--- /dev/null
+diff --git include/openssl/evp.h include/openssl/evp.h
+index e0ce8482..ce94b8cc 100644
+--- include/openssl/evp.h
++++ include/openssl/evp.h
+@@ -1342,6 +1342,8 @@ void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
+ # define EVP_PKEY_CTRL_GET_MD 13
+
+ # define EVP_PKEY_CTRL_SET_DIGEST_SIZE 14
++/* Used for GOST curves that have more than one name */
++# define EVP_PKEY_CTRL_PARAMS_MATCH 15
+
+ # define EVP_PKEY_ALG_CTRL 0x1000
+
+diff --git ssl/t1_lib.c ssl/t1_lib.c
+index 0ef8dc06..d0b308e9 100644
+--- ssl/t1_lib.c
++++ ssl/t1_lib.c
+@@ -825,31 +825,31 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
+ {"gostr34102012_256a", TLSEXT_SIGALG_gostr34102012_256a,
+ NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
+ NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
+- NID_undef, NID_undef},
++ NID_undef, NID_id_tc26_gost_3410_2012_256_paramSetA},
+ {"gostr34102012_256b", TLSEXT_SIGALG_gostr34102012_256b,
+ NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
+ NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
+- NID_undef, NID_undef},
++ NID_undef, NID_id_tc26_gost_3410_2012_256_paramSetB},
+ {"gostr34102012_256c", TLSEXT_SIGALG_gostr34102012_256c,
+ NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
+ NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
+- NID_undef, NID_undef},
++ NID_undef, NID_id_tc26_gost_3410_2012_256_paramSetC},
+ {"gostr34102012_256d", TLSEXT_SIGALG_gostr34102012_256d,
+ NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
+ NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
+- NID_undef, NID_undef},
++ NID_undef, NID_id_tc26_gost_3410_2012_256_paramSetD},
+ {"gostr34102012_512a", TLSEXT_SIGALG_gostr34102012_512a,
+ NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX,
+ NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512,
+- NID_undef, NID_undef},
++ NID_undef, NID_id_tc26_gost_3410_2012_512_paramSetA},
+ {"gostr34102012_512b", TLSEXT_SIGALG_gostr34102012_512b,
+ NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX,
+ NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512,
+- NID_undef, NID_undef},
++ NID_undef, NID_id_tc26_gost_3410_2012_512_paramSetB},
+ {"gostr34102012_512c", TLSEXT_SIGALG_gostr34102012_512c,
+ NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX,
+ NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512,
+- NID_undef, NID_undef},
++ NID_undef, NID_id_tc26_gost_3410_2012_512_paramSetC},
+ {NULL, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256,
+ NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
+ NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
+@@ -2839,6 +2839,26 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey)
+ if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(tmppkey), lu))
+ continue;
+ }
++#ifndef OPENSSL_NO_GOST
++ else if (lu->sig == NID_id_GostR3410_2012_256
++ || lu->sig == NID_id_GostR3410_2012_512) {
++ EVP_PKEY_CTX *tmp = EVP_PKEY_CTX_new(tmppkey, NULL);
++ int found = 0;
++
++ if (tmp == NULL)
++ continue;
++ if (EVP_PKEY_sign_init(tmp) != 1) {
++ EVP_PKEY_CTX_free(tmp);
++ continue;
++ }
++
++ /* содержательное совпадение параметров с параметрами ключа */
++ found = (EVP_PKEY_CTX_ctrl(tmp, -1, -1, EVP_PKEY_CTRL_PARAMS_MATCH, lu->curve, NULL) > 0);
++ EVP_PKEY_CTX_free(tmp);
++ if (!found)
++ continue;
++ }
++#endif
+ break;
+ }
+
projects / openssl-gost / engine.git / blobdiff