abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-17 10:23:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

paillier pen support

Browse Source 
and some bug fixes
This commit is contained in:
Zhi Guan
2017-03-16 12:33:31 +08:00
parent 29ba25b7e4
commit 3090de8951
26 changed files with 375 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Configure
View File

@@ -444,6 +444,12 @@ our %disabled = ( # "what" => "comment"
"weak-ssl-ciphers" => "default",
"zlib" => "default",
"zlib-dynamic" => "default",
"zuc" => "default",
"sm9" => "default",
"bfibe" => "default",
"bb1ibe" => "default",
"saf" => "default",
"sof" => "default",
);
# Note: => pair form used for aesthetics, not to truly make a hash table

3
crypto/asn1/asn1_err.c
View File

@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -95,6 +95,7 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},
{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
{ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"},
{ERR_FUNC(ASN1_F_I2D_PAILLIER_PUBKEY), "i2d_PAILLIER_PUBKEY"},
{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
{ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"},
{ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"},

2
crypto/evp/evp_err.c
View File

@@ -68,6 +68,7 @@ static ERR_STRING_DATA EVP_str_functs[] = {
{ERR_FUNC(EVP_F_EVP_PKEY_GET0_DSA), "EVP_PKEY_get0_DSA"},
{ERR_FUNC(EVP_F_EVP_PKEY_GET0_EC_KEY), "EVP_PKEY_get0_EC_KEY"},
{ERR_FUNC(EVP_F_EVP_PKEY_GET0_HMAC), "EVP_PKEY_get0_hmac"},
{ERR_FUNC(EVP_F_EVP_PKEY_GET0_PAILLIER), "EVP_PKEY_get0_PAILLIER"},
{ERR_FUNC(EVP_F_EVP_PKEY_GET0_RSA), "EVP_PKEY_get0_RSA"},
{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"},
{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"},
@@ -118,6 +119,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"},
{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY), "expecting a dsa key"},
{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"},
{ERR_REASON(EVP_R_EXPECTING_A_PAILLIER), "expecting a paillier"},
{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"},
{ERR_REASON(EVP_R_ILLEGAL_SCRYPT_PARAMETERS),
"illegal scrypt parameters"},

29
crypto/evp/p_lib.c
View File

@@ -17,6 +17,7 @@
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/dh.h>
#include <openssl/paillier.h>
#include <openssl/engine.h>
#include "internal/asn1_int.h"
@@ -331,6 +332,34 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
}
#endif
#ifndef OPENSSL_NO_PAILLIER
int EVP_PKEY_set1_PAILLIER(EVP_PKEY *pkey, PAILLIER *key)
{
int ret = EVP_PKEY_assign_PAILLIER(pkey, key);
if (ret)
PAILLIER_up_ref(key);
return ret;
}
PAILLIER *EVP_PKEY_get0_PAILLIER(EVP_PKEY *pkey)
{
if (pkey->type != EVP_PKEY_PAILLIER) {
EVPerr(EVP_F_EVP_PKEY_GET0_PAILLIER, EVP_R_EXPECTING_A_PAILLIER);
return NULL;
}
return pkey->pkey.paillier;
}
PAILLIER *EVP_PKEY_get1_PAILLIER(EVP_PKEY *pkey)
{
PAILLIER *ret = EVP_PKEY_get0_PAILLIER(pkey);
if (ret != NULL)
PAILLIER_up_ref(ret);
return ret;
}
#endif
#ifndef OPENSSL_NO_DH
int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)

3
crypto/include/internal/evp_int.h
View File

@@ -369,6 +369,9 @@ struct evp_pkey_st {
# endif
# ifndef OPENSSL_NO_EC
struct ec_key_st *ec; /* ECC */
# endif
# ifndef OPENSSL_NO_PAILLIER
struct paillier_st *paillier;
# endif
} pkey;
int save_parameters;

12
crypto/paillier/pai_asn1.c
View File

@@ -70,15 +70,15 @@ static int paillier_cb(int operation, ASN1_VALUE **pval,
return 1;
}
ASN1_SEQUENCE_cb(PAILLIER_PRIVATE_KEY, paillier_cb) = {
ASN1_SEQUENCE_cb(PaillierPrivateKey, paillier_cb) = {
ASN1_SIMPLE(PAILLIER, n, BIGNUM),
ASN1_SIMPLE(PAILLIER, lambda, BIGNUM),
ASN1_SIMPLE(PAILLIER, x, BIGNUM)
} ASN1_SEQUENCE_END_cb(PAILLIER, PAILLIER_PRIVATE_KEY)
} ASN1_SEQUENCE_END_cb(PAILLIER, PaillierPrivateKey)
ASN1_SEQUENCE_cb(PAILLIER_PUBLIC_KEY, paillier_cb) = {
ASN1_SEQUENCE_cb(PaillierPublicKey, paillier_cb) = {
ASN1_SIMPLE(PAILLIER, n, BIGNUM)
} ASN1_SEQUENCE_END_cb(PAILLIER, PAILLIER_PUBLIC_KEY)
} ASN1_SEQUENCE_END_cb(PAILLIER, PaillierPublicKey)
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(PAILLIER, PAILLIER_PRIVATE_KEY, PAILLIER_PRIVATE_KEY)
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(PAILLIER, PAILLIER_PUBLIC_KEY, PAILLIER_PUBLIC_KEY)
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(PAILLIER, PaillierPrivateKey, PaillierPrivateKey)
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(PAILLIER, PaillierPublicKey, PaillierPublicKey)

7
crypto/paillier/pai_lcl.h
View File

@@ -50,6 +50,8 @@
#ifndef HEADER_PAI_LCL_H
#define HEADER_PAI_LCL_H
#include "e_os.h"
struct paillier_st {
int bits;
BIGNUM *n; /* public key */
@@ -57,6 +59,11 @@ struct paillier_st {
BIGNUM *n_squared; /* online */
BIGNUM *n_plusone; /* online */
BIGNUM *x; /* online */
int references;
int flags;
CRYPTO_EX_DATA ex_data;
CRYPTO_RWLOCK *lock;
};
#endif

13
crypto/paillier/pai_lib.c
View File

@@ -145,6 +145,8 @@ int PAILLIER_generate_key(PAILLIER *key, int bits)
} while (0);
ret = 1;
end:
BN_clear_free(p);
BN_clear_free(q);
@@ -345,3 +347,14 @@ end:
return 0;
}
int PAILLIER_up_ref(PAILLIER *r)
{
int i;
if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0)
return 0;
REF_PRINT_COUNT("PAILLIER", r);
REF_ASSERT_ISNT(i < 2);
return ((i > 1) ? 1 : 0);
}

3
crypto/pem/build.info
View File

@@ -1,4 +1,5 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
pem_sign.c pem_info.c pem_lib.c pem_all.c pem_err.c \
pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c
pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c \
pem3.c

108
crypto/pem/pem3.c Normal file
View File

@@ -0,0 +1,108 @@
/* ====================================================================
* Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
#include <openssl/pem.h>
#include <openssl/pem3.h>
#include <openssl/paillier.h>
/*
extern PAILLIER *EVP_PKEY_get1_PAILLIER(EVP_PKEY *key);
extern int i2d_PAILLIER_PUBKEY(PAILLIER *a, unsigned char **p);
extern PAILLIER *d2i_PAILLIER_PUBKEY(PAILLIER **a, const unsigned char **p, long len);
*/
#ifndef OPENSSL_NO_PAILLIER
static PAILLIER *pkey_get_paillier(EVP_PKEY *key, PAILLIER **paillier)
{
PAILLIER *rtmp;
if (!key)
return NULL;
rtmp = EVP_PKEY_get1_PAILLIER(key);
EVP_PKEY_free(key);
if (!rtmp)
return NULL;
if (paillier) {
PAILLIER_free(*paillier);
*paillier = rtmp;
}
return rtmp;
}
PAILLIER *PEM_read_bio_PaillierPrivateKey(BIO *bp, PAILLIER **paillier,
pem_password_cb *cb, void *u)
{
EVP_PKEY *pktmp;
pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
return pkey_get_paillier(pktmp, paillier);
}
# ifndef OPENSSL_NO_STDIO
PAILLIER *PEM_read_PaillierPrivateKey(FILE *fp, PAILLIER **paillier,
pem_password_cb *cb, void *u)
{
EVP_PKEY *pktmp;
pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
return pkey_get_paillier(pktmp, paillier);
}
# endif
IMPLEMENT_PEM_write_cb_const(PaillierPrivateKey, PAILLIER, PEM_STRING_PAILLIER,
PaillierPrivateKey)
IMPLEMENT_PEM_rw_const(PaillierPublicKey, PAILLIER, PEM_STRING_PAILLIER_PUBLIC,
PaillierPublicKey)
IMPLEMENT_PEM_rw(PAILLIER_PUBKEY, PAILLIER, PEM_STRING_PUBLIC, PAILLIER_PUBKEY)
#endif

2
crypto/saf/saf_ec.c
View File

@@ -622,5 +622,3 @@ int SAF_EccVerifySignFile(
{
return SAR_OK;
}

17
crypto/sm2/sm2_enc.c
View File

@@ -238,7 +238,7 @@ SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode(
goto end;
}
if (buflen <= fixlen) {
if (buflen <= (size_t)fixlen) {
ECerr(EC_F_SM2_CIPHERTEXT_VALUE_DECODE, EC_R_BUFFER_TOO_SMALL);
goto end;
}
@@ -260,7 +260,7 @@ SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode(
//FIXME
ptlen = fixlen - SM2_ENC_PARAMS_mactag_size(params);
#endif
ptlen = fixlen; //FIXME
ptlen = (int)fixlen; //FIXME
if (!EC_POINT_oct2point(ec_group, ret->ephem_point, buf, ptlen, bn_ctx)) {
ECerr(EC_F_SM2_CIPHERTEXT_VALUE_DECODE, EC_R_OCT2POINT_FAILED);
goto end;
@@ -290,7 +290,7 @@ int SM2_CIPHERTEXT_VALUE_print(BIO *out, const EC_GROUP *ec_group,
int ret = 0;
char *hex = NULL;
BN_CTX *ctx = BN_CTX_new();
int i;
size_t i;
if (!ctx) {
goto end;
@@ -382,7 +382,7 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const SM2_ENC_PARAMS *params,
unsigned int dgstlen;
int mactag_size;
size_t len;
int i;
size_t i;
if (!ec_group || !pub_key) {
ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_INVALID_EC_KEY);
@@ -513,7 +513,7 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const SM2_ENC_PARAMS *params,
}
/* GmSSL specific: reduce mactag size */
if (mactag_size > dgstlen) {
if (mactag_size > dgstlen) {
ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR);
goto end;
}
@@ -554,7 +554,7 @@ int SM2_decrypt(const SM2_ENC_PARAMS *params,
ECerr(EC_F_SM2_DECRYPT, EC_R_ERROR);
goto end;
}
if (inlen <= len) {
if (inlen <= len) {
ECerr(EC_F_SM2_DECRYPT, EC_R_ERROR);
goto end;
}
@@ -673,7 +673,7 @@ int SM2_do_decrypt(const SM2_ENC_PARAMS *params,
/* B5: compute M = C2 xor t */
for (i = 0; i < cv->ciphertext_size; i++) {
for (i = 0; i < cv->ciphertext_size; i++) {
out[i] ^= cv->ciphertext[i];
}
*outlen = cv->ciphertext_size;
@@ -704,7 +704,7 @@ int SM2_do_decrypt(const SM2_ENC_PARAMS *params,
}
/* GmSSL specific */
if (mactag_size > maclen) {
if (mactag_size > (int)maclen) {
ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR);
goto end;
}
@@ -742,4 +742,3 @@ int SM2_decrypt_with_recommended(const unsigned char *in, size_t inlen,
SM2_ENC_PARAMS_init_with_recommended(&params);
return SM2_decrypt(&params, in, inlen, out, outlen, ec_key);
}

9
crypto/sm2/sm2_kap.c
View File

@@ -60,6 +60,7 @@ int SM2_KAP_CTX_init(SM2_KAP_CTX *ctx,
{
int ret = 0;
int w;
size_t len;
if (!ctx || !ec_key || !remote_pubkey) {
ECerr(EC_F_SM2_KAP_CTX_INIT, ERR_R_PASSED_NULL_PARAMETER);
@@ -87,22 +88,26 @@ int SM2_KAP_CTX_init(SM2_KAP_CTX *ctx,
goto end;
}
len = ctx->id_dgstlen;
if (!SM2_compute_id_digest(ctx->id_dgst_md, id, idlen,
ctx->id_dgst, &ctx->id_dgstlen, ec_key)) {
ctx->id_dgst, &len, ec_key)) {
ECerr(EC_F_SM2_KAP_CTX_INIT, 0);
goto end;
}
ctx->id_dgstlen = len;
if (!(ctx->ec_key = EC_KEY_dup(ec_key))) {
ECerr(EC_F_SM2_KAP_CTX_INIT, ERR_R_EC_LIB);
goto end;
}
len = ctx->remote_id_dgstlen;
if (!SM2_compute_id_digest(ctx->id_dgst_md, rid, ridlen,
ctx->remote_id_dgst, &ctx->remote_id_dgstlen, remote_pubkey)) {
ctx->remote_id_dgst, &len, remote_pubkey)) {
ECerr(EC_F_SM2_KAP_CTX_INIT, 0);
goto end;
}
ctx->remote_id_dgstlen = len;
if (!(ctx->remote_pubkey = EC_KEY_dup(remote_pubkey))) {
ECerr(EC_F_SM2_KAP_CTX_INIT, 0);

8
crypto/sm9/sm9_enc.c
View File

@@ -431,7 +431,7 @@ int SM9_unwrap_key(SM9PublicParameters *mpk, size_t keylen,
}
/* is outkey is all zero, return failed */
for (i = 0; (i < keylen) && (outkey[i] == 0); i++) {
for (i = 0; (i < keylen) && (outkey[i] == 0); i++) {
}
if (i == keylen) {
SM9err(SM9_F_SM9_UNWRAP_KEY, ERR_R_EC_LIB);
@@ -630,7 +630,7 @@ static int SM9EncParameters_decrypt(const SM9EncParameters *encparams,
/* output iv */
iv = in;
ivlen = EVP_CIPHER_iv_length(encparams->enc_cipher);
if (inlen <= ivlen) {
if (inlen <= (size_t)ivlen) {
SM9err(SM9_F_SM9ENCPARAMETERS_DECRYPT, SM9_R_INVALID_CIPHERTEXT);
goto end;
}
@@ -948,7 +948,7 @@ int SM9_do_decrypt(SM9PublicParameters *mpk, const SM9EncParameters *encparams,
*outlen = in->c2->length;
return 1;
}
if (*outlen < in->c2->length) {
if (*outlen < in->c2->length) {
SM9err(SM9_F_SM9_DO_DECRYPT, SM9_R_BUFFER_TOO_SMALL);
return 0;
}
@@ -1065,7 +1065,7 @@ int SM9_decrypt(SM9PublicParameters *mpk, const SM9EncParameters *encparams,
return 0;
}
p = &in;
p = in;
if (!(c = d2i_SM9Ciphertext(NULL, &p, inlen))) {
SM9err(SM9_F_SM9_DECRYPT, ERR_R_SM9_LIB);
goto end;

9
crypto/sm9/sm9_sign.c
View File

@@ -457,7 +457,7 @@ int SM9_sign(SM9PublicParameters *mpk, const unsigned char *dgst,
return 0;
}
p = &sig;
p = sig;
if (i2d_SM9Signature(sigobj, &p) < 0) {
SM9err(SM9_F_SM9_SIGN, ERR_R_SM9_LIB);
goto end;
@@ -493,10 +493,10 @@ int SM9_verify(SM9PublicParameters *mpk, const unsigned char *dgst,
return 0;
}
p = &sig;
p = sig;
if (!(sigobj = d2i_SM9Signature(NULL, &p, siglen))) {
SM9err(SM9_F_SM9_VERIFY, ERR_R_SM9_LIB);
return 0;
goto end;
}
ret = SM9_do_verify(mpk, dgst, dgstlen, sigobj, id, idlen);
@@ -504,6 +504,5 @@ int SM9_verify(SM9PublicParameters *mpk, const unsigned char *dgst,
end:
SM9Signature_free(sigobj);
return 0;
return ret;
}

41
crypto/x509/x_pubkey.c
View File

@@ -16,6 +16,7 @@
#include "internal/x509_int.h"
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/paillier.h>
struct X509_pubkey_st {
X509_ALGOR *algor;
@@ -255,6 +256,46 @@ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
}
#endif
#ifndef OPENSSL_NO_PAILLIER
PAILLIER *d2i_PAILLIER_PUBKEY(PAILLIER **a, const unsigned char **pp, long length)
{
EVP_PKEY *pkey;
PAILLIER *key;
const unsigned char *q;
q = *pp;
pkey = d2i_PUBKEY(NULL, &q, length);
if (!pkey)
return NULL;
key = EVP_PKEY_get1_PAILLIER(pkey);
EVP_PKEY_free(pkey);
if (!key)
return NULL;
*pp = q;
if (a) {
PAILLIER_free(*a);
*a = key;
}
return key;
}
int i2d_PAILLIER_PUBKEY(PAILLIER *a, unsigned char **pp)
{
EVP_PKEY *pktmp;
int ret;
if (!a)
return 0;
pktmp = EVP_PKEY_new();
if (pktmp == NULL) {
ASN1err(ASN1_F_I2D_PAILLIER_PUBKEY, ERR_R_MALLOC_FAILURE);
return 0;
}
EVP_PKEY_set1_PAILLIER(pktmp, a);
ret = i2d_PUBKEY(pktmp, pp);
EVP_PKEY_free(pktmp);
return ret;
}
#endif
#ifndef OPENSSL_NO_DSA
DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)
{

22
engines/e_avx2.c
View File

@@ -53,6 +53,8 @@
#include <openssl/evp.h>
#include <openssl/engine.h>
#if (defined(__x86_64) || defined(__x86_64__)) && defined(OPENSSL_CPUID_OBJ)
#endif
static const char *avx2_id = "avx2";
static const char *avx2_name = "ENGINE with Intel AVX2 Intructions";
@@ -81,8 +83,6 @@ static int avx2_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
return 1;
}
/****************************************************************************/
static int avx2_cipher_nids[] = {NID_sms4_ecb, NID_sms4_ctr, 0};
static int avx2_num_ciphers = OSSL_NELEM(avx2_cipher_nids) - 1;
@@ -282,12 +282,18 @@ static ENGINE *engine_avx2(void)
void engine_load_avx2_int(void)
{
ENGINE *eng = NULL;
if (!(eng = engine_avx2())) {
return;
extern unsigned int OPENSSL_ia32cap_P[];
if (OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) {
ENGINE *toadd = ENGINE_rdrand();
ENGINE *eng = NULL;
if (!(eng = engine_avx2())) {
return;
}
ENGINE_add(eng);
ENGINE_free(eng);
ERR_clear_error();
}
ENGINE_add(eng);
ENGINE_free(eng);
ERR_clear_error();
}
#endif /* OPENSSL_NO_DYNAMIC_ENGINE */

1
include/openssl/asn1.h
View File

@@ -956,6 +956,7 @@ int ERR_load_ASN1_strings(void);
# define ASN1_F_I2D_ASN1_BIO_STREAM 211
# define ASN1_F_I2D_DSA_PUBKEY 161
# define ASN1_F_I2D_EC_PUBKEY 181
# define ASN1_F_I2D_PAILLIER_PUBKEY 101
# define ASN1_F_I2D_PRIVATEKEY 163
# define ASN1_F_I2D_PUBLICKEY 164
# define ASN1_F_I2D_RSA_PUBKEY 165

14
include/openssl/evp.h
View File

@@ -100,6 +100,7 @@
# define EVP_PKEY_CMAC NID_cmac
# define EVP_PKEY_TLS1_PRF NID_tls1_prf
# define EVP_PKEY_HKDF NID_hkdf
# define EVP_PKEY_PAILLIER NID_paillier
#ifdef __cplusplus
extern "C" {
@@ -445,6 +446,11 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
(char *)(eckey))
# endif
# ifndef OPENSSL_NO_PAILLIER
# define EVP_PKEY_assign_PAILLIER(pkey,paillier) EVP_PKEY_assign((pkey),EVP_PKEY_PAILLIER,\
(char *)(paillier))
# endif
/* Add some extra combinations */
# define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
# define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
@@ -1000,6 +1006,12 @@ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey);
struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
# endif
# ifndef OPENSSL_NO_PAILLIER
struct paillier_st;
int EVP_PKEY_set1_PAILLIER(EVP_PKEY *pkey, struct paillier_st *key);
struct paillier_st *EVP_PKEY_get0_PAILLIER(EVP_PKEY *pkey);
struct paillier_st *EVP_PKEY_get1_PAILLIER(EVP_PKEY *pkey);
# endif
EVP_PKEY *EVP_PKEY_new(void);
int EVP_PKEY_up_ref(EVP_PKEY *pkey);
@@ -1572,6 +1584,7 @@ int ERR_load_EVP_strings(void);
# define EVP_F_EVP_PKEY_GET0_DSA 120
# define EVP_F_EVP_PKEY_GET0_EC_KEY 131
# define EVP_F_EVP_PKEY_GET0_HMAC 183
# define EVP_F_EVP_PKEY_GET0_PAILLIER 172
# define EVP_F_EVP_PKEY_GET0_RSA 121
# define EVP_F_EVP_PKEY_KEYGEN 146
# define EVP_F_EVP_PKEY_KEYGEN_INIT 147
@@ -1616,6 +1629,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_EXPECTING_A_DH_KEY 128
# define EVP_R_EXPECTING_A_DSA_KEY 129
# define EVP_R_EXPECTING_A_EC_KEY 142
# define EVP_R_EXPECTING_A_PAILLIER 176
# define EVP_R_FIPS_MODE_NOT_SUPPORTED 167
# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171
# define EVP_R_INITIALIZATION_ERROR 134

6
include/openssl/paillier.h
View File

@@ -74,8 +74,10 @@ int PAILLIER_decrypt(BIGNUM *out, const BIGNUM *in, PAILLIER *key);
int PAILLIER_ciphertext_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, PAILLIER *key);
int PAILLIER_ciphertext_scalar_mul(BIGNUM *r, const BIGNUM *scalar, const BIGNUM *a, PAILLIER *key);
DECLARE_ASN1_ENCODE_FUNCTIONS_const(PAILLIER, PAILLIER_PUBLIC_KEY)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(PAILLIER, PAILLIER_PRIVATE_KEY)
int PAILLIER_up_ref(PAILLIER *key);
DECLARE_ASN1_ENCODE_FUNCTIONS_const(PAILLIER, PaillierPrivateKey)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(PAILLIER, PaillierPublicKey)
/* BEGIN ERROR CODES */
/*

12
include/openssl/pem3.h
View File

@@ -79,12 +79,12 @@ extern "C" {
#define PEM_STRING_BB1IBE_MASTER "BB1IBE MASTER SECRET"
#define PEM_STRING_BB1IBE_PRIVATE "BB1IBE PRIVATE KEY"
/*
DECLARE_PEM_rw_cb(PaillierPrivateKey, PAILLIER)
DECLARE_PEM_rw(PaillierPrivateKey, PAILLIER)
DECLARE_PEM_rw_cb(CPK_PUBLIC_PARAM, CPK)
DECLARE_PEM_rw_cb(CPK_PUBLIC_PARAMS, CPK)
*/
# ifndef OPENSSL_NO_PAILLIER
DECLARE_PEM_rw_cb(PAILLIERPrivateKey, PAILLIER)
DECLARE_PEM_rw_const(PAILLIERPublicKey, PAILLIER)
DECLARE_PEM_rw(PAILLIER_PUBKEY, PAILLIER)
# endif
#ifdef __cplusplus

24
include/openssl/x509.h
View File

@@ -26,6 +26,7 @@
# include <openssl/asn1.h>
# include <openssl/safestack.h>
# include <openssl/ec.h>
# include <openssl/paillier.h>
# if OPENSSL_API_COMPAT < 0x10100000L
# include <openssl/rsa.h>
@@ -393,6 +394,14 @@ int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa);
RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa);
# endif
# ifndef OPENSSL_NO_PAILLIER
PAILLIER *d2i_PaillierPrivateKey_fp(FILE *fp, PAILLIER **paillier);
int i2d_PaillierPrivateKey_fp(FILE *fp, PAILLIER *paillier);
PAILLIER *d2i_PaillierPublicKey_fp(FILE *fp, PAILLIER **paillier);
int i2d_PaillierPublicKey_fp(FILE *fp, PAILLIER *paillier);
PAILLIER *d2i_PAILLIER_PUBKEY_fp(FILE *fp, PAILLIER **paillier);
int i2d_PAILLIER_PUBKEY_fp(FILE *fp, PAILLIER *paillier);
# endif
# ifndef OPENSSL_NO_DSA
DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
@@ -431,6 +440,14 @@ int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa);
RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa);
int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa);
# endif
# ifndef OPENSSL_NO_PAILLIER
PAILLIER *d2i_PaillierPrivateKey_bio(BIO *bp, PAILLIER **paillier);
int i2d_PaillierPrivateKey_bio(BIO *bp, PAILLIER *paillier);
PAILLIER *d2i_PaillierPublicKey_bio(BIO *bp, PAILLIER **paillier);
int i2d_PaillierPublicKey_bio(BIO *bp, PAILLIER *paillier);
PAILLIER *d2i_PAILLIER_PUBKEY_bio(BIO *bp, PAILLIER **paillier);
int i2d_PAILLIER_PUBKEY_bio(BIO *bp, PAILLIER *paillier);
# endif
# ifndef OPENSSL_NO_DSA
DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
@@ -513,6 +530,11 @@ DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp);
EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length);
# endif
# ifndef OPENSSL_NO_PAILLIER
int i2d_PAILLIER_PUBKEY(PAILLIER *a, unsigned char **pp);
PAILLIER *d2i_PAILLIER_PUBKEY(PAILLIER **a, const unsigned char **pp, long length);
# endif
DECLARE_ASN1_FUNCTIONS(X509_SIG)
void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
@@ -762,7 +784,7 @@ int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag,
int X509_print_fp(FILE *bp, X509 *x);
int X509_CRL_print_fp(FILE *bp, X509_CRL *x);
int X509_REQ_print_fp(FILE *bp, X509_REQ *req);
int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
int X509_NAMpaillierE_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
unsigned long flags);
# endif

1
test/cpktest.c
View File

@@ -90,7 +90,6 @@ int main(int argc, char **argv)
{
int r, i;
KDF_FUNC kdf = NULL;
EC_GROUP *ec_group = NULL;
EC_KEY *ec_key = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY *pub_key = NULL;

69
test/p Normal file
View File

@@ -0,0 +1,69 @@
#! /usr/bin/env perl
# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use warnings;
use File::Spec::Functions qw/catfile/;
use File::Copy;
use File::Compare qw/compare_text/;
use File::Basename;
use OpenSSL::Test qw/:DEFAULT srctop_file/;
setup("test_enc");
# We do it this way, because setup() may have moved us around,
# so the directory portion of $0 might not be correct any more.
# However, the name hasn't changed.
my $testsrc = srctop_file("test","recipes",basename($0));
my $test = catfile(".", "p");
my $cmd = "gmssl";
my @ciphers =
map { s/^\s+//; s/\s+$//; split /\s+/ }
run(app([$cmd, "list", "-cipher-commands"]), capture => 1);
plan tests => 1 + (scalar @ciphers)*2;
my $init = ok(copy($testsrc,$test));
if (!$init) {
diag("Trying to copy $testsrc to $test : $!");
}
SKIP: {
skip "Not initialized, skipping...", 11 unless $init;
foreach my $c (@ciphers) {
my %variant = ("$c" => [],
"$c base64" => [ "-a" ]);
foreach my $t (sort keys %variant) {
my $cipherfile = "$test.$c.cipher";
my $clearfile = "$test.$c.clear";
my @e = ( "$c", "-bufsize", "113", @{$variant{$t}}, "-e", "-k", "test" );
my @d = ( "$c", "-bufsize", "157", @{$variant{$t}}, "-d", "-k", "test" );
if ($c eq "cat") {
$cipherfile = "$test.cipher";
$clearfile = "$test.clear";
@e = ( "enc", @{$variant{$t}}, "-e" );
@d = ( "enc", @{$variant{$t}}, "-d" );
}
ok(run(app([$cmd, @e, "-in", $test, "-out", $cipherfile]))
&& run(app([$cmd, @d, "-in", $cipherfile, "-out", $clearfile]))
&& compare_text($test,$clearfile) == 0, $t);
unlink $cipherfile, $clearfile;
}
}
}
unlink $test;

3
test/pailliertest.c
View File

@@ -63,7 +63,7 @@ int main(int argc, char **argv)
# include <openssl/evp.h>
# include <openssl/paillier.h>
static int PAILLIER_test(int verbose)
static int test_paillier(int verbose)
{
int ret = 0;
int kbits = 2048;
@@ -179,6 +179,7 @@ end:
int main(int argc, char **argv)
{
int err = 0;
if (!test_paillier(2)) err++;
return err;
}
#endif

92
util/shlib_wrap.sh
View File

@@ -1,92 +0,0 @@
#!/bin/sh
[ $# -ne 0 ] || set -x # debug mode without arguments:-)
THERE="`echo $0 | sed -e 's|[^/]*$||' 2>/dev/null`.."
[ -d "${THERE}" ] || exec "$@" # should never happen...
# Alternative to this is to parse ${THERE}/Makefile...
LIBCRYPTOSO="${THERE}/libcrypto.so"
if [ -f "$LIBCRYPTOSO" ]; then
while [ -h "$LIBCRYPTOSO" ]; do
LIBCRYPTOSO="${THERE}/`ls -l "$LIBCRYPTOSO" | sed -e 's|.*\-> ||'`"
done
SOSUFFIX=`echo ${LIBCRYPTOSO} | sed -e 's|.*\.so||' 2>/dev/null`
LIBSSLSO="${THERE}/libssl.so${SOSUFFIX}"
fi
SYSNAME=`(uname -s) 2>/dev/null`;
case "$SYSNAME" in
SunOS|IRIX*)
# SunOS and IRIX run-time linkers evaluate alternative
# variables depending on target ABI...
rld_var=LD_LIBRARY_PATH
case "`(/usr/bin/file "$LIBCRYPTOSO") 2>/dev/null`" in
*ELF\ 64*SPARC*|*ELF\ 64*AMD64*)
[ -n "$LD_LIBRARY_PATH_64" ] && rld_var=LD_LIBRARY_PATH_64
LD_PRELOAD_64="$LIBCRYPTOSO $LIBSSLSO"; export LD_PRELOAD_64
preload_var=LD_PRELOAD_64
;;
*ELF\ 32*SPARC*|*ELF\ 32*80386*)
# We only need to change LD_PRELOAD_32 and LD_LIBRARY_PATH_32
# on a multi-arch system. Otherwise, trust the fallbacks.
if [ -f /lib/64/ld.so.1 ]; then
[ -n "$LD_LIBRARY_PATH_32" ] && rld_var=LD_LIBRARY_PATH_32
LD_PRELOAD_32="$LIBCRYPTOSO $LIBSSLSO"; export LD_PRELOAD_32
preload_var=LD_PRELOAD_32
fi
;;
# Why are newly built .so's preloaded anyway? Because run-time
# .so lookup path embedded into application takes precedence
# over LD_LIBRARY_PATH and as result application ends up linking
# to previously installed .so's. On IRIX instead of preloading
# newly built .so's we trick run-time linker to fail to find
# the installed .so by setting _RLD_ROOT variable.
*ELF\ 32*MIPS*)
#_RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD_LIST
_RLD_ROOT=/no/such/dir; export _RLD_ROOT
eval $rld_var=\"/usr/lib'${'$rld_var':+:$'$rld_var'}'\"
preload_var=_RLD_LIST
;;
*ELF\ N32*MIPS*)
[ -n "$LD_LIBRARYN32_PATH" ] && rld_var=LD_LIBRARYN32_PATH
#_RLDN32_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLDN32_LIST
_RLDN32_ROOT=/no/such/dir; export _RLDN32_ROOT
eval $rld_var=\"/usr/lib32'${'$rld_var':+:$'$rld_var'}'\"
preload_var=_RLDN32_LIST
;;
*ELF\ 64*MIPS*)
[ -n "$LD_LIBRARY64_PATH" ] && rld_var=LD_LIBRARY64_PATH
#_RLD64_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD64_LIST
_RLD64_ROOT=/no/such/dir; export _RLD64_ROOT
eval $rld_var=\"/usr/lib64'${'$rld_var':+:$'$rld_var'}'\"
preload_var=_RLD64_LIST
;;
esac
eval $rld_var=\"${THERE}'${'$rld_var':+:$'$rld_var'}'\"; export $rld_var
unset rld_var
;;
*) LD_LIBRARY_PATH="${THERE}:$LD_LIBRARY_PATH" # Linux, ELF HP-UX
DYLD_LIBRARY_PATH="${THERE}:$DYLD_LIBRARY_PATH" # MacOS X
SHLIB_PATH="${THERE}:$SHLIB_PATH" # legacy HP-UX
LIBPATH="${THERE}:$LIBPATH" # AIX, OS/2
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH
# Even though $PATH is adjusted [for Windows sake], it doesn't
# necessarily does the trick. Trouble is that with introduction
# of SafeDllSearchMode in XP/2003 it's more appropriate to copy
# .DLLs in vicinity of executable, which is done elsewhere...
if [ "$OSTYPE" != msdosdjgpp ]; then
PATH="${THERE}:$PATH"; export PATH
fi
;;
esac
cmd="$1"; [ -x "$cmd" ] || cmd="$cmd${EXE_EXT}"
shift
if [ $# -eq 0 ]; then
exec "$cmd" # old sh, such as Tru64 4.x, fails to expand empty "$@"
else
exec "$cmd" "$@"
fi