Djam/libressl
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/libressl.git synced 2025-02-23 16:12:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix generating GOST certificates/keys in test 9

Browse source
This commit is contained in:
Mikhail Novosyolov 2019-12-08 18:06:09 +03:00
parent 72c6554478
commit e50016a4ce
1 changed files with 24 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
libressl.spec
View file

@ -56,7 +56,7 @@
Summary: LibreSSL utils and libs coexisting with OpenSSL Summary: LibreSSL utils and libs coexisting with OpenSSL
Name: libressl Name: libressl
Version: %{base_version}.git%{git_date} Version: %{base_version}.git%{git_date}
Release: 12 Release: 13
# The code is distributed under ISC license except of original OpenSSL code # The code is distributed under ISC license except of original OpenSSL code
License: ISC and BSD-like License: ISC and BSD-like
Group: System/Base Group: System/Base
@ -464,16 +464,32 @@ _ls_length="$($libressl dgst -md_gost94 ./test8 | awk '{print $NF}' | wc -c)"
[ "$_gs_end" = "$_ls_beg" ] && \ [ "$_gs_end" = "$_ls_beg" ] && \
[ "$_gs_length" = "$_ls_length" ] || exit 1 [ "$_gs_length" = "$_ls_length" ] || exit 1
unset _gs_beg _gs_end _ls_beg _ls_end _gs_length _ls_length unset _gs_beg _gs_end _ls_beg _ls_end _gs_length _ls_length
# (test 9) Test ability to sign using algos that require OPENSSL_NO_CMS to de undefined # (test 9) Test ability to sign using program that requires OPENSSL_NO_CMS to de undefined
# https://bugzilla.kernel.org/show_bug.cgi?id=202159 # https://bugzilla.kernel.org/show_bug.cgi?id=202159
# and ability to generate GOST R 34.11-12 keys # and ability to generate GOST R 34.10-12 keys
_pcf pkg-config --libs --cflags libressl-libcrypto _pcf pkg-config --libs --cflags libressl-libcrypto
%__cc -o test9 %{SOURCE29} $nflags %__cc -o test9 %{SOURCE29} $nflags
export OPENSSL_CONF=%{buildroot}%{_openssldir}/libressl.cnf export OPENSSL_CONF=%{buildroot}%{_openssldir}/libressl.cnf
$libressl ecparam -genkey -name id-tc26-gost-3410-2012-512-paramSetA -out priv.key -outform PEM $libressl ecparam -genkey -name id-tc26-gost-3410-2012-512-paramSetA -out priv.key -outform PEM
$libressl req -batch -new -x509 -nodes -key priv.key -out pem.pem \ $libressl req -batch -new -x509 -nodes -key priv.key -out pem1.pem \
-subj "/C=RU/ST=Russia/L=Oryol/O=Test/OU=Test CA/CN=Test CA Root" -subj "/C=RU/ST=Russia/L=Oryol/O=Test/OU=Test CA/CN=Test CA Root"
echo 123 > test9_file # Also possible to gen a new key and a certificate in one command:
./test9 streebog512 priv.key pem.pem test9_file # libressl req <...> -newkey ec -pkeyopt ec_paramgen_curve:id-tc26-gost-3410-2012-512-paramSetA
strings test9_file | tail -n 1 | grep -q '~Module signature appended~' # Signature Algorithm: ecdsa-with-SHA256
rm priv.key pem.pem test9_file $libressl x509 -in pem1.pem -text -noout | grep -E 'Signature Algorithm:.*ecdsa-with-SHA256'
$libressl req -new -nodes -utf8 -batch -x509 -newkey gost2001 \
-pkeyopt dgst:streebog512 -pkeyopt paramset:A -streebog512 \
-days 109500 \
-subj "/C=RU/ST=Russia/L=Oryol/O=Test/OU=Test CA/CN=Test CA Root" \
-outform PEM -out pem2.pem -keyout pem2.pem
$libressl x509 -in pem2.pem -text -noout
$libressl x509 -in pem2.pem -text -noout | grep -E 'Signature Algorithm:.*GOST R 34.10-2012'
$libressl x509 -in pem2.pem -text -noout | grep -E 'Digest Algorithm:.*GOST R 34-11-2012'
$libressl x509 -in pem2.pem -text -noout | grep -E 'Public Key Algorithm:.*GOST R 34.10-2012'
echo 123 > test9_file1
echo 123 > test9_file2
# Known to fail with: "CMS routines:func(4095):not supported for this key type"
./test9 streebog512 priv.key pem1.pem test9_file1 || :
$libressl dgst -streebog512 -sign pem2.pem test9_file2 > test9_file2.sig
./test9 -s test9_file2.sig streebog512 pem2.pem test9_file2
strings test9_file2 | tail -n 1 | grep -q '~Module signature appended~'