Merge branch 'develop' into 'master'

Develop

See merge request developers/libksi!446

changelog

@@ -1,3 +1,15 @@
+(KSICAPI-552)* IMPROVEMENT: Code refactored in tlv_element.c to eliminate redundant addition to NULL pointer.
+* FEATURE: Added SM-3 and SHA-3 family hash functions for OpenSSL.
+(KSICAPI-553)* IMPROVEMENT: Redundant code from fast_tlv.c removed.
+(KSICAPI-548)* BUGFIX: Possibly uninitialized clean in KSI_SignatureBuilder_close fixed.
+* BUGFIX: Memory leak in several KSI_TlvElement_* functions fixed.
+(KSICAPI-545)* BUGFIX: Tests failing due to expired certificate fixed.
+(KSICAPI-555)* BUGFIX: Test testUnimplementedHashAlgorithm fixed.
+(KSICAPI-554)* BUGFIX: String comparison in test/include-test.sh fixed.
+(KSICAPI-549)* BUGFIX: Potential memory leak in KSI_TreeLeafHandle_getAggregationChain fixed.
+(KSICAPI-550)* BUGFIX: Possibly NULL passed to memcpy with byte count 0 in tlv.c fixed.
+(KSICAPI-551)* BUGFIX: Unexpected behaviour fixed when dealing with SHA3-512 hash algorithm names.
+
 Version 3.20
 
 2019-10-07 release(3.20.3025)
@@ -21,6 +33,7 @@ Version 3.19
 
 2019-01-30 release(3.19.2919)
 * FEATURE: Added new async handle state KSI_ASYNC_STATE_ERROR_NOTICE for returning errors that whould be otherwise resolved internally (eg. in case of high availability where one of the configured endpoint encounter connection issues).
+* FEATURE: Added new option KSI_ASYNC_OPT_HMAC_ALGORITHM for overriding default HMAC algorithm set via KSI_CTX options KSI_OPT_AGGR_HMAC_ALGORITHM or KSI_OPT_EXT_HMAC_ALGORITHM.
 * FEATURE: Added new option KSI_ASYNC_OPT_CONF_CONSOLIDATE_CALLBACK for overriding default consolidation handling.
 * FEATURE: Added async service option KSI_ASYNC_OPT_CONNECTION_STATE_CALLBACK for setting connection state listener.
 * FEATURE: Added prefix string format support to KSI_LOG_logBlob. Interface remains fully backwards compatible.

configure.ac

@@ -23,7 +23,7 @@ AC_CONFIG_AUX_DIR(config)
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_HEADERS([src/ksi/config.h])
 AC_CANONICAL_TARGET
-
+AM_MAINTAINER_MODE
 
 # Before making a release, the LTVER string should be modified. The
 # string is of the form c:r:a. Follow these instructions sequentially:
@@ -118,19 +118,47 @@ if test ! -z "$with_openssl" ; then
 	LDFLAGS="-L$with_openssl/lib $LDFLAGS"
 fi
 
+AC_CHECK_LIB([crypto], [SHA256_Init], [], [AC_MSG_FAILURE([Could not find OpenSSL 0.9.8+ libraries.])])
+
+AC_MSG_CHECKING([if compile with SM3 hash algorithm])
+
+AC_ARG_WITH(sm3-hash-algorithm,
+[  --with-sm3-hash-algorithm                         build support for SM3 hash algorithm (default: no)],
+:,[with_sm3_hash_algorithm="no"])
+AC_MSG_RESULT([$with_sm3_hash_algorithm])
+
 AC_ARG_WITH(hash-provider,
 [  --with-hash-provider=<openssl|commoncrypto>       build using library for hash functions (default: openssl)],
 :, with_hash_provider=openssl)
 if test "x$with_hash_provider" = "xcommoncrypto" ; then
 	AC_DEFINE_UNQUOTED(KSI_HASH_IMPL, KSI_IMPL_COMMONCRYPTO, [Use CommonCrypto.])
 	AC_CHECK_HEADER([CommonCrypto/CommonCrypto.h])
+	if test "x$with_sm3_hash_algorithm" = "xyes" ; then
+		AC_MSG_ERROR([SM3 hash algorithm not supported by CommonCrypto.])
+	fi
+
 elif test "x$with_hash_provider" = "xopenssl" ; then
+	use_native_hmac="no"
+	AC_CHECK_FUNCS([HMAC_CTX_new], [use_native_hmac="yes"],[])
 	AC_DEFINE_UNQUOTED(KSI_HASH_IMPL, KSI_IMPL_OPENSSL, [Use OpenSSL.])
+	AC_CHECK_FUNCS([EVP_sha3_256 EVP_sha3_384 EVP_sha3_512])
+
+	if test "x$with_sm3_hash_algorithm" = "xyes" ; then
+		AC_CHECK_FUNCS([EVP_sm3],[],[AC_MSG_ERROR([SM3 hash algorithm not supported by OpenSSL.])])
+	fi
+
 else
 	AC_MSG_ERROR([*** Unknown hash provider.])
 fi
 
-AC_CHECK_LIB([crypto], [SHA256_Init], [], [AC_MSG_FAILURE([Could not find OpenSSL 0.9.8+ libraries.])])
+AC_MSG_CHECKING([Use native HMAC implementation])
+if test "x$use_native_hmac" = "xyes" ; then
+	AC_MSG_RESULT([yes])
+	AC_DEFINE_UNQUOTED(KSI_NATIVE_HMAC, [1], [Use native HMAC implementation.])
+else
+	AC_MSG_RESULT([no])
+fi
+
 AC_CHECK_LIB([curl], [curl_easy_init], [], [AC_MSG_FAILURE([Could nod find Curl libraries.])])
 
 AC_ARG_WITH(cafile,
@@ -196,14 +224,6 @@ if test -z "$with_cafile" -a -z "$with_cadir"; then
 	fi
 fi
 
-# Reduce warnings generated by OpenSSL under OSX
-case "${target_os}" in
-	darwin*)
-		CFLAGS="$CFLAGS -mmacosx-version-min=10.5"
-		LDFLAGS="$LDFLAGS -mmacosx-version-min=10.5"
-		;;
-esac
-
 # To ensure compatibility with Microsoft compiler.
 CFLAGS+=" -Wdeclaration-after-statement"
 # Add more warnings.

src/ksi/GNUmakefile.am

@@ -45,7 +45,6 @@ libksi_la_SOURCES = \
 	hash_openssl.c \
 	hash_commoncrypto.c \
 	hmac.h \
-	impl/hmac_impl.h\
 	hmac.c \
 	http_parser.h \
 	http_parser.c \

src/ksi/fast_tlv.c

@@ -115,15 +115,11 @@ int readData(void *fd, unsigned char *buf, size_t len, size_t *consumed, struct
 			res = KSI_INVALID_FORMAT;
 			goto cleanup;
 		}
-
-		res = parseHdr(buf, 4, t);
-		if (res != KSI_OK) goto cleanup;
-
-	} else {
-		res = parseHdr(buf, 2, t);
-		if (res != KSI_OK) goto cleanup;
 	}
 
+	res = parseHdr(buf, len, t);
+	if (res != KSI_OK) goto cleanup;
+
 	if (len < t->hdr_len + t->dat_len) {
 		res = KSI_BUFFER_OVERFLOW;
 		goto cleanup;
@@ -174,14 +170,8 @@ int KSI_FTLV_memRead(const unsigned char *m, size_t l, KSI_FTLV *t) {
 	/* Initialize offset. */
 	t->off = 0;
 
-	if (m[0] & KSI_TLV_MASK_TLV16) {
-		res = parseHdr(m, l, t);
-		if (res != KSI_OK) goto cleanup;
-	} else {
 		res = parseHdr(m, l, t);
 		if (res != KSI_OK) goto cleanup;
-	}
-
 	if (l < t->hdr_len + t->dat_len) {
 		res = KSI_INVALID_FORMAT;
 		goto cleanup;

src/ksi/hash.c

@@ -37,14 +37,14 @@ const int KSI_HASHALG_SHA3_244 = KSI_HASHALG_SHA3_224;
 /** Hash algorithm names. The last name has to be an empty string. */
 static const char * const KSI_HASHALG_SHA1_names[] = {"SHA-1", "SHA1", ""};
 static const char * const KSI_HASHALG_SHA2_256_names[] = {"SHA-256", "SHA2-256", "SHA-2", "SHA2", "SHA256", "DEFAULT", ""};
-static const char * const KSI_HASHALG_RIPEMD160_names[] = { "RIPEMD-160", "RIPEMD160", ""};
-static const char * const KSI_HASHALG_SHA2_384_names[] = { "SHA-384", "SHA384", "SHA2-384", ""};
-static const char * const KSI_HASHALG_SHA2_512_names[] = { "SHA-512", "SHA512", "SHA2-512", ""};
-static const char * const KSI_HASHALG_SHA3_224_names[] = { "SHA3-224", ""};
-static const char * const KSI_HASHALG_SHA3_256_names[] = { "SHA3-256", ""};
-static const char * const KSI_HASHALG_SHA3_384_names[] = { "SHA3-384", ""};
-static const char * const KSI_HASHALG_SHA3_512_names[] = { "SHA3-512"};
-static const char * const KSI_HASHALG_SM3_names[] = { "SM-3", "SM3", ""};
+static const char * const KSI_HASHALG_RIPEMD160_names[] = {"RIPEMD-160", "RIPEMD160", ""};
+static const char * const KSI_HASHALG_SHA2_384_names[] = {"SHA-384", "SHA384", "SHA2-384", ""};
+static const char * const KSI_HASHALG_SHA2_512_names[] = {"SHA-512", "SHA512", "SHA2-512", ""};
+static const char * const KSI_HASHALG_SHA3_224_names[] = {"SHA3-224", ""};
+static const char * const KSI_HASHALG_SHA3_256_names[] = {"SHA3-256", ""};
+static const char * const KSI_HASHALG_SHA3_384_names[] = {"SHA3-384", ""};
+static const char * const KSI_HASHALG_SHA3_512_names[] = {"SHA3-512", ""};
+static const char * const KSI_HASHALG_SM3_names[] = {"SM-3", "SM3", ""};
 
 
 static const struct KSI_hashAlgorithmInfo_st {

src/ksi/hash_commoncrypto.c

@@ -16,15 +16,14 @@
  * Guardtime, Inc., and no license to trademarks is granted; Guardtime
  * reserves and retains all trademark rights.
  */
+#include "internal.h"
 
-#include "hash.h"
+#if KSI_HASH_IMPL == KSI_IMPL_COMMONCRYPTO
 
-#include "internal.h"
+#include "hash.h"
 
 #include "impl/hash_impl.h"
 
-#if KSI_HASH_IMPL == KSI_IMPL_COMMONCRYPTO
-
 #include <CommonCrypto/CommonCrypto.h>
 
 #define CC_SHA384_CTX CC_SHA512_CTX