From 7d13acb589fd972be4522b5742e1a8a58349defd Mon Sep 17 00:00:00 2001 From: Dmitry Baryshkov Date: Thu, 19 Mar 2020 20:41:14 +0300 Subject: [PATCH 66/87] Fix S-Box used for CipherKeyExchange message in GOST ciphersuites GOST TLS CipherSuites are oververbose. One of implementations ignored OID of the s-box that was sent as a part of the messages and used calculated one, which differs from the one used by LibreSSL. Let LibreSSL code also calculate proper S-Box and use it during key exchange. See https://github.com/libressl-portable/portable/issues/396 Signed-off-by: Dmitry Baryshkov --- src/lib/libcrypto/gost/gostr341001_pmeth.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/lib/libcrypto/gost/gostr341001_pmeth.c b/src/lib/libcrypto/gost/gostr341001_pmeth.c index e21101ddc..2813f312c 100644 --- a/src/lib/libcrypto/gost/gostr341001_pmeth.c +++ b/src/lib/libcrypto/gost/gostr341001_pmeth.c @@ -548,7 +548,13 @@ pkey_gost01_encrypt_4490(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len int ret = 0; int key_is_ephemeral; EVP_PKEY *sec_key = EVP_PKEY_CTX_get0_peerkey(pctx); - int nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; + int nid; + + if (GOST_KEY_get_digest(pubk->pkey.gost) == + NID_id_GostR3411_94_CryptoProParamSet) + nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; + else + nid = NID_id_tc26_gost_28147_param_Z; if (data->shared_ukm != NULL && data->shared_ukm_len >= 8) { memcpy(ukm, data->shared_ukm, 8); -- 2.17.1