abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-16 01:43:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

first step of v2 final release

Browse Source
This commit is contained in:
Zhi Guan
2017-11-05 21:00:36 +08:00
parent 480b9e8d88
commit 27bde477a5
395 changed files with 26341 additions and 31364 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/build.info
View File

@@ -11,4 +11,4 @@ SOURCE[../libssl]=\
ssl_asn1.c ssl_txt.c ssl_init.c ssl_conf.c ssl_mcnf.c \
bio_ssl.c ssl_err.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c \
record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c \
statem/statem.c
statem/statem.c statem/statem_gmtls.c

38
ssl/methods.c
View File

@@ -160,6 +160,27 @@ IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
DTLS_client_method,
ssl_undefined_function,
ossl_statem_connect, DTLSv1_2_enc_data)
/*-
* GMTLS methods
*/
#ifndef OPENSSL_NO_GMTLS_METHOD
IMPLEMENT_gmtls_meth_func(0, SSL_OP_NO_GMTLS,
gmtls_method,
ossl_statem_accept,
ossl_statem_connect, GMTLS_enc_data)
IMPLEMENT_gmtls_meth_func(0, SSL_OP_NO_GMTLS,
gmtls_server_method,
ossl_statem_accept,
ssl_undefined_function, GMTLS_enc_data)
IMPLEMENT_gmtls_meth_func(0, SSL_OP_NO_GMTLS,
gmtls_client_method,
ssl_undefined_function,
ossl_statem_connect, GMTLS_enc_data)
#endif
#if OPENSSL_API_COMPAT < 0x10100000L
# ifndef OPENSSL_NO_TLS1_2_METHOD
const SSL_METHOD *TLSv1_2_method(void)
@@ -263,4 +284,21 @@ const SSL_METHOD *DTLSv1_client_method(void)
}
# endif
# ifndef OPENSSL_NO_GMTLS_METHOD
const SSL_METHOD *GMTLS_method(void)
{
return gmtls_method();
}
const SSL_METHOD *GMTLS_server_method(void)
{
return gmtls_server_method();
}
const SSL_METHOD *GMTLS_client_method(void)
{
return gmtls_client_method();
}
# endif
#endif

266
ssl/methods_gmtls.c
View File

@@ -1,266 +0,0 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <openssl/objects.h>
#include "ssl_locl.h"
/*-
* TLS/SSLv3 methods
*/
IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
TLS_method,
ossl_statem_accept,
ossl_statem_connect, TLSv1_2_enc_data)
#ifndef OPENSSL_NO_TLS1_2_METHOD
IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
tlsv1_2_method,
ossl_statem_accept,
ossl_statem_connect, TLSv1_2_enc_data)
#endif
#ifndef OPENSSL_NO_TLS1_1_METHOD
IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
tlsv1_1_method,
ossl_statem_accept,
ossl_statem_connect, TLSv1_1_enc_data)
#endif
#ifndef OPENSSL_NO_TLS1_METHOD
IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
tlsv1_method,
ossl_statem_accept, ossl_statem_connect, TLSv1_enc_data)
#endif
#ifndef OPENSSL_NO_SSL3_METHOD
IMPLEMENT_ssl3_meth_func(sslv3_method, ossl_statem_accept, ossl_statem_connect)
#endif
/*-
* TLS/SSLv3 server methods
*/
IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
TLS_server_method,
ossl_statem_accept,
ssl_undefined_function, TLSv1_2_enc_data)
#ifndef OPENSSL_NO_TLS1_2_METHOD
IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
tlsv1_2_server_method,
ossl_statem_accept,
ssl_undefined_function, TLSv1_2_enc_data)
#endif
#ifndef OPENSSL_NO_TLS1_1_METHOD
IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
tlsv1_1_server_method,
ossl_statem_accept,
ssl_undefined_function, TLSv1_1_enc_data)
#endif
#ifndef OPENSSL_NO_TLS1_METHOD
IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
tlsv1_server_method,
ossl_statem_accept,
ssl_undefined_function, TLSv1_enc_data)
#endif
#ifndef OPENSSL_NO_SSL3_METHOD
IMPLEMENT_ssl3_meth_func(sslv3_server_method,
ossl_statem_accept, ssl_undefined_function)
#endif
/*-
* TLS/SSLv3 client methods
*/
IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
TLS_client_method,
ssl_undefined_function,
ossl_statem_connect, TLSv1_2_enc_data)
#ifndef OPENSSL_NO_TLS1_2_METHOD
IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
tlsv1_2_client_method,
ssl_undefined_function,
ossl_statem_connect, TLSv1_2_enc_data)
#endif
#ifndef OPENSSL_NO_TLS1_1_METHOD
IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
tlsv1_1_client_method,
ssl_undefined_function,
ossl_statem_connect, TLSv1_1_enc_data)
#endif
#ifndef OPENSSL_NO_TLS1_METHOD
IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
tlsv1_client_method,
ssl_undefined_function,
ossl_statem_connect, TLSv1_enc_data)
#endif
#ifndef OPENSSL_NO_SSL3_METHOD
IMPLEMENT_ssl3_meth_func(sslv3_client_method,
ssl_undefined_function, ossl_statem_connect)
#endif
/*-
* DTLS methods
*/
#ifndef OPENSSL_NO_DTLS1_METHOD
IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
dtlsv1_method,
ossl_statem_accept,
ossl_statem_connect, DTLSv1_enc_data)
#endif
#ifndef OPENSSL_NO_DTLS1_2_METHOD
IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
dtlsv1_2_method,
ossl_statem_accept,
ossl_statem_connect, DTLSv1_2_enc_data)
#endif
IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
DTLS_method,
ossl_statem_accept,
ossl_statem_connect, DTLSv1_2_enc_data)
/*-
* DTLS server methods
*/
#ifndef OPENSSL_NO_DTLS1_METHOD
IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
dtlsv1_server_method,
ossl_statem_accept,
ssl_undefined_function, DTLSv1_enc_data)
#endif
#ifndef OPENSSL_NO_DTLS1_2_METHOD
IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
dtlsv1_2_server_method,
ossl_statem_accept,
ssl_undefined_function, DTLSv1_2_enc_data)
#endif
IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
DTLS_server_method,
ossl_statem_accept,
ssl_undefined_function, DTLSv1_2_enc_data)
/*-
* DTLS client methods
*/
#ifndef OPENSSL_NO_DTLS1_METHOD
IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
dtlsv1_client_method,
ssl_undefined_function,
ossl_statem_connect, DTLSv1_enc_data)
IMPLEMENT_dtls1_meth_func(DTLS1_BAD_VER, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
dtls_bad_ver_client_method,
ssl_undefined_function,
ossl_statem_connect, DTLSv1_enc_data)
#endif
#ifndef OPENSSL_NO_DTLS1_2_METHOD
IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
dtlsv1_2_client_method,
ssl_undefined_function,
ossl_statem_connect, DTLSv1_2_enc_data)
#endif
IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
DTLS_client_method,
ssl_undefined_function,
ossl_statem_connect, DTLSv1_2_enc_data)
#if OPENSSL_API_COMPAT < 0x10100000L
# ifndef OPENSSL_NO_TLS1_2_METHOD
const SSL_METHOD *TLSv1_2_method(void)
{
return tlsv1_2_method();
}
const SSL_METHOD *TLSv1_2_server_method(void)
{
return tlsv1_2_server_method();
}
const SSL_METHOD *TLSv1_2_client_method(void)
{
return tlsv1_2_client_method();
}
# endif
# ifndef OPENSSL_NO_TLS1_1_METHOD
const SSL_METHOD *TLSv1_1_method(void)
{
return tlsv1_1_method();
}
const SSL_METHOD *TLSv1_1_server_method(void)
{
return tlsv1_1_server_method();
}
const SSL_METHOD *TLSv1_1_client_method(void)
{
return tlsv1_1_client_method();
}
# endif
# ifndef OPENSSL_NO_TLS1_METHOD
const SSL_METHOD *TLSv1_method(void)
{
return tlsv1_method();
}
const SSL_METHOD *TLSv1_server_method(void)
{
return tlsv1_server_method();
}
const SSL_METHOD *TLSv1_client_method(void)
{
return tlsv1_client_method();
}
# endif
# ifndef OPENSSL_NO_SSL3_METHOD
const SSL_METHOD *SSLv3_method(void)
{
return sslv3_method();
}
const SSL_METHOD *SSLv3_server_method(void)
{
return sslv3_server_method();
}
const SSL_METHOD *SSLv3_client_method(void)
{
return sslv3_client_method();
}
# endif
# ifndef OPENSSL_NO_DTLS1_2_METHOD
const SSL_METHOD *DTLSv1_2_method(void)
{
return dtlsv1_2_method();
}
const SSL_METHOD *DTLSv1_2_server_method(void)
{
return dtlsv1_2_server_method();
}
const SSL_METHOD *DTLSv1_2_client_method(void)
{
return dtlsv1_2_client_method();
}
# endif
# ifndef OPENSSL_NO_DTLS1_METHOD
const SSL_METHOD *DTLSv1_method(void)
{
return dtlsv1_method();
}
const SSL_METHOD *DTLSv1_server_method(void)
{
return dtlsv1_server_method();
}
const SSL_METHOD *DTLSv1_client_method(void)
{
return dtlsv1_client_method();
}
# endif
#endif

2
ssl/record/rec_layer_s3.c
View File

@@ -1314,7 +1314,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (s->server &&
SSL_is_init_finished(s) &&
!s->s3->send_connection_binding &&
(s->version > SSL3_VERSION) &&
(s->version > SSL3_VERSION) &&
(s->rlayer.handshake_fragment_len >= 4) &&
(s->rlayer.handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
(s->session != NULL) && (s->session->cipher != NULL) &&

5
ssl/record/ssl3_record.c
View File

@@ -228,6 +228,11 @@ int ssl3_get_record(SSL *s)
goto f_err;
}
#ifndef OPENSSL_NO_GMTLS_METHOD
if (version == GMTLS_VERSION) {
/* do nothing */
} else
#endif
if ((version >> 8) != SSL3_VERSION_MAJOR) {
if (RECORD_LAYER_is_first_record(&s->rlayer)) {
/* Go back to start of packet, look at the five bytes

30
ssl/s3_cbc.c
View File

@@ -10,8 +10,12 @@
#include "internal/constant_time_locl.h"
#include "ssl_locl.h"
#include <openssl/md5.h>
#include <openssl/sha.h>
#ifndef OPENSSL_NO_MD5
# include <openssl/md5.h>
#endif
#ifndef OPENSSL_NO_SHA
# include <openssl/sha.h>
#endif
/*
* MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's
@@ -41,6 +45,7 @@
* standard "final" operation without adding the padding and length that such
* a function typically does.
*/
#ifndef OPENSSL_NO_MD5
static void tls1_md5_final_raw(void *ctx, unsigned char *md_out)
{
MD5_CTX *md5 = ctx;
@@ -49,7 +54,9 @@ static void tls1_md5_final_raw(void *ctx, unsigned char *md_out)
u32toLE(md5->C, md_out);
u32toLE(md5->D, md_out);
}
#endif
#ifndef OPENSSL_NO_SHA
static void tls1_sha1_final_raw(void *ctx, unsigned char *md_out)
{
SHA_CTX *sha1 = ctx;
@@ -60,6 +67,7 @@ static void tls1_sha1_final_raw(void *ctx, unsigned char *md_out)
l2n(sha1->h4, md_out);
}
# ifndef OPENSSL_NO_SHA256
static void tls1_sha256_final_raw(void *ctx, unsigned char *md_out)
{
SHA256_CTX *sha256 = ctx;
@@ -69,7 +77,9 @@ static void tls1_sha256_final_raw(void *ctx, unsigned char *md_out)
l2n(sha256->h[i], md_out);
}
}
# endif
# ifndef OPENSSL_NO_SHA512
static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
{
SHA512_CTX *sha512 = ctx;
@@ -80,8 +90,10 @@ static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
}
}
#undef LARGEST_DIGEST_CTX
#define LARGEST_DIGEST_CTX SHA512_CTX
# undef LARGEST_DIGEST_CTX
# define LARGEST_DIGEST_CTX SHA512_CTX
# endif
#endif
/*
* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
@@ -138,7 +150,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
{
union {
double align;
unsigned char c[sizeof(LARGEST_DIGEST_CTX)];
unsigned char c[256 /*sizeof(LARGEST_DIGEST_CTX)*/];
} md_state;
void (*md_final_raw) (void *ctx, unsigned char *md_out);
void (*md_transform) (void *ctx, const unsigned char *block);
@@ -169,6 +181,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
OPENSSL_assert(data_plus_mac_plus_padding_size < 1024 * 1024);
switch (EVP_MD_CTX_type(ctx)) {
#ifndef OPENSSL_NO_MD5
case NID_md5:
if (MD5_Init((MD5_CTX *)md_state.c) <= 0)
return 0;
@@ -179,6 +192,8 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
sslv3_pad_length = 48;
length_is_big_endian = 0;
break;
#endif
#ifndef OPENSSL_NO_SHA
case NID_sha1:
if (SHA1_Init((SHA_CTX *)md_state.c) <= 0)
return 0;
@@ -187,6 +202,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
(void (*)(void *ctx, const unsigned char *block))SHA1_Transform;
md_size = 20;
break;
# ifndef OPENSSL_NO_SHA256
case NID_sha224:
if (SHA224_Init((SHA256_CTX *)md_state.c) <= 0)
return 0;
@@ -203,6 +219,8 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
(void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
md_size = 32;
break;
# endif
# ifndef OPENSSL_NO_SHA512
case NID_sha384:
if (SHA384_Init((SHA512_CTX *)md_state.c) <= 0)
return 0;
@@ -223,6 +241,8 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
md_block_size = 128;
md_length_size = 16;
break;
# endif
#endif
default:
/*
* ssl3_cbc_record_digest_supported should have been called first to

37
ssl/s3_enc.c
View File

@@ -37,7 +37,9 @@
#include <stdio.h>
#include "ssl_locl.h"
#include <openssl/evp.h>
#include <openssl/md5.h>
#ifndef OPENSSL_NO_SSL3_METHOD
# include <openssl/md5.h>
static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
{
@@ -48,9 +50,9 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
unsigned int i, j, k;
int ret = 0;
#ifdef CHARSET_EBCDIC
# ifdef CHARSET_EBCDIC
c = os_toascii[c]; /* 'A' in ASCII */
#endif
# endif
k = 0;
m5 = EVP_MD_CTX_new();
s1 = EVP_MD_CTX_new();
@@ -100,6 +102,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
EVP_MD_CTX_free(s1);
return ret;
}
#endif
int ssl3_change_cipher_state(SSL *s, int which)
{
@@ -256,6 +259,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
return (0);
}
#ifndef OPENSSL_NO_SSL3_METHOD
int ssl3_setup_key_block(SSL *s)
{
unsigned char *p;
@@ -275,11 +279,11 @@ int ssl3_setup_key_block(SSL *s)
s->s3->tmp.new_sym_enc = c;
s->s3->tmp.new_hash = hash;
#ifdef OPENSSL_NO_COMP
# ifdef OPENSSL_NO_COMP
s->s3->tmp.new_compression = NULL;
#else
# else
s->s3->tmp.new_compression = comp;
#endif
# endif
num = EVP_MD_size(hash);
if (num < 0)
@@ -309,10 +313,10 @@ int ssl3_setup_key_block(SSL *s)
if (s->session->cipher->algorithm_enc == SSL_eNULL)
s->s3->need_empty_fragments = 0;
#ifndef OPENSSL_NO_RC4
# ifndef OPENSSL_NO_RC4
if (s->session->cipher->algorithm_enc == SSL_RC4)
s->s3->need_empty_fragments = 0;
#endif
# endif
}
}
@@ -322,6 +326,7 @@ int ssl3_setup_key_block(SSL *s)
SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
return (0);
}
#endif
void ssl3_cleanup_key_block(SSL *s)
{
@@ -444,27 +449,28 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p)
return ret;
}
#ifndef OPENSSL_NO_SSL3_METHOD
int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
int len)
{
static const unsigned char *salt[3] = {
#ifndef CHARSET_EBCDIC
# ifndef CHARSET_EBCDIC
(const unsigned char *)"A",
(const unsigned char *)"BB",
(const unsigned char *)"CCC",
#else
# else
(const unsigned char *)"\x41",
(const unsigned char *)"\x42\x42",
(const unsigned char *)"\x43\x43\x43",
#endif
# endif
};
unsigned char buf[EVP_MAX_MD_SIZE];
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
int i, ret = 0;
unsigned int n;
#ifdef OPENSSL_SSL_TRACE_CRYPTO
# ifdef OPENSSL_SSL_TRACE_CRYPTO
unsigned char *tmpout = out;
#endif
# endif
if (ctx == NULL) {
SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_MALLOC_FAILURE);
@@ -493,7 +499,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
}
EVP_MD_CTX_free(ctx);
#ifdef OPENSSL_SSL_TRACE_CRYPTO
# ifdef OPENSSL_SSL_TRACE_CRYPTO
if (ret > 0 && s->msg_callback) {
s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER,
p, len, s, s->msg_callback_arg);
@@ -507,10 +513,11 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
tmpout, SSL3_MASTER_SECRET_SIZE,
s, s->msg_callback_arg);
}
#endif
# endif
OPENSSL_cleanse(buf, sizeof(buf));
return (ret);
}
#endif
int ssl3_alert_code(int code)
{

294
ssl/s3_lib.c
View File

@@ -50,8 +50,12 @@
#include <stdio.h>
#include <openssl/objects.h>
#include "ssl_locl.h"
#include <openssl/md5.h>
#include <openssl/dh.h>
#ifndef OPENSSL_NO_MD5
# include <openssl/md5.h>
#endif
#ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
#endif
#include <openssl/rand.h>
#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
@@ -97,6 +101,284 @@ static SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
#ifndef OPENSSL_NO_GMTLS
/* GM/T 0024 ciphersuites
* SM2(ENC) and SM9(ENC) only allowed in GMTLS 1.1
*/
{
1,
GMTLS_TXT_SM2DHE_WITH_SM1_SM3,
GMTLS_CK_SM2DHE_WITH_SM1_SM3,
SSL_kSM2DHE,
SSL_aSM2,
SSL_SM1,
SSL_SM3,
GMTLS_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
{
1,
GMTLS_TXT_SM2_WITH_SM1_SM3,
GMTLS_CK_SM2_WITH_SM1_SM3,
SSL_kSM2,
SSL_aSM2,
SSL_SM1,
SSL_SM3,
GMTLS_VERSION, GMTLS_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
{
1,
GMTLS_TXT_SM9DHE_WITH_SM1_SM3,
GMTLS_CK_SM9DHE_WITH_SM1_SM3,
SSL_kSM9DHE,
SSL_aSM9,
SSL_SM1,
SSL_SM3,
GMTLS_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
{
1,
GMTLS_TXT_SM9_WITH_SM1_SM3,
GMTLS_CK_SM9_WITH_SM1_SM3,
SSL_kSM9,
SSL_aSM9,
SSL_SM1,
SSL_SM3,
GMTLS_VERSION, GMTLS_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
{
1,
GMTLS_TXT_RSA_WITH_SM1_SM3,
GMTLS_CK_RSA_WITH_SM1_SM3,
SSL_kRSA,
SSL_aRSA,
SSL_SM1,
SSL_SM3,
GMTLS_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
{
1,
GMTLS_TXT_RSA_WITH_SM1_SHA1,
GMTLS_CK_RSA_WITH_SM1_SHA1,
SSL_kRSA,
SSL_aRSA,
SSL_SM1,
SSL_SHA1,
GMTLS_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
{
1,
GMTLS_TXT_SM2DHE_WITH_SMS4_SM3,
GMTLS_CK_SM2DHE_WITH_SMS4_SM3,
SSL_kSM2DHE,
SSL_aSM2,
SSL_SMS4,
SSL_SM3,
GMTLS_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
{
1,
GMTLS_TXT_SM2_WITH_SMS4_SM3,
GMTLS_CK_SM2_WITH_SMS4_SM3,
SSL_kSM2,
SSL_aSM2,
SSL_SMS4,
SSL_SM3,
GMTLS_VERSION, GMTLS_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
{
1,
GMTLS_TXT_SM9DHE_WITH_SMS4_SM3,
GMTLS_CK_SM9DHE_WITH_SMS4_SM3,
SSL_kSM9DHE,
SSL_aSM9,
SSL_SMS4,
SSL_SM3,
GMTLS_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
{
1,
GMTLS_TXT_SM9_WITH_SMS4_SM3,
GMTLS_CK_SM9_WITH_SMS4_SM3,
SSL_kSM9,
SSL_aSM9,
SSL_SMS4,
SSL_SM3,
GMTLS_VERSION, GMTLS_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
{
1,
GMTLS_TXT_RSA_WITH_SMS4_SM3,
GMTLS_CK_RSA_WITH_SMS4_SM3,
SSL_kRSA,
SSL_aRSA,
SSL_SMS4,
SSL_SM3,
GMTLS_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
{
1,
GMTLS_TXT_RSA_WITH_SMS4_SHA1,
GMTLS_CK_RSA_WITH_SMS4_SHA1,
SSL_kRSA,
SSL_aRSA,
SSL_SMS4,
SSL_SHA1,
GMTLS_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* ECDHE-SM2-[SM1|SMS4|SSF33]-[SM3|SHA256] */
{
1,
GMTLS_TXT_ECDHE_SM2_WITH_SM1_SM3,
GMTLS_CK_ECDHE_SM2_WITH_SM1_SM3,
SSL_kECDHE,
SSL_aSM2,
SSL_SM1,
SSL_SM3,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
{
1,
GMTLS_TXT_ECDHE_SM2_WITH_SMS4_SM3,
GMTLS_CK_ECDHE_SM2_WITH_SMS4_SM3,
SSL_kECDHE,
SSL_aSM2,
SSL_SMS4,
SSL_SM3,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
{
1,
GMTLS_TXT_ECDHE_SM2_WITH_SSF33_SM3,
GMTLS_CK_ECDHE_SM2_WITH_SSF33_SM3,
SSL_kECDHE,
SSL_aSM2,
SSL_SSF33,
SSL_SM3,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
{
1,
GMTLS_TXT_ECDHE_SM2_WITH_SM1_SHA256,
GMTLS_CK_ECDHE_SM2_WITH_SM1_SHA256,
SSL_kECDHE,
SSL_aSM2,
SSL_SM1,
SSL_SHA256,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
{
1,
GMTLS_TXT_ECDHE_SM2_WITH_SMS4_SHA256,
GMTLS_CK_ECDHE_SM2_WITH_SMS4_SHA256,
SSL_kECDHE,
SSL_aSM2,
SSL_SMS4,
SSL_SHA256,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
{
1,
GMTLS_TXT_ECDHE_SM2_WITH_SSF33_SHA256,
GMTLS_CK_ECDHE_SM2_WITH_SSF33_SHA256,
SSL_kECDHE,
SSL_aSM2,
SSL_SSF33,
SSL_SHA256,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
#endif /* OPENSSL_NO_GMTLS */
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
@@ -2734,6 +3016,7 @@ void ssl_sort_cipher_list(void)
cipher_compare);
}
#ifndef OPENSSL_NO_SSL3_METHOD
const SSL3_ENC_METHOD SSLv3_enc_data = {
ssl3_enc,
n_ssl3_mac,
@@ -2741,7 +3024,7 @@ const SSL3_ENC_METHOD SSLv3_enc_data = {
ssl3_generate_master_secret,
ssl3_change_cipher_state,
ssl3_final_finish_mac,
MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
16+20,//MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
SSL3_MD_CLIENT_FINISHED_CONST, 4,
SSL3_MD_SERVER_FINISHED_CONST, 4,
ssl3_alert_code,
@@ -2753,6 +3036,7 @@ const SSL3_ENC_METHOD SSLv3_enc_data = {
ssl3_set_handshake_header,
ssl3_handshake_write
};
#endif
long ssl3_default_timeout(void)
{
@@ -4074,6 +4358,10 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey)
pctx = EVP_PKEY_CTX_new(privkey, NULL);
#ifndef OPENSSL_NO_GMTLS
// if the cipher is kSM2DHE, we need to ctrl
#endif
if (EVP_PKEY_derive_init(pctx) <= 0
|| EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
|| EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {

21
ssl/ssl_asn1.c
View File

@@ -64,6 +64,9 @@ typedef struct {
ASN1_OCTET_STRING *srp_username;
#endif
long flags;
#ifndef OPENSSL_NO_GMTLS_METHOD
X509 *peer_extra;
#endif
} SSL_SESSION_ASN1;
ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
@@ -89,7 +92,10 @@ ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
#ifndef OPENSSL_NO_SRP
ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12),
#endif
ASN1_EXP_OPT(SSL_SESSION_ASN1, flags, ZLONG, 13)
ASN1_EXP_OPT(SSL_SESSION_ASN1, flags, ZLONG, 13),
#ifndef OPENSSL_NO_GMTLS_METHOD
ASN1_EXP_OPT(SSL_SESSION_ASN1, peer_extra, X509, 14)
#endif
} static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
@@ -201,6 +207,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
as.flags = in->flags;
#ifndef OPENSSL_NO_GMTLS_METHOD
as.peer_extra = in->peer_extra;
#endif
return i2d_SSL_SESSION_ASN1(&as, pp);
}
@@ -265,6 +275,9 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
}
if ((as->ssl_version >> 8) != SSL3_VERSION_MAJOR
#ifndef OPENSSL_NO_GMTLS_METHOD
&& as->ssl_version != GMTLS_VERSION
#endif
&& (as->ssl_version >> 8) != DTLS1_VERSION_MAJOR
&& as->ssl_version != DTLS1_BAD_VER) {
SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
@@ -352,6 +365,12 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
/* Flags defaults to zero which is fine */
ret->flags = as->flags;
#ifndef OPENSSL_NO_GMTLS_METHOD
X509_free(ret->peer_extra);
ret->peer_extra = as->peer_extra;
as->peer_extra = NULL;
#endif
M_ASN1_free_of(as, SSL_SESSION_ASN1);
if ((a != NULL) && (*a == NULL))

69
ssl/ssl_cert.c
View File

@@ -742,7 +742,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
/* Add a certificate to a BUF_MEM structure */
static int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
{
int n;
unsigned char *p;
@@ -765,6 +765,45 @@ static int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
return 1;
}
/* 输出双证书及CA证书链 */
/*
static int ssl_add_sm2_certs(SSL *s, unsigned long *l)
{
BUF_MEM *buf = s->init_buf;
CERT_PKEY *sign_cpk = &s->cert->pkeys[SSL_PKEY_SM2_SIGN];
CERT_PKEY *enc_cpk = &s->cert->pkeys[SSL_PKEY_SM2_ENC];
STACK_OF(X509) *extra_certs;
int i;
if (!BUF_MEM_grow_clean(buf, 10)) {
fprintf(stderr, "-----<error> %s() %s %d\n", __func__, __FILE__, __LINE__);
return 0;
}
if (sign_cpk->chain)
extra_certs = sign_cpk->chain;
else
extra_certs = s->ctx->extra_certs;
if (!ssl_add_cert_to_buf(buf, l, sign_cpk->x509)) {
fprintf(stderr, "-----<error> %s() %s %d\n", __func__, __FILE__, __LINE__);
return 0;
}
if (!ssl_add_cert_to_buf(buf, l, enc_cpk->x509)) {
fprintf(stderr, "-----<error> %s() %s %d\n", __func__, __FILE__, __LINE__);
return 0;
}
for (i = 0; i < sk_X509_num(extra_certs); i++) {
if (!ssl_add_cert_to_buf(buf, 1, sk_X509_value(extra_certs, i))) {
fprintf(stderr, "-----<error> %s() %s %d\n", __func__, __FILE__, __LINE__);
return 0;
}
}
return 1;
}
*/
/* Add certificate chain to internal SSL BUF_MEM structure */
int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l)
{
@@ -836,9 +875,23 @@ int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l)
return 0;
}
chain_count = sk_X509_num(chain);
for (i = 0; i < chain_count; i++) {
/* output the first certificate, for GMTLS it is sign cert */
if (chain_count) {
x = sk_X509_value(chain, 0);
if (!ssl_add_cert_to_buf(buf, l, x)) {
return 0;
}
}
if (s->version == GMTLS_VERSION) {
/* 我们还应该检查cpk的类型 */
x = s->cert->pkeys[SSL_PKEY_SM2_ENC].x509;
if (!ssl_add_cert_to_buf(buf, l, x)) {
return 0;
}
}
/* add the following chain */
for (i = 1; i < chain_count; i++) {
x = sk_X509_value(chain, i);
if (!ssl_add_cert_to_buf(buf, l, x)) {
X509_STORE_CTX_free(xs_ctx);
return 0;
@@ -1041,12 +1094,20 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
if (level >= 2 && c->algorithm_enc == SSL_RC4)
return 0;
/* Level 3: forward secure ciphersuites only */
if (level >= 3 && !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)))
if (level >= 3 && !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH
#ifndef OPENSSL_NO_GMTLS
| SSL_kSM2DHE | SSL_kSM9DHE
#endif
)))
return 0;
break;
}
case SSL_SECOP_VERSION:
if (!SSL_IS_DTLS(s)) {
#ifndef OPENSSL_NO_GMTLS_METHOD
if (nid == GMTLS_VERSION && level >= 3)
return 0;
#endif
/* SSLv3 not allowed at level 2 */
if (nid <= SSL3_VERSION && level >= 2)
return 0;

95
ssl/ssl_ciph.c
View File

@@ -77,7 +77,6 @@
#define SSL_ENC_SSF33_IDX 26
#define SSL_ENC_NUM_IDX 27
/* NB: make sure indices in these tables match values above */
typedef struct {
@@ -117,8 +116,9 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
};
static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
#define SSL_COMP_NULL_IDX 0
@@ -172,18 +172,23 @@ static const ssl_cipher_table ssl_cipher_table_kx[] = {
{SSL_kSRP, NID_kx_srp},
{SSL_kGOST, NID_kx_gost},
{SSL_kSM2, NID_kx_sm2},
{SSL_kSM2DHE, NID_kx_sm2dhe},
{SSL_kSM2PSK, NID_kx_sm2_psk},
{SSL_kSM9, NID_kx_sm9},
{SSL_kSM9DHE, NID_kx_sm9dhe},
};
static const ssl_cipher_table ssl_cipher_table_auth[] = {
{SSL_aRSA, NID_auth_rsa},
{SSL_aECDSA, NID_auth_ecdsa},
{SSL_aPSK, NID_auth_psk},
{SSL_aDSS, NID_auth_dss},
{SSL_aGOST01, NID_auth_gost01},
{SSL_aGOST12, NID_auth_gost12},
{SSL_aSRP, NID_auth_srp},
{SSL_aNULL, NID_auth_null},
{SSL_aSM2, NID_auth_sm2},
{SSL_aRSA, NID_auth_rsa},
{SSL_aECDSA, NID_auth_ecdsa},
{SSL_aPSK, NID_auth_psk},
{SSL_aDSS, NID_auth_dss},
{SSL_aGOST01, NID_auth_gost01},
{SSL_aGOST12, NID_auth_gost12},
{SSL_aSRP, NID_auth_srp},
{SSL_aNULL, NID_auth_null},
{SSL_aSM2, NID_auth_sm2},
{SSL_aSM9, NID_auth_sm9},
};
/* *INDENT-ON* */
@@ -214,8 +219,10 @@ static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
/* GOST2012_512 */
EVP_PKEY_HMAC,
/* SM3 */
EVP_PKEY_HMAC,
#ifndef OPENSSL_NO_GMTLS_METHOD
/* MD5_SHA1, SHA224, SHA512, SM3 */
NID_undef, NID_undef, NID_undef, EVP_PKEY_HMAC
#endif
};
static int ssl_mac_secret_size[SSL_MD_NUM_IDX];
@@ -271,6 +278,11 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_kDHEPSK, 0, SSL_kDHEPSK},
{0, SSL_TXT_kSRP, 0, SSL_kSRP},
{0, SSL_TXT_kGOST, 0, SSL_kGOST},
{0, SSL_TXT_kSM2, 0, SSL_kSM2},
{0, SSL_TXT_kSM2DHE, 0, SSL_kSM2DHE},
{0, SSL_TXT_kSM2PSK, 0, SSL_kSM2PSK},
{0, SSL_TXT_kSM9, 0, SSL_kSM9},
{0, SSL_TXT_kSM9DHE, 0, SSL_kSM9DHE},
/* server authentication aliases */
{0, SSL_TXT_aRSA, 0, 0, SSL_aRSA},
@@ -284,6 +296,8 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_aGOST12, 0, 0, SSL_aGOST12},
{0, SSL_TXT_aGOST, 0, 0, SSL_aGOST01 | SSL_aGOST12},
{0, SSL_TXT_aSRP, 0, 0, SSL_aSRP},
{0, SSL_TXT_aSM2, 0, 0, SSL_aSM2},
{0, SSL_TXT_aSM9, 0, 0, SSL_aSM9},
/* aliases combining key exchange and server authentication */
{0, SSL_TXT_EDH, 0, SSL_kDHE, ~SSL_aNULL},
@@ -296,6 +310,8 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_AECDH, 0, SSL_kECDHE, SSL_aNULL},
{0, SSL_TXT_PSK, 0, SSL_PSK},
{0, SSL_TXT_SRP, 0, SSL_kSRP},
{0, SSL_TXT_SM2, 0, 0, SSL_aSM2},//ciphers SM2 is not correct!
{0, SSL_TXT_SM9, 0, SSL_kSM9|SSL_kSM9DHE, SSL_aSM9},
/* symmetric encryption aliases */
{0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES},
@@ -318,6 +334,7 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256},
{0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA},
{0, SSL_TXT_CHACHA20, 0, 0, 0, SSL_CHACHA20},
{0, SSL_TXT_SMS4, 0, 0, 0, SSL_SMS4 | SSL_SMS4GCM | SSL_SMS4CCM | SSL_SMS4CCM8},
/* MAC aliases */
{0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5},
@@ -328,12 +345,16 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256},
{0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384},
{0, SSL_TXT_GOST12, 0, 0, 0, 0, SSL_GOST12_256},
{0, SSL_TXT_SM3, 0, 0, 0, 0, SSL_SM3},
/* protocol version aliases */
{0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL3_VERSION},
{0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, TLS1_VERSION},
{0, "TLSv1.0", 0, 0, 0, 0, 0, TLS1_VERSION},
{0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, TLS1_2_VERSION},
{0, SSL_TXT_GMTLSV1, 0, 0, 0, 0, 0, GMTLS1_VERSION},
{0, "GMTLSv1.0", 0, 0, 0, 0, 0, GMTLS1_VERSION},
{0, SSL_TXT_GMTLSV1_1, 0, 0, 0, 0, 0, GMTLS1_1_VERSION},
/* strength classes */
{0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
@@ -445,8 +466,8 @@ void ssl_load_ciphers(void)
#ifdef OPENSSL_NO_EC
disabled_mkey_mask |= SSL_kECDHEPSK;
disabled_auth_mask |= SSL_aECDSA;
# ifdef OPENSSL_NO_GMTLS
/* do something */
# ifdef OPENSSL_NO_GMTLS_METHOD
/* do something */
# endif
#endif
#ifdef OPENSSL_NO_PSK
@@ -584,8 +605,9 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
mac_pkey_type = NULL;
} else {
*md = ssl_digest_methods[i];
if (mac_pkey_type != NULL)
if (mac_pkey_type != NULL) {
*mac_pkey_type = ssl_mac_pkey_id[i];
}
if (mac_secret_size != NULL)
*mac_secret_size = ssl_mac_secret_size[i];
}
@@ -645,6 +667,11 @@ const EVP_MD *ssl_handshake_md(SSL *s)
const EVP_MD *ssl_prf_md(SSL *s)
{
#ifndef OPENSSL_NO_GMTLS_METHOD
/* In GM/T 0024, PRF always use SM3 */
if (s->version == GMTLS_VERSION)
return EVP_sm3();
#endif
return ssl_md(ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT);
}
@@ -1553,7 +1580,11 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
const char *ver;
const char *kx, *au, *enc, *mac;
uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
#ifndef OPENSSL_NO_GMTLS
static const char *format = "%-30s %-10s Kx=%-8s Au=%-6s Enc=%-23s Mac=%-4s\n";
#else
static const char *format = "%-23s %s Kx=%-4s Au=%-4s Enc=%-8s Mac=%-4s\n";
#endif
if (buf == NULL) {
len = 128;
@@ -1598,9 +1629,23 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_kGOST:
kx = "GOST";
break;
#ifndef OPENSSL_NO_GMTLS_METHOD
case SSL_kSM2:
kx = "SM2";
break;
case SSL_kSM2DHE:
kx = "SM2DHE";
break;
case SSL_kSM2PSK:
kx = "SM2PSK";
break;
case SSL_kSM9:
kx = "SM9";
break;
case SSL_kSM9DHE:
kx = "SM9DHE";
break;
#endif
default:
kx = "unknown";
}
@@ -1631,9 +1676,14 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case (SSL_aGOST12 | SSL_aGOST01):
au = "GOST12";
break;
#ifndef OPENSSL_NO_GMTLS_METHOD
case SSL_aSM2:
au = "SM2";
break;
case SSL_aSM9:
au = "SM9";
break;
#endif
default:
au = "unknown";
break;
@@ -1698,6 +1748,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_CHACHA20POLY1305:
enc = "CHACHA20/POLY1305(256)";
break;
#ifndef OPENSSL_NO_GMTLS_METHOD
case SSL_SMS4:
enc = "SMS4(128)";
break;
@@ -1719,6 +1770,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_SSF33:
enc = "SSF33(128)";
break;
#endif
default:
enc = "unknown";
break;
@@ -1751,9 +1803,11 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_GOST12_512:
mac = "GOST2012";
break;
#ifndef OPENSSL_NO_GMTLS_METHOD
case SSL_SM3:
mac = "SM3";
break;
#endif
default:
mac = "unknown";
break;
@@ -1958,9 +2012,12 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
return SSL_PKEY_GOST_EC;
else if (alg_a & SSL_aGOST01)
return SSL_PKEY_GOST01;
#ifndef OPENSSL_NO_GMTLS_METHOD
else if (alg_a & SSL_aSM2)
return SSL_PKEY_ECC;
return SSL_PKEY_SM2_SIGN;
else if (alg_a & SSL_aSM9)
return -1;
#endif
return -1;
}

11
ssl/ssl_conf.c
View File

@@ -11,7 +11,6 @@
#include "ssl_locl.h"
#include <openssl/conf.h>
#include <openssl/objects.h>
#include <openssl/dh.h>
/*
* structure holding name tables. This is used for permitted elements in lists
@@ -259,6 +258,7 @@ static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value)
SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2),
SSL_FLAG_TBL_INV("DTLSv1", SSL_OP_NO_DTLSv1),
SSL_FLAG_TBL_INV("DTLSv1.2", SSL_OP_NO_DTLSv1_2)
};
cctx->tbl = ssl_protocol_list;
cctx->ntbl = OSSL_NELEM(ssl_protocol_list);
@@ -282,6 +282,9 @@ static int protocol_from_string(const char *value)
{"TLSv1", TLS1_VERSION},
{"TLSv1.1", TLS1_1_VERSION},
{"TLSv1.2", TLS1_2_VERSION},
#ifndef OPENSSL_NO_GMTLS_VERSION
{"GMTLS", GMTLS_VERSION},
#endif
{"DTLSv1", DTLS1_VERSION},
{"DTLSv1.2", DTLS1_2_VERSION}
};
@@ -526,6 +529,9 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
SSL_CONF_CMD_SWITCH("no_tls1", 0),
SSL_CONF_CMD_SWITCH("no_tls1_1", 0),
SSL_CONF_CMD_SWITCH("no_tls1_2", 0),
#ifndef OPENSSL_NO_GMTLS
SSL_CONF_CMD_SWITCH("no_gmtls", 0),
#endif
SSL_CONF_CMD_SWITCH("bugs", 0),
SSL_CONF_CMD_SWITCH("no_comp", 0),
SSL_CONF_CMD_SWITCH("comp", 0),
@@ -583,6 +589,9 @@ static const ssl_switch_tbl ssl_cmd_switches[] = {
{SSL_OP_NO_TLSv1, 0}, /* no_tls1 */
{SSL_OP_NO_TLSv1_1, 0}, /* no_tls1_1 */
{SSL_OP_NO_TLSv1_2, 0}, /* no_tls1_2 */
#ifndef OPENSSL_NO_GMTLS_METHOD
{SSL_OP_NO_GMTLS, 0}, /* no_gmtls */
#endif
{SSL_OP_ALL, 0}, /* bugs */
{SSL_OP_NO_COMPRESSION, 0}, /* no_comp */
{SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */

66
ssl/ssl_err.c
View File

@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -48,6 +48,57 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE),
"dtls_get_reassembled_message"},
{ERR_FUNC(SSL_F_DTLS_PROCESS_HELLO_VERIFY), "dtls_process_hello_verify"},
{ERR_FUNC(SSL_F_GMTLS_ADD_CERT_CHAIN), "gmtls_add_cert_chain"},
{ERR_FUNC(SSL_F_GMTLS_CONSTRUCT_CKE_RSA), "gmtls_construct_cke_rsa"},
{ERR_FUNC(SSL_F_GMTLS_CONSTRUCT_CKE_SM2), "gmtls_construct_cke_sm2"},
{ERR_FUNC(SSL_F_GMTLS_CONSTRUCT_CKE_SM2DHE),
"gmtls_construct_cke_sm2dhe"},
{ERR_FUNC(SSL_F_GMTLS_CONSTRUCT_CKE_SM9), "gmtls_construct_cke_sm9"},
{ERR_FUNC(SSL_F_GMTLS_CONSTRUCT_CKE_SM9DHE),
"gmtls_construct_cke_sm9dhe"},
{ERR_FUNC(SSL_F_GMTLS_CONSTRUCT_CLIENT_CERTIFICATE),
"gmtls_construct_client_certificate"},
{ERR_FUNC(SSL_F_GMTLS_CONSTRUCT_CLIENT_KEY_EXCHANGE),
"gmtls_construct_client_key_exchange"},
{ERR_FUNC(SSL_F_GMTLS_CONSTRUCT_SERVER_CERTIFICATE),
"gmtls_construct_server_certificate"},
{ERR_FUNC(SSL_F_GMTLS_CONSTRUCT_SERVER_KEY_EXCHANGE),
"gmtls_construct_server_key_exchange"},
{ERR_FUNC(SSL_F_GMTLS_CONSTRUCT_SKE_RSA), "gmtls_construct_ske_rsa"},
{ERR_FUNC(SSL_F_GMTLS_CONSTRUCT_SKE_SM2), "gmtls_construct_ske_sm2"},
{ERR_FUNC(SSL_F_GMTLS_CONSTRUCT_SKE_SM2DHE),
"gmtls_construct_ske_sm2dhe"},
{ERR_FUNC(SSL_F_GMTLS_CONSTRUCT_SKE_SM9), "gmtls_construct_ske_sm9"},
{ERR_FUNC(SSL_F_GMTLS_CONSTRUCT_SM2DHE_PARAMS),
"gmtls_construct_sm2dhe_params"},
{ERR_FUNC(SSL_F_GMTLS_CONSTRUCT_SM9_PARAMS),
"gmtls_construct_sm9_params"},
{ERR_FUNC(SSL_F_GMTLS_NEW_CERT_PACKET), "gmtls_new_cert_packet"},
{ERR_FUNC(SSL_F_GMTLS_OUTPUT_CERT_CHAIN), "gmtls_output_cert_chain"},
{ERR_FUNC(SSL_F_GMTLS_OUTPUT_IBCS_PARAM), "gmtls_output_ibcs_param"},
{ERR_FUNC(SSL_F_GMTLS_PROCESS_CKE_RSA), "gmtls_process_cke_rsa"},
{ERR_FUNC(SSL_F_GMTLS_PROCESS_CKE_SM2), "gmtls_process_cke_sm2"},
{ERR_FUNC(SSL_F_GMTLS_PROCESS_CKE_SM2DHE), "gmtls_process_cke_sm2dhe"},
{ERR_FUNC(SSL_F_GMTLS_PROCESS_CKE_SM9), "gmtls_process_cke_sm9"},
{ERR_FUNC(SSL_F_GMTLS_PROCESS_CKE_SM9DHE), "gmtls_process_cke_sm9dhe"},
{ERR_FUNC(SSL_F_GMTLS_PROCESS_CLIENT_CERTIFICATE),
"gmtls_process_client_certificate"},
{ERR_FUNC(SSL_F_GMTLS_PROCESS_CLIENT_KEY_EXCHANGE),
"gmtls_process_client_key_exchange"},
{ERR_FUNC(SSL_F_GMTLS_PROCESS_KEY_EXCHANGE),
"gmtls_process_key_exchange"},
{ERR_FUNC(SSL_F_GMTLS_PROCESS_SERVER_CERTIFICATE),
"gmtls_process_server_certificate"},
{ERR_FUNC(SSL_F_GMTLS_PROCESS_SERVER_CERTS),
"gmtls_process_server_certs"},
{ERR_FUNC(SSL_F_GMTLS_PROCESS_SERVER_KEY_EXCHANGE),
"gmtls_process_server_key_exchange"},
{ERR_FUNC(SSL_F_GMTLS_PROCESS_SKE_RSA), "gmtls_process_ske_rsa"},
{ERR_FUNC(SSL_F_GMTLS_PROCESS_SKE_SM2), "gmtls_process_ske_sm2"},
{ERR_FUNC(SSL_F_GMTLS_PROCESS_SKE_SM2DHE), "gmtls_process_ske_sm2dhe"},
{ERR_FUNC(SSL_F_GMTLS_PROCESS_SKE_SM9), "gmtls_process_ske_sm9"},
{ERR_FUNC(SSL_F_GMTLS_PROCESS_SM9_PARAMS), "gmtls_process_sm9_params"},
{ERR_FUNC(SSL_F_GMTLS_SM2_DERIVE), "gmtls_sm2_derive"},
{ERR_FUNC(SSL_F_OPENSSL_INIT_SSL), "OPENSSL_init_ssl"},
{ERR_FUNC(SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION),
"ossl_statem_client_read_transition"},
@@ -244,6 +295,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE),
"tls_construct_cke_psk_preamble"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_RSA), "tls_construct_cke_rsa"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_SM2), "tls_construct_cke_sm2"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_SRP), "tls_construct_cke_srp"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE),
"tls_construct_client_certificate"},
@@ -300,6 +352,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
"tls_process_server_certificate"},
{ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_DONE), "tls_process_server_done"},
{ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_HELLO), "tls_process_server_hello"},
{ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE),
"tls_process_server_key_exchange"},
{ERR_FUNC(SSL_F_TLS_PROCESS_SKE_DHE), "tls_process_ske_dhe"},
{ERR_FUNC(SSL_F_TLS_PROCESS_SKE_ECDHE), "tls_process_ske_ecdhe"},
{ERR_FUNC(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE),
@@ -326,6 +380,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_BAD_DH_VALUE), "bad dh value"},
{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH), "bad digest length"},
{ERR_REASON(SSL_R_BAD_ECC_CERT), "bad ecc cert"},
{ERR_REASON(SSL_R_BAD_ECPKPARAMETERS), "bad ecpkparameters"},
{ERR_REASON(SSL_R_BAD_ECPOINT), "bad ecpoint"},
{ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH), "bad handshake length"},
{ERR_REASON(SSL_R_BAD_HELLO_REQUEST), "bad hello request"},
@@ -335,6 +390,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
"bad protocol version number"},
{ERR_REASON(SSL_R_BAD_RSA_ENCRYPT), "bad rsa encrypt"},
{ERR_REASON(SSL_R_BAD_SIGNATURE), "bad signature"},
{ERR_REASON(SSL_R_BAD_SM2_ENCRYPT), "bad sm2 encrypt"},
{ERR_REASON(SSL_R_BAD_SRP_A_LENGTH), "bad srp a length"},
{ERR_REASON(SSL_R_BAD_SRP_PARAMETERS), "bad srp parameters"},
{ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE), "bad srtp mki value"},
@@ -426,6 +482,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK), "inappropriate fallback"},
{ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"},
{ERR_REASON(SSL_R_INCONSISTENT_EXTMS), "inconsistent extms"},
{ERR_REASON(SSL_R_INVALID_CERT_CHAIN), "invalid cert chain"},
{ERR_REASON(SSL_R_INVALID_COMMAND), "invalid command"},
{ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),
"invalid compression algorithm"},
@@ -452,9 +509,12 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),
"missing rsa encrypting cert"},
{ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT), "missing rsa signing cert"},
{ERR_REASON(SSL_R_MISSING_SM2_ENC_CERTIFICATE),
"missing sm2 enc certificate"},
{ERR_REASON(SSL_R_MISSING_SRP_PARAM), "can't find SRP server param"},
{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"},
{ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY), "missing tmp ecdh key"},
{ERR_REASON(SSL_R_NOT_IMPLEMENTED), "not implemented"},
{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"},
{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"},
{ERR_REASON(SSL_R_NO_CERTIFICATE_SET), "no certificate set"},
@@ -496,6 +556,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"},
{ERR_REASON(SSL_R_PSK_NO_CLIENT_CB), "psk no client cb"},
{ERR_REASON(SSL_R_PSK_NO_SERVER_CB), "psk no server cb"},
{ERR_REASON(SSL_R_RANDOM_GENERATOR_ERROR), "random generator error"},
{ERR_REASON(SSL_R_READ_BIO_NOT_SET), "read bio not set"},
{ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED), "read timeout expired"},
{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"},
@@ -569,10 +630,9 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT), "ssl session id conflict"},
{ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),
"ssl session id context too long"},
{ERR_REASON(SSL_R_SSL_SESSION_ID_TOO_LONG),
"ssl session id too long"},
{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),
"ssl session id has bad length"},
{ERR_REASON(SSL_R_SSL_SESSION_ID_TOO_LONG), "ssl session id too long"},
{ERR_REASON(SSL_R_SSL_SESSION_VERSION_MISMATCH),
"ssl session version mismatch"},
{ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),

26
ssl/ssl_init.c
View File

@@ -28,6 +28,15 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"Adding SSL ciphers and digests\n");
#endif
#ifndef OPENSSL_NO_SMS4
EVP_add_cipher(EVP_sms4_cbc());
EVP_add_cipher(EVP_sms4_gcm());
EVP_add_cipher(EVP_sms4_ccm());
#endif
#ifndef OPENSSL_NO_ZUC
EVP_add_cipher(EVP_zuc());
#endif
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
@@ -49,6 +58,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
*/
EVP_add_cipher(EVP_rc2_40_cbc());
#endif
#ifndef OPENSSL_NO_AES
EVP_add_cipher(EVP_aes_128_cbc());
EVP_add_cipher(EVP_aes_192_cbc());
EVP_add_cipher(EVP_aes_256_cbc());
@@ -56,10 +66,15 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
EVP_add_cipher(EVP_aes_256_gcm());
EVP_add_cipher(EVP_aes_128_ccm());
EVP_add_cipher(EVP_aes_256_ccm());
# ifndef OPENSSL_NO_SHA
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
# ifndef OPENSSL_NO_SHA256
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
# endif
# endif
#endif
#ifndef OPENSSL_NO_CAMELLIA
EVP_add_cipher(EVP_camellia_128_cbc());
EVP_add_cipher(EVP_camellia_256_cbc());
@@ -72,18 +87,29 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
EVP_add_cipher(EVP_seed_cbc());
#endif
#ifndef OPENSSL_NO_SM3
EVP_add_digest(EVP_sm3());
#endif
#ifndef OPENSSL_NO_MD5
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5, "ssl3-md5");
# ifndef OPENSSL_NO_SHA
EVP_add_digest(EVP_md5_sha1());
# endif
#endif
#ifndef OPENSSL_NO_SHA
EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
# ifndef OPENSSL_NO_SHA256
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
# endif
# ifndef OPENSSL_NO_SHA512
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
# endif
#endif
#ifndef OPENSSL_NO_COMP
# ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "

76
ssl/ssl_lib.c
View File

@@ -47,7 +47,6 @@
#include <openssl/x509v3.h>
#include <openssl/rand.h>
#include <openssl/ocsp.h>
#include <openssl/dh.h>
#include <openssl/engine.h>
#include <openssl/async.h>
#include <openssl/ct.h>
@@ -2636,6 +2635,9 @@ void ssl_set_masks(SSL *s)
#ifndef OPENSSL_NO_EC
int have_ecc_cert, ecdsa_ok;
X509 *x = NULL;
#endif
#ifndef OPENSSL_NO_GMTLS
int have_sm2_cert, sm2sign_ok;
#endif
if (c == NULL)
return;
@@ -2651,6 +2653,9 @@ void ssl_set_masks(SSL *s)
dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_SIGN;
#ifndef OPENSSL_NO_EC
have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
#endif
#ifndef OPENSSL_NO_GMTLS
have_sm2_cert = pvalid[SSL_PKEY_SM2_SIGN] & CERT_PKEY_VALID;
#endif
mask_k = 0;
mask_a = 0;
@@ -2711,10 +2716,28 @@ void ssl_set_masks(SSL *s)
mask_a |= SSL_aECDSA;
}
#endif
#ifndef OPENSSL_NO_GMTLS_METHOD
if (have_sm2_cert) {
uint32_t ex_kusage;
cpk = &c->pkeys[SSL_PKEY_SM2_SIGN];
x = cpk->x509;
OPENSSL_assert(x);
ex_kusage = X509_get_key_usage(x); //
sm2sign_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
if (!(pvalid[SSL_PKEY_SM2_SIGN] & CERT_PKEY_SIGN))
sm2sign_ok = 0;
if (sm2sign_ok)
mask_a |= SSL_aSM2;
}
#endif
#ifndef OPENSSL_NO_EC
mask_k |= SSL_kECDHE;
#endif
#ifndef OPENSSL_NO_GMTLS
mask_k |= SSL_kSM2;
mask_k |= SSL_kSM2DHE;
#endif
#ifndef OPENSSL_NO_PSK
mask_k |= SSL_kPSK;
@@ -2725,6 +2748,10 @@ void ssl_set_masks(SSL *s)
mask_k |= SSL_kDHEPSK;
if (mask_k & SSL_kECDHE)
mask_k |= SSL_kECDHEPSK;
# ifndef OPENSSL_NO_GMTLS_METHOD
if (mask_k & SSL_kSM2DHE)
mask_k |= SSL_kSM2PSK;
# endif
#endif
s->s3->tmp.mask_k = mask_k;
@@ -2743,6 +2770,18 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
return 0;
}
}
# ifndef OPENSSL_NO_GMTLS
# if 0
if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSM2) {
/* key usage, if present, must allow signing */
if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
SSL_R_ECC_CERT_NOT_FOR_SIGNING);
return 0;
}
}
# endif
# endif
return 1; /* all checks are ok */
}
@@ -2789,6 +2828,32 @@ CERT_PKEY *ssl_get_server_send_pkey(SSL *s)
return &c->pkeys[i];
}
#ifndef OPENSSL_NO_GMTLS_METHOD
CERT_PKEY *ssl_get_server_send_pkey_ex(SSL *s)
{
CERT *c;
int i;
c = s->cert;
if (!s->s3 || !s->s3->tmp.new_cipher)
return NULL;
ssl_set_masks(s);
i = ssl_get_server_cert_index(s);
/* This may or may not be an error. */
if (i < 0)
return NULL;
if (i == SSL_PKEY_SM2_SIGN) {
i = SSL_PKEY_SM2_ENC;
}
/* May be NULL. */
return &c->pkeys[i];
}
#endif
EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher,
const EVP_MD **pmd)
{
@@ -2809,6 +2874,11 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher,
} else if ((alg_a & SSL_aECDSA) &&
(c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
idx = SSL_PKEY_ECC;
#ifndef OPENSSL_NO_GMTLS_METHOD
else if ((alg_a & SSL_aSM2) &&
(c->pkeys[SSL_PKEY_SM2_SIGN].privatekey != NULL))
idx = SSL_PKEY_SM2_SIGN;
#endif
if (idx == -1) {
SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR);
return (NULL);
@@ -3086,6 +3156,10 @@ const char *ssl_protocol_to_string(int version)
return "DTLSv1";
else if (version == DTLS1_2_VERSION)
return "DTLSv1.2";
#ifndef OPENSSL_NO_GMTLS_METHOD
else if (version == GMTLS_VERSION)
return "GMTLSv1.1";
#endif
else
return ("unknown");
}

170
ssl/ssl_locl.h
View File

@@ -55,8 +55,15 @@
# include <openssl/comp.h>
# include <openssl/bio.h>
# include <openssl/stack.h>
# include <openssl/rsa.h>
# include <openssl/dsa.h>
# ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
# endif
# ifndef OPENSSL_NO_DSA
# include <openssl/dsa.h>
# endif
# ifndef OPENSSL_NO_SM9
# include <openssl/sm9.h>
# endif
# include <openssl/err.h>
# include <openssl/ssl.h>
# include <openssl/async.h>
@@ -223,8 +230,14 @@
# define SSL_kRSAPSK 0x00000040U
# define SSL_kECDHEPSK 0x00000080U
# define SSL_kDHEPSK 0x00000100U
# define SSL_kSM2 0x00000200U
# define SSL_kSM2PSK 0x00000400U
# ifndef OPENSSL_NO_GMTLS_METHOD
# define SSL_kSM2 0x00000200U
# define SSL_kSM2DHE 0x00000400U
# define SSL_kSM2PSK 0x00000800U
# define SSL_kSM9 0x00001000U
# define SSL_kSM9DHE 0x00002000U
# endif
/* all PSK */
@@ -247,8 +260,11 @@
# define SSL_aSRP 0x00000040U
/* GOST R 34.10-2012 signature auth */
# define SSL_aGOST12 0x00000080U
# ifndef OPENSSL_NO_GMTLS_METHOD
/* SM2 */
# define SSL_aSM2 0x00000100U
# define SSL_aSM2 0x00000100U
# define SSL_aSM9 0x00000200U
# endif
/* Bits for algorithm_enc (symmetric encryption) */
# define SSL_DES 0x00000001U
@@ -271,20 +287,24 @@
# define SSL_AES256CCM8 0x00020000U
# define SSL_eGOST2814789CNT12 0x00040000U
# define SSL_CHACHA20POLY1305 0x00080000U
# define SSL_SMS4 0x00100000U
# define SSL_SMS4GCM 0x00200000U
# define SSL_SMS4CCM 0x00400000U
# define SSL_SMS4CCM8 0x00800000U
# define SSL_ZUC 0x01000000U
# define SSL_SM1 0x02000000U
# define SSL_SSF33 0x04000000U
# ifndef OPENSSL_NO_GMTLS_METHOD
# define SSL_SMS4 0x00100000U
# define SSL_SMS4GCM 0x00200000U
# define SSL_SMS4CCM 0x00400000U
# define SSL_SMS4CCM8 0x00800000U
# define SSL_ZUC 0x01000000U
# define SSL_SM1 0x02000000U
# define SSL_SSF33 0x04000000U
# endif
# define SSL_AESGCM (SSL_AES128GCM | SSL_AES256GCM)
# define SSL_AESCCM (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8)
# define SSL_AES (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM)
# define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
# define SSL_CHACHA20 (SSL_CHACHA20POLY1305)
# define SSL_SMS4ALL (SSL_SMS4 | SSL_SMS4GCM | SSL_SMS4CCM | SSL_SMS4CCM8)
# ifndef OPENSSL_NO_GMTLS_METHOD
# define SSL_SMS4ALL (SSL_SMS4 | SSL_SMS4GCM | SSL_SMS4CCM | SSL_SMS4CCM8)
# endif
/* Bits for algorithm_mac (symmetric authentication) */
@@ -299,7 +319,9 @@
# define SSL_GOST12_256 0x00000080U
# define SSL_GOST89MAC12 0x00000100U
# define SSL_GOST12_512 0x00000200U
# define SSL_SM3 0x00000400U
# ifndef OPENSSL_NO_GMTLS_METHOD
# define SSL_SM3 0x00000400U
# endif
/*
* When adding new digest in the ssl_ciph.c and increment SSL_MD_NUM_IDX make
@@ -318,8 +340,12 @@
# define SSL_MD_MD5_SHA1_IDX 9
# define SSL_MD_SHA224_IDX 10
# define SSL_MD_SHA512_IDX 11
# define SSL_MD_SM3_IDX 12
# define SSL_MAX_DIGEST 13
# ifndef OPENSSL_NO_GMTLS_METHOD
# define SSL_MD_SM3_IDX 12
# define SSL_MAX_DIGEST 13
# else
# define SSL_MAX_DIGEST 12
# endif
/* Bits for algorithm2 (handshake digests and other extra flags) */
@@ -331,8 +357,10 @@
# define SSL_HANDSHAKE_MAC_GOST94 SSL_MD_GOST94_IDX
# define SSL_HANDSHAKE_MAC_GOST12_256 SSL_MD_GOST12_256_IDX
# define SSL_HANDSHAKE_MAC_GOST12_512 SSL_MD_GOST12_512_IDX
# define SSL_HANDSHAKE_MAC_SM3 SSL_MD_SM3_IDX
# define SSL_HANDSHAKE_MAC_DEFAULT SSL_HANDSHAKE_MAC_MD5_SHA1
# define SSL_HANDSHAKE_MAC_DEFAULT SSL_HANDSHAKE_MAC_MD5_SHA1
# ifndef OPENSSL_NO_GMTLS_METHOD
# define SSL_HANDSHAKE_MAC_SM3 SSL_MD_SM3_IDX
# endif
/* Bits 8-15 bits are PRF */
# define TLS1_PRF_DGST_SHIFT 8
@@ -342,8 +370,10 @@
# define TLS1_PRF_GOST94 (SSL_MD_GOST94_IDX << TLS1_PRF_DGST_SHIFT)
# define TLS1_PRF_GOST12_256 (SSL_MD_GOST12_256_IDX << TLS1_PRF_DGST_SHIFT)
# define TLS1_PRF_GOST12_512 (SSL_MD_GOST12_512_IDX << TLS1_PRF_DGST_SHIFT)
# define TLS1_PRF_SM3 (SSL_MD_SM3_IDX << TLS1_PRF_DGST_SHIFT)
# define TLS1_PRF (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT)
# ifndef OPENSSL_NO_GMTLS_METHOD
# define TLS1_PRF_SM3 (SSL_MD_SM3_IDX << TLS1_PRF_DGST_SHIFT)
# endif
/*
* Stream MAC for GOST ciphersuites from cryptopro draft (currently this also
@@ -363,6 +393,9 @@
/* we have used 0000003f - 26 bits left to go */
/* Check is an SSL use GMTLSv1.1 */
#define SSL_IS_GMTLS(s) (s->version == GMTLS_VERSION)
/* Check if an SSL structure is using DTLS */
# define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
/* See if we need explicit IV */
@@ -394,6 +427,12 @@
# define SSL_CLIENT_USE_SIGALGS(s) \
SSL_CLIENT_USE_TLS1_2_CIPHERS(s)
# ifndef OPENSSL_NO_GMTLS
# undef SSL_CLIENT_USE_SIGALGS
# define SSL_CLIENT_USE_SIGALGS(s) \
(SSL_CLIENT_USE_TLS1_2_CIPHERS(s) || (s->client_version == GMTLS_VERSION))
# endif
# define SSL_USE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC)
/* Mostly for SSLv3 */
@@ -404,7 +443,15 @@
# define SSL_PKEY_GOST01 4
# define SSL_PKEY_GOST12_256 5
# define SSL_PKEY_GOST12_512 6
# define SSL_PKEY_NUM 7
# ifndef OPENSSL_NO_GMTLS_METHOD
# define SSL_PKEY_SM2_ENC 7
# define SSL_PKEY_SM2_SIGN 8
# define SSL_PKEY_SM9 9
# define SSL_PKEY_NUM 10
# else
# define SSL_PKEY_NUM 7
# endif
/*
* Pseudo-constant. GOST cipher suites can use different certs for 1
* SSL_CIPHER. So let's see which one we have in fact.
@@ -484,6 +531,13 @@ struct ssl_method_st {
long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void));
};
typedef struct cert_sm9_st {
SM9PublicParameters *params;
SM9PrivateKey *privatekey;
SM9PublicKey *publickey;
char *id;
} CERT_SM9;
/*-
* Lets make this into an ASN.1 type structure as follows
* SSL_SESSION_ID ::= SEQUENCE {
@@ -537,6 +591,12 @@ struct ssl_session_st {
int not_resumable;
/* This is the cert and type for the other end. */
X509 *peer;
# ifndef OPENSSL_NO_GMTLS_METHOD
X509 *peer_extra;
char *peer_identity;
CERT_SM9 ibe;
CERT_SM9 ibs;
# endif
int peer_type;
/* Certificate chain peer sent */
STACK_OF(X509) *peer_chain;
@@ -1440,6 +1500,7 @@ typedef struct cert_pkey_st {
unsigned char *serverinfo;
size_t serverinfo_length;
} CERT_PKEY;
/* Retrieve Suite B flags */
# define tls1_suiteb(s) (s->cert->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS)
/* Uses to check strict mode: suite B modes are always strict */
@@ -1494,6 +1555,12 @@ typedef struct cert_st {
/* Flags related to certificates */
uint32_t cert_flags;
CERT_PKEY pkeys[SSL_PKEY_NUM];
# if !defined(OPENSSL_NO_GMTLS_METHOD) && !defined(OPENSSL_NO_SM9)
CERT_SM9 ibe;
CERT_SM9 ibs;
# endif
/*
* Certificate types (received or sent) in certificate request message.
* On receive this is only set if number of certificate types exceeds
@@ -1659,6 +1726,12 @@ __owur const SSL_METHOD *dtls_bad_ver_client_method(void);
__owur const SSL_METHOD *dtlsv1_2_method(void);
__owur const SSL_METHOD *dtlsv1_2_server_method(void);
__owur const SSL_METHOD *dtlsv1_2_client_method(void);
#ifndef OPENSSL_NO_GMTLS_METHOD
__owur const SSL_METHOD *gmtls_method(void);
__owur const SSL_METHOD *gmtls_server_method(void);
__owur const SSL_METHOD *gmtls_client_method(void);
#endif
extern const SSL3_ENC_METHOD TLSv1_enc_data;
extern const SSL3_ENC_METHOD TLSv1_1_enc_data;
@@ -1666,6 +1739,9 @@ extern const SSL3_ENC_METHOD TLSv1_2_enc_data;
extern const SSL3_ENC_METHOD SSLv3_enc_data;
extern const SSL3_ENC_METHOD DTLSv1_enc_data;
extern const SSL3_ENC_METHOD DTLSv1_2_enc_data;
# ifndef OPENSSL_NO_GMTLS_METHOD
extern const SSL3_ENC_METHOD GMTLS_enc_data;
# endif
/*
* Flags for SSL methods
@@ -1673,6 +1749,47 @@ extern const SSL3_ENC_METHOD DTLSv1_2_enc_data;
# define SSL_METHOD_NO_FIPS (1U<<0)
# define SSL_METHOD_NO_SUITEB (1U<<1)
# ifndef OPENSSL_NO_GMTLS_METHOD
# define IMPLEMENT_gmtls_meth_func(flags, mask, func_name, s_accept, \
s_connect, enc_data) \
const SSL_METHOD *func_name(void) \
{ \
static const SSL_METHOD func_name##_data= { \
GMTLS_VERSION, \
flags, \
mask, \
tls1_new, \
tls1_clear, \
tls1_free, \
s_accept, \
s_connect, \
ssl3_read, \
ssl3_peek, \
ssl3_write, \
ssl3_shutdown, \
ssl3_renegotiate, \
ssl3_renegotiate_check, \
ssl3_read_bytes, \
ssl3_write_bytes, \
ssl3_dispatch_alert, \
ssl3_ctrl, \
ssl3_ctx_ctrl, \
ssl3_get_cipher_by_char, \
ssl3_put_cipher_by_char, \
ssl3_pending, \
ssl3_num_ciphers, \
ssl3_get_cipher, \
tls1_default_timeout, \
&enc_data, \
ssl_undefined_void_function, \
ssl3_callback_ctrl, \
ssl3_ctx_callback_ctrl, \
}; \
return &func_name##_data; \
}
# endif /* OPENSSL_NO_GMTLS_METHOD */
# define IMPLEMENT_tls_meth_func(version, flags, mask, func_name, s_accept, \
s_connect, enc_data) \
const SSL_METHOD *func_name(void) \
@@ -1711,6 +1828,15 @@ const SSL_METHOD *func_name(void) \
return &func_name##_data; \
}
# define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect) \
const SSL_METHOD *func_name(void) \
{ \
@@ -1988,6 +2114,9 @@ __owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
int use_context);
__owur int tls1_alert_code(int code);
__owur int ssl3_alert_code(int code);
# ifndef OPENSSL_NO_GMTLS_METHOD
__owur int gmtls_alert_code(int code);
# endif
__owur int ssl_ok(SSL *s);
# ifndef OPENSSL_NO_EC
@@ -2140,4 +2269,5 @@ void ssl_comp_free_compression_methods_int(void);
# define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat
# endif
/*static*/ int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x);
#endif

20
ssl/ssl_rsa.c
View File

@@ -113,6 +113,7 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
}
ret = ssl_set_pkey(ssl->cert, pkey);
EVP_PKEY_free(pkey);
return (ret);
}
@@ -121,12 +122,25 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
{
int i;
i = ssl_cert_type(NULL, pkey);
if (i < 0) {
SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
return (0);
}
/* set private key even without keyUsage in cert */
if (i == SSL_PKEY_SM2_SIGN) {
if (c->pkeys[SSL_PKEY_SM2_ENC].privatekey)
i = SSL_PKEY_SM2_SIGN;
else if (c->pkeys[SSL_PKEY_SM2_SIGN].privatekey)
i = SSL_PKEY_SM2_ENC;
else if (c->pkeys[SSL_PKEY_SM2_ENC].x509)
i = SSL_PKEY_SM2_ENC;
else
i = SSL_PKEY_SM2_SIGN;
}
if (c->pkeys[i].x509 != NULL) {
EVP_PKEY *pktmp;
pktmp = X509_get0_pubkey(c->pkeys[i].x509);
@@ -145,6 +159,8 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
/*
* Don't check the public/private key, this is mostly for smart
* cards.
* SM2和EC也可能是智能卡
*
*/
if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA
&& RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK) ;
@@ -324,6 +340,7 @@ static int ssl_set_cert(CERT *c, X509 *x)
SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
return 0;
}
#ifndef OPENSSL_NO_EC
if (i == SSL_PKEY_ECC && !EC_KEY_can_sign(EVP_PKEY_get0_EC_KEY(pkey))) {
SSLerr(SSL_F_SSL_SET_CERT, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
@@ -331,7 +348,7 @@ static int ssl_set_cert(CERT *c, X509 *x)
}
#endif
if (c->pkeys[i].privatekey != NULL) {
/*
/*
* The return code from EVP_PKEY_copy_parameters is deliberately
* ignored. Some EVP_PKEY types cannot do this.
*/
@@ -449,6 +466,7 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
}
ret = ssl_set_pkey(ctx->cert, pkey);
EVP_PKEY_free(pkey);
return (ret);
}

20
ssl/ssl_sess.c
View File

@@ -153,6 +153,11 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
if (src->peer != NULL)
X509_up_ref(src->peer);
#ifndef OPENSSL_NO_GMTLS_METHOD
if (src->peer_extra != NULL)
X509_up_ref(src->peer_extra);
#endif
if (src->peer_chain != NULL) {
dest->peer_chain = X509_chain_up_ref(src->peer_chain);
if (dest->peer_chain == NULL)
@@ -329,6 +334,11 @@ int ssl_get_new_session(SSL *s, int session)
} else if (s->version == DTLS1_2_VERSION) {
ss->ssl_version = DTLS1_2_VERSION;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
#ifndef OPENSSL_NO_GMTLS_METHOD
} else if (s->version == GMTLS_VERSION) {
ss->ssl_version = GMTLS_VERSION;
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
#endif
} else {
SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
SSL_SESSION_free(ss);
@@ -754,6 +764,9 @@ void SSL_SESSION_free(SSL_SESSION *ss)
OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
X509_free(ss->peer);
#ifndef OPENSSL_NO_GMTLS_METHOD
X509_free(ss->peer_extra);
#endif
sk_X509_pop_free(ss->peer_chain, X509_free);
sk_SSL_CIPHER_free(ss->ciphers);
OPENSSL_free(ss->tlsext_hostname);
@@ -886,6 +899,13 @@ X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
return s->peer;
}
#ifndef OPENSSL_NO_GMTLS_METHOD
X509 *SSL_SESSION_get0_peer_extra(SSL_SESSION *s)
{
return s->peer_extra;
}
#endif
int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
unsigned int sid_ctx_len)
{

28
ssl/ssl_stat.c
View File

@@ -286,6 +286,20 @@ const char *SSL_alert_desc_string(int value)
return "BH";
case TLS1_AD_UNKNOWN_PSK_IDENTITY:
return "UP";
#ifndef OPENSSL_NO_GMTLS_METHOD
case GMTLS_AD_UNSUPPORTED_SITE2SITE:
return "U2";
case GMTLS_AD_NO_AREA:
return "NA";
case GMTLS_AD_UNSUPPORTED_AREATYPE:
return "AT";
case GMTLS_AD_BAD_IBCPARAM:
return "BI";
case GMTLS_AD_UNSUPPORTED_IBCPARAM:
return "UI";
case GMTLS_AD_IDENTITY_NEED:
return "IN";
#endif
default:
return "UK";
}
@@ -356,6 +370,20 @@ const char *SSL_alert_desc_string_long(int value)
return "unknown PSK identity";
case TLS1_AD_NO_APPLICATION_PROTOCOL:
return "no application protocol";
#ifndef OPENSSL_NO_GMTLS_METHOD
case GMTLS_AD_UNSUPPORTED_SITE2SITE:
return "unsupported site2site";
case GMTLS_AD_NO_AREA:
return "no area";
case GMTLS_AD_UNSUPPORTED_AREATYPE:
return "unsupported areatype";
case GMTLS_AD_BAD_IBCPARAM:
return "bad ibc parameters";
case GMTLS_AD_UNSUPPORTED_IBCPARAM:
return "unsupported ibc parameters";
case GMTLS_AD_IDENTITY_NEED:
return "identity need";
#endif
default:
return "unknown";
}

4
ssl/statem/statem.c
View File

@@ -288,6 +288,10 @@ static int state_machine(SSL *s, int server)
SSLerr(SSL_F_STATE_MACHINE, ERR_R_INTERNAL_ERROR);
goto end;
}
#ifndef OPENSSL_NO_GMTLS_METHOD
} else if (s->version == GMTLS_VERSION) {
/* do nothing */
#endif
} else {
if ((s->version >> 8) != SSL3_VERSION_MAJOR) {
SSLerr(SSL_F_STATE_MACHINE, ERR_R_INTERNAL_ERROR);

151
ssl/statem/statem_clnt.c
View File

@@ -54,10 +54,19 @@
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
#include <openssl/dh.h>
#ifndef OPENSSL_NO_MD5
# include <openssl/md5.h>
#endif
#ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
#endif
#include <openssl/bn.h>
#include <openssl/engine.h>
#ifndef OPENSSL_NO_ENGINE
# include <openssl/engine.h>
#endif
#ifndef OPENSSL_NO_GMTLS
# include <openssl/sm2.h>
#endif
static ossl_inline int cert_req_allowed(SSL *s);
static int key_exchange_expected(SSL *s);
@@ -80,6 +89,7 @@ static ossl_inline int cert_req_allowed(SSL *s)
|| (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK)))
return 0;
/* gmtls ciphers always allow req */
return 1;
}
@@ -94,12 +104,17 @@ static int key_exchange_expected(SSL *s)
{
long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
#ifndef OPENSSL_NO_GMTLS_METHOD
if (s->version == GMTLS_VERSION)
return 1;
#endif
/*
* Can't skip server key exchange if this is an ephemeral
* ciphersuite or for SRP
*/
if (alg_k & (SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK
| SSL_kSRP)) {
if (alg_k & (SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK |
SSL_kSM2DHE | SSL_kSM2PSK | SSL_kSRP)) {
return 1;
}
@@ -519,10 +534,16 @@ int ossl_statem_client_construct_message(SSL *s)
return tls_construct_client_hello(s);
case TLS_ST_CW_CERT:
return tls_construct_client_certificate(s);
if (SSL_IS_GMTLS(s))
return gmtls_construct_client_certificate(s);
else
return tls_construct_client_certificate(s);
case TLS_ST_CW_KEY_EXCH:
return tls_construct_client_key_exchange(s);
if (SSL_IS_GMTLS(s))
return gmtls_construct_client_key_exchange(s);
else
return tls_construct_client_key_exchange(s);
case TLS_ST_CW_CERT_VRFY:
return tls_construct_client_verify(s);
@@ -621,13 +642,19 @@ MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt)
return dtls_process_hello_verify(s, pkt);
case TLS_ST_CR_CERT:
return tls_process_server_certificate(s, pkt);
if (SSL_IS_GMTLS(s))
return tls_process_server_certificate(s, pkt);
else
return tls_process_server_certificate(s, pkt);
case TLS_ST_CR_CERT_STATUS:
return tls_process_cert_status(s, pkt);
case TLS_ST_CR_KEY_EXCH:
return tls_process_key_exchange(s, pkt);
if (SSL_IS_GMTLS(s))
return gmtls_process_server_key_exchange(s, pkt);
else
return tls_process_server_key_exchange(s, pkt);
case TLS_ST_CR_CERT_REQ:
return tls_process_certificate_request(s, pkt);
@@ -850,7 +877,7 @@ int tls_construct_client_hello(SSL *s)
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
goto err;
}
if ((p =
if ((s->version != GMTLS_VERSION) && (p =
ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH,
&al)) == NULL) {
ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -1509,6 +1536,11 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
#endif
}
//这个函数实际上就是从packet里面读取曲线参数对方临时公钥
//把这个临时公钥设置到s->s3->peer_tmp (在哪儿处理的?)
//然后再根据认证算法(s->s3->tmp.new_cipher->algorithm_auth 确定对方的签名算法(应该是证书中拿到的)
//最后从s->session->peer中取出对方的签名公钥从pkey参数返回
//这个函数并不去处理签名值而是留给后续处理因此sm2的话不提取任何数据这个函数是无效的
static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
{
#ifndef OPENSSL_NO_EC
@@ -1579,6 +1611,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
return 0;
}
/* parse remote ephem point */
if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp,
PACKET_data(&encoded_pt),
PACKET_remaining(&encoded_pt))) {
@@ -1592,8 +1625,13 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
* ECParameters in the server key exchange message. We do support RSA
* and ECDSA.
*/
// 这里的s->session->peer 应该是在处理证书消息的时候设定的,要看看具体在哪儿
if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA)
*pkey = X509_get0_pubkey(s->session->peer);
#ifndef OPENSSL_NO_GMTLS
else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSM2)
*pkey = X509_get0_pubkey(s->session->peer);
#endif
else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aRSA)
*pkey = X509_get0_pubkey(s->session->peer);
/* else anonymous ECDH, so no certificate or pkey. */
@@ -1606,7 +1644,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
#endif
}
MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
MSG_PROCESS_RETURN tls_process_server_key_exchange(SSL *s, PACKET *pkt)
{
int al = -1;
long alg_k;
@@ -1635,12 +1673,14 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
} else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
if (!tls_process_ske_dhe(s, pkt, &pkey, &al))
goto err;
} else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
} else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK |
SSL_kSM2DHE | SSL_kSM2PSK
)) {
if (!tls_process_ske_ecdhe(s, pkt, &pkey, &al))
goto err;
} else if (alg_k) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
goto err;
}
@@ -1659,7 +1699,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
PACKET_remaining(&save_param_start) -
PACKET_remaining(pkt))) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -1668,7 +1708,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
int rv;
if (!PACKET_get_bytes(pkt, &sigalgs, 2)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
goto err;
}
rv = tls12_check_peer_sigalg(&md, s, sigalgs, pkey);
@@ -1682,22 +1722,31 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
#ifdef SSL_DEBUG
fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
#endif
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_SHA)
} else if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
md = EVP_md5_sha1();
#endif
#ifndef OPENSSL_NO_GMTLS_METHOD
} else if (s->method->version == GMTLS_VERSION
&& s->s3->tmp.new_cipher->algorithm_mac & SSL_SM3) {
md = EVP_sm3();
#endif
#ifndef OPENSSL_NO_SHA
} else {
md = EVP_sha1();
md = EVP_sha1();
#endif
}
if (!PACKET_get_length_prefixed_2(pkt, &signature)
|| PACKET_remaining(pkt) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
goto err;
}
maxsig = EVP_PKEY_size(pkey);
if (maxsig < 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -1707,7 +1756,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
if (PACKET_remaining(&signature) > (size_t)maxsig) {
/* wrong packet length */
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE,
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE,
SSL_R_WRONG_SIGNATURE_LENGTH);
goto err;
}
@@ -1715,20 +1764,45 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
md_ctx = EVP_MD_CTX_new();
if (md_ctx == NULL) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_VerifyInit_ex(md_ctx, md, NULL) <= 0
|| EVP_VerifyUpdate(md_ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0
if (EVP_VerifyInit_ex(md_ctx, md, NULL) <= 0) {
EVP_MD_CTX_free(md_ctx);
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB);
goto err;
}
#ifndef OPENSSL_NO_SM2
if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSM2) {
unsigned char z[EVP_MAX_MD_SIZE];
size_t zlen = sizeof(z);
char *id = SM2_DEFAULT_ID;
if (!SM2_compute_id_digest(md, id, strlen(id), z, &zlen,
EVP_PKEY_get0_EC_KEY(pkey))) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, ERR_R_SM2_LIB);
goto err;
}
if (EVP_VerifyUpdate(md_ctx, z, zlen) <= 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB);
goto err;
}
}
#endif
if (EVP_VerifyUpdate(md_ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_VerifyUpdate(md_ctx, &(s->s3->server_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_VerifyUpdate(md_ctx, PACKET_data(&params),
PACKET_remaining(&params)) <= 0) {
EVP_MD_CTX_free(md_ctx);
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB);
goto err;
}
if (EVP_VerifyFinal(md_ctx, PACKET_data(&signature),
@@ -1736,7 +1810,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
/* bad signature */
EVP_MD_CTX_free(md_ctx);
al = SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
goto err;
}
EVP_MD_CTX_free(md_ctx);
@@ -1748,7 +1822,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
if (ssl3_check_cert_and_algorithm(s)) {
/* Otherwise this shouldn't happen */
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
} else {
al = SSL_AD_DECODE_ERROR;
}
@@ -1757,7 +1831,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
/* still data left over */
if (PACKET_remaining(pkt) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_EXTRA_DATA_IN_MESSAGE);
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, SSL_R_EXTRA_DATA_IN_MESSAGE);
goto err;
}
}
@@ -1968,7 +2042,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
*/
if (!EVP_Digest(s->session->tlsext_tick, ticklen,
s->session->session_id, &s->session->session_id_length,
EVP_sha256(), NULL)) {
EVP_get_digestbynid(NID_sha256), NULL)) {
SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_EVP_LIB);
goto err;
}
@@ -2213,6 +2287,10 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al)
/* Fix buf for TLS and beyond */
if (s->version > SSL3_VERSION)
*p += 2;
#ifndef OPENSSL_NO_GMTLS_METHOD
if (s->version == GMTLS_VERSION)
*p += 2;
#endif
pctx = EVP_PKEY_CTX_new(pkey, NULL);
if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0
|| EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) {
@@ -2231,6 +2309,8 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al)
(*p)[1]++;
if (s->options & SSL_OP_PKCS1_CHECK_2)
tmp_buf[0] = 0x70;
// tmp_buf 没有定义,可能出现了编辑错误!
# endif
/* Fix buf for TLS and beyond */
@@ -2238,6 +2318,12 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al)
s2n(*len, q);
*len += 2;
}
#ifndef OPENSSL_NO_GMTLS_METHOD
if (s->version == GMTLS_VERSION) {
s2n(*len, q);
*len += 2;
}
#endif
s->s3->tmp.pms = pms;
s->s3->tmp.pmslen = pmslen;
@@ -2255,6 +2341,8 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al)
#endif
}
static int tls_construct_cke_dhe(SSL *s, unsigned char **p, int *len, int *al)
{
#ifndef OPENSSL_NO_DH
@@ -2525,7 +2613,8 @@ int tls_construct_client_key_exchange(SSL *s)
} else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
if (!tls_construct_cke_dhe(s, &p, &len, &al))
goto err;
} else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
} else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK | SSL_kSM2DHE |
SSL_kSM2PSK)) {
if (!tls_construct_cke_ecdhe(s, &p, &len, &al))
goto err;
} else if (alg_k & SSL_kGOST) {
@@ -2834,7 +2923,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
#ifndef OPENSSL_NO_EC
idx = s->session->peer_type;
if (idx == SSL_PKEY_ECC) {
if ((idx == SSL_PKEY_ECC) || (idx == SSL_PKEY_SM2_SIGN)) { /* GMTLS */
if (ssl_check_srvr_ecc_cert_and_alg(s->session->peer, s) == 0) {
/* check failed */
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT);
@@ -2842,7 +2931,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
} else {
return 1;
}
} else if (alg_a & SSL_aECDSA) {
} else if ((alg_a & SSL_aECDSA) || (alg_a & SSL_aSM2)) { /* GMTLS */
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
SSL_R_MISSING_ECDSA_SIGNING_CERT);
goto f_err;

136
ssl/statem/statem_gmtls.c
View File

@@ -1 +1,137 @@
/* ====================================================================
* Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <openssl/opensslconf.h>
# include "../ssl_locl.h"
# include "statem_locl.h"
# include "internal/constant_time_locl.h"
# include <openssl/buffer.h>
# include <openssl/rand.h>
# include <openssl/objects.h>
# include <openssl/evp.h>
# include <openssl/hmac.h>
# include <openssl/x509.h>
# include <openssl/x509v3.h>
# include <openssl/bn.h>
# include <openssl/sm2.h>
# include <openssl/crypto.h>
int gmtls_construct_server_certificate(SSL *s)
{
SSLerr(SSL_F_GMTLS_CONSTRUCT_SERVER_CERTIFICATE,
SSL_R_NOT_IMPLEMENTED);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
ossl_statem_set_error(s);
return 0;
}
int gmtls_construct_server_key_exchange(SSL *s)
{
SSLerr(SSL_F_GMTLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
SSL_R_NOT_IMPLEMENTED);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
ossl_statem_set_error(s);
return 0;
}
int gmtls_construct_client_certificate(SSL *s)
{
SSLerr(SSL_F_GMTLS_CONSTRUCT_CLIENT_CERTIFICATE,
SSL_R_NOT_IMPLEMENTED);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
ossl_statem_set_error(s);
return 0;
}
int gmtls_construct_client_key_exchange(SSL *s)
{
SSLerr(SSL_F_GMTLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
SSL_R_NOT_IMPLEMENTED);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
ossl_statem_set_error(s);
return 0;
}
MSG_PROCESS_RETURN gmtls_process_server_certificate(SSL *s, PACKET *pkt)
{
SSLerr(SSL_F_GMTLS_PROCESS_SERVER_CERTIFICATE,
SSL_R_NOT_IMPLEMENTED);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}
MSG_PROCESS_RETURN gmtls_process_server_key_exchange(SSL *s, PACKET *pkt)
{
SSLerr(SSL_F_GMTLS_PROCESS_SERVER_KEY_EXCHANGE,
SSL_R_NOT_IMPLEMENTED);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}
MSG_PROCESS_RETURN gmtls_process_client_certificate(SSL *s, PACKET *pkt)
{
SSLerr(SSL_F_GMTLS_PROCESS_CLIENT_CERTIFICATE,
SSL_R_NOT_IMPLEMENTED);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}
MSG_PROCESS_RETURN gmtls_process_client_key_exchange(SSL *s, PACKET *pkt)
{
SSLerr(SSL_F_GMTLS_PROCESS_CLIENT_KEY_EXCHANGE,
SSL_R_NOT_IMPLEMENTED);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}

47
ssl/statem/statem_lib.c
View File

@@ -22,6 +22,9 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#ifndef OPENSSL_NO_GMTLS
#include <openssl/x509v3.h>
#endif
/*
* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
@@ -528,6 +531,26 @@ int ssl_cert_type(const X509 *x, const EVP_PKEY *pk)
return SSL_PKEY_DSA_SIGN;
#ifndef OPENSSL_NO_EC
case EVP_PKEY_EC:
#ifndef OPENSSL_NO_GMTLS
/*
在use_cert时调用方提供证书因此可以根据keyUsage选择公钥类型
但是use_key时没有证书因此这个函数只能做一个猜测
如果这两者并不一致时,就出现错误了!
*/
if (EC_GROUP_get_curve_name(EC_KEY_get0_group(
(EC_KEY *)EVP_PKEY_get0(pk))) == NID_sm2p256v1) {
if (x) {
if (X509_get_key_usage((X509 *)x) & X509v3_KU_DIGITAL_SIGNATURE) {
return SSL_PKEY_SM2_SIGN;
} else {
return SSL_PKEY_SM2_ENC;
}
} else
{
return SSL_PKEY_SM2_SIGN;
}
}
#endif
return SSL_PKEY_ECC;
#endif
#ifndef OPENSSL_NO_GOST
@@ -639,13 +662,6 @@ typedef struct {
#endif
static const version_info tls_version_table[] = {
/*
#ifndef OPENSSL_NO_GMTLS
{GMTLS_VERSION, gmtls_client_method, gmtls_server_method},
#else
{GMTLS_VERSION, NULL, NULL},
#endif
*/
#ifndef OPENSSL_NO_TLS1_2
{TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method},
#else
@@ -665,6 +681,11 @@ static const version_info tls_version_table[] = {
{SSL3_VERSION, sslv3_client_method, sslv3_server_method},
#else
{SSL3_VERSION, NULL, NULL},
#endif
#ifndef OPENSSL_NO_GMTLS
{GMTLS_VERSION, gmtls_client_method, gmtls_server_method},
#else
{GMTLS_VERSION, NULL, NULL},
#endif
{0, NULL, NULL},
};
@@ -674,13 +695,6 @@ static const version_info tls_version_table[] = {
#endif
static const version_info dtls_version_table[] = {
/*
#ifndef OPENSSL_NO_GMTLS
{GMTLS_VERSION, gmdtls_client_method, gmdtls_server_method},
#else
{GMTLS_VERSION, NULL, NULL},
#endif
*/
#ifndef OPENSSL_NO_DTLS1_2
{DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method},
#else
@@ -849,7 +863,12 @@ int ssl_set_version_bound(int method_version, int version, int *bound)
return 0;
case TLS_ANY_VERSION:
#ifndef OPENSSL_NO_GMTLS_METHOD
if ((version < SSL3_VERSION || version > TLS_MAX_VERSION)
&& (version != GMTLS_VERSION))
#else
if (version < SSL3_VERSION || version > TLS_MAX_VERSION)
#endif
return 0;
break;

13
ssl/statem/statem_locl.h
View File

@@ -96,7 +96,7 @@ __owur int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
__owur int tls_construct_client_key_exchange(SSL *s);
__owur int tls_client_key_exchange_post_work(SSL *s);
__owur int tls_construct_cert_status(SSL *s);
__owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_server_key_exchange(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt);
__owur int ssl3_check_cert_and_algorithm(SSL *s);
#ifndef OPENSSL_NO_NEXTPROTONEG
@@ -122,3 +122,14 @@ __owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt);
#endif
__owur int tls_construct_new_session_ticket(SSL *s);
#ifndef OPENSSL_NO_GMTLS_METHOD
__owur int gmtls_construct_server_certificate(SSL *s);
__owur int gmtls_construct_server_key_exchange(SSL *s);
__owur int gmtls_construct_client_certificate(SSL *s);
__owur int gmtls_construct_client_key_exchange(SSL *s);
__owur MSG_PROCESS_RETURN gmtls_process_server_certificate(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN gmtls_process_server_key_exchange(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN gmtls_process_client_certificate(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN gmtls_process_client_key_exchange(SSL *s, PACKET *pkt);
#endif

105
ssl/statem/statem_srvr.c
View File

@@ -57,9 +57,10 @@
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/x509.h>
#include <openssl/dh.h>
#include <openssl/bn.h>
#include <openssl/md5.h>
#ifndef OPENSSL_NO_GMTLS
# include <openssl/sm2.h>
#endif
static STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,
PACKET *cipher_suites,
@@ -229,6 +230,11 @@ static int send_server_key_exchange(SSL *s)
{
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
#ifndef OPENSSL_NO_GMTLS_METHOD
if (s->method->version == GMTLS_VERSION)
return 1;
#endif
/*
* only send a ServerKeyExchange if DH or fortezza but we have a
* sign only certificate PSK: may send PSK identity hints For
@@ -237,7 +243,7 @@ static int send_server_key_exchange(SSL *s)
* the server certificate contains the server's public key for
* key exchange.
*/
if (alg_k & (SSL_kDHE | SSL_kECDHE)
if (alg_k & (SSL_kDHE | SSL_kECDHE | SSL_kSM2DHE)
/*
* PSK: send ServerKeyExchange if PSK identity hint if
* provided
@@ -247,7 +253,7 @@ static int send_server_key_exchange(SSL *s)
|| ((alg_k & (SSL_kPSK | SSL_kRSAPSK))
&& s->cert->psk_identity_hint)
/* For other PSK always send SKE */
|| (alg_k & (SSL_PSK & (SSL_kDHEPSK | SSL_kECDHEPSK)))
|| (alg_k & (SSL_PSK & (SSL_kDHEPSK | SSL_kECDHEPSK | SSL_kSM2PSK)))
#endif
#ifndef OPENSSL_NO_SRP
/* SRP: send ServerKeyExchange */
@@ -634,10 +640,14 @@ int ossl_statem_server_construct_message(SSL *s)
return tls_construct_server_hello(s);
case TLS_ST_SW_CERT:
return tls_construct_server_certificate(s);
return SSL_IS_GMTLS(s) ?
tls_construct_server_certificate(s)
: tls_construct_server_certificate(s);
case TLS_ST_SW_KEY_EXCH:
return tls_construct_server_key_exchange(s);
return (s->version == GMTLS_VERSION) ?
gmtls_construct_server_key_exchange(s)
: tls_construct_server_key_exchange(s);
case TLS_ST_SW_CERT_REQ:
return tls_construct_certificate_request(s);
@@ -744,10 +754,16 @@ MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt)
return tls_process_client_hello(s, pkt);
case TLS_ST_SR_CERT:
return tls_process_client_certificate(s, pkt);
if (SSL_IS_GMTLS(s))
return tls_process_client_certificate(s, pkt);
else
return tls_process_client_certificate(s, pkt);
case TLS_ST_SR_KEY_EXCH:
return tls_process_client_key_exchange(s, pkt);
if (SSL_IS_GMTLS(s))
return gmtls_process_client_key_exchange(s, pkt);
else
return tls_process_client_key_exchange(s, pkt);
case TLS_ST_SR_CERT_VRFY:
return tls_process_cert_verify(s, pkt);
@@ -958,6 +974,10 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
} else if ((version & 0xff00) == (SSL3_VERSION_MAJOR << 8)) {
/* SSLv3/TLS */
s->client_version = version;
#ifndef OPENSSL_NO_GMTLS_METHOD
} else if (version == GMTLS_VERSION) {
s->client_version = version;
#endif
} else {
/* No idea what protocol this is */
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
@@ -1243,7 +1263,12 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
}
}
#ifndef OPENSSL_NO_GMTLS_METHOD
if (!s->hit && (s->version == GMTLS_VERSION || s->version >= TLS1_VERSION)
&& s->tls_session_secret_cb) {
#else
if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) {
#endif
const SSL_CIPHER *pref_cipher = NULL;
s->session->master_key_length = sizeof(s->session->master_key);
@@ -1414,6 +1439,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
}
s->rwstate = SSL_NOTHING;
}
cipher =
ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
@@ -1426,7 +1452,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
/* check whether we should disable session resumption */
if (s->not_resumable_session_cb != NULL)
s->session->not_resumable = s->not_resumable_session_cb(s,
((cipher->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) != 0));
((cipher->algorithm_mkey & (SSL_kDHE | SSL_kECDHE | SSL_kSM2DHE)) != 0));
if (s->session->not_resumable)
/* do not send a session ticket */
s->tlsext_ticket_expected = 0;
@@ -1572,7 +1598,8 @@ int tls_construct_server_hello(SSL *s)
ossl_statem_set_error(s);
return 0;
}
if ((p =
if ((s->version != GMTLS_VERSION) && (p =
ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH,
&al)) == NULL) {
ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -1629,9 +1656,9 @@ int tls_construct_server_key_exchange(SSL *s)
const BIGNUM *r[4];
int nr[4], kn;
BUF_MEM *buf;
EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
EVP_MD_CTX *md_ctx = NULL;
if (md_ctx == NULL) {
if (!(md_ctx == EVP_MD_CTX_new())) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
@@ -1725,7 +1752,7 @@ int tls_construct_server_key_exchange(SSL *s)
} else
#endif
#ifndef OPENSSL_NO_EC
if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
if (type & (SSL_kECDHE | SSL_kECDHEPSK | SSL_kSM2DHE | SSL_kSM2PSK)) {
int nid;
if (s->s3->tmp.pkey != NULL) {
@@ -1890,7 +1917,7 @@ int tls_construct_server_key_exchange(SSL *s)
}
#ifndef OPENSSL_NO_EC
if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
if (type & (SSL_kECDHE | SSL_kECDHEPSK | SSL_kSM2DHE | SSL_kSM2PSK)) {
/*
* XXX: For now, we only support named (not generic) curves. In
* this situation, the serverKeyExchange message has: [1 byte
@@ -1933,9 +1960,34 @@ int tls_construct_server_key_exchange(SSL *s)
#ifdef SSL_DEBUG
fprintf(stderr, "Using hash %s\n", EVP_MD_name(md));
#endif
if (EVP_SignInit_ex(md_ctx, md, NULL) <= 0
|| EVP_SignUpdate(md_ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0
if (EVP_SignInit_ex(md_ctx, md, NULL) <= 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_LIB_EVP);
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
#ifndef OPENSSL_NO_GMTLS
if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSM2) {
unsigned char z[EVP_MAX_MD_SIZE];
size_t zlen = sizeof(z);
char *id = SM2_DEFAULT_ID;
if (!SM2_compute_id_digest(md, id, strlen(id), z, &zlen,
EVP_PKEY_get0_EC_KEY(pkey))) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_LIB_SM2);
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
if (EVP_SignUpdate(md_ctx, z, zlen) <= 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_LIB_SM2);
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
}
#endif
if (EVP_SignUpdate(md_ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_SignUpdate(md_ctx, &(s->s3->server_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_SignUpdate(md_ctx, d, n) <= 0
@@ -1947,8 +1999,9 @@ int tls_construct_server_key_exchange(SSL *s)
}
s2n(i, p);
n += i + 2;
if (SSL_USE_SIGALGS(s))
if (SSL_USE_SIGALGS(s)) {
n += 2;
}
} else {
/* Is this error check actually needed? */
al = SSL_AD_HANDSHAKE_FAILURE;
@@ -2281,6 +2334,8 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al)
#endif
}
static int tls_process_cke_dhe(SSL *s, PACKET *pkt, int *al)
{
#ifndef OPENSSL_NO_DH
@@ -2367,6 +2422,8 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt, int *al)
unsigned int i;
const unsigned char *data;
/*
* Get client's public key from encoded point in the
* ClientKeyExchange message.
@@ -2585,7 +2642,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
} else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
if (!tls_process_cke_dhe(s, pkt, &al))
goto err;
} else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
} else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK | SSL_kSM2DHE | SSL_kSM2PSK)) {
if (!tls_process_cke_ecdhe(s, pkt, &al))
goto err;
} else if (alg_k & SSL_kSRP) {
@@ -3084,7 +3141,13 @@ int tls_construct_new_session_ticket(SSL *s)
goto err;
iv_len = EVP_CIPHER_CTX_iv_length(ctx);
} else {
const EVP_CIPHER *cipher = EVP_aes_256_cbc();
const EVP_CIPHER *cipher =
#ifndef OPENSSL_NO_AES
EVP_aes_256_cbc();
#else
EVP_sms4_cbc();
#endif
iv_len = EVP_CIPHER_iv_length(cipher);
if (RAND_bytes(iv, iv_len) <= 0)
@@ -3094,7 +3157,7 @@ int tls_construct_new_session_ticket(SSL *s)
goto err;
if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
sizeof(tctx->tlsext_tick_hmac_key),
EVP_sha256(), NULL))
EVP_get_digestbynid(NID_sha256), NULL))
goto err;
memcpy(key_name, tctx->tlsext_tick_key_name,
sizeof(tctx->tlsext_tick_key_name));

62
ssl/t1_enc.c
View File

@@ -692,3 +692,65 @@ int tls1_alert_code(int code)
return (-1);
}
}
int gmtls_alert_code(int code)
{
switch (code) {
case SSL_AD_CLOSE_NOTIFY:
return (SSL3_AD_CLOSE_NOTIFY);
case SSL_AD_UNEXPECTED_MESSAGE:
return (SSL3_AD_UNEXPECTED_MESSAGE);
case SSL_AD_BAD_RECORD_MAC:
return (SSL3_AD_BAD_RECORD_MAC);
case SSL_AD_DECRYPTION_FAILED:
return (TLS1_AD_DECRYPTION_FAILED);
case SSL_AD_RECORD_OVERFLOW:
return (TLS1_AD_RECORD_OVERFLOW);
case SSL_AD_DECOMPRESSION_FAILURE:
return (SSL3_AD_DECOMPRESSION_FAILURE);
case SSL_AD_HANDSHAKE_FAILURE:
return (SSL3_AD_HANDSHAKE_FAILURE);
case SSL_AD_BAD_CERTIFICATE:
return (SSL3_AD_BAD_CERTIFICATE);
case SSL_AD_UNSUPPORTED_CERTIFICATE:
return (SSL3_AD_UNSUPPORTED_CERTIFICATE);
case SSL_AD_CERTIFICATE_REVOKED:
return (SSL3_AD_CERTIFICATE_REVOKED);
case SSL_AD_CERTIFICATE_EXPIRED:
return (SSL3_AD_CERTIFICATE_EXPIRED);
case SSL_AD_CERTIFICATE_UNKNOWN:
return (SSL3_AD_CERTIFICATE_UNKNOWN);
case SSL_AD_ILLEGAL_PARAMETER:
return (SSL3_AD_ILLEGAL_PARAMETER);
case SSL_AD_UNKNOWN_CA:
return (TLS1_AD_UNKNOWN_CA);
case SSL_AD_ACCESS_DENIED:
return (TLS1_AD_ACCESS_DENIED);
case SSL_AD_DECODE_ERROR:
return (TLS1_AD_DECODE_ERROR);
case SSL_AD_DECRYPT_ERROR:
return (TLS1_AD_DECRYPT_ERROR);
case SSL_AD_PROTOCOL_VERSION:
return (TLS1_AD_PROTOCOL_VERSION);
case SSL_AD_INSUFFICIENT_SECURITY:
return (TLS1_AD_INSUFFICIENT_SECURITY);
case SSL_AD_INTERNAL_ERROR:
return (TLS1_AD_INTERNAL_ERROR);
case SSL_AD_USER_CANCELLED:
return (TLS1_AD_USER_CANCELLED);
case SSL_AD_UNSUPPORTED_SITE2SITE:
return (GMTLS_AD_UNSUPPORTED_SITE2SITE);
case SSL_AD_NO_AREA:
return (GMTLS_AD_NO_AREA);
case SSL_AD_UNSUPPORTED_AREATYPE:
return (GMTLS_AD_UNSUPPORTED_AREATYPE);
case SSL_AD_BAD_IBCPARAM:
return (GMTLS_AD_BAD_IBCPARAM);
case SSL_AD_UNSUPPORTED_IBCPARAM:
return (GMTLS_AD_UNSUPPORTED_IBCPARAM);
case SSL_AD_IDENTITY_NEED:
return (GMTLS_AD_IDENTITY_NEED);
default:
return (-1);
}
}

132
ssl/t1_lib.c
View File

@@ -15,7 +15,6 @@
#include <openssl/ocsp.h>
#include <openssl/conf.h>
#include <openssl/x509v3.h>
#include <openssl/dh.h>
#include <openssl/bn.h>
#include "ssl_locl.h"
#include <openssl/ct.h>
@@ -85,6 +84,26 @@ SSL3_ENC_METHOD const TLSv1_2_enc_data = {
ssl3_handshake_write
};
#ifndef OPENSSL_NO_GMTLS_METHOD
SSL3_ENC_METHOD const GMTLS_enc_data = {
tls1_enc,
tls1_mac,
tls1_setup_key_block,
tls1_generate_master_secret,
tls1_change_cipher_state,
tls1_final_finish_mac,
TLS1_FINISH_MAC_LENGTH,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
gmtls_alert_code,
tls1_export_keying_material,
SSL_ENC_FLAG_EXPLICIT_IV,
SSL3_HM_HEADER_LENGTH,
ssl3_set_handshake_header,
ssl3_handshake_write
};
#endif
long tls1_default_timeout(void)
{
/*
@@ -160,6 +179,9 @@ static const tls_curve_info nid_list[] = {
{NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */
{NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */
{NID_X25519, 128, TLS_CURVE_CUSTOM}, /* X25519 (29) */
#ifndef OPENSSL_NO_GMTLS
{NID_sm2p256v1, 128, TLS_CURVE_PRIME}, /* sm2p256v1 (30) */
#endif
};
static const unsigned char ecformats_default[] = {
@@ -170,6 +192,9 @@ static const unsigned char ecformats_default[] = {
/* The default curves */
static const unsigned char eccurves_default[] = {
#ifndef OPENSSL_NO_GMTLS
0, 30, /* sm2p256v1 (30) */
#endif
0, 29, /* X25519 (29) */
0, 23, /* secp256r1 (23) */
0, 25, /* secp521r1 (25) */
@@ -320,6 +345,11 @@ int tls1_shared_curve(SSL *s, int nmatch)
size_t num_pref, num_supp, i, j;
int k;
#ifndef OPENSSL_NO_GMTLS_METHOD
if (s->method->version == GMTLS_VERSION)
return NID_sm2p256v1;
#endif
/* Can't do anything on client side */
if (s->server == 0)
return -1;
@@ -364,7 +394,6 @@ int tls1_shared_curve(SSL *s, int nmatch)
continue;
if (nmatch == k) {
int id = (pref[0] << 8) | pref[1];
return tls1_ec_curve_id2nid(id, NULL);
}
k++;
@@ -408,7 +437,7 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen,
return 1;
}
# define MAX_CURVELIST 28
# define MAX_CURVELIST 30
typedef struct {
size_t nidcnt;
@@ -608,9 +637,9 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
return 0;
if (set_ee_md == 2) {
if (check_md == NID_ecdsa_with_SHA256)
s->s3->tmp.md[SSL_PKEY_ECC] = EVP_sha256();
s->s3->tmp.md[SSL_PKEY_ECC] = EVP_get_digestbynid(NID_sha256);
else
s->s3->tmp.md[SSL_PKEY_ECC] = EVP_sha384();
s->s3->tmp.md[SSL_PKEY_ECC] = EVP_get_digestbynid(NID_sha384);
}
}
return rv;
@@ -693,13 +722,16 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
tlsext_sigalg_ecdsa(md)
static const unsigned char tls12_sigalgs[] = {
#ifndef OPENSSL_NO_GMTLS_METHOD
TLSEXT_hash_sm3, TLSEXT_signature_sm2sign,
#endif
tlsext_sigalg(TLSEXT_hash_sha512)
tlsext_sigalg(TLSEXT_hash_sha384)
tlsext_sigalg(TLSEXT_hash_sha256)
tlsext_sigalg(TLSEXT_hash_sha224)
tlsext_sigalg(TLSEXT_hash_sha1)
tlsext_sigalg(TLSEXT_hash_sha384)
tlsext_sigalg(TLSEXT_hash_sha256)
tlsext_sigalg(TLSEXT_hash_sha224)
tlsext_sigalg(TLSEXT_hash_sha1)
#ifndef OPENSSL_NO_GOST
TLSEXT_hash_gostr3411, TLSEXT_signature_gostr34102001,
TLSEXT_hash_gostr3411, TLSEXT_signature_gostr34102001,
TLSEXT_hash_gostr34112012_256, TLSEXT_signature_gostr34102012_256,
TLSEXT_hash_gostr34112012_512, TLSEXT_signature_gostr34102012_512
#endif
@@ -708,7 +740,7 @@ static const unsigned char tls12_sigalgs[] = {
#ifndef OPENSSL_NO_EC
static const unsigned char suiteb_sigalgs[] = {
tlsext_sigalg_ecdsa(TLSEXT_hash_sha256)
tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
};
#endif
size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
@@ -2724,6 +2756,10 @@ void ssl_set_default_md(SSL *s)
#ifndef OPENSSL_NO_EC
pmd[SSL_PKEY_ECC] = ssl_md(SSL_MD_SHA1_IDX);
#endif
#ifndef OPENSSL_NO_GMTSL
pmd[SSL_PKEY_SM2_SIGN] = ssl_md(SSL_MD_SM3_IDX);
pmd[SSL_PKEY_SM2_ENC] = ssl_md(SSL_MD_SM3_IDX);
#endif
#ifndef OPENSSL_NO_GOST
pmd[SSL_PKEY_GOST01] = ssl_md(SSL_MD_GOST94_IDX);
pmd[SSL_PKEY_GOST12_256] = ssl_md(SSL_MD_GOST12_256_IDX);
@@ -2897,8 +2933,10 @@ int ssl_check_serverhello_tlsext(SSL *s)
int ssl_parse_serverhello_tlsext(SSL *s, PACKET *pkt)
{
int al = -1;
if (s->version < SSL3_VERSION)
return 1;
if (ssl_scan_serverhello_tlsext(s, pkt, &al) <= 0) {
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return 0;
@@ -2967,8 +3005,13 @@ int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext,
* If tickets disabled behave as if no ticket present to permit stateful
* resumption.
*/
#ifndef OPENSSL_NO_GMTLS_METHOD
if ((s->version <= SSL3_VERSION) && (s->version != GMTLS_VERSION))
return 0;
#else
if ((s->version <= SSL3_VERSION))
return 0;
#endif
if (!PACKET_get_net_2(&local_ext, &i)) {
retv = 0;
@@ -3108,6 +3151,12 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
if (rv == 2)
renew_ticket = 1;
} else {
const EVP_CIPHER *cipher;
#ifndef OPENSSL_NO_AES
cipher = EVP_aes_256_cbc();
#else
cipher = EVP_sms4_cbc();
#endif
/* Check key name matches */
if (memcmp(etick, tctx->tlsext_tick_key_name,
sizeof(tctx->tlsext_tick_key_name)) != 0) {
@@ -3116,8 +3165,8 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
}
if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
sizeof(tctx->tlsext_tick_hmac_key),
EVP_sha256(), NULL) <= 0
|| EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
EVP_get_digestbynid(NID_sha256), NULL) <= 0
|| EVP_DecryptInit_ex(ctx, cipher, NULL,
tctx->tlsext_tick_aes_key,
etick + sizeof(tctx->tlsext_tick_key_name)) <=
0) {
@@ -3215,12 +3264,19 @@ static const tls12_lookup tls12_md[] = {
{NID_id_GostR3411_94, TLSEXT_hash_gostr3411},
{NID_id_GostR3411_2012_256, TLSEXT_hash_gostr34112012_256},
{NID_id_GostR3411_2012_512, TLSEXT_hash_gostr34112012_512},
#ifndef OPENSSL_NO_GMTLS_METHOD
{NID_sm3, TLSEXT_hash_sm3},
#endif
};
static const tls12_lookup tls12_sig[] = {
{EVP_PKEY_RSA, TLSEXT_signature_rsa},
{EVP_PKEY_DSA, TLSEXT_signature_dsa},
#ifndef OPENSSL_NO_GMTLS_METHOD
{EVP_PKEY_EC, TLSEXT_signature_sm2sign},
#else
{EVP_PKEY_EC, TLSEXT_signature_ecdsa},
#endif
{NID_id_GostR3410_2001, TLSEXT_signature_gostr34102001},
{NID_id_GostR3410_2012_256, TLSEXT_signature_gostr34102012_256},
{NID_id_GostR3410_2012_512, TLSEXT_signature_gostr34102012_512}
@@ -3257,6 +3313,7 @@ int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md)
sig_id = tls12_get_sigid(pk);
if (sig_id == -1)
return 0;
printf("%s %d: md_id = %d, sig_id = %d\n", __FILE__, __LINE__, md_id, sig_id);
p[0] = (unsigned char)md_id;
p[1] = (unsigned char)sig_id;
return 1;
@@ -3286,6 +3343,9 @@ static const tls12_hash_info tls12_md_info[] = {
TLSEXT_hash_gostr34112012_256},
{NID_id_GostR3411_2012_512, 256, SSL_MD_GOST12_512_IDX,
TLSEXT_hash_gostr34112012_512},
#ifndef OPENSSL_NO_GMTLS_METHOD
{NID_sm3, 128, SSL_MD_SM3_IDX, TLSEXT_hash_sm3},
#endif
};
static const tls12_hash_info *tls12_get_hash_info(unsigned char hash_alg)
@@ -3328,6 +3388,10 @@ static int tls12_get_pkey_idx(unsigned char sig_alg)
case TLSEXT_signature_ecdsa:
return SSL_PKEY_ECC;
#endif
# ifndef OPENSSL_NO_GMTLS_METHOD
case TLSEXT_signature_sm2sign:
return SSL_PKEY_SM2_SIGN;
# endif
#ifndef OPENSSL_NO_GOST
case TLSEXT_signature_gostr34102001:
return SSL_PKEY_GOST01;
@@ -3391,6 +3455,9 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
const unsigned char *sigalgs;
size_t i, sigalgslen;
int have_rsa = 0, have_dsa = 0, have_ecdsa = 0;
#ifndef OPENSSL_NO_GMTLS
int have_sm2sign = 0;
#endif
/*
* Now go through all signature algorithms seeing if we support any for
* RSA, DSA, ECDSA. Do this for all versions not just TLS 1.2. To keep
@@ -3416,6 +3483,13 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
if (!have_ecdsa && tls12_sigalg_allowed(s, op, sigalgs))
have_ecdsa = 1;
break;
#endif
#ifndef OPENSSL_NO_GMTLS
case TLSEXT_signature_sm2sign:
if (!have_sm2sign && tls12_sigalg_allowed(s, op, sigalgs))
have_sm2sign = 1;
break;
// SM9
#endif
}
}
@@ -3425,6 +3499,10 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
*pmask_a |= SSL_aDSS;
if (!have_ecdsa)
*pmask_a |= SSL_aECDSA;
#ifndef OPENSSL_NO_GMTLS
if (!have_sm2sign)
*pmask_a |= SSL_aSM2;
#endif
}
size_t tls12_copy_sigalgs(SSL *s, unsigned char *out,
@@ -3575,17 +3653,22 @@ int tls1_process_sigalgs(SSL *s)
*/
#ifndef OPENSSL_NO_DSA
if (pmd[SSL_PKEY_DSA_SIGN] == NULL)
pmd[SSL_PKEY_DSA_SIGN] = EVP_sha1();
//pmd[SSL_PKEY_DSA_SIGN] = EVP_sha1();
pmd[SSL_PKEY_DSA_SIGN] = EVP_get_digestbynid(NID_sha1);
#endif
#ifndef OPENSSL_NO_RSA
if (pmd[SSL_PKEY_RSA_SIGN] == NULL) {
pmd[SSL_PKEY_RSA_SIGN] = EVP_sha1();
pmd[SSL_PKEY_RSA_ENC] = EVP_sha1();
pmd[SSL_PKEY_RSA_SIGN] = EVP_get_digestbynid(NID_sha1);
pmd[SSL_PKEY_RSA_ENC] = EVP_get_digestbynid(NID_sha1);
}
#endif
#ifndef OPENSSL_NO_EC
if (pmd[SSL_PKEY_ECC] == NULL)
pmd[SSL_PKEY_ECC] = EVP_sha1();
pmd[SSL_PKEY_ECC] = EVP_get_digestbynid(NID_sha1);
#endif
#ifndef OPENSSL_NO_GMTLS
if (pmd[SSL_PKEY_SM2_SIGN] == NULL)
pmd[SSL_PKEY_SM2_SIGN] = EVP_get_digestbynid(NID_sm3);
#endif
#ifndef OPENSSL_NO_GOST
if (pmd[SSL_PKEY_GOST01] == NULL)
@@ -3878,6 +3961,18 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
default_nid = NID_ecdsa_with_SHA1;
break;
#ifndef OPENSSL_NO_GMTLS_METHOD
case SSL_PKEY_SM2_ENC:
rsign = TLSEXT_signature_sm2sign;
default_nid = NID_sm2sign_with_sm3;
break;
#endif
#ifndef OPENSSL_NO_GMTLS
case SSL_PKEY_SM2_SIGN:
rsign = TLSEXT_signature_sm2sign;
default_nid = NID_sm2sign_with_sm3;
break;
#endif
case SSL_PKEY_GOST01:
rsign = TLSEXT_signature_gostr34102001;
default_nid = NID_id_GostR3411_94_with_GostR3410_2001;
@@ -4055,6 +4150,9 @@ void tls1_set_cert_validity(SSL *s)
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST01);
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_256);
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_512);
#ifndef OPENSSL_NO_GMTLS
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_SM2_SIGN);
#endif
}
/* User level utiity function to check a chain is suitable */

105
ssl/t1_trce.c
View File

@@ -61,6 +61,9 @@ static ssl_trace_tbl ssl_version_tbl[] = {
{TLS1_VERSION, "TLS 1.0"},
{TLS1_1_VERSION, "TLS 1.1"},
{TLS1_2_VERSION, "TLS 1.2"},
#ifndef OPENSSL_NO_GMTLS_VERSION
{GMTLS_VERSION, "GMTLS 1.1"},
#endif
{DTLS1_VERSION, "DTLS 1.0"},
{DTLS1_2_VERSION, "DTLS 1.2"},
{DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
@@ -422,8 +425,53 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = {
{0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305"},
{0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305"},
{0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305"},
#ifndef OPENSSL_NO_GMTLS_METHOD
# if 1 /* GM/T 0024 official names */
{0xE001, "GMT_ECDHE_SM1_SM3"},
{0xE003, "GMT_ECC_SM1_SM3"},
{0xE005, "GMT_IBSDH_SM1_SM3"},
{0xE007, "GMT_IBC_SM1_SM3"},
{0xE009, "GMT_RSA_SM1_SM3"},
{0xE00A, "GMT_RSA_SM1_SHA1"},
{0xE011, "GMT_ECDHE_SM4_SM3"},
{0xE013, "GMT_ECC_SM4_SM3"},
{0xE015, "GMT_IBSDH_SM4_SM3"},
{0xE017, "GMT_IBC_SM4_SM3"},
{0xE019, "GMT_RSA_SM4_SM3"},
{0xE01A, "GMT_RSA_SM4_SHA1"},
# else
/* GM/T [SM2DHE|SM2|SM9DHE|SM9|RSA]-WITH-[SM1|SMS4]-[SM3|SHA1] */
{0xE001, "GMTLS_SM2DHE_WITH_SM1_SM3"},
{0xE003, "GMTLS_SM2_WITH_SM1_SM3"},
{0xE005, "GMTLS_SM9DHE_WITH_SM1_SM3"},
{0xE007, "GMTLS_SM9_WITH_SM1_SM3"},
{0xE009, "GMTLS_RSA_WITH_SM1_SM3"},
{0xE00A, "GMTLS_RSA_WITH_SM1_SHA1"},
{0xE011, "GMTLS_SM2DHE_WITH_SMS4_SM3"},
{0xE013, "GMTLS_SM2_WITH_SMS4_SM3"},
{0xE015, "GMTLS_SM9DHE_WITH_SMS4_SM3"},
{0xE017, "GMTLS_SM9_WITH_SMS4_SM3"},
{0xE019, "GMTLS_RSA_WITH_SMS4_SM3"},
{0xE01A, "GMTLS_RSA_WITH_SMS4_SHA1"},
# endif
/* ECDHE-SM2-WITH-[SM1|SMS4|SSF33]-[SM3|SHA256] */
{0xE101, "GMTLS_ECDHE_SM2_WITH_SM1_SM3"},
{0xE102, "GMTLS_ECDHE_SM2_WITH_SMS4_SM3"},
{0xE103, "GMTLS_ECDHE_SM2_WITH_SSF33_SM3"},
{0xE104, "GMTLS_ECDHE_SM2_WITH_SM1_SHA256"},
{0xE105, "GMTLS_ECDHE_SM2_WITH_SMS4_SHA256"},
{0xE106, "GMTLS_ECDHE_SM2_WITH_SSF33_SHA256"},
/* ECDHE-SM2-WITH-SMS4-[GCM|CCM|CCM-8]-[SM3|SHA256] */
{0xE107, "GMTLS_ECDHE_SM2_WITH_SMS4_GCM_SM3"},
{0xE108, "GMTLS_ECDHE_SM2_WITH_SMS4_CCM_SM3"},
{0xE109, "GMTLS_ECDHE_SM2_WITH_SMS4_CCM_8_SM3"},
{0xE10A, "GMTLS_ECDHE_SM2_WITH_SMS4_GCM_SHA256"},
{0xE10B, "GMTLS_ECDHE_SM2_WITH_SMS4_CCM_SHA256"},
{0xE10C, "GMTLS_ECDHE_SM2_WITH_SMS4_CCM_8_SHA256"},
#endif
{0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
{0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
};
/* Compression methods */
@@ -491,6 +539,9 @@ static ssl_trace_tbl ssl_curve_tbl[] = {
{27, "brainpoolP384r1"},
{28, "brainpoolP512r1"},
{29, "ecdh_x25519"},
#ifndef OPENSSL_NO_GMTLS_METHOD
{30, "sm2p256v1"},
#endif
{0xFF01, "arbitrary_explicit_prime_curves"},
{0xFF02, "arbitrary_explicit_char2_curves"}
};
@@ -509,6 +560,9 @@ static ssl_trace_tbl ssl_md_tbl[] = {
{TLSEXT_hash_sha256, "sha256"},
{TLSEXT_hash_sha384, "sha384"},
{TLSEXT_hash_sha512, "sha512"},
#ifndef OPENSSL_NO_GMTLS_METHOD
{TLSEXT_hash_sm3, "sm3"},
#endif
{TLSEXT_hash_gostr3411, "md_gost94"},
{TLSEXT_hash_gostr34112012_256, "md_gost2012_256"},
{TLSEXT_hash_gostr34112012_512, "md_gost2012_512"}
@@ -519,6 +573,9 @@ static ssl_trace_tbl ssl_sig_tbl[] = {
{TLSEXT_signature_rsa, "rsa"},
{TLSEXT_signature_dsa, "dsa"},
{TLSEXT_signature_ecdsa, "ecdsa"},
#ifndef OPENSSL_NO_GMTLS_METHOD
{TLSEXT_signature_sm2sign, "sm2sign"},
#endif
{TLSEXT_signature_gostr34102001, "gost2001"},
{TLSEXT_signature_gostr34102012_256, "gost2012_256"},
{TLSEXT_signature_gostr34102012_512, "gost2012_512"}
@@ -542,6 +599,9 @@ static ssl_trace_tbl ssl_ctype_tbl[] = {
{5, "rsa_ephemeral_dh"},
{6, "dss_ephemeral_dh"},
{20, "fortezza_dms"},
#ifndef OPENSSL_NO_GMTLS_METHOD
{7, "sm2_sign"},
#endif
{64, "ecdsa_sign"},
{65, "rsa_fixed_ecdh"},
{66, "ecdsa_fixed_ecdh"}
@@ -898,6 +958,28 @@ static int ssl_get_keyex(const char **pname, SSL *ssl)
*pname = "GOST";
return SSL_kGOST;
}
#ifndef OPENSSL_NO_GMTLS
if (alg_k & SSL_kSM2) {
*pname = "SM2";
return SSL_kSM2;
}
if (alg_k & SSL_kSM2DHE) {
*pname = "SM2DHE";
return SSL_kSM2DHE;
}
if (alg_k & SSL_kSM2PSK) {
*pname = "SM2PSK";
return SSL_kSM2PSK;
}
if (alg_k & SSL_kSM9) {
*pname = "SM9";
return SSL_kSM9;
}
if (alg_k & SSL_kSM9DHE) {
*pname = "SM9DHE";
return SSL_kSM9DHE;
}
#endif
*pname = "UNKNOWN";
return 0;
}
@@ -941,6 +1023,25 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
return 0;
break;
#ifndef OPENSSL_NO_GMTLS
case SSL_kSM2:
case SSL_kSM9:
if (!ssl_print_hexbuf(bio, indent + 2,
"EncyptedPreMasterSecret", 2, &msg, &msglen))
return 0;
break;
case SSL_kSM2DHE:
case SSL_kSM2PSK:
if (!ssl_print_hexbuf(bio, indent + 2, "sm2_Yc", 1, &msg, &msglen))
return 0;
break;
case SSL_kSM9DHE:
if (!ssl_print_hexbuf(bio, indent + 2, "sm9_Yc", 1, &msg, &msglen))
return 0;
break;
#endif
}
return !msglen;
@@ -982,6 +1083,10 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
# ifndef OPENSSL_NO_EC
case SSL_kECDHE:
case SSL_kECDHEPSK:
# ifndef OPENSSL_NO_GMTLS
case SSL_kSM2DHE:
case SSL_kSM2PSK:
# endif
if (msglen < 1)
return 0;
BIO_indent(bio, indent + 2, 80);