On Wed, 2018-11-28 at 23:06 +0300, Vitaly Chikunov wrote: > This patch will allow using GOST algorithms from OpenSSL's > gost-engine[1] via config extension (which is the usual way). > > [1] https://github.com/gost-engine/engine > > Signed-off-by: Vitaly Chikunov <vt@xxxxxxxxxxxx> > --- > Changes since v1: > - "--engine" option is removed into separate patch. Thanks! > > src/evmctl.c | 6 +++--- > src/imaevm.h | 13 +++++++++++++ > src/libimaevm.c | 15 +++++++++++---- > 3 files changed, 27 insertions(+), 7 deletions(-) > > diff --git a/src/evmctl.c b/src/evmctl.c > index 9cbc2cb..f4b2e7d 100644 > --- a/src/evmctl.c > +++ b/src/evmctl.c > @@ -388,7 +388,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) > > md = EVP_get_digestbyname(params.hash_algo); > if (!md) { > - log_err("EVP_get_digestbyname() failed\n"); > + log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo); > return 1; > } > > @@ -1064,7 +1064,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h > > md = EVP_get_digestbyname(params.hash_algo); > if (!md) { > - log_err("EVP_get_digestbyname() failed\n"); > + log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo); > goto out; > } > > @@ -1653,7 +1653,7 @@ static void usage(void) > > printf( > "\n" > - " -a, --hashalgo sha1 (default), sha224, sha256, sha384, sha512\n" > + " -a, --hashalgo sha1 (default), sha224, sha256, sha384, sha512, streebog256, streebog512\n" > " -s, --imasig make IMA signature\n" > " -d, --imahash make IMA hash\n" > " -f, --sigfile store IMA signature in .sig file instead of xattr\n" > diff --git a/src/imaevm.h b/src/imaevm.h > index 2ebe7e7..c81bf21 100644 > --- a/src/imaevm.h > +++ b/src/imaevm.h > @@ -152,6 +152,7 @@ struct signature_hdr { > char mpi[0]; > } __packed; > > +/* reflect enum hash_algo from include/uapi/linux/hash_info.h */ > enum pkey_hash_algo { > PKEY_HASH_MD4, > PKEY_HASH_MD5, > @@ -161,6 +162,18 @@ enum pkey_hash_algo { > PKEY_HASH_SHA384, > PKEY_HASH_SHA512, > PKEY_HASH_SHA224, > + PKEY_HASH_RIPE_MD_128, > + PKEY_HASH_RIPE_MD_256, > + PKEY_HASH_RIPE_MD_320, > + PKEY_HASH_WP_256, > + PKEY_HASH_WP_384, > + PKEY_HASH_WP_512, > + PKEY_HASH_TGR_128, > + PKEY_HASH_TGR_160, > + PKEY_HASH_TGR_192, > + PKEY_HASH_SM3_256, > + PKEY_HASH_STREEBOG_256, > + PKEY_HASH_STREEBOG_512, > PKEY_HASH__LAST > }; > > diff --git a/src/libimaevm.c b/src/libimaevm.c > index 34501ca..7b2b62c 100644 > --- a/src/libimaevm.c > +++ b/src/libimaevm.c > @@ -51,6 +51,7 @@ > #include <stdio.h> > #include <assert.h> > > +#include <openssl/crypto.h> > #include <openssl/pem.h> > #include <openssl/evp.h> > #include <openssl/x509.h> > @@ -67,6 +68,8 @@ const char *const pkey_hash_algo[PKEY_HASH__LAST] = { > [PKEY_HASH_SHA384] = "sha384", > [PKEY_HASH_SHA512] = "sha512", > [PKEY_HASH_SHA224] = "sha224", > + [PKEY_HASH_STREEBOG_256] = "streebog256", > + [PKEY_HASH_STREEBOG_512] = "streebog512", > }; > > /* > @@ -291,7 +294,7 @@ int ima_calc_hash(const char *file, uint8_t *hash) > > md = EVP_get_digestbyname(params.hash_algo); > if (!md) { > - log_err("EVP_get_digestbyname() failed\n"); > + log_err("EVP_get_digestbyname(%s) failed\n", params.hash_algo); > return 1; > } > > @@ -509,14 +512,16 @@ int verify_hash_v2(const char *file, const unsigned char *hash, int size, > asn1 = &RSA_ASN1_templates[hdr->hash_algo]; > > if (len < asn1->size || memcmp(out, asn1->data, asn1->size)) { > - log_err("%s: verification failed: %d\n", file, err); > + log_err("%s: verification failed: %d (asn1 mismatch)\n", > + file, err); > return -1; > } > > len -= asn1->size; > > if (len != size || memcmp(out + asn1->size, hash, len)) { > - log_err("%s: verification failed: %d\n", file, err); > + log_err("%s: verification failed: %d (digest mismatch)\n", > + file, err); > return -1; > } > > @@ -528,7 +533,8 @@ int get_hash_algo(const char *algo) > int i; > > for (i = 0; i < PKEY_HASH__LAST; i++) > - if (!strcmp(algo, pkey_hash_algo[i])) > + if (pkey_hash_algo[i] && > + !strcmp(algo, pkey_hash_algo[i])) > return i; > > return PKEY_HASH_SHA1; > @@ -901,5 +907,6 @@ int sign_hash(const char *hashalgo, const unsigned char *hash, int size, const c > static void libinit() > { > OpenSSL_add_all_algorithms(); > + OPENSSL_add_all_algorithms_conf(); > ERR_load_crypto_strings(); > }
