Richard Levitte [Mon, 10 May 2021 07:06:04 +0000 (09:06 +0200)]
Making a gost provider - Refactor the testing foundation
This makes space for provider tests.
As a beginning, test/00-provider.t is added. It corresponds to
test/00-engine.t.
All other test/*.t are currently skipped unless the engine is tested.
They will be re-enabled as support for each algorithm type is added in
the provider code.
Richard Levitte [Sun, 14 Feb 2021 23:45:40 +0000 (00:45 +0100)]
Making a gost provider - Refactor the engine to become a backend
The gost provider is planned to be a wrapper around the already
existing functionality, designed for ENGINE use.
The easiest way to do this is to let the gost ENGINE continue to exist
within the gost provider, as an internal ENGINE. To do that, we make
it possible to build gost_eng.c so it only populates the GOST ENGINE
structure, but doesn't perform any of the ENGINE registration. That
way, the GOST ENGINE structure becomes purely internal, and can be
used as the actual implementation of the offered provider functionality,
through diverse EVP calls that accept an ENGINE pointer.
Richard Levitte [Sat, 13 Feb 2021 13:45:11 +0000 (14:45 +0100)]
Making a gost provider - move away the error source files
The error source files, e_gost_err.c and e_gost_err.h, are not
suitable for providers as they are, so we need to move those away from
the core library, and leave it to the provider code to deal with it.
Richard Levitte [Wed, 18 Aug 2021 07:12:40 +0000 (09:12 +0200)]
Switch to using OpenSSL target names in CMakeLists.txt
Cmake 3.0 was a switch to using targets and properties rather than
variables when linking different components together.
We follow that philosophy by dropping ${OPENSSL_CRYPTO_LIBRARIES} and
${OPENSSL_SSL_LIBRARIES} in favor of OpenSSL::Crypto and OpenSSL::SSL.
Richard Levitte [Tue, 17 Aug 2021 20:35:09 +0000 (22:35 +0200)]
Reduce the repeated library dependence information
Cmake is generally good at tracking specified dependencies between
libraries. All that we need to do is to establish a dependency on
OpenSSL's libcrypto for 'gost_core', and then we can reduce the amount
of repeated dependencies for everything that links against 'gost_core'.
Richard Levitte [Tue, 17 Aug 2021 20:31:39 +0000 (22:31 +0200)]
Make CMakeLists.txt work better with static OpenSSL libraries
The static OpenSSL libraries have some dependencies that need to be
recorded fofr everything that's linked against it. To achieve this,
we use ${OPENSSL_CRYPTO_LIBRARIES} and ${OPENSSL_SSL_LIBRARIES}
instead of ${OPENSSL_CRYPTO_LIBRARY} and ${OPENSSL_SSL_LIBRARY}.
Richard Levitte [Wed, 12 May 2021 12:09:49 +0000 (14:09 +0200)]
Set OPENSSL_ROOT_DIR if it isn't set.
These days, the OpenSSL cmake package finder is capable of finding
a custom OpenSSL installation with no OPENSSL_ROOT_DIR defined, but
CMAKE_PREFIX_PATH defined.
However, gost-engine's CMakeLists.txt does use OPENSSL_ROOT_DIR, so
it needs it to be defined unconditionally. That's arranged fairly
easily by assigning it the parent directory of OPENSSL_INCLUDE_DIR.
Richard Levitte [Tue, 11 May 2021 08:27:37 +0000 (10:27 +0200)]
Adapt C flags for the cmake build type
The C flags were set to be highly optimized regardless of the cmake
build type. This may make debugging difficult. To resolve that, we
adapt the C flags to the cmake build type in a supported manner.
Richard Levitte [Sat, 1 May 2021 06:36:55 +0000 (08:36 +0200)]
Make test programs less hard-coded
The following programs had a hard coded load of the gost engine.
This changes them to rely more on the testing environment, and to
load engines through configuration files.
This affects: test_ciphers.c, test_context.c, test_derive.c,
test_digest.c, test_params.c, test_sign.c, test_tls.c
Richard Levitte [Tue, 30 Mar 2021 19:53:38 +0000 (21:53 +0200)]
.github/workflows/codeql-analysis.yml: Bump the OpenSSL version
From 3.0.0-alpha6 to 3.0.0-alpha13, mostly for Analysis to avoid
getting failures when compiling, considering that the GOST source has
adapted for the latter version.
Richard Levitte [Mon, 22 Feb 2021 05:08:55 +0000 (06:08 +0100)]
Always cNORM before "\n"
Using cNORM after "\n" may or may not work, probably because of the
line buffered nature of standard output.
If an error is displayed immediately after a printf that has cNORM
after "\n", the error output sometimes "overrides" the cNORM, and you
may end up with a surprisingly colorful error message, not to mention
that this may also affect your prompt in the same manner.
The lesson is to always output cNORM before the ending "\n".
Richard Levitte [Sun, 21 Feb 2021 16:32:47 +0000 (17:32 +0100)]
Modify installation instructions for gost-engine library and module
- Simplify the installation of libraries and programs to simply use
defaults.
- Install only the gost engine in module form into the OpenSSL engine
directory.
- Install the gostsum and gost12sum manuals in the normal man1 directory,
as there's really no reason to install them among OpenSSL stuff
specifically.
- Install the cmake configuration file.
Richard Levitte [Wed, 17 Feb 2021 18:01:19 +0000 (19:01 +0100)]
Also build gost-engine in library form
In this form, the GOST engine isn't loadable through OpenSSL's dynamic
ENGINE loader, but directly as its own function, ENGINE_load_gost().
After making that call, the engine functionality can be used as usual.
This includes a public header file called gost-engine.h, which declares
that functions.
This also rearranges the code in gost_eng.c, as the binding
functionality was spread around in the file. Now, it's all nicely
tucked at the end.
Richard Levitte [Wed, 17 Feb 2021 05:07:20 +0000 (06:07 +0100)]
Fix gost engine suffix (for MacOS X)
On MacOS X, OpenSSL and cmake have different ideas on what suffix a
dynamically loadable module should have. OpenSSL expects .dylib,
while cmake uses .so by default.
Fixed by explicitly telling cmake to use the same suffix as for shared
libraries.
Richard Levitte [Sun, 14 Feb 2021 20:53:02 +0000 (21:53 +0100)]
Remove the use of test/run_tests in favor of 'prove'
'prove' is a well developed TAP harness program, there's no real need
to write one's own.
We do need to set certain paths properly for the appropriate 'openssl'
program to be run. We do that with a 'prove' plugin (WrapOpenSSL.pm)
that simply amends the appropriate system environment variables, given
a number of cmake generated environment variables that indicate where
OpenSSL files reside.
Richard Levitte [Sat, 13 Feb 2021 10:38:43 +0000 (11:38 +0100)]
Cleanup source organisation, and make 'gost' an actual module
GOST_CORE_SOURCE_FILES and GOST_ENGINE_SOURCE_FILES were a bit
disorganised, they are now re-arranged so GOST_ENGINE_SOURCE_FILES
contains ENGINE specific source only, and what was less ENGINE
specific was moved to GOST_CORE_SOURCE_FILES. Furthermore,
GOST_LIB_SOURCE_FILES now includes GOST_CORE_SOURCE_FILES, so the
gost_core library is complete with all implementations.
As a consequence, 'gost' is now explicitly made into a dlopenable
module. On some operating systems, that makes a difference.
This paves the way for alternative implementations based on the same
base code, such as a provider implementation.
It's quite possible that the re-arrangement done here isn't "pure"
enough. Future development will tell.
gost_crypt: process full available block in CFB and CNT mode
If at the input of the encryption function in the CFB mode we have
an integer number of blocks, then in the main loop all blocks will be
processed, except for the last one due to an incorrect border check.
The last block will be fully processed as a "partial" remainder, but
the initialization vector will not be updated. And, thus, the value
of IV will always be incorrect in this case.
This breaks stateless protocols due to an invalid initialization vector:
all messages except the first cannot be decrypted. (Naturally, we are
talking about a case with disabled key meshing, which does not allow
context recovery due to an erroneous implementation.)
It is worth noting here that the code for processing partial blocks
(both at the input of the encryption functions and at the output) is
a historically unnecessary artifact, since we do not set the
EVP_CIPH_FLAG_CUSTOM_CIPHER flag and, as a result, OpenSSL processes
partial blocks for us.
This patch corrects the checking of the main loop boundary.
A similar error is present in the code for the CNT mode, but there it
does not manifest itself in any way, because the restoration of the
state in this mode is impossible: even after disabling key meshing, we
still have the state-dependent transformation of the IV.
As an extra result of this fix, the code for processing partial blocks
can be completely removed now.
Igor Kirillov [Thu, 26 Nov 2020 15:26:03 +0000 (18:26 +0300)]
update magma cipher ctr_acpkm mode encrypting
Fixed bug when acpkm key meshing didn't apply at appropriate time
during TLS secure exchange.
Unify usage of 'num' variable of EVP_CIPHER_CTX for kuznetchik and
magma.
Provide cmake test if alignment requirement is strict
This is based on AX_CHECK_ALIGNED_ACCESS_REQUIRED from autoconf-archive.
Note, that on some arches unaligned access behavior could be changed at
runtime via prctl(1). Also, unaligned memory access is still slower (and
very slow on some arches) even if it's not strictly required.