As https://github.com/openssl/openssl/pull/18236 is going to
ban SSL3, TLS1, TLS1.1 and DTLS1.0 at security level one and above,
we have to adjust GOST TLS tests.
Vitaly Chikunov [Sat, 8 Jan 2022 23:25:31 +0000 (02:25 +0300)]
gost_ec_keyx: Check CTX data before it's really used
This should fix Coverity warning:
*** CID 345243: Null pointer dereferences (REVERSE_INULL)
/gost_ec_keyx.c: 681 in pkey_gost2018_decrypt()
675 o Q_eph is on the same curve as server public key;
676
677 o Q_eph is not equal to zero point;
678
679 o q * Q_eph is not equal to zero point.
680 */
>>> CID 345243: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "data" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
681 if (eph_key == NULL || priv == NULL || data == NULL) {
682 GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT,
683 GOST_R_ERROR_COMPUTING_EXPORT_KEYS);
684 ret = 0;
685 goto err;
686 }
Vitaly Chikunov [Wed, 15 Dec 2021 01:23:22 +0000 (04:23 +0300)]
test_tls: Rework test to be single process
Rework the test to be similar to sslapitest.c. Using BIO only connections
and non-blocking IO instead of socketpair and separate processes.
This will allow it to compile and work on Windows.
Vitaly Chikunov [Sun, 19 Dec 2021 22:40:39 +0000 (01:40 +0300)]
MSVC: Fix casting warning C4057
test_tls.c(103,5): warning C4057: 'function': 'const unsigned char *' differs in indirection to slightly different base types from 'char [8]'
test_tls.c(104,5): warning C4057: 'function': 'const unsigned char *' differs in indirection to slightly different base types from 'char [9]'
Vitaly Chikunov [Mon, 6 Dec 2021 03:09:27 +0000 (06:09 +0300)]
MSVC: Do not build in library form
Library form overwrites module form due to both having the same name `gost.dll'.
As temporary workaround do not build library form on Windows, until we invent
how to solve it properly. Currently, there is no known need of engine in the
library form on Windows.
Vitaly Chikunov [Sat, 4 Dec 2021 09:37:39 +0000 (12:37 +0300)]
MSVC: Fix include files
Error message:
gost12sum.c(13,10): fatal error C1083: Cannot open include file: 'unistd.h': No such file or directory
gost12sum.c(80,23): warning C4013: 'getopt' undefined; assuming extern returning int
test_keyexpimp.c(7,10): fatal error C1083: Cannot open include file: 'arpa/inet.h': No such file or directory
Richard Levitte [Mon, 5 Apr 2021 06:08:10 +0000 (08:08 +0200)]
Making a gost provider - Add the macs
We add the macs for the provider as wrappers around the EVP_MD
implementations designed for ENGINEs. This is not the most elegant,
but it does the job.
When an algorithm has an OID, it's included in the OSSL_ALGORITHM name
as an alias. This is the way to avoid having to register the OIDs in
OpenSSL proper.
Richard Levitte [Sat, 13 Feb 2021 13:56:17 +0000 (14:56 +0100)]
Making a gost provider - Add the digests
We add the digests for the provider as wrappers around the routines
designed for ENGINEs. This is not the most elegant, but it does the
job.
When an algorithm has an OID, it's included in the OSSL_ALGORITHM name
as an aliase. This is the way to avoid having to register the OIDs in
OpenSSL proper.
test/01-digest.t is modified to test the provider as well.
Richard Levitte [Sat, 13 Feb 2021 13:52:39 +0000 (14:52 +0100)]
Making a gost provider - Add the ciphers
We add the ciphers for the provider as wrappers around the routines
designed for ENGINEs. This is not the most elegant, but it does the
job.
When an algorithm has an OID, it's included in the OSSL_ALGORITHM name
as an aliase. This is the way to avoid having to register the OIDs in
OpenSSL proper.
test/03-encrypt.t is modified to test the provider as well.
Richard Levitte [Mon, 10 May 2021 07:06:04 +0000 (09:06 +0200)]
Making a gost provider - Refactor the testing foundation
This makes space for provider tests.
As a beginning, test/00-provider.t is added. It corresponds to
test/00-engine.t.
All other test/*.t are currently skipped unless the engine is tested.
They will be re-enabled as support for each algorithm type is added in
the provider code.
Richard Levitte [Sun, 14 Feb 2021 23:45:40 +0000 (00:45 +0100)]
Making a gost provider - Refactor the engine to become a backend
The gost provider is planned to be a wrapper around the already
existing functionality, designed for ENGINE use.
The easiest way to do this is to let the gost ENGINE continue to exist
within the gost provider, as an internal ENGINE. To do that, we make
it possible to build gost_eng.c so it only populates the GOST ENGINE
structure, but doesn't perform any of the ENGINE registration. That
way, the GOST ENGINE structure becomes purely internal, and can be
used as the actual implementation of the offered provider functionality,
through diverse EVP calls that accept an ENGINE pointer.
Richard Levitte [Sat, 13 Feb 2021 13:45:11 +0000 (14:45 +0100)]
Making a gost provider - move away the error source files
The error source files, e_gost_err.c and e_gost_err.h, are not
suitable for providers as they are, so we need to move those away from
the core library, and leave it to the provider code to deal with it.
Richard Levitte [Wed, 18 Aug 2021 07:12:40 +0000 (09:12 +0200)]
Switch to using OpenSSL target names in CMakeLists.txt
Cmake 3.0 was a switch to using targets and properties rather than
variables when linking different components together.
We follow that philosophy by dropping ${OPENSSL_CRYPTO_LIBRARIES} and
${OPENSSL_SSL_LIBRARIES} in favor of OpenSSL::Crypto and OpenSSL::SSL.
Richard Levitte [Tue, 17 Aug 2021 20:35:09 +0000 (22:35 +0200)]
Reduce the repeated library dependence information
Cmake is generally good at tracking specified dependencies between
libraries. All that we need to do is to establish a dependency on
OpenSSL's libcrypto for 'gost_core', and then we can reduce the amount
of repeated dependencies for everything that links against 'gost_core'.
Richard Levitte [Tue, 17 Aug 2021 20:31:39 +0000 (22:31 +0200)]
Make CMakeLists.txt work better with static OpenSSL libraries
The static OpenSSL libraries have some dependencies that need to be
recorded fofr everything that's linked against it. To achieve this,
we use ${OPENSSL_CRYPTO_LIBRARIES} and ${OPENSSL_SSL_LIBRARIES}
instead of ${OPENSSL_CRYPTO_LIBRARY} and ${OPENSSL_SSL_LIBRARY}.
Richard Levitte [Wed, 12 May 2021 12:09:49 +0000 (14:09 +0200)]
Set OPENSSL_ROOT_DIR if it isn't set.
These days, the OpenSSL cmake package finder is capable of finding
a custom OpenSSL installation with no OPENSSL_ROOT_DIR defined, but
CMAKE_PREFIX_PATH defined.
However, gost-engine's CMakeLists.txt does use OPENSSL_ROOT_DIR, so
it needs it to be defined unconditionally. That's arranged fairly
easily by assigning it the parent directory of OPENSSL_INCLUDE_DIR.
Richard Levitte [Tue, 11 May 2021 08:27:37 +0000 (10:27 +0200)]
Adapt C flags for the cmake build type
The C flags were set to be highly optimized regardless of the cmake
build type. This may make debugging difficult. To resolve that, we
adapt the C flags to the cmake build type in a supported manner.
Richard Levitte [Sat, 1 May 2021 06:36:55 +0000 (08:36 +0200)]
Make test programs less hard-coded
The following programs had a hard coded load of the gost engine.
This changes them to rely more on the testing environment, and to
load engines through configuration files.
This affects: test_ciphers.c, test_context.c, test_derive.c,
test_digest.c, test_params.c, test_sign.c, test_tls.c
Richard Levitte [Tue, 30 Mar 2021 19:53:38 +0000 (21:53 +0200)]
.github/workflows/codeql-analysis.yml: Bump the OpenSSL version
From 3.0.0-alpha6 to 3.0.0-alpha13, mostly for Analysis to avoid
getting failures when compiling, considering that the GOST source has
adapted for the latter version.