Ilya Shipitsin [Wed, 2 Nov 2022 16:46:18 +0000 (21:46 +0500)]
Merge pull request #421 from chipitsine/master
CI: cirrus: bump image to freebsd 13.1
Ilya Shipitsin [Wed, 2 Nov 2022 16:32:00 +0000 (21:32 +0500)]
CI: cirrus: bump image to freebsd 13.1
Dmitry Belyavskiy [Sun, 25 Sep 2022 09:39:55 +0000 (11:39 +0200)]
updating CA constraints
Mark Fedorov [Thu, 11 Aug 2022 12:27:11 +0000 (12:27 +0000)]
Add magma-ecb mode. Fixes #410
Dmitry Belyavskiy [Fri, 22 Jul 2022 15:13:27 +0000 (17:13 +0200)]
We need to init submodule explicitly
Thanks to Matt Caswell for pointing on it
Mark Fedorov [Sat, 9 Jul 2022 16:00:26 +0000 (16:00 +0000)]
Refactored acpkm_magma_key_meshing
Mark Fedorov [Fri, 1 Jul 2022 12:29:12 +0000 (15:29 +0300)]
Refactor little-to-big-endian subroutine for magma
Vitaly Chikunov [Fri, 22 Apr 2022 00:02:36 +0000 (03:02 +0300)]
gost_ec_sign: Fix sig verify step 1 range checks
Ensure 0 < r < q, 0 < s < q. (34.10-2021 6.2).
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Dmitry Belyavskiy [Sat, 21 May 2022 18:20:20 +0000 (20:20 +0200)]
On unpacking key blob output buffer size should be fixed
Related: CVE-2022-29242
Dmitry Belyavskiy [Sat, 21 May 2022 18:06:47 +0000 (20:06 +0200)]
Fix buffer overrun in creating key transport blob according to RFC 9189, 4.2.4.2
Resolves: CVE-2022-29242
Dmitry Belyavskiy [Fri, 20 May 2022 16:13:50 +0000 (18:13 +0200)]
Fix buffer overrun in creating key transport blob according to RFC 9189, 4.2.4.1
Resolves: CVE-2022-29242
Dmitry Belyavskiy [Wed, 4 May 2022 16:19:02 +0000 (18:19 +0200)]
Make TLS tests on SECLEVEL 0
As https://github.com/openssl/openssl/pull/18236 is going to
ban SSL3, TLS1, TLS1.1 and DTLS1.0 at security level one and above,
we have to adjust GOST TLS tests.
Dmitry Belyavskiy [Tue, 8 Feb 2022 13:41:44 +0000 (14:41 +0100)]
Get rid of irrelevant examples
Vitaly Chikunov [Tue, 8 Feb 2022 08:31:54 +0000 (11:31 +0300)]
Fix gcc12 -fanalyzer warning
GCC do not understand that `algname` cannot be NULL. Add dummy default case to
cover all execution paths.
Fixes https://github.com/gost-engine/engine/issues/389
Tested-by: Ilya Shipitsin <chipitsine@gmail.com>
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Dmitry Belyavskiy [Mon, 7 Feb 2022 17:31:04 +0000 (18:31 +0100)]
Ensure that CMAC_ACPKM_CTX_copy works with 2 non-NULL pointers - fixup
Related: #387
Dmitry Belyavskiy [Sun, 6 Feb 2022 13:41:15 +0000 (14:41 +0100)]
Ensure that CMAC_ACPKM_CTX_copy works with 2 non-NULL pointers.
Related: #387
Vitaly Chikunov [Mon, 10 Jan 2022 01:27:00 +0000 (04:27 +0300)]
gost_prov: OPENSSL_free what is OPENSSL_zalloc'd
*** CID 345254: API usage errors (ALLOC_FREE_MISMATCH)
/gost_prov.c: 71 in provider_ctx_new()
65 && populate_gost_engine(ctx->e)) {
66 ctx->core_handle = core;
67
68 /* Ugly hack */
69 err_handle = ctx->proverr_handle;
70 } else {
>>> CID 345254: API usage errors (ALLOC_FREE_MISMATCH)
>>> Calling "provider_ctx_free" frees "ctx" using "free" but it should have been freed using "CRYPTO_free".
71 provider_ctx_free(ctx);
72 ctx = NULL;
73 }
74 return ctx;
75 }
Fixes: f5a3951 ("gost_prov: Avoid access to unallocated memory")
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Sat, 8 Jan 2022 23:34:57 +0000 (02:34 +0300)]
gost_prov: Avoid access to unallocated memory
This should fix Coverity warning:
*** CID 345245: (UNINIT)
/gost_prov.c: 71 in provider_ctx_new()
65 && populate_gost_engine(ctx->e)) {
66 ctx->core_handle = core;
67
68 /* Ugly hack */
69 err_handle = ctx->proverr_handle;
70 } else {
>>> CID 345245: (UNINIT)
>>> Using uninitialized value "ctx->e" when calling "provider_ctx_free".
71 provider_ctx_free(ctx);
72 ctx = NULL;
73 }
74 return ctx;
75 }
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Issue: #380
Vitaly Chikunov [Sat, 8 Jan 2022 23:25:31 +0000 (02:25 +0300)]
gost_ec_keyx: Check CTX data before it's really used
This should fix Coverity warning:
*** CID 345243: Null pointer dereferences (REVERSE_INULL)
/gost_ec_keyx.c: 681 in pkey_gost2018_decrypt()
675 o Q_eph is on the same curve as server public key;
676
677 o Q_eph is not equal to zero point;
678
679 o q * Q_eph is not equal to zero point.
680 */
>>> CID 345243: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "data" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
681 if (eph_key == NULL || priv == NULL || data == NULL) {
682 GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT,
683 GOST_R_ERROR_COMPUTING_EXPORT_KEYS);
684 ret = 0;
685 goto err;
686 }
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Issue: #380
Ilya Shipitsin [Sat, 8 Jan 2022 08:31:14 +0000 (11:31 +0300)]
Merge pull request #379 from chipitsine/master
CI: add daily Coverity scan job
Ilya Shipitsin [Thu, 6 Jan 2022 21:48:19 +0000 (02:48 +0500)]
CI: add daily Coverity scan job
Vitaly Chikunov [Wed, 15 Dec 2021 01:23:22 +0000 (04:23 +0300)]
test_tls: Rework test to be single process
Rework the test to be similar to sslapitest.c. Using BIO only connections
and non-blocking IO instead of socketpair and separate processes.
This will allow it to compile and work on Windows.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Sun, 19 Dec 2021 22:40:39 +0000 (01:40 +0300)]
MSVC: Fix casting warning C4057
test_tls.c(103,5): warning C4057: 'function': 'const unsigned char *' differs in indirection to slightly different base types from 'char [8]'
test_tls.c(104,5): warning C4057: 'function': 'const unsigned char *' differs in indirection to slightly different base types from 'char [9]'
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Sun, 19 Dec 2021 21:58:23 +0000 (00:58 +0300)]
MSVC: CI: Specify explicitly OpenSSL build target
Useful to copy-paste for manual builds.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Sun, 19 Dec 2021 22:35:58 +0000 (01:35 +0300)]
Output provider info
Output something in `openssl list -providers` so it's merrier.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Wed, 15 Dec 2021 00:46:26 +0000 (03:46 +0300)]
CMake: Set default build type to RelWithDebInfo
To maintain backward compatibility for users already familiar with older engine
build type (basically restores `-O2 -g').
Fixes: 5ad6c77 ("Adapt C flags for the cmake build type")
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Fri, 10 Dec 2021 14:46:18 +0000 (17:46 +0300)]
MSVC: Add dllexport to OSSL_provider_init
`OSSL_provider_init' requires dllexport attribute to be visible (and thus
loadable) in DLL.
Link: https://github.com/openssl/openssl/issues/17203
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Tue, 7 Dec 2021 09:14:48 +0000 (12:14 +0300)]
CMake: Add CONFIG to the output dir if MSVC
This will fix setting of OPENSSL_ENGINES in ctest on Windows.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Tue, 7 Dec 2021 09:33:41 +0000 (12:33 +0300)]
CMake: Test presence of prove for perl tests
This will skip tests on Windows, due to prove being `.bat' file and cmake will
be unable to run it.
Also, `HAVE_TEST2_V0' is renamed to be more meaningful.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Mon, 6 Dec 2021 03:09:27 +0000 (06:09 +0300)]
MSVC: Do not build in library form
Library form overwrites module form due to both having the same name `gost.dll'.
As temporary workaround do not build library form on Windows, until we invent
how to solve it properly. Currently, there is no known need of engine in the
library form on Windows.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Sun, 5 Dec 2021 08:07:11 +0000 (11:07 +0300)]
MSVC: Fix 'no OPENSSL_Applink' error
Error message:
OPENSSL_Uplink(
00007FF9FB00F600,08): no OPENSSL_Applink
Link: https://www.openssl.org/docs/faq.html#PROG3
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Sat, 4 Dec 2021 09:35:46 +0000 (12:35 +0300)]
MSVC: Skip building Linux-only binaries
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Sat, 4 Dec 2021 08:09:52 +0000 (11:09 +0300)]
MSVC: Fix absence of 'setenv'
Error message:
test_keyexpimp.c(111,11): warning C4013: 'setenv' undefined; assuming extern returning int
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Sat, 4 Dec 2021 09:37:39 +0000 (12:37 +0300)]
MSVC: Fix include files
Error message:
gost12sum.c(13,10): fatal error C1083: Cannot open include file: 'unistd.h': No such file or directory
gost12sum.c(80,23): warning C4013: 'getopt' undefined; assuming extern returning int
test_keyexpimp.c(7,10): fatal error C1083: Cannot open include file: 'arpa/inet.h': No such file or directory
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Sat, 4 Dec 2021 07:25:38 +0000 (10:25 +0300)]
MSVC: Fix signed/unsigned mismatch errors
test_digest.c(513,2): warning C4389: '==': signed/unsigned mismatch
test_digest.c(820,5): warning C4389: '==': signed/unsigned mismatch
test_sign.c(241,22): warning C4389: '==': signed/unsigned mismatch
test_params.c(1131,16): warning C4018: '<': signed/unsigned mismatch
test_sign.c(241,22): warning C4389: '==': signed/unsigned mismatch
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Sat, 4 Dec 2021 06:55:55 +0000 (09:55 +0300)]
MSVC: No support for GCC's compound statement expressions
Error messages:
test_ciphers.c(329,5): error C2059: syntax error: '{'
test_ciphers.c(329,5): error C2059: syntax error: '}'
test_ciphers.c(329,5): error C2059: syntax error: ')'
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Sat, 4 Dec 2021 06:13:14 +0000 (09:13 +0300)]
MSVC: Replace variable-length automatic arrays with alloca
MSVC is not C99 compatible[1]. Errors:
test_ciphers.c(312,25): error C2057: expected constant expression
test_ciphers.c(312,25): error C2466: cannot allocate an array of constant size 0
test_ciphers.c(312,26): error C2133: 'c': unknown size
Link: https://docs.microsoft.com/en-us/cpp/c-language/ansi-conformance
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Sat, 4 Dec 2021 06:00:47 +0000 (09:00 +0300)]
MSVC: Ifdef GCC pragmas
Error message:
test_ciphers.c(37,9): warning C4068: unknown pragma 'GCC'
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Fri, 3 Dec 2021 09:38:19 +0000 (12:38 +0300)]
MSVC: Avoid use `htonl' since it requires linking with Winsock
No need external library (Ws2_32.lib) if we can easily implement it.
Error messages:
gost_core.lib(gost_keyexpimp.obj) : error LNK2019: unresolved external symbol htonl referenced in function gost_kdftree2012_256
gost.dll : fatal error LNK1120: 1 unresolved externals
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Fri, 3 Dec 2021 09:32:35 +0000 (12:32 +0300)]
MSVC: Remove GCC pragma messages
These planned to be removed later anyway. Error message:
gosthash2012_ref.h(15,18): warning C4081: expected '('; found 'string'
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Fri, 3 Dec 2021 09:14:53 +0000 (12:14 +0300)]
MSVC: Replace tentative arrays with pointers
Error message example:
gost_prov_cipher.c(237,63): error C2059: syntax error: '}'
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Fri, 3 Dec 2021 09:10:33 +0000 (12:10 +0300)]
MSVC: Fix unresolved externals (cipher_gost_grasshopper_ctracpkm)
Un-inline `cipher_gost_grasshopper_ctracpkm'. Error message:
gost_core.lib(gost_omac_acpkm.obj) : error LNK2019: unresolved external symbol cipher_gost_grasshopper_ctracpkm referenced in function CMAC_ACPKM_Init
gost.dll : fatal error LNK1120: 1 unresolved externals
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Fri, 3 Dec 2021 09:06:25 +0000 (12:06 +0300)]
MSVC: Fix Elvis operator
Error example:
gost_md.c(54,45): error C2059: syntax error: ':'
gost_md.c(67,5): error C2059: syntax error: 'if'
gost_md.c(69,6): error C2143: syntax error: missing '{' before '->'
gost_md.c(69,6): error C2059: syntax error: '->'
gost_md.c(70,5): error C2059: syntax error: 'return'
gost_md.c(71,1): error C2059: syntax error: '}'
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Fri, 3 Dec 2021 09:04:06 +0000 (12:04 +0300)]
MSVC: Fix unreachable code warning
Errors are like this:
gost_pmeth.c(188): warning C4702: unreachable code
gost_grasshopper_cipher.c(909): warning C4702: unreachable code
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Fri, 3 Dec 2021 09:02:32 +0000 (12:02 +0300)]
MSVC: Fix signedness in comparison
Error message:
gost_crypt.c(652,36): warning C4018: '<': signed/unsigned mismatch
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Fri, 3 Dec 2021 08:54:40 +0000 (11:54 +0300)]
MSVC: Undo adding `-Wno-error=deprecated-declarations`
Since they are now global. Error message:
cl : command line error D8021: invalid numeric argument '/Wno-error=deprecated-declarations'
Fixes: 5dfb598 ("CMakeLists.txt: Workaround openssl deprecation of HMAC and CMAC primitives")
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Fri, 3 Dec 2021 08:53:17 +0000 (11:53 +0300)]
MSVC: Disable deprecated declarations (C4996) warning
`/wd4996' disables deprecated declarations warning, this is analogous to
`-Wno-error=deprecated-declarations'. Error example:
gost_pmeth.c(39,17): warning C4996: 'EVP_PKEY_get0': Since OpenSSL 3.0
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Thu, 2 Dec 2021 00:38:27 +0000 (03:38 +0300)]
CI: Build and test on Windows (MSVC)
Uses actions/cache to speed up engine rebuilds.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Vitaly Chikunov [Wed, 1 Dec 2021 03:07:08 +0000 (06:07 +0300)]
Add .editorconfig
Noticed that there is some misindentation (also fix it).
Anton Fadeev [Thu, 25 Nov 2021 17:31:03 +0000 (20:31 +0300)]
Use frpintf(stderr, ...) instead of printf(...)
When we use git cli in OS Linux, with enabled gost engine
git utility we got fatal erro
Dmitry Belyavskiy [Sun, 14 Nov 2021 10:46:20 +0000 (11:46 +0100)]
Properly set expected digest size for mac in provider
Richard Levitte [Mon, 11 Oct 2021 13:10:45 +0000 (15:10 +0200)]
Document the current state of the GOST provider
Richard Levitte [Mon, 30 Aug 2021 11:44:22 +0000 (13:44 +0200)]
libprov: update to latest
Richard Levitte [Sat, 13 Feb 2021 14:01:02 +0000 (15:01 +0100)]
Making a gost provider - installation instructions
Richard Levitte [Wed, 12 May 2021 11:44:05 +0000 (13:44 +0200)]
Making a gost provider - Adapt test_context.c for providers
Richard Levitte [Wed, 12 May 2021 11:36:15 +0000 (13:36 +0200)]
Making a gost provider - Adapt test_ciphers.c for providers
Richard Levitte [Tue, 11 May 2021 08:09:10 +0000 (10:09 +0200)]
Making a gost provider - Adapt test_digest.c for providers
Richard Levitte [Tue, 11 May 2021 07:39:30 +0000 (09:39 +0200)]
Making a gost provider - Adapt the grasshopper OMACs for providers
They needed to be modified to handled EVP_CIPHERs implemented by a
provider.
Richard Levitte [Mon, 5 Apr 2021 06:08:10 +0000 (08:08 +0200)]
Making a gost provider - Add the macs
We add the macs for the provider as wrappers around the EVP_MD
implementations designed for ENGINEs. This is not the most elegant,
but it does the job.
When an algorithm has an OID, it's included in the OSSL_ALGORITHM name
as an alias. This is the way to avoid having to register the OIDs in
OpenSSL proper.
Richard Levitte [Sat, 13 Feb 2021 13:56:17 +0000 (14:56 +0100)]
Making a gost provider - Add the digests
We add the digests for the provider as wrappers around the routines
designed for ENGINEs. This is not the most elegant, but it does the
job.
When an algorithm has an OID, it's included in the OSSL_ALGORITHM name
as an aliase. This is the way to avoid having to register the OIDs in
OpenSSL proper.
test/01-digest.t is modified to test the provider as well.
Richard Levitte [Sat, 13 Feb 2021 13:52:39 +0000 (14:52 +0100)]
Making a gost provider - Add the ciphers
We add the ciphers for the provider as wrappers around the routines
designed for ENGINEs. This is not the most elegant, but it does the
job.
When an algorithm has an OID, it's included in the OSSL_ALGORITHM name
as an aliase. This is the way to avoid having to register the OIDs in
OpenSSL proper.
test/03-encrypt.t is modified to test the provider as well.
Richard Levitte [Mon, 10 May 2021 07:06:04 +0000 (09:06 +0200)]
Making a gost provider - Refactor the testing foundation
This makes space for provider tests.
As a beginning, test/00-provider.t is added. It corresponds to
test/00-engine.t.
All other test/*.t are currently skipped unless the engine is tested.
They will be re-enabled as support for each algorithm type is added in
the provider code.
Richard Levitte [Sat, 13 Feb 2021 13:50:49 +0000 (14:50 +0100)]
Making a gost provider - Add the provider foundation
This adds the source to get a minimal provider that provides...
nothing.
Richard Levitte [Sun, 14 Feb 2021 23:45:40 +0000 (00:45 +0100)]
Making a gost provider - Refactor the engine to become a backend
The gost provider is planned to be a wrapper around the already
existing functionality, designed for ENGINE use.
The easiest way to do this is to let the gost ENGINE continue to exist
within the gost provider, as an internal ENGINE. To do that, we make
it possible to build gost_eng.c so it only populates the GOST ENGINE
structure, but doesn't perform any of the ENGINE registration. That
way, the GOST ENGINE structure becomes purely internal, and can be
used as the actual implementation of the offered provider functionality,
through diverse EVP calls that accept an ENGINE pointer.
Richard Levitte [Sat, 13 Feb 2021 13:45:11 +0000 (14:45 +0100)]
Making a gost provider - move away the error source files
The error source files, e_gost_err.c and e_gost_err.h, are not
suitable for providers as they are, so we need to move those away from
the core library, and leave it to the provider code to deal with it.
Dmitry Belyavskiy [Thu, 7 Oct 2021 18:51:02 +0000 (20:51 +0200)]
Explicitly provide SECLEVEL for TLS tests
Dmitry Belyavskiy [Tue, 28 Sep 2021 14:39:39 +0000 (17:39 +0300)]
Don't recreate GOST EC groups every time (#358)
* Don't recreate GOST EC groups every time
For multiple keygen it saves 6% time
Nikolas [Sun, 19 Sep 2021 08:44:32 +0000 (11:44 +0300)]
Rewrite error handling in pub_decode_gost_ec()
Dmitry Belyavskiy [Thu, 16 Sep 2021 15:15:33 +0000 (17:15 +0200)]
We don't want depend on spacing around equal sign
...in DN output
Richard Levitte [Mon, 6 Sep 2021 05:47:37 +0000 (07:47 +0200)]
Now that there is an actual openssl-3.0 branch, switch to use that
Richard Levitte [Wed, 1 Sep 2021 07:24:59 +0000 (09:24 +0200)]
Make the use of RPATH conditional
MacOS ld doesn't support -rpath, so we must be able to not use it there.
Richard Levitte [Wed, 1 Sep 2021 07:04:05 +0000 (09:04 +0200)]
Simplify the CI job "gcc-asan-openssl-master"
Now that .github/before_script.sh works properly on MacOS, there is
no reason not to use it for this job as well.
Richard Levitte [Wed, 1 Sep 2021 06:48:02 +0000 (08:48 +0200)]
Modify .github/before_script.sh to install cpanm as a standalone script
It makes sure to install it where site perl scripts should be located.
Richard Levitte [Tue, 31 Aug 2021 18:32:55 +0000 (20:32 +0200)]
Add CI builds on MacOS 11 (BigSur)
Richard Levitte [Sun, 29 Aug 2021 07:41:32 +0000 (09:41 +0200)]
Update openssl-3.0.0-alpha17 -> openssl-3.0.0-beta2 for codeql as well
Dmitry Belyavskiy [Thu, 19 Aug 2021 13:34:06 +0000 (15:34 +0200)]
Increase cmake version to 3.18
Dmitry Belyavskiy [Thu, 19 Aug 2021 12:55:19 +0000 (14:55 +0200)]
Stop overriding OPENSSL_LIBRARIES
Fix #346
Richard Levitte [Wed, 18 Aug 2021 07:12:40 +0000 (09:12 +0200)]
Switch to using OpenSSL target names in CMakeLists.txt
Cmake 3.0 was a switch to using targets and properties rather than
variables when linking different components together.
We follow that philosophy by dropping ${OPENSSL_CRYPTO_LIBRARIES} and
${OPENSSL_SSL_LIBRARIES} in favor of OpenSSL::Crypto and OpenSSL::SSL.
Richard Levitte [Tue, 17 Aug 2021 20:35:09 +0000 (22:35 +0200)]
Reduce the repeated library dependence information
Cmake is generally good at tracking specified dependencies between
libraries. All that we need to do is to establish a dependency on
OpenSSL's libcrypto for 'gost_core', and then we can reduce the amount
of repeated dependencies for everything that links against 'gost_core'.
Richard Levitte [Tue, 17 Aug 2021 20:31:39 +0000 (22:31 +0200)]
Make CMakeLists.txt work better with static OpenSSL libraries
The static OpenSSL libraries have some dependencies that need to be
recorded fofr everything that's linked against it. To achieve this,
we use ${OPENSSL_CRYPTO_LIBRARIES} and ${OPENSSL_SSL_LIBRARIES}
instead of ${OPENSSL_CRYPTO_LIBRARY} and ${OPENSSL_SSL_LIBRARY}.
Billy Brumley [Mon, 9 Aug 2021 19:57:47 +0000 (22:57 +0300)]
push VKO cofactor clearing into ECCKiila
Billy Brumley [Mon, 9 Aug 2021 19:57:15 +0000 (22:57 +0300)]
[test] VKO unit tests for curves with cofactors: extreme ranges
Dmitry Belyavskiy [Wed, 11 Aug 2021 13:10:00 +0000 (15:10 +0200)]
Explicitly set libdir to lib
OpenSSL commit https://github.com/openssl/openssl/commit/
74b7f339aa58af57c0e71b7efca66e6f2db5ae2e
changed the default installation path on 64-bit systems.
The recommended workaround is appending --libdir=lib
Dmitry Belyavskiy [Tue, 10 Aug 2021 16:18:45 +0000 (18:18 +0200)]
Stable: alpha16 => beta2
Dmitry Belyavskiy [Wed, 2 Jun 2021 15:16:12 +0000 (17:16 +0200)]
CMake 3.18 recommended
More earlier versions don't properly detect OpenSSL 3.0.
BTW, workarounds still exist
Dmitry Belyavskiy [Fri, 28 May 2021 11:10:12 +0000 (13:10 +0200)]
Merge branch 'levitte-update-codeql-analysis'
Dmitry Belyavskiy [Fri, 28 May 2021 11:09:07 +0000 (13:09 +0200)]
Merge branch 'update-codeql-analysis' of https://github.com/levitte/engine into levitte-update-codeql-analysis
Richard Levitte [Wed, 12 May 2021 12:09:49 +0000 (14:09 +0200)]
Set OPENSSL_ROOT_DIR if it isn't set.
These days, the OpenSSL cmake package finder is capable of finding
a custom OpenSSL installation with no OPENSSL_ROOT_DIR defined, but
CMAKE_PREFIX_PATH defined.
However, gost-engine's CMakeLists.txt does use OPENSSL_ROOT_DIR, so
it needs it to be defined unconditionally. That's arranged fairly
easily by assigning it the parent directory of OPENSSL_INCLUDE_DIR.
Dmitry Belyavskiy [Fri, 28 May 2021 11:02:16 +0000 (14:02 +0300)]
Merge branch 'master' into update-codeql-analysis
Richard Levitte [Fri, 28 May 2021 10:23:14 +0000 (12:23 +0200)]
Update the OpenSSL 3.0 tag to openssl-3.0.0-alpha17
Most of all, at least openssl-3.0.0-alpha16 is needed, because there
are API changes made in that release that affects gost-engine builds
Dmitry Belyavskiy [Sun, 23 May 2021 09:05:01 +0000 (11:05 +0200)]
Increase openssl version
Richard Levitte [Tue, 11 May 2021 08:27:37 +0000 (10:27 +0200)]
Adapt C flags for the cmake build type
The C flags were set to be highly optimized regardless of the cmake
build type. This may make debugging difficult. To resolve that, we
adapt the C flags to the cmake build type in a supported manner.
Dmitry Belyavskiy [Tue, 11 May 2021 10:58:29 +0000 (12:58 +0200)]
Alpha version bump
Dmitry Belyavskiy [Fri, 30 Apr 2021 16:38:48 +0000 (18:38 +0200)]
Update to be compatible with openssl#15100
(cherry picked from commit
1b684f3f906bc81154ca1d5af7d6bc60199f1f9c)
Richard Levitte [Sat, 1 May 2021 06:42:31 +0000 (08:42 +0200)]
Mark test_keyexpimp and gost89 as internal tests
Richard Levitte [Sat, 1 May 2021 06:41:42 +0000 (08:41 +0200)]
Don't load the gost engine in test_curves.c
This test is so internal that it doesn't even need the engine.
Richard Levitte [Sat, 1 May 2021 06:36:55 +0000 (08:36 +0200)]
Make test programs less hard-coded
The following programs had a hard coded load of the gost engine.
This changes them to rely more on the testing environment, and to
load engines through configuration files.
This affects: test_ciphers.c, test_context.c, test_derive.c,
test_digest.c, test_params.c, test_sign.c, test_tls.c
se-prok [Fri, 2 Apr 2021 07:51:28 +0000 (10:51 +0300)]
Update gost_ec_keyx.c
It's not right to have segmentation faults.
Richard Levitte [Tue, 30 Mar 2021 18:40:37 +0000 (20:40 +0200)]
Don't put test results or intermediary files in the source tree
When building in a directory that's separate from the source
directory, test results should end up in the build directory, not the
source directory.
Essentially, unless you do build in the source directory, it should be
regarded as read-only when building.
Richard Levitte [Tue, 30 Mar 2021 18:47:16 +0000 (20:47 +0200)]
Install manuals in the correct location
Cmake doesn't support the variable CMAKE_INSTALL_DIR. However, with
the GNUInstallDirs module, there is the variable CMAKE_INSTALL_MANDIR.
projects / openssl-gost / engine.git / log