Open WendyWjt opened 2 years ago
您好,我使用了如下代码进行 ctx 设置:
(修改了 test\ssl_test_ctx_test.c,因此保留了 ifdef 块)
#ifdef OPENSSL_NO_SM2 TEST_note("SM2 is disabled."); #else TEST_note("SM"); printf("?? %p, %s\n", TLS_DEFAULT_CIPHERSUITES, TLS_DEFAULT_CIPHERSUITES); SSL_CTX* ctx = SSL_CTX_new(TLS_client_method()); printf("set version tls13: %ld\n", SSL_CTX_set_max_proto_version(ctx, 0x0304)); printf("set tls12 and below ciphers: %d\n", SSL_CTX_set_cipher_list(ctx, SM4_CIPHERSUITES)); printf("set tls13 and below ciphers: %d\n", SSL_CTX_set_ciphersuites(ctx, "TLS_SM4_GCM_SM3")); printf("Set SM4 cipher suites: %p, %s\n", SM4_CIPHERSUITES, SM4_CIPHERSUITES);
返回值为0:
# SM ?? 0x409ca8, TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_SM4_GCM_SM3:TLS_SM4_CCM_SM3 set version tls13: 1 set tls12 and below ciphers: 0 set tls13 and below ciphers: 0
使用 gdb 断点,发现在 ssl3_get_cipher_by_std_name 函数中,alltabs 的密码套不包括 TLS_SM4_GCM_SM3:
ssl3_get_cipher_by_std_name
Breakpoint 2, ssl3_get_cipher_by_std_name (stdname=0x7fffffffe0f0 "TLS_SM4_GCM_SM3") at ssl/s3_lib.c:4075 4075 s2n(pmslen, t); (gdb) n 4076 if (alg_k & SSL_kPSK) (gdb) p c $1 = (SSL_CIPHER *) 0x0 (gdb) p alltabs $2 = {0x0, 0x61ef20} (gdb) s 4077 memset(t, 0, pmslen); (gdb) s 4080 t += pmslen; (gdb) s 4081 s2n(psklen, t); (gdb) p alltabs $3 = {0x7ffff7dcee80 <tls13_ciphers>, 0x7ffff7dcf020 <ssl3_ciphers>} (gdb) p alltabs[0][3]->name $4 = 0x7ffff7ba9a63 "TLS_AES_128_CCM_SHA256" (gdb) p alltabs[0][3] $5 = {valid = 1, name = 0x7ffff7ba9a63 "TLS_AES_128_CCM_SHA256", stdname = 0x7ffff7ba9a63 "TLS_AES_128_CCM_SHA256", id = 50336516, algorithm_mkey = 0, algorithm_auth = 0, algorithm_enc = 16384, algorithm_mac = 64, min_tls = 772, max_tls = 772, min_dtls = 0, max_dtls = 0, algo_strength = 40, algorithm2 = 4, strength_bits = 128, alg_bits = 128} (gdb) p alltabs[0][5] $6 = {valid = 0, name = 0x0, stdname = 0x1 <error: Cannot access memory at address 0x1>, id = 4156201619, algorithm_mkey = 32767, algorithm_auth = 4156201628, algorithm_enc = 32767, algorithm_mac = 50331649, min_tls = 1, max_tls = 1, min_dtls = 32, max_dtls = 1, algo_strength = 768, algorithm2 = 771, strength_bits = 256, alg_bits = 65277} (gdb) p alltabs[0][4] $7 = {valid = 1, name = 0x7ffff7ba9a7a "TLS_AES_128_CCM_8_SHA256", stdname = 0x7ffff7ba9a7a "TLS_AES_128_CCM_8_SHA256", id = 50336517, algorithm_mkey = 0, algorithm_auth = 0, algorithm_enc = 65536, algorithm_mac = 64, min_tls = 772, max_tls = 772, min_dtls = 0, max_dtls = 0, algo_strength = 40, algorithm2 = 4, strength_bits = 128, alg_bits = 128}
编译选项为 ./config --debug -g -Og。
./config --debug -g -Og
但是进了 ifdef 块,同时编译时没有禁用 SM 相关的算法,alltabs 判断时应当包括 TLS_SM4_GCM_SM3 算法套。单独跑了关于国密的测试,也显示并没有禁用 SM3 和 SM4。可以请教一下要怎么样将密码套设置进 ctx 吗?
Ping @dongbeiouba
这是我本地的测试结果,是可以设置成功的:
另外,你的 ssl3_get_cipher_by_std_name 代码和 master 代码不一样,是不是代码比较老了,你用 master 分支的代码再试试:
您好,我使用了如下代码进行 ctx 设置:
(修改了 test\ssl_test_ctx_test.c,因此保留了 ifdef 块)
返回值为0:
使用 gdb 断点,发现在
ssl3_get_cipher_by_std_name
函数中,alltabs 的密码套不包括 TLS_SM4_GCM_SM3:编译选项为
./config --debug -g -Og
。但是进了 ifdef 块,同时编译时没有禁用 SM 相关的算法,alltabs 判断时应当包括 TLS_SM4_GCM_SM3 算法套。单独跑了关于国密的测试,也显示并没有禁用 SM3 和 SM4。可以请教一下要怎么样将密码套设置进 ctx 吗?