update to tassl-1.1.1b-v1.2

jntass · Mar 28, 2020 · 99a2a97 · 99a2a97
1 parent adfa5f5
commit 99a2a97
Show file tree

Hide file tree

Showing 7 changed files with 27 additions and 15 deletions.
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
@@ -31,16 +31,19 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
     long len;
     int slen;
     EVP_PKEY *ret = NULL;
+#ifndef OPENSSL_NO_CNSM
+    char *reserve_nm = NULL;
+#endif
 
     if (!PEM_bytes_read_bio_secmem(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp,
                                    cb, u))
         return NULL;
     p = data;
 #ifndef OPENSSL_NO_CNSM					//add by gujq on 20190830 for tasshsm engine v0.6
-		char *reserve_nm = nm;
-				if(strcmp(nm, "TASSHSM EC PRIVATE KEY") == 0 || strcmp(nm, "TASSCARD EC PRIVATE KEY") == 0){
-					nm = "EC PRIVATE KEY";				
-				}
+    reserve_nm = nm;
+    if(strcmp(nm, "TASSHSM EC PRIVATE KEY") == 0 || strcmp(nm, "TASSCARD EC PRIVATE KEY") == 0){
+    	nm = "EC PRIVATE KEY";
+    }
 #endif    	
 
     if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {

diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h
@@ -40,7 +40,7 @@ extern "C" {
  *  major minor fix final patch/beta)
  */
 # define OPENSSL_VERSION_NUMBER  0x1010102fL
-# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1b Tassl 1.1  15 Mar 2020"
+# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1b Tassl 1.2  28 Mar 2020"
 
 /*-
  * The macros below are to be used for shared library (.so, .dll, ...)

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
@@ -4742,11 +4742,13 @@ EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
 {
     EVP_PKEY_CTX *pctx = NULL;
     EVP_PKEY *pkey = NULL;
+#ifndef OPENSSL_NO_CNSM
+    ENGINE *tmp_e = NULL;
+#endif
 
     if (pm == NULL)
         return NULL;
 #ifndef OPENSSL_NO_CNSM
-    ENGINE *tmp_e = NULL;
     tmp_e = ENGINE_get_pkey_meth_engine(NID_sm2);
     if(tmp_e)
         pctx = EVP_PKEY_CTX_new(pm, tmp_e);

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
@@ -3613,6 +3613,11 @@ int tls_client_key_exchange_post_work(SSL *s)
 {
     unsigned char *pms = NULL;
     size_t pmslen = 0;
+#ifndef OPENSSL_NO_CNSM
+    ENGINE *local_e_sm2 = NULL;
+    ENGINE *local_e_sm4 = NULL;
+    EVP_PKEY * local_evp_ptr = NULL;
+#endif
 
     pms = s->s3->tmp.pms;
     pmslen = s->s3->tmp.pmslen;
@@ -3634,10 +3639,7 @@ int tls_client_key_exchange_post_work(SSL *s)
         goto err;
     }
 #ifndef OPENSSL_NO_CNSM
-    //如果此ssl的私钥加载了sm4引擎，则使用引擎进行masterkey计算
-    ENGINE *local_e_sm2 = NULL;
-    ENGINE *local_e_sm4 = NULL;
-    EVP_PKEY * local_evp_ptr = NULL;
+    //如果此ssl的私钥加载了sm4引擎，则使用引擎进行masterkey计算  
     local_evp_ptr = s->cert->pkeys[SSL_PKEY_ECC_ENC].privatekey;
     if(local_evp_ptr)
         local_e_sm2 = EVP_PKEY_pmeth_engine(local_evp_ptr);

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
@@ -3087,6 +3087,8 @@ static int tls_process_cke_sm2ecc(SSL *s, PACKET *pkt)
     EVP_PKEY *pkey = NULL;
 
     EVP_PKEY_CTX *pkey_ctx = NULL;
+    ENGINE *local_e_sm4 = NULL;
+    EVP_PKEY * local_evp_ptr = NULL;
 
     pkey = s->cert->pkeys[SSL_PKEY_ECC_ENC].privatekey;
     if (pkey == NULL) {
@@ -3143,8 +3145,6 @@ static int tls_process_cke_sm2ecc(SSL *s, PACKET *pkt)
 #endif
 
     //如果此ssl的私钥加载了sm4引擎，则使用引擎进行masterkey计算
-    ENGINE *local_e_sm4 = NULL;
-    EVP_PKEY * local_evp_ptr = NULL;
     local_evp_ptr = s->cert->pkeys[SSL_PKEY_ECC_ENC].privatekey;
     local_e_sm4 = ENGINE_get_cipher_engine(NID_sm4_cbc);
     if(local_evp_ptr && local_e_sm4 ){        //ECC-SM4-SM3只可能是明文的premasterkey，因为此premasterkey时客户端随机生成加密发送过来的

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
@@ -347,6 +347,7 @@ int tls1_setup_key_block(SSL *s)
     int ret = 0;
 #ifndef OPENSSL_NO_CNSM
     ENGINE *local_e_sm4 = NULL;
+    EVP_PKEY * local_evp_ptr = NULL;
 #endif
 
     if (s->s3->tmp.key_block_length != 0)
@@ -402,7 +403,6 @@ int tls1_setup_key_block(SSL *s)
 #endif
 
 #ifndef OPENSSL_NO_CNSM     //如果此ssl的私钥加载了sm4引擎，则调用引擎进行计算keyblock，此时的p为主密钥明文或者密文
-    EVP_PKEY * local_evp_ptr = NULL;
     local_evp_ptr = s->cert->pkeys[SSL_PKEY_ECC_ENC].privatekey;
     local_e_sm4 = ENGINE_get_cipher_engine(NID_sm4_cbc);
 
@@ -460,6 +460,10 @@ size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen,
 {
     size_t hashlen;
     unsigned char hash[EVP_MAX_MD_SIZE];
+#ifndef OPENSSL_NO_CNSM
+    ENGINE *local_e_sm4 = NULL;
+    EVP_PKEY * local_evp_ptr = NULL;
+#endif
 
     if (!ssl3_digest_cached_records(s, 0)) {
         /* SSLfatal() already called */
@@ -473,8 +477,6 @@ size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen,
 
 #ifndef OPENSSL_NO_CNSM
     //目前sm2暂时不支持计算finish_mac，所以采取把明文masterkey复制到masterkey密文部分，进行此tls1_PRF
-    ENGINE *local_e_sm4 = NULL;
-    EVP_PKEY * local_evp_ptr = NULL;
     local_evp_ptr = s->cert->pkeys[SSL_PKEY_ECC_ENC].privatekey;
     local_e_sm4 = ENGINE_get_cipher_engine(NID_sm4_cbc);
     if(local_evp_ptr && local_e_sm4){

diff --git a/tassl_demo/README.txt b/tassl_demo/README.txt
@@ -1,3 +1,6 @@
+20200328_V_1.2:
+1:调整变量声明位置，支持Windows下64位编译。
+
 20200315_V_1.1:
 1:跟新关于tasscard_engine的调用逻辑，支持单独调用sm2和sm4系列算法。