From c9ee6e3646258f79a9970be96394cb2b93b7eddd Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 30 Sep 2022 11:57:23 +0100
Subject: Reimplement brainpool TLSv1.3 support group support

Create new TLS_GROUP_ENTRY values for these groups.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19315)
---
 crypto/objects/obj_dat.h   | 15 ++++++++++++---
 crypto/objects/obj_mac.num |  3 +++
 crypto/objects/objects.txt |  6 ++++++
 3 files changed, 21 insertions(+), 3 deletions(-)

(limited to 'crypto/objects')

diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index cd83f24e8d..b97118922c 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -1154,7 +1154,7 @@ static const unsigned char so[8356] = {
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x32,  /* [ 8344] OBJ_id_ct_signedTAL */
 };
 
-#define NUM_NID 1285
+#define NUM_NID 1288
 static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"UNDEF", "undefined", NID_undef},
     {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2441,9 +2441,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"oracle-organization", "Oracle organization", NID_oracle, 7, &so[8325]},
     {"oracle-jdk-trustedkeyusage", "Trusted key usage (Oracle)", NID_oracle_jdk_trustedkeyusage, 12, &so[8332]},
     {"id-ct-signedTAL", "id-ct-signedTAL", NID_id_ct_signedTAL, 11, &so[8344]},
+    {"brainpoolP256r1tls13", "brainpoolP256r1tls13", NID_brainpoolP256r1tls13},
+    {"brainpoolP384r1tls13", "brainpoolP384r1tls13", NID_brainpoolP384r1tls13},
+    {"brainpoolP512r1tls13", "brainpoolP512r1tls13", NID_brainpoolP512r1tls13},
 };
 
-#define NUM_SN 1276
+#define NUM_SN 1279
 static const unsigned int sn_objs[NUM_SN] = {
      364,    /* "AD_DVCS" */
      419,    /* "AES-128-CBC" */
@@ -2781,12 +2784,15 @@ static const unsigned int sn_objs[NUM_SN] = {
      925,    /* "brainpoolP224r1" */
      926,    /* "brainpoolP224t1" */
      927,    /* "brainpoolP256r1" */
+    1285,    /* "brainpoolP256r1tls13" */
      928,    /* "brainpoolP256t1" */
      929,    /* "brainpoolP320r1" */
      930,    /* "brainpoolP320t1" */
      931,    /* "brainpoolP384r1" */
+    1286,    /* "brainpoolP384r1tls13" */
      932,    /* "brainpoolP384t1" */
      933,    /* "brainpoolP512r1" */
+    1287,    /* "brainpoolP512r1tls13" */
      934,    /* "brainpoolP512t1" */
      494,    /* "buildingName" */
      860,    /* "businessCategory" */
@@ -3723,7 +3729,7 @@ static const unsigned int sn_objs[NUM_SN] = {
     1093,    /* "x509ExtAdmission" */
 };
 
-#define NUM_LN 1276
+#define NUM_LN 1279
 static const unsigned int ln_objs[NUM_LN] = {
      363,    /* "AD Time Stamping" */
      405,    /* "ANSI X9.62" */
@@ -4057,12 +4063,15 @@ static const unsigned int ln_objs[NUM_LN] = {
      925,    /* "brainpoolP224r1" */
      926,    /* "brainpoolP224t1" */
      927,    /* "brainpoolP256r1" */
+    1285,    /* "brainpoolP256r1tls13" */
      928,    /* "brainpoolP256t1" */
      929,    /* "brainpoolP320r1" */
      930,    /* "brainpoolP320t1" */
      931,    /* "brainpoolP384r1" */
+    1286,    /* "brainpoolP384r1tls13" */
      932,    /* "brainpoolP384t1" */
      933,    /* "brainpoolP512r1" */
+    1287,    /* "brainpoolP512r1tls13" */
      934,    /* "brainpoolP512t1" */
      494,    /* "buildingName" */
      860,    /* "businessCategory" */
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index f4e70da2cd..64dffcb7c1 100644
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1282,3 +1282,6 @@ hmacWithSM3		1281
 oracle		1282
 oracle_jdk_trustedkeyusage		1283
 id_ct_signedTAL		1284
+brainpoolP256r1tls13		1285
+brainpoolP384r1tls13		1286
+brainpoolP512r1tls13		1287
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index a03f682d5e..b627cfdfd1 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -1643,12 +1643,18 @@ ISO-US 10046 2 1	: dhpublicnumber		: X9.42 DH
 1 3 36 3 3 2 8 1 1 5 : brainpoolP224r1
 1 3 36 3 3 2 8 1 1 6 : brainpoolP224t1
 1 3 36 3 3 2 8 1 1 7 : brainpoolP256r1
+# Alternate NID to represent the TLSv1.3 brainpoolP256r1 group
+                     : brainpoolP256r1tls13
 1 3 36 3 3 2 8 1 1 8 : brainpoolP256t1
 1 3 36 3 3 2 8 1 1 9 : brainpoolP320r1
 1 3 36 3 3 2 8 1 1 10 : brainpoolP320t1
 1 3 36 3 3 2 8 1 1 11 : brainpoolP384r1
+# Alternate NID to represent the TLSv1.3 brainpoolP384r1 group
+                      : brainpoolP384r1tls13
 1 3 36 3 3 2 8 1 1 12 : brainpoolP384t1
 1 3 36 3 3 2 8 1 1 13 : brainpoolP512r1
+# Alternate NID to represent the TLSv1.3 brainpoolP512r1 group
+                      : brainpoolP512r1tls13
 1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1
 
 # ECDH schemes from RFC5753
-- 
cgit v1.2.3