mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-06-26 07:03:40 +08:00
version 2.5.3
new sms4 api, go api and ciphersuites
This commit is contained in:
Zhi Guan
172
ssl/s3_lib.c
172
ssl/s3_lib.c
@@ -150,8 +150,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
0,
|
||||
},
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
/* GM/T 0024 ciphersuites
|
||||
* SM2(ENC) and SM9(ENC) only allowed in GMTLS 1.1
|
||||
/* GM/T 0024-2014 ciphersuites
|
||||
*/
|
||||
{
|
||||
1,
|
||||
@@ -161,10 +160,10 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_aSM2,
|
||||
SSL_SM1,
|
||||
SSL_SM3,
|
||||
GMTLS_VERSION, TLS1_2_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
||||
GMTLS_VERSION, GMTLS_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_BAD_VER,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
SSL_HANDSHAKE_MAC_SM3 | TLS1_PRF_SM3,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
@@ -177,9 +176,9 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_SM1,
|
||||
SSL_SM3,
|
||||
GMTLS_VERSION, GMTLS_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_BAD_VER,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
SSL_HANDSHAKE_MAC_SM3 | TLS1_PRF_SM3,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
@@ -191,10 +190,10 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_aSM9,
|
||||
SSL_SM1,
|
||||
SSL_SM3,
|
||||
GMTLS_VERSION, TLS1_2_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
||||
GMTLS_VERSION, GMTLS_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_BAD_VER,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
SSL_HANDSHAKE_MAC_SM3 | TLS1_PRF_SM3,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
@@ -207,9 +206,9 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_SM1,
|
||||
SSL_SM3,
|
||||
GMTLS_VERSION, GMTLS_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_BAD_VER,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
SSL_HANDSHAKE_MAC_SM3 | TLS1_PRF_SM3,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
@@ -221,10 +220,10 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_aRSA,
|
||||
SSL_SM1,
|
||||
SSL_SM3,
|
||||
GMTLS_VERSION, TLS1_2_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
||||
GMTLS_VERSION, GMTLS_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_BAD_VER,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
SSL_HANDSHAKE_MAC_SM3 | TLS1_PRF_SM3,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
@@ -236,10 +235,10 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_aRSA,
|
||||
SSL_SM1,
|
||||
SSL_SHA1,
|
||||
GMTLS_VERSION, TLS1_2_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
||||
GMTLS_VERSION, GMTLS_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_BAD_VER,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
SSL_HANDSHAKE_MAC_SHA1 | TLS1_PRF_SM3,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
@@ -251,10 +250,10 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_aSM2,
|
||||
SSL_SMS4,
|
||||
SSL_SM3,
|
||||
GMTLS_VERSION, TLS1_2_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
||||
GMTLS_VERSION, GMTLS_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_BAD_VER,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
SSL_HANDSHAKE_MAC_SM3 | TLS1_PRF_SM3,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
@@ -267,9 +266,9 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_SMS4,
|
||||
SSL_SM3,
|
||||
GMTLS_VERSION, GMTLS_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_BAD_VER,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
SSL_HANDSHAKE_MAC_SM3 | TLS1_PRF_SM3,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
@@ -281,10 +280,10 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_aSM9,
|
||||
SSL_SMS4,
|
||||
SSL_SM3,
|
||||
GMTLS_VERSION, TLS1_2_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
||||
GMTLS_VERSION, GMTLS_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_BAD_VER,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
SSL_HANDSHAKE_MAC_SM3 | TLS1_PRF_SM3,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
@@ -297,9 +296,9 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_SMS4,
|
||||
SSL_SM3,
|
||||
GMTLS_VERSION, GMTLS_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_BAD_VER,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
SSL_HANDSHAKE_MAC_SM3 | TLS1_PRF_SM3,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
@@ -311,10 +310,10 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_aRSA,
|
||||
SSL_SMS4,
|
||||
SSL_SM3,
|
||||
GMTLS_VERSION, TLS1_2_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
||||
GMTLS_VERSION, GMTLS_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_BAD_VER,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
SSL_HANDSHAKE_MAC_SM3 | TLS1_PRF_SM3,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
@@ -326,32 +325,16 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_aRSA,
|
||||
SSL_SMS4,
|
||||
SSL_SHA1,
|
||||
GMTLS_VERSION, TLS1_2_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
||||
GMTLS_VERSION, GMTLS_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_BAD_VER,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
SSL_HANDSHAKE_MAC_SHA1 | TLS1_PRF_SM3,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
#endif /* OPENSSL_NO_GMTLS */
|
||||
|
||||
#ifndef OPENSSL_NO_SM2
|
||||
/* ECDHE-SM2-[SM1|SMS4|SSF33]-[SM3|SHA256] */
|
||||
{
|
||||
1,
|
||||
GMTLS_TXT_ECDHE_SM2_WITH_SM1_SM3,
|
||||
GMTLS_CK_ECDHE_SM2_WITH_SM1_SM3,
|
||||
SSL_kECDHE,
|
||||
SSL_aSM2,
|
||||
SSL_SM1,
|
||||
SSL_SM3,
|
||||
TLS1_2_VERSION, TLS1_2_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
{
|
||||
1,
|
||||
GMTLS_TXT_ECDHE_SM2_WITH_SMS4_SM3,
|
||||
@@ -361,37 +344,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_SMS4,
|
||||
SSL_SM3,
|
||||
TLS1_2_VERSION, TLS1_2_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
{
|
||||
1,
|
||||
GMTLS_TXT_ECDHE_SM2_WITH_SMS4_GCM_SM3,
|
||||
GMTLS_CK_ECDHE_SM2_WITH_SMS4_GCM_SM3,
|
||||
SSL_kECDHE,
|
||||
SSL_aSM2,
|
||||
SSL_SMS4GCM,
|
||||
SSL_AEAD,
|
||||
TLS1_2_VERSION, TLS1_2_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_SM3 | TLS1_PRF_SM3,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
{
|
||||
1,
|
||||
GMTLS_TXT_ECDHE_SM2_WITH_SSF33_SM3,
|
||||
GMTLS_CK_ECDHE_SM2_WITH_SSF33_SM3,
|
||||
SSL_kECDHE,
|
||||
SSL_aSM2,
|
||||
SSL_SSF33,
|
||||
SSL_SM3,
|
||||
TLS1_2_VERSION, TLS1_2_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
||||
DTLS1_2_VERSION, DTLS1_2_VERSION,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
128,
|
||||
@@ -399,46 +352,16 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
},
|
||||
{
|
||||
1,
|
||||
GMTLS_TXT_ECDHE_SM2_WITH_SM1_SHA256,
|
||||
GMTLS_CK_ECDHE_SM2_WITH_SM1_SHA256,
|
||||
GMTLS_TXT_ECDHE_SM2_WITH_SMS4_GCM_SM3,
|
||||
GMTLS_CK_ECDHE_SM2_WITH_SMS4_GCM_SM3,
|
||||
SSL_kECDHE,
|
||||
SSL_aSM2,
|
||||
SSL_SM1,
|
||||
SSL_SHA256,
|
||||
SSL_SMS4GCM,
|
||||
SSL_AEAD,
|
||||
TLS1_2_VERSION, TLS1_2_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
||||
DTLS1_2_VERSION, DTLS1_2_VERSION,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
{
|
||||
1,
|
||||
GMTLS_TXT_ECDHE_SM2_WITH_SMS4_SHA256,
|
||||
GMTLS_CK_ECDHE_SM2_WITH_SMS4_SHA256,
|
||||
SSL_kECDHE,
|
||||
SSL_aSM2,
|
||||
SSL_SMS4,
|
||||
SSL_SHA256,
|
||||
TLS1_2_VERSION, TLS1_2_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
{
|
||||
1,
|
||||
GMTLS_TXT_ECDHE_SM2_WITH_SSF33_SHA256,
|
||||
GMTLS_CK_ECDHE_SM2_WITH_SSF33_SHA256,
|
||||
SSL_kECDHE,
|
||||
SSL_aSM2,
|
||||
SSL_SSF33,
|
||||
SSL_SHA256,
|
||||
TLS1_2_VERSION, TLS1_2_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
SSL_HANDSHAKE_MAC_SM3 | TLS1_PRF_SM3,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
@@ -2042,6 +1965,21 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
128,
|
||||
128,
|
||||
},
|
||||
{
|
||||
1,
|
||||
GMTLS_TXT_PSK_WITH_SMS4_CBC_SM3,
|
||||
GMTLS_CK_PSK_WITH_SMS4_CBC_SM3,
|
||||
SSL_kPSK,
|
||||
SSL_aPSK,
|
||||
SSL_SMS4,
|
||||
SSL_SM3,
|
||||
SSL3_VERSION, TLS1_2_VERSION,
|
||||
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_SM3 | TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
#endif
|
||||
{
|
||||
1,
|
||||
|
||||
@@ -400,6 +400,7 @@
|
||||
# define SSL_HANDSHAKE_MAC_GOST12_512 SSL_MD_GOST12_512_IDX
|
||||
# define SSL_HANDSHAKE_MAC_DEFAULT SSL_HANDSHAKE_MAC_MD5_SHA1
|
||||
# define SSL_HANDSHAKE_MAC_SM3 SSL_MD_SM3_IDX
|
||||
# define SSL_HANDSHAKE_MAC_SHA1 SSL_MD_SHA1_IDX
|
||||
|
||||
/* Bits 8-15 bits are PRF */
|
||||
# define TLS1_PRF_DGST_SHIFT 8
|
||||
|
||||
@@ -499,20 +499,42 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = {
|
||||
{0xE019, "GMTLS_RSA_WITH_SMS4_SM3"},
|
||||
{0xE01A, "GMTLS_RSA_WITH_SMS4_SHA1"},
|
||||
# endif
|
||||
/* ECDHE-SM2-WITH-[SM1|SMS4|SSF33]-[SM3|SHA256] */
|
||||
{0xE101, "GMTLS_ECDHE_SM2_WITH_SM1_SM3"},
|
||||
{0xE102, "GMTLS_ECDHE_SM2_WITH_SMS4_SM3"},
|
||||
{0xE103, "GMTLS_ECDHE_SM2_WITH_SSF33_SM3"},
|
||||
{0xE104, "GMTLS_ECDHE_SM2_WITH_SM1_SHA256"},
|
||||
{0xE105, "GMTLS_ECDHE_SM2_WITH_SMS4_SHA256"},
|
||||
{0xE106, "GMTLS_ECDHE_SM2_WITH_SSF33_SHA256"},
|
||||
/* ECDHE-SM2-WITH-SMS4-[GCM|CCM|CCM-8]-[SM3|SHA256] */
|
||||
{0xE107, "GMTLS_ECDHE_SM2_WITH_SMS4_GCM_SM3"},
|
||||
{0xE108, "GMTLS_ECDHE_SM2_WITH_SMS4_CCM_SM3"},
|
||||
{0xE109, "GMTLS_ECDHE_SM2_WITH_SMS4_CCM_8_SM3"},
|
||||
{0xE10A, "GMTLS_ECDHE_SM2_WITH_SMS4_GCM_SHA256"},
|
||||
{0xE10B, "GMTLS_ECDHE_SM2_WITH_SMS4_CCM_SHA256"},
|
||||
{0xE10C, "GMTLS_ECDHE_SM2_WITH_SMS4_CCM_8_SHA256"},
|
||||
|
||||
{0xE10D, "GMTLS_ECDHE_SM2_WITH_ZUC_SM3"},
|
||||
{0xE10E, "GMTLS_ECDHE_SM2_WITH_ZUC256_SM3"},
|
||||
{0xE201, "GMTLS_SM2DHE_SM2_WITH_SM1_SM3"},
|
||||
{0xE202, "GMTLS_SM2DHE_SM2_WITH_SMS4_SM3"},
|
||||
{0xE203, "GMTLS_SM2DHE_SM2_WITH_SSF33_SM3"},
|
||||
{0xE204, "GMTLS_SM2DHE_SM2_WITH_ZUC_SM3"},
|
||||
{0xE205, "GMTLS_SM2DHE_SM2_WITH_SMS4_GCM_SM3"},
|
||||
{0xE206, "GMTLS_SM2DHE_SM2_WITH_SMS4_CCM_SM3"},
|
||||
{0xE209, "GMTLS_SM2DHE_SM2_WITH_ZUC256_SM3"},
|
||||
{0xF101, "GMTLS_PSK_WITH_SMS4_CBC_SM3"},
|
||||
{0xF102, "GMTLS_PSK_WITH_SMS4_GCM_SM3"},
|
||||
{0xF103, "GMTLS_PSK_WITH_SMS4_CCM_SM3"},
|
||||
{0xF10B, "GMTLS_SM2DHE_PSK_WITH_SMS4_CBC_SM3"},
|
||||
{0xF10C, "GMTLS_SM2DHE_PSK_WITH_SMS4_GCM_SM3"},
|
||||
{0xF10D, "GMTLS_SM2DHE_PSK_WITH_SMS4_CCM_SM3"},
|
||||
{0xF10E, "GMTLS_PSK_WITH_SM1_CBC_SM3"},
|
||||
{0xF117, "GMTLS_PSK_WITH_SSF33_CBC_SM3"},
|
||||
{0xF120, "GMTLS_ECDHE_PSK_WITH_SMS4_CBC_SM3"},
|
||||
{0xF121, "GMTLS_ECDHE_PSK_WITH_SMS4_GCM_SM3"},
|
||||
{0xF122, "GMTLS_ECDHE_PSK_WITH_SMS4_CCM_SM3"},
|
||||
{0xF123, "GMTLS_PSK_WITH_ZUC_SM3"},
|
||||
{0xF124, "GMTLS_PSK_WITH_ZUC256_SM3"},
|
||||
{0xF125, "GMTLS_ECDHE_PSK_WITH_ZUC_SM3"},
|
||||
{0xF126, "GMTLS_ECDHE_PSK_WITH_ZUC256_SM3"},
|
||||
{0xF127, "GMTLS_SM2DHE_PSK_WITH_ZUC_SM3"},
|
||||
{0xF128, "GMTLS_SM2DHE_PSK_WITH_ZUC256_SM3"},
|
||||
{0xF201, "GMTLS_SRP_SM3_WITH_SMS4_CBC_SM3"},
|
||||
{0xF202, "GMTLS_SRP_SM3_WITH_SMS4_GCM_SM3"},
|
||||
{0xF203, "GMTLS_SRP_SM3_WITH_SMS4_CCM_SM3"},
|
||||
{0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
|
||||
{0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
|
||||
|
||||
|
||||
Reference in New Issue
Block a user