]> wagner.pp.ru Git - openssl-gost/engine.git/log
openssl-gost/engine.git
3 years agolibprov: update to latest
Richard Levitte [Mon, 30 Aug 2021 11:44:22 +0000 (13:44 +0200)]
libprov: update to latest

3 years agoMaking a gost provider - installation instructions
Richard Levitte [Sat, 13 Feb 2021 14:01:02 +0000 (15:01 +0100)]
Making a gost provider - installation instructions

3 years agoMaking a gost provider - Adapt test_context.c for providers
Richard Levitte [Wed, 12 May 2021 11:44:05 +0000 (13:44 +0200)]
Making a gost provider - Adapt test_context.c for providers

3 years agoMaking a gost provider - Adapt test_ciphers.c for providers
Richard Levitte [Wed, 12 May 2021 11:36:15 +0000 (13:36 +0200)]
Making a gost provider - Adapt test_ciphers.c for providers

3 years agoMaking a gost provider - Adapt test_digest.c for providers
Richard Levitte [Tue, 11 May 2021 08:09:10 +0000 (10:09 +0200)]
Making a gost provider - Adapt test_digest.c for providers

3 years agoMaking a gost provider - Adapt the grasshopper OMACs for providers
Richard Levitte [Tue, 11 May 2021 07:39:30 +0000 (09:39 +0200)]
Making a gost provider - Adapt the grasshopper OMACs for providers

They needed to be modified to handled EVP_CIPHERs implemented by a
provider.

3 years agoMaking a gost provider - Add the macs
Richard Levitte [Mon, 5 Apr 2021 06:08:10 +0000 (08:08 +0200)]
Making a gost provider - Add the macs

We add the macs for the provider as wrappers around the EVP_MD
implementations designed for ENGINEs.  This is not the most elegant,
but it does the job.

When an algorithm has an OID, it's included in the OSSL_ALGORITHM name
as an alias.  This is the way to avoid having to register the OIDs in
OpenSSL proper.

3 years agoMaking a gost provider - Add the digests
Richard Levitte [Sat, 13 Feb 2021 13:56:17 +0000 (14:56 +0100)]
Making a gost provider - Add the digests

We add the digests for the provider as wrappers around the routines
designed for ENGINEs.  This is not the most elegant, but it does the
job.

When an algorithm has an OID, it's included in the OSSL_ALGORITHM name
as an aliase.  This is the way to avoid having to register the OIDs in
OpenSSL proper.

test/01-digest.t is modified to test the provider as well.

3 years agoMaking a gost provider - Add the ciphers
Richard Levitte [Sat, 13 Feb 2021 13:52:39 +0000 (14:52 +0100)]
Making a gost provider - Add the ciphers

We add the ciphers for the provider as wrappers around the routines
designed for ENGINEs.  This is not the most elegant, but it does the
job.

When an algorithm has an OID, it's included in the OSSL_ALGORITHM name
as an aliase.  This is the way to avoid having to register the OIDs in
OpenSSL proper.

test/03-encrypt.t is modified to test the provider as well.

3 years agoMaking a gost provider - Refactor the testing foundation
Richard Levitte [Mon, 10 May 2021 07:06:04 +0000 (09:06 +0200)]
Making a gost provider - Refactor the testing foundation

This makes space for provider tests.

As a beginning, test/00-provider.t is added.  It corresponds to
test/00-engine.t.

All other test/*.t are currently skipped unless the engine is tested.
They will be re-enabled as support for each algorithm type is added in
the provider code.

3 years agoMaking a gost provider - Add the provider foundation
Richard Levitte [Sat, 13 Feb 2021 13:50:49 +0000 (14:50 +0100)]
Making a gost provider - Add the provider foundation

This adds the source to get a minimal provider that provides...
nothing.

3 years agoMaking a gost provider - Refactor the engine to become a backend
Richard Levitte [Sun, 14 Feb 2021 23:45:40 +0000 (00:45 +0100)]
Making a gost provider - Refactor the engine to become a backend

The gost provider is planned to be a wrapper around the already
existing functionality, designed for ENGINE use.

The easiest way to do this is to let the gost ENGINE continue to exist
within the gost provider, as an internal ENGINE.  To do that, we make
it possible to build gost_eng.c so it only populates the GOST ENGINE
structure, but doesn't perform any of the ENGINE registration.  That
way, the GOST ENGINE structure becomes purely internal, and can be
used as the actual implementation of the offered provider functionality,
through diverse EVP calls that accept an ENGINE pointer.

3 years agoMaking a gost provider - move away the error source files
Richard Levitte [Sat, 13 Feb 2021 13:45:11 +0000 (14:45 +0100)]
Making a gost provider - move away the error source files

The error source files, e_gost_err.c and e_gost_err.h, are not
suitable for providers as they are, so we need to move those away from
the core library, and leave it to the provider code to deal with it.

3 years agoExplicitly provide SECLEVEL for TLS tests
Dmitry Belyavskiy [Thu, 7 Oct 2021 18:51:02 +0000 (20:51 +0200)]
Explicitly provide SECLEVEL for TLS tests

3 years agoDon't recreate GOST EC groups every time (#358)
Dmitry Belyavskiy [Tue, 28 Sep 2021 14:39:39 +0000 (17:39 +0300)]
Don't recreate GOST EC groups every time (#358)

* Don't recreate GOST EC groups every time

For multiple keygen it saves 6% time

3 years agoRewrite error handling in pub_decode_gost_ec() v3.0.0
Nikolas [Sun, 19 Sep 2021 08:44:32 +0000 (11:44 +0300)]
Rewrite error handling in pub_decode_gost_ec()

3 years agoWe don't want depend on spacing around equal sign
Dmitry Belyavskiy [Thu, 16 Sep 2021 15:15:33 +0000 (17:15 +0200)]
We don't want depend on spacing around equal sign

...in DN output

3 years agoNow that there is an actual openssl-3.0 branch, switch to use that
Richard Levitte [Mon, 6 Sep 2021 05:47:37 +0000 (07:47 +0200)]
Now that there is an actual openssl-3.0 branch, switch to use that

3 years agoMake the use of RPATH conditional
Richard Levitte [Wed, 1 Sep 2021 07:24:59 +0000 (09:24 +0200)]
Make the use of RPATH conditional

MacOS ld doesn't support -rpath, so we must be able to not use it there.

3 years agoSimplify the CI job "gcc-asan-openssl-master"
Richard Levitte [Wed, 1 Sep 2021 07:04:05 +0000 (09:04 +0200)]
Simplify the CI job "gcc-asan-openssl-master"

Now that .github/before_script.sh works properly on MacOS, there is
no reason not to use it for this job as well.

3 years agoModify .github/before_script.sh to install cpanm as a standalone script
Richard Levitte [Wed, 1 Sep 2021 06:48:02 +0000 (08:48 +0200)]
Modify .github/before_script.sh to install cpanm as a standalone script

It makes sure to install it where site perl scripts should be located.

3 years agoAdd CI builds on MacOS 11 (BigSur)
Richard Levitte [Tue, 31 Aug 2021 18:32:55 +0000 (20:32 +0200)]
Add CI builds on MacOS 11 (BigSur)

3 years agoUpdate openssl-3.0.0-alpha17 -> openssl-3.0.0-beta2 for codeql as well
Richard Levitte [Sun, 29 Aug 2021 07:41:32 +0000 (09:41 +0200)]
Update openssl-3.0.0-alpha17 -> openssl-3.0.0-beta2 for codeql as well

3 years agoIncrease cmake version to 3.18
Dmitry Belyavskiy [Thu, 19 Aug 2021 13:34:06 +0000 (15:34 +0200)]
Increase cmake version to 3.18

3 years agoStop overriding OPENSSL_LIBRARIES
Dmitry Belyavskiy [Thu, 19 Aug 2021 12:55:19 +0000 (14:55 +0200)]
Stop overriding OPENSSL_LIBRARIES

Fix #346

3 years agoSwitch to using OpenSSL target names in CMakeLists.txt
Richard Levitte [Wed, 18 Aug 2021 07:12:40 +0000 (09:12 +0200)]
Switch to using OpenSSL target names in CMakeLists.txt

Cmake 3.0 was a switch to using targets and properties rather than
variables when linking different components together.
We follow that philosophy by dropping ${OPENSSL_CRYPTO_LIBRARIES} and
${OPENSSL_SSL_LIBRARIES} in favor of OpenSSL::Crypto and OpenSSL::SSL.

3 years agoReduce the repeated library dependence information
Richard Levitte [Tue, 17 Aug 2021 20:35:09 +0000 (22:35 +0200)]
Reduce the repeated library dependence information

Cmake is generally good at tracking specified dependencies between
libraries.  All that we need to do is to establish a dependency on
OpenSSL's libcrypto for 'gost_core', and then we can reduce the amount
of repeated dependencies for everything that links against 'gost_core'.

3 years agoMake CMakeLists.txt work better with static OpenSSL libraries
Richard Levitte [Tue, 17 Aug 2021 20:31:39 +0000 (22:31 +0200)]
Make CMakeLists.txt work better with static OpenSSL libraries

The static OpenSSL libraries have some dependencies that need to be
recorded fofr everything that's linked against it.  To achieve this,
we use ${OPENSSL_CRYPTO_LIBRARIES} and ${OPENSSL_SSL_LIBRARIES}
instead of ${OPENSSL_CRYPTO_LIBRARY} and ${OPENSSL_SSL_LIBRARY}.

3 years agopush VKO cofactor clearing into ECCKiila
Billy Brumley [Mon, 9 Aug 2021 19:57:47 +0000 (22:57 +0300)]
push VKO cofactor clearing into ECCKiila

3 years ago[test] VKO unit tests for curves with cofactors: extreme ranges
Billy Brumley [Mon, 9 Aug 2021 19:57:15 +0000 (22:57 +0300)]
[test] VKO unit tests for curves with cofactors: extreme ranges

3 years agoExplicitly set libdir to lib
Dmitry Belyavskiy [Wed, 11 Aug 2021 13:10:00 +0000 (15:10 +0200)]
Explicitly set libdir to lib

OpenSSL commit https://github.com/openssl/openssl/commit/74b7f339aa58af57c0e71b7efca66e6f2db5ae2e
changed the default installation path on 64-bit systems.

The recommended workaround is appending --libdir=lib

3 years agoStable: alpha16 => beta2
Dmitry Belyavskiy [Tue, 10 Aug 2021 16:18:45 +0000 (18:18 +0200)]
Stable: alpha16 => beta2

3 years agoCMake 3.18 recommended
Dmitry Belyavskiy [Wed, 2 Jun 2021 15:16:12 +0000 (17:16 +0200)]
CMake 3.18 recommended

More earlier versions don't properly detect OpenSSL 3.0.
BTW, workarounds still exist

3 years agoMerge branch 'levitte-update-codeql-analysis'
Dmitry Belyavskiy [Fri, 28 May 2021 11:10:12 +0000 (13:10 +0200)]
Merge branch 'levitte-update-codeql-analysis'

3 years agoMerge branch 'update-codeql-analysis' of https://github.com/levitte/engine into levit...
Dmitry Belyavskiy [Fri, 28 May 2021 11:09:07 +0000 (13:09 +0200)]
Merge branch 'update-codeql-analysis' of https://github.com/levitte/engine into levitte-update-codeql-analysis

3 years agoSet OPENSSL_ROOT_DIR if it isn't set.
Richard Levitte [Wed, 12 May 2021 12:09:49 +0000 (14:09 +0200)]
Set OPENSSL_ROOT_DIR if it isn't set.

These days, the OpenSSL cmake package finder is capable of finding
a custom OpenSSL installation with no OPENSSL_ROOT_DIR defined, but
CMAKE_PREFIX_PATH defined.

However, gost-engine's CMakeLists.txt does use OPENSSL_ROOT_DIR, so
it needs it to be defined unconditionally.  That's arranged fairly
easily by assigning it the parent directory of OPENSSL_INCLUDE_DIR.

3 years agoMerge branch 'master' into update-codeql-analysis 334/head
Dmitry Belyavskiy [Fri, 28 May 2021 11:02:16 +0000 (14:02 +0300)]
Merge branch 'master' into update-codeql-analysis

3 years agoUpdate the OpenSSL 3.0 tag to openssl-3.0.0-alpha17
Richard Levitte [Fri, 28 May 2021 10:23:14 +0000 (12:23 +0200)]
Update the OpenSSL 3.0 tag to openssl-3.0.0-alpha17

Most of all, at least openssl-3.0.0-alpha16 is needed, because there
are API changes made in that release that affects gost-engine builds

3 years agoIncrease openssl version
Dmitry Belyavskiy [Sun, 23 May 2021 09:05:01 +0000 (11:05 +0200)]
Increase openssl version

3 years agoAdapt C flags for the cmake build type
Richard Levitte [Tue, 11 May 2021 08:27:37 +0000 (10:27 +0200)]
Adapt C flags for the cmake build type

The C flags were set to be highly optimized regardless of the cmake
build type.  This may make debugging difficult.  To resolve that, we
adapt the C flags to the cmake build type in a supported manner.

3 years agoAlpha version bump
Dmitry Belyavskiy [Tue, 11 May 2021 10:58:29 +0000 (12:58 +0200)]
Alpha version bump

3 years agoUpdate to be compatible with openssl#15100
Dmitry Belyavskiy [Fri, 30 Apr 2021 16:38:48 +0000 (18:38 +0200)]
Update to be compatible with openssl#15100

(cherry picked from commit 1b684f3f906bc81154ca1d5af7d6bc60199f1f9c)

3 years agoMark test_keyexpimp and gost89 as internal tests
Richard Levitte [Sat, 1 May 2021 06:42:31 +0000 (08:42 +0200)]
Mark test_keyexpimp and gost89 as internal tests

3 years agoDon't load the gost engine in test_curves.c
Richard Levitte [Sat, 1 May 2021 06:41:42 +0000 (08:41 +0200)]
Don't load the gost engine in test_curves.c

This test is so internal that it doesn't even need the engine.

3 years agoMake test programs less hard-coded
Richard Levitte [Sat, 1 May 2021 06:36:55 +0000 (08:36 +0200)]
Make test programs less hard-coded

The following programs had a hard coded load of the gost engine.
This changes them to rely more on the testing environment, and to
load engines through configuration files.

This affects: test_ciphers.c, test_context.c, test_derive.c,
test_digest.c, test_params.c, test_sign.c, test_tls.c

3 years agoUpdate gost_ec_keyx.c
se-prok [Fri, 2 Apr 2021 07:51:28 +0000 (10:51 +0300)]
Update gost_ec_keyx.c

It's not right to have segmentation faults.

3 years agoDon't put test results or intermediary files in the source tree
Richard Levitte [Tue, 30 Mar 2021 18:40:37 +0000 (20:40 +0200)]
Don't put test results or intermediary files in the source tree

When building in a directory that's separate from the source
directory, test results should end up in the build directory, not the
source directory.

Essentially, unless you do build in the source directory, it should be
regarded as read-only when building.

3 years agoInstall manuals in the correct location
Richard Levitte [Tue, 30 Mar 2021 18:47:16 +0000 (20:47 +0200)]
Install manuals in the correct location

Cmake doesn't support the variable CMAKE_INSTALL_DIR.  However, with
the GNUInstallDirs module, there is the variable CMAKE_INSTALL_MANDIR.

3 years ago.github/workflows/codeql-analysis.yml: Bump the OpenSSL version
Richard Levitte [Tue, 30 Mar 2021 19:53:38 +0000 (21:53 +0200)]
.github/workflows/codeql-analysis.yml: Bump the OpenSSL version

From 3.0.0-alpha6 to 3.0.0-alpha13, mostly for Analysis to avoid
getting failures when compiling, considering that the GOST source has
adapted for the latter version.

3 years agoMake it compatible with cmake versions lower than 3.14, specify explicitly destinatio...
Sergei Lemeshkin [Wed, 17 Mar 2021 12:28:30 +0000 (15:28 +0300)]
Make it compatible with cmake versions lower than 3.14, specify explicitly destination paths

3 years agoOpenSSL version bump
Dmitry Belyavskiy [Wed, 17 Mar 2021 13:41:20 +0000 (14:41 +0100)]
OpenSSL version bump

3 years agoEVP_MAC_init API changed
Dmitry Belyavskiy [Wed, 3 Mar 2021 15:04:49 +0000 (16:04 +0100)]
EVP_MAC_init API changed

3 years agoAlways cNORM before "\n"
Richard Levitte [Mon, 22 Feb 2021 05:08:55 +0000 (06:08 +0100)]
Always cNORM before "\n"

Using cNORM after "\n" may or may not work, probably because of the
line buffered nature of standard output.

If an error is displayed immediately after a printf that has cNORM
after "\n", the error output sometimes "overrides" the cNORM, and you
may end up with a surprisingly colorful error message, not to mention
that this may also affect your prompt in the same manner.

The lesson is to always output cNORM before the ending "\n".

3 years agoModify installation instructions for gost-engine library and module
Richard Levitte [Sun, 21 Feb 2021 16:32:47 +0000 (17:32 +0100)]
Modify installation instructions for gost-engine library and module

- Simplify the installation of libraries and programs to simply use
  defaults.
- Install only the gost engine in module form into the OpenSSL engine
  directory.
- Install the gostsum and gost12sum manuals in the normal man1 directory,
  as there's really no reason to install them among OpenSSL stuff
  specifically.
- Install the cmake configuration file.

3 years agoAlso build gost-engine in library form
Richard Levitte [Wed, 17 Feb 2021 18:01:19 +0000 (19:01 +0100)]
Also build gost-engine in library form

In this form, the GOST engine isn't loadable through OpenSSL's dynamic
ENGINE loader, but directly as its own function, ENGINE_load_gost().
After making that call, the engine functionality can be used as usual.
This includes a public header file called gost-engine.h, which declares
that functions.

This also rearranges the code in gost_eng.c, as the binding
functionality was spread around in the file.  Now, it's all nicely
tucked at the end.

3 years agoAll tests are passing
Dmitry Belyavskiy [Sat, 20 Feb 2021 17:49:30 +0000 (18:49 +0100)]
All tests are passing

3 years agoAvoid some buffer overflows
Dmitry Belyavskiy [Sat, 20 Feb 2021 12:41:59 +0000 (15:41 +0300)]
Avoid some buffer overflows

3 years agoOpenSSL version bump: alpha8 => alpha11
Dmitry Belyavskiy [Wed, 17 Feb 2021 18:37:42 +0000 (19:37 +0100)]
OpenSSL version bump: alpha8 => alpha11

3 years agoBuild gcc-asan-openssl-master on MacOS X as well
Richard Levitte [Wed, 17 Feb 2021 06:38:17 +0000 (07:38 +0100)]
Build gcc-asan-openssl-master on MacOS X as well

3 years agoFix gost engine suffix (for MacOS X)
Richard Levitte [Wed, 17 Feb 2021 05:07:20 +0000 (06:07 +0100)]
Fix gost engine suffix (for MacOS X)

On MacOS X, OpenSSL and cmake have different ideas on what suffix a
dynamically loadable module should have.  OpenSSL expects .dylib,
while cmake uses .so by default.

Fixed by explicitly telling cmake to use the same suffix as for shared
libraries.

3 years agoRemove the use of test/run_tests in favor of 'prove'
Richard Levitte [Sun, 14 Feb 2021 20:53:02 +0000 (21:53 +0100)]
Remove the use of test/run_tests in favor of 'prove'

'prove' is a well developed TAP harness program, there's no real need
to write one's own.

We do need to set certain paths properly for the appropriate 'openssl'
program to be run.  We do that with a 'prove' plugin (WrapOpenSSL.pm)
that simply amends the appropriate system environment variables, given
a number of cmake generated environment variables that indicate where
OpenSSL files reside.

3 years agoMove gost_cmds[] from gost_ctl.c to gost_eng.c
Richard Levitte [Sat, 13 Feb 2021 12:53:46 +0000 (13:53 +0100)]
Move gost_cmds[] from gost_ctl.c to gost_eng.c

This make that array uniquely belonging to the engine proper, while
leaving the more generic gost parameters functionality in the
gost_core library.

3 years agoCleanup source organisation, and make 'gost' an actual module
Richard Levitte [Sat, 13 Feb 2021 10:38:43 +0000 (11:38 +0100)]
Cleanup source organisation, and make 'gost' an actual module

GOST_CORE_SOURCE_FILES and GOST_ENGINE_SOURCE_FILES were a bit
disorganised, they are now re-arranged so GOST_ENGINE_SOURCE_FILES
contains ENGINE specific source only, and what was less ENGINE
specific was moved to GOST_CORE_SOURCE_FILES.  Furthermore,
GOST_LIB_SOURCE_FILES now includes GOST_CORE_SOURCE_FILES, so the
gost_core library is complete with all implementations.

As a consequence, 'gost' is now explicitly made into a dlopenable
module.  On some operating systems, that makes a difference.

This paves the way for alternative implementations based on the same
base code, such as a provider implementation.

It's quite possible that the re-arrangement done here isn't "pure"
enough.  Future development will tell.

3 years agoReverting 0669b5306
Dmitry Belyavskiy [Sat, 6 Feb 2021 18:19:03 +0000 (19:19 +0100)]
Reverting 0669b5306

3 years agoAdjust printing options as we print pubkey only
Dmitry Belyavskiy [Sat, 6 Feb 2021 16:34:18 +0000 (17:34 +0100)]
Adjust printing options as we print pubkey only

3 years agoUpdate build instructions to make perl tests happy
Dmitry Belyavskiy [Sat, 6 Feb 2021 16:33:19 +0000 (17:33 +0100)]
Update build instructions to make perl tests happy

3 years agoFixed tests to match the current messages
Dmitry Belyavskiy [Wed, 20 Jan 2021 18:15:34 +0000 (19:15 +0100)]
Fixed tests to match the current messages

3 years agoCI: Covert some Travis-CI to GitHub Actions
Vitaly Chikunov [Thu, 7 Jan 2021 19:05:16 +0000 (22:05 +0300)]
CI: Covert some Travis-CI to GitHub Actions

All, excluding ppc64le/s390x/ar64 architectures, macOS,
and Coverity run.

3 years agogost_crypt: process full available block in CFB and CNT mode
Alexei A. Smekalkine [Mon, 30 Nov 2020 21:20:59 +0000 (00:20 +0300)]
gost_crypt: process full available block in CFB and CNT mode

If at the input of the encryption function in the CFB mode we have
an integer number of blocks, then in the main loop all blocks will be
processed, except for the last one due to an incorrect border check.
The last block will be fully processed as a "partial" remainder, but
the initialization vector will not be updated. And, thus, the value
of IV will always be incorrect in this case.

This breaks stateless protocols due to an invalid initialization vector:
all messages except the first cannot be decrypted. (Naturally, we are
talking about a case with disabled key meshing, which does not allow
context recovery due to an erroneous implementation.)

It is worth noting here that the code for processing partial blocks
(both at the input of the encryption functions and at the output) is
a historically unnecessary artifact, since we do not set the
EVP_CIPH_FLAG_CUSTOM_CIPHER flag and, as a result, OpenSSL processes
partial blocks for us.

This patch corrects the checking of the main loop boundary.

A similar error is present in the code for the CNT mode, but there it
does not manifest itself in any way, because the restoration of the
state in this mode is impossible: even after disabling key meshing, we
still have the state-dependent transformation of the IV.

As an extra result of this fix, the code for processing partial blocks
can be completely removed now.

(cherry picked from commit cf402dd4d89271d5b1ca4ea938ce7a2f13a44d58)

3 years agoupdate magma cipher ctr_acpkm mode encrypting
Igor Kirillov [Thu, 26 Nov 2020 15:26:03 +0000 (18:26 +0300)]
update magma cipher ctr_acpkm mode encrypting

Fixed bug when acpkm key meshing didn't apply at appropriate time
during TLS secure exchange.
Unify usage of 'num' variable of EVP_CIPHER_CTX for kuznetchik and
magma.

3 years agoTests updated to support GOST2001DH
Dmitry Belyavskiy [Sat, 28 Nov 2020 16:53:40 +0000 (19:53 +0300)]
Tests updated to support GOST2001DH

3 years agoAdd explicit support for NID_id_GostR3410_2001DH (GOST R 34.10-2001 DH)
Dmitry Timoshkov [Fri, 27 Nov 2020 14:19:59 +0000 (17:19 +0300)]
Add explicit support for NID_id_GostR3410_2001DH (GOST R 34.10-2001 DH)

4 years agoTry to fix osx build
Dmitry Belyavskiy [Thu, 19 Nov 2020 19:47:39 +0000 (22:47 +0300)]
Try to fix osx build

4 years agoIncrease OpenSSL alpha version
Dmitry Belyavskiy [Thu, 19 Nov 2020 19:46:52 +0000 (22:46 +0300)]
Increase OpenSSL alpha version

4 years agomodernize ctrl function for magma & kuznechik TLS usage
Igor Kirillov [Fri, 30 Oct 2020 06:29:20 +0000 (09:29 +0300)]
modernize ctrl function for magma & kuznechik TLS usage

modernize magma & kuznechik ctrl functions for EVP_CTRL_TLSTREE mode.
add some minor updates to store master key for using in magma TLSTREE mode.

4 years agoModernize OpenSSL error reporting
Richard Levitte [Wed, 4 Nov 2020 16:44:21 +0000 (17:44 +0100)]
Modernize OpenSSL error reporting

OpenSSL 3.0 deprecates function codes and ERR_PUT_error() in favor
of ERR_raise() and ERR_set_debug().

4 years agoCMakeLists.txt: Fix warning on gcc-9
Vitaly Chikunov [Wed, 28 Oct 2020 21:58:56 +0000 (00:58 +0300)]
CMakeLists.txt: Fix warning on gcc-9

/root/rpmbuild/BUILD/openssl-gost-engine-1.1.1/CMakeFiles/CMakeTmp/src.c:4:14: warning: initialization of 'int *' from incompatible pointer type 'char *' [-Wincompatible-pointer-types]
    4 |     int *p = buf + 1;
      |              ^~~
/root/rpmbuild/BUILD/openssl-gost-engine-1.1.1/CMakeFiles/CMakeTmp/src.c:5:14: warning: initialization of 'int *' from incompatible pointer type 'char *' [-Wincompatible-pointer-types]
    5 |     int *q = buf + 2;
      |              ^~~

Reported-by: Ilya Shipitsin <https://github.com/chipitsine>
Fixes: #288
4 years agofix_cbc_281
Wolfgang Beck [Fri, 9 Oct 2020 06:57:03 +0000 (16:57 +1000)]
fix_cbc_281

4 years agoSetup CodeQL for gost-engine
Dmitry Belyavskiy [Fri, 2 Oct 2020 15:02:58 +0000 (18:02 +0300)]
Setup CodeQL for gost-engine

4 years agoFix Coverity #305799
Dmitry Belyavskiy [Sun, 27 Sep 2020 08:11:51 +0000 (11:11 +0300)]
Fix Coverity #305799

4 years agodisable gost key mask on gost94 digest steps due to performance issues
Arseniy Ankudinov [Wed, 23 Sep 2020 15:54:58 +0000 (18:54 +0300)]
disable gost key mask on gost94 digest steps due to performance issues

4 years agoCompatibility with Solaris 10 (gcc 3.4.3)
Vitaly Chikunov [Sun, 20 Sep 2020 18:21:22 +0000 (21:21 +0300)]
Compatibility with Solaris 10 (gcc 3.4.3)

Note, you will need to pass `-lsocket -lnsl` to the gcc for
socketpair(3SOCKET) to link `test_tls'.

4 years agoKDF Tree fix for BIG_ENDIAN
Dmitry Belyavskiy [Fri, 18 Sep 2020 13:52:47 +0000 (16:52 +0300)]
KDF Tree fix for BIG_ENDIAN

4 years agoMerge branch 'master' of https://github.com/gost-engine/engine
Dmitry Belyavskiy [Fri, 18 Sep 2020 13:28:05 +0000 (16:28 +0300)]
Merge branch 'master' of https://github.com/gost-engine/engine

4 years agoStrict alignment Kuznyechik bugfix
Dmitry Belyavskiy [Fri, 18 Sep 2020 13:27:41 +0000 (16:27 +0300)]
Strict alignment Kuznyechik bugfix

4 years agoProvide cmake test if alignment requirement is strict
Vitaly Chikunov [Thu, 17 Sep 2020 22:47:27 +0000 (01:47 +0300)]
Provide cmake test if alignment requirement is strict

This is based on AX_CHECK_ALIGNED_ACCESS_REQUIRED from autoconf-archive.

Note, that on some arches unaligned access behavior could be changed at
runtime via prctl(1). Also, unaligned memory access is still slower (and
very slow on some arches) even if it's not strictly required.

4 years agoEndianess bugfix
Dmitry Belyavskiy [Fri, 18 Sep 2020 08:18:10 +0000 (11:18 +0300)]
Endianess bugfix

4 years agoAdjust README.md
Dmitry Belyavskiy [Wed, 2 Sep 2020 15:05:02 +0000 (18:05 +0300)]
Adjust README.md

4 years agoTests adjustment
Dmitry Belyavskiy [Fri, 28 Aug 2020 13:36:34 +0000 (16:36 +0300)]
Tests adjustment

4 years agoFix Coverity #305798
Dmitry Belyavskiy [Sat, 22 Aug 2020 15:49:57 +0000 (18:49 +0300)]
Fix Coverity #305798

4 years agoFix coverity #305799
Dmitry Belyavskiy [Sat, 22 Aug 2020 15:47:17 +0000 (18:47 +0300)]
Fix coverity #305799

4 years agoFix Coverity #305800
Dmitry Belyavskiy [Sat, 22 Aug 2020 15:42:56 +0000 (18:42 +0300)]
Fix Coverity #305800

Plus some minor style fix

4 years ago[ecp] validation with coverity
Luis Rivera Zamarripa [Thu, 20 Aug 2020 09:56:31 +0000 (12:56 +0300)]
[ecp] validation with coverity

4 years agoUpdate test to match current openssl messages
Dmitry Belyavskiy [Thu, 20 Aug 2020 07:37:44 +0000 (10:37 +0300)]
Update test to match current openssl messages

4 years agoSSL tests fix
Dmitry Belyavskiy [Thu, 13 Aug 2020 11:26:12 +0000 (14:26 +0300)]
SSL tests fix

4 years agoUse alpha6 openssl
Dmitry Belyavskiy [Tue, 11 Aug 2020 12:36:01 +0000 (15:36 +0300)]
Use alpha6 openssl

4 years agoBugfix - arguments order
Dmitry Belyavskiy [Thu, 6 Aug 2020 15:05:07 +0000 (18:05 +0300)]
Bugfix - arguments order

4 years agoAPI renaming
Dmitry Belyavskiy [Thu, 6 Aug 2020 15:04:27 +0000 (18:04 +0300)]
API renaming

4 years agoClang build fix
Dmitry Belyavskiy [Thu, 6 Aug 2020 15:03:59 +0000 (18:03 +0300)]
Clang build fix

4 years agoEdwards map fix
Billy Brumley [Thu, 23 Jul 2020 16:47:03 +0000 (19:47 +0300)]
Edwards map fix

ECCKiila Changes from

https://gitlab.com/nisec/ecckiila/-/issues/2

https://gitlab.com/nisec/ecckiila/-/commit/7445ecabef77965743e0ae8d39d7433b07820be6

* X3 -> X1
* eliminate a temp variable

X3 = X1 as pointers is the reason this was still passing unit tests.
But that might not hold in future versions of ECCKiila, so fix it now.