NO_GOST
+ {
+ .value = SIGALG_GOSTR12_512,
+ .md = EVP_streebog512,
+ .key_type = EVP_PKEY_GOSTR01,
+ },
{
.value = SIGALG_GOSTR12_512_STREEBOG_512,
.md = EVP_streebog512,
@@ -66,6 +71,11 @@ const struct ssl_sigalg sigalgs[] = {
.curve_nid = NID_X9_62_prime256v1,
},
#ifndef OPENSSL_NO_GOST
+ {
+ .value = SIGALG_GOSTR12_256,
+ .md = EVP_streebog256,
+ .key_type = EVP_PKEY_GOSTR01,
+ },
{
.value = SIGALG_GOSTR12_256_STREEBOG_256,
.md = EVP_streebog256,
@@ -171,7 +181,9 @@ uint16_t tls12_sigalgs[] = {
SIGALG_RSA_PKCS1_SHA1, /* XXX */
SIGALG_ECDSA_SHA1, /* XXX */
#ifndef OPENSSL_NO_GOST
+ SIGALG_GOSTR12_512,
SIGALG_GOSTR12_512_STREEBOG_512,
+ SIGALG_GOSTR12_256,
SIGALG_GOSTR12_256_STREEBOG_256,
SIGALG_GOSTR01_GOST94,
#endif
diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h
index 13a3597fb5a3..5fe3fc3bb27c 100644
--- a/src/lib/libssl/ssl_sigalgs.h
+++ b/src/lib/libssl/ssl_sigalgs.h
@@ -42,6 +42,8 @@ __BEGIN_HIDDEN_DECLS
#define SIGALG_RSA_PSS_PSS_SHA256 0x0809
#define SIGALG_RSA_PSS_PSS_SHA384 0x080a
#define SIGALG_RSA_PSS_PSS_SHA512 0x080b
+#define SIGALG_GOSTR12_256 0x0840
+#define SIGALG_GOSTR12_512 0x0841
#define SIGALG_RSA_PKCS1_SHA1 0x0201
#define SIGALG_ECDSA_SHA1 0x0203
#define SIGALG_PRIVATE_START 0xFE00
--
2.25.1
