abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-25 14:43:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

Bug fix

Browse Source 
Thanks to github.com/Jkinglyf
This commit is contained in:
Zhi Guan
2016-05-30 12:50:06 +02:00
parent ee4384daeb
commit 2bf25bd29f
55 changed files with 2044 additions and 1672 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1228
MINFO
View File

File diff suppressed because it is too large Load Diff

681
Makefile
View File

@@ -1,681 +0,0 @@
### Generated automatically from Makefile.org by Configure.
##
## Makefile for OpenSSL
##
VERSION=1.0.2d-fips
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=1
SHLIB_MINOR=0.0
SHLIB_EXT=.$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
PLATFORM=darwin64-x86_64-cc
OPTIONS=--prefix=/usr/local/ --openssldir=/usr/local/openssl/ no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-unit-test no-zlib no-zlib-dynamic static-engine
CONFIGURE_ARGS=darwin64-x86_64-cc --prefix=/usr/local/ --openssldir=/usr/local/openssl/
SHLIB_TARGET=darwin-shared
# HERE indicates where this Makefile lives. This can be used to indicate
# where sub-Makefiles are expected to be. Currently has very limited usage,
# and should probably not be bothered with at all.
HERE=.
# INSTALL_PREFIX is for package builders so that they can configure
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
# Normally it is left empty.
INSTALL_PREFIX=
INSTALLTOP=/usr/local
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
OPENSSLDIR=/usr/local/openssl
# NO_IDEA - Define to build without the IDEA algorithm
# NO_RC4 - Define to build without the RC4 algorithm
# NO_RC2 - Define to build without the RC2 algorithm
# THREADS - Define when building with threads, you will probably also need any
# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
# DEVRANDOM - Give this the value of the 'random device' if your OS supports
# one. 32 bytes will be read from this when the random
# number generator is initalised.
# SSL_FORBID_ENULL - define if you want the server to be not able to use the
# NULL encryption ciphers.
#
# LOCK_DEBUG - turns on lots of lock debug output :-)
# REF_CHECK - turn on some xyz_free() assertions.
# REF_PRINT - prints some stuff on structure free.
# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
# MFUNC - Make all Malloc/Free/Realloc calls call
# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
# call application defined callbacks via CRYPTO_set_mem_functions()
# MD5_ASM needs to be defined to use the x86 assembler for MD5
# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
# equal 4.
# PKCS1_CHECK - pkcs1 tests.
CC= cc
CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST
PEX_LIBS= -Wl,-search_paths_first
EX_LIBS=
EXE_EXT=
ARFLAGS=
AR= ar $(ARFLAGS) r
RANLIB= /usr/bin/ranlib
NM= nm
PERL= /usr/bin/perl
TAR= tar
TARFLAGS= --no-recursion
MAKEDEPPROG=makedepend
LIBDIR=lib
# We let the C compiler driver to take care of .s files. This is done in
# order to be excused from maintaining a separate set of architecture
# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
# gcc, then the driver will automatically translate it to -xarch=v8plus
# and pass it down to assembler.
AS=$(CC) -c
ASFLAG=$(CFLAG)
# For x86 assembler: Set PROCESSOR to 386 if you want to support
# the 80386.
PROCESSOR=
# CPUID module collects small commonly used assembler snippets
CPUID_OBJ= x86_64cpuid.o
BN_ASM= x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
EC_ASM= ecp_nistz256.o ecp_nistz256-x86_64.o
DES_ENC= des_enc.o fcrypt_b.o
AES_ENC= aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
BF_ENC= bf_enc.o
CAST_ENC= c_enc.o
RC4_ENC= rc4_enc.o rc4_skey.o
RC5_ENC= rc5_enc.o
MD5_ASM_OBJ= md5-x86_64.o
SHA1_ASM_OBJ= sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
RMD160_ASM_OBJ=
WP_ASM_OBJ= wp-x86_64.o
CMLL_ENC= cmll-x86_64.o cmll_misc.o
MODES_ASM_OBJ= ghash-x86_64.o aesni-gcm-x86_64.o
ENGINES_ASM_OBJ=
PERLASM_SCHEME= macosx
# KRB5 stuff
KRB5_INCLUDES=
LIBKRB5=
# Zlib stuff
ZLIB_INCLUDE=
LIBZLIB=
# TOP level FIPS install directory.
FIPSDIR=/usr/local/ssl/fips-2.0
# This is the location of fipscanister.o and friends.
# The FIPS module build will place it $(INSTALLTOP)/lib
# but since $(INSTALLTOP) can only take the default value
# when the module is built it will be in /usr/local/ssl/lib
# $(INSTALLTOP) for this build may be different so hard
# code the path.
FIPSLIBDIR=
# The location of the library which contains fipscanister.o
# normally it will be libcrypto unless fipsdso is set in which
# case it will be libfips. If not compiling in FIPS mode at all
# this is empty making it a useful test for a FIPS compile.
FIPSCANLIB=
# Shared library base address. Currently only used on Windows.
#
BASEADDR=0xFB00000
DIRS= crypto ssl engines apps test tools
ENGDIRS= ccgost
SHLIBDIRS= crypto ssl
# dirs in crypto to build
SDIRS= \
objects \
md4 md5 sha mdc2 hmac ripemd whrlpool \
des aes rc2 rc4 idea bf cast camellia seed modes \
bn ec rsa dsa ecdsa dh ecdh ecies dso engine \
buffer bio stack lhash rand err \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
cms pqueue ts srp cmac \
sm2 sm3 sms4 sm9 ecies cpk zuc cbcmac otp skf kdf
# keep in mind that the above list is adjusted by ./Configure
# according to no-xxx arguments...
# tests to perform. "alltests" is a special word indicating that all tests
# should be performed.
TESTS = alltests
MAKEFILE= Makefile
MANDIR=$(OPENSSLDIR)/man
MAN1=1
MAN3=3
MANSUFFIX=
HTMLSUFFIX=html
HTMLDIR=$(OPENSSLDIR)/html
SHELL=/bin/sh
TOP= .
ONEDIRS=out tmp
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
WDIRS= windows
LIBS= libcrypto.a libssl.a
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
SHARED_LIBS=
SHARED_LIBS_LINK_EXTS=.$(SHLIB_MAJOR).dylib .dylib
SHARED_LDFLAGS=-arch x86_64 -dynamiclib
GENERAL= Makefile
BASENAME= gmssl
NAME= $(BASENAME)-$(VERSION)
TARFILE= $(NAME).tar
WTARFILE= $(NAME)-win.tar
EXHEADER= e_os2.h
HEADER= e_os.h
all: Makefile build_all
# as we stick to -e, CLEARENV ensures that local variables in lower
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
# shell, which [annoyingly enough] terminates unset with error if VAR
# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
# which terminates unset with error if no variable was present:-(
CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
$${EXHEADER+EXHEADER} $${HEADER+HEADER} \
$${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
CC='$(CC)' CFLAG='$(CFLAG)' \
AS='$(CC)' ASFLAG='$(CFLAG) -c' \
AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
CROSS_COMPILE='$(CROSS_COMPILE)' \
PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
INSTALL_PREFIX='$(INSTALL_PREFIX)' \
INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \
LIBDIR='$(LIBDIR)' \
MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \
MAKEDEPPROG='$(MAKEDEPPROG)' \
SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \
KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \
ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \
EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \
SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \
CPUID_OBJ='$(CPUID_OBJ)' BN_ASM='$(BN_ASM)' \
EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)' \
AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \
BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \
RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \
SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \
MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \
RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \
WP_ASM_OBJ='$(WP_ASM_OBJ)' \
MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \
ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)' \
PERLASM_SCHEME='$(PERLASM_SCHEME)' \
FIPSLIBDIR='${FIPSLIBDIR}' \
FIPSDIR='${FIPSDIR}' \
FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
# BUILD_CMD is a generic macro to build a given target in a given
# subdirectory. The target must be given through the shell variable
# `target' and the subdirectory to build in must be given through `dir'.
# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
# BUILD_ONE_CMD instead.
#
# BUILD_ONE_CMD is a macro to build a given target in a given
# subdirectory if that subdirectory is part of $(DIRS). It requires
# exactly the same shell variables as BUILD_CMD.
#
# RECURSIVE_BUILD_CMD is a macro to build a given target in all
# subdirectories defined in $(DIRS). It requires that the target
# is given through the shell variable `target'.
BUILD_CMD= if [ -d "$$dir" ]; then \
( cd $$dir && echo "making $$target in $$dir..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
) || exit 1; \
fi
RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
BUILD_ONE_CMD=\
if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
$(BUILD_CMD); \
fi
reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
sub_all: build_all
build_all: build_libs build_apps build_tests build_tools
build_libs: build_libcrypto build_libssl openssl.pc
build_libcrypto: build_crypto build_engines libcrypto.pc
build_libssl: build_ssl libssl.pc
build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
build_ssl: build_crypto
@dir=ssl; target=all; $(BUILD_ONE_CMD)
build_engines: build_crypto
@dir=engines; target=all; $(BUILD_ONE_CMD)
build_apps: build_libs
@dir=apps; target=all; $(BUILD_ONE_CMD)
build_tests: build_libs
@dir=test; target=all; $(BUILD_ONE_CMD)
build_tools: build_libs
@dir=tools; target=all; $(BUILD_ONE_CMD)
all_testapps: build_libs build_testapps
build_testapps:
@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
fips_premain_dso$(EXE_EXT): libcrypto.a
[ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \
-DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ \
$(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \
libcrypto.a $(EX_LIBS)
libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
@if [ "$(SHLIB_TARGET)" != "" ]; then \
if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
FIPSLD_LIBCRYPTO=libcrypto.a ; \
FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
fi; \
$(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
(touch -c fips_premain_dso$(EXE_EXT) || :); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
clean-shared:
@set -e; for i in $(SHLIBDIRS); do \
if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
for j in $${tmp:-x}; do \
( set -x; rm -f lib$$i$$j ); \
done; \
fi; \
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
fi; \
done
link-shared:
@ set -e; for i in $(SHLIBDIRS); do \
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
symlink.$(SHLIB_TARGET); \
libs="$$libs -l$$i"; \
done
build-shared: do_$(SHLIB_TARGET) link-shared
do_$(SHLIB_TARGET):
@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
LIBDEPS="$$libs $(EX_LIBS)" \
link_a.$(SHLIB_TARGET); \
libs="-l$$i $$libs"; \
done
libcrypto.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
echo 'Description: OpenSSL cryptography library'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lcrypto'; \
echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
libssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL-libssl'; \
echo 'Description: Secure Sockets Layer and cryptography libraries'; \
echo 'Version: '$(VERSION); \
echo 'Requires.private: libcrypto'; \
echo 'Libs: -L$${libdir} -lssl'; \
echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
openssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL'; \
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
echo 'Version: '$(VERSION); \
echo 'Requires: libssl libcrypto' ) > openssl.pc
Makefile: Makefile.org Configure config
@echo "Makefile is older than Makefile.org, Configure or config."
@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
@false
libclean:
rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
clean: libclean
rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
rm -f $(LIBS)
rm -f openssl.pc libssl.pc libcrypto.pc
rm -f speed.* .pure
rm -f $(TARFILE)
@set -e; for i in $(ONEDIRS) ;\
do \
rm -fr $$i/*; \
done
makefile.one: files
$(PERL) util/mk1mf.pl >makefile.one; \
sh util/do_ms.sh
files:
$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
@set -e; target=files; $(RECURSIVE_BUILD_CMD)
links:
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
@set -e; target=links; $(RECURSIVE_BUILD_CMD)
gentests:
@(cd test && echo "generating dummy tests (if needed)..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
dclean:
rm -rf *.bak include/openssl certs/.0
@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
rehash: rehash.time
rehash.time: certs apps
@if [ -z "$(CROSS_COMPILE)" ]; then \
(OPENSSL="`pwd`/util/opensslwrap.sh"; \
[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
OPENSSL_DEBUG_MEMORY=on; \
export OPENSSL OPENSSL_DEBUG_MEMORY; \
$(PERL) tools/c_rehash certs/demo) && \
touch rehash.time; \
else :; fi
test: tests
tests: rehash
@(cd test && echo "testing..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
report:
@$(PERL) util/selftest.pl
update: errors stacks util/libeay.num util/ssleay.num TABLE
@set -e; target=update; $(RECURSIVE_BUILD_CMD)
depend:
@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
lint:
@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
tags:
rm -f TAGS
find . -name '[^.]*.[ch]' | xargs etags -a
errors:
$(PERL) util/ck_errf.pl -strict */*.c */*/*.c
$(PERL) util/mkerr.pl -recurse -write
(cd engines; $(MAKE) PERL=$(PERL) errors)
stacks:
$(PERL) util/mkstack.pl -write
util/libeay.num::
$(PERL) util/mkdef.pl crypto update
util/ssleay.num::
$(PERL) util/mkdef.pl ssl update
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
$(PERL) Configure TABLE) > TABLE
# Build distribution tar-file. As the list of files returned by "find" is
# pretty long, on several platforms a "too many arguments" error or similar
# would occur. Therefore the list of files is temporarily stored into a file
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
tar:
find . -type d -print | xargs chmod 755
find . -type f -print | xargs chmod a+r
find . -type f -perm -0100 -print | xargs chmod a+x
find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
tardy --user_number=0 --user_name=openssl \
--group_number=0 --group_name=openssl \
--prefix=openssl-$(VERSION) - |\
gzip --best >../$(TARFILE).gz; \
rm -f ../$(TARFILE).list; \
ls -l ../$(TARFILE).gz
tar-snap:
@$(TAR) $(TARFLAGS) -cvf - \
`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
tardy --user_number=0 --user_name=openssl \
--group_number=0 --group_name=openssl \
--prefix=openssl-$(VERSION) - > ../$(TARFILE);\
ls -l ../$(TARFILE)
dist:
$(PERL) Configure dist
@$(MAKE) dist_pem_h
@$(MAKE) SDIRS='$(SDIRS)' clean
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
install: all install_docs install_sw
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
$(INSTALL_PREFIX)$(OPENSSLDIR)/private
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
@set -e; target=install; $(RECURSIVE_BUILD_CMD)
@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
fi; \
done;
@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
tmp="$(SHARED_LIBS)"; \
for i in $${tmp:-x}; \
do \
if [ -f "$$i" -o -f "$$i.a" ]; then \
( echo installing $$i; \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
else \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
fi ); \
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
( case $$i in \
*crypto*) i=libeay32.dll;; \
*ssl*) i=ssleay32.dll;; \
esac; \
echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
fi; \
fi; \
done; \
( here="`pwd`"; \
cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
if [ "$(INSTALLTOP)" != "/usr" ]; then \
echo 'OpenSSL shared libraries have been installed in:'; \
echo ' $(INSTALLTOP)'; \
echo ''; \
sed -e '1,/^$$/d' doc/openssl-shared.txt; \
fi; \
fi
cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
install_html_docs:
here="`pwd`"; \
filecase=; \
case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
filecase=-i; \
esac; \
for subdir in apps crypto ssl; do \
mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
for i in doc/$$subdir/*.pod; do \
fn=`basename $$i .pod`; \
echo "installing html/$$fn.$(HTMLSUFFIX)"; \
cat $$i \
| sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \
| pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \
| sed -r 's/<!DOCTYPE.*//g' \
> $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
(cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
while read n; do \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
done); \
done; \
done
install_docs:
@$(PERL) $(TOP)/util/mkdir-p.pl \
$(INSTALL_PREFIX)$(MANDIR)/man1 \
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
here="`pwd`"; \
filecase=; \
case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
filecase=-i; \
esac; \
set -e; for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
(grep -v $$filecase "^$$fn\$$"; true) | \
(grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done; \
set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
(grep -v $$filecase "^$$fn\$$"; true) | \
(grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done
# DO NOT DELETE THIS LINE -- make depend depends on it.

2
Makefile.org
View File

@@ -149,7 +149,7 @@ SDIRS= \
buffer bio stack lhash rand err \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
cms pqueue ts jpake srp store cmac \
sm2 sm3 sms4 sm9 ecies cpk zuc cbcmac otp skf kdf
sm2 sm3 sms4 sm9 ecies ffx cpk zuc cbcmac otp skf paillier kdf
# keep in mind that the above list is adjusted by ./Configure
# according to no-xxx arguments...

9
crypto/ec/ec.h
View File

@@ -1299,6 +1299,10 @@ void ERR_load_EC_strings(void);
# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117
# define EC_R_DECODE_ERROR 142
# define EC_R_DISCRIMINANT_IS_ZERO 118
# define EC_R_ECIES_DECRYPT_FAILED 152
# define EC_R_ECIES_DECRYPT_WITH_RECOMMENDED_FAILED 153
# define EC_R_ECIES_ENCRYPT_FAILED 154
# define EC_R_ECIES_ENCRYPT_WITH_RECOMMENDED_FAILED 155
# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119
# define EC_R_FIELD_TOO_LARGE 143
# define EC_R_GF2M_NOT_SUPPORTED 147
@@ -1312,6 +1316,7 @@ void ERR_load_EC_strings(void);
# define EC_R_INVALID_DIGEST 151
# define EC_R_INVALID_DIGEST_TYPE 138
# define EC_R_INVALID_ENCODING 102
# define EC_R_INVALID_ENC_TYPE 156
# define EC_R_INVALID_FIELD 103
# define EC_R_INVALID_FORM 104
# define EC_R_INVALID_GROUP_ORDER 122
@@ -1335,6 +1340,10 @@ void ERR_load_EC_strings(void);
# define EC_R_POINT_IS_NOT_ON_CURVE 107
# define EC_R_SHARED_INFO_ERROR 150
# define EC_R_SLOT_FULL 108
# define EC_R_SM2_DECRYPT_FAILED 157
# define EC_R_SM2_DECRYPT_WITH_RECOMMENDED_FAILED 158
# define EC_R_SM2_ENCRYPT_FAILED 159
# define EC_R_SM2_ENCRYPT_WITH_RECOMMENDED_FAILED 160
# define EC_R_UNDEFINED_GENERATOR 113
# define EC_R_UNDEFINED_ORDER 128
# define EC_R_UNKNOWN_GROUP 129

13
crypto/ec/ec_err.c
View File

@@ -288,6 +288,12 @@ static ERR_STRING_DATA EC_str_reasons[] = {
"d2i ecpkparameters failure"},
{ERR_REASON(EC_R_DECODE_ERROR), "decode error"},
{ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO), "discriminant is zero"},
{ERR_REASON(EC_R_ECIES_DECRYPT_FAILED), "ecies decrypt failed"},
{ERR_REASON(EC_R_ECIES_DECRYPT_WITH_RECOMMENDED_FAILED),
"ecies decrypt with recommended failed"},
{ERR_REASON(EC_R_ECIES_ENCRYPT_FAILED), "ecies encrypt failed"},
{ERR_REASON(EC_R_ECIES_ENCRYPT_WITH_RECOMMENDED_FAILED),
"ecies encrypt with recommended failed"},
{ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),
"ec group new by name failure"},
{ERR_REASON(EC_R_FIELD_TOO_LARGE), "field too large"},
@@ -304,6 +310,7 @@ static ERR_STRING_DATA EC_str_reasons[] = {
{ERR_REASON(EC_R_INVALID_DIGEST), "invalid digest"},
{ERR_REASON(EC_R_INVALID_DIGEST_TYPE), "invalid digest type"},
{ERR_REASON(EC_R_INVALID_ENCODING), "invalid encoding"},
{ERR_REASON(EC_R_INVALID_ENC_TYPE), "invalid enc type"},
{ERR_REASON(EC_R_INVALID_FIELD), "invalid field"},
{ERR_REASON(EC_R_INVALID_FORM), "invalid form"},
{ERR_REASON(EC_R_INVALID_GROUP_ORDER), "invalid group order"},
@@ -329,6 +336,12 @@ static ERR_STRING_DATA EC_str_reasons[] = {
{ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE), "point is not on curve"},
{ERR_REASON(EC_R_SHARED_INFO_ERROR), "shared info error"},
{ERR_REASON(EC_R_SLOT_FULL), "slot full"},
{ERR_REASON(EC_R_SM2_DECRYPT_FAILED), "sm2 decrypt failed"},
{ERR_REASON(EC_R_SM2_DECRYPT_WITH_RECOMMENDED_FAILED),
"sm2 decrypt with recommended failed"},
{ERR_REASON(EC_R_SM2_ENCRYPT_FAILED), "sm2 encrypt failed"},
{ERR_REASON(EC_R_SM2_ENCRYPT_WITH_RECOMMENDED_FAILED),
"sm2 encrypt with recommended failed"},
{ERR_REASON(EC_R_UNDEFINED_GENERATOR), "undefined generator"},
{ERR_REASON(EC_R_UNDEFINED_ORDER), "undefined order"},
{ERR_REASON(EC_R_UNKNOWN_GROUP), "unknown group"},

63
crypto/ec/ec_pmeth.c
View File

@@ -195,7 +195,7 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
dctx->sign_type != NID_sm_scheme) {
return 0;
}
if (dctx->md)
type = EVP_MD_type(dctx->md);
else if (dctx->sign_type == NID_secg_scheme)
@@ -324,7 +324,7 @@ static int pkey_ec_verifyctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
if (dctx->sign_type == NID_sm_scheme) {
zidlen = sizeof(zid);
if (!SM2_compute_id_digest(md, zid, &zidlen, ec_key)) {
goto end;
@@ -369,55 +369,87 @@ static int pkey_ec_verifyctx(EVP_PKEY_CTX *ctx,
static int pkey_ec_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen)
{
int ret = 0;
EC_PKEY_CTX *dctx = ctx->data;
EC_KEY *ec_key = ctx->pkey->pkey.ec;
switch (dctx->enc_type) {
case NID_sm_scheme:
if (dctx->enc_param.sm2) {
ret = SM2_encrypt(dctx->enc_param.sm2, out, outlen, in, inlen, ec_key);
if (!SM2_encrypt(dctx->enc_param.sm2, out, outlen, in, inlen, ec_key)) {
ECerr(EC_F_PKEY_EC_ENCRYPT, EC_R_SM2_ENCRYPT_FAILED);
return 0;
}
} else {
ret = SM2_encrypt_with_recommended(out, outlen, in, inlen, ec_key);
if (!SM2_encrypt_with_recommended(out, outlen, in, inlen, ec_key)) {
ECerr(EC_F_PKEY_EC_ENCRYPT, EC_R_SM2_ENCRYPT_WITH_RECOMMENDED_FAILED);
return 0;
}
}
break;
case NID_secg_scheme:
if (dctx->enc_param.ecies) {
ret = ECIES_encrypt(dctx->enc_param.ecies, out, outlen, in, inlen, ec_key);
if (!ECIES_encrypt(dctx->enc_param.ecies, out, outlen, in, inlen, ec_key)) {
ECerr(EC_F_PKEY_EC_ENCRYPT, EC_R_ECIES_ENCRYPT_FAILED);
return 0;
}
} else {
ret = ECIES_encrypt_with_recommended(out, outlen, in, inlen, ec_key);
if (!ECIES_encrypt_with_recommended(out, outlen, in, inlen, ec_key)) {
ECerr(EC_F_PKEY_EC_ENCRYPT, EC_R_ECIES_ENCRYPT_WITH_RECOMMENDED_FAILED);
return 0;
}
}
break;
default:
ECerr(EC_F_PKEY_EC_ENCRYPT, EC_R_INVALID_ENC_TYPE);
return 0;
}
return ret;
return 1;
}
static int pkey_ec_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen)
{
int ret;
EC_PKEY_CTX *dctx = ctx->data;
EC_KEY *ec_key = ctx->pkey->pkey.ec;
switch (dctx->enc_type) {
case NID_sm_scheme:
if (dctx->enc_param.sm2) {
ret = SM2_decrypt(dctx->enc_param.sm2, out, outlen, in, inlen, ec_key);
if (!SM2_decrypt(dctx->enc_param.sm2, out, outlen, in, inlen, ec_key)) {
ECerr(EC_F_PKEY_EC_DECRYPT, EC_R_SM2_DECRYPT_FAILED);
return 0;
}
} else {
ret = SM2_decrypt_with_recommended(out, outlen, in, inlen, ec_key);
if (!SM2_decrypt_with_recommended(out, outlen, in, inlen, ec_key)) {
ECerr(EC_F_PKEY_EC_DECRYPT, EC_R_SM2_DECRYPT_WITH_RECOMMENDED_FAILED);
return 0;
}
}
break;
case NID_secg_scheme:
if (dctx->enc_param.ecies) {
ret = ECIES_decrypt(dctx->enc_param.ecies, out, outlen, in, inlen, ec_key);
if (dctx->enc_param.ecies) {
if (!ECIES_decrypt(dctx->enc_param.ecies, out, outlen, in, inlen, ec_key)) {
ECerr(EC_F_PKEY_EC_DECRYPT, EC_R_ECIES_DECRYPT_FAILED);
return 0;
}
} else {
ret = ECIES_decrypt_with_recommended(out, outlen, in, inlen, ec_key);
if (!ECIES_decrypt_with_recommended(out, outlen, in, inlen, ec_key)) {
ECerr(EC_F_PKEY_EC_DECRYPT, EC_R_ECIES_DECRYPT_WITH_RECOMMENDED_FAILED);
return 0;
}
}
break;
default:
ECerr(EC_F_PKEY_EC_DECRYPT, EC_R_INVALID_ENC_TYPE);
return 0;
}
return ret;
return 1;
}
#ifndef OPENSSL_NO_ECDH
@@ -680,7 +712,6 @@ static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE);
return 0;
}
printf("curve = %s\n", value);
return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
} else if (!strcmp(type, "ec_param_enc")) {
int param_enc;

2
crypto/err/err.c
View File

@@ -163,6 +163,8 @@ static ERR_STRING_DATA ERR_str_libraries[] = {
{ERR_PACK(ERR_LIB_CBCMAC, 0, 0), "CBCMAC routines"},
{ERR_PACK(ERR_LIB_OTP, 0, 0), "OTP routines"},
{ERR_PACK(ERR_LIB_SM9, 0, 0), "SM9 routines"},
{ERR_PACK(ERR_LIB_PAILLIER, 0, 0), "Paillier routines"},
{ERR_PACK(ERR_LIB_FFX, 0, 0), "FFX routines"},
# endif
{0, NULL},
};

6
crypto/err/err.h
View File

@@ -206,6 +206,8 @@ typedef struct err_state_st {
# define ERR_LIB_CBCMAC 54
# define ERR_LIB_OTP 55
# define ERR_LIB_SM9 56
# define ERR_LIB_PAILLIER 57
# define ERR_LIB_FFX 58
# endif
# define ERR_LIB_USER 128
@@ -252,6 +254,8 @@ typedef struct err_state_st {
# define CBCMACerr(f,r) ERR_PUT_error(ERR_LIB_CBCMAC,(f),(r),__FILE__,__LINE__);
# define OTPerr(f,r) ERR_PUT_error(ERR_LIB_OTP,(f),(r),__FILE__,__LINE__);
# define SM9err(f,r) ERR_PUT_error(ERR_LIB_SM9,(f),(r),__FILE__,__LINE__);
# define PAILLIERerr(f,r) ERR_PUT_error(ERR_LIB_PAILLIER,(f),(r),__FILE__,__LINE__);
# define FFXerr(f,r) ERR_PUT_error(ERR_LIB_FFX,(f),(r),__FILE__,__LINE__);
# endif
/*
@@ -318,6 +322,8 @@ typedef struct err_state_st {
# define ERR_R_CBCMAC_LIB ERR_LIB_CBCMAC/* 54 */
# define ERR_R_OTP_LIB ERR_LIB_CBCMAC/* 55 */
# define ERR_R_SM9_LIB ERR_LIB_SM9/* 56 */
# define ERR_R_PAILLIER_LIB ERR_LIB_PAILLIER/* 57 */
# define ERR_R_FFX_LIB ERR_LIB_FFX/* 58 */
# endif
# define ERR_R_NESTED_ASN1_ERROR 58

4
crypto/err/err_all.c
View File

@@ -116,6 +116,8 @@
# include <openssl/cbcmac.h>
# include <openssl/otp.h>
# include <openssl/sm9.h>
# include <openssl/paillier.h>
# include <openssl/ffx.h>
#endif
void ERR_load_crypto_strings(void)
@@ -182,6 +184,8 @@ void ERR_load_crypto_strings(void)
ERR_load_CBCMAC_strings();
ERR_load_OTP_strings();
ERR_load_SM9_strings();
ERR_load_PAILLIER_strings();
ERR_load_FFX_strings();
# endif
#endif
}

2
crypto/err/openssl.ec
View File

@@ -42,6 +42,8 @@ L CPK crypto/cpk/cpk.h crypto/cpk/cpk_err.c
L CBCMAC crypto/cbcmac/cbcmac.h crypto/cbcmac/cbcmac_err.c
L OTP crypto/otp/otp.h crypto/otp/otp_err.c
L SM9 crypto/sm9/sm9.h crypto/sm9/sm9_err.c
L PAILLIER crypto/paillier/paillier.h crypto/paillier/pai_err.c
L FFX crypto/ffx/ffx.h crypto/ffx/ffx_err.c
# additional header files to be scanned for function names
L NONE crypto/x509/x509_vfy.h NONE

8
crypto/evp/evp.h
View File

@@ -1422,8 +1422,10 @@ void ERR_load_EVP_strings(void);
# define EVP_F_EVP_CIPHER_CTX_CTRL 124
# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
# define EVP_F_EVP_DECRYPTFINAL_EX 101
# define EVP_F_EVP_DECRYPT_EX 201
# define EVP_F_EVP_DIGESTINIT_EX 128
# define EVP_F_EVP_ENCRYPTFINAL_EX 127
# define EVP_F_EVP_ENCRYPT_EX 200
# define EVP_F_EVP_MD_CTX_COPY_EX 110
# define EVP_F_EVP_MD_SIZE 162
# define EVP_F_EVP_OPENINIT 102
@@ -1481,11 +1483,6 @@ void ERR_load_EVP_strings(void);
# define EVP_F_RC2_MAGIC_TO_METH 109
# define EVP_F_RC5_CTRL 125
# ifndef OPENSSL_NO_GMSSL
# define EVP_F_EVP_ENCRYPT_EX 200
# define EVP_F_EVP_DECRYPT_EX 201
# endif
/* Reason codes. */
# define EVP_R_AES_IV_SETUP_FAILED 162
# define EVP_R_AES_KEY_SETUP_FAILED 143
@@ -1541,6 +1538,7 @@ void ERR_load_EVP_strings(void);
# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
# define EVP_R_PUBLIC_KEY_NOT_RSA 106
# define EVP_R_RSA_PUBLIC_ENCRYPT_FAILED 171
# define EVP_R_TOO_LARGE 164
# define EVP_R_UNKNOWN_CIPHER 160
# define EVP_R_UNKNOWN_DIGEST 161

15
crypto/evp/evp_err.c
View File

@@ -1,6 +1,6 @@
/* crypto/evp/evp_err.c */
/* ====================================================================
* Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -92,8 +92,10 @@ static ERR_STRING_DATA EVP_str_functs[] = {
{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH),
"EVP_CIPHER_CTX_set_key_length"},
{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
{ERR_FUNC(EVP_F_EVP_DECRYPT_EX), "EVP_Decrypt_ex"},
{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
{ERR_FUNC(EVP_F_EVP_ENCRYPT_EX), "EVP_Encrypt_ex"},
{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
{ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"},
{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
@@ -152,10 +154,6 @@ static ERR_STRING_DATA EVP_str_functs[] = {
{ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"},
{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"},
{ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"},
#ifndef OPENSSL_NO_GMSSL
{ERR_FUNC(EVP_F_EVP_ENCRYPT_EX), "EVP_Encrypt_ex"},
{ERR_FUNC(EVP_F_EVP_DECRYPT_EX), "EVP_Decrypt_ex"},
#endif
{0, NULL}
};
@@ -169,8 +167,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
{ERR_REASON(EVP_R_BN_DECODE_ERROR), "bn decode error"},
{ERR_REASON(EVP_R_BN_PUBKEY_ERROR), "bn pubkey error"},
{ERR_REASON(EVP_R_BUFFER_TOO_SMALL), "buffer too small"},
{ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),
"camellia key setup failed"},
{ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), "camellia key setup failed"},
{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"},
{ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED), "command not supported"},
{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED), "ctrl not implemented"},
@@ -216,11 +213,11 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
{ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
"operation not supported for this keytype"},
{ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"},
{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),
"pkcs8 unknown broken type"},
{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), "pkcs8 unknown broken type"},
{ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"},
{ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"},
{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
{ERR_REASON(EVP_R_RSA_PUBLIC_ENCRYPT_FAILED), "rsa public encrypt failed"},
{ERR_REASON(EVP_R_TOO_LARGE), "too large"},
{ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"},
{ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"},

21
crypto/evp/p_enc.c
View File

@@ -75,16 +75,29 @@ int EVP_PKEY_encrypt_old(unsigned char *out, const unsigned char *in,
size_t size;
if (pkey->type == EVP_PKEY_RSA) {
ret = RSA_public_encrypt(inlen, in, out, pkey->pkey.rsa,
RSA_PKCS1_PADDING);
if ((ret = RSA_public_encrypt(inlen, in, out, pkey->pkey.rsa,
RSA_PKCS1_PADDING)) < 0) {
EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD,
EVP_R_RSA_PUBLIC_ENCRYPT_FAILED);
return 0;
}
} else {
if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL))) {
EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, ERR_R_EVP_LIB);
return 0;
}
if (1 != EVP_PKEY_encrypt_init(ctx)) {
if (!EVP_PKEY_encrypt_init(ctx)) {
EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, ERR_R_EVP_LIB);
return 0;
}
if (1 != EVP_PKEY_encrypt(ctx, out, &size, in, inlen)) {
if (!EVP_PKEY_CTX_set_ec_enc_type(ctx, NID_sm_scheme)) {
EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, ERR_R_EVP_LIB);
goto end;
}
/* FIXME: this old API lost input buffer length */
size = inlen + 256;
if (!EVP_PKEY_encrypt(ctx, out, &size, in, inlen)) {
EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, ERR_R_EVP_LIB);
goto end;
}
ret = (int)size;

5
crypto/evp/p_open.c
View File

@@ -82,12 +82,13 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
if (!priv)
return 1;
if (priv->type != EVP_PKEY_RSA) {
if ((EVP_PKEY_base_id(priv) != EVP_PKEY_RSA) &&
(EVP_PKEY_base_id(priv) != EVP_PKEY_EC)) {
EVPerr(EVP_F_EVP_OPENINIT, EVP_R_PUBLIC_KEY_NOT_RSA);
goto err;
}
size = RSA_size(priv->pkey.rsa);
size = EVP_PKEY_size(priv);
key = (unsigned char *)OPENSSL_malloc(size + 2);
if (key == NULL) {
/* ERROR */

6
crypto/ffx/Makefile
View File

@@ -13,12 +13,12 @@ AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST=
TEST=ffxtest.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC=ffx.c
LIBOBJ=ffx.o
LIBSRC=ffx.c ffx_err.c
LIBOBJ=ffx.o ffx_err.o
SRC= $(LIBSRC)

100
crypto/ffx/ffx.c
View File

@@ -50,7 +50,7 @@
/*
* Format-Preserve Encryption
* implementation of NIST 800-38G FF1 schemes
*
*
* FPE is used to encrypt strings such as credit card numbers and phone numbers
* the ciphertext is still in valid format, for example:
* FPE_encrypt("13810631266") == "98723498792"
@@ -65,12 +65,12 @@
#include <inttypes.h>
#include <openssl/err.h>
#include <openssl/aes.h>
#include "ffx.h"
#include <openssl/ffx.h>
#define FFX_MIN_DIGITS 6
#define FFX_MAX_DIGITS 18
#define FFX_MIN_TWEAKLEN 4
#define FFX_MAX_TWEAKLEN 11
#define FFX_MAX_TWEAKLEN 11
#define FFX_NUM_ROUNDS 10
@@ -93,11 +93,11 @@ int FFX_init(FFX_CTX *ctx, int flag, const unsigned char *key, int keybits)
ctx->flag = flag;
if (AES_set_encrypt_key(key, keybits, &ctx->key) < 0) {
fprintf(stderr, "error: %s: %s: %d\n", __FUNCTION__, __FILE__, __LINE__);
return -1;
FFXerr(FFX_F_FFX_INIT, FFX_R_INIT_KEY_FAILED);
return 0;
}
return 0;
return 1;
}
void FFX_cleanup(FFX_CTX *ctx)
@@ -122,15 +122,15 @@ int FFX_encrypt(FFX_CTX *ctx, const char *in, size_t inlen,
assert(in);
assert(tweak);
if (inlen > strlen(in) ||
if (inlen > strlen(in) ||
inlen < FFX_MIN_DIGITS || inlen > FFX_MAX_DIGITS) {
fprintf(stderr, "%s: invalid digits length\n", __FUNCTION__);
return -1;
FFXerr(FFX_F_FFX_ENCRYPT, FFX_R_INVALID_DIGITS_LENGTH);
return 0;
}
for (i = 0; i < inlen; i++) {
if (!isdigit(in[i])) {
fprintf(stderr, "%s: invalid digits format\n", __FUNCTION__);
return -1;
FFXerr(FFX_F_FFX_ENCRYPT, FFX_R_INVALID_DIGITS_FORMAT);
return 0;
}
}
llen = inlen / 2;
@@ -138,8 +138,8 @@ int FFX_encrypt(FFX_CTX *ctx, const char *in, size_t inlen,
if (tweaklen < FFX_MIN_TWEAKLEN || tweaklen > FFX_MAX_TWEAKLEN) {
fprintf(stderr, "%s: invalid tweak length\n", __FUNCTION__);
return -1;
FFXerr(FFX_F_FFX_ENCRYPT, FFX_R_INVALID_TWEAK_LENGTH);
return 0;
}
memcpy(lbuf, in, llen);
@@ -155,9 +155,9 @@ int FFX_encrypt(FFX_CTX *ctx, const char *in, size_t inlen,
memset(qblock, 0, sizeof(qblock));
memcpy(qblock, tweak, tweaklen);
for (i = 0; i < FFX_NUM_ROUNDS; i += 2) {
unsigned char rblock[16];
int j;
@@ -169,7 +169,7 @@ int FFX_encrypt(FFX_CTX *ctx, const char *in, size_t inlen,
AES_encrypt(rblock, rblock, &ctx->key);
yval = *((uint64_t *)rblock) % modulo[llen];
lval = (lval + yval) % modulo[llen];
qblock[11] = (i + 1) & 0xff;
memcpy(qblock + 12, &lval, sizeof(lval));
for (j = 0; j < sizeof(rblock); j++) {
@@ -186,7 +186,7 @@ int FFX_encrypt(FFX_CTX *ctx, const char *in, size_t inlen,
sprintf(lbuf, "%d", lval);
strcpy(out + inlen - strlen(lbuf), lbuf);
return 0;
return 1;
}
int FFX_decrypt(FFX_CTX *ctx, const char *in, size_t inlen,
@@ -208,21 +208,21 @@ int FFX_decrypt(FFX_CTX *ctx, const char *in, size_t inlen,
if (inlen > strlen(in) ||
inlen < FFX_MIN_DIGITS || inlen > FFX_MAX_DIGITS) {
fprintf(stderr, "%s: invalid digits length\n", __FUNCTION__);
return -1;
FFXerr(FFX_F_FFX_DECRYPT, FFX_R_INVALID_DIGITS_LENGTH);
return 0;
}
for (i = 0; i < inlen; i++) {
if (!isdigit(in[i])) {
fprintf(stderr, "%s: invalid digits format\n", __FUNCTION__);
return -1;
FFXerr(FFX_F_FFX_DECRYPT, FFX_R_INVALID_DIGITS_FORMAT);
return 0;
}
}
rlen = inlen / 2;
llen = inlen - rlen;
if (tweaklen < FFX_MIN_TWEAKLEN || tweaklen > FFX_MAX_TWEAKLEN) {
fprintf(stderr, "%s: invalid tweak length\n", __FUNCTION__);
return -1;
FFXerr(FFX_F_FFX_DECRYPT, FFX_R_INVALID_TWEAK_LENGTH);
return 0;
}
memcpy(lbuf, in, llen);
@@ -238,9 +238,9 @@ int FFX_decrypt(FFX_CTX *ctx, const char *in, size_t inlen,
memset(qblock, 0, sizeof(qblock));
memcpy(qblock, tweak, tweaklen);
for (i = FFX_NUM_ROUNDS - 1; i > 0; i -= 2) {
unsigned char rblock[16];
int j;
@@ -252,7 +252,7 @@ int FFX_decrypt(FFX_CTX *ctx, const char *in, size_t inlen,
AES_encrypt(rblock, rblock, &ctx->key);
yval = *((uint64_t *)rblock) % modulo[llen];
lval = (lval >= yval) ? (lval - yval) : lval + modulo[llen] - yval;
qblock[11] = (i - 1) & 0xff;
memcpy(qblock + 12, &lval, sizeof(lval));
for (j = 0; j < sizeof(rblock); j++) {
@@ -272,40 +272,6 @@ int FFX_decrypt(FFX_CTX *ctx, const char *in, size_t inlen,
return 0;
}
static int test()
{
char buf[100];
char buf2[100];
unsigned char key[32] = {0};
unsigned char tweak[8] = { 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38 };
FFX_CTX ctx;
int r;
ERR_load_crypto_strings();
if (FFX_init(&ctx, 0, key, sizeof(key) * 8) < 0) {
ERR_print_errors_fp(stderr);
fprintf(stderr, "%s: %d\n", __FILE__, __LINE__);
return -1;
}
char *in = "99999999999999999";
r = FFX_encrypt(&ctx, in, strlen(in), tweak, sizeof(tweak), buf);
if (r < 0) {
printf("failed\n");
return -1;
}
printf("%s\n", buf);
printf("\n");
r = FFX_decrypt(&ctx, buf, strlen(buf), tweak, sizeof(tweak), buf2);
printf("%s\n", buf2);
return 0;
}
static int luhn_table[10] = {0, 2, 4, 6, 8, 1, 3, 5, 7, 9};
/*
@@ -320,7 +286,7 @@ int FFX_compute_luhn(const char *in, size_t inlen)
for (i = inlen - 1; i >= 0; i--) {
int a;
if (!isdigit(in[i])) {
fprintf(stderr, "%s: invalid digit string\n", __FUNCTION__);
FFXerr(FFX_F_FFX_COMPUTE_LUHN, FFX_R_INVALID_DIGIT_STRING);
return -2;
}
a = in[i] - '0';
@@ -333,15 +299,3 @@ int FFX_compute_luhn(const char *in, size_t inlen)
return r;
}
#if 0
int luhn_test()
{
char *digits = "7992739871";
int r = compute_luhn(digits, strlen(digits));
printf("%c", r);
return 0;
}
#endif

26
crypto/ffx/ffx.h
View File

@@ -72,8 +72,30 @@ int FFX_decrypt(FFX_CTX *ctx, const char *in, size_t inlen,
const unsigned char *tweak, size_t tweaklen, char *out);
int FFX_compute_luhn(const char *in, size_t inlen);
#ifdef __cplusplus
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_FFX_strings(void);
/* Error codes for the FFX functions. */
/* Function codes. */
# define FFX_F_FFX_COMPUTE_LUHN 100
# define FFX_F_FFX_DECRYPT 101
# define FFX_F_FFX_ENCRYPT 102
# define FFX_F_FFX_INIT 103
/* Reason codes. */
# define FFX_R_INIT_KEY_FAILED 100
# define FFX_R_INVALID_DIGITS_FORMAT 101
# define FFX_R_INVALID_DIGITS_LENGTH 102
# define FFX_R_INVALID_DIGIT_STRING 103
# define FFX_R_INVALID_TWEAK_LENGTH 104
#ifdef __cplusplus
}
#endif
#endif

100
crypto/ffx/ffx_err.c Normal file
View File

@@ -0,0 +1,100 @@
/* crypto/ffx/ffx_err.c */
/* ====================================================================
* Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/ffx.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_FFX,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_FFX,0,reason)
static ERR_STRING_DATA FFX_str_functs[] = {
{ERR_FUNC(FFX_F_FFX_COMPUTE_LUHN), "FFX_compute_luhn"},
{ERR_FUNC(FFX_F_FFX_DECRYPT), "FFX_decrypt"},
{ERR_FUNC(FFX_F_FFX_ENCRYPT), "FFX_encrypt"},
{ERR_FUNC(FFX_F_FFX_INIT), "FFX_init"},
{0, NULL}
};
static ERR_STRING_DATA FFX_str_reasons[] = {
{ERR_REASON(FFX_R_INIT_KEY_FAILED), "init key failed"},
{ERR_REASON(FFX_R_INVALID_DIGITS_FORMAT), "invalid digits format"},
{ERR_REASON(FFX_R_INVALID_DIGITS_LENGTH), "invalid digits length"},
{ERR_REASON(FFX_R_INVALID_DIGIT_STRING), "invalid digit string"},
{ERR_REASON(FFX_R_INVALID_TWEAK_LENGTH), "invalid tweak length"},
{0, NULL}
};
#endif
void ERR_load_FFX_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(FFX_str_functs[0].error) == NULL) {
ERR_load_strings(0, FFX_str_functs);
ERR_load_strings(0, FFX_str_reasons);
}
#endif
}

118
crypto/ffx/ffxtest.c Normal file
View File

@@ -0,0 +1,118 @@
/* ====================================================================
* Copyright (c) 2015 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
/*
* Format-Preserve Encryption
* implementation of NIST 800-38G FF1 schemes
*
* FPE is used to encrypt strings such as credit card numbers and phone numbers
* the ciphertext is still in valid format, for example:
* FPE_encrypt("13810631266") == "98723498792"
* the output is still 11 digits
*/
#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <assert.h>
#include <openssl/ffx.h>
static int test()
{
char buf[100];
char buf2[100];
unsigned char key[32] = {0};
unsigned char tweak[8] = { 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38 };
FFX_CTX ctx;
int r;
ERR_load_crypto_strings();
if (FFX_init(&ctx, 0, key, sizeof(key) * 8) < 0) {
ERR_print_errors_fp(stderr);
fprintf(stderr, "%s: %d\n", __FILE__, __LINE__);
return -1;
}
char *in = "99999999999999999";
r = FFX_encrypt(&ctx, in, strlen(in), tweak, sizeof(tweak), buf);
if (r < 0) {
printf("failed\n");
return -1;
}
printf("%s\n", buf);
printf("\n");
r = FFX_decrypt(&ctx, buf, strlen(buf), tweak, sizeof(tweak), buf2);
printf("%s\n", buf2);
return 0;
}
/*
* 7992739871, checksum = 3
*/
int luhn_test()
{
char *digits = "7992739871";
int r = compute_luhn(digits, strlen(digits));
printf("%c", r);
return 0;
}
int main(int argc, char **argv)
{
return 0;
}

30
crypto/objects/obj_dat.h
View File

@@ -62,12 +62,12 @@
* [including the GNU Public Licence.]
*/
#define NUM_NID 1045
#define NUM_SN 1021
#define NUM_LN 1021
#define NUM_OBJ 959
#define NUM_NID 1049
#define NUM_SN 1025
#define NUM_LN 1025
#define NUM_OBJ 963
static const unsigned char lvalues[6762]={
static const unsigned char lvalues[6794]={
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
@@ -1021,6 +1021,10 @@ static const unsigned char lvalues[6762]={
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x7A, /* [6736] OBJ_sm2sign_with_sha384 */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x7B, /* [6744] OBJ_sm2sign_with_rmd160 */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x65,/* [6752] OBJ_wapip192v1 */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66,0x05, /* [6761] OBJ_sm1_cfb1 */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66,0x06, /* [6769] OBJ_sm1_cfb8 */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67,0x05, /* [6777] OBJ_ssf33_cfb1 */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67,0x06, /* [6785] OBJ_ssf33_cfb8 */
};
static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2697,6 +2701,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
{"SM2Sign-with-RMD160","sm2sign-with-rmd160",NID_sm2sign_with_rmd160,
8,&(lvalues[6744]),0},
{"wapip192v1","wapip192v1",NID_wapip192v1,9,&(lvalues[6752]),0},
{"SM1-CFB1","sm1-cfb1",NID_sm1_cfb1,8,&(lvalues[6761]),0},
{"SM1-CFB8","sm1-cfb8",NID_sm1_cfb8,8,&(lvalues[6769]),0},
{"SSF33-CFB1","ssf33-cfb1",NID_ssf33_cfb1,8,&(lvalues[6777]),0},
{"SSF33-CFB8","ssf33-cfb8",NID_ssf33_cfb8,8,&(lvalues[6785]),0},
};
static const unsigned int sn_objs[NUM_SN]={
@@ -2887,6 +2895,8 @@ static const unsigned int sn_objs[NUM_SN]={
674, /* "SHA512" */
1017, /* "SM1-CBC" */
1019, /* "SM1-CFB" */
1045, /* "SM1-CFB1" */
1046, /* "SM1-CFB8" */
1016, /* "SM1-ECB" */
1018, /* "SM1-OFB" */
1043, /* "SM2Sign-with-RMD160" */
@@ -2918,6 +2928,8 @@ static const unsigned int sn_objs[NUM_SN]={
100, /* "SN" */
1021, /* "SSF33-CBC" */
1023, /* "SSF33-CFB" */
1047, /* "SSF33-CFB1" */
1048, /* "SSF33-CFB8" */
1020, /* "SSF33-ECB" */
1022, /* "SSF33-OFB" */
16, /* "ST" */
@@ -4658,6 +4670,8 @@ static const unsigned int ln_objs[NUM_LN]={
1038, /* "sm-scheme" */
1017, /* "sm1-cbc" */
1019, /* "sm1-cfb" */
1045, /* "sm1-cfb1" */
1046, /* "sm1-cfb8" */
1016, /* "sm1-ecb" */
1018, /* "sm1-ofb" */
972, /* "sm2encrypt" */
@@ -4695,6 +4709,8 @@ static const unsigned int ln_objs[NUM_LN]={
1029, /* "sms4-xts" */
1021, /* "ssf33-cbc" */
1023, /* "ssf33-cfb" */
1047, /* "ssf33-cfb1" */
1048, /* "ssf33-cfb8" */
1020, /* "ssf33-ecb" */
1022, /* "ssf33-ofb" */
16, /* "stateOrProvinceName" */
@@ -5191,10 +5207,14 @@ static const unsigned int obj_objs[NUM_OBJ]={
1017, /* OBJ_sm1_cbc 1 2 156 10197 1 102 2 */
1018, /* OBJ_sm1_ofb128 1 2 156 10197 1 102 3 */
1019, /* OBJ_sm1_cfb128 1 2 156 10197 1 102 4 */
1045, /* OBJ_sm1_cfb1 1 2 156 10197 1 102 5 */
1046, /* OBJ_sm1_cfb8 1 2 156 10197 1 102 6 */
1020, /* OBJ_ssf33_ecb 1 2 156 10197 1 103 1 */
1021, /* OBJ_ssf33_cbc 1 2 156 10197 1 103 2 */
1022, /* OBJ_ssf33_ofb128 1 2 156 10197 1 103 3 */
1023, /* OBJ_ssf33_cfb128 1 2 156 10197 1 103 4 */
1047, /* OBJ_ssf33_cfb1 1 2 156 10197 1 103 5 */
1048, /* OBJ_ssf33_cfb8 1 2 156 10197 1 103 6 */
977, /* OBJ_sms4_ecb 1 2 156 10197 1 104 1 */
978, /* OBJ_sms4_cbc 1 2 156 10197 1 104 2 */
981, /* OBJ_sms4_ofb128 1 2 156 10197 1 104 3 */

20
crypto/objects/obj_mac.h
View File

@@ -4322,6 +4322,16 @@
#define NID_sm1_cfb128 1019
#define OBJ_sm1_cfb128 OBJ_sm_scheme,102L,4L
#define SN_sm1_cfb1 "SM1-CFB1"
#define LN_sm1_cfb1 "sm1-cfb1"
#define NID_sm1_cfb1 1045
#define OBJ_sm1_cfb1 OBJ_sm_scheme,102L,5L
#define SN_sm1_cfb8 "SM1-CFB8"
#define LN_sm1_cfb8 "sm1-cfb8"
#define NID_sm1_cfb8 1046
#define OBJ_sm1_cfb8 OBJ_sm_scheme,102L,6L
#define SN_ssf33_ecb "SSF33-ECB"
#define LN_ssf33_ecb "ssf33-ecb"
#define NID_ssf33_ecb 1020
@@ -4342,6 +4352,16 @@
#define NID_ssf33_cfb128 1023
#define OBJ_ssf33_cfb128 OBJ_sm_scheme,103L,4L
#define SN_ssf33_cfb1 "SSF33-CFB1"
#define LN_ssf33_cfb1 "ssf33-cfb1"
#define NID_ssf33_cfb1 1047
#define OBJ_ssf33_cfb1 OBJ_sm_scheme,103L,5L
#define SN_ssf33_cfb8 "SSF33-CFB8"
#define LN_ssf33_cfb8 "ssf33-cfb8"
#define NID_ssf33_cfb8 1048
#define OBJ_ssf33_cfb8 OBJ_sm_scheme,103L,6L
#define SN_sms4_ecb "SMS4-ECB"
#define LN_sms4_ecb "sms4-ecb"
#define NID_sms4_ecb 977

4
crypto/objects/obj_mac.num
View File

@@ -1042,3 +1042,7 @@ sm2sign_with_sha224 1041
sm2sign_with_sha384 1042
sm2sign_with_rmd160 1043
wapip192v1 1044
sm1_cfb1 1045
sm1_cfb8 1046
ssf33_cfb1 1047
ssf33_cfb8 1048

14
crypto/objects/objects.txt
View File

@@ -1243,7 +1243,7 @@ cryptocom 1 8 1 : id-GostR3410-2001-ParamSet-cc : GOST R 3410-2001 Parameter Se
# Definitions for Camellia cipher - ECB, CFB, OFB MODE
!Alias ntt-ds 0 3 4401 5
!Alias camellia ntt-ds 3 1 9
!Alias camellia ntt-ds 3 1 9
camellia 1 : CAMELLIA-128-ECB : camellia-128-ecb
!Cname camellia-128-ofb128
@@ -1317,7 +1317,7 @@ ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
1 3 36 3 3 2 8 1 1 11 : brainpoolP384r1
1 3 36 3 3 2 8 1 1 12 : brainpoolP384t1
1 3 36 3 3 2 8 1 1 13 : brainpoolP512r1
1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1
1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1
# ECDH schemes from RFC5753
!Alias x9-63-scheme 1 3 133 16 840 63 0
@@ -1371,10 +1371,10 @@ secg-scheme 23 : hmac-half-ecies
secg-scheme 24 0 : cmac-aes128-ecies
secg-scheme 24 1 : cmac-aes192-ecies
# No NID for CBC-MAC
# No NID for CBC-MAC
: CBC-MAC : cbc-mac
# GmSSL SM OID
# GmSSL SM OID
member-body 156 : ISO-CN : ISO CN Member Body
ISO-CN 10197 : oscca
oscca 1 : sm-scheme
@@ -1392,6 +1392,8 @@ sm-scheme 102 2 : SM1-CBC : sm1-cbc
sm-scheme 102 3 : SM1-OFB : sm1-ofb
!Cname sm1-cfb128
sm-scheme 102 4 : SM1-CFB : sm1-cfb
sm-scheme 102 5 : SM1-CFB1 : sm1-cfb1
sm-scheme 102 6 : SM1-CFB8 : sm1-cfb8
sm-scheme 103 1 : SSF33-ECB : ssf33-ecb
sm-scheme 103 2 : SSF33-CBC : ssf33-cbc
@@ -1399,6 +1401,8 @@ sm-scheme 103 2 : SSF33-CBC : ssf33-cbc
sm-scheme 103 3 : SSF33-OFB : ssf33-ofb
!Cname ssf33-cfb128
sm-scheme 103 4 : SSF33-CFB : ssf33-cfb
sm-scheme 103 5 : SSF33-CFB1 : ssf33-cfb1
sm-scheme 103 6 : SSF33-CFB8 : ssf33-cfb8
sm-scheme 104 1 : SMS4-ECB : sms4-ecb
sm-scheme 104 2 : SMS4-CBC : sms4-cbc
@@ -1437,7 +1441,7 @@ sm-scheme 302 3 : sm9encrypt
sm-scheme 401 : SM3 : sm3
sm-scheme 401 2 : HMAC-SM3 : hmac-sm3
sm-scheme 501 : SM2Sign-with-SM3 : sm2sign-with-sm3
sm-scheme 502 : SM2Sign-with-SHA1 : sm2sign-with-sha1
sm-scheme 502 : SM2Sign-with-SHA1 : sm2sign-with-sha1
sm-scheme 503 : SM2Sign-with-SHA256 : sm2sign-with-sha256
sm-scheme 504 : SM2Sign-with-SHA511 : sm2sign-with-sha512
sm-scheme 505 : SM2Sign-with-SHA224 : sm2sign-with-sha224

81
crypto/paillier/Makefile Normal file
View File

@@ -0,0 +1,81 @@
#
# OpenSSL/crypto/paillier/Makefile
#
DIR= paillier
TOP= ../..
CC= cc
CPP= $(CC) -E
INCLUDES=-I.. -I$(TOP) -I../../include
CFLAG=-g
MAKEFILE= Makefile
AR= ar r
SM3_ASM_OBJ=
CFLAGS= $(INCLUDES) $(CFLAG)
ASFLAGS= $(INCLUDES) $(ASFLAG)
AFLAGS= $(ASFLAGS)
GENERAL=Makefile
TEST=pailliertest.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC=pai_lib.c pai_err.c
LIBOBJ=pai_lib.o pai_err.o
SRC= $(LIBSRC)
EXHEADER= paillier.h
HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
tags:
ctags $(SRC)
tests:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.

100
crypto/paillier/pai_err.c Normal file
View File

@@ -0,0 +1,100 @@
/* crypto/paillier/pai_err.c */
/* ====================================================================
* Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/paillier.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PAILLIER,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PAILLIER,0,reason)
static ERR_STRING_DATA PAILLIER_str_functs[] = {
{ERR_FUNC(PAILLIER_F_PAILLIER_CHECK_KEY), "PAILLIER_check_key"},
{ERR_FUNC(PAILLIER_F_PAILLIER_CIPHERTEXT_ADD), "PAILLIER_ciphertext_add"},
{ERR_FUNC(PAILLIER_F_PAILLIER_CIPHERTEXT_SCALAR_MUL),
"PAILLIER_ciphertext_scalar_mul"},
{ERR_FUNC(PAILLIER_F_PAILLIER_DECRYPT), "PAILLIER_decrypt"},
{ERR_FUNC(PAILLIER_F_PAILLIER_ENCRYPT), "PAILLIER_encrypt"},
{ERR_FUNC(PAILLIER_F_PAILLIER_GENERATE_KEY), "PAILLIER_generate_key"},
{ERR_FUNC(PAILLIER_F_PAILLIER_NEW), "PAILLIER_new"},
{0, NULL}
};
static ERR_STRING_DATA PAILLIER_str_reasons[] = {
{ERR_REASON(PAILLIER_R_NOT_IMPLEMENTED), "not implemented"},
{0, NULL}
};
#endif
void ERR_load_PAILLIER_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(PAILLIER_str_functs[0].error) == NULL) {
ERR_load_strings(0, PAILLIER_str_functs);
ERR_load_strings(0, PAILLIER_str_reasons);
}
#endif
}

103
crypto/paillier/pai_lib.c
View File

@@ -0,0 +1,103 @@
/* crypto/paillier/paillier.h */
/* ====================================================================
* Copyright (c) 2015 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <openssl/paillier.h>
PAILLIER *PAILLIER_new(void)
{
PAILLIERerr(PAILLIER_F_PAILLIER_NEW, PAILLIER_R_NOT_IMPLEMENTED);
return NULL;
}
void PAILLIER_free(PAILLIER *key)
{
}
int PAILLIER_generate_key(PAILLIER *key, int bits)
{
PAILLIERerr(PAILLIER_F_PAILLIER_GENERATE_KEY, PAILLIER_R_NOT_IMPLEMENTED);
return 0;
}
int PAILLIER_check_key(PAILLIER *key)
{
PAILLIERerr(PAILLIER_F_PAILLIER_CHECK_KEY, PAILLIER_R_NOT_IMPLEMENTED);
return 0;
}
int PAILLIER_encrypt(BIGNUM *out, const BIGNUM *in, PAILLIER *pub_key)
{
PAILLIERerr(PAILLIER_F_PAILLIER_ENCRYPT, PAILLIER_R_NOT_IMPLEMENTED);
return 0;
}
int PAILLIER_decrypt(BIGNUM *out, const BIGNUM *in, PAILLIER *pri_key)
{
PAILLIERerr(PAILLIER_F_PAILLIER_DECRYPT, PAILLIER_R_NOT_IMPLEMENTED);
return 0;
}
int PAILLIER_ciphertext_add(BIGNUM *r, const BIGNUM *a,
const BIGNUM *b, PAILLIER *pub_key)
{
PAILLIERerr(PAILLIER_F_PAILLIER_CIPHERTEXT_ADD, PAILLIER_R_NOT_IMPLEMENTED);
return 0;
}
int PAILLIER_ciphertext_scalar_mul(BIGNUM *r, unsigned int k,
const BIGNUM *a, PAILLIER *pub_key)
{
PAILLIERerr(PAILLIER_F_PAILLIER_CIPHERTEXT_SCALAR_MUL, PAILLIER_R_NOT_IMPLEMENTED);
return 0;
}

77
crypto/paillier/paillier.h
View File

@@ -1,3 +1,54 @@
/* crypto/paillier/paillier.h */
/* ====================================================================
* Copyright (c) 2015 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#ifndef HEADER_PAILLIER_H
#define HEADER_PAILLIER_H
@@ -28,11 +79,31 @@ int PAILLIER_encrypt(BIGNUM *out, const BIGNUM *in, PAILLIER *pub_key);
int PAILLIER_decrypt(BIGNUM *out, const BIGNUM *in, PAILLIER *pri_key);
int PAILLIER_ciphertext_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, PAILLIER *pub_key);
int PAILLIER_ciphertext_scalar_mul(BIGNUM *r, unsigned int k,
const BIGNUM *a, PAILLIER *pub_key)
const BIGNUM *a, PAILLIER *pub_key);
#ifdef __cplusplus
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_PAILLIER_strings(void);
/* Error codes for the PAILLIER functions. */
/* Function codes. */
# define PAILLIER_F_PAILLIER_CHECK_KEY 100
# define PAILLIER_F_PAILLIER_CIPHERTEXT_ADD 101
# define PAILLIER_F_PAILLIER_CIPHERTEXT_SCALAR_MUL 102
# define PAILLIER_F_PAILLIER_DECRYPT 103
# define PAILLIER_F_PAILLIER_ENCRYPT 104
# define PAILLIER_F_PAILLIER_GENERATE_KEY 105
# define PAILLIER_F_PAILLIER_NEW 106
/* Reason codes. */
# define PAILLIER_R_NOT_IMPLEMENTED 100
#ifdef __cplusplus
}
#endif
#endif

58
crypto/paillier/pailliertest.c Normal file
View File

@@ -0,0 +1,58 @@
/* crypto/paillier/paillier.h */
/* ====================================================================
* Copyright (c) 2015 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <openssl/paillier.h>
int main(int argc, char **argv)
{
return -1;
}

23
crypto/skf/skf_dev.c
View File

@@ -133,3 +133,26 @@ ULONG DEVAPI SKF_GetDevInfo(DEVHANDLE hDev,
return SAR_OK;
}
int SKF_print_dev_info(DEVINFO *devInfo)
{
printf("Device Info:\n");
printf(" Device Version : %d.%d\n", devInfo->Version.major, devInfo->Version.minor);
printf(" Manufacturer : %s\n", devInfo->Manufacturer);
printf(" Issuer : %s\n", devInfo->Issuer);
printf(" Label : %s\n", devInfo->Label);
printf(" Serial Number : %s\n", devInfo->SerialNumber);
printf(" Hardware Version : %d.%d\n", devInfo->HWVersion.major, devInfo->HWVersion.minor);
printf(" Firmware Version : %d.%d\n", devInfo->FirmwareVersion.major, devInfo->FirmwareVersion.minor);
printf(" AlgSymCap : 0x%08x\n", devInfo->AlgSymCap);
printf(" AlgAsymCap : 0x%08x\n", devInfo->AlgAsymCap);
printf(" AlgHashCap : 0x%08x\n", devInfo->AlgHashCap);
printf(" AlgHashCap : 0x%08x\n", devInfo->DevAuthAlgId);
printf(" Total Space : %u\n", devInfo->TotalSpace);
printf(" Free Space : %u\n", devInfo->FreeSpace);
printf(" MaxECCBuffer : %u\n", devInfo->MaxECCBufferSize);
printf(" MaxBuffer : %u\n", devInfo->MaxBufferSize);
return 1;
}

4
crypto/skf/skf_errstr.c
View File

@@ -110,7 +110,7 @@ skf_errinfo skf_errstr[] = {
{ SAR_FILE_NOT_EXIST, "File not exist" }
};
LPSTR DEVAPI SKF_GetErrorString(ULONG ulError)
char *SKF_get_errstr(ULONG ulError)
{
int i;
for (i = 0; i < sizeof(skf_errstr)/sizeof(skf_errstr[0]); i++) {
@@ -121,3 +121,5 @@ LPSTR DEVAPI SKF_GetErrorString(ULONG ulError)
return (LPSTR)"(undef)";
}

3
crypto/skf/skf_ex.h
View File

@@ -64,6 +64,8 @@
extern "C" {
#endif
int SKF_print_dev_info(DEVINFO *devInfo);
char *SKF_get_errstr(ULONG ulError);
RSA *RSA_new_from_RSAPUBLICKEYBLOB(const RSAPUBLICKEYBLOB *blob);
RSA *RSA_new_from_RSAPRIVATEKEYBLOB(const RSAPRIVATEKEYBLOB *blob);
@@ -87,6 +89,7 @@ ECDSA_SIG *ECDSA_SIG_new_from_ECCSIGNATUREBLOB(const ECCSIGNATUREBLOB *blob);
int ECDSA_SIG_get_ECCSIGNATUREBLOB(const ECDSA_SIG *sig, ECCSIGNATUREBLOB *blob);
int ECDSA_SIG_set_ECCSIGNATUREBLOB(ECDSA_SIG *sig, const ECCSIGNATUREBLOB *blob);
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes

12
crypto/sm2/sm2.h
View File

@@ -224,6 +224,7 @@ void ERR_load_SM2_strings(void);
# define SM2_F_SM2_CIPHERTEXT_VALUE_DECODE 100
# define SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE 101
# define SM2_F_SM2_CIPHERTEXT_VALUE_FREE 102
# define SM2_F_SM2_CIPHERTEXT_VALUE_NEW 125
# define SM2_F_SM2_CIPHERTEXT_VALUE_PRINT 103
# define SM2_F_SM2_CIPHERTEXT_VALUE_SIZE 104
# define SM2_F_SM2_COMPUTE_ID_DIGEST 105
@@ -234,6 +235,7 @@ void ERR_load_SM2_strings(void);
# define SM2_F_SM2_DO_SIGN_EX 110
# define SM2_F_SM2_DO_VERIFY 111
# define SM2_F_SM2_ENCRYPT 112
# define SM2_F_SM2_ENC_PARAMS_INIT_WITH_RECOMMENDED 126
# define SM2_F_SM2_GET_ID 113
# define SM2_F_SM2_KAP_COMPUTE_KEY 114
# define SM2_F_SM2_KAP_CTX_CLEANUP 115
@@ -251,13 +253,23 @@ void ERR_load_SM2_strings(void);
# define SM2_R_BAD_DATA 100
# define SM2_R_BAD_SIGNATURE 101
# define SM2_R_BUFFER_TOO_SMALL 102
# define SM2_R_CIPHERTEXT_ENCODE_FAILED 115
# define SM2_R_DECRYPT_FAILED 103
# define SM2_R_ECDH_FAILED 104
# define SM2_R_ENCRYPT_FAILED 105
# define SM2_R_ERROR 106
# define SM2_R_GEN_MAC_FAILED 107
# define SM2_R_GET_CIPHERTEXT_SIZE_FAILED 116
# define SM2_R_GET_KDF_FAILED 117
# define SM2_R_INNOR_ERROR 118
# define SM2_R_INVALID_EC_KEY 119
# define SM2_R_MALLOC_FAILED 120
# define SM2_R_MISSING_PARAMETERS 108
# define SM2_R_NEED_NEW_SETUP_VALUES 109
# define SM2_R_NULL_ARGUMENT 121
# define SM2_R_OCT2POINT_FAILED 122
# define SM2_R_POINT2OCT_FAILED 123
# define SM2_R_POINT_NEW_FAILED 124
# define SM2_R_RANDOM_NUMBER_GENERATION_FAILED 110
# define SM2_R_SM2_KAP_NOT_INITED 111
# define SM2_R_UNKNOWN_CIPHER_TYPE 112

84
crypto/sm2/sm2_enc.c
View File

@@ -59,7 +59,8 @@
#include <openssl/ecdsa.h>
#include <openssl/rand.h>
#include <openssl/kdf.h>
#include "sm2.h"
#include <openssl/sm2.h>
#include "../o_str.h"
int SM2_CIPHERTEXT_VALUE_size(const EC_GROUP *group,
const SM2_ENC_PARAMS *params, size_t mlen)
@@ -70,15 +71,15 @@ int SM2_CIPHERTEXT_VALUE_size(const EC_GROUP *group,
if (!(ec_key = EC_KEY_new())) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_SIZE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_SIZE, ERR_R_EC_LIB);
goto end;
}
if (!EC_KEY_set_group(ec_key, group)) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_SIZE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_SIZE, ERR_R_EC_LIB);
goto end;
}
if (!EC_KEY_generate_key(ec_key)) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_SIZE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_SIZE, ERR_R_EC_LIB);
goto end;
}
@@ -97,7 +98,22 @@ end:
SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_new(const EC_GROUP *group)
{
return NULL;
SM2_CIPHERTEXT_VALUE *cv;
if (!(cv = OPENSSL_malloc(sizeof(*cv)))) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_NEW, SM2_R_MALLOC_FAILED);
return NULL;
}
bzero(cv, sizeof(*cv));
if (!(cv->ephem_point = EC_POINT_new(group))) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_NEW, SM2_R_POINT_NEW_FAILED);
OPENSSL_free(cv);
return NULL;
}
return cv;
}
void SM2_CIPHERTEXT_VALUE_free(SM2_CIPHERTEXT_VALUE *cv)
@@ -116,14 +132,19 @@ int SM2_CIPHERTEXT_VALUE_encode(const SM2_CIPHERTEXT_VALUE *cv,
BN_CTX *bn_ctx = BN_CTX_new();
size_t ptlen, cvlen;
OPENSSL_assert(cv);
OPENSSL_assert(ec_group);
OPENSSL_assert(buf);
OPENSSL_assert(cv->ephem_point);
if (!bn_ctx) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE, ERR_R_BN_LIB);
return 0;
}
if (!(ptlen = EC_POINT_point2oct(ec_group, cv->ephem_point,
params->point_form, NULL, 0, bn_ctx))) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE, SM2_R_POINT2OCT_FAILED);
goto end;
}
cvlen = ptlen + cv->ciphertext_size + cv->mactag_size;
@@ -134,13 +155,13 @@ int SM2_CIPHERTEXT_VALUE_encode(const SM2_CIPHERTEXT_VALUE *cv,
goto end;
} else if (*buflen < cvlen) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE, SM2_R_BUFFER_TOO_SMALL);
goto end;
}
if (!(ptlen = EC_POINT_point2oct(ec_group, cv->ephem_point,
params->point_form, buf, *buflen, bn_ctx))) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE, SM2_R_POINT2OCT_FAILED);
goto end;
}
buf += ptlen;
@@ -168,21 +189,22 @@ SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode(
int fixlen;
if (!bn_ctx) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, ERR_R_BN_LIB);
return NULL;
}
if (!(fixlen = SM2_CIPHERTEXT_VALUE_size(ec_group, params, 0))) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_GET_CIPHERTEXT_SIZE_FAILED);
goto end;
}
if (buflen <= fixlen) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_BUFFER_TOO_SMALL);
goto end;
}
if (!(ret = OPENSSL_malloc(sizeof(SM2_CIPHERTEXT_VALUE)))) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_MALLOC_FAILED);
goto end;
}
@@ -190,13 +212,13 @@ SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode(
ret->ciphertext_size = buflen - fixlen;
ret->ciphertext = OPENSSL_malloc(ret->ciphertext_size);
if (!ret->ephem_point || !ret->ciphertext) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_INNOR_ERROR);
goto end;
}
ptlen = fixlen - SM2_ENC_PARAMS_mactag_size(params);
if (!EC_POINT_oct2point(ec_group, ret->ephem_point, buf, ptlen, bn_ctx)) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_OCT2POINT_FAILED);
goto end;
}
@@ -274,18 +296,20 @@ int SM2_encrypt(const SM2_ENC_PARAMS *params,
return 1;
} else if (*outlen < (size_t)len) {
SM2err(SM2_F_SM2_ENCRYPT, SM2_R_BUFFER_TOO_SMALL);
return 0;
}
if (!(cv = SM2_do_encrypt(params, in, inlen, ec_key))) {
SM2err(SM2_F_SM2_ENCRYPT, SM2_R_ERROR);
SM2err(SM2_F_SM2_ENCRYPT, SM2_R_ENCRYPT_FAILED);
goto end;
}
if (!SM2_CIPHERTEXT_VALUE_encode(cv, ec_group, params, out, outlen)) {
SM2err(SM2_F_SM2_ENCRYPT, SM2_R_ERROR);
SM2err(SM2_F_SM2_ENCRYPT, SM2_R_CIPHERTEXT_ENCODE_FAILED);
goto end;
}
ret = 1;
end:
if (cv) SM2_CIPHERTEXT_VALUE_free(cv);
@@ -315,15 +339,17 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const SM2_ENC_PARAMS *params,
int i;
if (!ec_group || !pub_key) {
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_INVALID_EC_KEY);
goto end;
}
if (!kdf) {
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_GET_KDF_FAILED);
goto end;
}
/* init ciphertext_value */
if (!(cv = OPENSSL_malloc(sizeof(SM2_CIPHERTEXT_VALUE)))) {
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_MALLOC_FAILED);
goto end;
}
bzero(cv, sizeof(SM2_CIPHERTEXT_VALUE));
@@ -364,13 +390,13 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const SM2_ENC_PARAMS *params,
BN_rand_range(k, n);
} while (BN_is_zero(k));
/* A2: C1 = [k]G = (x1, y1) */
if (!EC_POINT_mul(ec_group, cv->ephem_point, k, NULL, NULL, bn_ctx)) {
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
goto end;
}
/* A3: check [h]P_B != O */
if (!EC_POINT_mul(ec_group, point, NULL, pub_key, h, bn_ctx)) {
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
@@ -392,7 +418,7 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const SM2_ENC_PARAMS *params,
goto end;
}
OPENSSL_assert(len == nbytes * 2 + 1);
/* A5: t = KDF(x2 || y2, klen) */
kdf(buf + 1, len - 1, cv->ciphertext, &cv->ciphertext_size);
@@ -644,11 +670,11 @@ int SM2_do_decrypt(const SM2_ENC_PARAMS *params,
ret = 1;
end:
if (point) EC_POINT_free(point);
if (n) BN_free(n);
if (h) BN_free(h);
if (bn_ctx) BN_CTX_free(bn_ctx);
if (md_ctx) EVP_MD_CTX_destroy(md_ctx);
EC_POINT_free(point);
BN_free(n);
BN_free(h);
BN_CTX_free(bn_ctx);
EVP_MD_CTX_destroy(md_ctx);
return ret;
}
@@ -656,13 +682,15 @@ end:
int SM2_ENC_PARAMS_init_with_recommended(SM2_ENC_PARAMS *params)
{
if (!params) {
SM2err(SM2_F_SM2_ENC_PARAMS_INIT_WITH_RECOMMENDED,
SM2_R_NULL_ARGUMENT);
return 0;
}
params->kdf_md = EVP_sm3();
params->mac_md = EVP_sm3();
params->mactag_size = -1;
params->point_form = POINT_CONVERSION_UNCOMPRESSED;
return 1;
return 1;
}
int SM2_encrypt_with_recommended(unsigned char *out, size_t *outlen,
@@ -678,7 +706,7 @@ int SM2_decrypt_with_recommended(unsigned char *out, size_t *outlen,
{
SM2_ENC_PARAMS params;
SM2_ENC_PARAMS_init_with_recommended(&params);
return SM2_decrypt(&params, out, outlen, in, inlen, ec_key);
return SM2_decrypt(&params, out, outlen, in, inlen, ec_key);
}
int SM2_encrypt_elgamal(unsigned char *out, size_t *outlen,

14
crypto/sm2/sm2_err.c
View File

@@ -75,6 +75,7 @@ static ERR_STRING_DATA SM2_str_functs[] = {
{ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE),
"SM2_CIPHERTEXT_VALUE_encode"},
{ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_FREE), "SM2_CIPHERTEXT_VALUE_free"},
{ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_NEW), "SM2_CIPHERTEXT_VALUE_new"},
{ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_PRINT), "SM2_CIPHERTEXT_VALUE_print"},
{ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_SIZE), "SM2_CIPHERTEXT_VALUE_size"},
{ERR_FUNC(SM2_F_SM2_COMPUTE_ID_DIGEST), "SM2_compute_id_digest"},
@@ -85,6 +86,8 @@ static ERR_STRING_DATA SM2_str_functs[] = {
{ERR_FUNC(SM2_F_SM2_DO_SIGN_EX), "SM2_do_sign_ex"},
{ERR_FUNC(SM2_F_SM2_DO_VERIFY), "SM2_do_verify"},
{ERR_FUNC(SM2_F_SM2_ENCRYPT), "SM2_encrypt"},
{ERR_FUNC(SM2_F_SM2_ENC_PARAMS_INIT_WITH_RECOMMENDED),
"SM2_ENC_PARAMS_init_with_recommended"},
{ERR_FUNC(SM2_F_SM2_GET_ID), "SM2_GET_ID"},
{ERR_FUNC(SM2_F_SM2_KAP_COMPUTE_KEY), "SM2_KAP_compute_key"},
{ERR_FUNC(SM2_F_SM2_KAP_CTX_CLEANUP), "SM2_KAP_CTX_cleanup"},
@@ -104,13 +107,24 @@ static ERR_STRING_DATA SM2_str_reasons[] = {
{ERR_REASON(SM2_R_BAD_DATA), "bad data"},
{ERR_REASON(SM2_R_BAD_SIGNATURE), "bad signature"},
{ERR_REASON(SM2_R_BUFFER_TOO_SMALL), "buffer too small"},
{ERR_REASON(SM2_R_CIPHERTEXT_ENCODE_FAILED), "ciphertext encode failed"},
{ERR_REASON(SM2_R_DECRYPT_FAILED), "decrypt failed"},
{ERR_REASON(SM2_R_ECDH_FAILED), "ecdh failed"},
{ERR_REASON(SM2_R_ENCRYPT_FAILED), "encrypt failed"},
{ERR_REASON(SM2_R_ERROR), "error"},
{ERR_REASON(SM2_R_GEN_MAC_FAILED), "gen mac failed"},
{ERR_REASON(SM2_R_GET_CIPHERTEXT_SIZE_FAILED),
"get ciphertext size failed"},
{ERR_REASON(SM2_R_GET_KDF_FAILED), "get kdf failed"},
{ERR_REASON(SM2_R_INNOR_ERROR), "innor error"},
{ERR_REASON(SM2_R_INVALID_EC_KEY), "invalid ec key"},
{ERR_REASON(SM2_R_MALLOC_FAILED), "malloc failed"},
{ERR_REASON(SM2_R_MISSING_PARAMETERS), "missing parameters"},
{ERR_REASON(SM2_R_NEED_NEW_SETUP_VALUES), "need new setup values"},
{ERR_REASON(SM2_R_NULL_ARGUMENT), "null argument"},
{ERR_REASON(SM2_R_OCT2POINT_FAILED), "oct2point failed"},
{ERR_REASON(SM2_R_POINT2OCT_FAILED), "point2oct failed"},
{ERR_REASON(SM2_R_POINT_NEW_FAILED), "point new failed"},
{ERR_REASON(SM2_R_RANDOM_NUMBER_GENERATION_FAILED),
"random number generation failed"},
{ERR_REASON(SM2_R_SM2_KAP_NOT_INITED), "sm2 kap not inited"},

1
crypto/sm2/sm2_sign.c
View File

@@ -478,7 +478,6 @@ int SM2_sign_ex(int type, const unsigned char *dgst, int dgstlen,
int SM2_sign(int type, const unsigned char *dgst, int dgstlen,
unsigned char *sig, unsigned int *siglen, EC_KEY *ec_key)
{
fprintf(stderr, "%s %d %s() executed\n", __FILE__, __LINE__, __FUNCTION__);
return SM2_sign_ex(type, dgst, dgstlen, sig, siglen, NULL, NULL, ec_key);
}

28
crypto/sm2/sm2test.c
View File

@@ -764,7 +764,7 @@ int test_evp_pkey_sign(EVP_PKEY *pkey, int do_sm2, int verbose)
}
if (verbose) {
printf("test %s signing passed\n", OBJ_nid2sn(type));
printf("%s(%s) passed\n", __FUNCTION__, OBJ_nid2sn(type));
}
ret = 1;
@@ -842,7 +842,7 @@ int test_evp_pkey_encrypt(EVP_PKEY *pkey, int do_sm2, int verbose)
}
if (verbose) {
printf("test %s encryption passed\n", OBJ_nid2sn(type));
printf("%s(%s) passed\n", __FUNCTION__, OBJ_nid2sn(type));
}
ret = 1;
@@ -889,7 +889,7 @@ int test_evp_pkey_encrypt_old(EVP_PKEY *pkey, int verbose)
}
if (verbose) {
printf("EVP_PKEY_encrypt_old() passed!\n");
printf("%s() passed!\n", __FUNCTION__);
}
ret = 1;
@@ -952,7 +952,7 @@ int test_evp_sign(EVP_PKEY *pkey, const EVP_MD *md, int verbose)
}
if (verbose) {
printf("EVP_SignInit/Update/Final() passed\n");
printf("%s() passed\n", __FUNCTION__);
}
ret = 1;
@@ -1023,7 +1023,7 @@ int test_evp_digestsign(EVP_PKEY *pkey, int do_sm2, const EVP_MD *md, int verbos
}
if (verbose) {
printf("EVP_DigestSignInit/Update/Final() passed\n");
printf("%s() passed\n", __FUNCTION__);
}
ret = 1;
@@ -1033,7 +1033,7 @@ end:
}
#define NUM_PKEYS 3
#define MAX_PKEY_SIZE 256
#define MAX_PKEY_SIZE 1024
int test_evp_seal(int curve_id, const EVP_CIPHER *cipher, BIO *out, int verbose)
{
@@ -1041,7 +1041,7 @@ int test_evp_seal(int curve_id, const EVP_CIPHER *cipher, BIO *out, int verbose)
EVP_PKEY *pkey[NUM_PKEYS] = {0};
EVP_CIPHER_CTX *cctx = NULL;
unsigned char iv[16];
unsigned char ek[NUM_PKEYS][MAX_PKEY_SIZE];
unsigned char *ek[NUM_PKEYS] = {0};
int ekl[NUM_PKEYS];
unsigned char msg1[] = "Hello ";
unsigned char msg2[] = "World!";
@@ -1052,8 +1052,12 @@ int test_evp_seal(int curve_id, const EVP_CIPHER *cipher, BIO *out, int verbose)
for (i = 0; i < NUM_PKEYS; i++) {
pkey[i] = genpkey(curve_id, out, verbose);
if (!(pkey[i] = genpkey(curve_id, out, verbose))) {
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
goto end;
}
ekl[i] = MAX_PKEY_SIZE;
ek[i] = OPENSSL_malloc(ekl[i]);
}
RAND_bytes(iv, sizeof(iv));
@@ -1062,8 +1066,7 @@ int test_evp_seal(int curve_id, const EVP_CIPHER *cipher, BIO *out, int verbose)
goto end;
}
if (NUM_PKEYS != EVP_SealInit(cctx, cipher, ek, ekl, iv, pkey, NUM_PKEYS)) {
ERR_print_errors_fp(stderr);
if ((i = EVP_SealInit(cctx, cipher, ek, ekl, iv, pkey, NUM_PKEYS)) != NUM_PKEYS) {
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
goto end;
}
@@ -1141,7 +1144,7 @@ int test_evp_seal(int curve_id, const EVP_CIPHER *cipher, BIO *out, int verbose)
}
if (verbose) {
BIO_printf(out, "EVP_SealInit/Update/Final() passed!\n");
BIO_printf(out, "%s() passed!\n", __FUNCTION__);
}
ret = 1;
@@ -1150,6 +1153,7 @@ end:
EVP_CIPHER_CTX_free(cctx);
for (i = 0; i < NUM_PKEYS; i++) {
EVP_PKEY_free(pkey[i]);
OPENSSL_free(ek[i]);
}
return ret;
}
@@ -1250,7 +1254,7 @@ int main(int argc, char **argv)
goto err;
}
if (!test_sm2_evp(2)) {
if (!test_sm2_evp(1)) {
goto err;
}

2
crypto/sms4/sms4.h
View File

@@ -98,7 +98,7 @@ int sms4_unwrap_key(sms4_key_t *key, const unsigned char *iv,
typedef struct {
sms4_key_t k1;
sms4_key_t k2;
sms4_key_t k2;
} sms4_ede_key_t;
void sms4_ede_set_encrypt_key(sms4_ede_key_t *key, const unsigned char *user_key);

10
demos/gmssl/gmssl.sh
View File

@@ -6,6 +6,7 @@ keyfile=eckey.pem
pubkeyfile=ecpubkey.pem
pkeyopt="-pkeyopt ec_paramgen_curve:sm2p256v1"
#echo -n abc | $gmssl dgst -sm3
#echo -n abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd | gmssl dgst -sm3
@@ -17,11 +18,10 @@ $gmssl genpkey -algorithm EC -out sm2key.pem -pkeyopt ec_paramgen_curve:sm2p256v
#$gmssl pkey -text -noout -in sm2key.pem
#$gmssl pkey -in sm2key.pem -pubout -out sm2pubkey.pem
#$gmssl pkey -text -noout -pubin -in $pubkeyfile
#echo hello | $gmssl pkeyutl -sign -inkey sm2key.pem -pkeyopt ec_sign_algor:sm2 > sm2sig.der
#echo hello | $gmssl pkeyutl -verify -inkey sm2key.pem -sigfile sm2sig.der -pkeyopt ec_sign_algor:sm2
#echo hello | $gmssl pkeyutl -encrypt -inkey sm2key.pem -pkeyopt ec_encrypt_algor:sm2 > sm2ciphertext.bin
#cat sm2ciphertext.bin | $gmssl pkeyutl -decrypt -inkey sm2key.pem -pkeyopt ec_encrypt_algor:sm2
echo hello | $gmssl pkeyutl -sign -inkey sm2key.pem -pkeyopt ec_sign_algor:sm2 > sm2sig.der
echo hello | $gmssl pkeyutl -verify -inkey sm2key.pem -sigfile sm2sig.der -pkeyopt ec_sign_algor:sm2
echo hello | $gmssl pkeyutl -encrypt -inkey sm2key.pem -pkeyopt ec_encrypt_algor:sm2 > sm2ciphertext.bin
cat sm2ciphertext.bin | $gmssl pkeyutl -decrypt -inkey sm2key.pem -pkeyopt ec_encrypt_algor:sm2
$gmssl req -new -x509 -days 3650 -key sm2key.pem -out cert.pem -pkeyopt ec_sign_algor:sm2
#$gmssl x509 -text -noout -in $DIR/cacert.pem

62
demos/gmssl/sm2selfsign.c → demos/gmssl/selfsign.c
View File

@@ -1,38 +1,9 @@
#include <stdio.h>
#include <stdlib.h>
#include <openssl/pem.h>
#include <openssl/conf.h>
#include <openssl/x509v3.h>
int mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
int main()
{
BIO *bio_err;
X509 *x509 = NULL;
EVP_PKEY *pkey = NULL;
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
mkit(&x509, &pkey, 512, 0, 365);
EC_KEY_print_fp(stdout, pkey->pkey.ec, 0);
X509_print_fp(stdout, x509);
PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
PEM_write_X509(stdout, x509);
X509_free(x509);
EVP_PKEY_free(pkey);
CRYPTO_mem_leaks(bio_err);
BIO_free(bio_err);
return (0);
}
int mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days)
{
X509 *x;
@@ -51,8 +22,8 @@ int mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days)
pk = *pkeyp;
if ((x509p == NULL) || (*x509p == NULL)) {
if ((x = X509_new()) == NULL)
goto err;
if ((x = X509_new()) == NULL)
goto err;
} else {
x = *x509p;
}
@@ -115,6 +86,33 @@ int mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days)
*x509p = x;
*pkeyp = pk;
return (1);
err:
err:
return (0);
}
int main()
{
BIO *bio_err;
X509 *x509 = NULL;
EVP_PKEY *pkey = NULL;
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
mkit(&x509, &pkey, 512, 0, 365);
EC_KEY_print_fp(stdout, pkey->pkey.ec, 0);
X509_print_fp(stdout, x509);
PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
PEM_write_X509(stdout, x509);
X509_free(x509);
EVP_PKEY_free(pkey);
CRYPTO_mem_leaks(bio_err);
BIO_free(bio_err);
return (0);
}

0
demos/gmssl/sm2ciphertext.bin Normal file
View File

6
demos/gmssl/sm2key.pem
View File

@@ -1,5 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQg2MM/g28XAEne6VG/
cPYUhVq8H0D/5igtUw9CUaxr2KWhRANCAAQdCrdYHfnyeFhcFQuyRrCxuGH1/bnS
wDKinlLUFyVa72SlAz5tBaA4TPY2m5259/55lTkdVkq6gtvyW7L/VFTg
MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgyeMq+RmwB95Ohl+U
K1KmE5/3OzxoG1lOpbyMu8sZxrqhRANCAATGmXcprKn9kYmMBKBLaxckcTFqDzNF
qDwzk8rTcWr5/2CmI9KGeSMbp7G9X/v8qh/RIattztrYXlrVP0h7Zk+A
-----END PRIVATE KEY-----

0
demos/gmssl/sm2sig.der Normal file
View File

3
engines/Makefile
View File

@@ -38,6 +38,7 @@ LIBSRC= e_4758cca.c \
e_sureware.c \
e_ubsec.c \
e_padlock.c \
e_skf.c \
e_capi.c
LIBOBJ= e_4758cca.o \
e_aep.o \
@@ -49,6 +50,7 @@ LIBOBJ= e_4758cca.o \
e_sureware.o \
e_ubsec.o \
e_padlock.o \
e_skf.o \
e_capi.o
SRC= $(LIBSRC)
@@ -63,6 +65,7 @@ HEADER= e_4758cca_err.c e_4758cca_err.h \
e_nuron_err.c e_nuron_err.h \
e_sureware_err.c e_sureware_err.h \
e_ubsec_err.c e_ubsec_err.h \
e_skf_err.c e_skf_err.h \
e_capi_err.c e_capi_err.h
ALL= $(GENERAL) $(SRC) $(HEADER)

409
engines/e_skf.c
View File

@@ -52,6 +52,8 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/rsa.h>
#include <openssl/ecdsa.h>
#include <openssl/evp.h>
#include <openssl/engine.h>
#include <openssl/obj_mac.h>
@@ -69,17 +71,8 @@
static DEVHANDLE hDev = NULL;
static HAPPLICATION hApp = NULL;
static HCONTAINER hContainer = NULL;
static int authkey_set = 0;
static unsigned char authkey[16];
static int userpin_set = 0;
static char userpin[64];
static int skf_init(ENGINE *e);
static int skf_finish(ENGINE *e);
static int skf_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
static int skf_destroy(ENGINE *e);
static int isDevAuthenticated = 0;
static int isPinVerified = 0;
#define SKF_CMD_SO_PATH ENGINE_CMD_BASE
#define SKF_CMD_OPEN_DEV (ENGINE_CMD_BASE + 1)
@@ -95,102 +88,199 @@ static const ENGINE_CMD_DEFN skf_cmd_defns[] = {
ENGINE_CMD_FLAG_STRING},
{SKF_CMD_OPEN_DEV,
"OPEN_DEVICE",
"Open SKF device with device name",
"Connect SKF device with device name",
ENGINE_CMD_FLAG_STRING},
{SKF_CMD_DEV_AUTH,
"DEV_AUTH",
"Device authentication with authentication key",
"Authenticate to device with authentication key",
ENGINE_CMD_FLAG_STRING},
{SKF_CMD_OPEN_APP,
"OPEN_APP",
"Open application with specified name",
"Open application with specified application name",
ENGINE_CMD_FLAG_STRING},
{SKF_CMD_VERIFY_PIN,
"VERIFY_PIN",
"Specifies user's PIN of the application to open",
"Authenticate to application with USER PIN",
ENGINE_CMD_FLAG_STRING},
{SKF_CMD_OPEN_CONTAINER,
"OPEN_CONTAINER",
"Open container wtith specified name",
"Open container with specified container name",
ENGINE_CMD_FLAG_STRING},
{0, NULL, NULL, 0},
};
int set_authkey(const char *authkey_hex)
{
ESKFerr(ESKF_F_SET_AUTHKEY, ESKF_R_NOT_IMPLEMENTED);
return 0;
}
int set_userpin(const char *pin)
{
if (strlen(pin) > sizeof(userpin)) {
return 0;
}
strcpy(userpin, pin);
ESKFerr(ESKF_F_SET_USERPIN, ESKF_R_NOT_IMPLEMENTED);
return 0;
}
int open_dev(const char *devname)
static int open_dev(const char *devname)
{
ULONG rv;
DEVINFO devInfo;
if ((rv = SKF_ConnectDev(devname, &hDev)) != SAR_OK) {
goto end;
if (hDev) {
ESKFerr(ESKF_F_OPEN_DEV, ESKF_R_DEV_ALREADY_CONNECTED);
return 0;
}
if ((rv = SKF_ConnectDev((LPSTR)devname, &hDev)) != SAR_OK) {
ESKFerr(ESKF_F_OPEN_DEV, ESKF_R_SKF_CONNECT_DEV_FAILED);
return 0;
}
if ((rv = SKF_GetDevInfo(hDev, &devInfo)) != SAR_OK) {
goto end;
ESKFerr(ESKF_F_OPEN_DEV, ESKF_R_SKF_GET_DEV_INFO_FAILED);
return 0;
}
if ((rv = SKF_GenRandom(hDev, authRand, sizeof(authRand))) != SAR_OK) {
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
goto end;
}
/* Encrypt(authRand, authData, authKey) */
if ((rv = SKF_DevAuth(hDev, authData, len)) != SAR_OK) {
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
goto end;
}
ESKFerr(ESKF_F_OPEN_DEV, ESKF_R_NOT_IMPLEMENTED);
return 0;
return 1;
}
int open_app(const char *appname)
static int dev_auth(const char *hexauthkey)
{
if ((rv = SKF_OpenApplication(hDev, appName, &hApp)) != SAR_OK) {
goto end;
int ret = 0;
ULONG rv;
const EVP_CIPHER *cipher = EVP_sms4_ecb();
EVP_CIPHER_CTX *ctx = NULL;
unsigned char authkey[EVP_MAX_KEY_LENGTH];
unsigned char authrand[SMS4_BLOCK_SIZE];
unsigned char authdata[SMS4_BLOCK_SIZE];
unsigned int len;
if (!hDev) {
ESKFerr(ESKF_F_DEV_AUTH, ESKF_R_DEV_IS_NOT_CONNECTED);
return 0;
}
if ((rv = SKF_VerifyPIN(hApp, USER_TYPE, pin, &retryCount)) != SAR_OK) {
if (!isDevAuthenticated) {
ESKFerr(ESKF_F_DEV_AUTH, ESKF_R_DEV_ALREADY_AUTHENTICATED);
return 0;
}
len = 16; //FIXME: or 8?
bzero(authrand, sizeof(authrand));
if ((rv = SKF_GenRandom(hDev, authrand, len)) != SAR_OK) {
ESKFerr(ESKF_F_DEV_AUTH, ESKF_R_SKF_GEN_RANDOM_FAILED);
goto end;
}
ESKFerr(ESKF_F_OPEN_APP, ESKF_R_NOT_IMPLEMENTED);
return 0;
if (!(ctx = EVP_CIPHER_CTX_new())) {
ESKFerr(ESKF_F_DEV_AUTH, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_EncryptInit(ctx, cipher, authkey, NULL)) {
ESKFerr(ESKF_F_DEV_AUTH, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_Cipher(ctx, authdata, authrand, sizeof(authrand))) {
ESKFerr(ESKF_F_DEV_AUTH, ERR_R_EVP_LIB);
goto end;
}
if ((rv = SKF_DevAuth(hDev, authdata, sizeof(authdata))) != SAR_OK) {
ESKFerr(ESKF_F_DEV_AUTH, ESKF_R_SKF_DEV_AUTH_FAILED);
goto end;
}
isDevAuthenticated = 1;
ret = 1;
end:
EVP_CIPHER_CTX_free(ctx);
return ret;
}
int open_container(const char *containername)
static int open_app(const char *appname)
{
if ((rv = SKF_OpenContainer(hApp, containerName, &hContainer)) != SAR_OK) {
goto end;
}
if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
goto end;
}
if (containerType != CONTAINER_TYPE_ECC) {
goto end;
ULONG rv;
if (!hDev) {
ESKFerr(ESKF_F_OPEN_APP, ESKF_R_DEV_NOT_CONNECTED);
return 0;
}
ESKFerr(ESKF_F_OPEN_CONTAINER, ESKF_R_NOT_IMPLEMENTED);
return 0;
if (!isDevAuthenticated) {
ESKFerr(ESKF_F_OPEN_APP, ESKF_R_DEV_NOT_AUTHENTICATED);
return 0;
}
if (hApp) {
ESKFerr(ESKF_F_OPEN_APP, ESKF_R_APP_ALREADY_OPENED);
return 0;
}
if ((rv = SKF_OpenApplication(hDev, (LPSTR)appname, &hApp)) != SAR_OK) {
ESKFerr(ESKF_F_OPEN_APP, ESKF_R_SKF_OPEN_APPLICATION_FAILED);
return 0;
}
return 1;
}
static int verify_pin(const char *userpin)
{
ULONG rv;
ULONG retryCount;
if (!hDev) {
ESKFerr(ESKF_F_VERIFY_PIN, ESKF_R_DEV_NOT_CONNECTED);
return 0;
}
if (!isDevAuthenticated) {
ESKFerr(ESKF_F_VERIFY_PIN, ESKF_R_DEV_NOT_AUTHENCATED);
return 0;
}
if (!hApp) {
ESKFerr(ESKF_F_VERIFY_PIN, ESKF_R_APP_NOT_OPENED);
return 0;
}
if ((rv = SKF_VerifyPIN(hApp, USER_TYPE, (LPSTR)userpin, &retryCount)) != SAR_OK) {
ESKFerr(ESKF_F_VERIFY_PIN, ESKF_R_SKF_VERIFY_PIN_FAILED);
return 0;
}
isPinVerified = 1;
return 1;
}
static int open_container(const char *containername)
{
ULONG rv;
if (!hDev) {
ESKFerr(ESKF_F_OPEN_CONTAINER, ESKF_R_DEV_NOT_CONNECTED);
return 0;
}
if (!isDevAuthenticated) {
ESKFerr(ESKF_F_OPEN_CONTAINER, ESKF_R_DEV_NOT_AUTHENTICATED);
return 0;
}
if (!hApp) {
ESKFerr(ESKF_F_OPEN_CONTAINER, ESKF_R_APP_NOT_OPENED);
return 0;
}
if (!isPinVerified) {
ESKFerr(ESKF_F_OPEN_CONTAINER, ESKF_R_PIN_NOT_VERIFIED);
return 0;
}
if (hContainer) {
ESKFerr(ESKF_F_OPEN_CONTAINER, ESKF_R_CONTAINER_ALREADY_OPENED);
return 0;
}
if ((rv = SKF_OpenContainer(hApp, (LPSTR)containername, &hContainer)) != SAR_OK) {
ESKFerr(ESKF_F_OPEN_CONTAINER, ESKF_R_SKF_OPEN_CONTAINER_FAILED);
return 0;
}
/*
*/
return 1;
}
static int skf_engine_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
@@ -206,11 +296,9 @@ static int skf_engine_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
return verify_pin(p);
case SKF_CMD_OPEN_CONTAINER:
return open_container(p);
default:
break;
}
ESKFerr(ESKF_F_SKF_ENGINE_CTRL, ESKF_R_NOT_IMPLEMENTED);
ESKFerr(ESKF_F_SKF_ENGINE_CTRL, ESKF_R_INVALID_CTRL_CMD);
return 0;
}
@@ -220,65 +308,76 @@ static EVP_PKEY *skf_load_pubkey(ENGINE *e, const char *key_id,
ULONG rv, len;
EVP_PKEY *ret = NULL;
EC_KEY *ec_key = NULL;
ECCPUBLICKEYBLOB blob;
BIGNUM *x = NULL;
BIGNUM *y = NULL;
int nbytes;
RSA *rsa = NULL;
ECCPUBLICKEYBLOB eccblob;
RSAPUBLICKEYBLOB rsablob;
ULONG containerType;
len = sizeof(blob);
if ((rv = SKF_ExportPublicKey(hContainer, TRUE, &blob, &len)) != SAR_OK) {
goto end;
if (!hContainer) {
ESKFerr(ESKF_F_SKF_LOAD_PUBKEY, ESKF_R_CONTAINER_NOT_OPENED);
return 0;
}
if (!(ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1))) {
goto end;
}
if (EC_KEY_get_degree(ec_key) != blob.BitLen) {
goto end;
}
nbytes = (blob.BitLen + 7)/8;
if (!(x = BN_bin2bn(&(blob.XCoordinate), nbytes, NULL))) {
goto end;
}
if (!(y = BN_bin2bn(&(blob.YCoordinate), nbytes, NULL))) {
goto end;
}
if (!EC_KEY_set_public_key_affine_coordinates(ec_key, x, y)) {
goto end;
if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
ESKFerr(ESKF_F_SKF_LOAD_PUBKEY, ESKF_R_SKF_GET_CONTAINER_TYPE_FAILED);
return 0;
}
if (!(ret = EVP_PKEY_new())) {
goto end;
if (containerType == CONTAINER_TYPE_ECC) {
len = sizeof(eccblob);
if ((rv = SKF_ExportPublicKey(hContainer, TRUE, (BYTE *)&eccblob, &len)) != SAR_OK) {
ESKFerr(ESKF_F_SKF_LOAD_PUBKEY, ESKF_R_SKF_EXPORT_PUBLIC_KEY_FAILED);
return 0;
}
if (!(ec_key = EC_KEY_new_from_ECCPUBLICKEYBLOB(&eccblob))) {
return 0;
}
EVP_PKEY_set1_EC_KEY(ret, ec_key);
ec_key = NULL;
} else if (containerType == CONTAINER_TYPE_RSA) {
len = sizeof(rsablob);
if ((rv = SKF_ExportPublicKey(hContainer, TRUE, (BYTE *)&rsablob, &len)) != SAR_OK) {
ESKFerr(ESKF_F_SKF_LOAD_PUBKEY, ESKF_R_SKF_EXPORT_PUBLIC_KEY_FAILED);
return 0;
}
if (!(rsa = RSA_new_from_RSAPUBLICKEYBLOB(&rsablob))) {
return 0;
}
EVP_PKEY_set1_RSA(ret, rsa);
rsa = NULL;
} else {
ESKFerr(ESKF_F_SKF_LOAD_PUBKEY, ESKF_R_INVALID_CONTAINER_TYPE);
return 0;
}
//EVP_PKEY_assign_SM2(ret, ec_key);
end:
EC_KEY_free(ec_key);
BN_free(x);
BN_free(y)
ESKFerr(ESKF_F_SKF_LOAD_PUBKEY, ESKF_R_NOT_IMPLEMENTED);
return ret;
}
static int skf_init(ENGINE *e)
{
ESKFerr(ESKF_F_SKF_INIT, ESKF_R_NOT_IMPLEMENTED);
return 0;
return 1;
}
static int skf_finish(ENGINE *e)
{
ULONG rv;
ESKFerr(ESKF_F_SKF_FINISH, ESKF_R_NOT_IMPLEMENTED);
return 0;
if (hDev) {
if ((rv = SKF_DisConnectDev(hDev)) != SAR_OK) {
ESKFerr(ESKF_F_SKF_FINISH, ESKF_R_SKF_DIS_CONNNECT_DEV_FAILED);
return 0;
}
}
return 1;
}
static int skf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
EVP_SKF_KEY *dat = (EVP_SKF_KEY *)ctx->cipher_data;
ULONG rv;
ULONG ulAlgID;
switch (EVP_CIPHER_CTX_nid(ctx)) {
@@ -326,19 +425,19 @@ static int skf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
return 0;
}
if ((rv = SKF_SetSymmKey(skf_dev_handle, (BYTE *)key, ulAlgID,
&(dat->hKey))) != SAR_OK) {
if ((rv = SKF_SetSymmKey(hDev, (BYTE *)key, ulAlgID,
(HANDLE *)&(ctx->cipher_data))) != SAR_OK) {
ESKFerr(ESKF_F_SKF_INIT_KEY, ESKF_R_SKF_SET_SYMMKEY_FAILED);
return 0;
}
ESKFerr(ESKF_F_SKF_INIT_KEY, ESKF_R_NOT_IMPLEMENTED);
return 1;
}
static int skf_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
/*
ULONG rv;
EVP_SKF_KEY *dat = (EVP_SKF_KEY *)ctx->cipher_data;
BLOCKCIPHERPARAM param;
@@ -386,15 +485,12 @@ static int skf_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
return 0;
}
} else {
return 0;
}
ESKFerr(ESKF_F_SKF_CIPHER, ESKF_R_NOT_IMPLEMENTED);
*/
return 1;
}
#define BLOCK_CIPHER_generic(cipher,mode,MODE) \
static const EVP_CIPHER skf_##cipher##_##mode = { \
NID_##cipher##_##mode, \
@@ -403,22 +499,28 @@ static const EVP_CIPHER skf_##cipher##_##mode = { \
skf_init_key, \
skf_cipher, \
NULL, \
sizeof(EVP_SKF_KEY), \
sizeof(HANDLE), \
NULL,NULL,NULL,NULL };
BLOCK_CIPHER_generic(ssf33,ecb,ECB)
BLOCK_CIPHER_generic(ssf33,cbc,CBC)
BLOCK_CIPHER_generic(ssf33,cfb,CFB)
BLOCK_CIPHER_generic(ssf33,ofb,OFB)
BLOCK_CIPHER_generic(ssf33,cfb1,CFB)
BLOCK_CIPHER_generic(ssf33,cfb8,CFB)
BLOCK_CIPHER_generic(ssf33,cfb128,CFB)
BLOCK_CIPHER_generic(ssf33,ofb128,OFB)
BLOCK_CIPHER_generic(sm1,ecb,ECB)
BLOCK_CIPHER_generic(sm1,cbc,CBC)
BLOCK_CIPHER_generic(sm1,cfb,CFB)
BLOCK_CIPHER_generic(sm1,ofb,OFB)
BLOCK_CIPHER_generic(sm4,ecb,ECB)
BLOCK_CIPHER_generic(sm4,cbc,CBC)
BLOCK_CIPHER_generic(sm4,cfb,CFB)
BLOCK_CIPHER_generic(sm4,ofb,OFB)
BLOCK_CIPHER_generic(sm1,cfb1,CFB)
BLOCK_CIPHER_generic(sm1,cfb8,CFB)
BLOCK_CIPHER_generic(sm1,cfb128,CFB)
BLOCK_CIPHER_generic(sm1,ofb128,OFB)
BLOCK_CIPHER_generic(sms4,ecb,ECB)
BLOCK_CIPHER_generic(sms4,cbc,CBC)
BLOCK_CIPHER_generic(sms4,cfb1,CFB)
BLOCK_CIPHER_generic(sms4,cfb8,CFB)
BLOCK_CIPHER_generic(sms4,cfb128,CFB)
BLOCK_CIPHER_generic(sms4,ofb128,OFB)
static int skf_cipher_nids[] = {
@@ -496,8 +598,6 @@ static int skf_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, i
return 0;
}
ESKFerr(ESKF_F_SKF_CIPHERS, ESKF_R_NOT_IMPLEMENTED);
return 1;
}
@@ -507,11 +607,10 @@ int skf_rand_bytes(unsigned char *buf, int num)
ULONG rv;
if ((rv = SKF_GenRandom(hDev, buf, (ULONG)num)) != SAR_OK) {
ESKFerr(ESKF_F_SKF_RAND_BYTES, ESKF_R_GEN_RANDOM_FAILED);
return 0;
}
ESKFerr(ESKF_F_SKF_RAND_BYTES, ESKF_R_NOT_IMPLEMENTED);
return 1;
}
@@ -528,15 +627,13 @@ static RAND_METHOD skf_rand = {
static int skf_sm3_init(EVP_MD_CTX *ctx)
{
ULONG rv;
DEVHANDLE hDev;
HANDLE hHash;
if ((rv = SKF_DigestInit(hDev, SGD_SM3, NULL, NULL, 0, &hHash)) != SAR_OK) {
if ((rv = SKF_DigestInit(hDev, SGD_SM3, NULL, NULL, 0,
(HANDLE *)&(ctx->md_data))) != SAR_OK) {
ESKFerr(ESKF_F_SKF_SM3_INIT, ESKF_R_SKF_DIGEST_INIT_FAILED);
return 0;
}
ESKFerr(ESKF_F_SKF_SM3_INIT, ESKF_R_NOT_IMPLEMENTED);
return 1;
}
@@ -547,11 +644,10 @@ static int skf_sm3_update(EVP_MD_CTX *ctx, const void *data, size_t count)
ULONG ulDataLen = (ULONG)count;
if ((rv = SKF_DigestUpdate((HANDLE)ctx->md_data, pbData, ulDataLen)) != SAR_OK) {
ESKFerr(ESKF_F_SKF_SM3_UPDATE, ESKF_R_SKF_DIGEST_UPDATE_FAILED);
return 0;
}
ESKFerr(ESKF_F_SKF_SM3_UPDATE, ESKF_R_NOT_IMPLEMENTED);
return 1;
}
@@ -561,16 +657,16 @@ static int skf_sm3_final(EVP_MD_CTX *ctx, unsigned char *md)
BYTE *pHashData = (BYTE *)md;
ULONG ulHashLen = SM3_DIGEST_LENGTH;
if ((rv = SKF_DigestFinal(hHash, pHashData, &ulHashLen)) != SAR_OK) {
if ((rv = SKF_DigestFinal((HANDLE)ctx->md_data, pHashData, &ulHashLen)) != SAR_OK) {
ESKFerr(ESKF_F_SKF_SM3_FINAL, ESKF_R_SKF_DIGEST_FINAL_FAILED);
return 0;
}
if ((rv = SKF_CloseHandle(hHash)) != SAR_OK) {
if ((rv = SKF_CloseHandle((HANDLE)ctx->md_data)) != SAR_OK) {
ESKFerr(ESKF_F_SKF_SM3_FINAL, ESKF_R_SKF_CLOSE_HANDLE_FAILED);
return 0;
}
ESKFerr(ESKF_F_SKF_SM3_FINAL, ESKF_R_NOT_IMPLEMENTED);
return 1;
}
@@ -609,8 +705,6 @@ static int skf_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int n
return 0;
}
ESKFerr(ESKF_F_SKF_DIGESTS, ESKF_R_NOT_IMPLEMENTED);
return 1;
}
@@ -627,12 +721,10 @@ static int skf_rsa_sign(int type, const unsigned char *m, unsigned int mlen,
if ((rv = SKF_RSASignData(hContainer, pbData, ulDataLen,
signature, &ulSigLen)) != SAR_OK) {
goto end;
return 0;
}
ESKFerr(ESKF_F_SKF_RSA_SIGN, ESKF_R_NOT_IMPLEMENTED);
return 0;
return 1;
}
static RSA_METHOD skf_rsa = {
@@ -657,9 +749,10 @@ static ECDSA_SIG *skf_sm2_do_sign(const unsigned char *dgst, int dgstlen,
const BIGNUM *a, const BIGNUM *b, EC_KEY *ec_key)
{
ECDSA_SIG *ret = NULL;
/*
ULONG rv;
BYTE *pbDigest = (BYTE *)dgst;
ULONG ulDigestLen = (ULONG)dgstlen,
ULONG ulDigestLen = (ULONG)dgstlen;
ECCSIGNATUREBLOB sigBlob;
int ok = 0;
@@ -683,19 +776,21 @@ end:
ret = NULL;
}
*/
ESKFerr(ESKF_F_SKF_SM2_DO_SIGN, ESKF_R_NOT_IMPLEMENTED);
return ret;
}
static int ECDSA_METHOD skf_sm2sign = {
/*
static ECDSA_METHOD skf_sm2sign = {
"SKF ECDSA method (SM2 signature)",
skf_sm2_do_sign,
NULL,
NULL,
NULL,
0,
NULL,
};
*/
#ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *engine_skf(void)
@@ -740,14 +835,14 @@ static int bind(ENGINE *e, const char *id)
!ENGINE_set_name(e, engine_skf_name) ||
!ENGINE_set_init_function(e, skf_init) ||
!ENGINE_set_finish_function(e, skf_finish) ||
!ENGINE_set_ctrl_function(e, skf_ctrl) ||
!ENGINE_set_destroy_function(e, skf_destroy) ||
!ENGINE_set_ctrl_function(e, skf_engine_ctrl) ||
!ENGINE_set_destroy_function(e, NULL) || //FIXME
!ENGINE_set_digests(e, skf_digests) ||
!ENGINE_set_ciphers(e, skf_ciphers) ||
!ENGINE_set_load_pubkey_function(e, skf_load_pubkey) ||
!ENGINE_set_ECDSA(e, &skf_sm2sign) ||
!ENGINE_set_ECDSA(e, NULL) || //FIXME
!ENGINE_set_RSA(e, &skf_rsa) ||
!ENGINE_set_RAND(e, &skf_random)) {
!ENGINE_set_RAND(e, &skf_rand)) {
return 0;
}

37
engines/e_skf_err.c
View File

@@ -70,6 +70,7 @@
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
static ERR_STRING_DATA ESKF_str_functs[] = {
{ERR_FUNC(ESKF_F_DEV_AUTH), "DEV_AUTH"},
{ERR_FUNC(ESKF_F_OPEN_APP), "OPEN_APP"},
{ERR_FUNC(ESKF_F_OPEN_CONTAINER), "OPEN_CONTAINER"},
{ERR_FUNC(ESKF_F_OPEN_DEV), "OPEN_DEV"},
@@ -89,11 +90,47 @@ static ERR_STRING_DATA ESKF_str_functs[] = {
{ERR_FUNC(ESKF_F_SKF_SM3_FINAL), "SKF_SM3_FINAL"},
{ERR_FUNC(ESKF_F_SKF_SM3_INIT), "SKF_SM3_INIT"},
{ERR_FUNC(ESKF_F_SKF_SM3_UPDATE), "SKF_SM3_UPDATE"},
{ERR_FUNC(ESKF_F_VERIFY_PIN), "VERIFY_PIN"},
{0, NULL}
};
static ERR_STRING_DATA ESKF_str_reasons[] = {
{ERR_REASON(ESKF_R_APP_ALREADY_OPENED), "app already opened"},
{ERR_REASON(ESKF_R_APP_NOT_OPENED), "app not opened"},
{ERR_REASON(ESKF_R_CONTAINER_ALREADY_OPENED), "container already opened"},
{ERR_REASON(ESKF_R_CONTAINER_NOT_OPENED), "container not opened"},
{ERR_REASON(ESKF_R_DEV_ALREADY_AUTHENTICATED),
"dev already authenticated"},
{ERR_REASON(ESKF_R_DEV_ALREADY_CONNECTED), "dev already connected"},
{ERR_REASON(ESKF_R_DEV_IS_NOT_CONNECTED), "dev is not connected"},
{ERR_REASON(ESKF_R_DEV_NOT_AUTHENCATED), "dev not authencated"},
{ERR_REASON(ESKF_R_DEV_NOT_AUTHENTICATED), "dev not authenticated"},
{ERR_REASON(ESKF_R_DEV_NOT_CONNECTED), "dev not connected"},
{ERR_REASON(ESKF_R_GEN_RANDOM_FAILED), "gen random failed"},
{ERR_REASON(ESKF_R_INVALID_CONTAINER_TYPE), "invalid container type"},
{ERR_REASON(ESKF_R_INVALID_CTRL_CMD), "invalid ctrl cmd"},
{ERR_REASON(ESKF_R_NOT_IMPLEMENTED), "not implemented"},
{ERR_REASON(ESKF_R_PIN_NOT_VERIFIED), "pin not verified"},
{ERR_REASON(ESKF_R_SKF_CLOSE_HANDLE_FAILED), "skf close handle failed"},
{ERR_REASON(ESKF_R_SKF_CONNECT_DEV_FAILED), "skf connect dev failed"},
{ERR_REASON(ESKF_R_SKF_DEV_AUTH_FAILED), "skf dev auth failed"},
{ERR_REASON(ESKF_R_SKF_DIGEST_FINAL_FAILED), "skf digest final failed"},
{ERR_REASON(ESKF_R_SKF_DIGEST_INIT_FAILED), "skf digest init failed"},
{ERR_REASON(ESKF_R_SKF_DIGEST_UPDATE_FAILED), "skf digest update failed"},
{ERR_REASON(ESKF_R_SKF_DIS_CONNNECT_DEV_FAILED),
"skf dis connnect dev failed"},
{ERR_REASON(ESKF_R_SKF_EXPORT_PUBLIC_KEY_FAILED),
"skf export public key failed"},
{ERR_REASON(ESKF_R_SKF_GEN_RANDOM_FAILED), "skf gen random failed"},
{ERR_REASON(ESKF_R_SKF_GET_CONTAINER_TYPE_FAILED),
"skf get container type failed"},
{ERR_REASON(ESKF_R_SKF_GET_DEV_INFO_FAILED), "skf get dev info failed"},
{ERR_REASON(ESKF_R_SKF_OPEN_APPLICATION_FAILED),
"skf open application failed"},
{ERR_REASON(ESKF_R_SKF_OPEN_CONTAINER_FAILED),
"skf open container failed"},
{ERR_REASON(ESKF_R_SKF_SET_SYMMKEY_FAILED), "skf set symmkey failed"},
{ERR_REASON(ESKF_R_SKF_VERIFY_PIN_FAILED), "skf verify pin failed"},
{0, NULL}
};

31
engines/e_skf_err.h
View File

@@ -69,6 +69,7 @@ static void ERR_ESKF_error(int function, int reason, char *file, int line);
/* Error codes for the ESKF functions. */
/* Function codes. */
# define ESKF_F_DEV_AUTH 119
# define ESKF_F_OPEN_APP 100
# define ESKF_F_OPEN_CONTAINER 101
# define ESKF_F_OPEN_DEV 102
@@ -88,9 +89,39 @@ static void ERR_ESKF_error(int function, int reason, char *file, int line);
# define ESKF_F_SKF_SM3_FINAL 116
# define ESKF_F_SKF_SM3_INIT 117
# define ESKF_F_SKF_SM3_UPDATE 118
# define ESKF_F_VERIFY_PIN 120
/* Reason codes. */
# define ESKF_R_APP_ALREADY_OPENED 101
# define ESKF_R_APP_NOT_OPENED 102
# define ESKF_R_CONTAINER_ALREADY_OPENED 103
# define ESKF_R_CONTAINER_NOT_OPENED 104
# define ESKF_R_DEV_ALREADY_AUTHENTICATED 105
# define ESKF_R_DEV_ALREADY_CONNECTED 106
# define ESKF_R_DEV_IS_NOT_CONNECTED 107
# define ESKF_R_DEV_NOT_AUTHENCATED 108
# define ESKF_R_DEV_NOT_AUTHENTICATED 109
# define ESKF_R_DEV_NOT_CONNECTED 110
# define ESKF_R_GEN_RANDOM_FAILED 111
# define ESKF_R_INVALID_CONTAINER_TYPE 112
# define ESKF_R_INVALID_CTRL_CMD 113
# define ESKF_R_NOT_IMPLEMENTED 100
# define ESKF_R_PIN_NOT_VERIFIED 114
# define ESKF_R_SKF_CLOSE_HANDLE_FAILED 124
# define ESKF_R_SKF_CONNECT_DEV_FAILED 115
# define ESKF_R_SKF_DEV_AUTH_FAILED 116
# define ESKF_R_SKF_DIGEST_FINAL_FAILED 125
# define ESKF_R_SKF_DIGEST_INIT_FAILED 126
# define ESKF_R_SKF_DIGEST_UPDATE_FAILED 127
# define ESKF_R_SKF_DIS_CONNNECT_DEV_FAILED 128
# define ESKF_R_SKF_EXPORT_PUBLIC_KEY_FAILED 117
# define ESKF_R_SKF_GEN_RANDOM_FAILED 118
# define ESKF_R_SKF_GET_CONTAINER_TYPE_FAILED 119
# define ESKF_R_SKF_GET_DEV_INFO_FAILED 120
# define ESKF_R_SKF_OPEN_APPLICATION_FAILED 121
# define ESKF_R_SKF_OPEN_CONTAINER_FAILED 122
# define ESKF_R_SKF_SET_SYMMKEY_FAILED 129
# define ESKF_R_SKF_VERIFY_PIN_FAILED 123
#ifdef __cplusplus
}

1
include/openssl/ffx.h Symbolic link
View File

@@ -0,0 +1 @@
../../crypto/ffx/ffx.h

1
include/openssl/paillier.h Symbolic link
View File

@@ -0,0 +1 @@
../../crypto/paillier/paillier.h

1
test/ffxtest.c Symbolic link
View File

@@ -0,0 +1 @@
../crypto/ffx/ffxtest.c

1
test/pailliertest.c Symbolic link
View File

@@ -0,0 +1 @@
../crypto/paillier/pailliertest.c

17
util/libeay.num
View File

@@ -4414,20 +4414,3 @@ X509_VERIFY_PARAM_add1_host 4771 EXIST::FUNCTION:
EC_GROUP_get_mont_data 4772 EXIST::FUNCTION:EC
i2d_re_X509_tbs 4773 EXIST::FUNCTION:
EVP_PKEY_asn1_set_item 4774 EXIST::FUNCTION:
sm3_update 4775 EXIST::FUNCTION:
sm3_compress 4776 EXIST::FUNCTION:
sm3_final 4777 EXIST::FUNCTION:
sm3 4778 EXIST::FUNCTION:
sm3_init 4779 EXIST::FUNCTION:
EVP_sm3 4780 EXIST::FUNCTION:SM3
sms4_cbc_encrypt 4781 EXIST::FUNCTION:
EVP_sms4_ofb 4782 EXIST::FUNCTION:SMS4
sms4_ofb128_encrypt 4783 EXIST::FUNCTION:
EVP_sms4_ecb 4784 EXIST::FUNCTION:SMS4
EVP_sms4_cfb128 4785 EXIST::FUNCTION:SMS4
sms4_set_encrypt_key 4786 EXIST::FUNCTION:
sms4_encrypt 4787 EXIST::FUNCTION:
EVP_sms4_cbc 4788 EXIST::FUNCTION:SMS4
sms4_ecb_encrypt 4789 EXIST::FUNCTION:
sms4_cfb128_encrypt 4790 EXIST::FUNCTION:
sms4_set_decrypt_key 4791 EXIST::FUNCTION:

27
util/mk1mf.pl
View File

@@ -108,10 +108,9 @@ foreach (@ARGV)
print STDERR <<"EOF";
and [options] can be one of
no-md2 no-md4 no-md5 no-sha no-mdc2 - Skip this digest
no-ripemd no-sm3
no-ripemd
no-rc2 no-rc4 no-rc5 no-idea no-des - Skip this symetric cipher
no-bf no-cast no-aes no-camellia no-seed
no-sms4 no-zuc
no-rsa no-dsa no-dh - Skip this public key cipher
no-ssl2 no-ssl3 - Skip this version of SSL
just-ssl - remove all non-ssl keys/digest
@@ -121,9 +120,6 @@ and [options] can be one of
no-ec - No EC
no-ecdsa - No ECDSA
no-ecdh - No ECDH
no-ecies - No ECIES
no-sm2 - No SM2
no-cpk - No CPK
no-engine - No engine
no-hw - No hw
nasm - Use NASM for x86 asm
@@ -296,12 +292,6 @@ $cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake;
$cflags.=" -DOPENSSL_NO_EC2M" if $no_ec2m;
$cflags.= " -DZLIB" if $zlib_opt;
$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
$cflags.=" -DOPENSSL_NO_SM2" if $no_sm2;
$cflags.=" -DOPENSSL_NO_SM3" if $no_sm3;
$cflags.=" -DOPENSSL_NO_SMS4" if $no_sms4;
$cflags.=" -DOPENSSL_NO_ZUC" if $no_zuc;
$cflags.=" -DOPENSSL_NO_ECIES" if $no_ecies;
$cflags.=" -DOPENSSL_NO_CPK" if $no_cpk;
if ($no_static_engine)
{
@@ -924,13 +914,6 @@ sub var_add
@a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
@a=grep(!/(^sm2)|(_sm2$)/,@a) if $no_sm2;
@a=grep(!/(^sm3)|(_sm3$)/,@a) if $no_sm3;
@a=grep(!/(^sms4)|(_sms4$)/,@a) if $no_sms4;
@a=grep(!/(^zuc)|(_zuc$)/,@a) if $no_zuc;
@a=grep(!/(^ecies)|(_ecies$)/,@a) if $no_ecies;
@a=grep(!/(^cpk)|(_cpk$)/,@a) if $no_cpk;
grep($_="$dir/$_",@a);
@a=grep(!/(^|\/)s_/,@a) if $no_sock;
@a=grep(!/(^|\/)bio_sock/,@a) if $no_sock;
@@ -1257,13 +1240,7 @@ sub read_options
"no-unit-test" => 0,
"no-libunbound" => 0,
"no-multiblock" => 0,
"fips" => \$fips,
"no-sm2" => \$no_sm2,
"no-sm3" => \$no_sm3,
"no-sms4" => \$no_sms4,
"no-zuc" => \$no_zuc
"no-ecies" => \$no_ecies
"no-cpk" => \$no_cpk
"fips" => \$fips
);
if (exists $valid_options{$_})

28
util/mkdef.pl
View File

@@ -83,8 +83,8 @@ my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
"SHA256", "SHA512", "RIPEMD", "SM3", "SMS4",
"MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "EC2M", "ECIES",
"SHA256", "SHA512", "RIPEMD",
"MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "EC2M",
"HMAC", "AES", "CAMELLIA", "SEED", "GOST",
# EC_NISTP_64_GCC_128
"EC_NISTP_64_GCC_128",
@@ -146,7 +146,6 @@ my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc;
my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
my $no_unit_test; my $no_ssl3_method;
my $no_sm3; my $no_sms4; my $no_zuc; my $no_ecies; my $no_cpk; my $no_sm2;
my $fips;
@@ -249,12 +248,6 @@ foreach (@ARGV, split(/ /, $options))
elsif (/^no-sctp$/) { $no_sctp=1; }
elsif (/^no-srtp$/) { $no_srtp=1; }
elsif (/^no-unit-test$/){ $no_unit_test=1; }
elsif (/^no-sm2$/) { $no_sm2=1; }
elsif (/^no-sm3$/) { $no_sm3=1; }
elsif (/^no-sms4$/) { $no_sms4=1; }
elsif (/^no-zuc$/) { $no_zuc=1; }
elsif (/^no-ecies$/) { $no_ecies=1; }
elsif (/^no-cpk$/) { $no_cpk=1; }
}
@@ -361,14 +354,6 @@ $crypto.=" crypto/jpake/jpake.h";
$crypto.=" crypto/modes/modes.h";
$crypto.=" crypto/srp/srp.h";
$crypto.=" crypto/sm2/sm2.h"; # unless $no_sm2;
$crypto.=" crypto/sm3/sm3.h"; # unless $no_sm3;
$crypto.=" crypto/sms4/sms4.h"; # unless $no_sms4;
$crypto.=" crypto/zuc/zuc.h"; # unless $no_zuc;
$crypto.=" crypto/ecies/ecies.h";
$crypto.=" crypto/ecies/kdf.h";
$crypto.=" crypto/ecies/cpk.h";
my $symhacks="crypto/symhacks.h";
my @ssl_symbols = &do_defs("SSLEAY", $ssl, $symhacks);
@@ -988,9 +973,6 @@ sub do_defs
$a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/);
$a .= ",RSA" if($s =~ /RSAPrivateKey/);
$a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/);
$a .= ",SM3" if($s =~ /EVP_sm3/);
$a .= ",SMS4" if($s =~ /EVP_sms4/);
$a .= ",ZUC" if($s =~ /EVP_zuc/);
$platform{$s} =
&reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p);
@@ -1242,12 +1224,6 @@ sub is_valid
if ($keyword eq "SRTP" && $no_srtp) { return 0; }
if ($keyword eq "UNIT_TEST" && $no_unit_test) { return 0; }
if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
if ($keyword eq "SM2" && $no_sm2) { return 0; }
if ($keyword eq "SM3" && $no_sm3) { return 0; }
if ($keyword eq "SMS4" && $no_sms4) { return 0; }
if ($keyword eq "ZUC" && $no_zuc) { return 0; }
if ($keyword eq "ECIES" && $no_ecies) { return 0; }
if ($keyword eq "CPK" && $no_cpk) { return 0; }
# Nothing recognise as true
return 1;

12
util/mkfiles.pl
View File

@@ -64,12 +64,20 @@ my @dirs = (
"crypto/whrlpool",
"crypto/ts",
"crypto/srp",
"crypto/sm1",
"crypto/sm2",
"crypto/sm3",
"crypto/sms4",
"crypto/zuc",
"crypto/ssf33",
"crypto/kdf",
"crypto/ecies",
"crypto/cpk",
"crypto/sm2",
"crypto/skf",
"crypto/cbcmac",
"crypto/otp",
"crypto/sm9",
"crypto/paillier",
"crypto/ffx",
"ssl",
"apps",
"engines",

3
util/sp-diff.pl
View File

@@ -12,8 +12,7 @@
$line=0;
foreach $a ("md2","md4","md5","sha","sha1","rc4","des cfb","des cbc","des ede3",
"idea cfb","idea cbc","rc2 cfb","rc2 cbc","blowfish cbc","cast cbc",
"sm3","sms4 cfb","sms4 cbc","zuc")
"idea cfb","idea cbc","rc2 cfb","rc2 cbc","blowfish cbc","cast cbc")
{
if (defined($one{$a,8}) && defined($two{$a,8}))
{