From 5c315bca3f08e706e6a81a133575cda315012e4d Mon Sep 17 00:00:00 2001 From: zs <84500316@qq.com> Date: Mon, 22 Aug 2016 17:44:54 +0800 Subject: [PATCH] =?UTF-8?q?1=E3=80=81=E8=A7=A3=E5=86=B3TLS1.x=E7=9A=84ECDH?= =?UTF-8?q?-SM2-SM3-SM4/SM2-SM3-SM4=E4=B8=A4=E7=A7=8D=E5=A5=97=E4=BB=B6?= =?UTF-8?q?=E6=97=A0=E6=B3=95=E6=8F=A1=E6=89=8B=E6=88=90=E5=8A=9F=202?= =?UTF-8?q?=E3=80=81=E6=9A=82=E5=8E=BB=E6=8E=89=E9=9D=9ESM=E7=AE=97?= =?UTF-8?q?=E6=B3=95=E7=9A=84=E5=A5=97=E4=BB=B6=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ssl/s3_clnt.c | 6 +++++ ssl/s3_lib.c | 68 ++++++++++++++++++++++++-------------------------- ssl/ssl_ciph.c | 7 +++++- ssl/ssl_lib.c | 6 +++++ ssl/t1_lib.c | 4 +++ 5 files changed, 55 insertions(+), 36 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index b3977a9a..658e0993 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1871,6 +1871,12 @@ int ssl3_get_key_exchange(SSL *s) pkey = X509_get_pubkey(s->session-> sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); +# endif +# ifndef NO_GMSSL + else if (alg_a & SSL_aSM2) + pkey = + X509_get_pubkey(s->session-> + sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); # endif /* else anonymous ECDH, so no certificate or pkey. */ EC_KEY_set_public_key(ecdh, srvr_ecpoint); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index ae2d9cb3..4aaccbf1 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -163,7 +163,40 @@ const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT; /* list of available SSLv3 ciphers (sorted by id) */ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { +# ifndef NO_GMSSL + /* (GmSSL specific) */ + { + 1, + GM1_TXT_ECDHE_SM2_SM4_SM3, + GM1_CK_ECDHE_SM2_SM4_SM3, + SSL_kEECDH, + SSL_aSM2, + SSL_SM4, + SSL_SM3, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, + }, + /* (GmSSL Specific) */ + { + 1, + GM1_TXT_SM2_SM4_SM3, + GM1_CK_SM2_SM4_SM3, + SSL_kSM2, + SSL_aSM2, + SSL_SM4, + SSL_SM3, + SSL_TLSV1_2, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 128, + 128, + } +# endif +#if 0 /* The RSA ciphers */ /* Cipher 01 */ { @@ -2890,42 +2923,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 256, 256}, #endif - -#ifndef NO_GMSSL - /* (GmSSL specific) */ - { - 1, - GM1_TXT_ECDHE_SM2_SM4_SM3, - GM1_CK_ECDHE_SM2_SM4_SM3, - SSL_kEECDH, - SSL_aSM2, - SSL_SM4, - SSL_SM3, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - }, - - /* (GmSSL Specific) */ - { - 1, - GM1_TXT_SM2_SM4_SM3, - GM1_CK_SM2_SM4_SM3, - SSL_kSM2, - SSL_aSM2, - SSL_SM4, - SSL_SM3, - SSL_TLSV1_2, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, - 128, - 128, - } - #endif - /* end of list */ }; diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 6194a226..e18f6b22 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -2128,7 +2128,12 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c) * chosen. */ return SSL_PKEY_ECC; - } else if (alg_a & SSL_aECDSA) + } +# ifndef NO_GMSSL + else if (alg_a & SSL_aSM2) + return SSL_PKEY_ECC; +# endif + else if (alg_a & SSL_aECDSA) return SSL_PKEY_ECC; else if (alg_k & SSL_kDHr) return SSL_PKEY_DH_RSA; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index da05eb0d..dd74a02d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2413,6 +2413,12 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) mask_a |= SSL_aECDSA; emask_a |= SSL_aECDSA; } +# endif +# ifndef NO_GMSSL + mask_a |= SSL_aSM2; + emask_a |= SSL_aSM2; + mask_k |= SSL_kSM2; + emask_k |= SSL_kSM2; # endif } #endif diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 03543c68..3c075879 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1026,6 +1026,10 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) tlsext_sigalg_ecdsa(md) static unsigned char tls12_sigalgs[] = { +# ifndef NO_GMSSL + TLSEXT_hash_sm3, + TLSEXT_signature_sm2sign, +# endif # ifndef OPENSSL_NO_SHA512 tlsext_sigalg(TLSEXT_hash_sha512) tlsext_sigalg(TLSEXT_hash_sha384)