From 99b9696abaa2f8c999c5f438013b9083503c32ce Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@rnd.stcnet.ru>
Date: Mon, 7 Aug 2023 16:28:41 +0300
Subject: [PATCH] Use GoGOST's PublicKey wrappers

---
 gogost-install          |  6 +++---
 src/crypto/tls/auth.go  |  6 +-----
 src/crypto/tls/gost.go  |  6 ------
 src/crypto/x509/x509.go | 10 +---------
 4 files changed, 5 insertions(+), 23 deletions(-)

diff --git a/gogost-install b/gogost-install
index e85a0b57ae..bf8d2ac10b 100755
--- a/gogost-install
+++ b/gogost-install
@@ -4,18 +4,18 @@ command -v fetch >/dev/null && DL="fetch -o" || DL="wget -O"
 command -v sha256 >/dev/null && SHA256="sha256" || SHA256="sha256sum --binary"
 PERL=${PERL:-perl}
 
-TARBALL=gogost-5.11.0.tar.zst
+TARBALL=gogost-5.13.0.tar.zst
 [ -r $TARBALL ] || {
     $DL $TARBALL.tmp http://www.gogost.cypherpunks.ru/$TARBALL
     mv $TARBALL.tmp $TARBALL
 }
-[ "`$SHA256 < $TARBALL | $PERL -lane 'print $F[0]'`" = "6c4abc20ebead10b99bff5601358a63301d4b0bea159e84e532cc3799537d8f4" ]
+[ "`$SHA256 < $TARBALL | $PERL -lane 'print $F[0]'`" = "ee0deeb665aee4246c21c8c9f814860502468e37216f43d9acee8c309cc4843e" ]
 tar xf $TARBALL
 mkdir -p src/crypto/go.cypherpunks.ru/gogost
 mv ${TARBALL%.tar.zst} src/crypto/go.cypherpunks.ru/gogost/v5
 crypto_version=$(sed -n 's#^.*golang.org/x/crypto \(.*\)$#\1#p' < src/go.mod)
 cd src/crypto/go.cypherpunks.ru/gogost/v5
-rm -r cmd
+rm -r cmd bench
 rm gost341194/pbkdf2_test.go
 for len in 256 512 ; do
     fn=gost34112012${len}/hash.go
diff --git a/src/crypto/tls/auth.go b/src/crypto/tls/auth.go
index b26de81870..58fd92cb3d 100644
--- a/src/crypto/tls/auth.go
+++ b/src/crypto/tls/auth.go
@@ -61,11 +61,7 @@ func verifyHandshakeSignature(sigType uint8, pubkey crypto.PublicKey, hashFunc c
 		if !ok {
 			return fmt.Errorf("expected GOST public key, got %T", pubkey)
 		}
-		reverseBytes(sig)
-		reverseBytes(signed)
-		ok, err := pubKey.VerifyDigest(signed, sig)
-		reverseBytes(sig)
-		reverseBytes(signed)
+		ok, err := gost3410.PublicKeyReverseDigestAndSignature{Pub: pubKey}.VerifyDigest(signed, sig)
 		if err != nil {
 			return err
 		}
diff --git a/src/crypto/tls/gost.go b/src/crypto/tls/gost.go
index d60a5b82a3..3852414a62 100644
--- a/src/crypto/tls/gost.go
+++ b/src/crypto/tls/gost.go
@@ -15,12 +15,6 @@ import (
 
 const GOSTAEADNonceSize = 8
 
-func reverseBytes(d []byte) {
-	for i, j := 0, len(d)-1; i < j; i, j = i+1, j-1 {
-		d[i], d[j] = d[j], d[i]
-	}
-}
-
 type gostAEAD struct {
 	nonceMask []byte
 	tlsTree   *gost34112012256.TLSTree
diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index 217d83e97b..494c3b37fb 100644
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -54,12 +54,6 @@ import (
 	cryptobyte_asn1 "golang.org/x/crypto/cryptobyte/asn1"
 )
 
-func reverseBytes(d []byte) {
-	for i, j := 0, len(d)-1; i < j; i, j = i+1, j-1 {
-		d[i], d[j] = d[j], d[i]
-	}
-}
-
 // pkixPublicKey reflects a PKIX public key structure. See SubjectPublicKeyInfo
 // in RFC 3280.
 type pkixPublicKey struct {
@@ -1032,9 +1026,7 @@ func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey
 		if pubKeyAlgo != GOST {
 			return signaturePublicKeyAlgoMismatchError(pubKeyAlgo, pub)
 		}
-		reverseBytes(signed)
-		ok, err := pub.VerifyDigest(signed, signature)
-		reverseBytes(signed)
+		ok, err := gost3410.PublicKeyReverseDigest{Pub: pub}.VerifyDigest(signed, signature)
 		if err != nil {
 			return err
 		}
-- 
2.44.0