update OpenSSL version up to OpenSSL_1_1_1r

[openssl-gost/engine.git] / patches / openssl_111m_tls13.diff

diff --git a/patches/openssl_111m_tls13.diff b/patches/openssl_111m_tls13.diff
deleted file mode 100644 (file)
index e60c33d..0000000
--- a/patches/openssl_111m_tls13.diff
+++ /dev/null
@@ -1,83 +0,0 @@
-diff --git include/openssl/evp.h include/openssl/evp.h
-index e0ce8482..ce94b8cc 100644
---- include/openssl/evp.h
-+++ include/openssl/evp.h
-@@ -1342,6 +1342,8 @@ void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
- # define EVP_PKEY_CTRL_GET_MD            13
- 
- # define EVP_PKEY_CTRL_SET_DIGEST_SIZE   14
-+/* Used for GOST curves that have more than one name */
-+# define EVP_PKEY_CTRL_PARAMS_MATCH      15
- 
- # define EVP_PKEY_ALG_CTRL               0x1000
- 
-diff --git ssl/t1_lib.c ssl/t1_lib.c
-index 0ef8dc06..d0b308e9 100644
---- ssl/t1_lib.c
-+++ ssl/t1_lib.c
-@@ -825,31 +825,31 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
-     {"gostr34102012_256a", TLSEXT_SIGALG_gostr34102012_256a,
-      NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
-      NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
--     NID_undef, NID_undef},
-+     NID_undef, NID_id_tc26_gost_3410_2012_256_paramSetA},
-     {"gostr34102012_256b", TLSEXT_SIGALG_gostr34102012_256b,
-      NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
-      NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
--     NID_undef, NID_undef},
-+     NID_undef, NID_id_tc26_gost_3410_2012_256_paramSetB},
-     {"gostr34102012_256c", TLSEXT_SIGALG_gostr34102012_256c,
-      NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
-      NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
--     NID_undef, NID_undef},
-+     NID_undef, NID_id_tc26_gost_3410_2012_256_paramSetC},
-     {"gostr34102012_256d", TLSEXT_SIGALG_gostr34102012_256d,
-      NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
-      NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
--     NID_undef, NID_undef},
-+     NID_undef, NID_id_tc26_gost_3410_2012_256_paramSetD},
-     {"gostr34102012_512a", TLSEXT_SIGALG_gostr34102012_512a,
-      NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX,
-      NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512,
--     NID_undef, NID_undef},
-+     NID_undef, NID_id_tc26_gost_3410_2012_512_paramSetA},
-     {"gostr34102012_512b", TLSEXT_SIGALG_gostr34102012_512b,
-      NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX,
-      NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512,
--     NID_undef, NID_undef},
-+     NID_undef, NID_id_tc26_gost_3410_2012_512_paramSetB},
-     {"gostr34102012_512c", TLSEXT_SIGALG_gostr34102012_512c,
-      NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX,
-      NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512,
--     NID_undef, NID_undef},
-+     NID_undef, NID_id_tc26_gost_3410_2012_512_paramSetC},
-     {NULL, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256,
-      NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
-      NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
-@@ -2839,6 +2839,26 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey)
-             if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(tmppkey), lu))
-                 continue;
-         }
-+#ifndef OPENSSL_NO_GOST
-+        else if (lu->sig == NID_id_GostR3410_2012_256
-+                 || lu->sig == NID_id_GostR3410_2012_512) {
-+          EVP_PKEY_CTX *tmp = EVP_PKEY_CTX_new(tmppkey, NULL);
-+          int found = 0;
-+
-+          if (tmp == NULL)
-+              continue;
-+          if (EVP_PKEY_sign_init(tmp) != 1) {
-+              EVP_PKEY_CTX_free(tmp);
-+              continue;
-+          }
-+
-+          /* содержательное совпадение параметров с параметрами ключа */
-+          found = (EVP_PKEY_CTX_ctrl(tmp, -1, -1, EVP_PKEY_CTRL_PARAMS_MATCH, lu->curve, NULL) > 0);
-+          EVP_PKEY_CTX_free(tmp);
-+          if (!found)
-+              continue;
-+        }
-+#endif
-         break;
-     }
-