Hello OpenSSL Team,
I found out that the commit 28f4580c1e510ccf4278a20975c9bc3306f758d6 breaks
GOST 2012 client auth processing.
If the call to the EVP_PKEY_get_default_digest_nid() function is
unacceptable here, it can be replaced with the chain of if expressions (the
patch is attached).
BTW, what is a design policy in places when we have an enumeration of
algorithms?
I supposed that calling the implementation-provided callbacks is a right
way (or at least better then case expressions or chain of ifs)...
Thank you!
--
SY, Dmitry Belyavsky
index dcfb44f..0619507 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3017,6 +3017,14 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s,
PACKET *pkt)
#endif
} else if (pkey->type == EVP_PKEY_RSA) {
md = EVP_md5_sha1();
+#ifndef OPENSSL_NO_GOST
+ } else if (pkey->type == NID_id_GostR3410_2001) {
+ md = EVP_get_digestbynid(NID_id_GostR3411_94);
+ } else if (pkey->type == NID_id_GostR3410_2012_256) {
+ md = EVP_get_digestbynid(NID_id_GostR3411_2012_256);
+ } else if (pkey->type == NID_id_GostR3410_2012_512) {
+ md = EVP_get_digestbynid(NID_id_GostR3411_2012_512);
+#endif
} else {
md = EVP_sha1();
}
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev