| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Remove CRYPT_PARAMS mentioning to avoid confusion
|
|
|
|
|
|
gost_engine
|
|
OpenSSL::Crypto
|
|
|
|
|
|
|
|
Cmake 3.0 was a switch to using targets and properties rather than
variables when linking different components together.
We follow that philosophy by dropping ${OPENSSL_CRYPTO_LIBRARIES} and
${OPENSSL_SSL_LIBRARIES} in favor of OpenSSL::Crypto and OpenSSL::SSL.
(cherry picked from commit 36c50fa58c3cc1c5a30fd94aad77490e44abf022)
# Conflicts:
# CMakeLists.txt
|
|
Cmake is generally good at tracking specified dependencies between
libraries. All that we need to do is to establish a dependency on
OpenSSL's libcrypto for 'gost_core', and then we can reduce the amount
of repeated dependencies for everything that links against 'gost_core'.
(cherry picked from commit 7ca9b827135b90cfc2567058b56325a518a3d57a)
# Conflicts:
# CMakeLists.txt
|
|
The static OpenSSL libraries have some dependencies that need to be
recorded fofr everything that's linked against it. To achieve this,
we use ${OPENSSL_CRYPTO_LIBRARIES} and ${OPENSSL_SSL_LIBRARIES}
instead of ${OPENSSL_CRYPTO_LIBRARY} and ${OPENSSL_SSL_LIBRARY}.
(cherry picked from commit 3df647770ff9aa8bd3b08c6ff8200da1ee69565c)
# Conflicts:
# CMakeLists.txt
|
|
gost-engine.h to be able to load engine as static engine for openssl.
Made gost_core library independent.
Corrected openssl version in cirrus.yml
Related issue: #340
|
|
|
|
|
|
* backport commit 2dd3a2f from master
update magma cipher ctr_acpkm mode encrypting
Fixed bug when acpkm key meshing didn't apply at appropriate time
during TLS secure exchange.
Unify usage of 'num' variable of EVP_CIPHER_CTX for kuznetchik and
magma.
* correct define variable dependency
add optional compiling setting for EVP_CTRL_TLS1_2_TLSTREE variable
Co-authored-by: Igor Kirillov <i.kirillov@kryptonite.ru>
|
|
If at the input of the encryption function in the CFB mode we have
an integer number of blocks, then in the main loop all blocks will be
processed, except for the last one due to an incorrect border check.
The last block will be fully processed as a "partial" remainder, but
the initialization vector will not be updated. And, thus, the value
of IV will always be incorrect in this case.
This breaks stateless protocols due to an invalid initialization vector:
all messages except the first cannot be decrypted. (Naturally, we are
talking about a case with disabled key meshing, which does not allow
context recovery due to an erroneous implementation.)
It is worth noting here that the code for processing partial blocks
(both at the input of the encryption functions and at the output) is
a historically unnecessary artifact, since we do not set the
EVP_CIPH_FLAG_CUSTOM_CIPHER flag and, as a result, OpenSSL processes
partial blocks for us.
This patch corrects the checking of the main loop boundary.
A similar error is present in the code for the CNT mode, but there it
does not manifest itself in any way, because the restoration of the
state in this mode is impossible: even after disabling key meshing, we
still have the state-dependent transformation of the IV.
As an extra result of this fix, the code for processing partial blocks
can be completely removed now.
(cherry picked from commit cf402dd4d89271d5b1ca4ea938ce7a2f13a44d58)
|
|
|
|
(cherry picked from commit e1afd2a137a0a4cab89260202fdc1828263d098d)
|
|
|
|
/root/rpmbuild/BUILD/openssl-gost-engine-1.1.1/CMakeFiles/CMakeTmp/src.c:4:14: warning: initialization of 'int *' from incompatible pointer type 'char *' [-Wincompatible-pointer-types]
4 | int *p = buf + 1;
| ^~~
/root/rpmbuild/BUILD/openssl-gost-engine-1.1.1/CMakeFiles/CMakeTmp/src.c:5:14: warning: initialization of 'int *' from incompatible pointer type 'char *' [-Wincompatible-pointer-types]
5 | int *q = buf + 2;
| ^~~
Reported-by: Ilya Shipitsin <https://github.com/chipitsine>
Fixes: #288
(cherry picked from commit 6c7addf78b7fe7c8841d4cda6c9d710e4992c7a6)
|
|
(cherry picked from commit 47be42da87cb9bf9bad6f415c442b586ce0752ef)
|
|
(cherry picked from commit 1997dd99db27383a89d1f91bd4d7091b553ca6ee)
|
|
This is based on AX_CHECK_ALIGNED_ACCESS_REQUIRED from autoconf-archive.
Note, that on some arches unaligned access behavior could be changed at
runtime via prctl(1). Also, unaligned memory access is still slower (and
very slow on some arches) even if it's not strictly required.
(cherry picked from commit d2810d23a9f30ae885f9bf0783f0847a12972ff3)
|
|
(cherry picked from commit f1f47c6c7710291157aa863768d9048aaeaa9530)
|
|
ECCKiila Changes from
https://gitlab.com/nisec/ecckiila/-/issues/2
https://gitlab.com/nisec/ecckiila/-/commit/7445ecabef77965743e0ae8d39d7433b07820be6
* X3 -> X1
* eliminate a temp variable
X3 = X1 as pointers is the reason this was still passing unit tests.
But that might not hold in future versions of ECCKiila, so fix it now.
(cherry picked from commit 259301a5adf2ef51b8f380b27fcead313669206e)
|
|
char defaults to signed on x86/x64, but unsigned on ARM.
(cherry picked from commit 409a1c2b76ac1d783bef6d35542e338d3777b5ac)
|
|
Standalone EC implementations from ECCKiila.
https://gitlab.com/nisec/ecckiila
(cherry picked from commit bc346202fbb3bc838a19af8c3b0e449926589c7b)
|
|
* GOST key agreement cofactor fix
(cherry picked from commit dbc8f4780fa78d66a68174f78f9ae9aa9cdad53c)
|
|
* Tests that gost-engine correctly computes the public key from the
private key. (Twice -- Alice and Bob.)
* Tests that gost-engine correctly computes the derived shared key.
(Twice -- Alice and Bob, should be identical.)
(cherry picked from commit 95dd55b1152cc51bbd50d5eb09b459840971d68d)
|
|
|
|
|
|
|
|
|
|
Support of pkeyutl -pkeyopt ukmhex:0102030405060708 syntax
|
|
There need to be more tests than 2 constant fixed size blocks.
Final digest values are generated from the first run.
Test description in comments.
|
|
Plus some minor chnages
- function defenition doen't match function declaration
- Consecutive break statement is unnecessary.
- Type missmatch in format string
|
|
|
|
Only stack buffers are considered.
|
|
`RAND_priv_bytes' is supposed to be used for private data.
|
|
OpenSSL suggests to use (and internally itself uses)
`BN_{CTX_,}secure_new' primitives to work with private keys.
These are using `OPENSSL_secure_malloc' et al. calls, which use
special 'secure heap' memory.
Along, optimize out `hashsum2bn' with `BN_lebin2bn'.
|
|
|
|
`Test2::V0' is non standard and rarely present on systems, making `make
test' unnecessarily fail.
|
|
|
|
|
|
|
|
lcc emulates x86_64 SIMD intrinsics, so SSE2 code will work as is. Even
though in benchmarks it is slightly slower than regular implementation
|
|
This is lcc bug. Curiously, it is not triggered in `test_context.c' and
`test_grasshopper.c'.
"lcc: "/usr/src/gost-engine/test_curves.c", строка 32: ошибка:
вероятное использование "=" вместо "=="
[-Werror=assign-where-compare-meant]
#define TEST_ASSERT(e) {if ((test = (e))) \
^
в раскрытие макроса "TEST_ASSERT" на строке 217
TEST_ASSERT(0);"
|
|
"lcc: "/usr/src/gost-engine/gosthash2012_ref.h", строка 15: ошибка:
нераспознанная #pragma [-Werror=unknown-pragmas]
# pragma message "Use regular implementation"
^"
Also, cmake does not detect lcc.
|
|
There is other architectures besides __x86_64__, so EMMS should be
issued on IA-32 only where we are using MMX.
|
|
This probably would reduce size of the library. And remove
some 'not used' warnings (-Wunused-const-variable).
Previously `Ax' is generated dynamically from `A` and `Pi` in
`GOST3411Init', but in 2013 it is moved into `gosthash2012_precalc.h`.
`Tau' is unrolled and eliminated in 2013 too.
|
