abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-23 05:33:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #40 from zsdev2015/master

Browse Source 
TLS.1x标准的SM2双向认证过程发现一些问题 请指正或参考
This commit is contained in:
Zhi Guan
2016-08-22 22:01:08 +02:00
committed by GitHub
parent 09f054b2f2 95c0dba728
commit 29ece9c060
8 changed files with 102 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@@ -41,3 +41,13 @@ make
sudo make install sudo make install
``` ```
在WIN32(MINGW+MSYS)操作系统上通过如下指令实现编译和安装:
(请在MSYS环境解压或Git clone代码否则会因换行符导致出现编译错误)
```
./config
make
make install
```

22
crypto/skf/skf.h
View File

@@ -99,6 +99,28 @@ typedef UINT32 DWORD;
typedef UINT32 FLAGS; typedef UINT32 FLAGS;
typedef CHAR * LPSTR; typedef CHAR * LPSTR;
typedef void * HANDLE; typedef void * HANDLE;
#else
#ifndef _WINDEF_H
typedef signed char INT8;
typedef signed short INT16;
typedef signed int INT32;
typedef unsigned char UINT8;
typedef unsigned short UINT16;
typedef unsigned int UINT32;
typedef long BOOL;
typedef UINT8 BYTE;
typedef UINT8 CHAR;
typedef INT16 SHORT;
typedef UINT16 USHORT;
typedef INT32 LONG;
typedef UINT32 ULONG;
typedef UINT32 UINT;
typedef UINT16 WORD;
typedef UINT32 DWORD;
typedef UINT32 FLAGS;
typedef CHAR * LPSTR;
typedef void * HANDLE;
#endif
#endif #endif
typedef HANDLE DEVHANDLE; typedef HANDLE DEVHANDLE;

7
crypto/x509/x509_d2.c
View File

@@ -86,6 +86,13 @@ int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
const char *path) const char *path)
{ {
X509_LOOKUP *lookup; X509_LOOKUP *lookup;
//Support Go:
//Go调用此函数传递空串时处理异常
if (file && *file == '\0')
file = NULL;
if (path && *path == '\0')
path = NULL;
if (file != NULL) { if (file != NULL) {
lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file()); lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());

6
ssl/s3_clnt.c
View File

@@ -1871,6 +1871,12 @@ int ssl3_get_key_exchange(SSL *s)
pkey = pkey =
X509_get_pubkey(s->session-> X509_get_pubkey(s->session->
sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
# endif
# ifndef NO_GMSSL
else if (alg_a & SSL_aSM2)
pkey =
X509_get_pubkey(s->session->
sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
# endif # endif
/* else anonymous ECDH, so no certificate or pkey. */ /* else anonymous ECDH, so no certificate or pkey. */
EC_KEY_set_public_key(ecdh, srvr_ecpoint); EC_KEY_set_public_key(ecdh, srvr_ecpoint);

68
ssl/s3_lib.c
View File

@@ -163,7 +163,40 @@ const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT;
/* list of available SSLv3 ciphers (sorted by id) */ /* list of available SSLv3 ciphers (sorted by id) */
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
# ifndef NO_GMSSL
/* (GmSSL specific) */
{
1,
GM1_TXT_ECDHE_SM2_SM4_SM3,
GM1_CK_ECDHE_SM2_SM4_SM3,
SSL_kEECDH,
SSL_aSM2,
SSL_SM4,
SSL_SM3,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
/* (GmSSL Specific) */
{
1,
GM1_TXT_SM2_SM4_SM3,
GM1_CK_SM2_SM4_SM3,
SSL_kSM2,
SSL_aSM2,
SSL_SM4,
SSL_SM3,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
}
# endif
#if 0
/* The RSA ciphers */ /* The RSA ciphers */
/* Cipher 01 */ /* Cipher 01 */
{ {
@@ -2890,42 +2923,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
256, 256,
256}, 256},
#endif #endif
#ifndef NO_GMSSL
/* (GmSSL specific) */
{
1,
GM1_TXT_ECDHE_SM2_SM4_SM3,
GM1_CK_ECDHE_SM2_SM4_SM3,
SSL_kEECDH,
SSL_aSM2,
SSL_SM4,
SSL_SM3,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
},
/* (GmSSL Specific) */
{
1,
GM1_TXT_SM2_SM4_SM3,
GM1_CK_SM2_SM4_SM3,
SSL_kSM2,
SSL_aSM2,
SSL_SM4,
SSL_SM3,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
128,
}
#endif #endif
/* end of list */ /* end of list */
}; };

7
ssl/ssl_ciph.c
View File

@@ -2128,7 +2128,12 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
* chosen. * chosen.
*/ */
return SSL_PKEY_ECC; return SSL_PKEY_ECC;
} else if (alg_a & SSL_aECDSA) }
# ifndef NO_GMSSL
else if (alg_a & SSL_aSM2)
return SSL_PKEY_ECC;
# endif
else if (alg_a & SSL_aECDSA)
return SSL_PKEY_ECC; return SSL_PKEY_ECC;
else if (alg_k & SSL_kDHr) else if (alg_k & SSL_kDHr)
return SSL_PKEY_DH_RSA; return SSL_PKEY_DH_RSA;

15
ssl/ssl_lib.c
View File

@@ -2413,6 +2413,12 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
mask_a |= SSL_aECDSA; mask_a |= SSL_aECDSA;
emask_a |= SSL_aECDSA; emask_a |= SSL_aECDSA;
} }
# endif
# ifndef NO_GMSSL
mask_a |= SSL_aSM2;
emask_a |= SSL_aSM2;
mask_k |= SSL_kSM2;
emask_k |= SSL_kSM2;
# endif # endif
} }
#endif #endif
@@ -2579,9 +2585,16 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher,
idx = SSL_PKEY_RSA_SIGN; idx = SSL_PKEY_RSA_SIGN;
else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
idx = SSL_PKEY_RSA_ENC; idx = SSL_PKEY_RSA_ENC;
} else if ((alg_a & SSL_aECDSA) && }
# ifndef NO_GMSSL
else if ((alg_a & SSL_aSM2) &&
(c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
idx = SSL_PKEY_ECC; idx = SSL_PKEY_ECC;
# endif
else if ((alg_a & SSL_aECDSA) &&
(c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
idx = SSL_PKEY_ECC;
if (idx == -1) { if (idx == -1) {
SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR);
return (NULL); return (NULL);

4
ssl/t1_lib.c
View File

@@ -1026,6 +1026,10 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
tlsext_sigalg_ecdsa(md) tlsext_sigalg_ecdsa(md)
static unsigned char tls12_sigalgs[] = { static unsigned char tls12_sigalgs[] = {
# ifndef NO_GMSSL
TLSEXT_hash_sm3,
TLSEXT_signature_sm2sign,
# endif
# ifndef OPENSSL_NO_SHA512 # ifndef OPENSSL_NO_SHA512
tlsext_sigalg(TLSEXT_hash_sha512) tlsext_sigalg(TLSEXT_hash_sha512)
tlsext_sigalg(TLSEXT_hash_sha384) tlsext_sigalg(TLSEXT_hash_sha384)