1 diff --git include/openssl/evp.h include/openssl/evp.h
2 index e0ce8482..ce94b8cc 100644
3 --- include/openssl/evp.h
4 +++ include/openssl/evp.h
5 @@ -1342,6 +1342,8 @@ void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
6 # define EVP_PKEY_CTRL_GET_MD 13
8 # define EVP_PKEY_CTRL_SET_DIGEST_SIZE 14
9 +/* Used for GOST curves that have more than one name */
10 +# define EVP_PKEY_CTRL_PARAMS_MATCH 15
12 # define EVP_PKEY_ALG_CTRL 0x1000
14 diff --git ssl/t1_lib.c ssl/t1_lib.c
15 index 0ef8dc06..d0b308e9 100644
18 @@ -825,31 +825,31 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
19 {"gostr34102012_256a", TLSEXT_SIGALG_gostr34102012_256a,
20 NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
21 NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
22 - NID_undef, NID_undef},
23 + NID_undef, NID_id_tc26_gost_3410_2012_256_paramSetA},
24 {"gostr34102012_256b", TLSEXT_SIGALG_gostr34102012_256b,
25 NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
26 NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
27 - NID_undef, NID_undef},
28 + NID_undef, NID_id_tc26_gost_3410_2012_256_paramSetB},
29 {"gostr34102012_256c", TLSEXT_SIGALG_gostr34102012_256c,
30 NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
31 NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
32 - NID_undef, NID_undef},
33 + NID_undef, NID_id_tc26_gost_3410_2012_256_paramSetC},
34 {"gostr34102012_256d", TLSEXT_SIGALG_gostr34102012_256d,
35 NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
36 NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
37 - NID_undef, NID_undef},
38 + NID_undef, NID_id_tc26_gost_3410_2012_256_paramSetD},
39 {"gostr34102012_512a", TLSEXT_SIGALG_gostr34102012_512a,
40 NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX,
41 NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512,
42 - NID_undef, NID_undef},
43 + NID_undef, NID_id_tc26_gost_3410_2012_512_paramSetA},
44 {"gostr34102012_512b", TLSEXT_SIGALG_gostr34102012_512b,
45 NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX,
46 NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512,
47 - NID_undef, NID_undef},
48 + NID_undef, NID_id_tc26_gost_3410_2012_512_paramSetB},
49 {"gostr34102012_512c", TLSEXT_SIGALG_gostr34102012_512c,
50 NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX,
51 NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512,
52 - NID_undef, NID_undef},
53 + NID_undef, NID_id_tc26_gost_3410_2012_512_paramSetC},
54 {NULL, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256,
55 NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
56 NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
57 @@ -2839,6 +2839,26 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey)
58 if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(tmppkey), lu))
61 +#ifndef OPENSSL_NO_GOST
62 + else if (lu->sig == NID_id_GostR3410_2012_256
63 + || lu->sig == NID_id_GostR3410_2012_512) {
64 + EVP_PKEY_CTX *tmp = EVP_PKEY_CTX_new(tmppkey, NULL);
69 + if (EVP_PKEY_sign_init(tmp) != 1) {
70 + EVP_PKEY_CTX_free(tmp);
74 + /* содержательное совпадение параметров с параметрами ключа */
75 + found = (EVP_PKEY_CTX_ctrl(tmp, -1, -1, EVP_PKEY_CTRL_PARAMS_MATCH, lu->curve, NULL) > 0);
76 + EVP_PKEY_CTX_free(tmp);