summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDmitry Baryshkov <dbaryshkov@gmail.com>2020-01-20 03:11:08 +0300
committerDmitry Baryshkov <dbaryshkov@gmail.com>2020-01-20 03:11:08 +0300
commit6cebf4e042ac0f338a80121beff92ad120235407 (patch)
treec68feca1ccaad0467cb7e408c5fa3c32da5dfc21
parent4023d63f0b2795c0c0447282c808671ae8503ac3 (diff)
downloadgnutls-6cebf4e042ac0f338a80121beff92ad120235407.tar.gz
pkcs12: use correct key length when using STREEBOG-512
PKCS#12 files using GOST HMAC (GOST R 34.11-94 and Streebog) use special function to generate MAC key. Pass correct key length (fixed to be 32) when generating PKCS#12 files protected with Streebog (currently it incorrectly uses 64 there). Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Diffstat
-rw-r--r--lib/x509/pkcs12.c2
-rwxr-xr-xtests/cert-tests/pkcs12-gost14
2 files changed, 15 insertions, 1 deletions
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 200d1de908..8c3310d066 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -970,7 +970,7 @@ int gnutls_pkcs12_generate_mac2(gnutls_pkcs12_t pkcs12, gnutls_mac_algorithm_t m
sizeof(salt),
iter,
pass,
- mac_size,
+ key_len,
key);
} else
#endif
diff --git a/tests/cert-tests/pkcs12-gost b/tests/cert-tests/pkcs12-gost
index ee9318f750..2b5b6bfd79 100755
--- a/tests/cert-tests/pkcs12-gost
+++ b/tests/cert-tests/pkcs12-gost
@@ -81,6 +81,20 @@ if test ${rc} != 0; then
exit 1
fi
+${VALGRIND} "${CERTTOOL}" --pkcs-cipher=gost28147-tc26z --hash streebog-512 --to-p12 --password "Пароль для PFX" --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outder --outfile $TMPFILE >/dev/null
+rc=$?
+if test ${rc} != 0; then
+ echo "PKCS12 FATAL encoding"
+ exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "Пароль для PFX" --infile $TMPFILE >${TMPFILE_PEM} 2>/dev/null
+rc=$?
+if test ${rc} != 0; then
+ echo "PKCS12 FATAL decrypting/decoding"
+ exit 1
+fi
+
rm -f "$TMPFILE" "$TMPFILE_PEM"
exit 0
View Lorry Controller Status