gogost-install | 6 +++--- src/crypto/tls/auth.go | 6 +----- src/crypto/tls/gost.go | 6 ------ src/crypto/x509/x509.go | 10 +--------- diff --git a/gogost-install b/gogost-install index e85a0b57ae7014eadfe92323dbff7af0844c6a22..bf8d2ac10b25936406cecdba2550087d00369fee 100755 --- a/gogost-install +++ b/gogost-install @@ -4,18 +4,18 @@ command -v fetch >/dev/null && DL="fetch -o" || DL="wget -O" command -v sha256 >/dev/null && SHA256="sha256" || SHA256="sha256sum --binary" PERL=${PERL:-perl} -TARBALL=gogost-5.11.0.tar.zst +TARBALL=gogost-5.13.0.tar.zst [ -r $TARBALL ] || { $DL $TARBALL.tmp http://www.gogost.cypherpunks.ru/$TARBALL mv $TARBALL.tmp $TARBALL } -[ "`$SHA256 < $TARBALL | $PERL -lane 'print $F[0]'`" = "6c4abc20ebead10b99bff5601358a63301d4b0bea159e84e532cc3799537d8f4" ] +[ "`$SHA256 < $TARBALL | $PERL -lane 'print $F[0]'`" = "ee0deeb665aee4246c21c8c9f814860502468e37216f43d9acee8c309cc4843e" ] tar xf $TARBALL mkdir -p src/crypto/go.cypherpunks.ru/gogost mv ${TARBALL%.tar.zst} src/crypto/go.cypherpunks.ru/gogost/v5 crypto_version=$(sed -n 's#^.*golang.org/x/crypto \(.*\)$#\1#p' < src/go.mod) cd src/crypto/go.cypherpunks.ru/gogost/v5 -rm -r cmd +rm -r cmd bench rm gost341194/pbkdf2_test.go for len in 256 512 ; do fn=gost34112012${len}/hash.go diff --git a/src/crypto/tls/auth.go b/src/crypto/tls/auth.go index b26de818703007d1407a7913630909c15c4870ac..58fd92cb3d9e96e3962fb296b75c810e4c0fc50e 100644 --- a/src/crypto/tls/auth.go +++ b/src/crypto/tls/auth.go @@ -61,11 +61,7 @@ pubKey, ok := pubkey.(*gost3410.PublicKey) if !ok { return fmt.Errorf("expected GOST public key, got %T", pubkey) } - reverseBytes(sig) - reverseBytes(signed) - ok, err := pubKey.VerifyDigest(signed, sig) - reverseBytes(sig) - reverseBytes(signed) + ok, err := gost3410.PublicKeyReverseDigestAndSignature{Pub: pubKey}.VerifyDigest(signed, sig) if err != nil { return err } diff --git a/src/crypto/tls/gost.go b/src/crypto/tls/gost.go index d60a5b82a3dc74a08f53c0f22349f8a136a116a8..3852414a62a50d9e3c5fc901d3c51095c9d21c12 100644 --- a/src/crypto/tls/gost.go +++ b/src/crypto/tls/gost.go @@ -15,12 +15,6 @@ ) const GOSTAEADNonceSize = 8 -func reverseBytes(d []byte) { - for i, j := 0, len(d)-1; i < j; i, j = i+1, j-1 { - d[i], d[j] = d[j], d[i] - } -} - type gostAEAD struct { nonceMask []byte tlsTree *gost34112012256.TLSTree diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go index 217d83e97ba8234181daf4ea254574c79710772a..494c3b37fb928fc52e0f5b9b7567ca31496b8240 100644 --- a/src/crypto/x509/x509.go +++ b/src/crypto/x509/x509.go @@ -54,12 +54,6 @@ "golang.org/x/crypto/cryptobyte" cryptobyte_asn1 "golang.org/x/crypto/cryptobyte/asn1" ) -func reverseBytes(d []byte) { - for i, j := 0, len(d)-1; i < j; i, j = i+1, j-1 { - d[i], d[j] = d[j], d[i] - } -} - // pkixPublicKey reflects a PKIX public key structure. See SubjectPublicKeyInfo // in RFC 3280. type pkixPublicKey struct { @@ -1032,9 +1026,7 @@ case *gost3410.PublicKey: if pubKeyAlgo != GOST { return signaturePublicKeyAlgoMismatchError(pubKeyAlgo, pub) } - reverseBytes(signed) - ok, err := pub.VerifyDigest(signed, signature) - reverseBytes(signed) + ok, err := gost3410.PublicKeyReverseDigest{Pub: pub}.VerifyDigest(signed, signature) if err != nil { return err }