GOST cipher suites requires to generate CertVerify signatures in a
special way (see ssl3_send_client_kex_gost(), ssl3_get_cert_verify()).
However a flag GOST_SIG_FORMAT_RS_LE was not passed in case of TLS 1.2
connections (because they use different code path). Pass this flag to
the PKEY if it is a GOST pkey.
Sponsored by ROSA Linux
Signed-off-by: Dmitry Baryshkov <dbarysh...@gmail.com>
---
src/lib/libssl/ssl_clnt.c | 7 +++++++
src/lib/libssl/ssl_srvr.c | 7 +++++++
2 files changed, 14 insertions(+)
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index ce43a89ca737..2a16bd19f247 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -2345,6 +2345,13 @@ ssl3_send_client_verify_sigalgs(SSL *s, CBB *cert_verify)
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
+ if (sigalg->key_type == NID_id_GostR3410_2001 &&
+ EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+ EVP_PKEY_CTRL_GOST_SIG_FORMAT,
+ GOST_SIG_FORMAT_RS_LE, NULL) <= 0) {
+ SSLerror(s, ERR_R_EVP_LIB);
+ goto err;
+ }
if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
(!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) {
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index c9c24f0453bd..2fe634de30d3 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -2182,6 +2182,13 @@ ssl3_get_cert_verify(SSL *s)
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
+ if (sigalg->key_type == NID_id_GostR3410_2001 &&
+ EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
+ EVP_PKEY_CTRL_GOST_SIG_FORMAT,
+ GOST_SIG_FORMAT_RS_LE, NULL) <= 0) {
+ al = SSL_AD_INTERNAL_ERROR;
+ goto f_err;
+ }
if (!EVP_DigestVerifyUpdate(&mctx, hdata, hdatalen)) {
SSLerror(s, ERR_R_EVP_LIB);
al = SSL_AD_INTERNAL_ERROR;
--
2.25.1
