Commit Graph

140 Commits

Author SHA1 Message Date
Rich Salz
cb4bb56bae RT3271 update; extra; semi-colon; confuses; some;
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2014-09-10 15:08:40 -04:00
Rich Salz
843921f298 RT3271: Don't use "if !" in shell lines
For portability don't use "if ! expr"

Reviewed-by: Geoff Thorpe <geoff@openssl.org>
2014-09-09 17:06:14 -04:00
Jonas Maebe
defe438d47 pub_decode_gost94, pub_decode_gost01: check for NULL after allocating databuf pub_encode_gost94, pub_encode_gost01: check for NULL after allocating databuf and octet
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-17 18:56:52 +02:00
Dr. Stephen Henson
8e55e6de45 Don't call setenv in gost2814789t.c
The call to setenv in gost2814789t.c is not portable and may
not reflect the location of the GOST ENGINE on all platforms anyway.
Instead set OPENSSL_ENGINES in test/Makefile
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
2014-07-24 18:18:54 +01:00
Andy Polyakov
021e5043e5 Please Clang's sanitizer.
PR: #3424,#3423,#3422
2014-07-08 22:24:44 +02:00
David Ramos
7e2c6f7eb0 Initialise alg.
PR#3313
2014-06-01 13:04:10 +01:00
Andy Polyakov
ea38f02049 engines/ccgost/gosthash.c: simplify and avoid SEGV.
PR: 3275
2014-03-07 11:02:25 +01:00
Andy Polyakov
96180cac04 engines/ccgost/gost89.h: make word32 defintion unconditional.
Original definition depended on __LONG_MAX__ that is not guaranteed to
be present. As we don't support platforms with int narrower that 32 bits
it's appropriate to make defition inconditional.

PR: 3165
2013-11-08 23:00:35 +01:00
Andy Polyakov
b3ef742cbb Add support for Cygwin-x86_64.
PR: 3110
Submitted by Corinna Vinschen.
2013-09-15 22:01:23 +02:00
Veres Lajos
478b50cf67 misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
Dr. Stephen Henson
810639536c Add control to retrieve signature MD. 2013-06-21 21:33:00 +01:00
Andy Polyakov
db05b447a5 Fix Windows linking error in GOST test case. 2013-04-13 23:03:31 +02:00
Ben Laurie
95dd301861 Missing MINFO generation. 2013-03-04 14:31:18 +00:00
Ben Laurie
0850f11855 Fix ignored return value warnings.
Not sure why I am getting these now and not before.
2013-02-21 18:30:04 +00:00
Dr. Stephen Henson
e511c64a24 Don't use C++ style comments. 2013-01-24 23:22:33 +00:00
Andy Polyakov
06b3b640eb gost2814789t.c: portability fixes. 2013-01-22 14:37:03 +01:00
Ben Laurie
5bdf1f1a89 Fix warnings. 2013-01-21 23:02:17 +00:00
Andy Polyakov
a0dcb8d821 gost_crypt.c: add assertions.
Submitted by: Seguei Leontiev
PR: 2821
2013-01-19 18:10:05 +01:00
Andy Polyakov
26906f2d93 engines/ccgost: add test case.
Submitted by: Serguei Leontiev
PR: 2821
2013-01-19 17:56:56 +01:00
Andy Polyakov
3a3f964eda gost_crypt.c: more intuitive ceiling. 2012-12-19 17:24:46 +00:00
Andy Polyakov
8cfb6411ff engines/cchost/gost_crypt.c: fix typo. 2012-12-19 11:06:00 +00:00
Andy Polyakov
947e129219 engine/cchost: fix bugs.
PR: 2821
Submitted by: Dmitry Belyavsky, Serguei Leontiev
2012-12-19 10:45:13 +00:00
Dr. Stephen Henson
d21bf10dea Don't load GOST ENGINE if it is already loaded.
Multiple copies of the ENGINE will cause problems when it is cleaned up as
the methods are stored in static structures which will be overwritten and
freed up more than once.

Set static methods to NULL when the ENGINE is freed so it can be reloaded.
2012-09-01 11:30:53 +00:00
Andy Polyakov
99e59d634a gosthash.c: use memmove in circle_xor8, as input pointers can be equal.
PR: 2858
2012-08-13 16:36:51 +00:00
Ben Laurie
71fa451343 Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
Dr. Stephen Henson
174b07be93 PR: 2744
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>

CMS support for ccgost engine
2012-03-11 13:40:17 +00:00
Dr. Stephen Henson
797a2a102d PR: 2743
Reported by: Dmitry Belyavsky <beldmit@gmail.com>

Fix memory leak if invalid GOST MAC key given.
2012-02-29 14:13:00 +00:00
Andy Polyakov
a50bce82ec Sanitize usage of <ctype.h> functions. It's important that characters
are passed zero-extended, not sign-extended.
PR: 2682
2012-01-12 16:21:35 +00:00
Dr. Stephen Henson
6bf896d9b1 Check GOST parameters are not NULL (CVE-2012-0027) 2012-01-04 23:03:40 +00:00
Andy Polyakov
f9542a4231 engines/: get rid of cvs warnings on MacOS X, proper clean in ccgost. 2011-11-12 12:13:13 +00:00
Dr. Stephen Henson
f7924634d4 PR: 2586
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Zero structure fields properly.
2011-09-01 13:45:46 +00:00
Dr. Stephen Henson
a3654f0586 Include openssl/crypto.h first in several other files so FIPS renaming
is picked up.
2011-02-16 17:25:01 +00:00
Andy Polyakov
f2c88f5282 engine/Makefile: harmonize engine install rule for .dylib extension on MacOS X.
PR: 2319
2010-08-24 21:45:41 +00:00
Ben Laurie
c8bbd98a2b Fix warnings. 2010-06-12 14:13:23 +00:00
Dr. Stephen Henson
ae7c67cace PR: 2254
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Check for <= 0 i2d return value.
2010-05-22 00:40:38 +00:00
Dr. Stephen Henson
5d1a50ac2a fix bug in ccgost CFB mode code 2010-04-14 00:33:06 +00:00
Dr. Stephen Henson
af73b08ac0 check ASN1 type before using it 2010-04-14 00:30:32 +00:00
Dr. Stephen Henson
172f6b2d62 make GOST MAC work again 2010-04-08 10:55:04 +00:00
Dr. Stephen Henson
439aab3afc Submitted by: Dmitry Ivanov <vonami@gmail.com>
Don't leave dangling pointers in GOST engine if calls fail.
2010-02-16 14:30:29 +00:00
Richard Levitte
c8c07be883 size_t doesn't compare less than zero... 2010-01-27 01:18:21 +00:00
Dr. Stephen Henson
d5e8d8b547 PR: 2141
Submitted by: "NARUSE, Yui" <naruse@airemix.jp>

Remove non-ASCII comment which causes compilation errors on some versions
of VC++.
2010-01-19 19:28:18 +00:00
Dr. Stephen Henson
72a9776abc PR: 2135
Submitted by: Mike Frysinger <vapier@gentoo.org>

Change missed references to lib to $(LIBDIR)
2010-01-16 20:05:59 +00:00
Bodo Möller
8580f8015f Use properly local variables for thread-safety.
Submitted by: Martin Rex
2009-12-22 11:52:17 +00:00
Dr. Stephen Henson
4a1b71fb0c PR: 2070
Submitted by: Alexander Nikitovskiy <Nikitovski@ya.ru>
Approved by: steve@openssl.org

Fix wrong cast.
2009-10-19 13:16:01 +00:00
Dr. Stephen Henson
9458530d45 Update from 1.0.0-stable 2009-07-01 11:29:25 +00:00
Dr. Stephen Henson
f0288f05b9 Submitted by: Artem Chuprina <ran@cryptocom.ru>
Reviewed by: steve@openssl.org

Various GOST ciphersuite and ENGINE fixes. Including...

Allow EVP_PKEY_set_derive_peerkey() in encryption operations.

New flag when certificate verify should be omitted in client key exchange.
2009-06-16 16:38:47 +00:00
Dr. Stephen Henson
8002e3073b Typo. 2009-05-07 16:40:52 +00:00
Richard Levitte
f8a2233457 Stupid typo 2009-04-28 12:48:02 +00:00
Richard Levitte
d2617165ad Add local symbol hacks for OpenVMS 2009-04-26 12:26:00 +00:00
Dr. Stephen Henson
8711efb498 Updates from 1.0.0-stable branch. 2009-04-20 11:33:12 +00:00
Dr. Stephen Henson
e5fa864f62 Updates from 1.0.0-stable. 2009-04-15 15:27:03 +00:00
Dr. Stephen Henson
14023fe352 Merge from 1.0.0-stable branch. 2009-04-03 11:45:19 +00:00
Dr. Stephen Henson
70b2186e24 Stop warnings. 2009-03-31 19:54:51 +00:00
Dr. Stephen Henson
b6af2c7e3e Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Reviewed by: steve@openssl.org

Update ccgost engine to support parameter files.
2009-03-17 15:38:34 +00:00
Dr. Stephen Henson
2c618ab993 Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Reviewed by: steve@openssl.org

Change default Gost parameter set to id_Gost28147_89_CryptoPro_A_ParamSet
2009-02-16 21:52:01 +00:00
Ben Laurie
19d300d07c Return error if DH_new() fails (Coverity ID 150). 2008-12-13 17:39:53 +00:00
Ben Laurie
071920d9f6 Check for NULL before use (Coverity ID 203). 2008-12-13 17:28:25 +00:00
Andy Polyakov
09a60c9833 Fix warnings after commit#17578. 2008-10-31 20:20:54 +00:00
Lutz Jänicke
0f401ff08b Add missing 'extern "C" {' to some _err.h files in crypto/engines/
PR: 1609
2008-04-18 07:43:26 +00:00
Lutz Jänicke
5558128541 Another minor update from the mingw development
PR: 1552
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>
2008-04-18 06:35:55 +00:00
Lutz Jänicke
4c1a6e004a Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev
PR: 1552
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>, "Alon Bar-Lev" <alon.barlev@gmail.com>
2008-04-17 10:19:16 +00:00
Dr. Stephen Henson
fe591284be Update dependencies. 2008-03-22 18:52:03 +00:00
Geoff Thorpe
1e26a8baed Fix a variety of warnings generated by some elevated compiler-fascism,
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
92e2c81aff Fix error code function name mismatches in GOST engine, rebuild errors. 2008-02-28 13:45:06 +00:00
Andy Polyakov
085ea80371 engine/ccgost Win32 portability fixes. 2008-01-05 21:28:53 +00:00
Dr. Stephen Henson
744ecaa5b6 Avoid WIN32 signed/unsigned warnings. 2008-01-04 00:37:23 +00:00
Dr. Stephen Henson
98057eba77 Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Update gost algorithm print routines.
2007-11-21 12:39:12 +00:00
Ben Laurie
10f0c85cfc Fix warnings. 2007-11-16 03:03:01 +00:00
Dr. Stephen Henson
37210fe7e2 GOST ENGINE information. 2007-10-26 23:50:40 +00:00
Dr. Stephen Henson
0e1dba934f 1. Changes for s_client.c to make it return non-zero exit code in case
of handshake failure

2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).

3. Changes to EVP
	- adding of function EVP_PKEY_CTX_get0_peerkey
	- Make function EVP_PKEY_derive_set_peerkey work for context with
	  ENCRYPT operation, because we use peerkey field in the context to
	  pass non-ephemeral secret key to GOST encrypt operation.
	- added EVP_PKEY_CTRL_SET_IV control command. It is really
	  GOST-specific, but it is used in SSL code, so it has to go
	  in some header file, available during libssl compilation

4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data

5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
  make debugging output which depends on constants defined there, work
  and other KSSL_DEBUG output fixes

6. Declaration of real GOST ciphersuites, two authentication methods
   SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST

7. Implementation  of these methods.

8. Support for sending unsolicited serverhello extension if GOST
  ciphersuite is selected. It is require for interoperability with
  CryptoPro CSP 3.0 and 3.6 and controlled by
  SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
  This constant is added to SSL_OP_ALL, because it does nothing, if
  non-GOST ciphersuite is selected, and all implementation of GOST
  include compatibility with CryptoPro.

9. Support for CertificateVerify message without length field. It is
   another CryptoPro bug, but support is made unconditional, because it
   does no harm for draft-conforming implementation.

10. In tls1_mac extra copy of stream mac context is no more done.
  When I've written currently commited code I haven't read
  EVP_DigestSignFinal manual carefully enough and haven't noticed that
  it does an internal digest ctx copying.

This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
2007-10-26 12:06:36 +00:00
Bodo Möller
1b827d7b6f Clean up error codes a bit.
(engines/ccgost/ remains utter chaos, though; "make errors" is not happy.)
2007-09-19 00:58:58 +00:00
Dr. Stephen Henson
0aa08a2e34 Fix for GOST engine on platforms where sizeof(size_t) != sizeof(int). 2007-05-31 12:32:27 +00:00
Dr. Stephen Henson
7b8b797375 Revert broken change to ccgost.
Initialize context properly for HMAC pkey method.
2007-05-22 12:58:39 +00:00
Dr. Stephen Henson
9aba74e55a Fix warning and back out bad modification. 2007-05-21 12:16:36 +00:00
Dr. Stephen Henson
ec06417d52 Updated GOST MAC support.
Submitted by: vitus@cryptocom.ru
2007-05-18 15:55:55 +00:00
Dr. Stephen Henson
a4346646f1 Initial GOST MAC support. Not fully working yet... 2007-05-17 17:44:09 +00:00
Ben Laurie
2f877235a3 Missing return on error. Coverity ID 115. 2007-04-04 14:38:59 +00:00
Dr. Stephen Henson
9981a51e42 Stage 1 GOST ciphersuite support.
Submitted by: ran@cryptocom.ru
Reviewed by: steve@openssl.org
2007-03-23 17:04:05 +00:00
Dr. Stephen Henson
53ca4761cc PR: 1483
Add support for GOST 28147-89 in Gost ENGINE.
2007-02-09 19:43:04 +00:00
Richard Levitte
ea46f5e0e5 Replace strdup() with BUF_strdup(). 2006-12-25 09:43:46 +00:00
Nils Larsch
afda1385bd use OPENSSL_NO_DYNAMIC_ENGINE macro, disable debug messages
PR: 1440
Submitted by: Victor B. Wagner" <vitus@cryptocom.ru>
2006-12-22 09:21:29 +00:00
Dr. Stephen Henson
4d7aff707e Update dependencies. 2006-11-30 13:41:47 +00:00
Dr. Stephen Henson
8bd11f3ec2 Add .cvsignore 2006-11-21 21:37:41 +00:00
Ben Laurie
84948b39df Fix various warnings. 2006-11-08 09:45:12 +00:00
Andy Polyakov
d7917c584a Yet another mingw warning. 2006-10-23 07:45:52 +00:00
Andy Polyakov
1e7b6c029c Avoid application relink on every make invocation. 2006-10-20 11:23:35 +00:00
Dr. Stephen Henson
6ec6cfc767 Updated file. 2006-09-21 16:19:10 +00:00
Dr. Stephen Henson
44181ea836 Add missing prototype. Fix various warnings (C++ comments, ; outside function). 2006-09-21 13:24:46 +00:00
Dr. Stephen Henson
926c41bd29 Updated version of gost engine. 2006-09-21 13:04:43 +00:00
Dr. Stephen Henson
a04549cc75 GOST public key algorithm ENGINE donated to the OpenSSL by Cryptocom.
Very early version, doesn't do much yet, not even added to the build system.
2006-09-17 13:00:18 +00:00