abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-06 16:36:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

start SKF engine

Browse Source
This commit is contained in:
Zhi Guan
2016-04-10 00:01:46 +02:00
parent 5cc6cfdf22
commit 70118dbcae
19 changed files with 778 additions and 234 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
crypto/ffx/Makefile Normal file
View File

@@ -0,0 +1,76 @@
#
# OpenSSL/crypto/ffx/Makefile
#
DIR= ffx
TOP= ../..
CC= cc
INCLUDES=
CFLAG=-g
MAKEFILE= Makefile
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST=
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC=ffx.c
LIBOBJ=ffx.o
SRC= $(LIBSRC)
EXHEADER= ffx.h
HEADER= ../../include/openssl/modes.h $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
tags:
ctags $(SRC)
tests:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.

347
crypto/ffx/ffx.c Normal file
View File

@@ -0,0 +1,347 @@
/* ====================================================================
* Copyright (c) 2015 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
/*
* Format-Preserve Encryption
* implementation of NIST 800-38G FF1 schemes
*
* FPE is used to encrypt strings such as credit card numbers and phone numbers
* the ciphertext is still in valid format, for example:
* FPE_encrypt("13810631266") == "98723498792"
* the output is still 11 digits
*/
#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <assert.h>
#include <inttypes.h>
#include <openssl/err.h>
#include <openssl/aes.h>
#include "ffx.h"
#define FFX_MIN_DIGITS 6
#define FFX_MAX_DIGITS 18
#define FFX_MIN_TWEAKLEN 4
#define FFX_MAX_TWEAKLEN 11
#define FFX_NUM_ROUNDS 10
static uint32_t modulo[] = {
1,
10,
100,
1000,
10000,
100000,
1000000,
10000000,
100000000,
1000000000,
1000000000,
};
int FFX_init(FFX_CTX *ctx, int flag, const unsigned char *key, int keybits)
{
ctx->flag = flag;
if (AES_set_encrypt_key(key, keybits, &ctx->key) < 0) {
fprintf(stderr, "error: %s: %s: %d\n", __FUNCTION__, __FILE__, __LINE__);
return -1;
}
return 0;
}
void FFX_cleanup(FFX_CTX *ctx)
{
memset(ctx, 0, sizeof(*ctx));
}
int FFX_encrypt(FFX_CTX *ctx, const char *in, size_t inlen,
const unsigned char *tweak, size_t tweaklen, char *out)
{
int llen, rlen;
uint32_t lval, rval;
unsigned char pblock[16] = {
0x01, 0x02, 0x01, 0x0a, 0x00, 0x00, 0x0a, 0xff,
0xff, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x00};
unsigned char qblock[16];
char lbuf[FFX_MAX_DIGITS/2 + 2];
uint64_t yval;
int i;
assert(out);
assert(in);
assert(tweak);
if (inlen > strlen(in) ||
inlen < FFX_MIN_DIGITS || inlen > FFX_MAX_DIGITS) {
fprintf(stderr, "%s: invalid digits length\n", __FUNCTION__);
return -1;
}
for (i = 0; i < inlen; i++) {
if (!isdigit(in[i])) {
fprintf(stderr, "%s: invalid digits format\n", __FUNCTION__);
return -1;
}
}
llen = inlen / 2;
rlen = inlen - llen;
if (tweaklen < FFX_MIN_TWEAKLEN || tweaklen > FFX_MAX_TWEAKLEN) {
fprintf(stderr, "%s: invalid tweak length\n", __FUNCTION__);
return -1;
}
memcpy(lbuf, in, llen);
lbuf[llen] = 0;
lval = atoi(lbuf);
rval = atoi(in + llen);
pblock[7] = llen & 0xff;
pblock[8] = inlen & 0xff;
pblock[12] = tweaklen & 0xff;
AES_encrypt(pblock, pblock, &ctx->key);
memset(qblock, 0, sizeof(qblock));
memcpy(qblock, tweak, tweaklen);
for (i = 0; i < FFX_NUM_ROUNDS; i += 2) {
unsigned char rblock[16];
int j;
qblock[11] = i & 0xff;
memcpy(qblock + 12, &rval, sizeof(rval));
for (j = 0; j < sizeof(rblock); j++) {
rblock[j] = pblock[j] ^ qblock[j];
}
AES_encrypt(rblock, rblock, &ctx->key);
yval = *((uint64_t *)rblock) % modulo[llen];
lval = (lval + yval) % modulo[llen];
qblock[11] = (i + 1) & 0xff;
memcpy(qblock + 12, &lval, sizeof(lval));
for (j = 0; j < sizeof(rblock); j++) {
rblock[j] = pblock[j] ^ qblock[j];
}
AES_encrypt(rblock, rblock, &ctx->key);
yval = *((uint64_t *)rblock) % modulo[rlen];
rval = (rval + yval) % modulo[rlen];
}
memset(out, '0', inlen);
sprintf(lbuf, "%d", rval);
memcpy(out + rlen - strlen(lbuf), lbuf, strlen(lbuf));
sprintf(lbuf, "%d", lval);
strcpy(out + inlen - strlen(lbuf), lbuf);
return 0;
}
int FFX_decrypt(FFX_CTX *ctx, const char *in, size_t inlen,
const unsigned char *tweak, size_t tweaklen, char *out)
{
int llen, rlen;
uint32_t lval, rval;
unsigned char pblock[16] = {
0x01, 0x02, 0x01, 0x0a, 0x00, 0x00, 0x0a, 0xff,
0xff, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x00};
unsigned char qblock[16];
char lbuf[FFX_MAX_DIGITS/2 + 2];
uint64_t yval;
int i;
assert(out);
assert(in);
assert(tweak);
if (inlen > strlen(in) ||
inlen < FFX_MIN_DIGITS || inlen > FFX_MAX_DIGITS) {
fprintf(stderr, "%s: invalid digits length\n", __FUNCTION__);
return -1;
}
for (i = 0; i < inlen; i++) {
if (!isdigit(in[i])) {
fprintf(stderr, "%s: invalid digits format\n", __FUNCTION__);
return -1;
}
}
rlen = inlen / 2;
llen = inlen - rlen;
if (tweaklen < FFX_MIN_TWEAKLEN || tweaklen > FFX_MAX_TWEAKLEN) {
fprintf(stderr, "%s: invalid tweak length\n", __FUNCTION__);
return -1;
}
memcpy(lbuf, in, llen);
lbuf[llen] = 0;
lval = atoi(lbuf);
rval = atoi(in + llen);
pblock[7] = rlen & 0xff;
pblock[8] = inlen & 0xff;
pblock[12] = tweaklen & 0xff;
AES_encrypt(pblock, pblock, &ctx->key);
memset(qblock, 0, sizeof(qblock));
memcpy(qblock, tweak, tweaklen);
for (i = FFX_NUM_ROUNDS - 1; i > 0; i -= 2) {
unsigned char rblock[16];
int j;
qblock[11] = i & 0xff;
memcpy(qblock + 12, &rval, sizeof(rval));
for (j = 0; j < sizeof(rblock); j++) {
rblock[j] = pblock[j] ^ qblock[j];
}
AES_encrypt(rblock, rblock, &ctx->key);
yval = *((uint64_t *)rblock) % modulo[llen];
lval = (lval >= yval) ? (lval - yval) : lval + modulo[llen] - yval;
qblock[11] = (i - 1) & 0xff;
memcpy(qblock + 12, &lval, sizeof(lval));
for (j = 0; j < sizeof(rblock); j++) {
rblock[j] = pblock[j] ^ qblock[j];
}
AES_encrypt(rblock, rblock, &ctx->key);
yval = *((uint64_t *)rblock) % modulo[rlen];
rval = (rval >= yval) ? (rval - yval) : rval + modulo[rlen] - yval;
}
memset(out, '0', inlen);
sprintf(lbuf, "%d", rval);
memcpy(out + rlen - strlen(lbuf), lbuf, strlen(lbuf));
sprintf(lbuf, "%d", lval);
strcpy(out + inlen - strlen(lbuf), lbuf);
return 0;
}
static int test()
{
char buf[100];
char buf2[100];
unsigned char key[32] = {0};
unsigned char tweak[8] = { 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38 };
FFX_CTX ctx;
int r;
ERR_load_crypto_strings();
if (FFX_init(&ctx, 0, key, sizeof(key) * 8) < 0) {
ERR_print_errors_fp(stderr);
fprintf(stderr, "%s: %d\n", __FILE__, __LINE__);
return -1;
}
char *in = "99999999999999999";
r = FFX_encrypt(&ctx, in, strlen(in), tweak, sizeof(tweak), buf);
if (r < 0) {
printf("failed\n");
return -1;
}
printf("%s\n", buf);
printf("\n");
r = FFX_decrypt(&ctx, buf, strlen(buf), tweak, sizeof(tweak), buf2);
printf("%s\n", buf2);
return 0;
}
static int luhn_table[10] = {0, 2, 4, 6, 8, 1, 3, 5, 7, 9};
/*
* 7992739871, checksum = 3
*/
int FFX_compute_luhn(const char *in, size_t inlen)
{
int r = 0;
int i;
for (i = inlen - 1; i >= 0; i--) {
int a;
if (!isdigit(in[i])) {
fprintf(stderr, "%s: invalid digit string\n", __FUNCTION__);
return -2;
}
a = in[i] - '0';
if (i % 2 != inlen % 2)
a = luhn_table[a];
r += a;
}
r = ((r * 9) % 10) + '0';
return r;
}
#if 0
int luhn_test()
{
char *digits = "7992739871";
int r = compute_luhn(digits, strlen(digits));
printf("%c", r);
return 0;
}
#endif

79
crypto/ffx/ffx.h Normal file
View File

@@ -0,0 +1,79 @@
/* crypto/ffx/ffx.h */
/* ====================================================================
* Copyright (c) 2015 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#ifndef HEADER_FFX_H
#define HEADER_FFX_H
#include <string.h>
#include <openssl/aes.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct {
int flag;
AES_KEY key;
} FFX_CTX;
int FFX_init(FFX_CTX *ctx, int flag, const unsigned char *key, int keybits);
void FFX_cleanup(FFX_CTX *ctx);
int FFX_encrypt(FFX_CTX *ctx, const char *in, size_t inlen,
const unsigned char *tweak, size_t tweaklen, char *out);
int FFX_decrypt(FFX_CTX *ctx, const char *in, size_t inlen,
const unsigned char *tweak, size_t tweaklen, char *out);
int FFX_compute_luhn(const char *in, size_t inlen);
#ifdef __cplusplus
}
#endif
#endif

BIN
doc/gmssl/sm2.pdf Normal file
View File

Binary file not shown.

3
engines/skf/e_skf.c → engines/e_skf.c
View File

@@ -5,11 +5,12 @@
#include <openssl/engine.h>
#include <openssl/obj_mac.h>
#include <openssl/objects.h>
#include <openssl/ssf33.h>
#include <openssl/sm1.h>
#include <openssl/sm2.h>
#include <openssl/sm3.h>
#include <openssl/sms4.h>
#include <openssl/ssf33.h>
#include <openssl/sm9.h>
#include "skf.h"
#include "e_skf_err.h"

0
engines/skf/e_skf.ec → engines/e_skf.ec
View File

0
engines/skf/e_skf.h → engines/e_skf.h
View File

0
engines/skf/e_skf_err.c → engines/e_skf_err.c
View File

0
engines/skf/e_skf_err.h → engines/e_skf_err.h
View File

156
engines/skf/skf.h
View File

@@ -73,7 +73,7 @@ typedef HANDLE HCONTAINER;
#endif
#ifndef USER_TYPE
#define USER_TYPE 1
#define USER_TYPE 1
#endif
#define MAX_RSA_MODULUS_LEN 256
@@ -215,10 +215,10 @@ ULONG DEVAPI SKF_LockDev(DEVHANDLE hDev,
ULONG ulTimeOut);
ULONG DEVAPI SKF_UnlockDev(DEVHANDLE hDev);
ULONG DEVAPI SKF_Transmit(DEVHANDLE hDev,
BYTE* pbCommand,
BYTE *pbCommand,
ULONG ulCommandLen,
BYTE* pbData,
ULONG* pulDataLen);
BYTE *pbData,
ULONG *pulDataLen);
ULONG DEVAPI SKF_ChangeDevAuthKey(DEVHANDLE hDev,
BYTE *pbKeyValue,
ULONG ulKeyLen);
@@ -276,11 +276,11 @@ ULONG DEVAPI SKF_ReadFile(HAPPLICATION hApplication,
LPSTR szFileName,
ULONG ulOffset,
ULONG ulSize,
BYTE * pbOutData,
BYTE *pbOutData,
ULONG *pulOutLen);
ULONG DEVAPI SKF_WriteFile(HAPPLICATION hApplication,
LPSTR szFileName,
ULONG ulOffset,
ULONG ulOffset,
BYTE *pbData,
ULONG ulSize);
@@ -300,11 +300,11 @@ ULONG DEVAPI SKF_GetContainerType(HCONTAINER hContainer,
ULONG *pulContainerType);
ULONG DEVAPI SKF_ImportCertificate(HCONTAINER hContainer,
BOOL bSignFlag,
BYTE* pbCert,
BYTE *pbCert,
ULONG ulCertLen);
ULONG DEVAPI SKF_ExportCertificate(HCONTAINER hContainer,
BOOL bSignFlag,
BYTE* pbCert,
BYTE *pbCert,
ULONG *pulCertLen);
ULONG DEVAPI SKF_GenRandom(DEVHANDLE hDev,
@@ -324,33 +324,33 @@ ULONG DEVAPI SKF_ImportRSAKeyPair(HCONTAINER hContainer,
ULONG ulEncryptedDataLen);
ULONG DEVAPI SKF_RSASignData(HCONTAINER hContainer,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbSignature,
ULONG ulDataLen,
BYTE *pbSignature,
ULONG *pulSignLen);
ULONG DEVAPI SKF_RSAVerify(DEVHANDLE hDev,
RSAPUBLICKEYBLOB* pRSAPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
RSAPUBLICKEYBLOB *pRSAPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbSignature,
ULONG ulSignLen);
ULONG DEVAPI SKF_RSAExportSessionKey(HCONTAINER hContainer,
ULONG ulAlgId,
RSAPUBLICKEYBLOB *pPubKey,
BYTE *pbData,
ULONG *pulDataLen,
ULONG *pulDataLen,
HANDLE *phSessionKey);
ULONG DEVAPI SKF_ExtRSAPubKeyOperation(DEVHANDLE hDev,
RSAPUBLICKEYBLOB* pRSAPubKeyBlob,
BYTE* pbInput,
RSAPUBLICKEYBLOB *pRSAPubKeyBlob,
BYTE *pbInput,
ULONG ulInputLen,
BYTE* pbOutput,
ULONG* pulOutputLen);
BYTE *pbOutput,
ULONG *pulOutputLen);
ULONG DEVAPI SKF_ExtRSAPriKeyOperation(DEVHANDLE hDev,
RSAPRIVATEKEYBLOB* pRSAPriKeyBlob,
BYTE* pbInput,
RSAPRIVATEKEYBLOB *pRSAPriKeyBlob,
BYTE *pbInput,
ULONG ulInputLen,
BYTE* pbOutput,
ULONG* pulOutputLen);
BYTE *pbOutput,
ULONG *pulOutputLen);
ULONG DEVAPI SKF_GenECCKeyPair(HCONTAINER hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pBlob);
@@ -358,13 +358,13 @@ ULONG DEVAPI SKF_ImportECCKeyPair(HCONTAINER hContainer,
PENVELOPEDKEYBLOB pEnvelopedKeyBlob);
ULONG DEVAPI SKF_ECCSignData(HCONTAINER hContainer,
BYTE *pbData,
ULONG ulDataLen,
ULONG ulDataLen,
PECCSIGNATUREBLOB pSignature);
ULONG DEVAPI SKF_ECCVerify(DEVHANDLE hDev,
ECCPUBLICKEYBLOB* pECCPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
ULONG ulDataLen,
PECCSIGNATUREBLOB pSignature);
ULONG DEVAPI SKF_ECCExportSessionKey(HCONTAINER hContainer,
ULONG ulAlgId,
@@ -372,61 +372,61 @@ ULONG DEVAPI SKF_ECCExportSessionKey(HCONTAINER hContainer,
PECCCIPHERBLOB pData,
HANDLE *phSessionKey);
ULONG DEVAPI SKF_ExtECCEncrypt(DEVHANDLE hDev,
ECCPUBLICKEYBLOB* pECCPubKeyBlob,
BYTE* pbPlainText,
ULONG ulPlainTextLen,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
BYTE *pbPlainText,
ULONG ulPlainTextLen,
PECCCIPHERBLOB pCipherText);
ULONG DEVAPI SKF_ExtECCDecrypt(DEVHANDLE hDev,
ECCPRIVATEKEYBLOB* pECCPriKeyBlob,
PECCCIPHERBLOB pCipherText,
BYTE* pbPlainText,
ULONG* pulPlainTextLen);
ECCPRIVATEKEYBLOB *pECCPriKeyBlob,
PECCCIPHERBLOB pCipherText,
BYTE *pbPlainText,
ULONG *pulPlainTextLen);
ULONG DEVAPI SKF_ExtECCSign(DEVHANDLE hDev,
ECCPRIVATEKEYBLOB* pECCPriKeyBlob,
BYTE* pbData,
ULONG ulDataLen,
ECCPRIVATEKEYBLOB *pECCPriKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
PECCSIGNATUREBLOB pSignature);
ULONG DEVAPI SKF_ExtECCVerify(DEVHANDLE hDev,
ECCPUBLICKEYBLOB* pECCPubKeyBlob,
BYTE* pbData,
ULONG ulDataLen,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
PECCSIGNATUREBLOB pSignature);
ULONG DEVAPI SKF_GenerateAgreementDataWithECC(HCONTAINER hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB* pTempECCPubKeyBlob,
BYTE* pbID,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
HANDLE *phAgreementHandle);
ULONG DEVAPI SKF_GenerateAgreementDataAndKeyWithECC(HANDLE hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB* pSponsorECCPubKeyBlob,
ECCPUBLICKEYBLOB* pSponsorTempECCPubKeyBlob,
ECCPUBLICKEYBLOB* pTempECCPubKeyBlob,
BYTE* pbID,
ULONG ulIDLen,
BYTE *pbSponsorID,
ECCPUBLICKEYBLOB *pSponsorECCPubKeyBlob,
ECCPUBLICKEYBLOB *pSponsorTempECCPubKeyBlob,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
BYTE *pbSponsorID,
ULONG ulSponsorIDLen,
HANDLE *phKeyHandle);
ULONG DEVAPI SKF_GenerateKeyWithECC(HANDLE hAgreementHandle,
ECCPUBLICKEYBLOB* pECCPubKeyBlob,
ECCPUBLICKEYBLOB* pTempECCPubKeyBlob,
BYTE* pbID,
ULONG ulIDLen,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
HANDLE *phKeyHandle);
ULONG DEVAPI SKF_ExportPublicKey(HCONTAINER hContainer,
BOOL bSignFlag,
BYTE* pbBlob,
ULONG* pulBlobLen);
BYTE *pbBlob,
ULONG *pulBlobLen);
ULONG DEVAPI SKF_ImportSessionKey(HCONTAINER hContainer,
ULONG ulAlgId,
BYTE *pbWrapedData,
ULONG ulWrapedLen,
HANDLE *phKey);
ULONG DEVAPI SKF_SetSymmKey(DEVHANDLE hDev,
BYTE* pbKey,
ULONG ulAlgID,
HANDLE* phKey);
ULONG DEVAPI SKF_EncryptInit(HANDLE hKey,
BYTE *pbKey,
ULONG ulAlgID,
HANDLE *phKey);
ULONG DEVAPI SKF_EncryptInit(HANDLE hKey,
BLOCKCIPHERPARAM EncryptParam);
ULONG DEVAPI SKF_Encrypt(HANDLE hKey,
BYTE *pbData,
@@ -434,9 +434,9 @@ ULONG DEVAPI SKF_Encrypt(HANDLE hKey,
BYTE *pbEncryptedData,
ULONG *pulEncryptedLen);
ULONG DEVAPI SKF_EncryptUpdate(HANDLE hKey,
BYTE * pbData,
ULONG ulDataLen,
BYTE *pbEncryptedData,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbEncryptedData,
ULONG *pulEncryptedLen);
ULONG DEVAPI SKF_EncryptFinal(HANDLE hKey,
BYTE *pbEncryptedData,
@@ -444,45 +444,45 @@ ULONG DEVAPI SKF_EncryptFinal(HANDLE hKey,
ULONG DEVAPI SKF_DecryptInit(HANDLE hKey,
BLOCKCIPHERPARAM DecryptParam);
ULONG DEVAPI SKF_Decrypt(HANDLE hKey,
BYTE * pbEncryptedData,
ULONG ulEncryptedLen,
BYTE * pbData,
ULONG * pulDataLen);
BYTE *pbEncryptedData,
ULONG ulEncryptedLen,
BYTE *pbData,
ULONG *pulDataLen);
ULONG DEVAPI SKF_DecryptUpdate(HANDLE hKey,
BYTE * pbEncryptedData,
ULONG ulEncryptedLen,
BYTE * pbData,
ULONG * pulDataLen);
BYTE *pbEncryptedData,
ULONG ulEncryptedLen,
BYTE *pbData,
ULONG *pulDataLen);
ULONG DEVAPI SKF_DecryptFinal(HANDLE hKey,
BYTE *pbDecryptedData,
ULONG *pulDecryptedDataLen);
ULONG DEVAPI SKF_DigestInit(DEVHANDLE hDev,
ULONG ulAlgID,
ECCPUBLICKEYBLOB *pPubKey,
unsigned char *pucID,
ULONG ulIDLen,
ECCPUBLICKEYBLOB *pPubKey,
unsigned char *pucID,
ULONG ulIDLen,
HANDLE *phHash);
ULONG DEVAPI SKF_Digest(HANDLE hHash,
BYTE *pbData,
ULONG ulDataLen,
ULONG ulDataLen,
BYTE *pbHashData,
ULONG *pulHashLen);
ULONG DEVAPI SKF_DigestUpdate(HANDLE hHash,
BYTE *pbData,
ULONG ulDataLen);
ULONG ulDataLen);
ULONG DEVAPI SKF_DigestFinal(HANDLE hHash,
BYTE *pHashData,
ULONG *pulHashLen);
ULONG DEVAPI SKF_MacInit(HANDLE hKey,
BLOCKCIPHERPARAM* pMacParam,
ULONG *pulHashLen);
ULONG DEVAPI SKF_MacInit(HANDLE hKey,
BLOCKCIPHERPARAM *pMacParam,
HANDLE *phMac);
ULONG DEVAPI SKF_Mac(HANDLE hMac,
BYTE* pbData,
ULONG ulDataLen,
BYTE *pbMacData,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbMacData,
ULONG *pulMacLen);
ULONG DEVAPI SKF_MacUpdate(HANDLE hMac,
BYTE * pbData,
BYTE *pbData,
ULONG ulDataLen);
ULONG DEVAPI SKF_MacFinal(HANDLE hMac,
BYTE *pbMacData,

1
engines/skf/skf_impl.c
View File

@@ -1,3 +1,4 @@
#include <stdio.h>
#include <string.h>
#include "skf.h"

BIN
engines/skf/skf_impl.o Normal file
View File

Binary file not shown.

218
ssl/gm_lib.c
View File

@@ -59,6 +59,11 @@
#include <openssl/evp.h>
#include <openssl/gmssl.h>
const char gmssl1_version_str[] - "GMSSLv1" OPENSSL_VERSION_PTEXT;
#define GM1_NUM_CIPHERS (sizeof(gm1_ciphers)/sizeof(SSL_CIPHER))
SSL3_ENC_METHOD GMSSLv1_1_enc_data = {
gmssl_enc,
gmssl_mac,
@@ -78,6 +83,12 @@ SSL3_ENC_METHOD GMSSLv1_1_enc_data = {
ssl3_handshake_write
};
/*
* ECDHE_XXX is the same as ECDHE_ECDSA_XXX in TLS
* ECC_XXX and RSA_XXX is similar with ECDH_ECDSA_XXX, ECDH_RSA_XXX,
* except that the ServerKeyExchange format is not null.
*/
OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
/* Cipher 1 */
@@ -85,15 +96,15 @@ OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
1,
GM1_TXT_ECDHE_SM1_SM3,
GM1_CK_ECDHE_SM1_SM3,
SSL_kEECDH, /* ephemeral ECDH key exchange algorithm bits */
SSL_aSM2, /* auth algor bits */
SSL_SM1, /* symmetric encryption */
SSL_SM3, /* symmetric authentication */
SSL_GMV1_1, /* (major) protocol version */
SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
0, /* number of bits really used */
0, /* number of bits for algorithm */
SSL_kEECDH,
SSL_aSM2,
SSL_SM1,
SSL_SM3,
SSL_GMV1,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 2 */
@@ -101,15 +112,15 @@ OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
1,
GM1_TXT_ECC_SM1_SM3,
GM1_CK_ECC_SM1_SM3,
SSL_kEECDH, /* ephemeral ECDH key exchange algorithm bits */
SSL_aSM2, /* auth algor bits */
SSL_SM1, /* symmetric encryption */
SSL_SM3, /* symmetric authentication */
SSL_GMV1_1, /* (major) protocol version */
SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
0, /* number of bits really used */
0, /* number of bits for algorithm */
SSL_kECDHs,
SSL_aECDH,
SSL_SM1,
SSL_SM3,
SSL_GMV1,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 3 */
@@ -117,15 +128,15 @@ OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
1,
GM1_TXT_IBSDH_SM1_SM3,
GM1_CK_IBSDH_SM1_SM3,
SSL_kEECDH, /* ephemeral ECDH key exchange algorithm bits */
SSL_aSM2, /* auth algor bits */
SSL_SM1, /* symmetric encryption */
SSL_SM3, /* symmetric authentication */
SSL_GMV1_1, /* (major) protocol version */
SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
0, /* number of bits really used */
0, /* number of bits for algorithm */
SSL_kEECDH,
SSL_aSM9,
SSL_SM1,
SSL_SM3,
SSL_GMV1,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 4 */
@@ -133,15 +144,15 @@ OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
1,
GM1_TXT_IBC_SM1_SHA1,
GM1_CK_IBC_SM1_SHA1,
SSL_kEECDH, /* ephemeral ECDH key exchange algorithm bits */
SSL_aSM2, /* auth algor bits */
SSL_SM1, /* symmetric encryption */
SSL_SM3, /* symmetric authentication */
SSL_GMV1_1, /* (major) protocol version */
SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
0, /* number of bits really used */
0, /* number of bits for algorithm */
SSL_kECDHe,
SSL_aSM2,
SSL_SM1,
SSL_SM3,
SSL_GMV1,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 5 */
@@ -149,15 +160,15 @@ OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
1,
GM1_TXT_RSA_SM1_SM3,
GM1_CK_RSA_SM1_SM3,
SSL_kEECDH, /* ephemeral ECDH key exchange algorithm bits */
SSL_aSM2, /* auth algor bits */
SSL_SM1, /* symmetric encryption */
SSL_SM3, /* symmetric authentication */
SSL_GMV1_1, /* (major) protocol version */
SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
0, /* number of bits really used */
0, /* number of bits for algorithm */
SSL_kEECDH,
SSL_aSM2,
SSL_SM1,
SSL_SM3,
SSL_GMV1,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 6 */
@@ -165,15 +176,15 @@ OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
1,
GM1_TXT_RSA_SM1_SHA1,
GM1_CK_RSA_SM1_SHA1,
SSL_kEECDH, /* ephemeral ECDH key exchange algorithm bits */
SSL_aSM2, /* auth algor bits */
SSL_SM1, /* symmetric encryption */
SSL_SM3, /* symmetric authentication */
SSL_GMV1_1, /* (major) protocol version */
SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
0, /* number of bits really used */
0, /* number of bits for algorithm */
SSL_kEECDH,
SSL_aSM2,
SSL_SM1,
SSL_SM3,
SSL_GMV1,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
@@ -182,15 +193,15 @@ OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
1,
GM1_TXT_ECDHE_SM4_SM3,
GM1_CK_ECDHE_SM4_SM3,
SSL_kEECDH, /* ephemeral ECDH key exchange algorithm bits */
SSL_aSM2, /* auth algor bits */
SSL_SM1, /* symmetric encryption */
SSL_SM3, /* symmetric authentication */
SSL_GMV1_1, /* (major) protocol version */
SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
0, /* number of bits really used */
0, /* number of bits for algorithm */
SSL_kEECDH,
SSL_aSM2,
SSL_SM4,
SSL_SM3,
SSL_GMV1,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 8 */
@@ -198,15 +209,15 @@ OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
1,
GM1_TXT_ECC_SM4_SM3,
GM1_CK_ECC_SM4_SM3,
SSL_kEECDH, /* ephemeral ECDH key exchange algorithm bits */
SSL_kECDHe,
SSL_aSM2, /* auth algor bits */
SSL_SM1, /* symmetric encryption */
SSL_SM3, /* symmetric authentication */
SSL_GMV1_1, /* (major) protocol version */
SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
0, /* number of bits really used */
0, /* number of bits for algorithm */
SSL_SM4,
SSL_SM3,
SSL_GMV1,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
@@ -217,13 +228,13 @@ OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
GM1_CK_IBSDH_SM4_SM3,
SSL_kEECDH, /* ephemeral ECDH key exchange algorithm bits */
SSL_aSM2, /* auth algor bits */
SSL_SM1, /* symmetric encryption */
SSL_SM3, /* symmetric authentication */
SSL_GMV1_1, /* (major) protocol version */
SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
0, /* number of bits really used */
0, /* number of bits for algorithm */
SSL_SM4,
SSL_SM3,
SSL_GMV1,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 10 */
@@ -231,32 +242,31 @@ OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
1,
GM1_TXT_IBC_SM4_SM3,
GM1_CK_IBC_SM4_SM3,
SSL_kEECDH, /* ephemeral ECDH key exchange algorithm bits */
SSL_kECDHe, /* fixed ECDH key exchange algorithm bits */
SSL_aSM2, /* auth algor bits */
SSL_SM1, /* symmetric encryption */
SSL_SM3, /* symmetric authentication */
SSL_GMV1_1, /* (major) protocol version */
SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
0, /* number of bits really used */
0, /* number of bits for algorithm */
SSL_SM4,
SSL_SM3,
SSL_GMV1,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 11 */
{
1,
GM1_TXT_RSA_SM4_SM3,
GM1_CK_RSA_SM4_SM3,
SSL_kEECDH, /* ephemeral ECDH key exchange algorithm bits */
SSL_aSM2, /* auth algor bits */
SSL_SM1, /* symmetric encryption */
SSL_SM3, /* symmetric authentication */
SSL_GMV1_1, /* (major) protocol version */
SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
0, /* number of bits really used */
0, /* number of bits for algorithm */
SSL_kRSA,
SSL_aRSA,
SSL_SM4,
SSL_SM3,
SSL_GMV1,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 12 */
@@ -266,16 +276,14 @@ OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
GM1_CK_RSA_SM4_SHA1,
SSL_kEECDH, /* ephemeral ECDH key exchange algorithm bits */
SSL_aSM2, /* auth algor bits */
SSL_SM1, /* symmetric encryption */
SSL_SM3, /* symmetric authentication */
SSL_GMV1_1, /* (major) protocol version */
SSL_NOT_EXP | SSL_STRONG_NONE, /* strength and export flags */
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, /* extra flags */
0, /* number of bits really used */
0, /* number of bits for algorithm */
SSL_SM4,
SSL_SM3,
SSL_GMV1,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
};

14
ssl/ssl_algs.c
View File

@@ -61,7 +61,7 @@
#include <openssl/lhash.h>
#include "ssl_locl.h"
static int _SSL_library_init(void)
int SSL_library_init(void)
{
#ifndef OPENSSL_NO_DES
@@ -137,6 +137,10 @@ static int _SSL_library_init(void)
#ifndef OPENSSL_NO_ECDSA
EVP_add_digest(EVP_ecdsa());
#endif
#ifndef OPENSSL_NO_GMSSL
EVP_add_cipher(EVP_sms4_cbc());
EVP_add_digest(EVP_sm3());
#endif
/* If you want support for phased out ciphers, add the following */
#if 0
@@ -155,11 +159,3 @@ static int _SSL_library_init(void)
return (1);
}
int SSL_library_init(void)
{
EVP_add_cipher(EVP_sms4_cbc());
EVP_add_digest(EVP_sm3());
return _SSL_library_init();
}

37
ssl/ssl_ciph.c
View File

@@ -214,11 +214,17 @@ static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
*/
static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
EVP_PKEY_HMAC, EVP_PKEY_HMAC
EVP_PKEY_HMAC, EVP_PKEY_HMAC,
#ifndef OPENSSL_NO_GMSSL
EVP_PKEY_HMAC
#endif
};
static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
0, 0, 0, 0, 0, 0
0, 0, 0, 0, 0, 0,
#ifndef OPENSSL_NO_GMSSL
0
#endif
};
static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = {
@@ -477,10 +483,11 @@ void ssl_load_ciphers(void)
EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
#ifndef OPENSSL_NO_GMSSL
ssl_cipher_methods[SSL_ENC_SM4_IDX] = EVP_get_cipherbyname(SN_sms4_cbc);
ssl_digest_methods[SSL_MD_SM3_IDX] = EVP_get_digestbyname(SN_sm3);
ssl_cipher_methods[SSL_ENC_SM4_IDX] = EVP_get_cipherbyname(SN_sms4_cbc);
ssl_digest_methods[SSL_MD_SM3_IDX] = EVP_get_digestbyname(SN_sm3);
ssl_mac_secret_size[SSL_MD_SM3_IDX] =
EVP_MD_size(ssl_digest_methods[SSL_MD_SM3_IDX]);
#endif
}
#ifndef OPENSSL_NO_COMP
@@ -604,9 +611,9 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
i = SSL_ENC_AES256GCM_IDX;
break;
#ifndef OPENSSL_NO_GMSSL
case SSL_SM4:
i = SSL_ENC_SM4_IDX;
break;
case SSL_SM4:
i = SSL_ENC_SM4_IDX;
break;
#endif
default:
i = -1;
@@ -642,9 +649,9 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
i = SSL_MD_GOST89MAC_IDX;
break;
#ifndef OPENSSL_NO_GMSSL
case SSL_SM3:
i = SSL_MD_SM3_IDX;
break;
case SSL_SM3:
i = SSL_MD_SM3_IDX;
break;
#endif
default:
i = -1;
@@ -701,10 +708,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
(evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
*enc = evp, *md = NULL;
#ifndef OPENSSL_NO_GMSSL
else if (c->algorithm_enc == SSL_SM4 &&
c->algorithm_mac == SSL_SM3 &&
(evp = EVP_get_cipherbyname("SM4-CBC-HMAC_SM3")))
*enc = evp, *md = NULL;
else if (c->algorithm_enc == SSL_SM4 &&
c->algorithm_mac == SSL_SM3 &&
(evp = EVP_get_cipherbyname("SM4-CBC-HMAC-SM3")))
*enc = evp, *md = NULL;
#endif
return (1);
} else

15
ssl/ssl_locl.h
View File

@@ -354,9 +354,9 @@
# define SSL_SEED 0x00000800L
# define SSL_AES128GCM 0x00001000L
# define SSL_AES256GCM 0x00002000L
#ifndef OPENSSL_NO_GMSSL
# define SSL_SM4 0x00004000L
#endif
# ifndef OPENSSL_NO_GMSSL
# define SSL_SM4 0x00004000L
# endif
# define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)
# define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
@@ -371,15 +371,18 @@
# define SSL_SHA384 0x00000020L
/* Not a real MAC, just an indication it is part of cipher */
# define SSL_AEAD 0x00000040L
#ifndef OPENSSL_NO_GMSSL
# define SSL_SM3 0x00000080L
#endif
# ifndef OPENSSL_NO_GMSSL
# define SSL_SM3 0x00000080L
# endif
/* Bits for algorithm_ssl (protocol version) */
# define SSL_SSLV2 0x00000001UL
# define SSL_SSLV3 0x00000002UL
# define SSL_TLSV1 SSL_SSLV3/* for now */
# define SSL_TLSV1_2 0x00000004UL
# ifndef OPENSSL_NO_GMSSL
// #define SSL_GMV1 0x00000008UL
# endif
/* Bits for algorithm2 (handshake digests and other extra flags) */

6
ssl/ssl_sess.c
View File

@@ -447,6 +447,12 @@ int ssl_get_new_session(SSL *s, int session)
} else if (s->version == DTLS1_2_VERSION) {
ss->ssl_version = DTLS1_2_VERSION;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
#ifndef OPENSSL_NO_GMSSL
} else if (s->version == GMSSL1_1_VERSION) {
ss->ssl_version = GMSSL1_1_VERSION;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
}
#endif
} else {
SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
SSL_SESSION_free(ss);

56
ssl/ssl_stat.c
View File

@@ -951,6 +951,26 @@ const char *SSL_alert_desc_string(int value)
case TLS1_AD_UNKNOWN_PSK_IDENTITY:
str = "UP";
break;
#ifndef OPENSSL_NO_GMSSL
case GM1_AD_UNSUPPORTED_SITE2SITE:
str = "U2";
break;
case GM1_AD_NO_AREA:
str = "NA";
break;
case GM1_AD_UNSUPPORTED_AREATYPE:
str = "AT";
break;
case GM1_AD_BAD_IBCPARAM:
str = "BI";
break;
case GM1_AD_UNSUPPORTED_IBCPARAM:
str = "UI";
break;
case GM1_AD_IDENTITY_NEED:
str = "IN";
break;
#endif
default:
str = "UK";
break;
@@ -1054,24 +1074,24 @@ const char *SSL_alert_desc_string_long(int value)
str = "unknown PSK identity";
break;
#ifndef OPENSSL_NO_GMSSL
case GM1_AD_UNSUPPORTED_SITE2SITE:
str = "unsupported site2site";
break;
case GM1_AD_NO_AREA:
str = "no area";
break;
case GM1_AD_UNSUPPORTED_AREATYPE:
str = "unsupported areatype";
break;
case GM1_AD_BAD_IBCPARAM:
str = "bad ibc parameters";
break;
case GM1_AD_UNSUPPORTED_IBCPARAM:
str = "unsupported ibcparam";
break;
case GM1_AD_IDENTITY_NEED:
str = "identity need";
break;
case GM1_AD_UNSUPPORTED_SITE2SITE:
str = "unsupported site2site";
break;
case GM1_AD_NO_AREA:
str = "no area";
break;
case GM1_AD_UNSUPPORTED_AREATYPE:
str = "unsupported areatype";
break;
case GM1_AD_BAD_IBCPARAM:
str = "bad ibc parameters";
break;
case GM1_AD_UNSUPPORTED_IBCPARAM:
str = "unsupported ibc parameters";
break;
case GM1_AD_IDENTITY_NEED:
str = "identity need";
break;
#endif
default:
str = "unknown";

4
ssl/ssl_txt.c
View File

@@ -129,8 +129,8 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
else if (x->ssl_version == DTLS1_BAD_VER)
s = "DTLSv1-bad";
#ifndef OPENSSL_NO_GMSSL
else if (x->ssl_version == GMSSL1_1_VERSION)
s = "GMSSLv1.1";
else if (x->ssl_version == GMSSL1_1_VERSION)
s = "GMSSLv1.1";
#endif
else
s = "unknown";