sm2, ssl and license update

ssl/gm_clnt.c

@@ -0,0 +1,73 @@
+/* ssl/gm_clnt.c */
+/* ====================================================================
+ * Copyright (c) 2015 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/gmssl.h>
+
+static const SSL_METHOD *gmssl_get_client_method(int ver)
+{
+	if (ver == GMSSL1_1_VERSION) {
+		return GMSSLv1_1_client_method();
+	}
+	return NULL;
+}
+
+IMPLEMENT_gmssl_meth_func(GMSSL1_1_VERSION, GMSSLv1_1_client_method,
+                        ssl_undefined_function,
+                        ssl3_connect,
+                        gmssl_get_client_method, GMSSLv1_1_enc_data)
+
+

ssl/gm_enc.c

@@ -0,0 +1,67 @@
+/* ssl/gm_enc.c */
+/* ====================================================================
+ * Copyright (c) 2015 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/gmssl.h>
+
+
+int gmssl_alert_code(int code)
+{
+	return tls1_alert_code(code);
+}
+

ssl/gm_lib.c

@@ -0,0 +1,281 @@
+/* ssl/gm_lib.c */
+/* ====================================================================
+ * Copyright (c) 2015 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/gmssl.h>
+
+SSL3_ENC_METHOD GMSSLv1_1_enc_data = {
+	gmssl_enc,
+	gmssl_mac,
+	gmssl_setup_key_block,
+	gmssl_generate_master_secret,
+	gmssl_change_cipher_state,
+	gmssl_final_finish_mac,
+	GMSSL_FINISH_MAC_LENGTH,
+	gmssl_cert_verify_mac,
+	TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+	TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+	tls1_alert_code,
+	tls1_export_keying_material,
+	0,
+	SSL3_HM_HEADER_LENGTH,
+	ssl3_set_handshake_header,
+	ssl3_handshake_write
+};
+
+OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
+
+	/* Cipher 1 */
+	{
+		1,
+		GM1_TXT_ECDHE_SM1_SM3,
+		GM1_CK_ECDHE_SM1_SM3,
+		SSL_kEECDH,	/* ephemeral ECDH key exchange algorithm bits */
+		SSL_aSM2,	/* auth algor bits */
+		SSL_SM1,	/* symmetric encryption */
+		SSL_SM3,	/* symmetric authentication */
+		SSL_GMV1_1,	/* (major) protocol version */
+		SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
+		SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
+		0, /* number of bits really used */
+		0, /* number of bits for algorithm */
+	},
+			
+	/* Cipher 2 */
+	{
+		1,
+		GM1_TXT_ECC_SM1_SM3,
+		GM1_CK_ECC_SM1_SM3,
+		SSL_kEECDH,	/* ephemeral ECDH key exchange algorithm bits */
+		SSL_aSM2,	/* auth algor bits */
+		SSL_SM1,	/* symmetric encryption */
+		SSL_SM3,	/* symmetric authentication */
+		SSL_GMV1_1,	/* (major) protocol version */
+		SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
+		SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
+		0, /* number of bits really used */
+		0, /* number of bits for algorithm */
+	},
+
+	/* Cipher 3 */
+	{
+		1,
+		GM1_TXT_IBSDH_SM1_SM3,
+		GM1_CK_IBSDH_SM1_SM3,
+		SSL_kEECDH,	/* ephemeral ECDH key exchange algorithm bits */
+		SSL_aSM2,	/* auth algor bits */
+		SSL_SM1,	/* symmetric encryption */
+		SSL_SM3,	/* symmetric authentication */
+		SSL_GMV1_1,	/* (major) protocol version */
+		SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
+		SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
+		0, /* number of bits really used */
+		0, /* number of bits for algorithm */
+	},
+
+	/* Cipher 4 */
+	{
+		1,
+		GM1_TXT_IBC_SM1_SHA1,
+		GM1_CK_IBC_SM1_SHA1,
+		SSL_kEECDH,	/* ephemeral ECDH key exchange algorithm bits */
+		SSL_aSM2,	/* auth algor bits */
+		SSL_SM1,	/* symmetric encryption */
+		SSL_SM3,	/* symmetric authentication */
+		SSL_GMV1_1,	/* (major) protocol version */
+		SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
+		SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
+		0, /* number of bits really used */
+		0, /* number of bits for algorithm */
+	},
+
+	/* Cipher 5 */
+	{
+		1,
+		GM1_TXT_RSA_SM1_SM3,
+		GM1_CK_RSA_SM1_SM3,
+		SSL_kEECDH,	/* ephemeral ECDH key exchange algorithm bits */
+		SSL_aSM2,	/* auth algor bits */
+		SSL_SM1,	/* symmetric encryption */
+		SSL_SM3,	/* symmetric authentication */
+		SSL_GMV1_1,	/* (major) protocol version */
+		SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
+		SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
+		0, /* number of bits really used */
+		0, /* number of bits for algorithm */
+	},
+
+	/* Cipher 6 */
+	{
+		1,
+		GM1_TXT_RSA_SM1_SHA1,
+		GM1_CK_RSA_SM1_SHA1,
+		SSL_kEECDH,	/* ephemeral ECDH key exchange algorithm bits */
+		SSL_aSM2,	/* auth algor bits */
+		SSL_SM1,	/* symmetric encryption */
+		SSL_SM3,	/* symmetric authentication */
+		SSL_GMV1_1,	/* (major) protocol version */
+		SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
+		SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
+		0, /* number of bits really used */
+		0, /* number of bits for algorithm */
+	},
+
+
+	/* Cipher 7 */
+	{
+		1,
+		GM1_TXT_ECDHE_SM4_SM3,
+		GM1_CK_ECDHE_SM4_SM3,
+		SSL_kEECDH,	/* ephemeral ECDH key exchange algorithm bits */
+		SSL_aSM2,	/* auth algor bits */
+		SSL_SM1,	/* symmetric encryption */
+		SSL_SM3,	/* symmetric authentication */
+		SSL_GMV1_1,	/* (major) protocol version */
+		SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
+		SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
+		0, /* number of bits really used */
+		0, /* number of bits for algorithm */
+	},
+
+	/* Cipher 8 */
+	{
+		1,
+		GM1_TXT_ECC_SM4_SM3,
+		GM1_CK_ECC_SM4_SM3,
+		SSL_kEECDH,	/* ephemeral ECDH key exchange algorithm bits */
+		SSL_aSM2,	/* auth algor bits */
+		SSL_SM1,	/* symmetric encryption */
+		SSL_SM3,	/* symmetric authentication */
+		SSL_GMV1_1,	/* (major) protocol version */
+		SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
+		SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
+		0, /* number of bits really used */
+		0, /* number of bits for algorithm */
+	},
+
+
+	/* Cipher 9 */
+	{
+		1,
+		GM1_TXT_IBSDH_SM4_SM3,
+		GM1_CK_IBSDH_SM4_SM3,
+		SSL_kEECDH,	/* ephemeral ECDH key exchange algorithm bits */
+		SSL_aSM2,	/* auth algor bits */
+		SSL_SM1,	/* symmetric encryption */
+		SSL_SM3,	/* symmetric authentication */
+		SSL_GMV1_1,	/* (major) protocol version */
+		SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
+		SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
+		0, /* number of bits really used */
+		0, /* number of bits for algorithm */
+	},
+
+	/* Cipher 10 */
+	{
+		1,
+		GM1_TXT_IBC_SM4_SM3,
+		GM1_CK_IBC_SM4_SM3,
+		SSL_kEECDH,	/* ephemeral ECDH key exchange algorithm bits */
+		SSL_aSM2,	/* auth algor bits */
+		SSL_SM1,	/* symmetric encryption */
+		SSL_SM3,	/* symmetric authentication */
+		SSL_GMV1_1,	/* (major) protocol version */
+		SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
+		SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
+		0, /* number of bits really used */
+		0, /* number of bits for algorithm */
+	},
+
+
+	/* Cipher 11 */
+	{
+		1,
+		GM1_TXT_RSA_SM4_SM3,
+		GM1_CK_RSA_SM4_SM3,
+		SSL_kEECDH,	/* ephemeral ECDH key exchange algorithm bits */
+		SSL_aSM2,	/* auth algor bits */
+		SSL_SM1,	/* symmetric encryption */
+		SSL_SM3,	/* symmetric authentication */
+		SSL_GMV1_1,	/* (major) protocol version */
+		SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
+		SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
+		0, /* number of bits really used */
+		0, /* number of bits for algorithm */
+	},
+
+	/* Cipher 12 */
+	{
+		1,
+		GM1_TXT_RSA_SM4_SHA1,
+		GM1_CK_RSA_SM4_SHA1,
+		SSL_kEECDH,	/* ephemeral ECDH key exchange algorithm bits */
+		SSL_aSM2,	/* auth algor bits */
+		SSL_SM1,	/* symmetric encryption */
+		SSL_SM3,	/* symmetric authentication */
+		SSL_GMV1_1,	/* (major) protocol version */
+		SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
+		SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
+		0, /* number of bits really used */
+		0, /* number of bits for algorithm */
+	},
+
+};
+
+
+	

ssl/gm_meth.c

@@ -0,0 +1,72 @@
+/* ssl/gm_meth.c */
+/* ====================================================================
+ * Copyright (c) 2015 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+#include <openssl/gmssl.h>
+
+static const SSL_METHOD *gmssl_get_method(int ver)
+{
+	if (ver == GMSSL1_1_VERSION) {
+		return GMSSLv1_1_method();
+	}
+	return NULL;
+}
+
+IMPLEMENT_gmssl_meth_func(GMSSL1_1_VERSION, GMSSLv1_1_method,
+                        ssl3_accept,
+                        ssl3_connect,
+                        gmssl_get_method, GMSSLv1_1_enc_data)
+
+

ssl/gm_srvr.c

@@ -0,0 +1,79 @@
+/* ssl/gm_srvr.c */
+/* ====================================================================
+ * Copyright (c) 2015 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/gmssl.h>
+
+static const SSL_METHOD *gmssl_get_server_method(int ver)
+{
+	if (ver == GMSSL1_1_VERSION) {
+		return GMSSLv1_1_server_method();
+	}
+	return NULL;
+}
+
+IMPLEMENT_gmssl_meth_func(GMSSL1_1_VERSION, GMSSLv1_1_server_method,
+                        ssl3_accept,
+                        ssl_undefined_function,
+                        gmssl_get_server_method, GMSSLv1_1_enc_data)
+
+int gm1_send_server_certificate(SSL *s)
+{
+	return 0;
+}
+

ssl/gmssl.h

@@ -0,0 +1,134 @@
+/* ssl/gmssl.h */
+/* ====================================================================
+ * Copyright (c) 2015 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+
+#ifndef HEADER_GMSSL_H
+#define HEADER_GMSSL_H
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define GM1_VERSION		0x0101
+#define GM1_VERSION_MAJOR	0x01
+#define GM1_VERSION_MINOR	0x01
+
+#define GMSSL1_1_VERSION	0x0101
+
+
+#define GM1_get_version(s) \
+	((s->version >> 8) == GM1_VERSION_MAJOR ? s->version : 0)
+
+#define GM1_get_client_version(s) \
+	((s->client_version >> 8) == GM1_VERSION_MAJOR ? s->client_version : 0)
+
+
+/* from GM/T 0024-2014 Table 2 */
+#define GM1_CK_ECDHE_SM1_SM3	0x0300E001
+#define GM1_CK_ECC_SM1_SM3	0x0300E003
+#define GM1_CK_IBSDH_SM1_SM3	0x0300E005
+#define GM1_CK_IBC_SM1_SM3	0x0300E007
+#define GM1_CK_RSA_SM1_SM3	0x0300E009
+#define GM1_CK_RSA_SM1_SHA1	0x0300E00A
+#define GM1_CK_ECDHE_SM4_SM3	0x0300E011
+#define GM1_CK_ECC_SM4_SM3	0x0300E013
+#define GM1_CK_IBSDH_SM4_SM3	0x0300E015
+#define GM1_CK_IBC_SM4_SM3	0x0300E017
+#define GM1_CK_RSA_SM4_SM3	0x0300E019
+#define GM1_CK_RSA_SM4_SHA1	0x0300E01A
+
+#define GM1_TXT_ECDHE_SM1_SM3	"ECDHE-SM1-SM3"
+#define GM1_TXT_ECC_SM1_SM3	"ECC-SM1-SM3"
+#define GM1_TXT_IBSDH_SM1_SM3	"IBSDH-SM1-SM3"
+#define GM1_TXT_IBC_SM1_SM3	"IBC-SM1-SM3"
+#define GM1_TXT_RSA_SM1_SM3	"RSA-SM1-SM3"
+#define GM1_TXT_RSA_SM1_SHA1	"RSA-SM1-SHA1"
+#define GM1_TXT_ECDHE_SM4_SM3	"ECDHE-SM4-SM3"
+#define GM1_TXT_ECC_SM4_SM3	"ECC-SM4-SM3"
+#define GM1_TXT_IBSDH_SM4_SM3	"IBSDH-SM4-SM3"
+#define GM1_TXT_IBC_SM4_SM3	"IBC-SM4-SM3"
+#define GM1_TXT_RSA_SM4_SM3	"RSA-SM4-SM3"
+#define GM1_TXT_RSA_SM4_SHA1	"RSA-SM4-SHA1"
+
+/* from GM/T 0024-2014 Table 1 */
+#define GM1_AD_UNSUPPORTED_SITE2SITE	200 /* fatal */
+#define GM1_AD_NO_AREA			201
+#define GM1_AD_UNSUPPORTED_AREATYPE	202
+#define GM1_AD_BAD_IBCPARAM		203 /* fatal */
+#define GM1_AD_UNSUPPORTED_IBCPARAM	204 /* fatal */
+#define GM1_AD_IDENTITY_NEED		205 /* fatal */
+
+#if 0
+/* Bits for algorithm_enc (symmetric encryption */
+#define SSL_SM1			0x00004000L
+#define SSL_SM4			0x00008000L
+
+/* bits for algorithm_mac */
+#define SSL_SM3			0x00000040L
+#endif
+
+#define SSL_HANDSHAKE_MAC_SM3	0x200
+
+/* SSL_MAX_DIGEST in ssl_locl.h should be update */
+
+#define GM1_PRF_SM3 (SSL_HANDSHAKE_MAC_SM3 << TLS1_PRF_DGST_SHIFT)
+
+
+
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif
+

ssl/ssl.h

@@ -1700,6 +1700,11 @@ struct ssl_st {
 # include <openssl/ssl23.h>
 # include <openssl/srtp.h>      /* Support for the use_srtp extension */
 
+#ifndef OPENSSL_NO_GMSSL
+#include <openssl/gmssl.h>
+#endif
+
+
 #ifdef  __cplusplus
 extern "C" {
 #endif

ssl/ssl_algs.c

@@ -61,7 +61,7 @@
 #include <openssl/lhash.h>
 #include "ssl_locl.h"
 
-int SSL_library_init(void)
+static int _SSL_library_init(void)
 {
 
 #ifndef OPENSSL_NO_DES
@@ -137,6 +137,7 @@ int SSL_library_init(void)
 #ifndef OPENSSL_NO_ECDSA
     EVP_add_digest(EVP_ecdsa());
 #endif
+
     /* If you want support for phased out ciphers, add the following */
 #if 0
     EVP_add_digest(EVP_sha());
@@ -153,3 +154,12 @@ int SSL_library_init(void)
     ssl_load_ciphers();
     return (1);
 }
+
+int SSL_library_init(void)
+{
+
+	EVP_add_cipher(EVP_sms4_cbc());
+	EVP_add_digest(EVP_sm3());
+	
+	return _SSL_library_init();
+}

ssl/ssl_ciph.c

@@ -164,11 +164,19 @@
 #define SSL_ENC_SEED_IDX        11
 #define SSL_ENC_AES128GCM_IDX   12
 #define SSL_ENC_AES256GCM_IDX   13
+#ifndef OPENSSL_NO_GMSSL
+#define SSL_ENC_SM4_IDX		14
+#define SSL_ENC_NUM_IDX		15
+#else
 #define SSL_ENC_NUM_IDX         14
+#endif
 
 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
     NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-    NULL, NULL
+    NULL, NULL,
+#ifndef OPENSSL_NO_GMSSL
+    NULL
+#endif
 };
 
 #define SSL_COMP_NULL_IDX       0
@@ -183,13 +191,20 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
 #define SSL_MD_GOST89MAC_IDX 3
 #define SSL_MD_SHA256_IDX 4
 #define SSL_MD_SHA384_IDX 5
+#ifndef OPENSSL_NO_GMSSL
+#define SSL_MD_SM3_IDX 6
+#endif
+
 /*
  * Constant SSL_MAX_DIGEST equal to size of digests array should be defined
  * in the ssl_locl.h
  */
 #define SSL_MD_NUM_IDX  SSL_MAX_DIGEST
 static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
-    NULL, NULL, NULL, NULL, NULL, NULL
+    NULL, NULL, NULL, NULL, NULL, NULL,
+#ifndef OPENSSL_NO_GMSSL
+    NULL
+#endif
 };
 
 /*
@@ -209,7 +224,10 @@ static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
 static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = {
     SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA,
     SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
-    SSL_HANDSHAKE_MAC_SHA384
+    SSL_HANDSHAKE_MAC_SHA384,
+#ifndef OPENSSL_NO_GMSSL
+    SSL_HANDSHAKE_MAC_SM3
+#endif
 };
 
 #define CIPHER_ADD      1
@@ -457,6 +475,12 @@ void ssl_load_ciphers(void)
     ssl_digest_methods[SSL_MD_SHA384_IDX] = EVP_get_digestbyname(SN_sha384);
     ssl_mac_secret_size[SSL_MD_SHA384_IDX] =
         EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
+
+#ifndef OPENSSL_NO_GMSSL
+	ssl_cipher_methods[SSL_ENC_SM4_IDX] = EVP_get_cipherbyname(SN_sms4_cbc);
+	ssl_digest_methods[SSL_MD_SM3_IDX] = EVP_get_digestbyname(SN_sm3);
+#endif
+
 }
 
 #ifndef OPENSSL_NO_COMP
@@ -579,6 +603,11 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
     case SSL_AES256GCM:
         i = SSL_ENC_AES256GCM_IDX;
         break;
+#ifndef OPENSSL_NO_GMSSL
+	case SSL_SM4:
+		i = SSL_ENC_SM4_IDX;
+		break;
+#endif
     default:
         i = -1;
         break;
@@ -612,6 +641,11 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
     case SSL_GOST89MAC:
         i = SSL_MD_GOST89MAC_IDX;
         break;
+#ifndef OPENSSL_NO_GMSSL
+	case SSL_SM3:
+		i = SSL_MD_SM3_IDX;
+		break;
+#endif
     default:
         i = -1;
         break;
@@ -666,6 +700,12 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                  c->algorithm_mac == SSL_SHA256 &&
                  (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
             *enc = evp, *md = NULL;
+#ifndef OPENSSL_NO_GMSSL
+		else if (c->algorithm_enc == SSL_SM4 &&
+				 c->algorithm_mac == SSL_SM3 &&
+				 (evp = EVP_get_cipherbyname("SM4-CBC-HMAC_SM3")))
+			*enc = evp, *md = NULL;
+#endif
         return (1);
     } else
         return (0);
@@ -813,6 +853,9 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
              || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] ==
              NID_undef) ? SSL_GOST89MAC : 0;
 
+#ifndef OPENSSL_NO_GMSSL
+	/* what we should do? */
+#endif
 }
 
 static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
@@ -1820,6 +1863,11 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
     case SSL_eGOST2814789CNT:
         enc = "GOST89(256)";
         break;
+#ifndef OPENSSL_NO_GMSSL
+	case SSL_SM4:
+		enc = "SM4(128)";
+		break;
+#endif
     default:
         enc = "unknown";
         break;
@@ -1847,6 +1895,11 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
     case SSL_GOST94:
         mac = "GOST94";
         break;
+#ifndef OPENSSL_NO_GMSSL
+	case SSL_SM3:
+		mac = "SM3";
+		break;
+#endif
     default:
         mac = "unknown";
         break;
@@ -1881,6 +1934,10 @@ char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
         return ("TLSv1/SSLv3");
     else if (i == 2)
         return ("SSLv2");
+#ifndef OPENSSL_NO_GMSSL
+	else if (i == 1)
+		return ("GMSSLv1");
+#endif
     else
         return ("unknown");
 }

ssl/ssl_locl.h

@@ -354,6 +354,9 @@
 # define SSL_SEED                0x00000800L
 # define SSL_AES128GCM           0x00001000L
 # define SSL_AES256GCM           0x00002000L
+#ifndef OPENSSL_NO_GMSSL
+# define SSL_SM4                 0x00004000L
+#endif
 
 # define SSL_AES                 (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)
 # define SSL_CAMELLIA            (SSL_CAMELLIA128|SSL_CAMELLIA256)
@@ -368,6 +371,9 @@
 # define SSL_SHA384              0x00000020L
 /* Not a real MAC, just an indication it is part of cipher */
 # define SSL_AEAD                0x00000040L
+#ifndef OPENSSL_NO_GMSSL
+# define SSL_SM3                 0x00000080L
+#endif
 
 /* Bits for algorithm_ssl (protocol version) */
 # define SSL_SSLV2               0x00000001UL
@@ -382,13 +388,20 @@
 # define SSL_HANDSHAKE_MAC_GOST94 0x40
 # define SSL_HANDSHAKE_MAC_SHA256 0x80
 # define SSL_HANDSHAKE_MAC_SHA384 0x100
+#ifndef OPENSSL_NO_GMSSL
+# define SSL_HANDSHAKE_MAC_SM3 0x200
+#endif
 # define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
 
 /*
  * When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX make
  * sure to update this constant too
  */
-# define SSL_MAX_DIGEST 6
+#ifndef OPENSSL_NO_GMSSL
+#define SSL_MAX_DIGEST 7
+#else
+#define SSL_MAX_DIGEST 6
+#endif
 
 # define TLS1_PRF_DGST_MASK      (0xff << TLS1_PRF_DGST_SHIFT)
 
@@ -848,6 +861,46 @@ extern SSL3_ENC_METHOD SSLv3_enc_data;
 extern SSL3_ENC_METHOD DTLSv1_enc_data;
 extern SSL3_ENC_METHOD DTLSv1_2_enc_data;
 
+#ifndef OPENSSL_NO_GMSSL
+#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
+                                s_get_meth, enc_data) \
+const SSL_METHOD *func_name(void)  \
+        { \
+        static const SSL_METHOD func_name##_data= { \
+                version, \
+                tls1_new, \
+                tls1_clear, \
+                tls1_free, \
+                s_accept, \
+                s_connect, \
+                ssl3_read, \
+                ssl3_peek, \
+                ssl3_write, \
+                ssl3_shutdown, \
+                ssl3_renegotiate, \
+                ssl3_renegotiate_check, \
+                ssl3_get_message, \
+                ssl3_read_bytes, \
+                ssl3_write_bytes, \
+                ssl3_dispatch_alert, \
+                ssl3_ctrl, \
+                ssl3_ctx_ctrl, \
+                ssl3_get_cipher_by_char, \
+                ssl3_put_cipher_by_char, \
+                ssl3_pending, \
+                ssl3_num_ciphers, \
+                ssl3_get_cipher, \
+                s_get_meth, \
+                tls1_default_timeout, \
+                &enc_data, \
+                ssl_undefined_void_function, \
+                ssl3_callback_ctrl, \
+                ssl3_ctx_callback_ctrl, \
+        }; \
+        return &func_name##_data; \
+        }
+#endif
+
 # define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
                                 s_get_meth, enc_data) \
 const SSL_METHOD *func_name(void)  \

ssl/ssl_stat.c

@@ -823,6 +823,10 @@ const char *SSL_state_string(const SSL *s)
         str = "DWCHVB";
         break;
 
+#ifndef OPENSSL_NO_GMSSL
+/* GMSSL */
+#endif
+
     default:
         str = "UNKWN ";
         break;
@@ -1049,6 +1053,26 @@ const char *SSL_alert_desc_string_long(int value)
     case TLS1_AD_UNKNOWN_PSK_IDENTITY:
         str = "unknown PSK identity";
         break;
+#ifndef OPENSSL_NO_GMSSL
+	case GM1_AD_UNSUPPORTED_SITE2SITE:
+		str = "unsupported site2site";
+		break;
+	case GM1_AD_NO_AREA:
+		str = "no area";
+		break;
+	case GM1_AD_UNSUPPORTED_AREATYPE:
+		str = "unsupported areatype";
+		break;
+	case GM1_AD_BAD_IBCPARAM:
+		str = "bad ibc parameters";
+		break;
+	case GM1_AD_UNSUPPORTED_IBCPARAM:
+		str = "unsupported ibcparam";
+		break;
+	case GM1_AD_IDENTITY_NEED:
+		str = "identity need";
+		break;
+#endif
     default:
         str = "unknown";
         break;

ssl/ssl_txt.c

@@ -128,6 +128,10 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
         s = "DTLSv1.2";
     else if (x->ssl_version == DTLS1_BAD_VER)
         s = "DTLSv1-bad";
+#ifndef OPENSSL_NO_GMSSL
+	else if (x->ssl_version == GMSSL1_1_VERSION)
+		s = "GMSSLv1.1";
+#endif
     else
         s = "unknown";
     if (BIO_printf(bp, "    Protocol  : %s\n", s) <= 0)