GOST cipher suites requires to generate CertVerify signatures in a special way (see ssl3_send_client_kex_gost(), ssl3_get_cert_verify()). However a flag GOST_SIG_FORMAT_RS_LE was not passed in case of TLS 1.2 connections (because they use different code path). Pass this flag to the PKEY if it is a GOST pkey.
Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov <dbarysh...@gmail.com> --- src/lib/libssl/ssl_clnt.c | 7 +++++++ src/lib/libssl/ssl_srvr.c | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index ce43a89ca737..2a16bd19f247 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c @@ -2345,6 +2345,13 @@ ssl3_send_client_verify_sigalgs(SSL *s, CBB *cert_verify) SSLerror(s, ERR_R_EVP_LIB); goto err; } + if (sigalg->key_type == NID_id_GostR3410_2001 && + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, + EVP_PKEY_CTRL_GOST_SIG_FORMAT, + GOST_SIG_FORMAT_RS_LE, NULL) <= 0) { + SSLerror(s, ERR_R_EVP_LIB); + goto err; + } if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) || !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) { diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index c9c24f0453bd..2fe634de30d3 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c @@ -2182,6 +2182,13 @@ ssl3_get_cert_verify(SSL *s) al = SSL_AD_INTERNAL_ERROR; goto f_err; } + if (sigalg->key_type == NID_id_GostR3410_2001 && + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY, + EVP_PKEY_CTRL_GOST_SIG_FORMAT, + GOST_SIG_FORMAT_RS_LE, NULL) <= 0) { + al = SSL_AD_INTERNAL_ERROR; + goto f_err; + } if (!EVP_DigestVerifyUpdate(&mctx, hdata, hdatalen)) { SSLerror(s, ERR_R_EVP_LIB); al = SSL_AD_INTERNAL_ERROR; -- 2.25.1