abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-24 06:03:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

修复了ECC_SM4_SM3套件在秘钥交换过程中的错误

Browse Source 
1. 签名使用SM2默认ID:1234567812345678,而不是证书使用者。
2. 修复了被签名的加密证书长度问题,证书有一个3Byte用于容纳长度的空间。在服务端的秘钥交换过程少了3Byte。
This commit is contained in:
cliven
2020-06-04 14:33:19 +08:00
parent c20175f626
commit 83c5ff2ffb
1 changed files with 20 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
ssl/statem/statem_gmtls.c
View File

@@ -745,10 +745,11 @@ static int gmtls_construct_ske_sm2(SSL *s, unsigned char **p, int *l, int *al)
SSLerr(SSL_F_GMTLS_CONSTRUCT_SKE_SM2, ERR_R_EVP_LIB); SSLerr(SSL_F_GMTLS_CONSTRUCT_SKE_SM2, ERR_R_EVP_LIB);
goto end; goto end;
} }
if (!(id = X509_NAME_oneline(X509_get_subject_name(x509), NULL, 0))) { // if (!(id = X509_NAME_oneline(X509_get_subject_name(x509), NULL, 0))) {
SSLerr(SSL_F_GMTLS_CONSTRUCT_SKE_SM2, ERR_R_EVP_LIB); // SSLerr(SSL_F_GMTLS_CONSTRUCT_SKE_SM2, ERR_R_EVP_LIB);
goto end; // goto end;
} // }
id = SM2_DEFAULT_ID;
zlen = sizeof(z); zlen = sizeof(z);
if (!SM2_compute_id_digest(EVP_sm3(), id, strlen(id), z, &zlen, if (!SM2_compute_id_digest(EVP_sm3(), id, strlen(id), z, &zlen,
EVP_PKEY_get0_EC_KEY(pkey))) { EVP_PKEY_get0_EC_KEY(pkey))) {
@@ -776,7 +777,7 @@ static int gmtls_construct_ske_sm2(SSL *s, unsigned char **p, int *l, int *al)
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_SignUpdate(md_ctx, &(s->s3->server_random[0]), || EVP_SignUpdate(md_ctx, &(s->s3->server_random[0]),
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_SignUpdate(md_ctx, buf, n) <= 0) { || EVP_SignUpdate(md_ctx, buf, n+3) <= 0) {
SSLerr(SSL_F_GMTLS_CONSTRUCT_SKE_SM2, ERR_R_EVP_LIB); SSLerr(SSL_F_GMTLS_CONSTRUCT_SKE_SM2, ERR_R_EVP_LIB);
goto end; goto end;
} }
@@ -802,7 +803,7 @@ static int gmtls_construct_ske_sm2(SSL *s, unsigned char **p, int *l, int *al)
end: end:
OPENSSL_free(buf); OPENSSL_free(buf);
EVP_MD_CTX_free(md_ctx); EVP_MD_CTX_free(md_ctx);
OPENSSL_free(id); // OPENSSL_free(id);
return ret; return ret;
} }
@@ -865,10 +866,11 @@ static int gmtls_process_ske_sm2(SSL *s, PACKET *pkt, int *al)
} }
/* prepare sm2 z value */ /* prepare sm2 z value */
if (!(id = X509_NAME_oneline(X509_get_subject_name(x509), NULL, 0))) { // if (!(id = X509_NAME_oneline(X509_get_subject_name(x509), NULL, 0))) {
SSLerr(SSL_F_GMTLS_PROCESS_SKE_SM2, ERR_R_EVP_LIB); // SSLerr(SSL_F_GMTLS_PROCESS_SKE_SM2, ERR_R_EVP_LIB);
goto end; // goto end;
} // }
id = SM2_DEFAULT_ID;
zlen = sizeof(z); zlen = sizeof(z);
if (!SM2_compute_id_digest(EVP_sm3(), id, strlen(id), z, &zlen, if (!SM2_compute_id_digest(EVP_sm3(), id, strlen(id), z, &zlen,
EVP_PKEY_get0_EC_KEY(pkey))) { EVP_PKEY_get0_EC_KEY(pkey))) {
@@ -885,7 +887,7 @@ static int gmtls_process_ske_sm2(SSL *s, PACKET *pkt, int *al)
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_VerifyUpdate(md_ctx, &(s->s3->server_random[0]), || EVP_VerifyUpdate(md_ctx, &(s->s3->server_random[0]),
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_VerifyUpdate(md_ctx, buf, n) <= 0) { || EVP_VerifyUpdate(md_ctx, buf, n+3) <= 0) {
SSLerr(SSL_F_GMTLS_PROCESS_SKE_SM2, ERR_R_EVP_LIB); SSLerr(SSL_F_GMTLS_PROCESS_SKE_SM2, ERR_R_EVP_LIB);
goto end; goto end;
} }
@@ -903,7 +905,7 @@ static int gmtls_process_ske_sm2(SSL *s, PACKET *pkt, int *al)
end: end:
OPENSSL_free(buf); OPENSSL_free(buf);
EVP_MD_CTX_free(md_ctx); EVP_MD_CTX_free(md_ctx);
OPENSSL_free(id); // OPENSSL_free(id);
return ret; return ret;
} }