diff --git a/libressl.spec b/libressl.spec index 2cb2980..a7686b8 100644 --- a/libressl.spec +++ b/libressl.spec @@ -56,7 +56,7 @@ Summary: LibreSSL utils and libs coexisting with OpenSSL Name: libressl Version: %{base_version}.git%{git_date} -Release: 12 +Release: 13 # The code is distributed under ISC license except of original OpenSSL code License: ISC and BSD-like Group: System/Base @@ -464,16 +464,32 @@ _ls_length="$($libressl dgst -md_gost94 ./test8 | awk '{print $NF}' | wc -c)" [ "$_gs_end" = "$_ls_beg" ] && \ [ "$_gs_length" = "$_ls_length" ] || exit 1 unset _gs_beg _gs_end _ls_beg _ls_end _gs_length _ls_length -# (test 9) Test ability to sign using algos that require OPENSSL_NO_CMS to de undefined +# (test 9) Test ability to sign using program that requires OPENSSL_NO_CMS to de undefined # https://bugzilla.kernel.org/show_bug.cgi?id=202159 -# and ability to generate GOST R 34.11-12 keys +# and ability to generate GOST R 34.10-12 keys _pcf pkg-config --libs --cflags libressl-libcrypto %__cc -o test9 %{SOURCE29} $nflags export OPENSSL_CONF=%{buildroot}%{_openssldir}/libressl.cnf $libressl ecparam -genkey -name id-tc26-gost-3410-2012-512-paramSetA -out priv.key -outform PEM -$libressl req -batch -new -x509 -nodes -key priv.key -out pem.pem \ +$libressl req -batch -new -x509 -nodes -key priv.key -out pem1.pem \ -subj "/C=RU/ST=Russia/L=Oryol/O=Test/OU=Test CA/CN=Test CA Root" -echo 123 > test9_file -./test9 streebog512 priv.key pem.pem test9_file -strings test9_file | tail -n 1 | grep -q '~Module signature appended~' -rm priv.key pem.pem test9_file +# Also possible to gen a new key and a certificate in one command: +# libressl req <...> -newkey ec -pkeyopt ec_paramgen_curve:id-tc26-gost-3410-2012-512-paramSetA +# Signature Algorithm: ecdsa-with-SHA256 +$libressl x509 -in pem1.pem -text -noout | grep -E 'Signature Algorithm:.*ecdsa-with-SHA256' +$libressl req -new -nodes -utf8 -batch -x509 -newkey gost2001 \ + -pkeyopt dgst:streebog512 -pkeyopt paramset:A -streebog512 \ + -days 109500 \ + -subj "/C=RU/ST=Russia/L=Oryol/O=Test/OU=Test CA/CN=Test CA Root" \ + -outform PEM -out pem2.pem -keyout pem2.pem +$libressl x509 -in pem2.pem -text -noout +$libressl x509 -in pem2.pem -text -noout | grep -E 'Signature Algorithm:.*GOST R 34.10-2012' +$libressl x509 -in pem2.pem -text -noout | grep -E 'Digest Algorithm:.*GOST R 34-11-2012' +$libressl x509 -in pem2.pem -text -noout | grep -E 'Public Key Algorithm:.*GOST R 34.10-2012' +echo 123 > test9_file1 +echo 123 > test9_file2 +# Known to fail with: "CMS routines:func(4095):not supported for this key type" +./test9 streebog512 priv.key pem1.pem test9_file1 || : +$libressl dgst -streebog512 -sign pem2.pem test9_file2 > test9_file2.sig +./test9 -s test9_file2.sig streebog512 pem2.pem test9_file2 +strings test9_file2 | tail -n 1 | grep -q '~Module signature appended~'