mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-07-01 18:23:38 +08:00
update
This commit is contained in:
266
ssl/methods_gmtls.c
Normal file
266
ssl/methods_gmtls.c
Normal file
@@ -0,0 +1,266 @@
|
||||
/*
|
||||
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <openssl/objects.h>
|
||||
#include "ssl_locl.h"
|
||||
|
||||
/*-
|
||||
* TLS/SSLv3 methods
|
||||
*/
|
||||
|
||||
IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
|
||||
TLS_method,
|
||||
ossl_statem_accept,
|
||||
ossl_statem_connect, TLSv1_2_enc_data)
|
||||
#ifndef OPENSSL_NO_TLS1_2_METHOD
|
||||
IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
|
||||
tlsv1_2_method,
|
||||
ossl_statem_accept,
|
||||
ossl_statem_connect, TLSv1_2_enc_data)
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_TLS1_1_METHOD
|
||||
IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
|
||||
tlsv1_1_method,
|
||||
ossl_statem_accept,
|
||||
ossl_statem_connect, TLSv1_1_enc_data)
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_TLS1_METHOD
|
||||
IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
|
||||
tlsv1_method,
|
||||
ossl_statem_accept, ossl_statem_connect, TLSv1_enc_data)
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SSL3_METHOD
|
||||
IMPLEMENT_ssl3_meth_func(sslv3_method, ossl_statem_accept, ossl_statem_connect)
|
||||
#endif
|
||||
/*-
|
||||
* TLS/SSLv3 server methods
|
||||
*/
|
||||
IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
|
||||
TLS_server_method,
|
||||
ossl_statem_accept,
|
||||
ssl_undefined_function, TLSv1_2_enc_data)
|
||||
#ifndef OPENSSL_NO_TLS1_2_METHOD
|
||||
IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
|
||||
tlsv1_2_server_method,
|
||||
ossl_statem_accept,
|
||||
ssl_undefined_function, TLSv1_2_enc_data)
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_TLS1_1_METHOD
|
||||
IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
|
||||
tlsv1_1_server_method,
|
||||
ossl_statem_accept,
|
||||
ssl_undefined_function, TLSv1_1_enc_data)
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_TLS1_METHOD
|
||||
IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
|
||||
tlsv1_server_method,
|
||||
ossl_statem_accept,
|
||||
ssl_undefined_function, TLSv1_enc_data)
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SSL3_METHOD
|
||||
IMPLEMENT_ssl3_meth_func(sslv3_server_method,
|
||||
ossl_statem_accept, ssl_undefined_function)
|
||||
#endif
|
||||
/*-
|
||||
* TLS/SSLv3 client methods
|
||||
*/
|
||||
IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
|
||||
TLS_client_method,
|
||||
ssl_undefined_function,
|
||||
ossl_statem_connect, TLSv1_2_enc_data)
|
||||
#ifndef OPENSSL_NO_TLS1_2_METHOD
|
||||
IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
|
||||
tlsv1_2_client_method,
|
||||
ssl_undefined_function,
|
||||
ossl_statem_connect, TLSv1_2_enc_data)
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_TLS1_1_METHOD
|
||||
IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
|
||||
tlsv1_1_client_method,
|
||||
ssl_undefined_function,
|
||||
ossl_statem_connect, TLSv1_1_enc_data)
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_TLS1_METHOD
|
||||
IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
|
||||
tlsv1_client_method,
|
||||
ssl_undefined_function,
|
||||
ossl_statem_connect, TLSv1_enc_data)
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SSL3_METHOD
|
||||
IMPLEMENT_ssl3_meth_func(sslv3_client_method,
|
||||
ssl_undefined_function, ossl_statem_connect)
|
||||
#endif
|
||||
/*-
|
||||
* DTLS methods
|
||||
*/
|
||||
#ifndef OPENSSL_NO_DTLS1_METHOD
|
||||
IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
|
||||
dtlsv1_method,
|
||||
ossl_statem_accept,
|
||||
ossl_statem_connect, DTLSv1_enc_data)
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DTLS1_2_METHOD
|
||||
IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
|
||||
dtlsv1_2_method,
|
||||
ossl_statem_accept,
|
||||
ossl_statem_connect, DTLSv1_2_enc_data)
|
||||
#endif
|
||||
IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
|
||||
DTLS_method,
|
||||
ossl_statem_accept,
|
||||
ossl_statem_connect, DTLSv1_2_enc_data)
|
||||
|
||||
/*-
|
||||
* DTLS server methods
|
||||
*/
|
||||
#ifndef OPENSSL_NO_DTLS1_METHOD
|
||||
IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
|
||||
dtlsv1_server_method,
|
||||
ossl_statem_accept,
|
||||
ssl_undefined_function, DTLSv1_enc_data)
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DTLS1_2_METHOD
|
||||
IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
|
||||
dtlsv1_2_server_method,
|
||||
ossl_statem_accept,
|
||||
ssl_undefined_function, DTLSv1_2_enc_data)
|
||||
#endif
|
||||
IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
|
||||
DTLS_server_method,
|
||||
ossl_statem_accept,
|
||||
ssl_undefined_function, DTLSv1_2_enc_data)
|
||||
|
||||
/*-
|
||||
* DTLS client methods
|
||||
*/
|
||||
#ifndef OPENSSL_NO_DTLS1_METHOD
|
||||
IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
|
||||
dtlsv1_client_method,
|
||||
ssl_undefined_function,
|
||||
ossl_statem_connect, DTLSv1_enc_data)
|
||||
IMPLEMENT_dtls1_meth_func(DTLS1_BAD_VER, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
|
||||
dtls_bad_ver_client_method,
|
||||
ssl_undefined_function,
|
||||
ossl_statem_connect, DTLSv1_enc_data)
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DTLS1_2_METHOD
|
||||
IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
|
||||
dtlsv1_2_client_method,
|
||||
ssl_undefined_function,
|
||||
ossl_statem_connect, DTLSv1_2_enc_data)
|
||||
#endif
|
||||
IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
|
||||
DTLS_client_method,
|
||||
ssl_undefined_function,
|
||||
ossl_statem_connect, DTLSv1_2_enc_data)
|
||||
#if OPENSSL_API_COMPAT < 0x10100000L
|
||||
# ifndef OPENSSL_NO_TLS1_2_METHOD
|
||||
const SSL_METHOD *TLSv1_2_method(void)
|
||||
{
|
||||
return tlsv1_2_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *TLSv1_2_server_method(void)
|
||||
{
|
||||
return tlsv1_2_server_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *TLSv1_2_client_method(void)
|
||||
{
|
||||
return tlsv1_2_client_method();
|
||||
}
|
||||
# endif
|
||||
|
||||
# ifndef OPENSSL_NO_TLS1_1_METHOD
|
||||
const SSL_METHOD *TLSv1_1_method(void)
|
||||
{
|
||||
return tlsv1_1_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *TLSv1_1_server_method(void)
|
||||
{
|
||||
return tlsv1_1_server_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *TLSv1_1_client_method(void)
|
||||
{
|
||||
return tlsv1_1_client_method();
|
||||
}
|
||||
# endif
|
||||
|
||||
# ifndef OPENSSL_NO_TLS1_METHOD
|
||||
const SSL_METHOD *TLSv1_method(void)
|
||||
{
|
||||
return tlsv1_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *TLSv1_server_method(void)
|
||||
{
|
||||
return tlsv1_server_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *TLSv1_client_method(void)
|
||||
{
|
||||
return tlsv1_client_method();
|
||||
}
|
||||
# endif
|
||||
|
||||
# ifndef OPENSSL_NO_SSL3_METHOD
|
||||
const SSL_METHOD *SSLv3_method(void)
|
||||
{
|
||||
return sslv3_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *SSLv3_server_method(void)
|
||||
{
|
||||
return sslv3_server_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *SSLv3_client_method(void)
|
||||
{
|
||||
return sslv3_client_method();
|
||||
}
|
||||
# endif
|
||||
|
||||
# ifndef OPENSSL_NO_DTLS1_2_METHOD
|
||||
const SSL_METHOD *DTLSv1_2_method(void)
|
||||
{
|
||||
return dtlsv1_2_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *DTLSv1_2_server_method(void)
|
||||
{
|
||||
return dtlsv1_2_server_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *DTLSv1_2_client_method(void)
|
||||
{
|
||||
return dtlsv1_2_client_method();
|
||||
}
|
||||
# endif
|
||||
|
||||
# ifndef OPENSSL_NO_DTLS1_METHOD
|
||||
const SSL_METHOD *DTLSv1_method(void)
|
||||
{
|
||||
return dtlsv1_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *DTLSv1_server_method(void)
|
||||
{
|
||||
return dtlsv1_server_method();
|
||||
}
|
||||
|
||||
const SSL_METHOD *DTLSv1_client_method(void)
|
||||
{
|
||||
return dtlsv1_client_method();
|
||||
}
|
||||
# endif
|
||||
|
||||
#endif
|
||||
@@ -68,7 +68,15 @@
|
||||
#define SSL_ENC_AES256CCM8_IDX 17
|
||||
#define SSL_ENC_GOST8912_IDX 18
|
||||
#define SSL_ENC_CHACHA_IDX 19
|
||||
#define SSL_ENC_NUM_IDX 20
|
||||
#define SSL_ENC_SMS4_IDX 20
|
||||
#define SSL_ENC_SMS4GCM_IDX 21
|
||||
#define SSL_ENC_SMS4CCM_IDX 22
|
||||
#define SSL_ENC_SMS4CCM8_IDX 23
|
||||
#define SSL_ENC_ZUC_IDX 24
|
||||
#define SSL_ENC_SM1_IDX 25
|
||||
#define SSL_ENC_SSF33_IDX 26
|
||||
#define SSL_ENC_NUM_IDX 27
|
||||
|
||||
|
||||
/* NB: make sure indices in these tables match values above */
|
||||
|
||||
@@ -97,13 +105,20 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
|
||||
{SSL_AES256CCM, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM_IDX 15 */
|
||||
{SSL_AES128CCM8, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM8_IDX 16 */
|
||||
{SSL_AES256CCM8, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM8_IDX 17 */
|
||||
{SSL_eGOST2814789CNT12, NID_gost89_cnt_12}, /* SSL_ENC_GOST8912_IDX */
|
||||
{SSL_CHACHA20POLY1305, NID_chacha20_poly1305},
|
||||
{SSL_eGOST2814789CNT12, NID_gost89_cnt_12}, /* SSL_ENC_GOST8912_IDX 18 */
|
||||
{SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */
|
||||
{SSL_SMS4, NID_sms4_cbc}, /* SSL_ENC_SMS4_IDX 20 */
|
||||
{SSL_SMS4GCM, NID_sms4_gcm}, /* SSL_ENC_SMS4GCM_IDX 21 */
|
||||
{SSL_SMS4CCM, NID_sms4_ccm}, /* SSL_ENC_SMS4CCM_IDX 22 */
|
||||
{SSL_SMS4CCM8, NID_sms4_ccm}, /* SSL_ENC_SMS4CCM8_IDX 23 */
|
||||
{SSL_ZUC, NID_zuc}, /* SSL_ENC_ZUC_IDX 24 */
|
||||
{SSL_SM1, NID_sm1_cbc}, /* SSL_ENC_SM1_IDX 25 */
|
||||
{SSL_SSF33, NID_ssf33_cbc}, /* SSL_ENC_SSF33_IDX 26 */
|
||||
};
|
||||
|
||||
static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
|
||||
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
|
||||
NULL, NULL
|
||||
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
|
||||
};
|
||||
|
||||
#define SSL_COMP_NULL_IDX 0
|
||||
@@ -136,11 +151,13 @@ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = {
|
||||
{SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */
|
||||
{0, NID_md5_sha1}, /* SSL_MD_MD5_SHA1_IDX 9 */
|
||||
{0, NID_sha224}, /* SSL_MD_SHA224_IDX 10 */
|
||||
{0, NID_sha512} /* SSL_MD_SHA512_IDX 11 */
|
||||
{0, NID_sha512}, /* SSL_MD_SHA512_IDX 11 */
|
||||
{SSL_SM3, NID_sm3}, /* SSL_MD_SM3_IDX 12 */
|
||||
};
|
||||
|
||||
static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
|
||||
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
|
||||
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
|
||||
NULL
|
||||
};
|
||||
|
||||
/* *INDENT-OFF* */
|
||||
@@ -153,7 +170,8 @@ static const ssl_cipher_table ssl_cipher_table_kx[] = {
|
||||
{SSL_kRSAPSK, NID_kx_rsa_psk},
|
||||
{SSL_kPSK, NID_kx_psk},
|
||||
{SSL_kSRP, NID_kx_srp},
|
||||
{SSL_kGOST, NID_kx_gost}
|
||||
{SSL_kGOST, NID_kx_gost},
|
||||
{SSL_kSM2, NID_kx_sm2},
|
||||
};
|
||||
|
||||
static const ssl_cipher_table ssl_cipher_table_auth[] = {
|
||||
@@ -164,7 +182,8 @@ static const ssl_cipher_table ssl_cipher_table_auth[] = {
|
||||
{SSL_aGOST01, NID_auth_gost01},
|
||||
{SSL_aGOST12, NID_auth_gost12},
|
||||
{SSL_aSRP, NID_auth_srp},
|
||||
{SSL_aNULL, NID_auth_null}
|
||||
{SSL_aNULL, NID_auth_null},
|
||||
{SSL_aSM2, NID_auth_sm2},
|
||||
};
|
||||
/* *INDENT-ON* */
|
||||
|
||||
@@ -195,6 +214,8 @@ static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
|
||||
EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
|
||||
/* GOST2012_512 */
|
||||
EVP_PKEY_HMAC,
|
||||
/* SM3 */
|
||||
EVP_PKEY_HMAC,
|
||||
};
|
||||
|
||||
static int ssl_mac_secret_size[SSL_MD_NUM_IDX];
|
||||
@@ -404,9 +425,10 @@ void ssl_load_ciphers(void)
|
||||
}
|
||||
}
|
||||
/* Make sure we can access MD5 and SHA1 */
|
||||
|
||||
OPENSSL_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL);
|
||||
OPENSSL_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL);
|
||||
|
||||
|
||||
disabled_mkey_mask = 0;
|
||||
disabled_auth_mask = 0;
|
||||
|
||||
@@ -423,6 +445,9 @@ void ssl_load_ciphers(void)
|
||||
#ifdef OPENSSL_NO_EC
|
||||
disabled_mkey_mask |= SSL_kECDHEPSK;
|
||||
disabled_auth_mask |= SSL_aECDSA;
|
||||
# ifdef OPENSSL_NO_GMTLS
|
||||
/* do something */
|
||||
# endif
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_PSK
|
||||
disabled_mkey_mask |= SSL_PSK;
|
||||
@@ -1573,6 +1598,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
||||
case SSL_kGOST:
|
||||
kx = "GOST";
|
||||
break;
|
||||
case SSL_kSM2:
|
||||
kx = "SM2";
|
||||
break;
|
||||
default:
|
||||
kx = "unknown";
|
||||
}
|
||||
@@ -1603,6 +1631,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
||||
case (SSL_aGOST12 | SSL_aGOST01):
|
||||
au = "GOST12";
|
||||
break;
|
||||
case SSL_aSM2:
|
||||
au = "SM2";
|
||||
break;
|
||||
default:
|
||||
au = "unknown";
|
||||
break;
|
||||
@@ -1667,6 +1698,27 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
||||
case SSL_CHACHA20POLY1305:
|
||||
enc = "CHACHA20/POLY1305(256)";
|
||||
break;
|
||||
case SSL_SMS4:
|
||||
enc = "SMS4(128)";
|
||||
break;
|
||||
case SSL_SMS4GCM:
|
||||
enc = "SMS4GCM(128)";
|
||||
break;
|
||||
case SSL_SMS4CCM:
|
||||
enc = "SMS4CCM(128)";
|
||||
break;
|
||||
case SSL_SMS4CCM8:
|
||||
enc = "SMS4CCM8(128)";
|
||||
break;
|
||||
case SSL_ZUC:
|
||||
enc = "ZUC(128)";
|
||||
break;
|
||||
case SSL_SM1:
|
||||
enc = "SM1(128)";
|
||||
break;
|
||||
case SSL_SSF33:
|
||||
enc = "SSF33(128)";
|
||||
break;
|
||||
default:
|
||||
enc = "unknown";
|
||||
break;
|
||||
@@ -1699,6 +1751,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
||||
case SSL_GOST12_512:
|
||||
mac = "GOST2012";
|
||||
break;
|
||||
case SSL_SM3:
|
||||
mac = "SM3";
|
||||
break;
|
||||
default:
|
||||
mac = "unknown";
|
||||
break;
|
||||
@@ -1714,7 +1769,7 @@ const char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
|
||||
if (c == NULL)
|
||||
return "(NONE)";
|
||||
|
||||
/*
|
||||
/*
|
||||
* Backwards-compatibility crutch. In almost all contexts we report TLS
|
||||
* 1.0 as "TLSv1", but for ciphers we report "TLSv1.0".
|
||||
*/
|
||||
@@ -1903,6 +1958,8 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
|
||||
return SSL_PKEY_GOST_EC;
|
||||
else if (alg_a & SSL_aGOST01)
|
||||
return SSL_PKEY_GOST01;
|
||||
else if (alg_a & SSL_aSM2)
|
||||
return SSL_PKEY_ECC;
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -223,10 +223,12 @@
|
||||
# define SSL_kRSAPSK 0x00000040U
|
||||
# define SSL_kECDHEPSK 0x00000080U
|
||||
# define SSL_kDHEPSK 0x00000100U
|
||||
# define SSL_kSM2 0x00000200U
|
||||
# define SSL_kSM2PSK 0x00000400U
|
||||
|
||||
/* all PSK */
|
||||
|
||||
# define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK)
|
||||
# define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK | SSL_kSM2PSK)
|
||||
|
||||
/* Bits for algorithm_auth (server authentication) */
|
||||
/* RSA auth */
|
||||
@@ -245,6 +247,8 @@
|
||||
# define SSL_aSRP 0x00000040U
|
||||
/* GOST R 34.10-2012 signature auth */
|
||||
# define SSL_aGOST12 0x00000080U
|
||||
/* SM2 */
|
||||
# define SSL_aSM2 0x00000100U
|
||||
|
||||
/* Bits for algorithm_enc (symmetric encryption) */
|
||||
# define SSL_DES 0x00000001U
|
||||
@@ -267,19 +271,27 @@
|
||||
# define SSL_AES256CCM8 0x00020000U
|
||||
# define SSL_eGOST2814789CNT12 0x00040000U
|
||||
# define SSL_CHACHA20POLY1305 0x00080000U
|
||||
# define SSL_SMS4 0x00100000U
|
||||
# define SSL_SMS4GCM 0x00200000U
|
||||
# define SSL_SMS4CCM 0x00400000U
|
||||
# define SSL_SMS4CCM8 0x00800000U
|
||||
# define SSL_ZUC 0x01000000U
|
||||
# define SSL_SM1 0x02000000U
|
||||
# define SSL_SSF33 0x04000000U
|
||||
|
||||
# define SSL_AESGCM (SSL_AES128GCM | SSL_AES256GCM)
|
||||
# define SSL_AESCCM (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8)
|
||||
# define SSL_AES (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM)
|
||||
# define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
|
||||
# define SSL_CHACHA20 (SSL_CHACHA20POLY1305)
|
||||
# define SSL_SMS4ALL (SSL_SMS4 | SSL_SMS4GCM | SSL_SMS4CCM | SSL_SMS4CCM8)
|
||||
|
||||
/* Bits for algorithm_mac (symmetric authentication) */
|
||||
|
||||
# define SSL_MD5 0x00000001U
|
||||
# define SSL_SHA1 0x00000002U
|
||||
# define SSL_GOST94 0x00000004U
|
||||
# define SSL_GOST89MAC 0x00000008U
|
||||
# define SSL_GOST94 0x00000004U
|
||||
# define SSL_GOST89MAC 0x00000008U
|
||||
# define SSL_SHA256 0x00000010U
|
||||
# define SSL_SHA384 0x00000020U
|
||||
/* Not a real MAC, just an indication it is part of cipher */
|
||||
@@ -287,6 +299,7 @@
|
||||
# define SSL_GOST12_256 0x00000080U
|
||||
# define SSL_GOST89MAC12 0x00000100U
|
||||
# define SSL_GOST12_512 0x00000200U
|
||||
# define SSL_SM3 0x00000400U
|
||||
|
||||
/*
|
||||
* When adding new digest in the ssl_ciph.c and increment SSL_MD_NUM_IDX make
|
||||
@@ -305,7 +318,8 @@
|
||||
# define SSL_MD_MD5_SHA1_IDX 9
|
||||
# define SSL_MD_SHA224_IDX 10
|
||||
# define SSL_MD_SHA512_IDX 11
|
||||
# define SSL_MAX_DIGEST 12
|
||||
# define SSL_MD_SM3_IDX 12
|
||||
# define SSL_MAX_DIGEST 13
|
||||
|
||||
/* Bits for algorithm2 (handshake digests and other extra flags) */
|
||||
|
||||
@@ -317,7 +331,8 @@
|
||||
# define SSL_HANDSHAKE_MAC_GOST94 SSL_MD_GOST94_IDX
|
||||
# define SSL_HANDSHAKE_MAC_GOST12_256 SSL_MD_GOST12_256_IDX
|
||||
# define SSL_HANDSHAKE_MAC_GOST12_512 SSL_MD_GOST12_512_IDX
|
||||
# define SSL_HANDSHAKE_MAC_DEFAULT SSL_HANDSHAKE_MAC_MD5_SHA1
|
||||
# define SSL_HANDSHAKE_MAC_SM3 SSL_MD_SM3_IDX
|
||||
# define SSL_HANDSHAKE_MAC_DEFAULT SSL_HANDSHAKE_MAC_MD5_SHA1
|
||||
|
||||
/* Bits 8-15 bits are PRF */
|
||||
# define TLS1_PRF_DGST_SHIFT 8
|
||||
@@ -327,6 +342,7 @@
|
||||
# define TLS1_PRF_GOST94 (SSL_MD_GOST94_IDX << TLS1_PRF_DGST_SHIFT)
|
||||
# define TLS1_PRF_GOST12_256 (SSL_MD_GOST12_256_IDX << TLS1_PRF_DGST_SHIFT)
|
||||
# define TLS1_PRF_GOST12_512 (SSL_MD_GOST12_512_IDX << TLS1_PRF_DGST_SHIFT)
|
||||
# define TLS1_PRF_SM3 (SSL_MD_SM3_IDX << TLS1_PRF_DGST_SHIFT)
|
||||
# define TLS1_PRF (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT)
|
||||
|
||||
/*
|
||||
|
||||
1
ssl/statem/statem_gmtls.c
Normal file
1
ssl/statem/statem_gmtls.c
Normal file
@@ -0,0 +1 @@
|
||||
|
||||
@@ -639,6 +639,13 @@ typedef struct {
|
||||
#endif
|
||||
|
||||
static const version_info tls_version_table[] = {
|
||||
/*
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
{GMTLS_VERSION, gmtls_client_method, gmtls_server_method},
|
||||
#else
|
||||
{GMTLS_VERSION, NULL, NULL},
|
||||
#endif
|
||||
*/
|
||||
#ifndef OPENSSL_NO_TLS1_2
|
||||
{TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method},
|
||||
#else
|
||||
@@ -667,6 +674,13 @@ static const version_info tls_version_table[] = {
|
||||
#endif
|
||||
|
||||
static const version_info dtls_version_table[] = {
|
||||
/*
|
||||
#ifndef OPENSSL_NO_GMTLS
|
||||
{GMTLS_VERSION, gmdtls_client_method, gmdtls_server_method},
|
||||
#else
|
||||
{GMTLS_VERSION, NULL, NULL},
|
||||
#endif
|
||||
*/
|
||||
#ifndef OPENSSL_NO_DTLS1_2
|
||||
{DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method},
|
||||
#else
|
||||
|
||||
Reference in New Issue
Block a user