Add support for IANA-allocated GOST SignatureAlgorithms values. Values predating IANA allocation are left in place because they are still used by deployed products.
Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov <dbarysh...@gmail.com> --- src/lib/libssl/ssl_sigalgs.c | 12 ++++++++++++ src/lib/libssl/ssl_sigalgs.h | 2 ++ 2 files changed, 14 insertions(+) diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 0bf72aea21f0..f4d5f5bc5621 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c @@ -37,6 +37,11 @@ const struct ssl_sigalg sigalgs[] = { .curve_nid = NID_secp521r1, }, #ifndef OPENSSL_NO_GOST + { + .value = SIGALG_GOSTR12_512, + .md = EVP_streebog512, + .key_type = EVP_PKEY_GOSTR01, + }, { .value = SIGALG_GOSTR12_512_STREEBOG_512, .md = EVP_streebog512, @@ -66,6 +71,11 @@ const struct ssl_sigalg sigalgs[] = { .curve_nid = NID_X9_62_prime256v1, }, #ifndef OPENSSL_NO_GOST + { + .value = SIGALG_GOSTR12_256, + .md = EVP_streebog256, + .key_type = EVP_PKEY_GOSTR01, + }, { .value = SIGALG_GOSTR12_256_STREEBOG_256, .md = EVP_streebog256, @@ -171,7 +181,9 @@ uint16_t tls12_sigalgs[] = { SIGALG_RSA_PKCS1_SHA1, /* XXX */ SIGALG_ECDSA_SHA1, /* XXX */ #ifndef OPENSSL_NO_GOST + SIGALG_GOSTR12_512, SIGALG_GOSTR12_512_STREEBOG_512, + SIGALG_GOSTR12_256, SIGALG_GOSTR12_256_STREEBOG_256, SIGALG_GOSTR01_GOST94, #endif diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h index 13a3597fb5a3..5fe3fc3bb27c 100644 --- a/src/lib/libssl/ssl_sigalgs.h +++ b/src/lib/libssl/ssl_sigalgs.h @@ -42,6 +42,8 @@ __BEGIN_HIDDEN_DECLS #define SIGALG_RSA_PSS_PSS_SHA256 0x0809 #define SIGALG_RSA_PSS_PSS_SHA384 0x080a #define SIGALG_RSA_PSS_PSS_SHA512 0x080b +#define SIGALG_GOSTR12_256 0x0840 +#define SIGALG_GOSTR12_512 0x0841 #define SIGALG_RSA_PKCS1_SHA1 0x0201 #define SIGALG_ECDSA_SHA1 0x0203 #define SIGALG_PRIVATE_START 0xFE00 -- 2.25.1