Age | Commit message (Collapse) | Author | Files | Lines |
|
Older `openssl crl` exits with 0 in regard to verify no matter actual verify
status, newer `openssl crl` could exit with 1 on verify failure. Make the test
backward-compatible comparing only an output.
Fixes: https://github.com/gost-engine/engine/issues/452
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
It's proposed[1] that crl and req change exit code making it unreliable for some
commands. Allow tests to ignore exit codes by specifying expected exit code `-1`.
This will also make such tests to always use regexp match mode.
Also, slightly fix the logic of applying regexp. Commentary says test
_parameter_ (`exitStatus`) 1 is used to trigger regexp matching but in fact
actual command exit code (`status`) 1 is used for that. This change did not
cause any test result difference.
Link: https://github.com/openssl/openssl/pull/23773
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
|
|
|
|
gcc-13 thinks `bl` can take negative value (when returned from
EVP_CIPHER_CTX_block_size). Do simple sanity checking to workaround this.
Also, add error propagation up to EVP_DigestFinal_ex, so this sanity checking
is not in vain.
Error message:
In function 'make_kn',
inlined from 'CMAC_ACPKM_Final' at /builddir/build/BUILD/engine-3.0.0/gost_omac_acpkm.c:274:5,
inlined from 'omac_acpkm_imit_final' at /builddir/build/BUILD/engine-3.0.0/gost_omac_acpkm.c:354:5:
/builddir/build/BUILD/engine-3.0.0/gost_omac_acpkm.c:55:20: error: writing 1 byte into a region of size 0 [-Werror=stringop-overflow=]
55 | k1[bl - 1] ^= bl == 16 ? 0x87 : 0x1b;
| ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~
/builddir/build/BUILD/engine-3.0.0/gost_omac_acpkm.c: In function 'omac_acpkm_imit_final':
/builddir/build/BUILD/engine-3.0.0/gost_omac_acpkm.c:260:24: note: at offset [-2147483649, -1] into destination object 'k2' of size 32
260 | unsigned char *k1, k2[EVP_MAX_BLOCK_LENGTH];
| ^~
Fixes: https://github.com/gost-engine/engine/issues/436
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
install(EXPORT GostEngineConfig DESTINATION share/cmake/GostEngine) will to a path like this:
/usr/GostEngine/share/cmake/GostEngine/GostEngineConfig.cmake
which is not standard or expected. These files should be installed to:
/usr/share/cmake/GostEngine/GostEngineConfig.cmake
which can be done by changing the installation line to:
install(EXPORT GostEngineConfig DESTINATION share/cmake/GostEngine)
|
|
Signed-off-by: Sergei Ianovich <sergei.ianovich@ya.ru>
|
|
first implemented in ossl_patched branch
uses dynamic NIDs
Signed-off-by: Sergei Ianovich <sergei.ianovich@ya.ru>
|
|
Signed-off-by: Sergei Ianovich <sergei.ianovich@ya.ru>
|
|
CI: cirrus: bump image to freebsd 13.1
|
|
|
|
|
|
|
|
Thanks to Matt Caswell for pointing on it
|
|
|
|
|
|
Ensure 0 < r < q, 0 < s < q. (34.10-2021 6.2).
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
Related: CVE-2022-29242
|
|
Resolves: CVE-2022-29242
|
|
Resolves: CVE-2022-29242
|
|
As https://github.com/openssl/openssl/pull/18236 is going to
ban SSL3, TLS1, TLS1.1 and DTLS1.0 at security level one and above,
we have to adjust GOST TLS tests.
|
|
|
|
GCC do not understand that `algname` cannot be NULL. Add dummy default case to
cover all execution paths.
Fixes https://github.com/gost-engine/engine/issues/389
Tested-by: Ilya Shipitsin <chipitsine@gmail.com>
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
Related: #387
|
|
Related: #387
|
|
*** CID 345254: API usage errors (ALLOC_FREE_MISMATCH)
/gost_prov.c: 71 in provider_ctx_new()
65 && populate_gost_engine(ctx->e)) {
66 ctx->core_handle = core;
67
68 /* Ugly hack */
69 err_handle = ctx->proverr_handle;
70 } else {
>>> CID 345254: API usage errors (ALLOC_FREE_MISMATCH)
>>> Calling "provider_ctx_free" frees "ctx" using "free" but it should have been freed using "CRYPTO_free".
71 provider_ctx_free(ctx);
72 ctx = NULL;
73 }
74 return ctx;
75 }
Fixes: f5a3951 ("gost_prov: Avoid access to unallocated memory")
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
This should fix Coverity warning:
*** CID 345245: (UNINIT)
/gost_prov.c: 71 in provider_ctx_new()
65 && populate_gost_engine(ctx->e)) {
66 ctx->core_handle = core;
67
68 /* Ugly hack */
69 err_handle = ctx->proverr_handle;
70 } else {
>>> CID 345245: (UNINIT)
>>> Using uninitialized value "ctx->e" when calling "provider_ctx_free".
71 provider_ctx_free(ctx);
72 ctx = NULL;
73 }
74 return ctx;
75 }
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Issue: #380
|
|
This should fix Coverity warning:
*** CID 345243: Null pointer dereferences (REVERSE_INULL)
/gost_ec_keyx.c: 681 in pkey_gost2018_decrypt()
675 o Q_eph is on the same curve as server public key;
676
677 o Q_eph is not equal to zero point;
678
679 o q * Q_eph is not equal to zero point.
680 */
>>> CID 345243: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "data" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
681 if (eph_key == NULL || priv == NULL || data == NULL) {
682 GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT,
683 GOST_R_ERROR_COMPUTING_EXPORT_KEYS);
684 ret = 0;
685 goto err;
686 }
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Issue: #380
|
|
CI: add daily Coverity scan job
|
|
|
|
Rework the test to be similar to sslapitest.c. Using BIO only connections
and non-blocking IO instead of socketpair and separate processes.
This will allow it to compile and work on Windows.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
test_tls.c(103,5): warning C4057: 'function': 'const unsigned char *' differs in indirection to slightly different base types from 'char [8]'
test_tls.c(104,5): warning C4057: 'function': 'const unsigned char *' differs in indirection to slightly different base types from 'char [9]'
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
Useful to copy-paste for manual builds.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
Output something in `openssl list -providers` so it's merrier.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
To maintain backward compatibility for users already familiar with older engine
build type (basically restores `-O2 -g').
Fixes: 5ad6c77 ("Adapt C flags for the cmake build type")
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
`OSSL_provider_init' requires dllexport attribute to be visible (and thus
loadable) in DLL.
Link: https://github.com/openssl/openssl/issues/17203
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
This will fix setting of OPENSSL_ENGINES in ctest on Windows.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
This will skip tests on Windows, due to prove being `.bat' file and cmake will
be unable to run it.
Also, `HAVE_TEST2_V0' is renamed to be more meaningful.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
Library form overwrites module form due to both having the same name `gost.dll'.
As temporary workaround do not build library form on Windows, until we invent
how to solve it properly. Currently, there is no known need of engine in the
library form on Windows.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
Error message:
OPENSSL_Uplink(00007FF9FB00F600,08): no OPENSSL_Applink
Link: https://www.openssl.org/docs/faq.html#PROG3
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
Error message:
test_keyexpimp.c(111,11): warning C4013: 'setenv' undefined; assuming extern returning int
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
Error message:
gost12sum.c(13,10): fatal error C1083: Cannot open include file: 'unistd.h': No such file or directory
gost12sum.c(80,23): warning C4013: 'getopt' undefined; assuming extern returning int
test_keyexpimp.c(7,10): fatal error C1083: Cannot open include file: 'arpa/inet.h': No such file or directory
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
test_digest.c(513,2): warning C4389: '==': signed/unsigned mismatch
test_digest.c(820,5): warning C4389: '==': signed/unsigned mismatch
test_sign.c(241,22): warning C4389: '==': signed/unsigned mismatch
test_params.c(1131,16): warning C4018: '<': signed/unsigned mismatch
test_sign.c(241,22): warning C4389: '==': signed/unsigned mismatch
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
Error messages:
test_ciphers.c(329,5): error C2059: syntax error: '{'
test_ciphers.c(329,5): error C2059: syntax error: '}'
test_ciphers.c(329,5): error C2059: syntax error: ')'
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
MSVC is not C99 compatible[1]. Errors:
test_ciphers.c(312,25): error C2057: expected constant expression
test_ciphers.c(312,25): error C2466: cannot allocate an array of constant size 0
test_ciphers.c(312,26): error C2133: 'c': unknown size
Link: https://docs.microsoft.com/en-us/cpp/c-language/ansi-conformance
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
Error message:
test_ciphers.c(37,9): warning C4068: unknown pragma 'GCC'
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
No need external library (Ws2_32.lib) if we can easily implement it.
Error messages:
gost_core.lib(gost_keyexpimp.obj) : error LNK2019: unresolved external symbol htonl referenced in function gost_kdftree2012_256
gost.dll : fatal error LNK1120: 1 unresolved externals
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
These planned to be removed later anyway. Error message:
gosthash2012_ref.h(15,18): warning C4081: expected '('; found 'string'
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|
|
Error message example:
gost_prov_cipher.c(237,63): error C2059: syntax error: '}'
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
|