-
Notifications
You must be signed in to change notification settings - Fork 143
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update soter/openssl to fix compatibility with new openssl version #258
update soter/openssl to fix compatibility with new openssl version #258
Conversation
mark unused files to fix "ISO C forbids an empty source file" warning
turn off one nist test on ci by cflags
fix mistake of merging test.mk
…(revert prev changes)
@@ -63,6 +63,7 @@ typedef int soter_status_t; | |||
#define SOTER_DEBUG_OUT(message) | |||
#endif | |||
|
|||
#define UNUSED(x) (void)(x) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
:D
@@ -826,7 +827,7 @@ static themis_status_t secure_session_finish_client(secure_session_t *session_ct | |||
return THEMIS_INVALID_PARAMETER; | |||
} | |||
|
|||
if (memcmp(proto_message->tag, THEMIS_SESSION_PROTO_TAG, SOTER_CONTAINER_TAG_LENGTH)) | |||
if (memcmp(proto_message->tag, THEMIS_SESSION_PROTO_TAG, SOTER_CONTAINER_TAG_LENGTH) != 0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we do compare public data here, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
actually yes, it's trying to check that it's correct secure session packet or no
This reverts commit 6913bdf.
// testsuite_enter_suite("soter rand: NIST STS (make take some time...)"); | ||
// testsuite_run_test(test_rand_with_nist); | ||
// always fail under ci | ||
#ifndef CIRICLE_TEST |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
:D
should close #208 after merge |
@@ -97,6 +97,7 @@ soter_status_t soter_asym_cipher_init(soter_asym_cipher_t* asym_cipher, const vo | |||
return SOTER_FAIL; | |||
} | |||
SOTER_IF_FAIL(soter_asym_cipher_import_key(asym_cipher, key, key_length)==SOTER_SUCCESS, (EVP_PKEY_free(pkey), EVP_PKEY_CTX_free(asym_cipher->pkey_ctx))); | |||
EVP_PKEY_free(pkey); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
clearly breaks file indentation here
@@ -152,8 +150,8 @@ soter_status_t soter_asym_cipher_encrypt(soter_asym_cipher_t* asym_cipher, const | |||
} | |||
|
|||
rsa_mod_size = RSA_size(rsa); | |||
|
|||
if (plain_data_length > (rsa_mod_size - 2 - (2 * OAEP_HASH_SIZE))) | |||
int temp = (rsa_mod_size - 2 - (2 * OAEP_HASH_SIZE)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- indent
- let's not name stuff
temp
, but something more context aware, likeoaep_max_payload_length
src/soter/openssl/soter_hash.c
Outdated
@@ -105,6 +111,7 @@ soter_hash_ctx_t* soter_hash_create(soter_hash_algo_t algo) | |||
{ | |||
return NULL; | |||
} | |||
ctx->evp_md_ctx = NULL; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
indent
src/soter/openssl/soter_hash.c
Outdated
EVP_MD_CTX_cleanup(&(hash_ctx->evp_md_ctx)); | ||
|
||
EVP_MD_CTX_destroy(hash_ctx->evp_md_ctx); | ||
hash_ctx->evp_md_ctx = NULL; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
indent
EVP_PKEY_free(pkey); | ||
} | ||
EVP_PKEY_CTX_free(asym_cipher->pkey_ctx); | ||
asym_cipher->pkey_ctx = NULL; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- indentation
- can you confirm that
EVP_PKEY_CTX_free
also frees "contained"pkey
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://github.com/openssl/openssl/blob/master/crypto/evp/pmeth_lib.c#L339
and also checked with valgrind (he warned that there was double free when I leave EVP_PKEY_free(pkey)
)
src/soter/openssl/soter_hash.c
Outdated
{ | ||
return SOTER_SUCCESS; | ||
} | ||
else | ||
{ | ||
soter_hash_cleanup(hash_ctx); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
indent
@@ -99,15 +101,16 @@ soter_sym_ctx_t* soter_sym_ctx_init(const uint32_t alg, | |||
ctx->alg=alg; | |||
uint8_t key_[SOTER_SYM_MAX_KEY_LENGTH]; | |||
size_t key_length_=(alg&SOTER_SYM_KEY_LENGTH_MASK)/8; | |||
EVP_CIPHER_CTX_init(&(ctx->evp_sym_ctx)); | |||
//EVP_CIPHER_CTX_init(ctx->evp_sym_ctx); | |||
ctx->evp_sym_ctx = EVP_CIPHER_CTX_new(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probably should be some failure check here
@@ -128,12 +132,12 @@ soter_sym_ctx_t* soter_sym_aead_ctx_init(const uint32_t alg, | |||
ctx->alg=alg; | |||
uint8_t key_[SOTER_SYM_MAX_KEY_LENGTH]; | |||
size_t key_length_=(alg&SOTER_SYM_KEY_LENGTH_MASK)/8; | |||
EVP_CIPHER_CTX_init(&(ctx->evp_sym_ctx)); | |||
ctx->evp_sym_ctx = EVP_CIPHER_CTX_new(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
failure check?
src/soter/soter_hmac.c
Outdated
@@ -46,23 +46,24 @@ soter_status_t soter_hmac_init(soter_hmac_ctx_t *hmac_ctx, soter_hash_algo_t alg | |||
return SOTER_INVALID_PARAMETER; | |||
} | |||
|
|||
hmac_ctx->hash_ctx = soter_hash_create(algo); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
indentation?
src/soter/soter_hmac.c
Outdated
if (SOTER_SUCCESS != res) | ||
{ | ||
soter_hash_destroy(hmac_ctx->hash_ctx); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
indentation
fix incorrect indentation
due to changes in openssl 1.1.0 was changed:
some_func(ctx->field)
insteadsome_func(&(ctx->field))
because now they are not public and allocated in heapwant to ask @secumod to check at least src/soter/openssl/soter_rsa_key.c file where work with rsa keys