diff options
| author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-10-29 13:07:14 +0000 |
|---|---|---|
| committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-10-29 13:07:14 +0000 |
| commit | ce8557344cbe9ac6f6326700e11673239a36129b (patch) | |
| tree | d4dc31b5f238a3ff350b6818fd176be906e69c33 | |
| parent | bde0dca0244b974f1a745843382ef3bb2e7b98c5 (diff) | |
| parent | c3fea5b9e47475e8114986277e99190765da7227 (diff) | |
| download | gnutls-ce8557344cbe9ac6f6326700e11673239a36129b.tar.gz | |
Merge branch 'fix-gost-curves' into 'master'
ecc: fix curve sizes for TC26-256 gost curves
See merge request gnutls/gnutls!1110
| -rw-r--r-- | lib/algorithms/ecc.c | 8 | ||||
| -rwxr-xr-x | tests/cert-tests/gost | 23 |
2 files changed, 27 insertions, 4 deletions
diff --git a/lib/algorithms/ecc.c b/lib/algorithms/ecc.c index f07de60f72..4308e911ad 100644 --- a/lib/algorithms/ecc.c +++ b/lib/algorithms/ecc.c @@ -164,7 +164,7 @@ gnutls_ecc_curve_entry_st ecc_curves[] = { .oid = "1.2.643.7.1.2.1.1.1", .id = GNUTLS_ECC_CURVE_GOST256A, .pk = GNUTLS_PK_GOST_12_256, - .size = 64, + .size = 32, .gost_curve = 1, .supported = 1, }, @@ -173,7 +173,7 @@ gnutls_ecc_curve_entry_st ecc_curves[] = { .oid = "1.2.643.7.1.2.1.1.2", .id = GNUTLS_ECC_CURVE_GOST256B, .pk = GNUTLS_PK_GOST_12_256, - .size = 64, + .size = 32, .gost_curve = 1, .supported = 1, }, @@ -182,7 +182,7 @@ gnutls_ecc_curve_entry_st ecc_curves[] = { .oid = "1.2.643.7.1.2.1.1.3", .id = GNUTLS_ECC_CURVE_GOST256C, .pk = GNUTLS_PK_GOST_12_256, - .size = 64, + .size = 32, .gost_curve = 1, .supported = 1, }, @@ -191,7 +191,7 @@ gnutls_ecc_curve_entry_st ecc_curves[] = { .oid = "1.2.643.7.1.2.1.1.4", .id = GNUTLS_ECC_CURVE_GOST256D, .pk = GNUTLS_PK_GOST_12_256, - .size = 64, + .size = 32, .gost_curve = 1, .supported = 1, }, diff --git a/tests/cert-tests/gost b/tests/cert-tests/gost index a29332cf13..ff47988a6d 100755 --- a/tests/cert-tests/gost +++ b/tests/cert-tests/gost @@ -97,6 +97,29 @@ if [ $? != 0 ]; then exit 1 fi +echo "cn = End-user" > $TMPTEMPL + +"${CERTTOOL}" --generate-privkey --key-type gost01 --curve TC26-256-B > $TMPKEY 2>/dev/null + +"${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \ + --load-ca-privkey $TMPSUBCAKEY \ + --load-ca-certificate $TMPSUBCA \ + --load-privkey $TMPKEY \ + --outfile $TMPUSER >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +cat $TMPUSER $TMPSUBCA $TMPCA > $TMPFILE +"${CERTTOOL}" --verify-chain <$TMPFILE > $VERIFYOUT + +if [ $? != 0 ]; then + cat $VERIFYOUT + exit 1 +fi + "${CERTTOOL}" -i < "${srcdir}"/data/grfc.crt --outfile $TMPFILE if [ $? != 0 ]; then cat $TMPFILE |