Merge branch 'master' of https://github.com/gost-engine/engine

author: Dmitry Belyavskiy <beldmit@gmail.com> 2019-10-27 20:27:22 +0300
committer: Dmitry Belyavskiy <beldmit@gmail.com> 2019-10-27 20:27:22 +0300
commit: 36af4d82eb967367885dfa217f50a6941f5c9c40 (patch)
tree: 0642d57d25727f61a1346917820c390936118a6c
parent: c7a9d2902a73bd9f65ae0145ae6f3e37537fc73e (diff)
parent: 07d33e5b24c0000e5b14d0bee5d53c5be3f69eeb (diff)
download: gost-engine-36af4d82eb967367885dfa217f50a6941f5c9c40.zip
gost-engine-36af4d82eb967367885dfa217f50a6941f5c9c40.tar.gz
gost-engine-36af4d82eb967367885dfa217f50a6941f5c9c40.tar.bz2
7 files changed, 43 insertions, 14 deletions
diff --git a/.travis.yml b/.travis.yml
index d769510..30ad2f3 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -30,10 +30,12 @@ matrix:
     - env: ASAN=-DASAN=1
       os: linux
       compiler: gcc
+    - env: RUN_COVERITY=1 COVERITY_SCAN_PROJECT_NAME="gost-engine" COVERITY_SCAN_BRANCH_PATTERN="*" COVERITY_SCAN_NOTIFICATION_EMAIL="beldmit@gmail.com" COVERITY_SCAN_BUILD_COMMAND="make"
+      os: linux
+      compiler: gcc
     - os: osx
       compiler: clang
 
-
 before_script:
   - curl -L https://cpanmin.us | sudo perl - --sudo App::cpanminus
   - sudo cpanm --notest Test2::V0 > build.log 2>&1 || (cat build.log && exit 1)
@@ -48,5 +50,5 @@ script:
   - mkdir build
   - cd build
   - cmake -DOPENSSL_ROOT_DIR=${PREFIX} -DOPENSSL_LIBRARIES=${PREFIX}/lib -DOPENSSL_ENGINES_DIR=${PREFIX}/engines ${ASAN} ..
-  - make
+  - if [ ! -z ${COVERITY_SCAN_TOKEN+x} -a "${RUN_COVERITY}" = "1" ]; then curl -s "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh" | bash || true; else make; fi
   - make test CTEST_OUTPUT_ON_FAILURE=1
diff --git a/gost_ameth.c b/gost_ameth.c
index b73f918..22631c0 100644
--- a/gost_ameth.c
+++ b/gost_ameth.c
@@ -424,16 +424,12 @@ static int priv_decode_gost(EVP_PKEY *pk,
 static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
 {
     ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
-    ASN1_STRING *params = encode_gost_algor_params(pk);
+    ASN1_STRING *params = NULL;
     unsigned char *buf = NULL;
     int key_len = pkey_bits_gost(pk), i = 0;
     /* unmasked private key */
     const char *pk_format = get_gost_engine_param(GOST_PARAM_PK_FORMAT);
 
-    if (!params) {
-        return 0;
-    }
-
     key_len = (key_len < 0) ? 0 : key_len / 8;
     if (key_len == 0 || !(buf = OPENSSL_malloc(key_len))) {
         return 0;
@@ -444,6 +440,12 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
         return 0;
     }
 
+    params = encode_gost_algor_params(pk);
+    if (!params) {
+        OPENSSL_free(buf);
+        return 0;
+    }
+
     /* Convert buf to Little-endian */
     for (i = 0; i < key_len / 2; i++) {
         unsigned char tmp = buf[i];
@@ -455,9 +457,13 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
         ASN1_STRING *octet = NULL;
         int priv_len = 0;
         unsigned char *priv_buf = NULL;
-
-        octet = ASN1_STRING_new();
-        ASN1_OCTET_STRING_set(octet, buf, key_len);
+        octet = ASN1_STRING_new();        
+        if (!octet || !ASN1_OCTET_STRING_set(octet, buf, key_len)) {
+            ASN1_STRING_free(octet);
+            ASN1_STRING_free(params);
+            OPENSSL_free(buf);
+            return 0;
+        }
         priv_len = i2d_ASN1_OCTET_STRING(octet, &priv_buf);
         ASN1_STRING_free(octet);
         OPENSSL_free(buf);
diff --git a/gost_ec_keyx.c b/gost_ec_keyx.c
index fa068ae..2053d0d 100644
--- a/gost_ec_keyx.c
+++ b/gost_ec_keyx.c
@@ -263,6 +263,8 @@ static int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out,
             return 0;
         }
     }
+    if (!param)
+        goto err;
     /* Check for private key in the peer_key of context */
     if (sec_key) {
         key_is_ephemeral = 0;
@@ -284,10 +286,6 @@ static int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out,
             }
         }
     }
-    if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS)
-        && param == gost_cipher_list) {
-        param = gost_cipher_list;
-    }
     if (out) {
         int dgst_nid = NID_undef;
         EVP_PKEY_get_default_digest_nid(pubk, &dgst_nid);
diff --git a/gost_grasshopper_cipher.c b/gost_grasshopper_cipher.c
index ba353c2..9df7bbc 100644
--- a/gost_grasshopper_cipher.c
+++ b/gost_grasshopper_cipher.c
@@ -713,6 +713,7 @@ int gost_grasshopper_set_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
     os = ASN1_OCTET_STRING_new();
 
     if (!os || !ASN1_OCTET_STRING_set(os, buf, len)) {
+        ASN1_OCTET_STRING_free(os);
         OPENSSL_free(buf);
         GOSTerr(GOST_F_GOST_GRASSHOPPER_SET_ASN1_PARAMETERS,
                 ERR_R_MALLOC_FAILURE);
diff --git a/gost_omac_acpkm.c b/gost_omac_acpkm.c
index 793a6d3..c22524a 100644
--- a/gost_omac_acpkm.c
+++ b/gost_omac_acpkm.c
@@ -68,6 +68,7 @@ static CMAC_ACPKM_CTX *CMAC_ACPKM_CTX_new(void)
     }
     ctx->actx = EVP_CIPHER_CTX_new();
     if (ctx->actx == NULL) {
+        EVP_CIPHER_CTX_free(ctx->cctx);
         OPENSSL_free(ctx);
         return NULL;
     }
diff --git a/gost_params.c b/gost_params.c
index b73d5a9..b5684b6 100644
--- a/gost_params.c
+++ b/gost_params.c
@@ -90,6 +90,26 @@ R3410_ec_params R3410_2001_paramset[] = {
 R3410_ec_params *R3410_2012_256_paramset = R3410_2001_paramset;
 
 R3410_ec_params R3410_2012_512_paramset[] = {
+    {NID_id_tc26_gost_3410_2012_512_paramSetTest,
+     /* a */
+     "7",
+     /* b */
+     "1CFF0806A31116DA29D8CFA54E57EB748BC5F377E49400FDD788B649ECA1AC43"
+     "61834013B2AD7322480A89CA58E0CF74BC9E540C2ADD6897FAD0A3084F302ADC",
+     /* p */
+     "4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C09B5D2D15D"
+     "F1D852741AF4704A0458047E80E4546D35B8336FAC224DD81664BBF528BE6373",
+     /* q */
+     "4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C09B5D2D15D"
+     "A82F2D7ECB1DBAC719905C5EECC423F1D86E25EDBE23C595D644AAF187E6E6DF",
+     /* x */
+     "24D19CC64572EE30F396BF6EBBFD7A6C5213B3B3D7057CC825F91093A68CD762"
+     "FD60611262CD838DC6B60AA7EEE804E28BC849977FAC33B4B530F1B120248A9A",
+     /* y */
+     "2BB312A43BD2CE6E0D020613C857ACDDCFBF061E91E5F2C3F32447C259F39B2C"
+     "83AB156D77F1496BF7EB3351E1EE4E43DC1A18B91B24640B6DBB92CB1ADD371E",
+     "1"}
+    ,
     {NID_id_tc26_gost_3410_2012_512_paramSetA,
      /* a */
      "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
diff --git a/gost_pmeth.c b/gost_pmeth.c
index 41e53b6..b6f4543 100644
--- a/gost_pmeth.c
+++ b/gost_pmeth.c
@@ -351,6 +351,7 @@ static int pkey_gost2012_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
     case NID_id_tc26_gost_3410_2012_512_paramSetA:
     case NID_id_tc26_gost_3410_2012_512_paramSetB:
     case NID_id_tc26_gost_3410_2012_512_paramSetC:
+    case NID_id_tc26_gost_3410_2012_512_paramSetTest:
         result =
             (EVP_PKEY_assign(pkey, NID_id_GostR3410_2012_512, ec)) ? 1 : 0;
         break;
author	Dmitry Belyavskiy <beldmit@gmail.com>	2019-10-27 20:27:22 +0300
committer	Dmitry Belyavskiy <beldmit@gmail.com>	2019-10-27 20:27:22 +0300
commit	36af4d82eb967367885dfa217f50a6941f5c9c40 (patch)
tree	0642d57d25727f61a1346917820c390936118a6c
parent	c7a9d2902a73bd9f65ae0145ae6f3e37537fc73e (diff)
parent	07d33e5b24c0000e5b14d0bee5d53c5be3f69eeb (diff)
download	gost-engine-36af4d82eb967367885dfa217f50a6941f5c9c40.zip gost-engine-36af4d82eb967367885dfa217f50a6941f5c9c40.tar.gz gost-engine-36af4d82eb967367885dfa217f50a6941f5c9c40.tar.bz2