This adds the source to get a minimal provider that provides...
nothing.
install_script:
- pkg install -y git cmake p5-App-cpanminus gdb pkgconf
- sudo cpanm --notest Test2::V0
+ update_git_script:
+ - git submodule update --recursive --init
script:
- git clone --depth 1 -b ${OPENSSL_BRANCH} https://github.com/openssl/openssl.git
- cd openssl
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
+ with:
+ submodules: true
- run: .github/before_script.sh
- run: .github/script.sh
CC: clang
steps:
- uses: actions/checkout@v2
+ with:
+ submodules: true
- run: .github/before_script.sh
- run: .github/script.sh
USE_RPATH:
steps:
- uses: actions/checkout@v2
+ with:
+ submodules: true
- run: .github/before_script.sh
- run: .github/script.sh
OPENSSL_BRANCH: master
steps:
- uses: actions/checkout@v2
+ with:
+ submodules: true
- run: .github/before_script.sh
- run: .github/script.sh
USE_RPATH:
steps:
- uses: actions/checkout@v2
+ with:
+ submodules: true
- run: .github/before_script.sh
- run: .github/script.sh
ASAN: -DASAN=1
steps:
- uses: actions/checkout@v2
+ with:
+ submodules: true
- run: .github/before_script.sh
- run: .github/script.sh
USE_RPATH:
steps:
- uses: actions/checkout@v2
+ with:
+ submodules: true
- run: .github/before_script.sh
- run: .github/script.sh
APT_INSTALL: gcc-multilib
steps:
- uses: actions/checkout@v2
+ with:
+ submodules: true
- run: .github/before_script.sh
- run: .github/script.sh
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2
+ # gost-engine has submodules
+ submodules: true
# If this run was triggered by a pull request event, then checkout
# the head of the pull request instead of the merge commit.
--- /dev/null
+[submodule "libprov"]
+ path = libprov
+ url = https://github.com/provider-corner/libprov.git
gost_eng.c
)
+set(GOST_PROV_SOURCE_FILES
+ gost_prov.c
+ )
+
set(TEST_ENVIRONMENT
CMAKE_CURRENT_SOURCE_DIR=${CMAKE_CURRENT_SOURCE_DIR}
PERL5LIB=${CMAKE_CURRENT_SOURCE_DIR}/test
OPENSSL_CRYPTO_LIBRARY=${OPENSSL_CRYPTO_LIBRARY}
OPENSSL_CONF=${CMAKE_CURRENT_SOURCE_DIR}/test/engine.cnf
)
+
add_executable(test_digest test_digest.c)
target_link_libraries(test_digest OpenSSL::Crypto)
add_test(NAME digest COMMAND test_digest)
COMPILE_DEFINITIONS "BUILDING_ENGINE_AS_LIBRARY"
PUBLIC_HEADER gost-engine.h
OUTPUT_NAME "gost")
-target_link_libraries(lib_gost_engine PRIVATE gost_core)
-
+target_link_libraries(lib_gost_engine PRIVATE gost_core gost_err)
+
+
+# The GOST provider uses this
+add_subdirectory(libprov)
+
+# The GOST provider in module form
+add_library(gost_prov MODULE
+ ${GOST_PROV_SOURCE_FILES} ${GOST_ENGINE_SOURCE_FILES}
+ )
+set_target_properties(gost_prov PROPERTIES
+ PREFIX "" OUTPUT_NAME "gostprov" SUFFIX ${CMAKE_SHARED_LIBRARY_SUFFIX}
+ COMPILE_DEFINITIONS "BUILDING_GOST_PROVIDER;OPENSSL_NO_DYNAMIC_ENGINE"
+ )
+target_link_libraries(gost_prov PRIVATE gost_core libprov)
+
+# The GOST provider in library form
+add_library(lib_gost_prov SHARED
+ ${GOST_PROV_SOURCE_FILES} ${GOST_ENGINE_SOURCE_FILES}
+ )
+set_target_properties(lib_gost_prov PROPERTIES
+ OUTPUT_NAME "gostprov"
+ COMPILE_DEFINITIONS "BUILDING_GOST_PROVIDER;BUILDING_PROVIDER_AS_LIBRARY;OPENSSL_NO_DYNAMIC_ENGINE"
+ )
+target_link_libraries(lib_gost_prov PRIVATE gost_core libprov)
set(GOST_SUM_SOURCE_FILES
gostsum.c
#endif
+#ifndef GOST_PROV
static int lib_code = 0;
static int error_loaded = 0;
ERR_set_debug(file, line, NULL);
#endif
}
+#endif
* OpenSSL 0.9.9 libraries required to compile and use *
* this code *
**********************************************************************/
+# include <openssl/core.h>
# include <openssl/bn.h>
# include <openssl/evp.h>
# include <openssl/asn1t.h>
--- /dev/null
+/**********************************************************************
+ * gost_prov.c - The provider itself *
+ * *
+ * Copyright (c) 2021 Richard Levitte <richard@levitte.org> *
+ * This file is distributed under the same license as OpenSSL *
+ * *
+ * Requires OpenSSL 3.0 for compilation *
+ **********************************************************************/
+
+#include <openssl/core_dispatch.h>
+#include "gost_prov.h"
+#include "gost_lcl.h"
+#include "prov/err.h" /* libprov err functions */
+
+/*********************************************************************
+ *
+ * Errors
+ *
+ *****/
+
+/*
+ * Ugly hack, to get the errors generated by mkerr.pl. This should ideally
+ * be replaced with a local OSSL_ITEM list of < number, string > pairs as
+ * reason strings, but for now, we will simply use GOST_str_reasons.
+ * Fortunately, the ERR_STRING_DATA structure is compatible with OSSL_ITEM,
+ * so we can return it directly.
+ */
+static struct proverr_functions_st *err_handle;
+#define GOST_PROV
+#include "e_gost_err.c"
+void ERR_GOST_error(int function, int reason, char *file, int line)
+{
+ proverr_new_error(err_handle);
+ proverr_set_error_debug(err_handle, file, line, NULL);
+ proverr_set_error(err_handle, reason, NULL);
+}
+
+/*********************************************************************
+ *
+ * Provider context
+ *
+ *****/
+
+static void provider_ctx_free(PROV_CTX *ctx)
+{
+ if (ctx != NULL) {
+ ENGINE_free(ctx->e);
+ proverr_free_handle(ctx->proverr_handle);
+ OSSL_LIB_CTX_free(ctx->libctx);
+ }
+ free(ctx);
+}
+
+extern int populate_gost_engine(ENGINE *e);
+static PROV_CTX *provider_ctx_new(const OSSL_CORE_HANDLE *core,
+ const OSSL_DISPATCH *in)
+{
+ PROV_CTX *ctx;
+
+ if ((ctx = malloc(sizeof(*ctx))) != NULL
+ && (ctx->proverr_handle = proverr_new_handle(core, in)) != NULL
+ && (ctx->libctx = OSSL_LIB_CTX_new()) != NULL
+ && (ctx->e = ENGINE_new()) != NULL
+ && populate_gost_engine(ctx->e)) {
+ ctx->core_handle = core;
+
+ /* Ugly hack */
+ err_handle = ctx->proverr_handle;
+ } else {
+ provider_ctx_free(ctx);
+ ctx = NULL;
+ }
+ return ctx;
+}
+
+/*********************************************************************
+ *
+ * Setup
+ *
+ *****/
+
+typedef void (*fptr_t)(void);
+
+/* The function that returns the appropriate algorithm table per operation */
+static const OSSL_ALGORITHM *gost_operation(void *vprovctx,
+ int operation_id,
+ const int *no_cache)
+{
+ return NULL;
+}
+
+static int gost_get_params(void *provctx, OSSL_PARAM *params)
+{
+ return 1;
+}
+
+static const OSSL_ITEM *gost_get_reason_strings(void *provctx)
+{
+#if 0
+ return reason_strings;
+#endif
+ return (OSSL_ITEM *)GOST_str_reasons;
+}
+
+/* The function that tears down this provider */
+static void gost_teardown(void *vprovctx)
+{
+ provider_ctx_free(vprovctx);
+}
+
+/* The base dispatch table */
+static const OSSL_DISPATCH provider_functions[] = {
+ { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (fptr_t)gost_operation },
+ { OSSL_FUNC_PROVIDER_GET_REASON_STRINGS, (fptr_t)gost_get_reason_strings },
+ { OSSL_FUNC_PROVIDER_GET_PARAMS, (fptr_t)gost_get_params },
+ { OSSL_FUNC_PROVIDER_TEARDOWN, (fptr_t)gost_teardown },
+ { 0, NULL }
+};
+
+struct prov_ctx_st {
+ void *core_handle;
+ struct proverr_functions_st *err_handle;
+};
+
+#ifdef BUILDING_PROVIDER_AS_LIBRARY
+/*
+ * This allows the provider to be built in library form. In this case, the
+ * application must add it explicitly like this:
+ *
+ * OSSL_PROVIDER_add_builtin(NULL, "gost", GOST_provider_init);
+ */
+# define OSSL_provider_init GOST_provider_init
+#endif
+
+int OSSL_provider_init(const OSSL_CORE_HANDLE *core,
+ const OSSL_DISPATCH *in,
+ const OSSL_DISPATCH **out,
+ void **vprovctx)
+{
+ if ((*vprovctx = provider_ctx_new(core, in)) == NULL)
+ return 0;
+ *out = provider_functions;
+ return 1;
+}
--- /dev/null
+/**********************************************************************
+ * gost_prov.h - The provider itself *
+ * *
+ * Copyright (c) 2021 Richard Levitte <richard@levitte.org> *
+ * This file is distributed under the same license as OpenSSL *
+ * *
+ * Requires OpenSSL 3.0 for compilation *
+ **********************************************************************/
+
+#include <openssl/core.h>
+#include <openssl/engine.h>
+
+struct provider_ctx_st {
+ OSSL_LIB_CTX *libctx;
+ const OSSL_CORE_HANDLE *core_handle;
+ struct proverr_functions_st *proverr_handle;
+
+ /*
+ * "internal" GOST engine, which is the implementation that all the
+ * provider functions will use to access the crypto functionality.
+ * This is pure hackery, but allows us to quickly wrap all the ENGINE
+ * function with provider wrappers. There is no other supported way
+ * to do this.
+ */
+ ENGINE *e;
+};
+typedef struct provider_ctx_st PROV_CTX;
--- /dev/null
+Subproject commit 0f87843c0b85f325bdac7e0341946fc97d5d9d2d