From: Eugene Syromiatnikov <esyr@openssl.org>
Date: Wed, 20 May 2026 10:30:01 +0000 (+0200)
Subject: apps/lib/s_cb.c: actualise signature_tls13_scheme_list
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=67bddd0f33a88f5083f6f6465cebc618a16e7bb7;p=thirdparty%2Fopenssl.git

apps/lib/s_cb.c: actualise signature_tls13_scheme_list

Update signature_tls13_scheme_list array in accordance with the current
state of the "TLS SignatureScheme" table at [1];  leave TLS 1.2 GOST
definitions be for now.

Note: these are used only for debugging output when -security_debug
option is provided to s_client/s_server commands.

[1] https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme

Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

Reviewed-by: Bob Beck <beck@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue Jun 23 16:30:02 2026
(Merged from https://github.com/openssl/openssl/pull/31248)
---

diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index d4dcf12a07d..c556e961fdb 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -775,8 +775,8 @@ static const STRINT_PAIR tlsext_types[] = {
     { NULL }
 };
 
-/* from rfc8446 4.2.3. + gost (https://tools.ietf.org/id/draft-smyshlyaev-tls12-gost-suites-04.html) */
 static STRINT_PAIR signature_tls13_scheme_list[] = {
+    /* RFC 8446 4.2.3 */
     { "rsa_pkcs1_sha1", 0x0201 /* TLSEXT_SIGALG_rsa_pkcs1_sha1 */ },
     { "ecdsa_sha1", 0x0203 /* TLSEXT_SIGALG_ecdsa_sha1 */ },
     /*  {"rsa_pkcs1_sha224",       0x0301    TLSEXT_SIGALG_rsa_pkcs1_sha224}, not in rfc8446 */
@@ -795,9 +795,59 @@ static STRINT_PAIR signature_tls13_scheme_list[] = {
     { "rsa_pss_pss_sha256", 0x0809 /* TLSEXT_SIGALG_rsa_pss_pss_sha256 */ },
     { "rsa_pss_pss_sha384", 0x080a /* TLSEXT_SIGALG_rsa_pss_pss_sha384 */ },
     { "rsa_pss_pss_sha512", 0x080b /* TLSEXT_SIGALG_rsa_pss_pss_sha512 */ },
+
+    /* RFC 8734 */
+    { "ecdsa_brainpoolP256r1tls13_sha256", 0x81a },
+    { "ecdsa_brainpoolP256r1tls13_sha384", 0x81b },
+    { "ecdsa_brainpoolP256r1tls13_sha512", 0x81c },
+
+    /* RFC 8998 */
+    { "sm2sig_sm3", 0x0708 /* TLSEXT_SIGALG_sm2sig_sm3 */ },
+
+    /* RFC 9367 */
+    { "gostr34102012_256a", 0x709 },
+    { "gostr34102012_256b", 0x70a },
+    { "gostr34102012_256c", 0x70b },
+    { "gostr34102012_256d", 0x70c },
+    { "gostr34102012_512a", 0x70d },
+    { "gostr34102012_512b", 0x70e },
+    { "gostr34102012_512c", 0x70f },
+
+    /* RFC 9963 */
+    { "rsa_pkcs1_sha256_legacy", 0x0420 },
+    { "rsa_pkcs1_sha384_legacy", 0x0520 },
+    { "rsa_pkcs1_sha512_legacy", 0x0620 },
+
+    /* IBS (https://datatracker.ietf.org/doc/html/draft-wang-tls-raw-public-key-with-ibc-02) */
+    { "eccsi_sha256", 0x0704 },
+    { "iso_ibs1", 0x0705 },
+    { "iso_ibs2", 0x0706 },
+    { "iso_chinese_ibs", 0x0707 },
+
+    /* ML-DSA (https://datatracker.ietf.org/doc/html/draft-ietf-tls-mldsa-00) */
+    { "mldsa44", 0x0904 },
+    { "mldsa65", 0x0905 },
+    { "mldsa87", 0x0906 },
+
+    /* SLH-DSA (https://datatracker.ietf.org/doc/html/draft-reddy-tls-slhdsa-01) */
+    { "slhdsa_sha2_128s", 0x0911 },
+    { "slhdsa_sha2_128f", 0x0912 },
+    { "slhdsa_sha2_192s", 0x0913 },
+    { "slhdsa_sha2_192f", 0x0914 },
+    { "slhdsa_sha2_256s", 0x0915 },
+    { "slhdsa_sha2_256f", 0x0916 },
+    { "slhdsa_shake_128s", 0x0917 },
+    { "slhdsa_shake_128f", 0x0918 },
+    { "slhdsa_shake_192s", 0x0919 },
+    { "slhdsa_shake_192f", 0x091a },
+    { "slhdsa_shake_256s", 0x091b },
+    { "slhdsa_shake_256f", 0x091c },
+
+    /* GOST (https://tools.ietf.org/id/draft-smyshlyaev-tls12-gost-suites-04.html) */
     { "gostr34102001", 0xeded /* TLSEXT_SIGALG_gostr34102001_gostr3411 */ },
     { "gostr34102012_256", 0xeeee /* TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 */ },
     { "gostr34102012_512", 0xefef /* TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 */ },
+
     { NULL }
 };