Fix the ordering of the GOST 34.10 signature values. Add a test

derived from a DNSSEC RFC. Bug reported by Bert Hubert to the
mailing list. According to Bert, this ordering is compatible with
the version included in OpenSSL.

Also, benchmark GOST 34.10 using the GOST 34.11 hash since that
is always what it is used with.

1 files changed, 4 insertions, 4 deletions

diff --git a/src/pubkey/gost_3410/gost_3410.cpp b/src/pubkey/gost_3410/gost_3410.cpp
index 61693e01f..fa72d0673 100644
--- a/src/pubkey/gost_3410/gost_3410.cpp
+++ b/src/pubkey/gost_3410/gost_3410.cpp
@@ -130,8 +130,8 @@ GOST_3410_Signature_Operation::sign(const byte msg[], size_t msg_len,
       throw Invalid_State("GOST 34.10: r == 0 || s == 0");
 
    SecureVector<byte> output(2*order.bytes());
-   r.binary_encode(&output[output.size() / 2 - r.bytes()]);
-   s.binary_encode(&output[output.size() - s.bytes()]);
+   s.binary_encode(&output[output.size() / 2 - s.bytes()]);
+   r.binary_encode(&output[output.size() - r.bytes()]);
    return output;
    }
 
@@ -150,8 +150,8 @@ bool GOST_3410_Verification_Operation::verify(const byte msg[], size_t msg_len,
 
    BigInt e = decode_le(msg, msg_len);
 
-   BigInt r(sig, sig_len / 2);
-   BigInt s(sig + sig_len / 2, sig_len / 2);
+   BigInt s(sig, sig_len / 2);
+   BigInt r(sig + sig_len / 2, sig_len / 2);
 
    if(r < 0 || r >= order || s < 0 || s >= order)
       return false;