diff --git a/Makefile b/Makefile index ba331f45..3b155926 100644 --- a/Makefile +++ b/Makefile @@ -11,11 +11,11 @@ SHLIB_VERSION_NUMBER=1.0.0 SHLIB_VERSION_HISTORY= SHLIB_MAJOR=1 SHLIB_MINOR=0.0 -SHLIB_EXT=.$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib -PLATFORM=darwin64-x86_64-cc -OPTIONS=--prefix=/usr/local/ --openssldir=/usr/local/openssl/ no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-unit-test no-zlib no-zlib-dynamic static-engine -CONFIGURE_ARGS=darwin64-x86_64-cc --prefix=/usr/local/ --openssldir=/usr/local/openssl/ -SHLIB_TARGET=darwin-shared +SHLIB_EXT= +PLATFORM=dist +OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-unit-test no-zlib no-zlib-dynamic static-engine +CONFIGURE_ARGS=dist +SHLIB_TARGET= # HERE indicates where this Makefile lives. This can be used to indicate # where sub-Makefiles are expected to be. Currently has very limited usage, @@ -26,10 +26,10 @@ HERE=. # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/. # Normally it is left empty. INSTALL_PREFIX= -INSTALLTOP=/usr/local +INSTALLTOP=/usr/local/ssl # Do not edit this manually. Use Configure --openssldir=DIR do change this! -OPENSSLDIR=/usr/local/openssl +OPENSSLDIR=/usr/local/ssl # NO_IDEA - Define to build without the IDEA algorithm # NO_RC4 - Define to build without the RC4 algorithm @@ -60,9 +60,9 @@ OPENSSLDIR=/usr/local/openssl # PKCS1_CHECK - pkcs1 tests. CC= cc -CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM +CFLAG= -O DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -PEX_LIBS= -Wl,-search_paths_first +PEX_LIBS= EX_LIBS= EXE_EXT= ARFLAGS= @@ -88,23 +88,23 @@ ASFLAG=$(CFLAG) PROCESSOR= # CPUID module collects small commonly used assembler snippets -CPUID_OBJ= x86_64cpuid.o -BN_ASM= x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -EC_ASM= ecp_nistz256.o ecp_nistz256-x86_64.o +CPUID_OBJ= mem_clr.o +BN_ASM= bn_asm.o +EC_ASM= DES_ENC= des_enc.o fcrypt_b.o -AES_ENC= aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +AES_ENC= aes_core.o aes_cbc.o BF_ENC= bf_enc.o CAST_ENC= c_enc.o RC4_ENC= rc4_enc.o rc4_skey.o RC5_ENC= rc5_enc.o -MD5_ASM_OBJ= md5-x86_64.o -SHA1_ASM_OBJ= sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +MD5_ASM_OBJ= +SHA1_ASM_OBJ= RMD160_ASM_OBJ= -WP_ASM_OBJ= wp-x86_64.o -CMLL_ENC= cmll-x86_64.o cmll_misc.o -MODES_ASM_OBJ= ghash-x86_64.o aesni-gcm-x86_64.o +WP_ASM_OBJ= wp_block.o +CMLL_ENC= camellia.o cmll_misc.o cmll_cbc.o +MODES_ASM_OBJ= ENGINES_ASM_OBJ= -PERLASM_SCHEME= macosx +PERLASM_SCHEME= # KRB5 stuff KRB5_INCLUDES= @@ -178,8 +178,8 @@ LIBS= libcrypto.a libssl.a SHARED_CRYPTO=libcrypto$(SHLIB_EXT) SHARED_SSL=libssl$(SHLIB_EXT) SHARED_LIBS= -SHARED_LIBS_LINK_EXTS=.$(SHLIB_MAJOR).dylib .dylib -SHARED_LDFLAGS=-arch x86_64 -dynamiclib +SHARED_LIBS_LINK_EXTS= +SHARED_LDFLAGS= GENERAL= Makefile BASENAME= gmssl diff --git a/Makefile.bak b/Makefile.bak index ed514496..ba331f45 100644 --- a/Makefile.bak +++ b/Makefile.bak @@ -151,7 +151,7 @@ SDIRS= \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ cms pqueue ts srp cmac \ - sm2 sm3 sms4 ecies cpk zuc cbcmac + sm2 sm3 sms4 ecies cpk zuc cbcmac otp # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments... diff --git a/crypto/cbcmac/cbcmactest.c b/crypto/cbcmac/cbcmactest.c new file mode 100644 index 00000000..e12b9cd1 --- /dev/null +++ b/crypto/cbcmac/cbcmactest.c @@ -0,0 +1,4 @@ +#include + + + diff --git a/crypto/opensslconf.h b/crypto/opensslconf.h index 937a2de5..15487c9f 100644 --- a/crypto/opensslconf.h +++ b/crypto/opensslconf.h @@ -5,9 +5,6 @@ extern "C" { #endif /* OpenSSL was configured with the following options: */ -#ifndef OPENSSL_SYSNAME_MACOSX -# define OPENSSL_SYSNAME_MACOSX -#endif #ifndef OPENSSL_DOING_MAKEDEPEND @@ -50,9 +47,6 @@ extern "C" { #endif /* OPENSSL_DOING_MAKEDEPEND */ -#ifndef OPENSSL_THREADS -# define OPENSSL_THREADS -#endif #ifndef OPENSSL_NO_DYNAMIC_ENGINE # define OPENSSL_NO_DYNAMIC_ENGINE #endif @@ -100,8 +94,6 @@ extern "C" { # endif #endif -#define OPENSSL_CPUID_OBJ - /* crypto/opensslconf.h.in */ /* Generate 80386 code? */ @@ -109,8 +101,8 @@ extern "C" { #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) -#define ENGINESDIR "/usr/local/lib/engines" -#define OPENSSLDIR "/usr/local/openssl" +#define ENGINESDIR "/usr/local/ssl/lib/engines" +#define OPENSSLDIR "/usr/local/ssl" #endif #endif @@ -148,7 +140,7 @@ extern "C" { * This enables code handling data aligned at natural CPU word * boundary. See crypto/rc4/rc4_enc.c for further details. */ -#define RC4_CHUNK unsigned long +#undef RC4_CHUNK #endif #endif @@ -156,7 +148,7 @@ extern "C" { /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG -#define DES_LONG unsigned int +#define DES_LONG unsigned long #endif #endif @@ -167,9 +159,9 @@ extern "C" { /* Should we define BN_DIV2W here? */ /* Only one for the following should be defined */ -#define SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT_LONG #undef SIXTY_FOUR_BIT -#undef THIRTY_TWO_BIT +#define THIRTY_TWO_BIT #endif #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) @@ -211,7 +203,7 @@ extern "C" { /* Unroll the inner loop, this sometimes helps, sometimes hinders. * Very mucy CPU dependant */ #ifndef DES_UNROLL -#define DES_UNROLL +#undef DES_UNROLL #endif /* These default values were supplied by diff --git a/crypto/otp/a.out b/crypto/otp/a.out new file mode 100755 index 00000000..7cdc6975 Binary files /dev/null and b/crypto/otp/a.out differ diff --git a/crypto/otp/otp.c b/crypto/otp/otp.c index 9d9f05f4..ddc44081 100644 --- a/crypto/otp/otp.c +++ b/crypto/otp/otp.c @@ -1,6 +1,7 @@ #include #include #include +#include #include #include #include @@ -45,11 +46,12 @@ int OTP_generate(const OTP_PARAMS *params, const void *event, size_t eventlen, unsigned char s[EVP_MAX_MD_SIZE]; size_t slen; uint32_t od; - int i; + int i, n; OPENSSL_assert(sizeof(time_t) == 8); if (!check_params(params)) { + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); return 0; } @@ -58,11 +60,12 @@ int OTP_generate(const OTP_PARAMS *params, const void *event, size_t eventlen, idlen = 16; } if (!(id = OPENSSL_malloc(idlen))) { + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); goto end; } bzero(id, idlen); - t = time(NULL); + t = time(NULL) + params->offset; t /= params->te; memcpy(id, &t, sizeof(t)); @@ -108,7 +111,9 @@ int OTP_generate(const OTP_PARAMS *params, const void *event, size_t eventlen, OPENSSL_assert(slen % 4 == 0); od = 0; - for (i = 0; i < slen/4; i++) { + + n = (int)slen; + for (i = 0; i < n/4; i++) { od += GETU32(&s[i * 4]); } diff --git a/crypto/otp/otp.h b/crypto/otp/otp.h index 0df443b1..4b3d482f 100644 --- a/crypto/otp/otp.h +++ b/crypto/otp/otp.h @@ -64,6 +64,8 @@ typedef struct OTP_PARAMS_st { void *option; size_t option_size; int otp_digits; + /* adjust the clock in seconds */ + int offset; } OTP_PARAMS; /* OTP reference to the GM/T OTP specification diff --git a/crypto/otp/otptest.c b/crypto/otp/otptest.c new file mode 100644 index 00000000..de16dc1e --- /dev/null +++ b/crypto/otp/otptest.c @@ -0,0 +1,30 @@ +#include +#include +#include +#include +#include + + +int main(int argc, char **argv) +{ + OTP_PARAMS params; + unsigned char key[] = {1,2,3,4,5,6,7,8,1,2,3,4,5,6,7,8}; + unsigned char event[] = "this is a fixed value"; + unsigned int otp; + + params.type = NID_sm3; + params.te = 60; + params.option = NULL; + params.option_size = 0; + params.otp_digits = 6; + + OpenSSL_add_all_algorithms(); + + if (!OTP_generate(¶ms, event, sizeof(event), &otp, key, sizeof(key))) { + printf("OTP_generate() failed\n"); + return -1; + } + + printf("OTP = %06u\n", otp); + return 0; +} diff --git a/crypto/sm2/sm2.h b/crypto/sm2/sm2.h index d24ceb8b..b8e0e1d7 100644 --- a/crypto/sm2/sm2.h +++ b/crypto/sm2/sm2.h @@ -83,12 +83,16 @@ int SM2_compute_id_digest(const EVP_MD *md, unsigned char *dgst, typedef struct sm2_enc_params_st { - EVP_MD *kdf_md; - EVP_MD *mac_md; + const EVP_MD *kdf_md; + const EVP_MD *mac_md; int mactag_size; point_conversion_form_t point_form; } SM2_ENC_PARAMS; +#define SM2_ENC_PARAMS_mactag_size(params) \ + ((params)->mactag_size<0 ? EVP_MD_size((params)->mac_md) : (params->mactag_size)) + + typedef struct sm2_ciphertext_value_st { EC_POINT *ephem_point; unsigned char *ciphertext; @@ -98,15 +102,13 @@ typedef struct sm2_ciphertext_value_st { } SM2_CIPHERTEXT_VALUE; int SM2_CIPHERTEXT_VALUE_size(const EC_GROUP *ec_group, - point_conversion_form_t point_form, size_t mlen, - const EVP_MD *mac_md); + const SM2_ENC_PARAMS *params, size_t mlen); void SM2_CIPHERTEXT_VALUE_free(SM2_CIPHERTEXT_VALUE *cv); int SM2_CIPHERTEXT_VALUE_encode(const SM2_CIPHERTEXT_VALUE *cv, - const EC_GROUP *ec_group, point_conversion_form_t point_form, + const EC_GROUP *ec_group, const SM2_ENC_PARAMS *params, unsigned char *buf, size_t *buflen); SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode(const EC_GROUP *ec_group, - point_conversion_form_t point_form, const EVP_MD *mac_md, - const unsigned char *buf, size_t buflen); + const SM2_ENC_PARAMS *params, const unsigned char *buf, size_t buflen); int i2d_SM2_CIPHERTEXT_VALUE(const SM2_CIPHERTEXT_VALUE *c, unsigned char **out); SM2_CIPHERTEXT_VALUE *d2i_SM2_CIPHERTEXT_VALUE(SM2_CIPHERTEXT_VALUE **c, const unsigned char **in, long len); diff --git a/crypto/sm2/sm2_enc.c b/crypto/sm2/sm2_enc.c index bf89e3ac..c1c86ea9 100644 --- a/crypto/sm2/sm2_enc.c +++ b/crypto/sm2/sm2_enc.c @@ -61,34 +61,33 @@ #include #include "sm2.h" -int SM2_CIPHERTEXT_VALUE_size(const EC_GROUP *ec_group, - point_conversion_form_t point_form, size_t mlen, - const EVP_MD *mac_md) +int SM2_CIPHERTEXT_VALUE_size(const EC_GROUP *group, + const SM2_ENC_PARAMS *params, size_t mlen) { int ret = 0; - EC_POINT *point = EC_POINT_new(ec_group); - BN_CTX *bn_ctx = BN_CTX_new(); - size_t len; + EC_KEY *ec_key = NULL; + size_t len = 0; - if (!point || !bn_ctx) { + if (!(ec_key = EC_KEY_new())) { goto end; } - -#if 0 - //FIXME: len will be 1 !!! - if (!(len = EC_POINT_point2oct(ec_group, point, point_form, - NULL, 0, bn_ctx))) { + if (!EC_KEY_set_group(ec_key, group)) { goto end; } -#endif - len = 1 + 2 * ((EC_GROUP_get_degree(ec_group) + 7)/8); - len += mlen + EVP_MD_size(mac_md); + if (!EC_KEY_generate_key(ec_key)) { + goto end; + } + len += EC_POINT_point2oct(group, EC_KEY_get0_public_key(ec_key), + params->point_form, NULL, 0, NULL); + len += mlen; + len += params->mactag_size < 0 ? EVP_MD_size(params->mac_md) : + params->mactag_size; + + ret = (int)len; - ret = len; end: - if (point) EC_POINT_free(point); - if (bn_ctx) BN_CTX_free(bn_ctx); - return ret; + EC_KEY_free(ec_key); + return ret; } void SM2_CIPHERTEXT_VALUE_free(SM2_CIPHERTEXT_VALUE *cv) @@ -100,7 +99,7 @@ void SM2_CIPHERTEXT_VALUE_free(SM2_CIPHERTEXT_VALUE *cv) } int SM2_CIPHERTEXT_VALUE_encode(const SM2_CIPHERTEXT_VALUE *cv, - const EC_GROUP *ec_group, point_conversion_form_t point_form, + const EC_GROUP *ec_group, const SM2_ENC_PARAMS *params, unsigned char *buf, size_t *buflen) { int ret = 0; @@ -112,7 +111,7 @@ int SM2_CIPHERTEXT_VALUE_encode(const SM2_CIPHERTEXT_VALUE *cv, } if (!(ptlen = EC_POINT_point2oct(ec_group, cv->ephem_point, - point_form, NULL, 0, bn_ctx))) { + params->point_form, NULL, 0, bn_ctx))) { goto end; } cvlen = ptlen + cv->ciphertext_size + cv->mactag_size; @@ -127,13 +126,15 @@ int SM2_CIPHERTEXT_VALUE_encode(const SM2_CIPHERTEXT_VALUE *cv, } if (!(ptlen = EC_POINT_point2oct(ec_group, cv->ephem_point, - point_form, buf, *buflen, bn_ctx))) { + params->point_form, buf, *buflen, bn_ctx))) { goto end; } buf += ptlen; memcpy(buf, cv->ciphertext, cv->ciphertext_size); buf += cv->ciphertext_size; - memcpy(buf, cv->mactag, cv->mactag_size); + if (cv->mactag_size > 0) { + memcpy(buf, cv->mactag, cv->mactag_size); + } *buflen = cvlen; ret = 1; @@ -142,8 +143,8 @@ end: return ret; } -SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode(const EC_GROUP *ec_group, - point_conversion_form_t point_form, const EVP_MD *mac_md, +SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode( + const EC_GROUP *ec_group, const SM2_ENC_PARAMS *params, const unsigned char *buf, size_t buflen) { int ok = 0; @@ -156,7 +157,7 @@ SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode(const EC_GROUP *ec_group, return NULL; } - if (!(fixlen = SM2_CIPHERTEXT_VALUE_size(ec_group, point_form, 0, mac_md))) { + if (!(fixlen = SM2_CIPHERTEXT_VALUE_size(ec_group, params, 0))) { fprintf(stderr, "%s %d\n", __FILE__, __LINE__); goto end; } @@ -179,7 +180,7 @@ SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode(const EC_GROUP *ec_group, goto end; } - ptlen = fixlen - EVP_MD_size(mac_md); + ptlen = fixlen - SM2_ENC_PARAMS_mactag_size(params); if (!EC_POINT_oct2point(ec_group, ret->ephem_point, buf, ptlen, bn_ctx)) { fprintf(stderr, "%s %d\n", __FILE__, __LINE__); ERR_print_errors_fp(stdout); @@ -187,9 +188,10 @@ SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode(const EC_GROUP *ec_group, } memcpy(ret->ciphertext, buf + ptlen, ret->ciphertext_size); - ret->mactag_size = EVP_MD_size(mac_md); - memcpy(ret->mactag, buf + buflen - ret->mactag_size, ret->mactag_size); - + ret->mactag_size = SM2_ENC_PARAMS_mactag_size(params); + if (ret->mactag_size > 0) { + memcpy(ret->mactag, buf + buflen - ret->mactag_size, ret->mactag_size); + } ok = 1; end: @@ -248,8 +250,7 @@ int SM2_encrypt(const SM2_ENC_PARAMS *params, SM2_CIPHERTEXT_VALUE *cv = NULL; int len; - if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group, - params->point_form, inlen, params->mac_md))) { + if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group, params, inlen))) { goto end; } @@ -264,8 +265,7 @@ int SM2_encrypt(const SM2_ENC_PARAMS *params, if (!(cv = SM2_do_encrypt(params, in, inlen, ec_key))) { goto end; } - if (!SM2_CIPHERTEXT_VALUE_encode(cv, ec_group, - params->point_form, out, outlen)) { + if (!SM2_CIPHERTEXT_VALUE_encode(cv, ec_group, params, out, outlen)) { goto end; } @@ -386,30 +386,34 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const SM2_ENC_PARAMS *params, for (i = 0; i < inlen; i++) { cv->ciphertext[i] ^= in[i]; } - - /* A7: C3 = Hash(x2 || M || y2) */ - if (!EVP_DigestInit_ex(md_ctx, params->mac_md, NULL)) { - goto end; - } - if (!EVP_DigestUpdate(md_ctx, buf + 1, nbytes)) { - goto end; - } - if (!EVP_DigestUpdate(md_ctx, in, inlen)) { - goto end; - } - if (!EVP_DigestUpdate(md_ctx, buf + 1 + nbytes, nbytes)) { - goto end; - } - if (!EVP_DigestFinal_ex(md_ctx, dgst, &dgstlen)) { - goto end; - } - /* GmSSL specific: reduce mactag size */ - if (params->mactag_size > dgstlen) { - goto end; + if (params->mactag_size) { + + /* A7: C3 = Hash(x2 || M || y2) */ + if (!EVP_DigestInit_ex(md_ctx, params->mac_md, NULL)) { + goto end; + } + if (!EVP_DigestUpdate(md_ctx, buf + 1, nbytes)) { + goto end; + } + if (!EVP_DigestUpdate(md_ctx, in, inlen)) { + goto end; + } + if (!EVP_DigestUpdate(md_ctx, buf + 1 + nbytes, nbytes)) { + goto end; + } + if (!EVP_DigestFinal_ex(md_ctx, dgst, &dgstlen)) { + goto end; + } + + /* GmSSL specific: reduce mactag size */ + if (params->mactag_size > dgstlen) { + goto end; + } + + cv->mactag_size = params->mactag_size; + memcpy(cv->mactag, dgst, cv->mactag_size); } - cv->mactag_size = params->mactag_size; - memcpy(cv->mactag, dgst, cv->mactag_size); ok = 1; @@ -438,7 +442,7 @@ int SM2_decrypt(const SM2_ENC_PARAMS *params, SM2_CIPHERTEXT_VALUE *cv = NULL; int len; - if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group, params->point_form, 0, params->mac_md))) { + if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group, params, 0))) { fprintf(stderr, "%s %d\n", __FILE__, __LINE__); goto end; } @@ -455,7 +459,7 @@ int SM2_decrypt(const SM2_ENC_PARAMS *params, return 0; } - if (!(cv = SM2_CIPHERTEXT_VALUE_decode(ec_group, params->point_form, params->mac_md, in, inlen))) { + if (!(cv = SM2_CIPHERTEXT_VALUE_decode(ec_group, params, in, inlen))) { fprintf(stderr, "%s %d\n", __FILE__, __LINE__); goto end; } @@ -486,8 +490,6 @@ int SM2_do_decrypt(const SM2_ENC_PARAMS *params, unsigned char buf[(OPENSSL_ECC_MAX_FIELD_BITS + 7)/4 + 1]; unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; - unsigned char dgst[EVP_MAX_MD_SIZE]; - unsigned int dgstlen; int nbytes; size_t size; int i; @@ -556,30 +558,33 @@ int SM2_do_decrypt(const SM2_ENC_PARAMS *params, } *outlen = cv->ciphertext_size; - /* B6: check Hash(x2 || M || y2) == C3 */ - if (!EVP_DigestInit_ex(md_ctx, params->mac_md, NULL)) { - goto end; - } - if (!EVP_DigestUpdate(md_ctx, buf + 1, nbytes)) { - goto end; - } - if (!EVP_DigestUpdate(md_ctx, out, *outlen)) { - goto end; - } - if (!EVP_DigestUpdate(md_ctx, buf + 1 + nbytes, nbytes)) { - goto end; - } - if (!EVP_DigestFinal_ex(md_ctx, mac, &maclen)) { - goto end; - } + if (params->mactag_size) { - /* GmSSL specific */ - if (params->mactag_size > maclen) { - goto end; - } - if (cv->mactag_size != params->mactag_size || - memcmp(mac, cv->mactag, cv->mactag_size)) { - goto end; + /* B6: check Hash(x2 || M || y2) == C3 */ + if (!EVP_DigestInit_ex(md_ctx, params->mac_md, NULL)) { + goto end; + } + if (!EVP_DigestUpdate(md_ctx, buf + 1, nbytes)) { + goto end; + } + if (!EVP_DigestUpdate(md_ctx, out, *outlen)) { + goto end; + } + if (!EVP_DigestUpdate(md_ctx, buf + 1 + nbytes, nbytes)) { + goto end; + } + if (!EVP_DigestFinal_ex(md_ctx, mac, &maclen)) { + goto end; + } + + /* GmSSL specific */ + if (params->mactag_size > maclen) { + goto end; + } + if (cv->mactag_size != params->mactag_size || + memcmp(mac, cv->mactag, cv->mactag_size)) { + goto end; + } } ret = 1; @@ -643,5 +648,3 @@ int SM2_decrypt_elgamal(const unsigned char *in, size_t inlen, return SM2_decrypt(¶ms, in, inlen, out, outlen, ec_key); } - - diff --git a/crypto/sm2/sm2_lib.c b/crypto/sm2/sm2_lib.c index 064c457b..3b36ac46 100644 --- a/crypto/sm2/sm2_lib.c +++ b/crypto/sm2/sm2_lib.c @@ -130,8 +130,6 @@ int sm2_get_public_key_data(unsigned char *buf, EC_KEY *ec_key) BIGNUM *y = NULL; size_t len; - unsigned char *pbuf = buf; - if (!ec_key || !buf) { return 0; } @@ -288,10 +286,11 @@ int SM2_compute_message_digest(const EVP_MD *id_md, const EVP_MD *msg_md, goto err; } - if (!EVP_DigestFinal_ex(&md_ctx, dgst, &dgstlen)) { + if (!EVP_DigestFinal_ex(&md_ctx, dgst, &len)) { goto err; } + *dgstlen = len; ret = 1; err: EVP_MD_CTX_cleanup(&md_ctx); diff --git a/demos/otp/Makefile b/demos/otp/Makefile new file mode 100644 index 00000000..8e10cf6b --- /dev/null +++ b/demos/otp/Makefile @@ -0,0 +1,5 @@ +all: + gcc mkgen.c ../../libcrypto.a -o mkgen + gcc tkgen.c ../../libcrypto.a -o tkgen +clean: + rm -fr mkgen tkgen diff --git a/demos/otp/mkgen.c b/demos/otp/mkgen.c new file mode 100644 index 00000000..fc66755e --- /dev/null +++ b/demos/otp/mkgen.c @@ -0,0 +1,21 @@ +#include +#include +#include +#include +#include + +int main(int argc, char **argv) +{ + unsigned char mk[32]; + int i; + + RAND_bytes(mk, sizeof(mk)); + + for (i = 0; i < sizeof(mk); i++) { + printf("%02x", mk[i]); + } + printf("\n"); + + return 0; +} + diff --git a/demos/otp/tkgen.c b/demos/otp/tkgen.c new file mode 100644 index 00000000..c90b22ee --- /dev/null +++ b/demos/otp/tkgen.c @@ -0,0 +1,49 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +int main(int argc, char **argv) +{ + char *prog; + char *id; + char *mk; + int offset; + OTP_PARAMS params; + unsigned int otp; + + prog = basename(argv[0]); + + if (argc < 3) { + printf("usage: %s []\n", prog); + return 0; + } + + id = argv[1]; + mk = argv[2]; + + if (argc > 3) + offset = atoi(argv[3]); + + params.type = NID_sm3; + params.te = 60; + params.option = "end"; + params.option_size = strlen(params.option); + params.otp_digits = 6; + params.offset = offset; + + OpenSSL_add_all_algorithms(); + if (!OTP_generate(¶ms, id, strlen(id), &otp, (unsigned char *)mk, strlen(mk))) { + fprintf(stderr, "failed\n"); + } + + printf("OTP = %06u\n", otp); + return 0; +} + diff --git a/engines/skf/a.out b/engines/skf/a.out deleted file mode 100755 index 922ed0d8..00000000 Binary files a/engines/skf/a.out and /dev/null differ diff --git a/engines/skf/skf_softtoken.c b/engines/skf/skf_dummy.c similarity index 94% rename from engines/skf/skf_softtoken.c rename to engines/skf/skf_dummy.c index a59eaac0..3d475362 100644 --- a/engines/skf/skf_softtoken.c +++ b/engines/skf/skf_dummy.c @@ -10,7 +10,6 @@ #define CONTAINER_NAME_LIST CONTAINER_NAME"\0" - ULONG DEVAPI SKF_WaitForDevEvent(LPSTR szDevName, ULONG *pulDevNameLen, ULONG *pulEvent) { diff --git a/engines/skf/skf_impl.o b/engines/skf/skf_impl.o deleted file mode 100644 index 890bb3e5..00000000 Binary files a/engines/skf/skf_impl.o and /dev/null differ diff --git a/engines/skf/skftest.o b/engines/skf/skftest.o deleted file mode 100644 index 278a9031..00000000 Binary files a/engines/skf/skftest.o and /dev/null differ diff --git a/tools/c_rehash b/tools/c_rehash index 27a6921d..6a27c022 100644 --- a/tools/c_rehash +++ b/tools/c_rehash @@ -3,8 +3,8 @@ # Perl c_rehash script, scan all files in a directory # and add symbolic links to their hash values. -my $dir = "/usr/local/openssl"; -my $prefix = "/usr/local"; +my $dir = "/usr/local/ssl"; +my $prefix = "/usr/local/ssl"; my $openssl = $ENV{OPENSSL} || "openssl"; my $pwd;