mirror of
https://abf.rosa.ru/djam/libressl.git
synced 2025-02-23 16:12:53 +00:00
42 lines
1.5 KiB
Diff
42 lines
1.5 KiB
Diff
|
From 7d13acb589fd972be4522b5742e1a8a58349defd Mon Sep 17 00:00:00 2001
|
||
|
|
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
||
|
|
Date: Thu, 19 Mar 2020 20:41:14 +0300
|
||
|
|
Subject: [PATCH 66/87] Fix S-Box used for CipherKeyExchange message in GOST
|
||
|
|
ciphersuites
|
||
|
|
|
||
|
|
GOST TLS CipherSuites are oververbose. One of implementations ignored
|
||
|
|
OID of the s-box that was sent as a part of the messages and used
|
||
|
|
calculated one, which differs from the one used by LibreSSL. Let
|
||
|
|
LibreSSL code also calculate proper S-Box and use it during key
|
||
|
|
exchange.
|
||
|
|
|
||
|
|
See https://github.com/libressl-portable/portable/issues/396
|
||
|
|
|
||
|
|
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
||
|
|
---
|
||
|
|
src/lib/libcrypto/gost/gostr341001_pmeth.c | 8 +++++++-
|
||
|
|
1 file changed, 7 insertions(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/src/lib/libcrypto/gost/gostr341001_pmeth.c b/src/lib/libcrypto/gost/gostr341001_pmeth.c
|
||
|
|
index e21101ddc..2813f312c 100644
|
||
|
|
--- a/src/lib/libcrypto/gost/gostr341001_pmeth.c
|
||
|
|
+++ b/src/lib/libcrypto/gost/gostr341001_pmeth.c
|
||
|
|
@@ -548,7 +548,13 @@ pkey_gost01_encrypt_4490(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len
|
||
|
|
int ret = 0;
|
||
|
|
int key_is_ephemeral;
|
||
|
|
EVP_PKEY *sec_key = EVP_PKEY_CTX_get0_peerkey(pctx);
|
||
|
|
- int nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
|
||
|
|
+ int nid;
|
||
|
|
+
|
||
|
|
+ if (GOST_KEY_get_digest(pubk->pkey.gost) ==
|
||
|
|
+ NID_id_GostR3411_94_CryptoProParamSet)
|
||
|
|
+ nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
|
||
|
|
+ else
|
||
|
|
+ nid = NID_id_tc26_gost_28147_param_Z;
|
||
|
|
|
||
|
|
if (data->shared_ukm != NULL && data->shared_ukm_len >= 8) {
|
||
|
|
memcpy(ukm, data->shared_ukm, 8);
|
||
|
|
--
|
||
|
|
2.17.1
|
||
|
|
|