diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 69cc699..77739ff 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -31,16 +31,19 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, long len; int slen; EVP_PKEY *ret = NULL; +#ifndef OPENSSL_NO_CNSM + char *reserve_nm = NULL; +#endif if (!PEM_bytes_read_bio_secmem(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u)) return NULL; p = data; #ifndef OPENSSL_NO_CNSM //add by gujq on 20190830 for tasshsm engine v0.6 - char *reserve_nm = nm; - if(strcmp(nm, "TASSHSM EC PRIVATE KEY") == 0 || strcmp(nm, "TASSCARD EC PRIVATE KEY") == 0){ - nm = "EC PRIVATE KEY"; - } + reserve_nm = nm; + if(strcmp(nm, "TASSHSM EC PRIVATE KEY") == 0 || strcmp(nm, "TASSCARD EC PRIVATE KEY") == 0){ + nm = "EC PRIVATE KEY"; + } #endif if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) { diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index 635e2fe..b5b012f 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -40,7 +40,7 @@ extern "C" { * major minor fix final patch/beta) */ # define OPENSSL_VERSION_NUMBER 0x1010102fL -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1b Tassl 1.1 15 Mar 2020" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1b Tassl 1.2 28 Mar 2020" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 7c7fd04..678a6d3 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4742,11 +4742,13 @@ EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm) { EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *pkey = NULL; +#ifndef OPENSSL_NO_CNSM + ENGINE *tmp_e = NULL; +#endif if (pm == NULL) return NULL; #ifndef OPENSSL_NO_CNSM - ENGINE *tmp_e = NULL; tmp_e = ENGINE_get_pkey_meth_engine(NID_sm2); if(tmp_e) pctx = EVP_PKEY_CTX_new(pm, tmp_e); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 67cd7cf..750c388 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -3613,6 +3613,11 @@ int tls_client_key_exchange_post_work(SSL *s) { unsigned char *pms = NULL; size_t pmslen = 0; +#ifndef OPENSSL_NO_CNSM + ENGINE *local_e_sm2 = NULL; + ENGINE *local_e_sm4 = NULL; + EVP_PKEY * local_evp_ptr = NULL; +#endif pms = s->s3->tmp.pms; pmslen = s->s3->tmp.pmslen; @@ -3634,10 +3639,7 @@ int tls_client_key_exchange_post_work(SSL *s) goto err; } #ifndef OPENSSL_NO_CNSM - //如果此ssl的私钥加载了sm4引擎,则使用引擎进行masterkey计算 - ENGINE *local_e_sm2 = NULL; - ENGINE *local_e_sm4 = NULL; - EVP_PKEY * local_evp_ptr = NULL; + //如果此ssl的私钥加载了sm4引擎,则使用引擎进行masterkey计算 local_evp_ptr = s->cert->pkeys[SSL_PKEY_ECC_ENC].privatekey; if(local_evp_ptr) local_e_sm2 = EVP_PKEY_pmeth_engine(local_evp_ptr); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 27f5a3f..0703b13 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3087,6 +3087,8 @@ static int tls_process_cke_sm2ecc(SSL *s, PACKET *pkt) EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *pkey_ctx = NULL; + ENGINE *local_e_sm4 = NULL; + EVP_PKEY * local_evp_ptr = NULL; pkey = s->cert->pkeys[SSL_PKEY_ECC_ENC].privatekey; if (pkey == NULL) { @@ -3143,8 +3145,6 @@ static int tls_process_cke_sm2ecc(SSL *s, PACKET *pkt) #endif //如果此ssl的私钥加载了sm4引擎,则使用引擎进行masterkey计算 - ENGINE *local_e_sm4 = NULL; - EVP_PKEY * local_evp_ptr = NULL; local_evp_ptr = s->cert->pkeys[SSL_PKEY_ECC_ENC].privatekey; local_e_sm4 = ENGINE_get_cipher_engine(NID_sm4_cbc); if(local_evp_ptr && local_e_sm4 ){ //ECC-SM4-SM3只可能是明文的premasterkey,因为此premasterkey时客户端随机生成加密发送过来的 diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index a1502c5..a4ad4f6 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -347,6 +347,7 @@ int tls1_setup_key_block(SSL *s) int ret = 0; #ifndef OPENSSL_NO_CNSM ENGINE *local_e_sm4 = NULL; + EVP_PKEY * local_evp_ptr = NULL; #endif if (s->s3->tmp.key_block_length != 0) @@ -402,7 +403,6 @@ int tls1_setup_key_block(SSL *s) #endif #ifndef OPENSSL_NO_CNSM //如果此ssl的私钥加载了sm4引擎,则调用引擎进行计算keyblock,此时的p为主密钥明文或者密文 - EVP_PKEY * local_evp_ptr = NULL; local_evp_ptr = s->cert->pkeys[SSL_PKEY_ECC_ENC].privatekey; local_e_sm4 = ENGINE_get_cipher_engine(NID_sm4_cbc); @@ -460,6 +460,10 @@ size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, { size_t hashlen; unsigned char hash[EVP_MAX_MD_SIZE]; +#ifndef OPENSSL_NO_CNSM + ENGINE *local_e_sm4 = NULL; + EVP_PKEY * local_evp_ptr = NULL; +#endif if (!ssl3_digest_cached_records(s, 0)) { /* SSLfatal() already called */ @@ -473,8 +477,6 @@ size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, #ifndef OPENSSL_NO_CNSM //目前sm2暂时不支持计算finish_mac,所以采取把明文masterkey复制到masterkey密文部分,进行此tls1_PRF - ENGINE *local_e_sm4 = NULL; - EVP_PKEY * local_evp_ptr = NULL; local_evp_ptr = s->cert->pkeys[SSL_PKEY_ECC_ENC].privatekey; local_e_sm4 = ENGINE_get_cipher_engine(NID_sm4_cbc); if(local_evp_ptr && local_e_sm4){ diff --git a/tassl_demo/README.txt b/tassl_demo/README.txt index d7d01fe..39ed55b 100644 --- a/tassl_demo/README.txt +++ b/tassl_demo/README.txt @@ -1,3 +1,6 @@ +20200328_V_1.2: +1:调整变量声明位置,支持Windows下64位编译。 + 20200315_V_1.1: 1:跟新关于tasscard_engine的调用逻辑,支持单独调用sm2和sm4系列算法。