mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-06-25 06:33:40 +08:00
speed sm2/3/4
`gmssl speed sm2 sm3 sms4`
This commit is contained in:
Zhi Guan
8
.gitignore
vendored
8
.gitignore
vendored
@@ -189,4 +189,12 @@ apps/gmssl
|
||||
/engines/e_sdf*
|
||||
/engines/e_gmi*
|
||||
|
||||
# apps
|
||||
/apps/sm2.c
|
||||
/apps/sdf.c
|
||||
/apps/skf.c
|
||||
|
||||
include/openssl/srp.h
|
||||
|
||||
/build.sh
|
||||
|
||||
|
||||
@@ -482,6 +482,7 @@ our %disabled = ( # "what" => "comment"
|
||||
"skfeng" => "default",
|
||||
"sdfeng" => "default",
|
||||
"gmtls" => "default",
|
||||
"java" => "default",
|
||||
#"engine" => "default",
|
||||
#"sm9" => "default",
|
||||
#"bfibe" => "default",
|
||||
|
||||
@@ -320,6 +320,7 @@ typedef struct string_int_pair_st {
|
||||
# define OPT_FMT_TEXT (1L << 8)
|
||||
# define OPT_FMT_HTTP (1L << 9)
|
||||
# define OPT_FMT_PVK (1L << 10)
|
||||
# define OPT_FMT_BINARY (1L << 11)
|
||||
# define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE)
|
||||
# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME)
|
||||
# define OPT_FMT_ANY ( \
|
||||
|
||||
@@ -214,6 +214,12 @@ int opt_format(const char *s, unsigned long flags, int *result)
|
||||
return opt_format_error(s, flags);
|
||||
*result = FORMAT_TEXT;
|
||||
break;
|
||||
case 'B':
|
||||
case 'b':
|
||||
if ((flags & OPT_FMT_BINARY) == 0)
|
||||
return opt_format_error(s, flags);
|
||||
*result = FORMAT_BINARY;
|
||||
break;
|
||||
case 'N':
|
||||
case 'n':
|
||||
if ((flags & OPT_FMT_NSS) == 0)
|
||||
|
||||
@@ -1338,13 +1338,13 @@ int s_server_main(int argc, char *argv[])
|
||||
min_version = TLS1_VERSION;
|
||||
max_version = TLS1_VERSION;
|
||||
break;
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
case OPT_GMTLS:
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
meth = GMTLS_server_method();
|
||||
//min_version = GMTLS_VERSION;
|
||||
//max_version = GMTLS_VERSION;
|
||||
break;
|
||||
#endif
|
||||
break;
|
||||
case OPT_DTLS:
|
||||
#ifndef OPENSSL_NO_DTLS
|
||||
meth = DTLS_server_method();
|
||||
@@ -1501,11 +1501,8 @@ int s_server_main(int argc, char *argv[])
|
||||
|
||||
s_cert = load_cert(s_cert_file, s_cert_format,
|
||||
"server certificate file");
|
||||
fprintf(stderr, "%s %d: load_cert: %s\n", __FILE__, __LINE__, s_cert_file);
|
||||
|
||||
if (!s_cert) {
|
||||
ERR_print_errors(bio_err);
|
||||
fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
|
||||
goto end;
|
||||
}
|
||||
if (s_chain_file) {
|
||||
|
||||
454
apps/speed.c
454
apps/speed.c
@@ -70,11 +70,10 @@
|
||||
#ifndef OPENSSL_NO_MD5
|
||||
# include <openssl/md5.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SM3
|
||||
# include <openssl/sm3.h>
|
||||
#endif
|
||||
#include <openssl/hmac.h>
|
||||
#include <openssl/sha.h>
|
||||
#ifndef OPENSSL_NO_SHA
|
||||
# include <openssl/sha.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RMD160
|
||||
# include <openssl/ripemd.h>
|
||||
#endif
|
||||
@@ -96,9 +95,6 @@
|
||||
#ifndef OPENSSL_NO_SEED
|
||||
# include <openssl/seed.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SMS4
|
||||
# include <openssl/sms4.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_BF
|
||||
# include <openssl/blowfish.h>
|
||||
#endif
|
||||
@@ -120,6 +116,12 @@
|
||||
#ifndef OPENSSL_NO_SM2
|
||||
# include <openssl/sm2.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SM3
|
||||
# include <openssl/sm3.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SMS4
|
||||
# include <openssl/sms4.h>
|
||||
#endif
|
||||
#include <openssl/modes.h>
|
||||
|
||||
#ifndef HAVE_FORK
|
||||
@@ -146,7 +148,7 @@
|
||||
#define RSA_NUM 7
|
||||
#define DSA_NUM 3
|
||||
|
||||
#define EC_NUM 18
|
||||
#define EC_NUM 17
|
||||
#define SM2_NUM 1
|
||||
#define MAX_ECDH_SIZE 256
|
||||
#define MISALIGN 64
|
||||
@@ -184,6 +186,11 @@ typedef struct loopargs_st {
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SM2
|
||||
EC_KEY *sm2[SM2_NUM];
|
||||
size_t cipherlen;
|
||||
# if 0
|
||||
unsigned char *sm2dh_a;
|
||||
unsigned char *sm2dh_b;
|
||||
# endif
|
||||
#endif
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
HMAC_CTX *hctx;
|
||||
@@ -193,7 +200,6 @@ typedef struct loopargs_st {
|
||||
#ifndef OPENSSL_NO_MD2
|
||||
static int EVP_Digest_MD2_loop(void *args);
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_MDC2
|
||||
static int EVP_Digest_MDC2_loop(void *args);
|
||||
#endif
|
||||
@@ -207,9 +213,11 @@ static int HMAC_loop(void *args);
|
||||
#ifndef OPENSSL_NO_SM3
|
||||
static int SM3_loop(void *args);
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SHA
|
||||
static int SHA1_loop(void *args);
|
||||
static int SHA256_loop(void *args);
|
||||
static int SHA512_loop(void *args);
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_WHIRLPOOL
|
||||
static int WHIRLPOOL_loop(void *args);
|
||||
#endif
|
||||
@@ -271,7 +279,8 @@ static const char *names[ALGOR_NUM] = {
|
||||
"aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
|
||||
"camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
|
||||
"evp", "sha256", "sha512", "whirlpool",
|
||||
"aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash", "sm3", "sms4 cbc"
|
||||
"aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash",
|
||||
"sm3", "sms4 cbc"
|
||||
};
|
||||
|
||||
static double results[ALGOR_NUM][SIZE_NUM];
|
||||
@@ -509,10 +518,6 @@ static OPT_PAIR doit_choices[] = {
|
||||
{"seed-cbc", D_CBC_SEED},
|
||||
{"seed", D_CBC_SEED},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SMS4
|
||||
{"sms4-cbc", D_CBC_SMS4},
|
||||
{"sms4", D_CBC_SMS4},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_BF
|
||||
{"bf-cbc", D_CBC_BF},
|
||||
{"blowfish", D_CBC_BF},
|
||||
@@ -526,6 +531,10 @@ static OPT_PAIR doit_choices[] = {
|
||||
{"ghash", D_GHASH},
|
||||
#ifndef OPENSSL_NO_SM3
|
||||
{"sm3", D_SM3},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SMS4
|
||||
{"sms4-cbc", D_CBC_SMS4},
|
||||
{"sms4", D_CBC_SMS4},
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
@@ -579,7 +588,6 @@ static OPT_PAIR rsa_choices[] = {
|
||||
#define R_EC_B409 14
|
||||
#define R_EC_B571 15
|
||||
#define R_EC_X25519 16
|
||||
#define R_EC_PSM2 17
|
||||
#ifndef OPENSSL_NO_EC
|
||||
static OPT_PAIR ecdsa_choices[] = {
|
||||
{"ecdsap160", R_EC_P160},
|
||||
@@ -598,7 +606,6 @@ static OPT_PAIR ecdsa_choices[] = {
|
||||
{"ecdsab283", R_EC_B283},
|
||||
{"ecdsab409", R_EC_B409},
|
||||
{"ecdsab571", R_EC_B571},
|
||||
{"ecdsapsm2", R_EC_PSM2},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
@@ -619,19 +626,20 @@ static OPT_PAIR ecdh_choices[] = {
|
||||
{"ecdhb283", R_EC_B283},
|
||||
{"ecdhb409", R_EC_B409},
|
||||
{"ecdhb571", R_EC_B571},
|
||||
{"ecdhpsm2", R_EC_PSM2},
|
||||
{"ecdhx25519", R_EC_X25519},
|
||||
{NULL}
|
||||
};
|
||||
#endif
|
||||
|
||||
#define R_SM2_P256 0
|
||||
#ifndef OPENSSL_NO_SM2
|
||||
static OPT_PAIR sm2sign_choices[] = {
|
||||
{"sm2sign", R_EC_PSM2},
|
||||
{"sm2sign", R_SM2_P256},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
static OPT_PAIR sm2enc_choices[] = {
|
||||
{"sm2enc", R_EC_PSM2},
|
||||
{"sm2enc", R_SM2_P256},
|
||||
{NULL}
|
||||
};
|
||||
#endif
|
||||
@@ -1072,17 +1080,17 @@ static int DSA_verify_loop(void *args)
|
||||
|
||||
#ifndef OPENSSL_NO_SM2
|
||||
static long sm2sign_c[SM2_NUM][2];
|
||||
|
||||
static int SM2_sign_loop(void *args)
|
||||
{
|
||||
loopargs_t *tempargs = *(loopargs_t **)args;
|
||||
unsigned char *buf = tempargs->buf;
|
||||
EC_KEY **ecdsa = tempargs->ecdsa;
|
||||
unsigned char *ecdsasig = tempargs->buf2;
|
||||
unsigned int *ecdsasiglen = &tempargs->siglen;
|
||||
EC_KEY **sm2 = tempargs->sm2;
|
||||
unsigned char *sm2sig = tempargs->buf2;
|
||||
unsigned int *sm2siglen = &tempargs->siglen;
|
||||
int ret, count;
|
||||
for (count = 0; COND(sm2sign_c[testnum][0]); count++) {
|
||||
ret = SM2_sign(0, buf, 20,
|
||||
ecdsasig, ecdsasiglen, ecdsa[testnum]);
|
||||
ret = SM2_sign(0, buf, 32, sm2sig, sm2siglen, sm2[testnum]);
|
||||
if (ret == 0) {
|
||||
BIO_printf(bio_err, "SM2 sign failure\n");
|
||||
ERR_print_errors(bio_err);
|
||||
@@ -1097,13 +1105,12 @@ static int SM2_verify_loop(void *args)
|
||||
{
|
||||
loopargs_t *tempargs = *(loopargs_t **)args;
|
||||
unsigned char *buf = tempargs->buf;
|
||||
EC_KEY **ecdsa = tempargs->ecdsa;
|
||||
unsigned char *ecdsasig = tempargs->buf2;
|
||||
unsigned int ecdsasiglen = tempargs->siglen;
|
||||
EC_KEY **sm2 = tempargs->sm2;
|
||||
unsigned char *sm2sig = tempargs->buf2;
|
||||
unsigned int sm2siglen = tempargs->siglen;
|
||||
int ret, count;
|
||||
for (count = 0; COND(sm2sign_c[testnum][1]); count++) {
|
||||
ret = SM2_verify(0, buf, 20, ecdsasig, ecdsasiglen,
|
||||
ecdsa[testnum]);
|
||||
ret = SM2_verify(0, buf, 32, sm2sig, sm2siglen, sm2[testnum]);
|
||||
if (ret != 1) {
|
||||
BIO_printf(bio_err, "SM2 verify failure\n");
|
||||
ERR_print_errors(bio_err);
|
||||
@@ -1114,16 +1121,49 @@ static int SM2_verify_loop(void *args)
|
||||
return count;
|
||||
}
|
||||
|
||||
static long sm2enc_c[SM2_NUM][2];
|
||||
static int SM2_encrypt_loop(void *args)
|
||||
{
|
||||
return 0;
|
||||
loopargs_t *tempargs = *(loopargs_t **)args;
|
||||
unsigned char *buf = tempargs->buf;
|
||||
EC_KEY **sm2 = tempargs->sm2;
|
||||
unsigned char *sm2cipher = tempargs->buf2;
|
||||
size_t *sm2cipherlen = &tempargs->cipherlen;
|
||||
int ret, count;
|
||||
for (count = 0; COND(sm2enc_c[testnum][0]); count++) {
|
||||
ret = SM2_encrypt(NID_sm3, buf, 32, sm2cipher,
|
||||
sm2cipherlen, sm2[testnum]);
|
||||
if (ret == 0) {
|
||||
BIO_printf(bio_err, "SM2 sign failure\n");
|
||||
ERR_print_errors(bio_err);
|
||||
count = -1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
return count;
|
||||
}
|
||||
|
||||
static int SM2_decrypt_loop(void *args)
|
||||
{
|
||||
return 0;
|
||||
loopargs_t *tempargs = *(loopargs_t **)args;
|
||||
unsigned char *buf = tempargs->buf;
|
||||
EC_KEY **sm2 = tempargs->sm2;
|
||||
unsigned char *sm2cipher = tempargs->buf2;
|
||||
size_t sm2cipherlen = tempargs->cipherlen;
|
||||
int ret, count;
|
||||
for (count = 0; COND(sm2enc_c[testnum][0]); count++) {
|
||||
size_t len = sm2cipherlen;
|
||||
ret = SM2_decrypt(NID_sm3, sm2cipher, sm2cipherlen,
|
||||
buf, &len, sm2[testnum]);
|
||||
if (ret == 0) {
|
||||
BIO_printf(bio_err, "SM2 decrypt failure\n");
|
||||
ERR_print_errors(bio_err);
|
||||
count = -1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
return count;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
@@ -1165,7 +1205,7 @@ static int ECDSA_verify_loop(void *args)
|
||||
ERR_print_errors(bio_err);
|
||||
count = -1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
return count;
|
||||
}
|
||||
@@ -1195,11 +1235,15 @@ static const size_t KDF1_SHA1_len = 20;
|
||||
static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
|
||||
size_t *outlen)
|
||||
{
|
||||
# ifndef OPENSSL_NO_SHA
|
||||
if (*outlen < SHA_DIGEST_LENGTH)
|
||||
return NULL;
|
||||
*outlen = SHA_DIGEST_LENGTH;
|
||||
# ifndef OPENSSL_NO_SHA
|
||||
return SHA1(in, inlen, out);
|
||||
# else
|
||||
*outlen = 20;
|
||||
memcpy(out, in, 20);
|
||||
return in;
|
||||
# endif
|
||||
}
|
||||
#endif /* OPENSSL_NO_EC */
|
||||
@@ -1322,8 +1366,8 @@ static int run_benchmark(int async_jobs,
|
||||
continue;
|
||||
#endif
|
||||
|
||||
ret = ASYNC_start_job(&loopargs[i].inprogress_job,
|
||||
loopargs[i].wait_ctx, &job_op_count, loop_function,
|
||||
ret = ASYNC_start_job(&loopargs[i].inprogress_job,
|
||||
loopargs[i].wait_ctx, &job_op_count, loop_function,
|
||||
(void *)(loopargs + i), sizeof(loopargs_t));
|
||||
switch (ret) {
|
||||
case ASYNC_PAUSE:
|
||||
@@ -1459,16 +1503,6 @@ int speed_main(int argc, char **argv)
|
||||
static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
|
||||
int dsa_doit[DSA_NUM] = { 0 };
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SM2
|
||||
static const unsigned int test_sm2_curves[SM2_NUM] = {
|
||||
NID_sm2p256v1,
|
||||
};
|
||||
static const char *test_sm2_curves_names[SM2_NUM] = {
|
||||
"sm2p256v1",
|
||||
};
|
||||
int sm2sign_doit[EC_NUM] = { 0 };
|
||||
int sm2enc_doit[EC_NUM] = { 0 };
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_EC
|
||||
/*
|
||||
* We only test over the following curves as they are representative, To
|
||||
@@ -1485,8 +1519,7 @@ int speed_main(int argc, char **argv)
|
||||
NID_sect233r1, NID_sect283r1, NID_sect409r1,
|
||||
NID_sect571r1,
|
||||
/* Other */
|
||||
NID_sm2p256v1,
|
||||
NID_X25519
|
||||
NID_X25519,
|
||||
};
|
||||
static const char *test_curves_names[EC_NUM] = {
|
||||
/* Prime Curves */
|
||||
@@ -1498,8 +1531,7 @@ int speed_main(int argc, char **argv)
|
||||
"nistb233", "nistb283", "nistb409",
|
||||
"nistb571",
|
||||
/* Other */
|
||||
"sm2p256v1",
|
||||
"X25519"
|
||||
"X25519",
|
||||
};
|
||||
static const int test_curves_bits[EC_NUM] = {
|
||||
160, 192, 224,
|
||||
@@ -1507,12 +1539,25 @@ int speed_main(int argc, char **argv)
|
||||
163, 233, 283,
|
||||
409, 571, 163,
|
||||
233, 283, 409,
|
||||
571, 256, 253 /* X25519 */
|
||||
571, 253 /* X25519 */,
|
||||
};
|
||||
|
||||
int ecdsa_doit[EC_NUM] = { 0 };
|
||||
int ecdh_doit[EC_NUM] = { 0 };
|
||||
#endif /* ndef OPENSSL_NO_EC */
|
||||
#endif /* OPENSSL_NO_EC */
|
||||
#ifndef OPENSSL_NO_SM2
|
||||
static const unsigned int test_sm2_curves[SM2_NUM] = {
|
||||
NID_sm2p256v1,
|
||||
};
|
||||
static const char *test_sm2_curves_names[SM2_NUM] = {
|
||||
"sm2p256v1",
|
||||
};
|
||||
static const int test_sm2_curves_bits[SM2_NUM] = {
|
||||
256,
|
||||
};
|
||||
int sm2sign_doit[SM2_NUM] = { 0 };
|
||||
int sm2enc_doit[SM2_NUM] = { 0 };
|
||||
#endif
|
||||
|
||||
prog = opt_init(argc, argv, speed_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
@@ -1677,8 +1722,13 @@ int speed_main(int argc, char **argv)
|
||||
}
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SM2
|
||||
if (strcmp(*argv, "sm2") == 0) {
|
||||
for (i = 0; i < SM2_NUM; i++)
|
||||
sm2sign_doit[i] = sm2enc_doit[i] = 1;
|
||||
continue;
|
||||
}
|
||||
if (strcmp(*argv, "sm2sign") == 0) {
|
||||
for (i = 0; i < EC_NUM; i++)
|
||||
for (i = 0; i < SM2_NUM; i++)
|
||||
sm2sign_doit[i] = 1;
|
||||
continue;
|
||||
}
|
||||
@@ -1686,17 +1736,15 @@ int speed_main(int argc, char **argv)
|
||||
sm2sign_doit[i] = 2;
|
||||
continue;
|
||||
}
|
||||
/*
|
||||
if (strcmp(*argv, "ecdh") == 0) {
|
||||
for (i = 0; i < EC_NUM; i++)
|
||||
ecdh_doit[i] = 1;
|
||||
if (strcmp(*argv, "sm2enc") == 0) {
|
||||
for (i = 0; i < SM2_NUM; i++)
|
||||
sm2enc_doit[i] = 1;
|
||||
continue;
|
||||
}
|
||||
if (found(*argv, ecdh_choices, &i)) {
|
||||
ecdh_doit[i] = 2;
|
||||
if (found(*argv, sm2enc_choices, &i)) {
|
||||
sm2enc_doit[i] = 2;
|
||||
continue;
|
||||
}
|
||||
*/
|
||||
#endif
|
||||
BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, *argv);
|
||||
goto end;
|
||||
@@ -1733,12 +1781,12 @@ int speed_main(int argc, char **argv)
|
||||
loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a");
|
||||
loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b");
|
||||
#endif
|
||||
/*
|
||||
#ifndef OPENSSL_NO_SM2
|
||||
loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a");
|
||||
loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b");
|
||||
#endif
|
||||
/*
|
||||
loopargs[i].sm2dh_a = app_malloc(MAX_ECDH_SIZE, "SM2DH secret a");
|
||||
loopargs[i].sm2dh_b = app_malloc(MAX_ECDH_SIZE, "SM2DH secret b");
|
||||
*/
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifndef NO_FORK
|
||||
@@ -1967,6 +2015,12 @@ int speed_main(int argc, char **argv)
|
||||
}
|
||||
# endif
|
||||
|
||||
# ifndef OPENSSL_NO_SM2
|
||||
sm2sign_c[R_SM2_P256][0] = count / 1000 / 8;
|
||||
sm2sign_c[R_SM2_P256][1] = count / 1000 / 8 / 2;
|
||||
sm2enc_c[R_SM2_P256][0] = count / 1000 / 8;
|
||||
sm2enc_c[R_SM2_P256][1] = count / 1000 / 8;
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_EC
|
||||
ecdsa_c[R_EC_P160][0] = count / 1000;
|
||||
ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
|
||||
@@ -2876,6 +2930,180 @@ int speed_main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
#endif /* OPENSSL_NO_EC */
|
||||
#ifndef OPENSSL_NO_SM2
|
||||
|
||||
if (RAND_status() != 1) {
|
||||
RAND_seed(rnd_seed, sizeof rnd_seed);
|
||||
}
|
||||
for (testnum = 0; testnum < SM2_NUM; testnum++) {
|
||||
int st = 1;
|
||||
|
||||
if (!sm2sign_doit[testnum])
|
||||
continue; /* Ignore Curve */
|
||||
for (i = 0; i < loopargs_len; i++) {
|
||||
loopargs[i].sm2[testnum] = EC_KEY_new_by_curve_name(test_sm2_curves[testnum]);
|
||||
if (loopargs[i].sm2[testnum] == NULL) {
|
||||
st = 0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (st == 0) {
|
||||
BIO_printf(bio_err, "SM2 failure.\n");
|
||||
ERR_print_errors(bio_err);
|
||||
rsa_count = 1;
|
||||
} else {
|
||||
for (i = 0; i < loopargs_len; i++) {
|
||||
EC_KEY_precompute_mult(loopargs[i].sm2[testnum], NULL);
|
||||
/* Perform SM2 signature test */
|
||||
EC_KEY_generate_key(loopargs[i].sm2[testnum]);
|
||||
st = SM2_sign(0, loopargs[i].buf, 32, loopargs[i].buf2,
|
||||
&loopargs[i].siglen, loopargs[i].sm2[testnum]);
|
||||
if (st == 0)
|
||||
break;
|
||||
}
|
||||
if (st == 0) {
|
||||
BIO_printf(bio_err,
|
||||
"SM2 sign failure. No SM2 sign will be done.\n");
|
||||
ERR_print_errors(bio_err);
|
||||
rsa_count = 1;
|
||||
} else {
|
||||
pkey_print_message("sign", "sm2",
|
||||
sm2sign_c[testnum][0],
|
||||
test_sm2_curves_bits[testnum], ECDSA_SECONDS);
|
||||
Time_F(START);
|
||||
count = run_benchmark(async_jobs, SM2_sign_loop, loopargs);
|
||||
d = Time_F(STOP);
|
||||
|
||||
BIO_printf(bio_err,
|
||||
mr ? "+R7:%ld:%d:%.2f\n" :
|
||||
"%ld %d bit SM2 signs in %.2fs \n",
|
||||
count, test_sm2_curves_bits[testnum], d);
|
||||
sm2sign_results[testnum][0] = d / (double)count;
|
||||
rsa_count = count;
|
||||
}
|
||||
|
||||
/* Perform SM2 verification test */
|
||||
for (i = 0; i < loopargs_len; i++) {
|
||||
st = SM2_verify(0, loopargs[i].buf, 32, loopargs[i].buf2,
|
||||
loopargs[i].siglen, loopargs[i].sm2[testnum]);
|
||||
if (st != 1)
|
||||
break;
|
||||
}
|
||||
if (st != 1) {
|
||||
BIO_printf(bio_err,
|
||||
"SM2 verify failure. No SM2 verify will be done.\n");
|
||||
ERR_print_errors(bio_err);
|
||||
sm2sign_doit[testnum] = 0;
|
||||
} else {
|
||||
pkey_print_message("verify", "sm2",
|
||||
sm2sign_c[testnum][1],
|
||||
test_sm2_curves_bits[testnum], ECDSA_SECONDS);
|
||||
Time_F(START);
|
||||
count = run_benchmark(async_jobs, SM2_verify_loop, loopargs);
|
||||
d = Time_F(STOP);
|
||||
BIO_printf(bio_err,
|
||||
mr ? "+R8:%ld:%d:%.2f\n"
|
||||
: "%ld %d bit SM2 verify in %.2fs\n",
|
||||
count, test_sm2_curves_bits[testnum], d);
|
||||
sm2sign_results[testnum][1] = d / (double)count;
|
||||
}
|
||||
|
||||
if (rsa_count <= 1) {
|
||||
/* if longer than 10s, don't do any more */
|
||||
for (testnum++; testnum < SM2_NUM; testnum++)
|
||||
sm2sign_doit[testnum] = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (RAND_status() != 1) {
|
||||
RAND_seed(rnd_seed, sizeof rnd_seed);
|
||||
}
|
||||
for (testnum = 0; testnum < SM2_NUM; testnum++) {
|
||||
int st = 1;
|
||||
|
||||
if (!sm2enc_doit[testnum])
|
||||
continue;
|
||||
for (i = 0; i < loopargs_len; i++) {
|
||||
loopargs[i].sm2[testnum] = EC_KEY_new_by_curve_name(
|
||||
test_sm2_curves[testnum]);
|
||||
if (loopargs[i].sm2[testnum] == NULL) {
|
||||
st = 0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (st == 0) {
|
||||
BIO_printf(bio_err, "SM2 failure.\n");
|
||||
ERR_print_errors(bio_err);
|
||||
rsa_count = 1;
|
||||
} else {
|
||||
for (i = 0; i < loopargs_len; i++) {
|
||||
EC_KEY_precompute_mult(loopargs[i].sm2[testnum], NULL);
|
||||
/* Perform SM2 encryption test */
|
||||
EC_KEY_generate_key(loopargs[i].sm2[testnum]);
|
||||
st = SM2_encrypt(NID_sm3, loopargs[i].buf, 32, loopargs[i].buf2,
|
||||
&loopargs[i].cipherlen, loopargs[i].sm2[testnum]);
|
||||
if (st == 0)
|
||||
break;
|
||||
}
|
||||
if (st == 0) {
|
||||
BIO_printf(bio_err,
|
||||
"SM2 encryption failure. No SM2 encryption will be done.\n");
|
||||
ERR_print_errors(bio_err);
|
||||
rsa_count = 1;
|
||||
} else {
|
||||
pkey_print_message("encrypt", "sm2",
|
||||
sm2enc_c[testnum][0],
|
||||
test_sm2_curves_bits[testnum], ECDSA_SECONDS);
|
||||
Time_F(START);
|
||||
count = run_benchmark(async_jobs, SM2_encrypt_loop, loopargs);
|
||||
d = Time_F(STOP);
|
||||
|
||||
BIO_printf(bio_err,
|
||||
mr ? "+R7:%ld:%d:%.2f\n" :
|
||||
"%ld %d bit SM2 encrypt in %.2fs \n",
|
||||
count, test_sm2_curves_bits[testnum], d);
|
||||
sm2enc_results[testnum][0] = d / (double)count;
|
||||
rsa_count = count;
|
||||
}
|
||||
|
||||
/* Perform SM2 verification test */
|
||||
for (i = 0; i < loopargs_len; i++) {
|
||||
size_t len = loopargs[i].cipherlen;
|
||||
st = SM2_decrypt(NID_sm3, loopargs[i].buf2, loopargs[i].cipherlen,
|
||||
loopargs[i].buf, &len, loopargs[i].sm2[testnum]);
|
||||
if (st == 0)
|
||||
break;
|
||||
}
|
||||
if (st != 1) {
|
||||
BIO_printf(bio_err,
|
||||
"SM2 decrypt failure. No SM2 decrypt will be done.\n");
|
||||
ERR_print_errors(bio_err);
|
||||
sm2enc_doit[testnum] = 0;
|
||||
} else {
|
||||
pkey_print_message("decrypt", "sm2",
|
||||
sm2enc_c[testnum][1],
|
||||
test_sm2_curves_bits[testnum], ECDSA_SECONDS);
|
||||
Time_F(START);
|
||||
count = run_benchmark(async_jobs, SM2_decrypt_loop, loopargs);
|
||||
d = Time_F(STOP);
|
||||
BIO_printf(bio_err,
|
||||
mr ? "+R8:%ld:%d:%.2f\n"
|
||||
: "%ld %d bit SM2 decrypt in %.2fs\n",
|
||||
count, test_sm2_curves_bits[testnum], d);
|
||||
sm2enc_results[testnum][1] = d / (double)count;
|
||||
}
|
||||
|
||||
if (rsa_count <= 1) {
|
||||
/* if longer than 10s, don't do any more */
|
||||
for (testnum++; testnum < SM2_NUM; testnum++)
|
||||
sm2sign_doit[testnum] = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* OPENSSL_NO_SM2 */
|
||||
#ifndef NO_FORK
|
||||
show_res:
|
||||
#endif
|
||||
@@ -2901,6 +3129,12 @@ int speed_main(int argc, char **argv)
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_BF
|
||||
printf("%s ", BF_options());
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SM3
|
||||
//printf("%s ", SM3_options());
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SMS4
|
||||
//printf("%s ", SMS4_options());
|
||||
#endif
|
||||
printf("\n%s\n", OpenSSL_version(OPENSSL_CFLAGS));
|
||||
}
|
||||
@@ -3010,6 +3244,50 @@ int speed_main(int argc, char **argv)
|
||||
test_curves_names[k],
|
||||
ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
|
||||
}
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SM2
|
||||
testnum = 1;
|
||||
for (k = 0; k < SM2_NUM; k++) {
|
||||
if (!sm2sign_doit[k])
|
||||
continue;
|
||||
if (testnum && !mr) {
|
||||
printf("%30ssign verify sign/s verify/s\n", " ");
|
||||
testnum = 0;
|
||||
}
|
||||
|
||||
if (mr)
|
||||
printf("+F6:%u:%u:%f:%f\n",
|
||||
k, test_sm2_curves_bits[k],
|
||||
sm2sign_results[k][0], sm2sign_results[k][1]);
|
||||
else
|
||||
printf("%4u bit sm2 (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
|
||||
test_sm2_curves_bits[k],
|
||||
test_sm2_curves_names[k],
|
||||
sm2sign_results[k][0], sm2sign_results[k][1],
|
||||
1.0 / sm2sign_results[k][0], 1.0 / sm2sign_results[k][1]);
|
||||
}
|
||||
|
||||
testnum = 1;
|
||||
for (k = 0; k < SM2_NUM; k++) {
|
||||
if (!sm2enc_doit[k])
|
||||
continue;
|
||||
if (testnum && !mr) {
|
||||
printf("%30sencrypt decrypt enc/s dec/s\n", " ");
|
||||
testnum = 0;
|
||||
}
|
||||
|
||||
if (mr)
|
||||
printf("+F6:%u:%u:%f:%f\n",
|
||||
k, test_sm2_curves_bits[k],
|
||||
sm2enc_results[k][0], sm2enc_results[k][1]);
|
||||
else
|
||||
printf("%4u bit sm2 (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
|
||||
test_sm2_curves_bits[k],
|
||||
test_sm2_curves_names[k],
|
||||
sm2enc_results[k][0], sm2enc_results[k][1],
|
||||
1.0 / sm2enc_results[k][0], 1.0 / sm2enc_results[k][1]);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
ret = 0;
|
||||
@@ -3041,6 +3319,10 @@ int speed_main(int argc, char **argv)
|
||||
for (k = 0; k < SM2_NUM; k++) {
|
||||
EC_KEY_free(loopargs[i].sm2[k]);
|
||||
}
|
||||
# if 0
|
||||
OPENSSL_free(loopargs[i].sm2dh_a);
|
||||
OPENSSL_free(loopargs[i].sm2dh_b);
|
||||
# endif
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -3273,7 +3555,51 @@ static int do_multi(int multi)
|
||||
|
||||
}
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_SM2
|
||||
else if (strncmp(buf, "+F6:", 4) == 0) {
|
||||
int k;
|
||||
double d;
|
||||
|
||||
p = buf + 4;
|
||||
k = atoi(sstrsep(&p, sep));
|
||||
sstrsep(&p, sep);
|
||||
|
||||
d = atof(sstrsep(&p, sep));
|
||||
if (n)
|
||||
sm2sign_results[k][0] =
|
||||
1 / (1 / sm2sign_results[k][0] + 1 / d);
|
||||
else
|
||||
sm2sign_results[k][0] = d;
|
||||
|
||||
d = atof(sstrsep(&p, sep));
|
||||
if (n)
|
||||
sm2sign_results[k][1] =
|
||||
1 / (1 / sm2sign_results[k][1] + 1 / d);
|
||||
else
|
||||
sm2sign_results[k][1] = d;
|
||||
} else if (strncmp(buf, "+F7:", 4) == 0) {
|
||||
int k;
|
||||
double d;
|
||||
|
||||
p = buf + 4;
|
||||
k = atoi(sstrsep(&p, sep));
|
||||
sstrsep(&p, sep);
|
||||
|
||||
d = atof(sstrsep(&p, sep));
|
||||
if (n)
|
||||
sm2enc_results[k][0] =
|
||||
1 / (1 / sm2enc_results[k][0] + 1 / d);
|
||||
else
|
||||
sm2enc_results[k][0] = d;
|
||||
|
||||
d = atof(sstrsep(&p, sep));
|
||||
if (n)
|
||||
sm2enc_results[k][1] =
|
||||
1 / (1 / sm2enc_results[k][1] + 1 / d);
|
||||
else
|
||||
sm2enc_results[k][1] = d;
|
||||
}
|
||||
# endif
|
||||
else if (strncmp(buf, "+H:", 3) == 0) {
|
||||
;
|
||||
} else
|
||||
|
||||
@@ -71,3 +71,4 @@ int SM2CiphertextValue_size(const EC_GROUP *group, int inlen)
|
||||
{
|
||||
return 1024;
|
||||
}
|
||||
|
||||
|
||||
@@ -230,36 +230,24 @@ end:
|
||||
int SM2_encrypt(int type, const unsigned char *in, size_t inlen,
|
||||
unsigned char *out, size_t *outlen, EC_KEY *ec_key)
|
||||
{
|
||||
int ret = 0;
|
||||
SM2CiphertextValue *cv = NULL;
|
||||
const EVP_MD *md;
|
||||
int len;
|
||||
SM2CiphertextValue *cv;
|
||||
|
||||
if (!(md = EVP_get_digestbynid(type))) {
|
||||
SM2err(SM2_F_SM2_ENCRYPT, SM2_R_INVALID_DIGEST_ALGOR);
|
||||
*outlen = 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
RAND_seed(in, inlen);
|
||||
if (!(cv = SM2_do_encrypt(md, in, inlen, ec_key))) {
|
||||
SM2err(SM2_F_SM2_ENCRYPT, SM2_R_ENCRYPT_FAILURE);
|
||||
goto end;
|
||||
*outlen = 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!out) {
|
||||
*outlen = i2d_SM2CiphertextValue(cv, NULL) + 96;
|
||||
ret = 1;
|
||||
} else if (*outlen < i2d_SM2CiphertextValue(cv, NULL) + 64) {
|
||||
SM2err(SM2_F_SM2_ENCRYPT, SM2_R_BUFFER_TOO_SMALL);
|
||||
ret = 0;
|
||||
} else {
|
||||
len = i2d_SM2CiphertextValue(cv, &out);
|
||||
*outlen = len;
|
||||
ret = 1;
|
||||
}
|
||||
|
||||
end:
|
||||
*outlen = i2d_SM2CiphertextValue(cv, &out);
|
||||
SM2CiphertextValue_free(cv);
|
||||
return ret;
|
||||
return 1;
|
||||
}
|
||||
|
||||
int SM2_decrypt(int type, const unsigned char *in, size_t inlen,
|
||||
@@ -273,14 +261,18 @@ int SM2_decrypt(int type, const unsigned char *in, size_t inlen,
|
||||
/* check arguments */
|
||||
if (!(md = EVP_get_digestbynid(type))) {
|
||||
SM2err(SM2_F_SM2_DECRYPT, SM2_R_INVALID_DIGEST_ALGOR);
|
||||
*outlen = 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!in) {
|
||||
SM2err(SM2_F_SM2_DECRYPT, ERR_R_PASSED_NULL_PARAMETER);
|
||||
*outlen = 0;
|
||||
return 0;
|
||||
}
|
||||
if (inlen <= 0 || inlen > INT_MAX) {
|
||||
SM2err(SM2_F_SM2_DECRYPT, SM2_R_INVALID_INPUT_LENGTH);
|
||||
*outlen = 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -300,11 +292,14 @@ int SM2_decrypt(int type, const unsigned char *in, size_t inlen,
|
||||
*outlen = ASN1_STRING_length(cv->ciphertext);
|
||||
ret = 1;
|
||||
goto end;
|
||||
} else if (*outlen < ASN1_STRING_length(cv->ciphertext)) {
|
||||
}
|
||||
/*
|
||||
else if (*outlen < ASN1_STRING_length(cv->ciphertext)) {
|
||||
SM2err(SM2_F_SM2_DECRYPT, SM2_R_BUFFER_TOO_SMALL);
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
*/
|
||||
|
||||
/* do decrypt */
|
||||
if (!SM2_do_decrypt(md, cv, out, outlen, ec_key)) {
|
||||
@@ -374,10 +369,12 @@ int SM2_do_decrypt(const EVP_MD *md, const SM2CiphertextValue *cv,
|
||||
*outlen = cv->ciphertext->length;
|
||||
return 1;
|
||||
}
|
||||
/*
|
||||
if (*outlen < cv->ciphertext->length) {
|
||||
SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_BUFFER_TOO_SMALL);
|
||||
return 0;
|
||||
}
|
||||
*/
|
||||
|
||||
/* malloc */
|
||||
point = EC_POINT_new(group);
|
||||
|
||||
@@ -450,22 +450,11 @@ int BIO_read_filename(BIO *b, const char *name);
|
||||
/* defined in evp.h */
|
||||
/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
|
||||
|
||||
# ifndef OPENSSL_NO_MACRO
|
||||
# define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp)
|
||||
# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm)
|
||||
# define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp)
|
||||
# define BIO_set_mem_eof_return(b,v) \
|
||||
BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL)
|
||||
# else
|
||||
|
||||
long BIO_get_mem_data(BIO *b, char **pp);
|
||||
long BIO_set_mem_buf(BIO *b, BUF_MEM *bm, int c);
|
||||
long BIO_get_mem_ptr(BIO *b, BUF_MEM **pp);
|
||||
long BIO_set_mem_eof_return(BIO *b, int v)
|
||||
|
||||
BIO *BIO_new_mem_buf(const void *buf, int len);
|
||||
|
||||
# endif
|
||||
|
||||
/* For the BIO_f_buffer() type */
|
||||
# define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
|
||||
|
||||
@@ -1518,6 +1518,7 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid
|
||||
SSL *SSL_new(SSL_CTX *ctx);
|
||||
int SSL_up_ref(SSL *s);
|
||||
int SSL_is_dtls(const SSL *s);
|
||||
int SSL_is_gmtls(const SSL *s);
|
||||
__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
|
||||
unsigned int sid_ctx_len);
|
||||
|
||||
|
||||
@@ -285,7 +285,9 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
128,
|
||||
128,
|
||||
},
|
||||
#endif /* OPENSSL_NO_GMTLS */
|
||||
|
||||
#ifndef OPENSSL_NO_SM2
|
||||
/* ECDHE-SM2-[SM1|SMS4|SSF33]-[SM3|SHA256] */
|
||||
{
|
||||
1,
|
||||
@@ -377,8 +379,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
128,
|
||||
128,
|
||||
},
|
||||
#endif /* OPENSSL_NO_SM2 */
|
||||
|
||||
#endif /* OPENSSL_NO_GMTLS */
|
||||
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||
{
|
||||
1,
|
||||
@@ -3934,11 +3936,11 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
|
||||
/* with PSK there must be server callback set */
|
||||
if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
|
||||
continue;
|
||||
#endif /* OPENSSL_NO_PSK */
|
||||
#endif /* OPENSSL_NO_PSK */
|
||||
|
||||
ok = (alg_k & mask_k) && (alg_a & mask_a);
|
||||
#ifdef CIPHER_DEBUG
|
||||
fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
|
||||
fprintf(stderr, "%d:[alg_k=%08lX:alg_a=%08lX:mask_k=%08lX:mask_a=%08lX]%p:%s\n", ok, alg_k,
|
||||
alg_a, mask_k, mask_a, (void *)c, c->name);
|
||||
#endif
|
||||
|
||||
|
||||
@@ -64,7 +64,7 @@ typedef struct {
|
||||
ASN1_OCTET_STRING *srp_username;
|
||||
#endif
|
||||
long flags;
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
X509 *peer_extra;
|
||||
#endif
|
||||
} SSL_SESSION_ASN1;
|
||||
@@ -93,7 +93,7 @@ ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
|
||||
ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12),
|
||||
#endif
|
||||
ASN1_EXP_OPT(SSL_SESSION_ASN1, flags, ZLONG, 13),
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
ASN1_EXP_OPT(SSL_SESSION_ASN1, peer_extra, X509, 14)
|
||||
#endif
|
||||
} static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
|
||||
@@ -207,7 +207,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
|
||||
|
||||
as.flags = in->flags;
|
||||
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
as.peer_extra = in->peer_extra;
|
||||
#endif
|
||||
|
||||
@@ -365,7 +365,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
|
||||
/* Flags defaults to zero which is fine */
|
||||
ret->flags = as->flags;
|
||||
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
X509_free(ret->peer_extra);
|
||||
ret->peer_extra = as->peer_extra;
|
||||
as->peer_extra = NULL;
|
||||
|
||||
@@ -504,7 +504,8 @@ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
|
||||
STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
|
||||
{
|
||||
if (!s->server) { /* we are in the client */
|
||||
if (((s->version >> 8) == SSL3_VERSION_MAJOR) && (s->s3 != NULL))
|
||||
if (((s->version >> 8) == SSL3_VERSION_MAJOR || SSL_IS_GMTLS(s))
|
||||
&& (s->s3 != NULL))
|
||||
return (s->s3->tmp.ca_names);
|
||||
else
|
||||
return (NULL);
|
||||
@@ -765,45 +766,6 @@ int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* 输出双证书及CA证书链 */
|
||||
/*
|
||||
static int ssl_add_sm2_certs(SSL *s, unsigned long *l)
|
||||
{
|
||||
BUF_MEM *buf = s->init_buf;
|
||||
CERT_PKEY *sign_cpk = &s->cert->pkeys[SSL_PKEY_SM2_SIGN];
|
||||
CERT_PKEY *enc_cpk = &s->cert->pkeys[SSL_PKEY_SM2_ENC];
|
||||
STACK_OF(X509) *extra_certs;
|
||||
int i;
|
||||
|
||||
if (!BUF_MEM_grow_clean(buf, 10)) {
|
||||
fprintf(stderr, "-----<error> %s() %s %d\n", __func__, __FILE__, __LINE__);
|
||||
return 0;
|
||||
}
|
||||
if (sign_cpk->chain)
|
||||
extra_certs = sign_cpk->chain;
|
||||
else
|
||||
extra_certs = s->ctx->extra_certs;
|
||||
|
||||
if (!ssl_add_cert_to_buf(buf, l, sign_cpk->x509)) {
|
||||
fprintf(stderr, "-----<error> %s() %s %d\n", __func__, __FILE__, __LINE__);
|
||||
return 0;
|
||||
}
|
||||
if (!ssl_add_cert_to_buf(buf, l, enc_cpk->x509)) {
|
||||
fprintf(stderr, "-----<error> %s() %s %d\n", __func__, __FILE__, __LINE__);
|
||||
return 0;
|
||||
}
|
||||
|
||||
for (i = 0; i < sk_X509_num(extra_certs); i++) {
|
||||
if (!ssl_add_cert_to_buf(buf, 1, sk_X509_value(extra_certs, i))) {
|
||||
fprintf(stderr, "-----<error> %s() %s %d\n", __func__, __FILE__, __LINE__);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
*/
|
||||
|
||||
/* Add certificate chain to internal SSL BUF_MEM structure */
|
||||
int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l)
|
||||
{
|
||||
|
||||
@@ -219,10 +219,8 @@ static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
|
||||
EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
|
||||
/* GOST2012_512 */
|
||||
EVP_PKEY_HMAC,
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
/* MD5_SHA1, SHA224, SHA512, SM3 */
|
||||
NID_undef, NID_undef, NID_undef, EVP_PKEY_HMAC
|
||||
#endif
|
||||
};
|
||||
|
||||
static int ssl_mac_secret_size[SSL_MD_NUM_IDX];
|
||||
@@ -466,9 +464,10 @@ void ssl_load_ciphers(void)
|
||||
#ifdef OPENSSL_NO_EC
|
||||
disabled_mkey_mask |= SSL_kECDHEPSK;
|
||||
disabled_auth_mask |= SSL_aECDSA;
|
||||
# ifdef OPENSSL_NO_GMTLS_METHOD
|
||||
/* do something */
|
||||
# endif
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_SM2
|
||||
disabled_mkey_mask |= SSL_kSM2DHEPSK;
|
||||
disabled_auth_mask |= SSL_aSM2;
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_PSK
|
||||
disabled_mkey_mask |= SSL_PSK;
|
||||
@@ -667,9 +666,8 @@ const EVP_MD *ssl_handshake_md(SSL *s)
|
||||
|
||||
const EVP_MD *ssl_prf_md(SSL *s)
|
||||
{
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
/* In GM/T 0024, PRF always use SM3 */
|
||||
if (s->version == GMTLS_VERSION)
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
if (SSL_IS_GMTLS(s))
|
||||
return EVP_sm3();
|
||||
#endif
|
||||
return ssl_md(ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT);
|
||||
@@ -1580,11 +1578,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
||||
const char *ver;
|
||||
const char *kx, *au, *enc, *mac;
|
||||
uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
static const char *format = "%-30s %-10s Kx=%-8s Au=%-6s Enc=%-23s Mac=%-4s\n";
|
||||
#else
|
||||
static const char *format = "%-23s %s Kx=%-4s Au=%-4s Enc=%-8s Mac=%-4s\n";
|
||||
#endif
|
||||
|
||||
if (buf == NULL) {
|
||||
len = 128;
|
||||
@@ -1629,7 +1623,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
||||
case SSL_kGOST:
|
||||
kx = "GOST";
|
||||
break;
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
case SSL_kSM2:
|
||||
kx = "SM2";
|
||||
break;
|
||||
@@ -1645,7 +1638,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
||||
case SSL_kSM9DHE:
|
||||
kx = "SM9DHE";
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
kx = "unknown";
|
||||
}
|
||||
@@ -1676,14 +1668,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
||||
case (SSL_aGOST12 | SSL_aGOST01):
|
||||
au = "GOST12";
|
||||
break;
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
case SSL_aSM2:
|
||||
au = "SM2";
|
||||
break;
|
||||
case SSL_aSM9:
|
||||
au = "SM9";
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
au = "unknown";
|
||||
break;
|
||||
@@ -1748,7 +1738,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
||||
case SSL_CHACHA20POLY1305:
|
||||
enc = "CHACHA20/POLY1305(256)";
|
||||
break;
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
case SSL_SMS4:
|
||||
enc = "SMS4(128)";
|
||||
break;
|
||||
@@ -1770,7 +1759,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
||||
case SSL_SSF33:
|
||||
enc = "SSF33(128)";
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
enc = "unknown";
|
||||
break;
|
||||
@@ -1803,11 +1791,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
||||
case SSL_GOST12_512:
|
||||
mac = "GOST2012";
|
||||
break;
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
case SSL_SM3:
|
||||
mac = "SM3";
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
mac = "unknown";
|
||||
break;
|
||||
@@ -2012,12 +1998,10 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
|
||||
return SSL_PKEY_GOST_EC;
|
||||
else if (alg_a & SSL_aGOST01)
|
||||
return SSL_PKEY_GOST01;
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
else if (alg_a & SSL_aSM2)
|
||||
return SSL_PKEY_SM2_SIGN;
|
||||
else if (alg_a & SSL_aSM9)
|
||||
return -1;
|
||||
#endif
|
||||
return SSL_PKEY_SM9_SIGN;
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
@@ -282,11 +282,9 @@ static int protocol_from_string(const char *value)
|
||||
{"TLSv1", TLS1_VERSION},
|
||||
{"TLSv1.1", TLS1_1_VERSION},
|
||||
{"TLSv1.2", TLS1_2_VERSION},
|
||||
#ifndef OPENSSL_NO_GMTLS_VERSION
|
||||
{"GMTLS", GMTLS_VERSION},
|
||||
#endif
|
||||
{"DTLSv1", DTLS1_VERSION},
|
||||
{"DTLSv1.2", DTLS1_2_VERSION}
|
||||
{"DTLSv1.2", DTLS1_2_VERSION},
|
||||
{"GMTLS", GMTLS_VERSION}
|
||||
};
|
||||
size_t i;
|
||||
size_t n = OSSL_NELEM(versions);
|
||||
@@ -529,9 +527,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
|
||||
SSL_CONF_CMD_SWITCH("no_tls1", 0),
|
||||
SSL_CONF_CMD_SWITCH("no_tls1_1", 0),
|
||||
SSL_CONF_CMD_SWITCH("no_tls1_2", 0),
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
SSL_CONF_CMD_SWITCH("no_gmtls", 0),
|
||||
#endif
|
||||
SSL_CONF_CMD_SWITCH("bugs", 0),
|
||||
SSL_CONF_CMD_SWITCH("no_comp", 0),
|
||||
SSL_CONF_CMD_SWITCH("comp", 0),
|
||||
@@ -589,9 +585,7 @@ static const ssl_switch_tbl ssl_cmd_switches[] = {
|
||||
{SSL_OP_NO_TLSv1, 0}, /* no_tls1 */
|
||||
{SSL_OP_NO_TLSv1_1, 0}, /* no_tls1_1 */
|
||||
{SSL_OP_NO_TLSv1_2, 0}, /* no_tls1_2 */
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
{SSL_OP_NO_GMTLS, 0}, /* no_gmtls */
|
||||
#endif
|
||||
{SSL_OP_ALL, 0}, /* bugs */
|
||||
{SSL_OP_NO_COMPRESSION, 0}, /* no_comp */
|
||||
{SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */
|
||||
|
||||
@@ -678,6 +678,11 @@ int SSL_is_dtls(const SSL *s)
|
||||
return SSL_IS_DTLS(s) ? 1 : 0;
|
||||
}
|
||||
|
||||
int SSL_is_gmtls(const SSL *s)
|
||||
{
|
||||
return SSL_IS_GMTLS(s) ? 1 : 0;
|
||||
}
|
||||
|
||||
int SSL_up_ref(SSL *s)
|
||||
{
|
||||
int i;
|
||||
@@ -2655,7 +2660,7 @@ void ssl_set_masks(SSL *s)
|
||||
have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SM2
|
||||
have_sm2_cert = pvalid[SSL_PKEY_SM2_SIGN] & CERT_PKEY_VALID;
|
||||
have_sm2_cert = pvalid[SSL_PKEY_SM2_ENC] & CERT_PKEY_VALID;
|
||||
#endif
|
||||
mask_k = 0;
|
||||
mask_a = 0;
|
||||
@@ -2712,13 +2717,18 @@ void ssl_set_masks(SSL *s)
|
||||
ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
|
||||
if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
|
||||
ecdsa_ok = 0;
|
||||
if (ecdsa_ok)
|
||||
if (ecdsa_ok) {
|
||||
fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
|
||||
mask_a |= SSL_aECDSA;
|
||||
mask_a |= SSL_aSM2;//先将就一下
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SM2
|
||||
//这个现在不好用啊!
|
||||
if (have_sm2_cert) {
|
||||
uint32_t ex_kusage;
|
||||
fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
|
||||
cpk = &c->pkeys[SSL_PKEY_SM2_SIGN];
|
||||
x = cpk->x509;
|
||||
OPENSSL_assert(x);
|
||||
@@ -2874,7 +2884,7 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher,
|
||||
} else if ((alg_a & SSL_aECDSA) &&
|
||||
(c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
|
||||
idx = SSL_PKEY_ECC;
|
||||
#ifndef OPENSSL_NO_GMTLS_SM2
|
||||
#ifndef OPENSSL_NO_SM2
|
||||
else if ((alg_a & SSL_aSM2) &&
|
||||
(c->pkeys[SSL_PKEY_SM2_SIGN].privatekey != NULL))
|
||||
idx = SSL_PKEY_SM2_SIGN;
|
||||
@@ -3156,10 +3166,8 @@ const char *ssl_protocol_to_string(int version)
|
||||
return "DTLSv1";
|
||||
else if (version == DTLS1_2_VERSION)
|
||||
return "DTLSv1.2";
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
else if (version == GMTLS_VERSION)
|
||||
return "GMTLSv1.1";
|
||||
#endif
|
||||
else
|
||||
return ("unknown");
|
||||
}
|
||||
|
||||
@@ -231,13 +231,11 @@
|
||||
# define SSL_kECDHEPSK 0x00000080U
|
||||
# define SSL_kDHEPSK 0x00000100U
|
||||
|
||||
# ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
# define SSL_kSM2 0x00000200U
|
||||
# define SSL_kSM2DHE 0x00000400U
|
||||
# define SSL_kSM2PSK 0x00000800U
|
||||
# define SSL_kSM9 0x00001000U
|
||||
# define SSL_kSM9DHE 0x00002000U
|
||||
# endif
|
||||
# define SSL_kSM2 0x00000200U
|
||||
# define SSL_kSM2DHE 0x00000400U
|
||||
# define SSL_kSM2PSK 0x00000800U
|
||||
# define SSL_kSM9 0x00001000U
|
||||
# define SSL_kSM9DHE 0x00002000U
|
||||
|
||||
/* all PSK */
|
||||
|
||||
@@ -260,11 +258,9 @@
|
||||
# define SSL_aSRP 0x00000040U
|
||||
/* GOST R 34.10-2012 signature auth */
|
||||
# define SSL_aGOST12 0x00000080U
|
||||
# ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
/* SM2 */
|
||||
/* GMTLS */
|
||||
# define SSL_aSM2 0x00000100U
|
||||
# define SSL_aSM9 0x00000200U
|
||||
# endif
|
||||
|
||||
/* Bits for algorithm_enc (symmetric encryption) */
|
||||
# define SSL_DES 0x00000001U
|
||||
@@ -287,24 +283,20 @@
|
||||
# define SSL_AES256CCM8 0x00020000U
|
||||
# define SSL_eGOST2814789CNT12 0x00040000U
|
||||
# define SSL_CHACHA20POLY1305 0x00080000U
|
||||
# ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
# define SSL_SMS4 0x00100000U
|
||||
# define SSL_SMS4GCM 0x00200000U
|
||||
# define SSL_SMS4CCM 0x00400000U
|
||||
# define SSL_SMS4CCM8 0x00800000U
|
||||
# define SSL_ZUC 0x01000000U
|
||||
# define SSL_SM1 0x02000000U
|
||||
# define SSL_SSF33 0x04000000U
|
||||
# endif
|
||||
# define SSL_SMS4 0x00100000U
|
||||
# define SSL_SMS4GCM 0x00200000U
|
||||
# define SSL_SMS4CCM 0x00400000U
|
||||
# define SSL_SMS4CCM8 0x00800000U
|
||||
# define SSL_ZUC 0x01000000U
|
||||
# define SSL_SM1 0x02000000U
|
||||
# define SSL_SSF33 0x04000000U
|
||||
|
||||
# define SSL_AESGCM (SSL_AES128GCM | SSL_AES256GCM)
|
||||
# define SSL_AESCCM (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8)
|
||||
# define SSL_AES (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM)
|
||||
# define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
|
||||
# define SSL_CHACHA20 (SSL_CHACHA20POLY1305)
|
||||
# ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
# define SSL_SMS4ALL (SSL_SMS4 | SSL_SMS4GCM | SSL_SMS4CCM | SSL_SMS4CCM8)
|
||||
# endif
|
||||
# define SSL_SMS4ALL (SSL_SMS4 | SSL_SMS4GCM | SSL_SMS4CCM | SSL_SMS4CCM8)
|
||||
|
||||
/* Bits for algorithm_mac (symmetric authentication) */
|
||||
|
||||
@@ -319,9 +311,7 @@
|
||||
# define SSL_GOST12_256 0x00000080U
|
||||
# define SSL_GOST89MAC12 0x00000100U
|
||||
# define SSL_GOST12_512 0x00000200U
|
||||
# ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
# define SSL_SM3 0x00000400U
|
||||
# endif
|
||||
# define SSL_SM3 0x00000400U
|
||||
|
||||
/*
|
||||
* When adding new digest in the ssl_ciph.c and increment SSL_MD_NUM_IDX make
|
||||
@@ -340,12 +330,8 @@
|
||||
# define SSL_MD_MD5_SHA1_IDX 9
|
||||
# define SSL_MD_SHA224_IDX 10
|
||||
# define SSL_MD_SHA512_IDX 11
|
||||
# ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
# define SSL_MD_SM3_IDX 12
|
||||
# define SSL_MAX_DIGEST 13
|
||||
# else
|
||||
# define SSL_MAX_DIGEST 12
|
||||
# endif
|
||||
# define SSL_MD_SM3_IDX 12
|
||||
# define SSL_MAX_DIGEST 13
|
||||
|
||||
/* Bits for algorithm2 (handshake digests and other extra flags) */
|
||||
|
||||
@@ -358,9 +344,7 @@
|
||||
# define SSL_HANDSHAKE_MAC_GOST12_256 SSL_MD_GOST12_256_IDX
|
||||
# define SSL_HANDSHAKE_MAC_GOST12_512 SSL_MD_GOST12_512_IDX
|
||||
# define SSL_HANDSHAKE_MAC_DEFAULT SSL_HANDSHAKE_MAC_MD5_SHA1
|
||||
# ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
# define SSL_HANDSHAKE_MAC_SM3 SSL_MD_SM3_IDX
|
||||
# endif
|
||||
# define SSL_HANDSHAKE_MAC_SM3 SSL_MD_SM3_IDX
|
||||
|
||||
/* Bits 8-15 bits are PRF */
|
||||
# define TLS1_PRF_DGST_SHIFT 8
|
||||
@@ -370,10 +354,8 @@
|
||||
# define TLS1_PRF_GOST94 (SSL_MD_GOST94_IDX << TLS1_PRF_DGST_SHIFT)
|
||||
# define TLS1_PRF_GOST12_256 (SSL_MD_GOST12_256_IDX << TLS1_PRF_DGST_SHIFT)
|
||||
# define TLS1_PRF_GOST12_512 (SSL_MD_GOST12_512_IDX << TLS1_PRF_DGST_SHIFT)
|
||||
# define TLS1_PRF (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT)
|
||||
# ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
# define TLS1_PRF_SM3 (SSL_MD_SM3_IDX << TLS1_PRF_DGST_SHIFT)
|
||||
# endif
|
||||
# define TLS1_PRF (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT)
|
||||
# define TLS1_PRF_SM3 (SSL_MD_SM3_IDX << TLS1_PRF_DGST_SHIFT)
|
||||
|
||||
/*
|
||||
* Stream MAC for GOST ciphersuites from cryptopro draft (currently this also
|
||||
@@ -443,14 +425,10 @@
|
||||
# define SSL_PKEY_GOST01 4
|
||||
# define SSL_PKEY_GOST12_256 5
|
||||
# define SSL_PKEY_GOST12_512 6
|
||||
# ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
# define SSL_PKEY_SM2_ENC 7
|
||||
# define SSL_PKEY_SM2_SIGN 8
|
||||
# define SSL_PKEY_SM9 9
|
||||
# define SSL_PKEY_NUM 10
|
||||
# else
|
||||
# define SSL_PKEY_NUM 7
|
||||
# endif
|
||||
# define SSL_PKEY_SM2_ENC 7
|
||||
# define SSL_PKEY_SM2_SIGN 8
|
||||
# define SSL_PKEY_SM9_SIGN 9
|
||||
# define SSL_PKEY_NUM 10
|
||||
|
||||
/*
|
||||
* Pseudo-constant. GOST cipher suites can use different certs for 1
|
||||
@@ -591,7 +569,7 @@ struct ssl_session_st {
|
||||
int not_resumable;
|
||||
/* This is the cert and type for the other end. */
|
||||
X509 *peer;
|
||||
# ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
# ifndef OPENSSL_NO_GMTLS
|
||||
X509 *peer_extra;
|
||||
char *peer_identity;
|
||||
CERT_SM9 ibe;
|
||||
@@ -1726,12 +1704,9 @@ __owur const SSL_METHOD *dtls_bad_ver_client_method(void);
|
||||
__owur const SSL_METHOD *dtlsv1_2_method(void);
|
||||
__owur const SSL_METHOD *dtlsv1_2_server_method(void);
|
||||
__owur const SSL_METHOD *dtlsv1_2_client_method(void);
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
__owur const SSL_METHOD *gmtls_method(void);
|
||||
__owur const SSL_METHOD *gmtls_server_method(void);
|
||||
__owur const SSL_METHOD *gmtls_client_method(void);
|
||||
#endif
|
||||
|
||||
|
||||
extern const SSL3_ENC_METHOD TLSv1_enc_data;
|
||||
extern const SSL3_ENC_METHOD TLSv1_1_enc_data;
|
||||
@@ -1739,9 +1714,7 @@ extern const SSL3_ENC_METHOD TLSv1_2_enc_data;
|
||||
extern const SSL3_ENC_METHOD SSLv3_enc_data;
|
||||
extern const SSL3_ENC_METHOD DTLSv1_enc_data;
|
||||
extern const SSL3_ENC_METHOD DTLSv1_2_enc_data;
|
||||
# ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
extern const SSL3_ENC_METHOD GMTLS_enc_data;
|
||||
# endif
|
||||
|
||||
/*
|
||||
* Flags for SSL methods
|
||||
@@ -1750,9 +1723,8 @@ extern const SSL3_ENC_METHOD GMTLS_enc_data;
|
||||
# define SSL_METHOD_NO_SUITEB (1U<<1)
|
||||
|
||||
|
||||
# ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
# define IMPLEMENT_gmtls_meth_func(flags, mask, func_name, s_accept, \
|
||||
s_connect, enc_data) \
|
||||
# define IMPLEMENT_gmtls_meth_func(flags, mask, func_name, s_accept, \
|
||||
s_connect, enc_data) \
|
||||
const SSL_METHOD *func_name(void) \
|
||||
{ \
|
||||
static const SSL_METHOD func_name##_data= { \
|
||||
@@ -1788,7 +1760,6 @@ const SSL_METHOD *func_name(void) \
|
||||
}; \
|
||||
return &func_name##_data; \
|
||||
}
|
||||
# endif /* OPENSSL_NO_GMTLS_METHOD */
|
||||
|
||||
# define IMPLEMENT_tls_meth_func(version, flags, mask, func_name, s_accept, \
|
||||
s_connect, enc_data) \
|
||||
@@ -1828,15 +1799,6 @@ const SSL_METHOD *func_name(void) \
|
||||
return &func_name##_data; \
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
# define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect) \
|
||||
const SSL_METHOD *func_name(void) \
|
||||
{ \
|
||||
@@ -2114,9 +2076,7 @@ __owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
|
||||
int use_context);
|
||||
__owur int tls1_alert_code(int code);
|
||||
__owur int ssl3_alert_code(int code);
|
||||
# ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
__owur int gmtls_alert_code(int code);
|
||||
# endif
|
||||
__owur int ssl_ok(SSL *s);
|
||||
|
||||
# ifndef OPENSSL_NO_EC
|
||||
|
||||
@@ -129,6 +129,7 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
|
||||
return (0);
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_SM2
|
||||
/* set private key even without keyUsage in cert */
|
||||
if (i == SSL_PKEY_SM2_SIGN) {
|
||||
if (c->pkeys[SSL_PKEY_SM2_ENC].privatekey)
|
||||
@@ -140,6 +141,7 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
|
||||
else
|
||||
i = SSL_PKEY_SM2_SIGN;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (c->pkeys[i].x509 != NULL) {
|
||||
EVP_PKEY *pktmp;
|
||||
@@ -159,8 +161,6 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
|
||||
/*
|
||||
* Don't check the public/private key, this is mostly for smart
|
||||
* cards.
|
||||
* SM2和EC也可能是智能卡!
|
||||
*
|
||||
*/
|
||||
if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA
|
||||
&& RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK) ;
|
||||
|
||||
@@ -153,7 +153,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
|
||||
if (src->peer != NULL)
|
||||
X509_up_ref(src->peer);
|
||||
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
if (src->peer_extra != NULL)
|
||||
X509_up_ref(src->peer_extra);
|
||||
#endif
|
||||
@@ -764,7 +764,7 @@ void SSL_SESSION_free(SSL_SESSION *ss)
|
||||
OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
|
||||
OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
|
||||
X509_free(ss->peer);
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
X509_free(ss->peer_extra);
|
||||
#endif
|
||||
sk_X509_pop_free(ss->peer_chain, X509_free);
|
||||
@@ -899,7 +899,7 @@ X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
|
||||
return s->peer;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
X509 *SSL_SESSION_get0_peer_extra(SSL_SESSION *s)
|
||||
{
|
||||
return s->peer_extra;
|
||||
|
||||
@@ -286,7 +286,7 @@ const char *SSL_alert_desc_string(int value)
|
||||
return "BH";
|
||||
case TLS1_AD_UNKNOWN_PSK_IDENTITY:
|
||||
return "UP";
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
case GMTLS_AD_UNSUPPORTED_SITE2SITE:
|
||||
return "U2";
|
||||
case GMTLS_AD_NO_AREA:
|
||||
@@ -370,7 +370,7 @@ const char *SSL_alert_desc_string_long(int value)
|
||||
return "unknown PSK identity";
|
||||
case TLS1_AD_NO_APPLICATION_PROTOCOL:
|
||||
return "no application protocol";
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
case GMTLS_AD_UNSUPPORTED_SITE2SITE:
|
||||
return "unsupported site2site";
|
||||
case GMTLS_AD_NO_AREA:
|
||||
|
||||
@@ -1,3 +1,51 @@
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the GmSSL Project.
|
||||
* (http://gmssl.org/)"
|
||||
*
|
||||
* 4. The name "GmSSL Project" must not be used to endorse or promote
|
||||
* products derived from this software without prior written
|
||||
* permission. For written permission, please contact
|
||||
* guanzhi1980@gmail.com.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "GmSSL"
|
||||
* nor may "GmSSL" appear in their names without prior written
|
||||
* permission of the GmSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the GmSSL Project
|
||||
* (http://gmssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*/
|
||||
/*
|
||||
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
@@ -60,13 +108,13 @@
|
||||
#ifndef OPENSSL_NO_DH
|
||||
# include <openssl/dh.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SM2
|
||||
# include <openssl/sm2.h>
|
||||
#endif
|
||||
#include <openssl/bn.h>
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
# include <openssl/engine.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SM2
|
||||
# include <openssl/sm2.h>
|
||||
#endif
|
||||
|
||||
static ossl_inline int cert_req_allowed(SSL *s);
|
||||
static int key_exchange_expected(SSL *s);
|
||||
@@ -89,7 +137,6 @@ static ossl_inline int cert_req_allowed(SSL *s)
|
||||
|| (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK)))
|
||||
return 0;
|
||||
|
||||
/* gmtls ciphers always allow req */
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -104,11 +151,10 @@ static int key_exchange_expected(SSL *s)
|
||||
{
|
||||
long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
|
||||
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
if (s->version == GMTLS_VERSION)
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
if (SSL_IS_GMTLS(s))
|
||||
return 1;
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Can't skip server key exchange if this is an ephemeral
|
||||
* ciphersuite or for SRP
|
||||
@@ -649,9 +695,8 @@ MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt)
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
if (SSL_IS_GMTLS(s))
|
||||
return tls_process_server_certificate(s, pkt);
|
||||
else
|
||||
#endif
|
||||
return tls_process_server_certificate(s, pkt);
|
||||
return tls_process_server_certificate(s, pkt);
|
||||
|
||||
case TLS_ST_CR_CERT_STATUS:
|
||||
return tls_process_cert_status(s, pkt);
|
||||
@@ -660,9 +705,8 @@ MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt)
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
if (SSL_IS_GMTLS(s))
|
||||
return gmtls_process_server_key_exchange(s, pkt);
|
||||
else
|
||||
#endif
|
||||
return tls_process_server_key_exchange(s, pkt);
|
||||
return tls_process_server_key_exchange(s, pkt);
|
||||
|
||||
case TLS_ST_CR_CERT_REQ:
|
||||
return tls_process_certificate_request(s, pkt);
|
||||
@@ -1544,11 +1588,6 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
|
||||
#endif
|
||||
}
|
||||
|
||||
//这个函数实际上就是从packet里面读取曲线参数,对方临时公钥
|
||||
//把这个临时公钥设置到s->s3->peer_tmp (在哪儿处理的?)
|
||||
//然后再根据认证算法(s->s3->tmp.new_cipher->algorithm_auth 确定对方的签名算法(应该是证书中拿到的)
|
||||
//最后从s->session->peer中取出对方的签名公钥,从pkey参数返回
|
||||
//这个函数并不去处理签名值,而是留给后续处理,因此sm2的话不提取任何数据,这个函数是无效的
|
||||
static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
|
||||
{
|
||||
#ifndef OPENSSL_NO_EC
|
||||
@@ -1633,10 +1672,9 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
|
||||
* ECParameters in the server key exchange message. We do support RSA
|
||||
* and ECDSA.
|
||||
*/
|
||||
// 这里的s->session->peer 应该是在处理证书消息的时候设定的,要看看具体在哪儿
|
||||
if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA)
|
||||
*pkey = X509_get0_pubkey(s->session->peer);
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
#ifndef OPENSSL_NO_SM2
|
||||
else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSM2)
|
||||
*pkey = X509_get0_pubkey(s->session->peer);
|
||||
#endif
|
||||
@@ -2292,13 +2330,9 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al)
|
||||
}
|
||||
|
||||
q = *p;
|
||||
/* Fix buf for TLS and beyond */
|
||||
if (s->version > SSL3_VERSION)
|
||||
/* Fix buf for TLS, GMTLS and beyond */
|
||||
if (s->version > SSL3_VERSION || SSL_IS_GMTLS(s))
|
||||
*p += 2;
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
if (s->version == GMTLS_VERSION)
|
||||
*p += 2;
|
||||
#endif
|
||||
pctx = EVP_PKEY_CTX_new(pkey, NULL);
|
||||
if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0
|
||||
|| EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) {
|
||||
@@ -2317,21 +2351,13 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al)
|
||||
(*p)[1]++;
|
||||
if (s->options & SSL_OP_PKCS1_CHECK_2)
|
||||
tmp_buf[0] = 0x70;
|
||||
|
||||
// tmp_buf 没有定义,可能出现了编辑错误!
|
||||
# endif
|
||||
|
||||
/* Fix buf for TLS and beyond */
|
||||
if (s->version > SSL3_VERSION) {
|
||||
if (s->version > SSL3_VERSION || SSL_IS_GMTLS(s)) {
|
||||
s2n(*len, q);
|
||||
*len += 2;
|
||||
}
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
if (s->version == GMTLS_VERSION) {
|
||||
s2n(*len, q);
|
||||
*len += 2;
|
||||
}
|
||||
#endif
|
||||
|
||||
s->s3->tmp.pms = pms;
|
||||
s->s3->tmp.pmslen = pmslen;
|
||||
|
||||
@@ -1,3 +1,51 @@
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the GmSSL Project.
|
||||
* (http://gmssl.org/)"
|
||||
*
|
||||
* 4. The name "GmSSL Project" must not be used to endorse or promote
|
||||
* products derived from this software without prior written
|
||||
* permission. For written permission, please contact
|
||||
* guanzhi1980@gmail.com.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "GmSSL"
|
||||
* nor may "GmSSL" appear in their names without prior written
|
||||
* permission of the GmSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the GmSSL Project
|
||||
* (http://gmssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*/
|
||||
/*
|
||||
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
@@ -230,8 +278,8 @@ static int send_server_key_exchange(SSL *s)
|
||||
{
|
||||
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
|
||||
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
if (s->method->version == GMTLS_VERSION)
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
if (SSL_IS_GMTLS(s))
|
||||
return 1;
|
||||
#endif
|
||||
|
||||
@@ -643,17 +691,15 @@ int ossl_statem_server_construct_message(SSL *s)
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
if (SSL_IS_GMTLS(s))
|
||||
return tls_construct_server_certificate(s)
|
||||
else
|
||||
#endif
|
||||
return tls_construct_server_certificate(s);
|
||||
return tls_construct_server_certificate(s);
|
||||
|
||||
case TLS_ST_SW_KEY_EXCH:
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
if (SSL_IS_GMTLS(s))
|
||||
return gmtls_construct_server_key_exchange(s)
|
||||
else
|
||||
#endif
|
||||
return tls_construct_server_key_exchange(s);
|
||||
return tls_construct_server_key_exchange(s);
|
||||
|
||||
case TLS_ST_SW_CERT_REQ:
|
||||
return tls_construct_certificate_request(s);
|
||||
@@ -760,20 +806,18 @@ MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt)
|
||||
return tls_process_client_hello(s, pkt);
|
||||
|
||||
case TLS_ST_SR_CERT:
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
if (SSL_IS_GMTLS(s))
|
||||
return tls_process_client_certificate(s, pkt);
|
||||
else
|
||||
#endif
|
||||
return tls_process_client_certificate(s, pkt);
|
||||
return tls_process_client_certificate(s, pkt);
|
||||
|
||||
case TLS_ST_SR_KEY_EXCH:
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
if (SSL_IS_GMTLS(s))
|
||||
return gmtls_process_client_key_exchange(s, pkt);
|
||||
else
|
||||
#endif
|
||||
return tls_process_client_key_exchange(s, pkt);
|
||||
return tls_process_client_key_exchange(s, pkt);
|
||||
|
||||
case TLS_ST_SR_CERT_VRFY:
|
||||
return tls_process_cert_verify(s, pkt);
|
||||
@@ -984,7 +1028,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
|
||||
} else if ((version & 0xff00) == (SSL3_VERSION_MAJOR << 8)) {
|
||||
/* SSLv3/TLS */
|
||||
s->client_version = version;
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
} else if (version == GMTLS_VERSION) {
|
||||
s->client_version = version;
|
||||
#endif
|
||||
@@ -1273,7 +1317,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
|
||||
}
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
if (!s->hit && (s->version == GMTLS_VERSION || s->version >= TLS1_VERSION)
|
||||
&& s->tls_session_secret_cb) {
|
||||
#else
|
||||
@@ -1668,7 +1712,7 @@ int tls_construct_server_key_exchange(SSL *s)
|
||||
BUF_MEM *buf;
|
||||
EVP_MD_CTX *md_ctx = NULL;
|
||||
|
||||
if (!(md_ctx == EVP_MD_CTX_new())) {
|
||||
if (!(md_ctx = EVP_MD_CTX_new())) {
|
||||
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
|
||||
al = SSL_AD_INTERNAL_ERROR;
|
||||
goto f_err;
|
||||
|
||||
17
ssl/t1_lib.c
17
ssl/t1_lib.c
@@ -84,7 +84,6 @@ SSL3_ENC_METHOD const TLSv1_2_enc_data = {
|
||||
ssl3_handshake_write
|
||||
};
|
||||
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
SSL3_ENC_METHOD const GMTLS_enc_data = {
|
||||
tls1_enc,
|
||||
tls1_mac,
|
||||
@@ -102,7 +101,6 @@ SSL3_ENC_METHOD const GMTLS_enc_data = {
|
||||
ssl3_set_handshake_header,
|
||||
ssl3_handshake_write
|
||||
};
|
||||
#endif
|
||||
|
||||
long tls1_default_timeout(void)
|
||||
{
|
||||
@@ -179,9 +177,7 @@ static const tls_curve_info nid_list[] = {
|
||||
{NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */
|
||||
{NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */
|
||||
{NID_X25519, 128, TLS_CURVE_CUSTOM}, /* X25519 (29) */
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
{NID_sm2p256v1, 128, TLS_CURVE_PRIME}, /* sm2p256v1 (30) */
|
||||
#endif
|
||||
};
|
||||
|
||||
static const unsigned char ecformats_default[] = {
|
||||
@@ -192,9 +188,7 @@ static const unsigned char ecformats_default[] = {
|
||||
|
||||
/* The default curves */
|
||||
static const unsigned char eccurves_default[] = {
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
0, 30, /* sm2p256v1 (30) */
|
||||
#endif
|
||||
0, 30, /* sm2p256v1 (30) */
|
||||
0, 29, /* X25519 (29) */
|
||||
0, 23, /* secp256r1 (23) */
|
||||
0, 25, /* secp521r1 (25) */
|
||||
@@ -345,8 +339,8 @@ int tls1_shared_curve(SSL *s, int nmatch)
|
||||
size_t num_pref, num_supp, i, j;
|
||||
int k;
|
||||
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
if (s->method->version == GMTLS_VERSION)
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
if (SSL_IS_GMTLS(s))
|
||||
return NID_sm2p256v1;
|
||||
#endif
|
||||
|
||||
@@ -3005,13 +2999,8 @@ int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext,
|
||||
* If tickets disabled behave as if no ticket present to permit stateful
|
||||
* resumption.
|
||||
*/
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
if ((s->version <= SSL3_VERSION) && (s->version != GMTLS_VERSION))
|
||||
return 0;
|
||||
#else
|
||||
if ((s->version <= SSL3_VERSION))
|
||||
return 0;
|
||||
#endif
|
||||
|
||||
if (!PACKET_get_net_2(&local_ext, &i)) {
|
||||
retv = 0;
|
||||
|
||||
@@ -61,12 +61,10 @@ static ssl_trace_tbl ssl_version_tbl[] = {
|
||||
{TLS1_VERSION, "TLS 1.0"},
|
||||
{TLS1_1_VERSION, "TLS 1.1"},
|
||||
{TLS1_2_VERSION, "TLS 1.2"},
|
||||
#ifndef OPENSSL_NO_GMTLS_VERSION
|
||||
{GMTLS_VERSION, "GMTLS 1.1"},
|
||||
#endif
|
||||
{DTLS1_VERSION, "DTLS 1.0"},
|
||||
{DTLS1_2_VERSION, "DTLS 1.2"},
|
||||
{DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
|
||||
{DTLS1_BAD_VER, "DTLS 1.0 (bad)"},
|
||||
{GMTLS_VERSION, "GMTLS 1.1"}
|
||||
};
|
||||
|
||||
static ssl_trace_tbl ssl_content_tbl[] = {
|
||||
@@ -425,8 +423,7 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = {
|
||||
{0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305"},
|
||||
{0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305"},
|
||||
{0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305"},
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
# if 1 /* GM/T 0024 official names */
|
||||
# if 0 /* GM/T 0024 official names */
|
||||
{0xE001, "GMT_ECDHE_SM1_SM3"},
|
||||
{0xE003, "GMT_ECC_SM1_SM3"},
|
||||
{0xE005, "GMT_IBSDH_SM1_SM3"},
|
||||
@@ -468,7 +465,6 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = {
|
||||
{0xE10A, "GMTLS_ECDHE_SM2_WITH_SMS4_GCM_SHA256"},
|
||||
{0xE10B, "GMTLS_ECDHE_SM2_WITH_SMS4_CCM_SHA256"},
|
||||
{0xE10C, "GMTLS_ECDHE_SM2_WITH_SMS4_CCM_8_SHA256"},
|
||||
#endif
|
||||
{0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
|
||||
{0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
|
||||
|
||||
@@ -539,9 +535,7 @@ static ssl_trace_tbl ssl_curve_tbl[] = {
|
||||
{27, "brainpoolP384r1"},
|
||||
{28, "brainpoolP512r1"},
|
||||
{29, "ecdh_x25519"},
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
{30, "sm2p256v1"},
|
||||
#endif
|
||||
{30, "sm2p256v1"},
|
||||
{0xFF01, "arbitrary_explicit_prime_curves"},
|
||||
{0xFF02, "arbitrary_explicit_char2_curves"}
|
||||
};
|
||||
@@ -560,9 +554,7 @@ static ssl_trace_tbl ssl_md_tbl[] = {
|
||||
{TLSEXT_hash_sha256, "sha256"},
|
||||
{TLSEXT_hash_sha384, "sha384"},
|
||||
{TLSEXT_hash_sha512, "sha512"},
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
{TLSEXT_hash_sm3, "sm3"},
|
||||
#endif
|
||||
{TLSEXT_hash_gostr3411, "md_gost94"},
|
||||
{TLSEXT_hash_gostr34112012_256, "md_gost2012_256"},
|
||||
{TLSEXT_hash_gostr34112012_512, "md_gost2012_512"}
|
||||
@@ -573,9 +565,7 @@ static ssl_trace_tbl ssl_sig_tbl[] = {
|
||||
{TLSEXT_signature_rsa, "rsa"},
|
||||
{TLSEXT_signature_dsa, "dsa"},
|
||||
{TLSEXT_signature_ecdsa, "ecdsa"},
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
{TLSEXT_signature_sm2sign, "sm2sign"},
|
||||
#endif
|
||||
{TLSEXT_signature_gostr34102001, "gost2001"},
|
||||
{TLSEXT_signature_gostr34102012_256, "gost2012_256"},
|
||||
{TLSEXT_signature_gostr34102012_512, "gost2012_512"}
|
||||
@@ -599,9 +589,7 @@ static ssl_trace_tbl ssl_ctype_tbl[] = {
|
||||
{5, "rsa_ephemeral_dh"},
|
||||
{6, "dss_ephemeral_dh"},
|
||||
{20, "fortezza_dms"},
|
||||
#ifndef OPENSSL_NO_GMTLS_METHOD
|
||||
{7, "sm2_sign"},
|
||||
#endif
|
||||
{64, "ecdsa_sign"},
|
||||
{65, "rsa_fixed_ecdh"},
|
||||
{66, "ecdsa_fixed_ecdh"}
|
||||
@@ -958,7 +946,6 @@ static int ssl_get_keyex(const char **pname, SSL *ssl)
|
||||
*pname = "GOST";
|
||||
return SSL_kGOST;
|
||||
}
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
if (alg_k & SSL_kSM2) {
|
||||
*pname = "SM2";
|
||||
return SSL_kSM2;
|
||||
@@ -979,7 +966,6 @@ static int ssl_get_keyex(const char **pname, SSL *ssl)
|
||||
*pname = "SM9DHE";
|
||||
return SSL_kSM9DHE;
|
||||
}
|
||||
#endif
|
||||
*pname = "UNKNOWN";
|
||||
return 0;
|
||||
}
|
||||
@@ -1023,7 +1009,6 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
|
||||
return 0;
|
||||
break;
|
||||
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
case SSL_kSM2:
|
||||
case SSL_kSM9:
|
||||
if (!ssl_print_hexbuf(bio, indent + 2,
|
||||
@@ -1041,7 +1026,6 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
|
||||
if (!ssl_print_hexbuf(bio, indent + 2, "sm9_Yc", 1, &msg, &msglen))
|
||||
return 0;
|
||||
break;
|
||||
#endif
|
||||
}
|
||||
|
||||
return !msglen;
|
||||
@@ -1083,10 +1067,8 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
|
||||
# ifndef OPENSSL_NO_EC
|
||||
case SSL_kECDHE:
|
||||
case SSL_kECDHEPSK:
|
||||
# ifndef OPENSSL_NO_GMTLS
|
||||
case SSL_kSM2DHE:
|
||||
case SSL_kSM2PSK:
|
||||
# endif
|
||||
if (msglen < 1)
|
||||
return 0;
|
||||
BIO_indent(bio, indent + 2, 80);
|
||||
|
||||
Reference in New Issue
Block a user