- env: ASAN=-DASAN=1
os: linux
compiler: gcc
+ - env: RUN_COVERITY=1 COVERITY_SCAN_PROJECT_NAME="gost-engine" COVERITY_SCAN_BRANCH_PATTERN="*" COVERITY_SCAN_NOTIFICATION_EMAIL="beldmit@gmail.com" COVERITY_SCAN_BUILD_COMMAND="make"
+ os: linux
+ compiler: gcc
- os: osx
compiler: clang
-
before_script:
- curl -L https://cpanmin.us | sudo perl - --sudo App::cpanminus
- sudo cpanm --notest Test2::V0 > build.log 2>&1 || (cat build.log && exit 1)
- mkdir build
- cd build
- cmake -DOPENSSL_ROOT_DIR=${PREFIX} -DOPENSSL_LIBRARIES=${PREFIX}/lib -DOPENSSL_ENGINES_DIR=${PREFIX}/engines ${ASAN} ..
- - make
+ - if [ ! -z ${COVERITY_SCAN_TOKEN+x} -a "${RUN_COVERITY}" = "1" ]; then curl -s "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh" | bash || true; else make; fi
- make test CTEST_OUTPUT_ON_FAILURE=1
static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)
{
ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
- ASN1_STRING *params = encode_gost_algor_params(pk);
+ ASN1_STRING *params = NULL;
unsigned char *buf = NULL;
int key_len = pkey_bits_gost(pk), i = 0;
/* unmasked private key */
const char *pk_format = get_gost_engine_param(GOST_PARAM_PK_FORMAT);
- if (!params) {
- return 0;
- }
-
key_len = (key_len < 0) ? 0 : key_len / 8;
if (key_len == 0 || !(buf = OPENSSL_malloc(key_len))) {
return 0;
return 0;
}
+ params = encode_gost_algor_params(pk);
+ if (!params) {
+ OPENSSL_free(buf);
+ return 0;
+ }
+
/* Convert buf to Little-endian */
for (i = 0; i < key_len / 2; i++) {
unsigned char tmp = buf[i];
ASN1_STRING *octet = NULL;
int priv_len = 0;
unsigned char *priv_buf = NULL;
-
- octet = ASN1_STRING_new();
- ASN1_OCTET_STRING_set(octet, buf, key_len);
+ octet = ASN1_STRING_new();
+ if (!octet || !ASN1_OCTET_STRING_set(octet, buf, key_len)) {
+ ASN1_STRING_free(octet);
+ ASN1_STRING_free(params);
+ OPENSSL_free(buf);
+ return 0;
+ }
priv_len = i2d_ASN1_OCTET_STRING(octet, &priv_buf);
ASN1_STRING_free(octet);
OPENSSL_free(buf);
return 0;
}
}
+ if (!param)
+ goto err;
/* Check for private key in the peer_key of context */
if (sec_key) {
key_is_ephemeral = 0;
}
}
}
- if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS)
- && param == gost_cipher_list) {
- param = gost_cipher_list;
- }
if (out) {
int dgst_nid = NID_undef;
EVP_PKEY_get_default_digest_nid(pubk, &dgst_nid);
os = ASN1_OCTET_STRING_new();
if (!os || !ASN1_OCTET_STRING_set(os, buf, len)) {
+ ASN1_OCTET_STRING_free(os);
OPENSSL_free(buf);
GOSTerr(GOST_F_GOST_GRASSHOPPER_SET_ASN1_PARAMETERS,
ERR_R_MALLOC_FAILURE);
}
ctx->actx = EVP_CIPHER_CTX_new();
if (ctx->actx == NULL) {
+ EVP_CIPHER_CTX_free(ctx->cctx);
OPENSSL_free(ctx);
return NULL;
}
R3410_ec_params *R3410_2012_256_paramset = R3410_2001_paramset;
R3410_ec_params R3410_2012_512_paramset[] = {
+ {NID_id_tc26_gost_3410_2012_512_paramSetTest,
+ /* a */
+ "7",
+ /* b */
+ "1CFF0806A31116DA29D8CFA54E57EB748BC5F377E49400FDD788B649ECA1AC43"
+ "61834013B2AD7322480A89CA58E0CF74BC9E540C2ADD6897FAD0A3084F302ADC",
+ /* p */
+ "4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C09B5D2D15D"
+ "F1D852741AF4704A0458047E80E4546D35B8336FAC224DD81664BBF528BE6373",
+ /* q */
+ "4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C09B5D2D15D"
+ "A82F2D7ECB1DBAC719905C5EECC423F1D86E25EDBE23C595D644AAF187E6E6DF",
+ /* x */
+ "24D19CC64572EE30F396BF6EBBFD7A6C5213B3B3D7057CC825F91093A68CD762"
+ "FD60611262CD838DC6B60AA7EEE804E28BC849977FAC33B4B530F1B120248A9A",
+ /* y */
+ "2BB312A43BD2CE6E0D020613C857ACDDCFBF061E91E5F2C3F32447C259F39B2C"
+ "83AB156D77F1496BF7EB3351E1EE4E43DC1A18B91B24640B6DBB92CB1ADD371E",
+ "1"}
+ ,
{NID_id_tc26_gost_3410_2012_512_paramSetA,
/* a */
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
case NID_id_tc26_gost_3410_2012_512_paramSetA:
case NID_id_tc26_gost_3410_2012_512_paramSetB:
case NID_id_tc26_gost_3410_2012_512_paramSetC:
+ case NID_id_tc26_gost_3410_2012_512_paramSetTest:
result =
(EVP_PKEY_assign(pkey, NID_id_GostR3410_2012_512, ec)) ? 1 : 0;
break;