libressl/0080-ssl-select-ACPKM-session-size-for-CTR-OMAC-ciphersui.patch

From 85709a17e3cb44997455f5120f454a65a85b6678 Mon Sep 17 00:00:00 2001
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date: Wed, 1 Apr 2020 17:31:59 +0300
Subject: [PATCH 80/87] ssl: select ACPKM session size for CTR-OMAC
 ciphersuites

Set ACPKM session size for MAGMA and KUZNYECHIK CTR-ACPKM ciphers.

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
---
 src/lib/libssl/t1_enc.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 736670259..a3814dd44 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -478,6 +478,10 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read,
 		EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0);
 		if (S3I(s)->hs.new_cipher->algorithm_mac == SSL_GOST89MAC)
 			EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0);
+	} else if (S3I(s)->hs.new_cipher->algorithm_enc == SSL_MAGMA_CTR_ACPKM) {
+		EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_MESHING, 1024, 0);
+	} else if (S3I(s)->hs.new_cipher->algorithm_enc == SSL_KUZNYECHIK_CTR_ACPKM) {
+		EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_MESHING, 4096, 0);
 	}
 
 	return (1);
-- 
2.17.1
Add gost-new patches sponsored by ROSA Linux TODO: add tests 2020-08-05 12:55:25 +03:00			`From 85709a17e3cb44997455f5120f454a65a85b6678 Mon Sep 17 00:00:00 2001`
			`From: Dmitry Baryshkov <dbaryshkov@gmail.com>`
			`Date: Wed, 1 Apr 2020 17:31:59 +0300`
			`Subject: [PATCH 80/87] ssl: select ACPKM session size for CTR-OMAC`
			`ciphersuites`

			`Set ACPKM session size for MAGMA and KUZNYECHIK CTR-ACPKM ciphers.`

			`Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>`
			`---`
			`src/lib/libssl/t1_enc.c \| 4 ++++`
			`1 file changed, 4 insertions(+)`

			`diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c`
			`index 736670259..a3814dd44 100644`
			`--- a/src/lib/libssl/t1_enc.c`
			`+++ b/src/lib/libssl/t1_enc.c`
			`@@ -478,6 +478,10 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read,`
			`EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0);`
			`if (S3I(s)->hs.new_cipher->algorithm_mac == SSL_GOST89MAC)`
			`EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0);`
			`+ } else if (S3I(s)->hs.new_cipher->algorithm_enc == SSL_MAGMA_CTR_ACPKM) {`
			`+ EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_MESHING, 1024, 0);`
			`+ } else if (S3I(s)->hs.new_cipher->algorithm_enc == SSL_KUZNYECHIK_CTR_ACPKM) {`
			`+ EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_MESHING, 4096, 0);`
			`}`

			`return (1);`
			`--`
			`2.17.1`