]> wagner.pp.ru Git - openssl-gost/engine.git/log
openssl-gost/engine.git
2 years agoCMake: Set default build type to RelWithDebInfo
Vitaly Chikunov [Wed, 15 Dec 2021 00:46:26 +0000 (03:46 +0300)]
CMake: Set default build type to RelWithDebInfo

To maintain backward compatibility for users already familiar with older engine
build type (basically restores `-O2 -g').

Fixes: 5ad6c77 ("Adapt C flags for the cmake build type")
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoMSVC: Add dllexport to OSSL_provider_init
Vitaly Chikunov [Fri, 10 Dec 2021 14:46:18 +0000 (17:46 +0300)]
MSVC: Add dllexport to OSSL_provider_init

`OSSL_provider_init' requires dllexport attribute to be visible (and thus
loadable) in DLL.

Link: https://github.com/openssl/openssl/issues/17203
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoCMake: Add CONFIG to the output dir if MSVC
Vitaly Chikunov [Tue, 7 Dec 2021 09:14:48 +0000 (12:14 +0300)]
CMake: Add CONFIG to the output dir if MSVC

This will fix setting of OPENSSL_ENGINES in ctest on Windows.

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoCMake: Test presence of prove for perl tests
Vitaly Chikunov [Tue, 7 Dec 2021 09:33:41 +0000 (12:33 +0300)]
CMake: Test presence of prove for perl tests

This will skip tests on Windows, due to prove being `.bat' file and cmake will
be unable to run it.

Also, `HAVE_TEST2_V0' is renamed to be more meaningful.

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoMSVC: Do not build in library form
Vitaly Chikunov [Mon, 6 Dec 2021 03:09:27 +0000 (06:09 +0300)]
MSVC: Do not build in library form

Library form overwrites module form due to both having the same name `gost.dll'.
As temporary workaround do not build library form on Windows, until we invent
how to solve it properly. Currently, there is no known need of engine in the
library form on Windows.

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoMSVC: Fix 'no OPENSSL_Applink' error
Vitaly Chikunov [Sun, 5 Dec 2021 08:07:11 +0000 (11:07 +0300)]
MSVC: Fix 'no OPENSSL_Applink' error

Error message:

  OPENSSL_Uplink(00007FF9FB00F600,08): no OPENSSL_Applink

Link: https://www.openssl.org/docs/faq.html#PROG3
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoMSVC: Skip building Linux-only binaries
Vitaly Chikunov [Sat, 4 Dec 2021 09:35:46 +0000 (12:35 +0300)]
MSVC: Skip building Linux-only binaries

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoMSVC: Fix absence of 'setenv'
Vitaly Chikunov [Sat, 4 Dec 2021 08:09:52 +0000 (11:09 +0300)]
MSVC: Fix absence of 'setenv'

Error message:

  test_keyexpimp.c(111,11): warning C4013: 'setenv' undefined; assuming extern returning int

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoMSVC: Fix include files
Vitaly Chikunov [Sat, 4 Dec 2021 09:37:39 +0000 (12:37 +0300)]
MSVC: Fix include files

Error message:

  gost12sum.c(13,10): fatal error C1083: Cannot open include file: 'unistd.h': No such file or directory
  gost12sum.c(80,23): warning C4013: 'getopt' undefined; assuming extern returning int
  test_keyexpimp.c(7,10): fatal error C1083: Cannot open include file: 'arpa/inet.h': No such file or directory

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoMSVC: Fix signed/unsigned mismatch errors
Vitaly Chikunov [Sat, 4 Dec 2021 07:25:38 +0000 (10:25 +0300)]
MSVC: Fix signed/unsigned mismatch errors

  test_digest.c(513,2): warning C4389: '==': signed/unsigned mismatch
  test_digest.c(820,5): warning C4389: '==': signed/unsigned mismatch
  test_sign.c(241,22): warning C4389: '==': signed/unsigned mismatch
  test_params.c(1131,16): warning C4018: '<': signed/unsigned mismatch
  test_sign.c(241,22): warning C4389: '==': signed/unsigned mismatch

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoMSVC: No support for GCC's compound statement expressions
Vitaly Chikunov [Sat, 4 Dec 2021 06:55:55 +0000 (09:55 +0300)]
MSVC: No support for GCC's compound statement expressions

Error messages:

  test_ciphers.c(329,5): error C2059: syntax error: '{'
  test_ciphers.c(329,5): error C2059: syntax error: '}'
  test_ciphers.c(329,5): error C2059: syntax error: ')'

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoMSVC: Replace variable-length automatic arrays with alloca
Vitaly Chikunov [Sat, 4 Dec 2021 06:13:14 +0000 (09:13 +0300)]
MSVC: Replace variable-length automatic arrays with alloca

MSVC is not C99 compatible[1]. Errors:

  test_ciphers.c(312,25): error C2057: expected constant expression
  test_ciphers.c(312,25): error C2466: cannot allocate an array of constant size 0
  test_ciphers.c(312,26): error C2133: 'c': unknown size

Link: https://docs.microsoft.com/en-us/cpp/c-language/ansi-conformance
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoMSVC: Ifdef GCC pragmas
Vitaly Chikunov [Sat, 4 Dec 2021 06:00:47 +0000 (09:00 +0300)]
MSVC: Ifdef GCC pragmas

Error message:

  test_ciphers.c(37,9): warning C4068: unknown pragma 'GCC'

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoMSVC: Avoid use `htonl' since it requires linking with Winsock
Vitaly Chikunov [Fri, 3 Dec 2021 09:38:19 +0000 (12:38 +0300)]
MSVC: Avoid use `htonl' since it requires linking with Winsock

No need external library (Ws2_32.lib) if we can easily implement it.
Error messages:

  gost_core.lib(gost_keyexpimp.obj) : error LNK2019: unresolved external symbol htonl referenced in function gost_kdftree2012_256
  gost.dll : fatal error LNK1120: 1 unresolved externals

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoMSVC: Remove GCC pragma messages
Vitaly Chikunov [Fri, 3 Dec 2021 09:32:35 +0000 (12:32 +0300)]
MSVC: Remove GCC pragma messages

These planned to be removed later anyway. Error message:

  gosthash2012_ref.h(15,18): warning C4081: expected '('; found 'string'

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoMSVC: Replace tentative arrays with pointers
Vitaly Chikunov [Fri, 3 Dec 2021 09:14:53 +0000 (12:14 +0300)]
MSVC: Replace tentative arrays with pointers

Error message example:

  gost_prov_cipher.c(237,63): error C2059: syntax error: '}'

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoMSVC: Fix unresolved externals (cipher_gost_grasshopper_ctracpkm)
Vitaly Chikunov [Fri, 3 Dec 2021 09:10:33 +0000 (12:10 +0300)]
MSVC: Fix unresolved externals (cipher_gost_grasshopper_ctracpkm)

Un-inline `cipher_gost_grasshopper_ctracpkm'. Error message:

  gost_core.lib(gost_omac_acpkm.obj) : error LNK2019: unresolved external symbol cipher_gost_grasshopper_ctracpkm referenced in function CMAC_ACPKM_Init
  gost.dll : fatal error LNK1120: 1 unresolved externals

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoMSVC: Fix Elvis operator
Vitaly Chikunov [Fri, 3 Dec 2021 09:06:25 +0000 (12:06 +0300)]
MSVC: Fix Elvis operator

Error example:

  gost_md.c(54,45): error C2059: syntax error: ':'
  gost_md.c(67,5): error C2059: syntax error: 'if'
  gost_md.c(69,6): error C2143: syntax error: missing '{' before '->'
  gost_md.c(69,6): error C2059: syntax error: '->'
  gost_md.c(70,5): error C2059: syntax error: 'return'
  gost_md.c(71,1): error C2059: syntax error: '}'

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoMSVC: Fix unreachable code warning
Vitaly Chikunov [Fri, 3 Dec 2021 09:04:06 +0000 (12:04 +0300)]
MSVC: Fix unreachable code warning

Errors are like this:

  gost_pmeth.c(188): warning C4702: unreachable code
  gost_grasshopper_cipher.c(909): warning C4702: unreachable code

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoMSVC: Fix signedness in comparison
Vitaly Chikunov [Fri, 3 Dec 2021 09:02:32 +0000 (12:02 +0300)]
MSVC: Fix signedness in comparison

Error message:

  gost_crypt.c(652,36): warning C4018: '<': signed/unsigned mismatch

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoMSVC: Undo adding `-Wno-error=deprecated-declarations`
Vitaly Chikunov [Fri, 3 Dec 2021 08:54:40 +0000 (11:54 +0300)]
MSVC: Undo adding `-Wno-error=deprecated-declarations`

Since they are now global. Error message:

  cl : command line error D8021: invalid numeric argument '/Wno-error=deprecated-declarations'

Fixes: 5dfb598 ("CMakeLists.txt: Workaround openssl deprecation of HMAC and CMAC primitives")
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoMSVC: Disable deprecated declarations (C4996) warning
Vitaly Chikunov [Fri, 3 Dec 2021 08:53:17 +0000 (11:53 +0300)]
MSVC: Disable deprecated declarations (C4996) warning

`/wd4996' disables deprecated declarations warning, this is analogous to
`-Wno-error=deprecated-declarations'. Error example:

  gost_pmeth.c(39,17): warning C4996: 'EVP_PKEY_get0': Since OpenSSL 3.0

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoCI: Build and test on Windows (MSVC)
Vitaly Chikunov [Thu, 2 Dec 2021 00:38:27 +0000 (03:38 +0300)]
CI: Build and test on Windows (MSVC)

Uses actions/cache to speed up engine rebuilds.

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
2 years agoAdd .editorconfig
Vitaly Chikunov [Wed, 1 Dec 2021 03:07:08 +0000 (06:07 +0300)]
Add .editorconfig

Noticed that there is some misindentation (also fix it).

3 years agoUse frpintf(stderr, ...) instead of printf(...)
Anton Fadeev [Thu, 25 Nov 2021 17:31:03 +0000 (20:31 +0300)]
Use frpintf(stderr, ...) instead of printf(...)

When we use git cli in OS Linux, with enabled gost engine
git utility we got fatal erro

3 years agoProperly set expected digest size for mac in provider
Dmitry Belyavskiy [Sun, 14 Nov 2021 10:46:20 +0000 (11:46 +0100)]
Properly set expected digest size for mac in provider

3 years agoDocument the current state of the GOST provider
Richard Levitte [Mon, 11 Oct 2021 13:10:45 +0000 (15:10 +0200)]
Document the current state of the GOST provider

3 years agolibprov: update to latest
Richard Levitte [Mon, 30 Aug 2021 11:44:22 +0000 (13:44 +0200)]
libprov: update to latest

3 years agoMaking a gost provider - installation instructions
Richard Levitte [Sat, 13 Feb 2021 14:01:02 +0000 (15:01 +0100)]
Making a gost provider - installation instructions

3 years agoMaking a gost provider - Adapt test_context.c for providers
Richard Levitte [Wed, 12 May 2021 11:44:05 +0000 (13:44 +0200)]
Making a gost provider - Adapt test_context.c for providers

3 years agoMaking a gost provider - Adapt test_ciphers.c for providers
Richard Levitte [Wed, 12 May 2021 11:36:15 +0000 (13:36 +0200)]
Making a gost provider - Adapt test_ciphers.c for providers

3 years agoMaking a gost provider - Adapt test_digest.c for providers
Richard Levitte [Tue, 11 May 2021 08:09:10 +0000 (10:09 +0200)]
Making a gost provider - Adapt test_digest.c for providers

3 years agoMaking a gost provider - Adapt the grasshopper OMACs for providers
Richard Levitte [Tue, 11 May 2021 07:39:30 +0000 (09:39 +0200)]
Making a gost provider - Adapt the grasshopper OMACs for providers

They needed to be modified to handled EVP_CIPHERs implemented by a
provider.

3 years agoMaking a gost provider - Add the macs
Richard Levitte [Mon, 5 Apr 2021 06:08:10 +0000 (08:08 +0200)]
Making a gost provider - Add the macs

We add the macs for the provider as wrappers around the EVP_MD
implementations designed for ENGINEs.  This is not the most elegant,
but it does the job.

When an algorithm has an OID, it's included in the OSSL_ALGORITHM name
as an alias.  This is the way to avoid having to register the OIDs in
OpenSSL proper.

3 years agoMaking a gost provider - Add the digests
Richard Levitte [Sat, 13 Feb 2021 13:56:17 +0000 (14:56 +0100)]
Making a gost provider - Add the digests

We add the digests for the provider as wrappers around the routines
designed for ENGINEs.  This is not the most elegant, but it does the
job.

When an algorithm has an OID, it's included in the OSSL_ALGORITHM name
as an aliase.  This is the way to avoid having to register the OIDs in
OpenSSL proper.

test/01-digest.t is modified to test the provider as well.

3 years agoMaking a gost provider - Add the ciphers
Richard Levitte [Sat, 13 Feb 2021 13:52:39 +0000 (14:52 +0100)]
Making a gost provider - Add the ciphers

We add the ciphers for the provider as wrappers around the routines
designed for ENGINEs.  This is not the most elegant, but it does the
job.

When an algorithm has an OID, it's included in the OSSL_ALGORITHM name
as an aliase.  This is the way to avoid having to register the OIDs in
OpenSSL proper.

test/03-encrypt.t is modified to test the provider as well.

3 years agoMaking a gost provider - Refactor the testing foundation
Richard Levitte [Mon, 10 May 2021 07:06:04 +0000 (09:06 +0200)]
Making a gost provider - Refactor the testing foundation

This makes space for provider tests.

As a beginning, test/00-provider.t is added.  It corresponds to
test/00-engine.t.

All other test/*.t are currently skipped unless the engine is tested.
They will be re-enabled as support for each algorithm type is added in
the provider code.

3 years agoMaking a gost provider - Add the provider foundation
Richard Levitte [Sat, 13 Feb 2021 13:50:49 +0000 (14:50 +0100)]
Making a gost provider - Add the provider foundation

This adds the source to get a minimal provider that provides...
nothing.

3 years agoMaking a gost provider - Refactor the engine to become a backend
Richard Levitte [Sun, 14 Feb 2021 23:45:40 +0000 (00:45 +0100)]
Making a gost provider - Refactor the engine to become a backend

The gost provider is planned to be a wrapper around the already
existing functionality, designed for ENGINE use.

The easiest way to do this is to let the gost ENGINE continue to exist
within the gost provider, as an internal ENGINE.  To do that, we make
it possible to build gost_eng.c so it only populates the GOST ENGINE
structure, but doesn't perform any of the ENGINE registration.  That
way, the GOST ENGINE structure becomes purely internal, and can be
used as the actual implementation of the offered provider functionality,
through diverse EVP calls that accept an ENGINE pointer.

3 years agoMaking a gost provider - move away the error source files
Richard Levitte [Sat, 13 Feb 2021 13:45:11 +0000 (14:45 +0100)]
Making a gost provider - move away the error source files

The error source files, e_gost_err.c and e_gost_err.h, are not
suitable for providers as they are, so we need to move those away from
the core library, and leave it to the provider code to deal with it.

3 years agoExplicitly provide SECLEVEL for TLS tests
Dmitry Belyavskiy [Thu, 7 Oct 2021 18:51:02 +0000 (20:51 +0200)]
Explicitly provide SECLEVEL for TLS tests

3 years agoDon't recreate GOST EC groups every time (#358)
Dmitry Belyavskiy [Tue, 28 Sep 2021 14:39:39 +0000 (17:39 +0300)]
Don't recreate GOST EC groups every time (#358)

* Don't recreate GOST EC groups every time

For multiple keygen it saves 6% time

3 years agoRewrite error handling in pub_decode_gost_ec() v3.0.0
Nikolas [Sun, 19 Sep 2021 08:44:32 +0000 (11:44 +0300)]
Rewrite error handling in pub_decode_gost_ec()

3 years agoWe don't want depend on spacing around equal sign
Dmitry Belyavskiy [Thu, 16 Sep 2021 15:15:33 +0000 (17:15 +0200)]
We don't want depend on spacing around equal sign

...in DN output

3 years agoNow that there is an actual openssl-3.0 branch, switch to use that
Richard Levitte [Mon, 6 Sep 2021 05:47:37 +0000 (07:47 +0200)]
Now that there is an actual openssl-3.0 branch, switch to use that

3 years agoMake the use of RPATH conditional
Richard Levitte [Wed, 1 Sep 2021 07:24:59 +0000 (09:24 +0200)]
Make the use of RPATH conditional

MacOS ld doesn't support -rpath, so we must be able to not use it there.

3 years agoSimplify the CI job "gcc-asan-openssl-master"
Richard Levitte [Wed, 1 Sep 2021 07:04:05 +0000 (09:04 +0200)]
Simplify the CI job "gcc-asan-openssl-master"

Now that .github/before_script.sh works properly on MacOS, there is
no reason not to use it for this job as well.

3 years agoModify .github/before_script.sh to install cpanm as a standalone script
Richard Levitte [Wed, 1 Sep 2021 06:48:02 +0000 (08:48 +0200)]
Modify .github/before_script.sh to install cpanm as a standalone script

It makes sure to install it where site perl scripts should be located.

3 years agoAdd CI builds on MacOS 11 (BigSur)
Richard Levitte [Tue, 31 Aug 2021 18:32:55 +0000 (20:32 +0200)]
Add CI builds on MacOS 11 (BigSur)

3 years agoUpdate openssl-3.0.0-alpha17 -> openssl-3.0.0-beta2 for codeql as well
Richard Levitte [Sun, 29 Aug 2021 07:41:32 +0000 (09:41 +0200)]
Update openssl-3.0.0-alpha17 -> openssl-3.0.0-beta2 for codeql as well

3 years agoIncrease cmake version to 3.18
Dmitry Belyavskiy [Thu, 19 Aug 2021 13:34:06 +0000 (15:34 +0200)]
Increase cmake version to 3.18

3 years agoStop overriding OPENSSL_LIBRARIES
Dmitry Belyavskiy [Thu, 19 Aug 2021 12:55:19 +0000 (14:55 +0200)]
Stop overriding OPENSSL_LIBRARIES

Fix #346

3 years agoSwitch to using OpenSSL target names in CMakeLists.txt
Richard Levitte [Wed, 18 Aug 2021 07:12:40 +0000 (09:12 +0200)]
Switch to using OpenSSL target names in CMakeLists.txt

Cmake 3.0 was a switch to using targets and properties rather than
variables when linking different components together.
We follow that philosophy by dropping ${OPENSSL_CRYPTO_LIBRARIES} and
${OPENSSL_SSL_LIBRARIES} in favor of OpenSSL::Crypto and OpenSSL::SSL.

3 years agoReduce the repeated library dependence information
Richard Levitte [Tue, 17 Aug 2021 20:35:09 +0000 (22:35 +0200)]
Reduce the repeated library dependence information

Cmake is generally good at tracking specified dependencies between
libraries.  All that we need to do is to establish a dependency on
OpenSSL's libcrypto for 'gost_core', and then we can reduce the amount
of repeated dependencies for everything that links against 'gost_core'.

3 years agoMake CMakeLists.txt work better with static OpenSSL libraries
Richard Levitte [Tue, 17 Aug 2021 20:31:39 +0000 (22:31 +0200)]
Make CMakeLists.txt work better with static OpenSSL libraries

The static OpenSSL libraries have some dependencies that need to be
recorded fofr everything that's linked against it.  To achieve this,
we use ${OPENSSL_CRYPTO_LIBRARIES} and ${OPENSSL_SSL_LIBRARIES}
instead of ${OPENSSL_CRYPTO_LIBRARY} and ${OPENSSL_SSL_LIBRARY}.

3 years agopush VKO cofactor clearing into ECCKiila
Billy Brumley [Mon, 9 Aug 2021 19:57:47 +0000 (22:57 +0300)]
push VKO cofactor clearing into ECCKiila

3 years ago[test] VKO unit tests for curves with cofactors: extreme ranges
Billy Brumley [Mon, 9 Aug 2021 19:57:15 +0000 (22:57 +0300)]
[test] VKO unit tests for curves with cofactors: extreme ranges

3 years agoExplicitly set libdir to lib
Dmitry Belyavskiy [Wed, 11 Aug 2021 13:10:00 +0000 (15:10 +0200)]
Explicitly set libdir to lib

OpenSSL commit https://github.com/openssl/openssl/commit/74b7f339aa58af57c0e71b7efca66e6f2db5ae2e
changed the default installation path on 64-bit systems.

The recommended workaround is appending --libdir=lib

3 years agoStable: alpha16 => beta2
Dmitry Belyavskiy [Tue, 10 Aug 2021 16:18:45 +0000 (18:18 +0200)]
Stable: alpha16 => beta2

3 years agoCMake 3.18 recommended
Dmitry Belyavskiy [Wed, 2 Jun 2021 15:16:12 +0000 (17:16 +0200)]
CMake 3.18 recommended

More earlier versions don't properly detect OpenSSL 3.0.
BTW, workarounds still exist

3 years agoMerge branch 'levitte-update-codeql-analysis'
Dmitry Belyavskiy [Fri, 28 May 2021 11:10:12 +0000 (13:10 +0200)]
Merge branch 'levitte-update-codeql-analysis'

3 years agoMerge branch 'update-codeql-analysis' of https://github.com/levitte/engine into levit...
Dmitry Belyavskiy [Fri, 28 May 2021 11:09:07 +0000 (13:09 +0200)]
Merge branch 'update-codeql-analysis' of https://github.com/levitte/engine into levitte-update-codeql-analysis

3 years agoSet OPENSSL_ROOT_DIR if it isn't set.
Richard Levitte [Wed, 12 May 2021 12:09:49 +0000 (14:09 +0200)]
Set OPENSSL_ROOT_DIR if it isn't set.

These days, the OpenSSL cmake package finder is capable of finding
a custom OpenSSL installation with no OPENSSL_ROOT_DIR defined, but
CMAKE_PREFIX_PATH defined.

However, gost-engine's CMakeLists.txt does use OPENSSL_ROOT_DIR, so
it needs it to be defined unconditionally.  That's arranged fairly
easily by assigning it the parent directory of OPENSSL_INCLUDE_DIR.

3 years agoMerge branch 'master' into update-codeql-analysis 334/head
Dmitry Belyavskiy [Fri, 28 May 2021 11:02:16 +0000 (14:02 +0300)]
Merge branch 'master' into update-codeql-analysis

3 years agoUpdate the OpenSSL 3.0 tag to openssl-3.0.0-alpha17
Richard Levitte [Fri, 28 May 2021 10:23:14 +0000 (12:23 +0200)]
Update the OpenSSL 3.0 tag to openssl-3.0.0-alpha17

Most of all, at least openssl-3.0.0-alpha16 is needed, because there
are API changes made in that release that affects gost-engine builds

3 years agoIncrease openssl version
Dmitry Belyavskiy [Sun, 23 May 2021 09:05:01 +0000 (11:05 +0200)]
Increase openssl version

3 years agoAdapt C flags for the cmake build type
Richard Levitte [Tue, 11 May 2021 08:27:37 +0000 (10:27 +0200)]
Adapt C flags for the cmake build type

The C flags were set to be highly optimized regardless of the cmake
build type.  This may make debugging difficult.  To resolve that, we
adapt the C flags to the cmake build type in a supported manner.

3 years agoAlpha version bump
Dmitry Belyavskiy [Tue, 11 May 2021 10:58:29 +0000 (12:58 +0200)]
Alpha version bump

3 years agoUpdate to be compatible with openssl#15100
Dmitry Belyavskiy [Fri, 30 Apr 2021 16:38:48 +0000 (18:38 +0200)]
Update to be compatible with openssl#15100

(cherry picked from commit 1b684f3f906bc81154ca1d5af7d6bc60199f1f9c)

3 years agoMark test_keyexpimp and gost89 as internal tests
Richard Levitte [Sat, 1 May 2021 06:42:31 +0000 (08:42 +0200)]
Mark test_keyexpimp and gost89 as internal tests

3 years agoDon't load the gost engine in test_curves.c
Richard Levitte [Sat, 1 May 2021 06:41:42 +0000 (08:41 +0200)]
Don't load the gost engine in test_curves.c

This test is so internal that it doesn't even need the engine.

3 years agoMake test programs less hard-coded
Richard Levitte [Sat, 1 May 2021 06:36:55 +0000 (08:36 +0200)]
Make test programs less hard-coded

The following programs had a hard coded load of the gost engine.
This changes them to rely more on the testing environment, and to
load engines through configuration files.

This affects: test_ciphers.c, test_context.c, test_derive.c,
test_digest.c, test_params.c, test_sign.c, test_tls.c

3 years agoUpdate gost_ec_keyx.c
se-prok [Fri, 2 Apr 2021 07:51:28 +0000 (10:51 +0300)]
Update gost_ec_keyx.c

It's not right to have segmentation faults.

3 years agoDon't put test results or intermediary files in the source tree
Richard Levitte [Tue, 30 Mar 2021 18:40:37 +0000 (20:40 +0200)]
Don't put test results or intermediary files in the source tree

When building in a directory that's separate from the source
directory, test results should end up in the build directory, not the
source directory.

Essentially, unless you do build in the source directory, it should be
regarded as read-only when building.

3 years agoInstall manuals in the correct location
Richard Levitte [Tue, 30 Mar 2021 18:47:16 +0000 (20:47 +0200)]
Install manuals in the correct location

Cmake doesn't support the variable CMAKE_INSTALL_DIR.  However, with
the GNUInstallDirs module, there is the variable CMAKE_INSTALL_MANDIR.

3 years ago.github/workflows/codeql-analysis.yml: Bump the OpenSSL version
Richard Levitte [Tue, 30 Mar 2021 19:53:38 +0000 (21:53 +0200)]
.github/workflows/codeql-analysis.yml: Bump the OpenSSL version

From 3.0.0-alpha6 to 3.0.0-alpha13, mostly for Analysis to avoid
getting failures when compiling, considering that the GOST source has
adapted for the latter version.

3 years agoMake it compatible with cmake versions lower than 3.14, specify explicitly destinatio...
Sergei Lemeshkin [Wed, 17 Mar 2021 12:28:30 +0000 (15:28 +0300)]
Make it compatible with cmake versions lower than 3.14, specify explicitly destination paths

3 years agoOpenSSL version bump
Dmitry Belyavskiy [Wed, 17 Mar 2021 13:41:20 +0000 (14:41 +0100)]
OpenSSL version bump

3 years agoEVP_MAC_init API changed
Dmitry Belyavskiy [Wed, 3 Mar 2021 15:04:49 +0000 (16:04 +0100)]
EVP_MAC_init API changed

3 years agoAlways cNORM before "\n"
Richard Levitte [Mon, 22 Feb 2021 05:08:55 +0000 (06:08 +0100)]
Always cNORM before "\n"

Using cNORM after "\n" may or may not work, probably because of the
line buffered nature of standard output.

If an error is displayed immediately after a printf that has cNORM
after "\n", the error output sometimes "overrides" the cNORM, and you
may end up with a surprisingly colorful error message, not to mention
that this may also affect your prompt in the same manner.

The lesson is to always output cNORM before the ending "\n".

3 years agoModify installation instructions for gost-engine library and module
Richard Levitte [Sun, 21 Feb 2021 16:32:47 +0000 (17:32 +0100)]
Modify installation instructions for gost-engine library and module

- Simplify the installation of libraries and programs to simply use
  defaults.
- Install only the gost engine in module form into the OpenSSL engine
  directory.
- Install the gostsum and gost12sum manuals in the normal man1 directory,
  as there's really no reason to install them among OpenSSL stuff
  specifically.
- Install the cmake configuration file.

3 years agoAlso build gost-engine in library form
Richard Levitte [Wed, 17 Feb 2021 18:01:19 +0000 (19:01 +0100)]
Also build gost-engine in library form

In this form, the GOST engine isn't loadable through OpenSSL's dynamic
ENGINE loader, but directly as its own function, ENGINE_load_gost().
After making that call, the engine functionality can be used as usual.
This includes a public header file called gost-engine.h, which declares
that functions.

This also rearranges the code in gost_eng.c, as the binding
functionality was spread around in the file.  Now, it's all nicely
tucked at the end.

3 years agoAll tests are passing
Dmitry Belyavskiy [Sat, 20 Feb 2021 17:49:30 +0000 (18:49 +0100)]
All tests are passing

3 years agoAvoid some buffer overflows
Dmitry Belyavskiy [Sat, 20 Feb 2021 12:41:59 +0000 (15:41 +0300)]
Avoid some buffer overflows

3 years agoOpenSSL version bump: alpha8 => alpha11
Dmitry Belyavskiy [Wed, 17 Feb 2021 18:37:42 +0000 (19:37 +0100)]
OpenSSL version bump: alpha8 => alpha11

3 years agoBuild gcc-asan-openssl-master on MacOS X as well
Richard Levitte [Wed, 17 Feb 2021 06:38:17 +0000 (07:38 +0100)]
Build gcc-asan-openssl-master on MacOS X as well

3 years agoFix gost engine suffix (for MacOS X)
Richard Levitte [Wed, 17 Feb 2021 05:07:20 +0000 (06:07 +0100)]
Fix gost engine suffix (for MacOS X)

On MacOS X, OpenSSL and cmake have different ideas on what suffix a
dynamically loadable module should have.  OpenSSL expects .dylib,
while cmake uses .so by default.

Fixed by explicitly telling cmake to use the same suffix as for shared
libraries.

3 years agoRemove the use of test/run_tests in favor of 'prove'
Richard Levitte [Sun, 14 Feb 2021 20:53:02 +0000 (21:53 +0100)]
Remove the use of test/run_tests in favor of 'prove'

'prove' is a well developed TAP harness program, there's no real need
to write one's own.

We do need to set certain paths properly for the appropriate 'openssl'
program to be run.  We do that with a 'prove' plugin (WrapOpenSSL.pm)
that simply amends the appropriate system environment variables, given
a number of cmake generated environment variables that indicate where
OpenSSL files reside.

3 years agoMove gost_cmds[] from gost_ctl.c to gost_eng.c
Richard Levitte [Sat, 13 Feb 2021 12:53:46 +0000 (13:53 +0100)]
Move gost_cmds[] from gost_ctl.c to gost_eng.c

This make that array uniquely belonging to the engine proper, while
leaving the more generic gost parameters functionality in the
gost_core library.

3 years agoCleanup source organisation, and make 'gost' an actual module
Richard Levitte [Sat, 13 Feb 2021 10:38:43 +0000 (11:38 +0100)]
Cleanup source organisation, and make 'gost' an actual module

GOST_CORE_SOURCE_FILES and GOST_ENGINE_SOURCE_FILES were a bit
disorganised, they are now re-arranged so GOST_ENGINE_SOURCE_FILES
contains ENGINE specific source only, and what was less ENGINE
specific was moved to GOST_CORE_SOURCE_FILES.  Furthermore,
GOST_LIB_SOURCE_FILES now includes GOST_CORE_SOURCE_FILES, so the
gost_core library is complete with all implementations.

As a consequence, 'gost' is now explicitly made into a dlopenable
module.  On some operating systems, that makes a difference.

This paves the way for alternative implementations based on the same
base code, such as a provider implementation.

It's quite possible that the re-arrangement done here isn't "pure"
enough.  Future development will tell.

3 years agoReverting 0669b5306
Dmitry Belyavskiy [Sat, 6 Feb 2021 18:19:03 +0000 (19:19 +0100)]
Reverting 0669b5306

3 years agoAdjust printing options as we print pubkey only
Dmitry Belyavskiy [Sat, 6 Feb 2021 16:34:18 +0000 (17:34 +0100)]
Adjust printing options as we print pubkey only

3 years agoUpdate build instructions to make perl tests happy
Dmitry Belyavskiy [Sat, 6 Feb 2021 16:33:19 +0000 (17:33 +0100)]
Update build instructions to make perl tests happy

3 years agoFixed tests to match the current messages
Dmitry Belyavskiy [Wed, 20 Jan 2021 18:15:34 +0000 (19:15 +0100)]
Fixed tests to match the current messages

3 years agoCI: Covert some Travis-CI to GitHub Actions
Vitaly Chikunov [Thu, 7 Jan 2021 19:05:16 +0000 (22:05 +0300)]
CI: Covert some Travis-CI to GitHub Actions

All, excluding ppc64le/s390x/ar64 architectures, macOS,
and Coverity run.

3 years agogost_crypt: process full available block in CFB and CNT mode
Alexei A. Smekalkine [Mon, 30 Nov 2020 21:20:59 +0000 (00:20 +0300)]
gost_crypt: process full available block in CFB and CNT mode

If at the input of the encryption function in the CFB mode we have
an integer number of blocks, then in the main loop all blocks will be
processed, except for the last one due to an incorrect border check.
The last block will be fully processed as a "partial" remainder, but
the initialization vector will not be updated. And, thus, the value
of IV will always be incorrect in this case.

This breaks stateless protocols due to an invalid initialization vector:
all messages except the first cannot be decrypted. (Naturally, we are
talking about a case with disabled key meshing, which does not allow
context recovery due to an erroneous implementation.)

It is worth noting here that the code for processing partial blocks
(both at the input of the encryption functions and at the output) is
a historically unnecessary artifact, since we do not set the
EVP_CIPH_FLAG_CUSTOM_CIPHER flag and, as a result, OpenSSL processes
partial blocks for us.

This patch corrects the checking of the main loop boundary.

A similar error is present in the code for the CNT mode, but there it
does not manifest itself in any way, because the restoration of the
state in this mode is impossible: even after disabling key meshing, we
still have the state-dependent transformation of the IV.

As an extra result of this fix, the code for processing partial blocks
can be completely removed now.

(cherry picked from commit cf402dd4d89271d5b1ca4ea938ce7a2f13a44d58)

3 years agoupdate magma cipher ctr_acpkm mode encrypting
Igor Kirillov [Thu, 26 Nov 2020 15:26:03 +0000 (18:26 +0300)]
update magma cipher ctr_acpkm mode encrypting

Fixed bug when acpkm key meshing didn't apply at appropriate time
during TLS secure exchange.
Unify usage of 'num' variable of EVP_CIPHER_CTX for kuznetchik and
magma.

3 years agoTests updated to support GOST2001DH
Dmitry Belyavskiy [Sat, 28 Nov 2020 16:53:40 +0000 (19:53 +0300)]
Tests updated to support GOST2001DH

3 years agoAdd explicit support for NID_id_GostR3410_2001DH (GOST R 34.10-2001 DH)
Dmitry Timoshkov [Fri, 27 Nov 2020 14:19:59 +0000 (17:19 +0300)]
Add explicit support for NID_id_GostR3410_2001DH (GOST R 34.10-2001 DH)

4 years agoTry to fix osx build
Dmitry Belyavskiy [Thu, 19 Nov 2020 19:47:39 +0000 (22:47 +0300)]
Try to fix osx build