Vitaly Chikunov [Tue, 15 Oct 2019 16:22:45 +0000 (19:22 +0300)]
gost_ec_keyx: Fix CID 253282 Dereference null return value
`param' is used unconditionally in pkey_GOST_ECcp_encrypt() so we can
unconditionally check (vs in any particular `if' branch) for it's being
non-NULL. This is similar to how pkey_GOST_ECcp_decrypt() works with
`param'.
Richard Levitte [Wed, 4 Sep 2019 14:22:26 +0000 (16:22 +0200)]
For Grasshopper OMAC_ACPKM, OMAC and MAGMA, support XOF
XOF (eXtendable-Output Function) is supported in OpenSSL since version
1.1.1. Unfortunately, that support is limited, as it requires calling
EVP_DigestFinalXOF(). However, the grasshopper code wasn't compatible.
This changeset adds XOF support in grasshopper
This changeset removes the _meth_ calls from test_grasshopper.c (they
should never have been there, but considering support for XOF came so
late in OpenSSL, their presence is understandable) and uses supported
functionality for this sort of thing instead.
Richard Levitte [Wed, 28 Aug 2019 08:23:57 +0000 (10:23 +0200)]
test/*.t: Don't check OPENSSL_ENGINES
It's set correctly when these tests are started with ctest, and
otherwise, we leave it to the user to decide. Either way, we set it
to a bogus value when it isn't previously set...
Richard Levitte [Sat, 24 Aug 2019 08:36:39 +0000 (10:36 +0200)]
test/run_tests: Always set paths when OPENSSL_ROOT_DIR is defined
When the environment variable OPENSSL_ROOT_DIR is defined, we need to
ensure that PATH and LD_LIBRARY_PATH are properly affected.
This is a little bit complicated, since OPENSSL_ROOT_DIR could point
at an OpenSSL build directory as well as an OpenSSL installation
tree. Fortunately, it's easy to detect the difference; if it's a
build tree, there's a sub-directory 'apps'.
For installation trees, it's further complicated by OpenSSL's
'multilib' target attribute, which exists for platforms that support
directory separated libraries for differing bitness (typically 32-bit
and 64-bit libraries). We trust pkg-config to give us the answer.
Binaries are easier, they live in $OPENSL_ROOT_DIR/bin.
Richard Levitte [Fri, 23 Aug 2019 16:55:42 +0000 (18:55 +0200)]
gost_pmeth.c: mitigate for constness difference in copy function
The second argument for the pkey_copy function has been constified in
OpenSSL to be 3.0. This is normally not a problem, but when passing a
pointer to such a function, the compiler does complain.
This change solves the issue by looking at the macros
OPENSSL_VERSION_MAJOR, which is new in OpenSSL to be 3.0, and set
constness based on that.
Some architectures in some circumstances do not allow unaligned
memory access (such as ARM, MIPS) triggering SIGBUS. This patch
very crudely fixes this issue.
The issue is found and original fix is proposed by Eric Biggers:
At least Fedora 30 will have no Test::More anymore. Test::More is
deprecated, as well as Test::Stream and Test2 is a recommended
replacement.
Luckily, gost-engine's use of Test::More is limited to functions which
are compatible with implementations in Test2, so only module import and
test plan announcement need to change.
Also, on Fedora 29 perl 5.28 is very picky on undefined variables.
Vitaly Chikunov [Fri, 15 Feb 2019 19:18:08 +0000 (22:18 +0300)]
tests: Load just built engine from the output directory
Define ENGINE_DIR for all binary tests. Instead of auto-loading engine
using `example.conf' load it directly from the OUTPUT_DIRECTORY for
curves tests.
Vitaly Chikunov [Fri, 8 Feb 2019 18:02:31 +0000 (21:02 +0300)]
cmake: benchmark/sign - link with rt for clock_gettime when needed
Test if clock_gettime() requires linking with -lrt and link sign
benchmark with rt if needed. clock_gettime() requires -lrt only for
glibc versions before 2.17.
Vitaly Chikunov [Sat, 26 Jan 2019 23:15:00 +0000 (02:15 +0300)]
test_params: Avoid calls to fill_GOST_EC_params and bind_gost
Use external API to generate key with parameters instead of calling
fill_GOST_EC_params(). Use OPENSSL_CONF trick like in test_sign to avoid
calling bind_gost(). Reverting 1716316de77 ("Export bind_gost to allow
local engine init") as not needed anymore.
Vitaly Chikunov [Thu, 24 Jan 2019 01:32:28 +0000 (04:32 +0300)]
Allow key creation using TC26 (2012) parameters
R 1323565.1.023-2018 forbids encoding hash oid into TC26 (2012)
parameters in AlgorithmIdentifier, so this is removed.
New "paramset" names for 256-bit TC26 parameters: TCA, TCB, TCC, TCD,
for 512-bit parameter: C.
Using these new OIDs for gost2012_256:
NID_id_tc26_gost_3410_2012_256_paramSetA = TCA
NID_id_tc26_gost_3410_2012_256_paramSetB = TCB
NID_id_tc26_gost_3410_2012_256_paramSetC = TCC
NID_id_tc26_gost_3410_2012_256_paramSetD = TCD
for gost2012_512:
NID_id_tc26_gost_3410_2012_512_paramSetC = C
Vitaly Chikunov [Thu, 24 Jan 2019 03:59:39 +0000 (06:59 +0300)]
run_tests: pass OPENSSL_ROOT_DIR into perl tests
If OPENSSL_ROOT_DIR is specified pass it to the perl tests, and set its
value as LD_LIBRARY_PATH, if unset. This allows to run tests for custom
openssl build without manually setting proper env.
projects / openssl-gost / engine.git / log