]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
Add TLS 1.3 SignatureScheme definitions for SLH-DSA
authorEugene Syromiatnikov <esyr@openssl.org>
Wed, 20 May 2026 10:24:25 +0000 (12:24 +0200)
committerTomas Mraz <tomas@openssl.foundation>
Tue, 23 Jun 2026 16:29:43 +0000 (18:29 +0200)
In accordance with [1].

[1] https://datatracker.ietf.org/doc/html/draft-reddy-tls-slhdsa-02

Resolves: https://github.com/openssl/project/issues/1945
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Bob Beck <beck@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue Jun 23 16:30:01 2026
(Merged from https://github.com/openssl/openssl/pull/31248)

include/internal/tlssigalgs.h
providers/common/capabilities.c
ssl/t1_trce.c
test/quicapitest.c
test/recipes/75-test_quicapi_data/ssltraceref-zlib.txt
test/recipes/75-test_quicapi_data/ssltraceref.txt
test/recipes/90-test_sslapi_data/ssltraceref-zlib.txt
test/recipes/90-test_sslapi_data/ssltraceref.txt
test/recipes/95-test_external_tlsfuzzer_data/cert.json.in
test/sslapitest.c

index 1d6c9df49f41793fe051d62989f76c14233b424f..f5aea80f64cf3a65996031954e87066d07989e11 100644 (file)
 #define TLSEXT_SIGALG_mldsa65 0x0905
 #define TLSEXT_SIGALG_mldsa87 0x0906
 
+#define TLSEXT_SIGALG_slhdsa_sha2_128s 0x0911
+#define TLSEXT_SIGALG_slhdsa_sha2_128f 0x0912
+#define TLSEXT_SIGALG_slhdsa_sha2_192s 0x0913
+#define TLSEXT_SIGALG_slhdsa_sha2_192f 0x0914
+#define TLSEXT_SIGALG_slhdsa_sha2_256s 0x0915
+#define TLSEXT_SIGALG_slhdsa_sha2_256f 0x0916
+#define TLSEXT_SIGALG_slhdsa_shake_128s 0x0917
+#define TLSEXT_SIGALG_slhdsa_shake_128f 0x0918
+#define TLSEXT_SIGALG_slhdsa_shake_192s 0x0919
+#define TLSEXT_SIGALG_slhdsa_shake_192f 0x091a
+#define TLSEXT_SIGALG_slhdsa_shake_256s 0x091b
+#define TLSEXT_SIGALG_slhdsa_shake_256f 0x091c
+
 /* Sigalgs names */
 #define TLSEXT_SIGALG_ecdsa_secp256r1_sha256_name "ecdsa_secp256r1_sha256"
 #define TLSEXT_SIGALG_ecdsa_secp384r1_sha384_name "ecdsa_secp384r1_sha384"
 #define TLSEXT_SIGALG_mldsa65_name "mldsa65"
 #define TLSEXT_SIGALG_mldsa87_name "mldsa87"
 
+#define TLSEXT_SIGALG_slhdsa_sha2_128s_name "slhdsa_sha2_128s"
+#define TLSEXT_SIGALG_slhdsa_sha2_128f_name "slhdsa_sha2_128f"
+#define TLSEXT_SIGALG_slhdsa_sha2_192s_name "slhdsa_sha2_192s"
+#define TLSEXT_SIGALG_slhdsa_sha2_192f_name "slhdsa_sha2_192f"
+#define TLSEXT_SIGALG_slhdsa_sha2_256s_name "slhdsa_sha2_256s"
+#define TLSEXT_SIGALG_slhdsa_sha2_256f_name "slhdsa_sha2_256f"
+#define TLSEXT_SIGALG_slhdsa_shake_128s_name "slhdsa_shake_128s"
+#define TLSEXT_SIGALG_slhdsa_shake_128f_name "slhdsa_shake_128f"
+#define TLSEXT_SIGALG_slhdsa_shake_192s_name "slhdsa_shake_192s"
+#define TLSEXT_SIGALG_slhdsa_shake_192f_name "slhdsa_shake_192f"
+#define TLSEXT_SIGALG_slhdsa_shake_256s_name "slhdsa_shake_256s"
+#define TLSEXT_SIGALG_slhdsa_shake_256f_name "slhdsa_shake_256f"
+
 #endif
index b97d4d6bcdb9f6633e5e6fc70e4547c913dc2199..f461ec222ada40d6341628b7c0b923ff1cd67ba3 100644 (file)
@@ -281,7 +281,7 @@ static int tls_group_capability(OSSL_CALLBACK *cb, void *arg)
 
 /* --------------------------------------------------------------- */
 
-#if !defined(OPENSSL_NO_ML_DSA) \
+#if !defined(OPENSSL_NO_ML_DSA) || !defined(OPENSSL_NO_SLH_DSA) \
     || (!defined(FIPS_MODULE) && !defined(OPENSSL_NO_SM2) && !defined(OPENSSL_NO_SM3))
 
 typedef struct tls_sigalg_constants_st {
@@ -297,6 +297,18 @@ static const TLS_SIGALG_CONSTANTS sigalg_constants_list[] = {
     { TLSEXT_SIGALG_mldsa44, 128, TLS1_3_VERSION, 0, -1, -1 },
     { TLSEXT_SIGALG_mldsa65, 192, TLS1_3_VERSION, 0, -1, -1 },
     { TLSEXT_SIGALG_mldsa87, 256, TLS1_3_VERSION, 0, -1, -1 },
+    { TLSEXT_SIGALG_slhdsa_sha2_128s, 128, TLS1_3_VERSION, 0, -1, -1 },
+    { TLSEXT_SIGALG_slhdsa_sha2_128f, 128, TLS1_3_VERSION, 0, -1, -1 },
+    { TLSEXT_SIGALG_slhdsa_sha2_192s, 192, TLS1_3_VERSION, 0, -1, -1 },
+    { TLSEXT_SIGALG_slhdsa_sha2_192f, 192, TLS1_3_VERSION, 0, -1, -1 },
+    { TLSEXT_SIGALG_slhdsa_sha2_256s, 256, TLS1_3_VERSION, 0, -1, -1 },
+    { TLSEXT_SIGALG_slhdsa_sha2_256f, 256, TLS1_3_VERSION, 0, -1, -1 },
+    { TLSEXT_SIGALG_slhdsa_shake_128s, 128, TLS1_3_VERSION, 0, -1, -1 },
+    { TLSEXT_SIGALG_slhdsa_shake_128f, 128, TLS1_3_VERSION, 0, -1, -1 },
+    { TLSEXT_SIGALG_slhdsa_shake_192s, 192, TLS1_3_VERSION, 0, -1, -1 },
+    { TLSEXT_SIGALG_slhdsa_shake_192f, 192, TLS1_3_VERSION, 0, -1, -1 },
+    { TLSEXT_SIGALG_slhdsa_shake_256s, 256, TLS1_3_VERSION, 0, -1, -1 },
+    { TLSEXT_SIGALG_slhdsa_shake_256f, 256, TLS1_3_VERSION, 0, -1, -1 },
     { TLSEXT_SIGALG_sm2sig_sm3, 128, TLS1_3_VERSION, 0, -1, -1 },
 };
 
@@ -329,8 +341,22 @@ static const OSSL_PARAM param_sigalg_list[][10] = {
     TLS_SIGALG_ENTRY("mldsa65", "ML-DSA-65", "2.16.840.1.101.3.4.3.18", 1),
     TLS_SIGALG_ENTRY("mldsa87", "ML-DSA-87", "2.16.840.1.101.3.4.3.19", 2),
 #endif
+#ifndef OPENSSL_NO_SLH_DSA
+    TLS_SIGALG_ENTRY("slhdsa_sha2_128s", "SLH-DSA-SHA2-128s", "2.16.840.1.101.3.4.3.20", 3),
+    TLS_SIGALG_ENTRY("slhdsa_sha2_128f", "SLH-DSA-SHA2-128f", "2.16.840.1.101.3.4.3.21", 4),
+    TLS_SIGALG_ENTRY("slhdsa_sha2_192s", "SLH-DSA-SHA2-192s", "2.16.840.1.101.3.4.3.22", 5),
+    TLS_SIGALG_ENTRY("slhdsa_sha2_192f", "SLH-DSA-SHA2-192f", "2.16.840.1.101.3.4.3.23", 6),
+    TLS_SIGALG_ENTRY("slhdsa_sha2_256s", "SLH-DSA-SHA2-256s", "2.16.840.1.101.3.4.3.24", 7),
+    TLS_SIGALG_ENTRY("slhdsa_sha2_256f", "SLH-DSA-SHA2-256f", "2.16.840.1.101.3.4.3.25", 8),
+    TLS_SIGALG_ENTRY("slhdsa_shake_128s", "SLH-DSA-SHAKE-128s", "2.16.840.1.101.3.4.3.26", 9),
+    TLS_SIGALG_ENTRY("slhdsa_shake_128f", "SLH-DSA-SHAKE-128f", "2.16.840.1.101.3.4.3.27", 10),
+    TLS_SIGALG_ENTRY("slhdsa_shake_192s", "SLH-DSA-SHAKE-192s", "2.16.840.1.101.3.4.3.28", 11),
+    TLS_SIGALG_ENTRY("slhdsa_shake_192f", "SLH-DSA-SHAKE-192f", "2.16.840.1.101.3.4.3.29", 12),
+    TLS_SIGALG_ENTRY("slhdsa_shake_256s", "SLH-DSA-SHAKE-256s", "2.16.840.1.101.3.4.3.30", 13),
+    TLS_SIGALG_ENTRY("slhdsa_shake_256f", "SLH-DSA-SHAKE-256f", "2.16.840.1.101.3.4.3.31", 14),
+#endif
 #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_SM2) && !defined(OPENSSL_NO_SM3)
-    TLS_SIGALG_ENTRY("sm2sig_sm3", "SM2", "1.2.156.10197.1 501", 3),
+    TLS_SIGALG_ENTRY("sm2sig_sm3", "SM2", "1.2.156.10197.1 501", 15),
 #endif
 };
 #endif
index b4d67d9d24fee0ac4650c604089cd1e01c06a199..0e8ddbb8f87f1280007f57ef1d07d4157dc4a454 100644 (file)
@@ -617,6 +617,18 @@ static const ssl_trace_tbl ssl_sigalg_tbl[] = {
     { TLSEXT_SIGALG_mldsa44, TLSEXT_SIGALG_mldsa44_name },
     { TLSEXT_SIGALG_mldsa65, TLSEXT_SIGALG_mldsa65_name },
     { TLSEXT_SIGALG_mldsa87, TLSEXT_SIGALG_mldsa87_name },
+    { TLSEXT_SIGALG_slhdsa_sha2_128s, TLSEXT_SIGALG_slhdsa_sha2_128s_name },
+    { TLSEXT_SIGALG_slhdsa_sha2_128f, TLSEXT_SIGALG_slhdsa_sha2_128f_name },
+    { TLSEXT_SIGALG_slhdsa_sha2_192s, TLSEXT_SIGALG_slhdsa_sha2_192s_name },
+    { TLSEXT_SIGALG_slhdsa_sha2_192f, TLSEXT_SIGALG_slhdsa_sha2_192f_name },
+    { TLSEXT_SIGALG_slhdsa_sha2_256s, TLSEXT_SIGALG_slhdsa_sha2_256s_name },
+    { TLSEXT_SIGALG_slhdsa_sha2_256f, TLSEXT_SIGALG_slhdsa_sha2_256f_name },
+    { TLSEXT_SIGALG_slhdsa_shake_128s, TLSEXT_SIGALG_slhdsa_shake_128s_name },
+    { TLSEXT_SIGALG_slhdsa_shake_128f, TLSEXT_SIGALG_slhdsa_shake_128f_name },
+    { TLSEXT_SIGALG_slhdsa_shake_192s, TLSEXT_SIGALG_slhdsa_shake_192s_name },
+    { TLSEXT_SIGALG_slhdsa_shake_192f, TLSEXT_SIGALG_slhdsa_shake_192f_name },
+    { TLSEXT_SIGALG_slhdsa_shake_256s, TLSEXT_SIGALG_slhdsa_shake_256s_name },
+    { TLSEXT_SIGALG_slhdsa_shake_256f, TLSEXT_SIGALG_slhdsa_shake_256f_name },
 };
 
 static const ssl_trace_tbl ssl_ctype_tbl[] = {
index c9b0dce585e59abf3bbbde266ad35ae6bda07f64..5b7cdb6a3c0d651ca43ba6246a529423f27b49ef 100644 (file)
@@ -46,7 +46,7 @@ static int qc_init(SSL *qconn, BIO_ADDR *dst_addr);
     && defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD)     \
     && !defined(OPENSSL_NO_ECX) && !defined(OPENSSL_NO_DH)        \
     && !defined(OPENSSL_NO_ML_DSA) && !defined(OPENSSL_NO_ML_KEM) \
-    && !defined(OPENSSL_NO_SM2)
+    && !defined(OPENSSL_NO_SLH_DSA) && !defined(OPENSSL_NO_SM2)
 #define DO_SSL_TRACE_TEST
 #endif
 
index bd8d4c2f6c554ccb696e2ed61679673d5911e092..1bce022109fd8231fc45c58e47d6b8ed69dc135e 100644 (file)
@@ -55,6 +55,18 @@ Header:
           rsa_pkcs1_sha256 (0x0401)
           rsa_pkcs1_sha384 (0x0501)
           rsa_pkcs1_sha512 (0x0601)
+          slhdsa_sha2_128s (0x0911)
+          slhdsa_sha2_128f (0x0912)
+          slhdsa_sha2_192s (0x0913)
+          slhdsa_sha2_192f (0x0914)
+          slhdsa_sha2_256s (0x0915)
+          slhdsa_sha2_256f (0x0916)
+          slhdsa_shake_128s (0x0917)
+          slhdsa_shake_128f (0x0918)
+          slhdsa_shake_192s (0x0919)
+          slhdsa_shake_192f (0x091a)
+          slhdsa_shake_256s (0x091b)
+          slhdsa_shake_256f (0x091c)
           sm2sig_sm3 (0x0708)
         extension_type=supported_versions(43), length=3
           TLS 1.3 (772)
index c453344987c5acc6d84face88dde3a5df880c3a6..300b4ca45654429bafd9f56636942932030719b5 100644 (file)
@@ -55,6 +55,18 @@ Header:
           rsa_pkcs1_sha256 (0x0401)
           rsa_pkcs1_sha384 (0x0501)
           rsa_pkcs1_sha512 (0x0601)
+          slhdsa_sha2_128s (0x0911)
+          slhdsa_sha2_128f (0x0912)
+          slhdsa_sha2_192s (0x0913)
+          slhdsa_sha2_192f (0x0914)
+          slhdsa_sha2_256s (0x0915)
+          slhdsa_sha2_256f (0x0916)
+          slhdsa_shake_128s (0x0917)
+          slhdsa_shake_128f (0x0918)
+          slhdsa_shake_192s (0x0919)
+          slhdsa_shake_192f (0x091a)
+          slhdsa_shake_256s (0x091b)
+          slhdsa_shake_256f (0x091c)
           sm2sig_sm3 (0x0708)
         extension_type=supported_versions(43), length=3
           TLS 1.3 (772)
index 68d46c8b3894d5fbafd28ad9904f28ae754647f0..e6c193fa82676c181ef40573bae1fca072a6c44a 100644 (file)
@@ -48,6 +48,18 @@ Header:
           rsa_pkcs1_sha256 (0x0401)
           rsa_pkcs1_sha384 (0x0501)
           rsa_pkcs1_sha512 (0x0601)
+          slhdsa_sha2_128s (0x0911)
+          slhdsa_sha2_128f (0x0912)
+          slhdsa_sha2_192s (0x0913)
+          slhdsa_sha2_192f (0x0914)
+          slhdsa_sha2_256s (0x0915)
+          slhdsa_sha2_256f (0x0916)
+          slhdsa_shake_128s (0x0917)
+          slhdsa_shake_128f (0x0918)
+          slhdsa_shake_192s (0x0919)
+          slhdsa_shake_192f (0x091a)
+          slhdsa_shake_256s (0x091b)
+          slhdsa_shake_256f (0x091c)
           sm2sig_sm3 (0x0708)
         extension_type=supported_versions(43), length=3
           TLS 1.3 (772)
index d84d0e02fb836fb92763878190ae939880360ea2..b5d8931e3d546af21ad7f34e0412abf3ad6980ee 100644 (file)
@@ -48,6 +48,18 @@ Header:
           rsa_pkcs1_sha256 (0x0401)
           rsa_pkcs1_sha384 (0x0501)
           rsa_pkcs1_sha512 (0x0601)
+          slhdsa_sha2_128s (0x0911)
+          slhdsa_sha2_128f (0x0912)
+          slhdsa_sha2_192s (0x0913)
+          slhdsa_sha2_192f (0x0914)
+          slhdsa_sha2_256s (0x0915)
+          slhdsa_sha2_256f (0x0916)
+          slhdsa_shake_128s (0x0917)
+          slhdsa_shake_128f (0x0918)
+          slhdsa_shake_192s (0x0919)
+          slhdsa_shake_192f (0x091a)
+          slhdsa_shake_256s (0x091b)
+          slhdsa_shake_256f (0x091c)
           sm2sig_sm3 (0x0708)
         extension_type=supported_versions(43), length=3
           TLS 1.3 (772)
index 2ed47253b8d4768783b403ee48beefd436805b9a..e22ffd26414cd5e837fc6c9e7978b1a1ffe492f4 100644 (file)
        {"name" : "test-tls13-certificate-verify.py",
         "arguments" : ["-k", "tests/clientX509Key.pem",
                        "-c", "tests/clientX509Cert.pem",
-                       "-s", "9+5 9+6 9+4 ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 7+8",
+                       "-s", "9+5 9+6 9+4 ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 9+17 9+18 9+19 9+20 9+21 9+22 9+23 9+24 9+25 9+26 9+27 9+28 7+8",
                        "-p", "@PORT@"]},
        {"name" : "test-tls13-ecdsa-in-certificate-verify.py",
           "arguments" : ["-k", "tests/serverECKey.pem",
                          "-c", "tests/serverECCert.pem",
-                         "-s", "9+5 9+6 9+4 ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 7+8",
+                         "-s", "9+5 9+6 9+4 ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 9+17 9+18 9+19 9+20 9+21 9+22 9+23 9+24 9+25 9+26 9+27 9+28 7+8",
                          "-p", "@PORT@"]}
      ]
     },
index c1e15c19331986ceb9d2a2284acdd91866651d86..91a2181b6147eb810798a3e95992908af40dbc64 100644 (file)
@@ -136,6 +136,7 @@ static const char *ocsp_signer_cert = "subinterCA.pem";
     && defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD)     \
     && !defined(OPENSSL_NO_ECX) && !defined(OPENSSL_NO_DH)        \
     && !defined(OPENSSL_NO_ML_DSA) && !defined(OPENSSL_NO_ML_KEM) \
+    && !defined(OPENSSL_NO_SLH_DSA)                               \
     && !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_SM2)
 #define DO_SSL_TRACE_TEST
 #endif