From 40b8d671101a5f9603bad216a745eaee114d4db2 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Mon, 15 Jun 2026 11:31:51 +0800 Subject: [PATCH] Fix ccm cipher suite --- CMakeLists.txt | 2 +- include/gmssl/tls.h | 1 + include/gmssl/version.h | 2 +- src/tls.c | 4 ++-- src/tls12.c | 16 ++++++++-------- src/tls_trace.c | 3 +++ 6 files changed, 16 insertions(+), 12 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 1f00ee3f..bd0aaf74 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -764,7 +764,7 @@ endif() # set(CPACK_PACKAGE_NAME "GmSSL") set(CPACK_PACKAGE_VENDOR "GmSSL develop team") -set(CPACK_PACKAGE_VERSION "3.2.0-dev.1048") +set(CPACK_PACKAGE_VERSION "3.2.0-dev.1049") set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md) set(CPACK_NSIS_MODIFY_PATH ON) include(CPack) diff --git a/include/gmssl/tls.h b/include/gmssl/tls.h index 88ccaf7e..df18bf1b 100644 --- a/include/gmssl/tls.h +++ b/include/gmssl/tls.h @@ -109,6 +109,7 @@ typedef enum { TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256 = 0xc023, TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256 = 0xc02b, + TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm = 0xc0ac, TLS_cipher_empty_renegotiation_info_scsv = 0x00ff, } TLS_CIPHER_SUITE; diff --git a/include/gmssl/version.h b/include/gmssl/version.h index 58c62671..26311ac5 100644 --- a/include/gmssl/version.h +++ b/include/gmssl/version.h @@ -18,7 +18,7 @@ extern "C" { #define GMSSL_VERSION_NUM 30200 -#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1048" +#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1049" int gmssl_version_num(void); const char *gmssl_version_str(void); diff --git a/src/tls.c b/src/tls.c index 47fdacea..5d6bfca6 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1154,7 +1154,7 @@ int tls_record_encrypt(int cipher_suite, } break; #ifdef ENABLE_AES_CCM - case TLS_cipher_aes_128_ccm_sha256: + case TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm: if (tls_ccm_encrypt(key, fixed_iv, seq_num, in, in + 5, inlen - 5, out + 5, outlen) != 1) { @@ -1204,7 +1204,7 @@ int tls_record_decrypt(int cipher_suite, const HMAC_CTX *hmac_ctx, } break; #ifdef ENABLE_AES_CCM - case TLS_cipher_aes_128_ccm_sha256: + case TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm: if (tls_ccm_decrypt(key, fixed_iv, seq_num, in, in + 5, inlen - 5, out + 5, outlen) != 1) { diff --git a/src/tls12.c b/src/tls12.c index c92657b8..69a1fc3a 100644 --- a/src/tls12.c +++ b/src/tls12.c @@ -50,7 +50,7 @@ const int tls12_cipher_suites[] = { TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256, TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256, #ifdef ENABLE_AES_CCM - TLS_cipher_aes_128_ccm_sha256, + TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm_sha256, #endif #endif }; @@ -458,7 +458,7 @@ static int tls12_cipher_suite_get(int cipher_suite, const BLOCK_CIPHER **cipher, case TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256: case TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256: #ifdef ENABLE_AES_CCM - case TLS_cipher_aes_128_ccm_sha256: + case TLS_cipher_ecdhe_ecdsa_aes_128_ccm: #endif *cipher = BLOCK_CIPHER_aes128(); *digest = DIGEST_sha256(); @@ -481,7 +481,7 @@ static int tls12_cipher_suite_match_cert_group(int cipher_suite, int cert_group) case TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256: case TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256: #ifdef ENABLE_AES_CCM - case TLS_cipher_aes_128_ccm_sha256: + case TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm: #endif return cert_group == TLS_curve_secp256r1; #endif @@ -511,7 +511,7 @@ static int tls12_signature_scheme_match_cipher_suite(int sig_alg, int cipher_sui case TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256: case TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256: #ifdef ENABLE_AES_CCM - case TLS_cipher_aes_128_ccm_sha256: + case TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm: #endif return 1; } @@ -531,7 +531,7 @@ static int tls12_key_exchange_group_match_cipher_suite(int group, int cipher_sui case TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256: case TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256: #ifdef ENABLE_AES_CCM - case TLS_cipher_aes_128_ccm_sha256: + case TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm: #endif return group == TLS_curve_secp256r1; #endif @@ -1566,7 +1566,7 @@ int tls_recv_server_certificate(TLS_CONNECT *conn) case TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256: case TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256: #ifdef ENABLE_AES_CCM - case TLS_cipher_aes_128_ccm_sha256: + case TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm: #endif server_sig_alg = TLS_sig_ecdsa_secp256r1_sha256; break; @@ -1773,7 +1773,7 @@ int tls_curve_match_cipher_suite(int named_curve, int cipher_suite) case TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256: case TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256: #ifdef ENABLE_AES_CCM - case TLS_cipher_aes_128_ccm_sha256: + case TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm: #endif break; default: @@ -1808,7 +1808,7 @@ int tls_signature_scheme_match_cipher_suite(int sig_alg, int cipher_suite) case TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256: case TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256: #ifdef ENABLE_AES_CCM - case TLS_cipher_aes_128_ccm_sha256: + case TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm: #endif break; default: diff --git a/src/tls_trace.c b/src/tls_trace.c index b7485ba2..89b83136 100644 --- a/src/tls_trace.c +++ b/src/tls_trace.c @@ -82,6 +82,7 @@ const char *tls_cipher_suite_name(int cipher) case TLS_cipher_aes_128_ccm_8_sha256: return "TLS_AES_128_CCM_8_SHA256"; case TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256: return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"; case TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256: return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"; + case TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm: return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"; case TLS_cipher_empty_renegotiation_info_scsv: return "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"; } return NULL; @@ -109,6 +110,8 @@ int tls_cipher_suite_from_name(const char *name) return TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256; } else if (!strcmp(name, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256")) { return TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256; + } else if (!strcmp(name, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM")) { + return TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm; } error_print(); return 0;