From 13c19bdf1726da4e7358c5db648c7d094b4c6179 Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Tue, 18 Sep 2018 00:53:17 +0300 Subject: lib: use little endian when importing/exporting GOST keys GOST R 34.10 native format is little endian. It is better for the application code to use native format data to interface library, rather than convert buffers on their own. Signed-off-by: Dmitry Eremin-Solenikov --- lib/x509/privkey.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'lib/x509') diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 0ee32ed960..c018f6dc97 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -1197,6 +1197,9 @@ gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key, * GNUTLS_GOST_PARAMSET_UNKNOWN default one will be selected depending on * @digest. * + * Note: parameters should be stored with least significant byte first. On + * version 3.6.3 big-endian format was used incorrectly. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * @@ -1226,7 +1229,7 @@ gnutls_x509_privkey_import_gost_raw(gnutls_x509_privkey_t key, key->params.gost_params = paramset; - if (_gnutls_mpi_init_scan_nz + if (_gnutls_mpi_init_scan_le (&key->params.params[GOST_X], x->data, x->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; @@ -1234,7 +1237,7 @@ gnutls_x509_privkey_import_gost_raw(gnutls_x509_privkey_t key, } key->params.params_nr++; - if (_gnutls_mpi_init_scan_nz + if (_gnutls_mpi_init_scan_le (&key->params.params[GOST_Y], y->data, y->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; @@ -1242,7 +1245,7 @@ gnutls_x509_privkey_import_gost_raw(gnutls_x509_privkey_t key, } key->params.params_nr++; - if (_gnutls_mpi_init_scan_nz + if (_gnutls_mpi_init_scan_le (&key->params.params[GOST_K], k->data, k->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; @@ -1562,6 +1565,9 @@ int gnutls_x509_privkey_export_ecc_raw(gnutls_x509_privkey_t key, * in the given structure. The new parameters will be allocated using * gnutls_malloc() and will be stored in the appropriate datum. * + * Note: parameters will be stored with least significant byte first. On + * version 3.6.3 this was incorrectly returned in big-endian format. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * -- cgit v1.2.1