From 4c7232ab3e61f3533233cfb1e8e5bca8b5d6a109 Mon Sep 17 00:00:00 2001
From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Date: Thu, 6 Aug 2020 14:30:23 +0300
Subject: [PATCH] patch: support loading GOST-signed modules

---
 ...t-loading-GOST-signed-kernel-modules.patch | 46 +++++++++++++++++++
 kernel.spec                                   |  4 +-
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 0001-crypto-support-loading-GOST-signed-kernel-modules.patch

diff --git a/0001-crypto-support-loading-GOST-signed-kernel-modules.patch b/0001-crypto-support-loading-GOST-signed-kernel-modules.patch
new file mode 100644
index 0000000..8522a6c
--- /dev/null
+++ b/0001-crypto-support-loading-GOST-signed-kernel-modules.patch
@@ -0,0 +1,46 @@
+From 59bf6ed4709ea82d63be300814af2c4c94503e14 Mon Sep 17 00:00:00 2001
+From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
+Date: Thu, 6 Aug 2020 14:17:31 +0300
+Subject: [PATCH] crypto: support loading GOST-signed kernel modules
+
+Support loading kernel modules signed with:
+* 1.2.643.7.1.1.1.1 id-tc26-gost3410-12-256
+* 1.2.643.7.1.1.1.2 id-tc26-gost3410-12-512
+
+Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
+---
+ crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
+index 967329e0a07b..39c260a04167 100644
+--- a/crypto/asymmetric_keys/pkcs7_parser.c
++++ b/crypto/asymmetric_keys/pkcs7_parser.c
+@@ -248,6 +248,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen,
+ 	case OID_sha224:
+ 		ctx->sinfo->sig->hash_algo = "sha224";
+ 		break;
++	case OID_gost2012Digest256:
++		ctx->sinfo->sig->hash_algo = "streebog256";
++		break;
++	case OID_gost2012Digest512:
++		ctx->sinfo->sig->hash_algo = "streebog512";
++		break;
+ 	default:
+ 		printk("Unsupported digest algo: %u\n", ctx->last_oid);
+ 		return -ENOPKG;
+@@ -269,6 +275,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen,
+ 		ctx->sinfo->sig->pkey_algo = "rsa";
+ 		ctx->sinfo->sig->encoding = "pkcs1";
+ 		break;
++	case OID_gost2012PKey256:
++	case OID_gost2012PKey512:
++		ctx->sinfo->sig->pkey_algo = "ecrdsa";
++		ctx->sinfo->sig->encoding = "raw";
++		break;
+ 	default:
+ 		printk("Unsupported pkey algo: %u\n", ctx->last_oid);
+ 		return -ENOPKG;
+-- 
+2.17.1
+
diff --git a/kernel.spec b/kernel.spec
index 0641f75..a9b3cfc 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -24,7 +24,7 @@
 %define sublevel	40
 
 # Release number. Increase this before a rebuild.
-%define rpmrel		7
+%define rpmrel		9
 %define fullrpmrel	%{rpmrel}
 
 %define rpmtag		%{disttag}
@@ -282,6 +282,8 @@ Patch302:	0001-sign-file-full-functionality-with-modern-LibreSSL.patch
 Patch303:	perf-5.4.20-binutil-libs-2.34.patch
 # Add sysctl to disable disk-based swap
 Patch304: 	0001-mm-add-sysctl-to-disable-disk-based-swap.patch
+# Support loading GOST-signed modules
+Patch305:	0001-crypto-support-loading-GOST-signed-kernel-modules.patch
 
 # Disable AutoReq
 AutoReq: 	0