libressl/0066-Fix-S-Box-used-for-CipherKeyExchange-message-in-GOST.patch

From 7d13acb589fd972be4522b5742e1a8a58349defd Mon Sep 17 00:00:00 2001
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date: Thu, 19 Mar 2020 20:41:14 +0300
Subject: [PATCH 66/87] Fix S-Box used for CipherKeyExchange message in GOST
 ciphersuites

GOST TLS CipherSuites are oververbose. One of implementations ignored
OID of the s-box that was sent as a part of the messages and used
calculated one, which differs from the one used by LibreSSL. Let
LibreSSL code also calculate proper S-Box and use it during key
exchange.

See https://github.com/libressl-portable/portable/issues/396

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
---
 src/lib/libcrypto/gost/gostr341001_pmeth.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/lib/libcrypto/gost/gostr341001_pmeth.c b/src/lib/libcrypto/gost/gostr341001_pmeth.c
index e21101ddc..2813f312c 100644
--- a/src/lib/libcrypto/gost/gostr341001_pmeth.c
+++ b/src/lib/libcrypto/gost/gostr341001_pmeth.c
@@ -548,7 +548,13 @@ pkey_gost01_encrypt_4490(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len
 	int ret = 0;
 	int key_is_ephemeral;
 	EVP_PKEY *sec_key = EVP_PKEY_CTX_get0_peerkey(pctx);
-	int nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
+	int nid;
+
+	if (GOST_KEY_get_digest(pubk->pkey.gost) ==
+			NID_id_GostR3411_94_CryptoProParamSet)
+		nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
+	else
+		nid = NID_id_tc26_gost_28147_param_Z;
 
 	if (data->shared_ukm != NULL && data->shared_ukm_len >= 8) {
 		memcpy(ukm, data->shared_ukm, 8);
-- 
2.17.1