abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-30 17:53:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

first step of v2 final release

Browse Source
This commit is contained in:
Zhi Guan
2017-11-05 21:00:36 +08:00
parent 480b9e8d88
commit 27bde477a5
395 changed files with 26341 additions and 31364 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/statem/statem.c
View File

@@ -288,6 +288,10 @@ static int state_machine(SSL *s, int server)
SSLerr(SSL_F_STATE_MACHINE, ERR_R_INTERNAL_ERROR);
goto end;
}
#ifndef OPENSSL_NO_GMTLS_METHOD
} else if (s->version == GMTLS_VERSION) {
/* do nothing */
#endif
} else {
if ((s->version >> 8) != SSL3_VERSION_MAJOR) {
SSLerr(SSL_F_STATE_MACHINE, ERR_R_INTERNAL_ERROR);

151
ssl/statem/statem_clnt.c
View File

@@ -54,10 +54,19 @@
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
#include <openssl/dh.h>
#ifndef OPENSSL_NO_MD5
# include <openssl/md5.h>
#endif
#ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
#endif
#include <openssl/bn.h>
#include <openssl/engine.h>
#ifndef OPENSSL_NO_ENGINE
# include <openssl/engine.h>
#endif
#ifndef OPENSSL_NO_GMTLS
# include <openssl/sm2.h>
#endif
static ossl_inline int cert_req_allowed(SSL *s);
static int key_exchange_expected(SSL *s);
@@ -80,6 +89,7 @@ static ossl_inline int cert_req_allowed(SSL *s)
|| (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK)))
return 0;
/* gmtls ciphers always allow req */
return 1;
}
@@ -94,12 +104,17 @@ static int key_exchange_expected(SSL *s)
{
long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
#ifndef OPENSSL_NO_GMTLS_METHOD
if (s->version == GMTLS_VERSION)
return 1;
#endif
/*
* Can't skip server key exchange if this is an ephemeral
* ciphersuite or for SRP
*/
if (alg_k & (SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK
| SSL_kSRP)) {
if (alg_k & (SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK |
SSL_kSM2DHE | SSL_kSM2PSK | SSL_kSRP)) {
return 1;
}
@@ -519,10 +534,16 @@ int ossl_statem_client_construct_message(SSL *s)
return tls_construct_client_hello(s);
case TLS_ST_CW_CERT:
return tls_construct_client_certificate(s);
if (SSL_IS_GMTLS(s))
return gmtls_construct_client_certificate(s);
else
return tls_construct_client_certificate(s);
case TLS_ST_CW_KEY_EXCH:
return tls_construct_client_key_exchange(s);
if (SSL_IS_GMTLS(s))
return gmtls_construct_client_key_exchange(s);
else
return tls_construct_client_key_exchange(s);
case TLS_ST_CW_CERT_VRFY:
return tls_construct_client_verify(s);
@@ -621,13 +642,19 @@ MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt)
return dtls_process_hello_verify(s, pkt);
case TLS_ST_CR_CERT:
return tls_process_server_certificate(s, pkt);
if (SSL_IS_GMTLS(s))
return tls_process_server_certificate(s, pkt);
else
return tls_process_server_certificate(s, pkt);
case TLS_ST_CR_CERT_STATUS:
return tls_process_cert_status(s, pkt);
case TLS_ST_CR_KEY_EXCH:
return tls_process_key_exchange(s, pkt);
if (SSL_IS_GMTLS(s))
return gmtls_process_server_key_exchange(s, pkt);
else
return tls_process_server_key_exchange(s, pkt);
case TLS_ST_CR_CERT_REQ:
return tls_process_certificate_request(s, pkt);
@@ -850,7 +877,7 @@ int tls_construct_client_hello(SSL *s)
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
goto err;
}
if ((p =
if ((s->version != GMTLS_VERSION) && (p =
ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH,
&al)) == NULL) {
ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -1509,6 +1536,11 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
#endif
}
//这个函数实际上就是从packet里面读取曲线参数对方临时公钥
//把这个临时公钥设置到s->s3->peer_tmp (在哪儿处理的?)
//然后再根据认证算法(s->s3->tmp.new_cipher->algorithm_auth 确定对方的签名算法(应该是证书中拿到的)
//最后从s->session->peer中取出对方的签名公钥从pkey参数返回
//这个函数并不去处理签名值而是留给后续处理因此sm2的话不提取任何数据这个函数是无效的
static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
{
#ifndef OPENSSL_NO_EC
@@ -1579,6 +1611,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
return 0;
}
/* parse remote ephem point */
if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp,
PACKET_data(&encoded_pt),
PACKET_remaining(&encoded_pt))) {
@@ -1592,8 +1625,13 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
* ECParameters in the server key exchange message. We do support RSA
* and ECDSA.
*/
// 这里的s->session->peer 应该是在处理证书消息的时候设定的,要看看具体在哪儿
if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA)
*pkey = X509_get0_pubkey(s->session->peer);
#ifndef OPENSSL_NO_GMTLS
else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSM2)
*pkey = X509_get0_pubkey(s->session->peer);
#endif
else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aRSA)
*pkey = X509_get0_pubkey(s->session->peer);
/* else anonymous ECDH, so no certificate or pkey. */
@@ -1606,7 +1644,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
#endif
}
MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
MSG_PROCESS_RETURN tls_process_server_key_exchange(SSL *s, PACKET *pkt)
{
int al = -1;
long alg_k;
@@ -1635,12 +1673,14 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
} else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
if (!tls_process_ske_dhe(s, pkt, &pkey, &al))
goto err;
} else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
} else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK |
SSL_kSM2DHE | SSL_kSM2PSK
)) {
if (!tls_process_ske_ecdhe(s, pkt, &pkey, &al))
goto err;
} else if (alg_k) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
goto err;
}
@@ -1659,7 +1699,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
PACKET_remaining(&save_param_start) -
PACKET_remaining(pkt))) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -1668,7 +1708,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
int rv;
if (!PACKET_get_bytes(pkt, &sigalgs, 2)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
goto err;
}
rv = tls12_check_peer_sigalg(&md, s, sigalgs, pkey);
@@ -1682,22 +1722,31 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
#ifdef SSL_DEBUG
fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
#endif
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_SHA)
} else if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
md = EVP_md5_sha1();
#endif
#ifndef OPENSSL_NO_GMTLS_METHOD
} else if (s->method->version == GMTLS_VERSION
&& s->s3->tmp.new_cipher->algorithm_mac & SSL_SM3) {
md = EVP_sm3();
#endif
#ifndef OPENSSL_NO_SHA
} else {
md = EVP_sha1();
md = EVP_sha1();
#endif
}
if (!PACKET_get_length_prefixed_2(pkt, &signature)
|| PACKET_remaining(pkt) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
goto err;
}
maxsig = EVP_PKEY_size(pkey);
if (maxsig < 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -1707,7 +1756,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
if (PACKET_remaining(&signature) > (size_t)maxsig) {
/* wrong packet length */
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE,
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE,
SSL_R_WRONG_SIGNATURE_LENGTH);
goto err;
}
@@ -1715,20 +1764,45 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
md_ctx = EVP_MD_CTX_new();
if (md_ctx == NULL) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_VerifyInit_ex(md_ctx, md, NULL) <= 0
|| EVP_VerifyUpdate(md_ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0
if (EVP_VerifyInit_ex(md_ctx, md, NULL) <= 0) {
EVP_MD_CTX_free(md_ctx);
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB);
goto err;
}
#ifndef OPENSSL_NO_SM2
if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSM2) {
unsigned char z[EVP_MAX_MD_SIZE];
size_t zlen = sizeof(z);
char *id = SM2_DEFAULT_ID;
if (!SM2_compute_id_digest(md, id, strlen(id), z, &zlen,
EVP_PKEY_get0_EC_KEY(pkey))) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, ERR_R_SM2_LIB);
goto err;
}
if (EVP_VerifyUpdate(md_ctx, z, zlen) <= 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB);
goto err;
}
}
#endif
if (EVP_VerifyUpdate(md_ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_VerifyUpdate(md_ctx, &(s->s3->server_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_VerifyUpdate(md_ctx, PACKET_data(&params),
PACKET_remaining(&params)) <= 0) {
EVP_MD_CTX_free(md_ctx);
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB);
goto err;
}
if (EVP_VerifyFinal(md_ctx, PACKET_data(&signature),
@@ -1736,7 +1810,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
/* bad signature */
EVP_MD_CTX_free(md_ctx);
al = SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
goto err;
}
EVP_MD_CTX_free(md_ctx);
@@ -1748,7 +1822,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
if (ssl3_check_cert_and_algorithm(s)) {
/* Otherwise this shouldn't happen */
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
} else {
al = SSL_AD_DECODE_ERROR;
}
@@ -1757,7 +1831,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
/* still data left over */
if (PACKET_remaining(pkt) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_EXTRA_DATA_IN_MESSAGE);
SSLerr(SSL_F_TLS_PROCESS_SERVER_KEY_EXCHANGE, SSL_R_EXTRA_DATA_IN_MESSAGE);
goto err;
}
}
@@ -1968,7 +2042,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
*/
if (!EVP_Digest(s->session->tlsext_tick, ticklen,
s->session->session_id, &s->session->session_id_length,
EVP_sha256(), NULL)) {
EVP_get_digestbynid(NID_sha256), NULL)) {
SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_EVP_LIB);
goto err;
}
@@ -2213,6 +2287,10 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al)
/* Fix buf for TLS and beyond */
if (s->version > SSL3_VERSION)
*p += 2;
#ifndef OPENSSL_NO_GMTLS_METHOD
if (s->version == GMTLS_VERSION)
*p += 2;
#endif
pctx = EVP_PKEY_CTX_new(pkey, NULL);
if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0
|| EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) {
@@ -2231,6 +2309,8 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al)
(*p)[1]++;
if (s->options & SSL_OP_PKCS1_CHECK_2)
tmp_buf[0] = 0x70;
// tmp_buf 没有定义,可能出现了编辑错误!
# endif
/* Fix buf for TLS and beyond */
@@ -2238,6 +2318,12 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al)
s2n(*len, q);
*len += 2;
}
#ifndef OPENSSL_NO_GMTLS_METHOD
if (s->version == GMTLS_VERSION) {
s2n(*len, q);
*len += 2;
}
#endif
s->s3->tmp.pms = pms;
s->s3->tmp.pmslen = pmslen;
@@ -2255,6 +2341,8 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al)
#endif
}
static int tls_construct_cke_dhe(SSL *s, unsigned char **p, int *len, int *al)
{
#ifndef OPENSSL_NO_DH
@@ -2525,7 +2613,8 @@ int tls_construct_client_key_exchange(SSL *s)
} else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
if (!tls_construct_cke_dhe(s, &p, &len, &al))
goto err;
} else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
} else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK | SSL_kSM2DHE |
SSL_kSM2PSK)) {
if (!tls_construct_cke_ecdhe(s, &p, &len, &al))
goto err;
} else if (alg_k & SSL_kGOST) {
@@ -2834,7 +2923,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
#ifndef OPENSSL_NO_EC
idx = s->session->peer_type;
if (idx == SSL_PKEY_ECC) {
if ((idx == SSL_PKEY_ECC) || (idx == SSL_PKEY_SM2_SIGN)) { /* GMTLS */
if (ssl_check_srvr_ecc_cert_and_alg(s->session->peer, s) == 0) {
/* check failed */
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT);
@@ -2842,7 +2931,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
} else {
return 1;
}
} else if (alg_a & SSL_aECDSA) {
} else if ((alg_a & SSL_aECDSA) || (alg_a & SSL_aSM2)) { /* GMTLS */
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
SSL_R_MISSING_ECDSA_SIGNING_CERT);
goto f_err;

136
ssl/statem/statem_gmtls.c
View File

@@ -1 +1,137 @@
/* ====================================================================
* Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <openssl/opensslconf.h>
# include "../ssl_locl.h"
# include "statem_locl.h"
# include "internal/constant_time_locl.h"
# include <openssl/buffer.h>
# include <openssl/rand.h>
# include <openssl/objects.h>
# include <openssl/evp.h>
# include <openssl/hmac.h>
# include <openssl/x509.h>
# include <openssl/x509v3.h>
# include <openssl/bn.h>
# include <openssl/sm2.h>
# include <openssl/crypto.h>
int gmtls_construct_server_certificate(SSL *s)
{
SSLerr(SSL_F_GMTLS_CONSTRUCT_SERVER_CERTIFICATE,
SSL_R_NOT_IMPLEMENTED);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
ossl_statem_set_error(s);
return 0;
}
int gmtls_construct_server_key_exchange(SSL *s)
{
SSLerr(SSL_F_GMTLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
SSL_R_NOT_IMPLEMENTED);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
ossl_statem_set_error(s);
return 0;
}
int gmtls_construct_client_certificate(SSL *s)
{
SSLerr(SSL_F_GMTLS_CONSTRUCT_CLIENT_CERTIFICATE,
SSL_R_NOT_IMPLEMENTED);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
ossl_statem_set_error(s);
return 0;
}
int gmtls_construct_client_key_exchange(SSL *s)
{
SSLerr(SSL_F_GMTLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
SSL_R_NOT_IMPLEMENTED);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
ossl_statem_set_error(s);
return 0;
}
MSG_PROCESS_RETURN gmtls_process_server_certificate(SSL *s, PACKET *pkt)
{
SSLerr(SSL_F_GMTLS_PROCESS_SERVER_CERTIFICATE,
SSL_R_NOT_IMPLEMENTED);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}
MSG_PROCESS_RETURN gmtls_process_server_key_exchange(SSL *s, PACKET *pkt)
{
SSLerr(SSL_F_GMTLS_PROCESS_SERVER_KEY_EXCHANGE,
SSL_R_NOT_IMPLEMENTED);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}
MSG_PROCESS_RETURN gmtls_process_client_certificate(SSL *s, PACKET *pkt)
{
SSLerr(SSL_F_GMTLS_PROCESS_CLIENT_CERTIFICATE,
SSL_R_NOT_IMPLEMENTED);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}
MSG_PROCESS_RETURN gmtls_process_client_key_exchange(SSL *s, PACKET *pkt)
{
SSLerr(SSL_F_GMTLS_PROCESS_CLIENT_KEY_EXCHANGE,
SSL_R_NOT_IMPLEMENTED);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}

47
ssl/statem/statem_lib.c
View File

@@ -22,6 +22,9 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#ifndef OPENSSL_NO_GMTLS
#include <openssl/x509v3.h>
#endif
/*
* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
@@ -528,6 +531,26 @@ int ssl_cert_type(const X509 *x, const EVP_PKEY *pk)
return SSL_PKEY_DSA_SIGN;
#ifndef OPENSSL_NO_EC
case EVP_PKEY_EC:
#ifndef OPENSSL_NO_GMTLS
/*
在use_cert时调用方提供证书因此可以根据keyUsage选择公钥类型
但是use_key时没有证书因此这个函数只能做一个猜测
如果这两者并不一致时,就出现错误了!
*/
if (EC_GROUP_get_curve_name(EC_KEY_get0_group(
(EC_KEY *)EVP_PKEY_get0(pk))) == NID_sm2p256v1) {
if (x) {
if (X509_get_key_usage((X509 *)x) & X509v3_KU_DIGITAL_SIGNATURE) {
return SSL_PKEY_SM2_SIGN;
} else {
return SSL_PKEY_SM2_ENC;
}
} else
{
return SSL_PKEY_SM2_SIGN;
}
}
#endif
return SSL_PKEY_ECC;
#endif
#ifndef OPENSSL_NO_GOST
@@ -639,13 +662,6 @@ typedef struct {
#endif
static const version_info tls_version_table[] = {
/*
#ifndef OPENSSL_NO_GMTLS
{GMTLS_VERSION, gmtls_client_method, gmtls_server_method},
#else
{GMTLS_VERSION, NULL, NULL},
#endif
*/
#ifndef OPENSSL_NO_TLS1_2
{TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method},
#else
@@ -665,6 +681,11 @@ static const version_info tls_version_table[] = {
{SSL3_VERSION, sslv3_client_method, sslv3_server_method},
#else
{SSL3_VERSION, NULL, NULL},
#endif
#ifndef OPENSSL_NO_GMTLS
{GMTLS_VERSION, gmtls_client_method, gmtls_server_method},
#else
{GMTLS_VERSION, NULL, NULL},
#endif
{0, NULL, NULL},
};
@@ -674,13 +695,6 @@ static const version_info tls_version_table[] = {
#endif
static const version_info dtls_version_table[] = {
/*
#ifndef OPENSSL_NO_GMTLS
{GMTLS_VERSION, gmdtls_client_method, gmdtls_server_method},
#else
{GMTLS_VERSION, NULL, NULL},
#endif
*/
#ifndef OPENSSL_NO_DTLS1_2
{DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method},
#else
@@ -849,7 +863,12 @@ int ssl_set_version_bound(int method_version, int version, int *bound)
return 0;
case TLS_ANY_VERSION:
#ifndef OPENSSL_NO_GMTLS_METHOD
if ((version < SSL3_VERSION || version > TLS_MAX_VERSION)
&& (version != GMTLS_VERSION))
#else
if (version < SSL3_VERSION || version > TLS_MAX_VERSION)
#endif
return 0;
break;

13
ssl/statem/statem_locl.h
View File

@@ -96,7 +96,7 @@ __owur int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
__owur int tls_construct_client_key_exchange(SSL *s);
__owur int tls_client_key_exchange_post_work(SSL *s);
__owur int tls_construct_cert_status(SSL *s);
__owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_server_key_exchange(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt);
__owur int ssl3_check_cert_and_algorithm(SSL *s);
#ifndef OPENSSL_NO_NEXTPROTONEG
@@ -122,3 +122,14 @@ __owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt);
#endif
__owur int tls_construct_new_session_ticket(SSL *s);
#ifndef OPENSSL_NO_GMTLS_METHOD
__owur int gmtls_construct_server_certificate(SSL *s);
__owur int gmtls_construct_server_key_exchange(SSL *s);
__owur int gmtls_construct_client_certificate(SSL *s);
__owur int gmtls_construct_client_key_exchange(SSL *s);
__owur MSG_PROCESS_RETURN gmtls_process_server_certificate(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN gmtls_process_server_key_exchange(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN gmtls_process_client_certificate(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN gmtls_process_client_key_exchange(SSL *s, PACKET *pkt);
#endif

105
ssl/statem/statem_srvr.c
View File

@@ -57,9 +57,10 @@
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/x509.h>
#include <openssl/dh.h>
#include <openssl/bn.h>
#include <openssl/md5.h>
#ifndef OPENSSL_NO_GMTLS
# include <openssl/sm2.h>
#endif
static STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,
PACKET *cipher_suites,
@@ -229,6 +230,11 @@ static int send_server_key_exchange(SSL *s)
{
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
#ifndef OPENSSL_NO_GMTLS_METHOD
if (s->method->version == GMTLS_VERSION)
return 1;
#endif
/*
* only send a ServerKeyExchange if DH or fortezza but we have a
* sign only certificate PSK: may send PSK identity hints For
@@ -237,7 +243,7 @@ static int send_server_key_exchange(SSL *s)
* the server certificate contains the server's public key for
* key exchange.
*/
if (alg_k & (SSL_kDHE | SSL_kECDHE)
if (alg_k & (SSL_kDHE | SSL_kECDHE | SSL_kSM2DHE)
/*
* PSK: send ServerKeyExchange if PSK identity hint if
* provided
@@ -247,7 +253,7 @@ static int send_server_key_exchange(SSL *s)
|| ((alg_k & (SSL_kPSK | SSL_kRSAPSK))
&& s->cert->psk_identity_hint)
/* For other PSK always send SKE */
|| (alg_k & (SSL_PSK & (SSL_kDHEPSK | SSL_kECDHEPSK)))
|| (alg_k & (SSL_PSK & (SSL_kDHEPSK | SSL_kECDHEPSK | SSL_kSM2PSK)))
#endif
#ifndef OPENSSL_NO_SRP
/* SRP: send ServerKeyExchange */
@@ -634,10 +640,14 @@ int ossl_statem_server_construct_message(SSL *s)
return tls_construct_server_hello(s);
case TLS_ST_SW_CERT:
return tls_construct_server_certificate(s);
return SSL_IS_GMTLS(s) ?
tls_construct_server_certificate(s)
: tls_construct_server_certificate(s);
case TLS_ST_SW_KEY_EXCH:
return tls_construct_server_key_exchange(s);
return (s->version == GMTLS_VERSION) ?
gmtls_construct_server_key_exchange(s)
: tls_construct_server_key_exchange(s);
case TLS_ST_SW_CERT_REQ:
return tls_construct_certificate_request(s);
@@ -744,10 +754,16 @@ MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt)
return tls_process_client_hello(s, pkt);
case TLS_ST_SR_CERT:
return tls_process_client_certificate(s, pkt);
if (SSL_IS_GMTLS(s))
return tls_process_client_certificate(s, pkt);
else
return tls_process_client_certificate(s, pkt);
case TLS_ST_SR_KEY_EXCH:
return tls_process_client_key_exchange(s, pkt);
if (SSL_IS_GMTLS(s))
return gmtls_process_client_key_exchange(s, pkt);
else
return tls_process_client_key_exchange(s, pkt);
case TLS_ST_SR_CERT_VRFY:
return tls_process_cert_verify(s, pkt);
@@ -958,6 +974,10 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
} else if ((version & 0xff00) == (SSL3_VERSION_MAJOR << 8)) {
/* SSLv3/TLS */
s->client_version = version;
#ifndef OPENSSL_NO_GMTLS_METHOD
} else if (version == GMTLS_VERSION) {
s->client_version = version;
#endif
} else {
/* No idea what protocol this is */
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
@@ -1243,7 +1263,12 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
}
}
#ifndef OPENSSL_NO_GMTLS_METHOD
if (!s->hit && (s->version == GMTLS_VERSION || s->version >= TLS1_VERSION)
&& s->tls_session_secret_cb) {
#else
if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) {
#endif
const SSL_CIPHER *pref_cipher = NULL;
s->session->master_key_length = sizeof(s->session->master_key);
@@ -1414,6 +1439,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
}
s->rwstate = SSL_NOTHING;
}
cipher =
ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
@@ -1426,7 +1452,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
/* check whether we should disable session resumption */
if (s->not_resumable_session_cb != NULL)
s->session->not_resumable = s->not_resumable_session_cb(s,
((cipher->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) != 0));
((cipher->algorithm_mkey & (SSL_kDHE | SSL_kECDHE | SSL_kSM2DHE)) != 0));
if (s->session->not_resumable)
/* do not send a session ticket */
s->tlsext_ticket_expected = 0;
@@ -1572,7 +1598,8 @@ int tls_construct_server_hello(SSL *s)
ossl_statem_set_error(s);
return 0;
}
if ((p =
if ((s->version != GMTLS_VERSION) && (p =
ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH,
&al)) == NULL) {
ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -1629,9 +1656,9 @@ int tls_construct_server_key_exchange(SSL *s)
const BIGNUM *r[4];
int nr[4], kn;
BUF_MEM *buf;
EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
EVP_MD_CTX *md_ctx = NULL;
if (md_ctx == NULL) {
if (!(md_ctx == EVP_MD_CTX_new())) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
@@ -1725,7 +1752,7 @@ int tls_construct_server_key_exchange(SSL *s)
} else
#endif
#ifndef OPENSSL_NO_EC
if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
if (type & (SSL_kECDHE | SSL_kECDHEPSK | SSL_kSM2DHE | SSL_kSM2PSK)) {
int nid;
if (s->s3->tmp.pkey != NULL) {
@@ -1890,7 +1917,7 @@ int tls_construct_server_key_exchange(SSL *s)
}
#ifndef OPENSSL_NO_EC
if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
if (type & (SSL_kECDHE | SSL_kECDHEPSK | SSL_kSM2DHE | SSL_kSM2PSK)) {
/*
* XXX: For now, we only support named (not generic) curves. In
* this situation, the serverKeyExchange message has: [1 byte
@@ -1933,9 +1960,34 @@ int tls_construct_server_key_exchange(SSL *s)
#ifdef SSL_DEBUG
fprintf(stderr, "Using hash %s\n", EVP_MD_name(md));
#endif
if (EVP_SignInit_ex(md_ctx, md, NULL) <= 0
|| EVP_SignUpdate(md_ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0
if (EVP_SignInit_ex(md_ctx, md, NULL) <= 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_LIB_EVP);
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
#ifndef OPENSSL_NO_GMTLS
if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSM2) {
unsigned char z[EVP_MAX_MD_SIZE];
size_t zlen = sizeof(z);
char *id = SM2_DEFAULT_ID;
if (!SM2_compute_id_digest(md, id, strlen(id), z, &zlen,
EVP_PKEY_get0_EC_KEY(pkey))) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_LIB_SM2);
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
if (EVP_SignUpdate(md_ctx, z, zlen) <= 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_LIB_SM2);
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
}
#endif
if (EVP_SignUpdate(md_ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_SignUpdate(md_ctx, &(s->s3->server_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_SignUpdate(md_ctx, d, n) <= 0
@@ -1947,8 +1999,9 @@ int tls_construct_server_key_exchange(SSL *s)
}
s2n(i, p);
n += i + 2;
if (SSL_USE_SIGALGS(s))
if (SSL_USE_SIGALGS(s)) {
n += 2;
}
} else {
/* Is this error check actually needed? */
al = SSL_AD_HANDSHAKE_FAILURE;
@@ -2281,6 +2334,8 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al)
#endif
}
static int tls_process_cke_dhe(SSL *s, PACKET *pkt, int *al)
{
#ifndef OPENSSL_NO_DH
@@ -2367,6 +2422,8 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt, int *al)
unsigned int i;
const unsigned char *data;
/*
* Get client's public key from encoded point in the
* ClientKeyExchange message.
@@ -2585,7 +2642,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
} else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
if (!tls_process_cke_dhe(s, pkt, &al))
goto err;
} else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
} else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK | SSL_kSM2DHE | SSL_kSM2PSK)) {
if (!tls_process_cke_ecdhe(s, pkt, &al))
goto err;
} else if (alg_k & SSL_kSRP) {
@@ -3084,7 +3141,13 @@ int tls_construct_new_session_ticket(SSL *s)
goto err;
iv_len = EVP_CIPHER_CTX_iv_length(ctx);
} else {
const EVP_CIPHER *cipher = EVP_aes_256_cbc();
const EVP_CIPHER *cipher =
#ifndef OPENSSL_NO_AES
EVP_aes_256_cbc();
#else
EVP_sms4_cbc();
#endif
iv_len = EVP_CIPHER_iv_length(cipher);
if (RAND_bytes(iv, iv_len) <= 0)
@@ -3094,7 +3157,7 @@ int tls_construct_new_session_ticket(SSL *s)
goto err;
if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
sizeof(tctx->tlsext_tick_hmac_key),
EVP_sha256(), NULL))
EVP_get_digestbynid(NID_sha256), NULL))
goto err;
memcpy(key_name, tctx->tlsext_tick_key_name,
sizeof(tctx->tlsext_tick_key_name));