libressl/0070-ssl-provide-interoperability-with-CryptoPro-CSP.patch

From fea5c236fbb0ee848bf6d7044f64042fa511e86f Mon Sep 17 00:00:00 2001
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date: Sat, 28 Mar 2020 22:33:33 +0300
Subject: [PATCH 70/87] ssl: provide interoperability with CryptoPro CSP

Windows CSPs fail to send proper SigAlgs extension (it does not include
GOST entries even for GOST CipherSuites). To ensure interoperability,
assume that the server will understand GOST sigalgs if it has sent GOST
certificate.

Sponsored by ROSA Linux

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
---
 src/lib/libssl/ssl_sigalgs.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index ffa6278eb..97a0b71fc 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -379,6 +379,15 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
 			return sigalg;
 	}
 
+#ifndef OPENSSL_NO_GOST
+	/* Windows CSPs fail to send proper SigAlgs extension (it does not
+	 * include GOST entries even for GOST CipherSuites). To ensure
+	 * interoperability, assume that the server will understand GOST
+	 * sigalgs if it has sent GOST certificate. */
+	if (pkey->type == EVP_PKEY_GOSTR01)
+		return ssl_sigalg_gost_select(s, pkey);
+#endif
+
 	SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
 	return NULL;
 }
-- 
2.17.1
Add gost-new patches sponsored by ROSA Linux TODO: add tests 2020-08-05 12:55:25 +03:00			`From fea5c236fbb0ee848bf6d7044f64042fa511e86f Mon Sep 17 00:00:00 2001`
			`From: Dmitry Baryshkov <dbaryshkov@gmail.com>`
			`Date: Sat, 28 Mar 2020 22:33:33 +0300`
			`Subject: [PATCH 70/87] ssl: provide interoperability with CryptoPro CSP`

			`Windows CSPs fail to send proper SigAlgs extension (it does not include`
			`GOST entries even for GOST CipherSuites). To ensure interoperability,`
			`assume that the server will understand GOST sigalgs if it has sent GOST`
			`certificate.`

			`Sponsored by ROSA Linux`

			`Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>`
			`---`
			`src/lib/libssl/ssl_sigalgs.c \| 9 +++++++++`
			`1 file changed, 9 insertions(+)`

			`diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c`
			`index ffa6278eb..97a0b71fc 100644`
			`--- a/src/lib/libssl/ssl_sigalgs.c`
			`+++ b/src/lib/libssl/ssl_sigalgs.c`
			`@@ -379,6 +379,15 @@ ssl_sigalg_select(SSL s, EVP_PKEY pkey)`
			`return sigalg;`
			`}`

			`+#ifndef OPENSSL_NO_GOST`
			`+ /* Windows CSPs fail to send proper SigAlgs extension (it does not`
			`+ * include GOST entries even for GOST CipherSuites). To ensure`
			`+ * interoperability, assume that the server will understand GOST`
			`+ * sigalgs if it has sent GOST certificate. */`
			`+ if (pkey->type == EVP_PKEY_GOSTR01)`
			`+ return ssl_sigalg_gost_select(s, pkey);`
			`+#endif`
			`+`
			`SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);`
			`return NULL;`
			`}`
			`--`
			`2.17.1`