update gm apis

crypto/saf/saf_mac.c

@@ -118,7 +118,7 @@ int SAF_MacFinal(
 	}
 
 	siz = EVP_CIPHER_block_size(hkey->cipher);
-	if (!CBCMAC_Final(hkey->cmac_ctx, pucOutData, &siz)) {
+	if (!CMAC_Final(hkey->cmac_ctx, pucOutData, &siz)) {
 		SAFerr(SAF_F_SAF_MACFINAL, SAF_R_MAC_FAILURE);
 		return SAR_UnknownErr;
 	}

crypto/saf/saf_pkcs7.c

@@ -48,6 +48,7 @@
  */
 
 #include <openssl/evp.h>
+#include <openssl/pkcs7.h>
 #include <openssl/gmapi.h>
 #include <openssl/gmsaf.h>
 #include "saf_lcl.h"
@@ -128,6 +129,80 @@ int SAF_Pkcs7_EncodeEnvelopedData(
 	unsigned int *puiDerP7EnvelopedDataLen)
 {
 	int ret = SAR_UnknownErr;
+	PKCS7 *p7 = NULL;
+	X509 *x509 = NULL;
+	STACK_OF(X509) *certs = NULL;
+	BIO *bio = NULL;
+	const EVP_CIPHER *cipher;
+
+	/* check arguments */
+	if (!hAppHandle || !pucData || !pucEncCertificate || !puiDerP7EnvelopedDataLen) {
+		SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, ERR_R_PASSED_NULL_PARAMETER);
+		return SAR_IndataErr;
+	}
+
+	if (uiDataLen <= 0 || uiDataLen > INT_MAX
+		|| uiEncCertificateLen <= 0 || uiEncCertificateLen > INT_MAX) {
+		SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, SAF_R_INVALID_INPUT_LENGTH);
+		return SAR_IndataLenErr;
+	}
+
+	if (!(cipher = EVP_get_cipherbysgd(uiSymmAlgorithm))) {
+		SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, SAF_R_UNSUPPORTED_ALGOR);
+		return SAR_AlgoTypeErr;
+	}
+
+	/* process */
+	if (!(bio = BIO_new_mem_buf(pucData, (int)uiDataLen))
+		|| !(certs = sk_X509_new_null())
+		|| !(x509 = X509_new())) {
+		SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, ERR_R_MALLOC_FAILURE);
+		ret = SAR_MemoryErr;
+		goto end;
+	}
+
+	if (!d2i_X509(&x509, &pucEncCertificate, (long)uiEncCertificateLen)) {
+		SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, SAF_R_INVALID_CERTIFICATE);
+		ret = SAR_CertEncodeErr;
+		goto end;
+	}
+	// FIXME: check usage, valid time of x509
+
+	sk_X509_push(certs, x509);
+	x509 = NULL;
+
+	if (!(p7 = PKCS7_encrypt(certs, bio, cipher, PKCS7_BINARY))) {
+		SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, ERR_R_PKCS7_LIB);
+		goto end;
+	}
+
+	if ((len = i2d_PKCS7(p7, NULL)) <= 0) {
+		SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, ERR_R_PKCS7_LIB);
+		goto end;
+	}
+
+	if (!pucDerP7EnvelopedData) {
+		*puiDerP7EnvelopedDataLen = (unsigned int)len;
+		ret = SAR_Ok;
+		goto end;
+	}
+
+	if (*puiDerP7EnvelopedDataLen < (unsigned int)len) {
+		SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, SAF_R_BUFFER_TOO_SMALL);
+		ret = SAR_IndataLenErr;
+		goto end;
+	}
+
+	len = i2d_PKCS7(p7, pucDerP7EnvelopedData);
+	*puiDerP7EnvelopedDataLen = (unsigned int)len;
+
+	ret = SAR_OK;
+
+end:
+	PKCS7_free(p7);
+	X509_free(x509);
+	sk_X509_free(certs);
+	BIO_free(bio);
 	return ret;
 }
 

crypto/sdf/sdf_lib.c

@@ -1330,3 +1330,38 @@ int SDF_DeleteFile(
 	return SDR_OK;
 }
 
+/* helpers */
+const char *SDF_GetErrorString(int err)
+{
+	return NULL;
+}
+
+int SDF_PrintDeviceInfo(FILE *fp, DEVICEINFO *devInfo)
+{
+	return 0;
+}
+
+int SDF_PrintECCPrivateKey(FILE *fp, ECCrefPrivateKey *privateKey)
+{
+	return 0;
+}
+
+int SDF_PrintECCPublicKey(FILE *fp, ECCrefPublicKey *publicKey)
+{
+	return 0;
+}
+
+int SDF_PrintRSAPrivateKey(FILE *fp, RSArefPrivateKey *privateKey)
+{
+	return 0;
+}
+
+int SDF_PrintRSAPublicKey(FILE *fp, RSArefPublicKey *publicKey)
+{
+	return 0;
+}
+
+
+
+
+

crypto/skf/skf_err.c

@@ -0,0 +1,43 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/gmskf.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SKF,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SKF,0,reason)
+
+static ERR_STRING_DATA SKF_str_functs[] = {
+    {ERR_FUNC(SKF_F_SKF_GETDEVINFO), "SKF_GetDevInfo"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA SKF_str_reasons[] = {
+    {ERR_REASON(SKF_R_NULL_ARGUMENT), "null argument"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_SKF_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(SKF_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, SKF_str_functs);
+        ERR_load_strings(0, SKF_str_reasons);
+    }
+#endif
+    return 1;
+}