guanzhi / gmssl Goto Github PK

View Code? Open in Web Editor NEW

4.7K 4.7K 1.6K 41.1 MB

支持国密SM2/SM3/SM4/SM9/SSL的密码工具箱

Home Page: http://gmssl.org

License: Apache License 2.0

C 99.15% CMake 0.50% Shell 0.05% Assembly 0.30%

crypto encryption go java javascript pairing sm2 sm3 sm4 sm9 ssl tls zuc

gmssl's People

Contributors

Stargazers

Watchers

Forkers

naix-1993 wangwalfred alex1818 connlan russ168 ntvis chentooerl lianran zhulianhai mingpen virtowlee nevinhappy sara62 huhan8371 gwei3 nathaniel100 brucechu chenhaifeng2016 cywzl deadcycle rodesad cuiwm winstard awesome-security mumblebo zyh329 firstteam vanloswang davidmr001 qiaodongliang kolidat papacute weiofcn huanghengmin luopeipei zhuqk wqx081 tongyu123 anand6105 suse110 xiedong6688 huangyuxi iceskycn kobemiller sniperxiaojun menglyly liujianqun calvinwilliams mrpre albert-chuang zhangjinde bjgxjob yxstars machozhao gannyee grayinchina wangyangcs alphadyz jasonyanhb xiangyuwei lanyaaki netdebug hongbinz xuxueyun gao-chuan luoolu disillusion028 mashiromoritaka dmpingfan closethe conseweb hankers dieken erniusias eshrf whycoding126 majuangh shuianfendi6 andylau004 xiaoyanglin matrixss cess-pro lankzm gujinqiangggs shengyp0929 wxh1013 lvxin0805 qingche123 cxueqin gx9702 hanshanxin nocky kdraft johanwange dabdirb serennity gospeljohn peer2peer jianemo wyf-z

gmssl's Issues

您好，关于国密ECDHE密钥交换/协商算法，有几处我觉得描述不太正确，还望指教

在GM/T 0024-2014中国密定义了2个完全替换国际标准的加密套件：
ECDHE_SM4_SM3
ECC_SM4_SM3

我再源码中未能找到对两者的实现，仅找到对应的注释。
1：源码的注释：
/*s

ECDHE_XXX is the same as ECDHE_ECDSA_XXX in TLS
ECC_XXX and RSA_XXX is similar with ECDH_ECDSA_XXX, ECDH_RSA_XXX,
except that the ServerKeyExchange format is not null.
*/

‘ ECDHE_XXX is the same as ECDHE_ECDSA_XXX in TLS’
的意思是说国密ECDHE_XX 是和标准ECDHE_ECDSA_xx 对于ECDHE流程是一样，但是在GM/T 0024-2014 中对国密ECDHE的描述却和标准的 ECDHE流程不一样：

在GM/T 0024-2014 对ECDHE描述：
/********************************************************************************************/
enum {ECDHE, ECC, IBSDH...}
struct {
select (KeyExchangeAlg) {
case ECDHE:
params
digitally-signed struct {
clnt_random
srv_random
params;
}
case ECC:
digitally-signed struct {
clnt_random
srv_random
cert;
}
}
}params;

服务器的密钥交换参数，当使用SM2算法时，交换的参数参见 GM/T 0009，其中服务器的公钥
不需要交换，客户端直接从服务器的加密证书中获取。
struct {
curve_params
point
}params;
如果使用SM2算法，第一个数不校验。
/********************************************************************************************/

从上面的描述来看，ECDHE_SM3_SM4算法所使用的ECDHE密钥协商流程和通用的ECDHE密钥协商流程是不一样的，
ECDHE_SM3_SM4它更像 ECDH算法，只是发送了server key exchange。
所以我认为 “ECDHE_XXX is the same as ECDHE_ECDSA_XXX in TLS”这句话不正确。

ECC_XXX算法我不是很了解。

忘指正。

国密的SM7算法目前有支持么？

WIN64(MINGW+MSYS) make Error

我在用 WIN64(MINGW+MSYS)操作系统编译时，make指令后，出现如下错误，谁知道是什么原因吗？谢谢。
make[2]: Leaving directory /c/GmSSL/crypto/objects' making all in crypto/md2... make[2]: Entering directory/c/GmSSL/crypto/md2'
gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREAD
S -D_MT -DDSO_WIN32 -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -m
arch=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM
_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD
160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o md2_dgst.o md2
_dgst.c
In file included from md2_dgst.c:62:0:
../../include/openssl/md2.h:64:4: error: #error MD2 is disabled.

error MD2 is disabled.

make[2]: *** [md2_dgst.o] Error 1
make[2]: Leaving directory /c/GmSSL/crypto/md2' make[1]: *** [subdirs] Error 1 make[1]: Leaving directory/c/GmSSL/crypto'
make: *** [build_crypto] Error 1

sm2 加解密问题

老师，你好
我用sm2做加解密测试的时候，
加密可以出来结果
解密的时候失败了，这是什么问题
API的调用正确吗，还是其他的什么问题

int test_sm2_enc()
{
    EC_KEY *key1;
    EC_GROUP    *group1;
    int nid,ret;

    key1 = EC_KEY_new();
    if(!key1)
        return 0;

    int nid = NID_sm2p256v1;
    group1 = EC_GROUP_new_by_curve_name(nid);
    if(group1 == NULL)
        return 0;

    ret = EC_KEY_set_group(key1,group1);
    if(ret != 1)
        return 0;

    ret = EC_KEY_generate_key(key1);

    //EC_KEY_print_fp(stdout,key1,0);
    /*---- ----*/

    printf("----加密测试----\n");
    char tmp_buf[48] = {0};
    memset(tmp_buf,'1',48);

    char out_buf[48+128] = {0};
    int buf_size = 48 +128;

    if(!SM2_encrypt_with_recommended(out_buf,&buf_size,
                (const unsigned char *)tmp_buf,sizeof(tmp_buf),key1)) {
        printf("SM2 Encryp ERROR !!!\n");
        return -1;
    }
    else
    {
        printf("SM2 Encrypt Result[%d] :\n",buf_size);
        //print_hex(out_buf,buf_size);
        printf("----测试成功----\n\n");
    }

    printf("----解密测试----\n");
    unsigned char msg[128] = {0};
    size_t msglen = 0;
    if(!SM2_decrypt_with_recommended(msg,&msglen,out_buf,buf_size,key1))
    {
        printf("解密失败！！！\n");
        return -1;
    }else {
        printf("SM2 Decrypt Result[%d] :\n",msglen);
        //print_hex(msg,msglen);
        printf("----测试成功----\n\n");
    }

    return 0;
}

另外想问一个国密SSL的问题
现在代码树中定义了SSL_kECC 密钥交换算法，我想问这是什么算法
从文档上看和SSL_kRSA算法应该是差不多(用非对称密钥加密预主密钥)，但是似乎openssl里面没有这种类似的算法
是不是要自己实现

我在报文中获取服务器发送的签名值，然后调用SM2_verify 验证不正确

@Jkinglyf @conezxy @guanzhi

1：我用360访问国密服务器。抓包，双方使用了ECC_SM4_SM3。（我有那台服务器的私钥，服务器签名证书和加密证书是同一个）
2：报文中获取client random, server random, sign_cert。
3：报文中获取server key exchange 的签名值。
4：使用GMSSL 中 SM2_compute_message_digest 函数对 (2) 计算hash值。
5：调用 SM2_verify 对(3) 进行验证签名。

5 验证签名时失败了。我也把ID改成了通用的 1234567812345678，依旧校验失败。不知道为什么。
是我 4 中缺少什么流程了吗？
由于2、3中的内容是直接从wireshark中拷贝出来的，不存在值被我弄错的情况。

/*client random + server random + sign cert */

unsigned char msg_tmp[]=
{
/client random/
0x76, 0x85, 0x03, 0x39, 0xfa, 0x85, 0x64, 0xf1, 0xd0, 0x00, 0x0f, 0xbe, 0x43, 0x61, 0xd6, 0x30, 0xaf, 0xcd, 0x69, 0xc1, 0x80, 0x04, 0xfc, 0xea, 0xe0, 0x2d, 0x36, 0x7d, 0xf3, 0x36, 0x0f, 0x71,
/server random/
0x57, 0x76, 0x0a, 0x46, 0x6d, 0xa5, 0x4f, 0x17, 0x13, 0xb3, 0xab, 0xd6, 0x6a, 0x81, 0x97, 0x1b, 0x77, 0x46, 0x8c, 0x85,0x84, 0xbd, 0x44, 0x8d, 0xa4, 0xd4, 0x48, 0xf8, 0x8b, 0xda, 0xe0, 0x05,
/sign cert/
0x30, 0x82, 0x02, 0xe9, 0x30, 0x82, 0x02, 0x8e, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00
, 0x96, 0xc0, 0x64, 0xd0, 0x86, 0x0c, 0xd4, 0xdb, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x81, 0x1c, 0xcf
, 0x55, 0x01, 0x83, 0x75, 0x30, 0x81, 0x82, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06
, 0x13, 0x02, 0x43, 0x4e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x68
, 0x64, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x62, 0x6a, 0x31, 0x0b
, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x64, 0x70, 0x31, 0x14, 0x30, 0x12, 0x06
, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x74, 0x65, 0x73, 0x74, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x64
, 0x70, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0d, 0x74, 0x65, 0x73, 0x74
, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x09, 0x2a
, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x0f, 0x74, 0x65, 0x73, 0x74, 0x64, 0x69
, 0x6e, 0x67, 0x40, 0x64, 0x70, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30
, 0x35, 0x31, 0x36, 0x30, 0x31, 0x34, 0x30, 0x34, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x35
, 0x31, 0x35, 0x30, 0x31, 0x34, 0x30, 0x34, 0x30, 0x5a, 0x30, 0x81, 0x82, 0x31, 0x0b, 0x30, 0x09
, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55
, 0x04, 0x08, 0x0c, 0x02, 0x68, 0x64, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c
, 0x02, 0x62, 0x6a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x64, 0x70
, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x74, 0x65, 0x73, 0x74, 0x64
, 0x69, 0x6e, 0x67, 0x5f, 0x64, 0x70, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c
, 0x0d, 0x74, 0x65, 0x73, 0x74, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x31, 0x1e
, 0x30, 0x1c, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x0f, 0x74
, 0x65, 0x73, 0x74, 0x64, 0x69, 0x6e, 0x67, 0x40, 0x64, 0x70, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x59
, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x81, 0x1c
, 0xcf, 0x55, 0x01, 0x82, 0x2d, 0x03, 0x42, 0x00, 0x04, 0x1b, 0xef, 0x7e, 0xef, 0x31, 0x61, 0xfa
, 0xd8, 0x1c, 0x77, 0x0c, 0x1d, 0x98, 0xfe, 0x87, 0x5f, 0x24, 0xb6, 0xf6, 0x9e, 0xbe, 0xc5, 0xfa
, 0x75, 0x5a, 0xe8, 0x0e, 0x0f, 0x8b, 0x86, 0x54, 0x28, 0x29, 0x38, 0xc9, 0xae, 0xbc, 0x6a, 0xac
, 0x0f, 0x5d, 0xda, 0x19, 0xb2, 0x8d, 0xc2, 0x13, 0x4b, 0x5f, 0xec, 0x83, 0xae, 0x17, 0x52, 0x6e
, 0x51, 0xd7, 0xd6, 0x74, 0x32, 0x15, 0x47, 0x3e, 0xc8, 0xa3, 0x81, 0xea, 0x30, 0x81, 0xe7, 0x30
, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x6c, 0xa7, 0x21, 0x73, 0x03, 0x91
, 0x95, 0x1e, 0x62, 0xb1, 0x7b, 0x1b, 0x86, 0x50, 0xe2, 0x41, 0x28, 0x9d, 0x91, 0xc9, 0x30, 0x81
, 0xb7, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xaf, 0x30, 0x81, 0xac, 0x80, 0x14, 0x6c, 0xa7
, 0x21, 0x73, 0x03, 0x91, 0x95, 0x1e, 0x62, 0xb1, 0x7b, 0x1b, 0x86, 0x50, 0xe2, 0x41, 0x28, 0x9d
, 0x91, 0xc9, 0xa1, 0x81, 0x88, 0xa4, 0x81, 0x85, 0x30, 0x81, 0x82, 0x31, 0x0b, 0x30, 0x09, 0x06
, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04
, 0x08, 0x0c, 0x02, 0x68, 0x64, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02
, 0x62, 0x6a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x64, 0x70, 0x31
, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x74, 0x65, 0x73, 0x74, 0x64, 0x69
, 0x6e, 0x67, 0x5f, 0x64, 0x70, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0d
, 0x74, 0x65, 0x73, 0x74, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x31, 0x1e, 0x30
, 0x1c, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x0f, 0x74, 0x65
, 0x73, 0x74, 0x64, 0x69, 0x6e, 0x67, 0x40, 0x64, 0x70, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x09, 0x00
, 0x96, 0xc0, 0x64, 0xd0, 0x86, 0x0c, 0xd4, 0xdb, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04
, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x81, 0x1c, 0xcf, 0x55, 0x01
, 0x83, 0x75, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xed, 0x00, 0xc4, 0x43, 0xfc, 0x39
, 0x12, 0x13, 0xf3, 0x5c, 0x09, 0x8e, 0xe5, 0xfb, 0xcd, 0x97, 0x7f, 0x87, 0xa1, 0x76, 0xf4, 0x1d
, 0x9d, 0x96, 0xa5, 0x2c, 0x4f, 0x8f, 0x20, 0x19, 0xca, 0x2c, 0x02, 0x21, 0x00, 0x91, 0x5e, 0x44
, 0x60, 0xfd, 0x59, 0x1e, 0x5d, 0xd8, 0x92, 0x91, 0x16, 0x1c, 0xe7, 0x43, 0xed, 0x60, 0xa6, 0x6c
, 0x3e, 0x1f, 0xa6, 0x3b, 0x0f, 0x5e, 0x7a, 0x60, 0x53, 0x76, 0x7d, 0x0f, 0x50
};

/服务器发送的server key exchange/
unsigned char sig_real[]=
{
0x30,0x45,0x02,0x20,0x51,0x57,0x16,0xc4,0x1c,0xd7,
0xe5,0x34,0x18,0xfc,0x71,0xde,0xb9,0xd6,0xe5,0x02,0x44,0x0a,0x09,0x7f,0x04,0xf2,
0x18,0xa8,0x66,0xb2,0x3d,0x80,0x94,0x9b,0xaf,0x15,0x02,0x21,0x00,0x8c,0x04,0xed,
0xc2,0x8e,0x27,0xb1,0x52,0x67,0x32,0xd8,0x27,0x26,0xf2,0x1d,0xb3,0x36,0x0f,0x38,
0x23,0x6f,0x01,0xab,0x07,0x4d,0x06,0x2c,0xf0,0x9d,0xcb,0x79,0x97

};

unsigned char dig_out[64];
int dig_out_len;
unsigned char sig_out[100];
int sig_out_len;

int main(int argc, char **argv)
{
BIO *in;
int j;
EC_KEY *ec_key;
int ret = -1;
ERR_load_crypto_strings();

/*加载私钥文件,私钥文件见后文*/
in = BIO_new(BIO_s_file());
if (BIO_read_filename(in, "/studio/test_ding_gm.key") <= 0) 
{
    printf("load pri key err\n");
    return 0;
}

/*私钥文件中包含公钥，故ec_key 中存在公钥*/
ec_key = PEM_read_bio_ECPrivateKey(in, NULL, NULL, NULL);
if (ec_key == NULL)
{
    printf("load ECPrivateKey err\n");
    return 0;
}

/*对msg_tmp 进行digest，理论上ec_key应该是签名证书的公钥，但是私钥中也包含了签名证书的公钥，故可以直接使用*/
ret = SM2_compute_message_digest(EVP_sm3() , EVP_sm3(), msg_tmp, sizeof(msg_tmp), dig_out, &dig_out_len, ec_key);
printf("compute_message_digest dig_out_len:%d,ret:%d\n",dig_out_len, ret);

/*验证签名结果*/
ret = SM2_verify(EVP_PKEY_EC, dig_out, dig_out_len, sig_real, sizeof(sig_real), ec_key);
printf("sm2 verify:%d\n",ret);
BIO_free(in);

return ret;

}

/* 私钥*/
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIFrEsU1dz/sHEbQoFFCFAoEfyHTFAlNYjinPLjmcMsF3oAoGCCqBHM9V
AYItoUQDQgAEG+9+7zFh+tgcdwwdmP6HXyS29p6+xfp1WugOD4uGVCgpOMmuvGqs
D13aGbKNwhNLX+yDrhdSblHX1nQyFUc+yA==
-----END EC PRIVATE KEY-----

/签名证书、加密证书/
-----BEGIN CERTIFICATE-----
MIIC6TCCAo6gAwIBAgIJAJbAZNCGDNTbMAoGCCqBHM9VAYN1MIGCMQswCQYDVQQG
EwJDTjELMAkGA1UECAwCaGQxCzAJBgNVBAcMAmJqMQswCQYDVQQKDAJkcDEUMBIG
A1UECwwLdGVzdGRpbmdfZHAxFjAUBgNVBAMMDXRlc3RkaW5nX3Jvb3QxHjAcBgkq
hkiG9w0BCQEWD3Rlc3RkaW5nQGRwLmNvbTAeFw0xNjA1MTYwMTQwNDBaFw0yMTA1
MTUwMTQwNDBaMIGCMQswCQYDVQQGEwJDTjELMAkGA1UECAwCaGQxCzAJBgNVBAcM
AmJqMQswCQYDVQQKDAJkcDEUMBIGA1UECwwLdGVzdGRpbmdfZHAxFjAUBgNVBAMM
DXRlc3RkaW5nX3Jvb3QxHjAcBgkqhkiG9w0BCQEWD3Rlc3RkaW5nQGRwLmNvbTBZ
MBMGByqGSM49AgEGCCqBHM9VAYItA0IABBvvfu8xYfrYHHcMHZj+h18ktvaevsX6
dVroDg+LhlQoKTjJrrxqrA9d2hmyjcITS1/sg64XUm5R19Z0MhVHPsijgeowgecw
HQYDVR0OBBYEFGynIXMDkZUeYrF7G4ZQ4kEonZHJMIG3BgNVHSMEga8wgayAFGyn
IXMDkZUeYrF7G4ZQ4kEonZHJoYGIpIGFMIGCMQswCQYDVQQGEwJDTjELMAkGA1UE
CAwCaGQxCzAJBgNVBAcMAmJqMQswCQYDVQQKDAJkcDEUMBIGA1UECwwLdGVzdGRp
bmdfZHAxFjAUBgNVBAMMDXRlc3RkaW5nX3Jvb3QxHjAcBgkqhkiG9w0BCQEWD3Rl
c3RkaW5nQGRwLmNvbYIJAJbAZNCGDNTbMAwGA1UdEwQFMAMBAf8wCgYIKoEcz1UB
g3UDSQAwRgIhAO0AxEP8ORIT81wJjuX7zZd/h6F29B2dlqUsT48gGcosAiEAkV5E
YP1ZHl3YkpEWHOdD7WCmbD4fpjsPXnpgU3Z9D1A=
-----END CERTIFICATE-----

#error MD2 is disabled

HA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o md2_dgst.o md2_dgst.c
In file included from md2_dgst.c:62:
../../include/openssl/md2.h:64:4: error: #error MD2 is disabled.
make[2]: *** [md2_dgst.o] Error 1
make[2]: Leaving directory /studio/gmssl/GmSSL/crypto/md2' make[1]: *** [subdirs] Error 1 make[1]: Leaving directory/studio/gmssl/GmSSL/crypto'
make: *** [build_crypto] Error 1
需要./config 时怎么不去编译md2 ?

请给出开发规划

关老师，您好。

首先OPENSSL扩展国密支持算法在国内安全产业具有非常重要的意义，感谢您及您的团队所做的工作。近期看到该项目获奖信息，在这里表示祝贺。

同时我们看到国密SSL距离扩展OPENSSL算法的目标，距离实用性还有一定的差距。例如无法生成证书、使用证书。

关老师曾提到为支持SM系列算法，更改了EC算法,估计是导致GMSSL 无法兼容的主要原因。

希望能够给出开发规划、设计文档（开发者共享），便于所有关注者对GMSSL有更好的了解，同时也便于开源开发者参与进来，共同完成GMSSL的开发工作。

gmssl在windows10的winrar解压后，在linux下make报错。直接在linux下用unzip解压，可以成功编译

复现步骤：1、下载gmssl zip压缩包；2、把压缩包通过samba拷贝到redhat 6.5；3、采用winrar解压。
4、ssh进入linux，./config ，然后make，报错，错误如下：
gcc -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -c -o e_skf.o e_skf.c
In file included from e_skf.c:61:
../include/openssl/ssf33.h:1: error: expected identifier or ‘(’ before ‘.’ token
In file included from e_skf.c:65:
../include/openssl/sms4.h:71: warning: data definition has no type or storage class
../include/openssl/sms4.h:71: warning: type defaults to ‘int’ in declaration of ‘sms4_key_t’
../include/openssl/sms4.h:73: error: expected ‘)’ before ‘’ token
../include/openssl/sms4.h:74: error: expected ‘)’ before ‘’ token
../include/openssl/sms4.h:75: warning: type defaults to ‘int’ in declaration of ‘sms4_key_t’
../include/openssl/sms4.h:75: error: expected ‘;’, ‘,’ or ‘)’ before ‘’ token
../include/openssl/sms4.h:79: warning: type defaults to ‘int’ in declaration of ‘sms4_key_t’
../include/openssl/sms4.h:79: error: expected ‘;’, ‘,’ or ‘)’ before ‘’ token
../include/openssl/sms4.h:81: warning: type defaults to ‘int’ in declaration of ‘sms4_key_t’
../include/openssl/sms4.h:81: error: expected ‘;’, ‘,’ or ‘)’ before ‘’ token
../include/openssl/sms4.h:83: warning: type defaults to ‘int’ in declaration of ‘sms4_key_t’
../include/openssl/sms4.h:83: error: expected ‘;’, ‘,’ or ‘)’ before ‘’ token
../include/openssl/sms4.h:85: warning: type defaults to ‘int’ in declaration of ‘sms4_key_t’
../include/openssl/sms4.h:85: error: expected ‘;’, ‘,’ or ‘)’ before ‘’ token
../include/openssl/sms4.h:87: warning: type defaults to ‘int’ in declaration of ‘sms4_key_t’
../include/openssl/sms4.h:87: error: expected ‘;’, ‘,’ or ‘)’ before ‘’ token
../include/openssl/sms4.h:90: error: expected ‘)’ before ‘’ token
../include/openssl/sms4.h:92: error: expected ‘)’ before ‘’ token
../include/openssl/sms4.h:100: error: expected specifier-qualifier-list before ‘sms4_key_t’
e_skf.c: In function ‘skf_init_key’:
e_skf.c:383: warning: implicit declaration of function ‘SKF_nid_to_encparam’
e_skf.c: In function ‘engine_skf’:
e_skf.c:747: warning: implicit declaration of function ‘bind_helper’
make[1]: *** [e_skf.o] Error 1
make[1]: Leaving directory `/usr/local/SINO/GmSSL-master-20160628/GmSSL-master/engines'
make: *** [build_engines] Error 1

解决办法：压缩包直接用 linux的 unzip命令解压，则编译通过。具体原因未知，怀疑跟解压后文件的格式或者操作系统的换行符或编码有关

GmSSL建立ssl/tls客户端和服务端

你好我想用gmssl建个客户端和服务端，用ssl，sm1,2,3,4的算法进行通信，是不是可以用/demos/ssl里的例子把SSLv2_client_method改成GMSSLv1_client_method，把SSLv23_server_method改成GMSSLv1_server_method，还是统一用GMSSLv1_method？

+#ifndef OPENSSL_NO_GMSSL
+const SSL_METHOD *GMSSLv1_method(void);
+const SSL_METHOD *GMSSLv1_server_method(void);
+const SSL_METHOD *GMSSLv1_client_method(void);

t1_enc.obj : error LNK2019: 无法解析的外部符号 _EVP_DigestSignUpdate

t1_enc.obj : error LNK2019: 无法解析的外部符号 _EVP_DigestSignUpdate，该符号在函数 _tls1_P_hash 中被引用
out32dll\ssleay32.dll : fatal error LNK1120: 1 个无法解析的外部命令

有人遇到过这个问题吗？
我是在Win7 x64 系统下使用VS2008 32位命令行工具编译的
编译命令如下：

perl Configure VC-WIN32 no-asm
ms\do_ms
nmake -f ms\ntdll.mak

代码是用SVN check out出来的。求解。

命令行指令问题

生成sm2密钥指令：
gmssl genkey -algorithm EC -out sm2key.pem \ -pkeyopt ec_paramgen_curve:sm2p256v1 \ -pkeyopt ec_param_enc:named_curve

此处 genkey 是否应为 genpkey?

编译出的库支持Python调用吗？

老师，您好

请问GmSSL编译出的库支持python语言调用吗？

谢谢

SM9有需求吗

国密SM9的标准已经公布了，GmSSL的用户对SM9算法有需求吗？具体的需求场景是什么？请回复此issue，或给我发邮件 [email protected]

正常编译正常安装没有问题，然而demo/gmssl下面initca和gencert均发生段错误

正常编译正常安装没有问题，然而demo/gmssl下面initca和gencert均发生段错误
具体是在 gmssl req -new -days 365 -key cakey.pem -out ca.pem ；新建证书请求时发生段错误。
gdb显示收到SIG_TERM信号，在 int_update() 处发生段错误

关于gmssl的使用疑问

研究信息安全技术，知道国家商用密码标准SM2/SM3/SM4等，既然是标准，理应有参考实现，重复发明轮子似乎没什么必要，而且标准公布也有4年了，一定有热心人士公开国密算法的代码。想到如今最大的代码共享平台github，因此到了这里，此缘起。

相见恨晚，这样的开放心态非常好，很大气，参考实现开源openssl，大家可以直接使用，甚至帮助完善代码，于各方都是有益的，东西融合，大好事。在使用上，一些疑问：
1）看gmssl的代码结构，应该是fork openssl的代码，增加了gmssl部分的处理，即为openssl的分支，使用上是否只需要可以与openssl共存，一般openssl是基础库，操作系统都自带了, 再安装gmssl则不影响原有openssl库的使用？
2）gmssl若基于openssl, 那么是否openssl库的原有功能在gmssl中也都有，这一部分二进制内容是否有重复了？不过，对于PC机而言，这部分的空间消耗不大，但对于一些嵌入式平台，重复的内容空间消耗就要考虑了。
3)能否介绍一下，那些商业机构在用此处公开的gmssl代码？毕竟，有成功案例，可极大的提升用户的信心。

期盼答复，谢谢

编译sm3test出错，求指教

没有像openssl，采用-lcrypto的参数，采用如下参数进行编译，提示错误：

chen@debian-chen:~/work/GmSSL/GmSSL/crypto/sm3$ gcc sm3.c sm3test.c -o sm3test
/tmp/ccwkkwmq.o：在函数‘main’中：
sm3test.c:(.text+0x34)：对‘EVP_sm3’未定义的引用
sm3test.c:(.text+0x61)：对‘EVP_Digest’未定义的引用
collect2: error: ld returned 1 exit status
谢谢！

GmSSL 是基于什么版本的 OpenSSL 进行扩展的？

请问 GmSSL 是基于什么版本的 OpenSSL 进行扩展的？未来是否有计划合并更新的 OpenSSL 至 GmSSL?

Ubuntu 16.04 编译 jni 目录报错

首先编译了GmSSL
然后安装
然后进入jni目录 make
以下是编译信息：
star@star-aigo:~/下载/guanzhi-GmSSL-f881784/jni$ make
javac GmSSL.java
javah -jni GmSSL
gcc -shared -fPIC -Wall -I./jni/ GmSSL.c ../libcrypto.a -o libgmssl.jnilib
/usr/bin/ld: ../libcrypto.a(err.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC
../libcrypto.a: 无法添加符号: 错误的值
collect2: error: ld returned 1 exit status
Makefile:7: recipe for target 'libgmssl.jnilib' failed
make: *** [libgmssl.jnilib] Error 1

另外请问一下，通过jni调用GmSSL是否可以做到生成密钥对生成CSR 以及对密钥对进行操作。

谢谢。

sm2签名的参数ID是什么？

老师你好，问一下，SSL握手流程中，使用非 IBC 时，服务器sign操作需要字符串ID，请问ID应该填什么？TLS中没有ID相关的参照。不可能随便填吧？用户为客户端verify时也需要ID，如果服务器随便填，则verify肯定失败啊。

运行 sm2test 会导致 "Segmentation fault"，烦请知悉，辛苦！

问题 1：
编译后，运行 sm2test 文件会导致 "Segmentation fault"。
通过调试定位于 test_evp_seal 函数。

解决：
在 test_evp_seal函数中，

    1) 将 unsigned char ek[NUM_PKEYS][MAX_PKEY_SIZE] 修改为 unsigned char *ek[NUM_PKEYS]

    2) 分配 内存
         for (i = 0; i < NUM_PKEYS; i++) {
             pkey[i] = genpkey(curve_id, out, verbose);
             ekl[i] = MAX_PKEY_SIZE;
             ek[i] = malloc(ekl[i]);
        }

    3) 释放内存
        for (i = 0; i < NUM_PKEYS; i++) {
              EVP_PKEY_free(pkey[i]);
              free(ek[i]);
       }

问题 2：

   运行 sm2test 会出现  "digital envelope routines:EVP_OpenInit:public key not rsa“ 的错误。

解决：

 修改 crypto/evp/p_open.c；

  1)  支持 EVP_PKEY_EC （85行处）；
       // if (priv->type != EVP_PKEY_RSA) {
       if ((EVP_PKEY_id(priv) != EVP_PKEY_RSA) && (EVP_PKEY_id(priv) != EVP_PKEY_EC))  

  2) 修改 size 取值方法（91行处）；
       //size = RSA_size(priv->pkey.rsa);
       size = EVP_PKEY_size(priv);

辛苦原作者！

对sm2 enc 和dec的疑问

首先第一点
1：test_sm2_enc 测试函数中，未对 size_t msglen 赋初始值，而 SM2_decrypt_with_recommended 函数会对改值进行判断操作 'else if (*outlen < (size_t)len)' 。
2：使用 SM2_decrypt_with_recommended前，是否需要将 msglen 赋为明文 msg长度？

若 2 是，SM2_decrypt_with_recommended 函数中是否真的需要判断明文长度和密文长度的合法性？
根据sm2公钥加密算法，msg明文长度确实和密文长度有对应关系，也的确能够从想要得到的msg长度来判断密文是否合法，但是个人觉得，SM2_decrypt_with_recommended 仅需要执行decode 和 decrypt 即可。至于decrypt 之后实际得到的明文长度是否是对的，应该由外层调用 SM2_decrypt_with_recommended 者进行判断，SM2_decrypt_with_recommended 只负责私钥解密。

Failed to compile

I have checked out into Centos 6.4 x64bit and Ubuntu 14.04 x64bit, nor of them work. They failed at difference part. So, could you tell me which platform ( gcc version ) is suitable for this project? Thanks.

SM4 CTR mode

根据标准不支持ctr mode 么我怎么觉得也应该支持

gmssl.org这几天打不开？

我用360国密浏览器访问国密服务器，双方使用ECC_SM4_SM3算法，但是server-key-exchange包360始终验证失败

国密服务器发送时是把server hello, server certificate, server key exchange 三个记录放在一个包里发送的，我仔细看了server hello, server certificate的内容，都没有问题，我觉得问题只能出在server key exchange的签名上了，我按照以下方式进行签名都试过了360还是会返回错误。

M = client random(32) + server random(32) + 加密证书长度（3） + 加密证书的内容（变长）,只对M内容进行签名
Z = sm3(entl || id || a || b || Xg ||Yg || Xa || Ya), 对Z||M进行SM2签名，
以上两种方式签名360验证都失败，我服务器端的加密证书签名证书用的是一个。
有哪位朋友遇到与我相似的问题，还请讨论赐教下，万分感谢！

请问在 Android NDK 下 build 的问题

请问下 GmSSL 是否有在 Android NDK 下交叉编译 arm/arm64 库的成功范例？
谢谢。

有关SM2withSM3签名时的UID取值

在 https://github.com/guanzhi/GmSSL 项目中，提到了

“SM2数字签名方案中被签名的杂凑值不仅仅是消息的杂凑值，而是签名者身份信息串联上消息的杂凑值，其中签名者身份信息是签名者的可辨别标识字串、椭圆曲线方程系数、生成元和签名者公钥串联后字串的杂凑值。SM2标准中并未说明签名者的可辨别标识字串格式及获得方式，应用可以采用X.509证书中的Subject字段、CN (CommonName)或自行规定。”

但实际上在 GM/T 0009-2012《SM2密码算法使用规范》中第10小节“用户身份标识 ID 的默认值”对此有附加描述：

无特殊约定的情况下,用户身份标识 ID 的长度为 16 字节,其默认值从左至右依次为: 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38。

在标准的实际执行中，现有国密根CA颁发的证书中，CA的签名均采用此默认值。各接入国密根的二级CA也采用此值。

在国密的SSL标准 GM/T 0024-2014 《SSLVPN技术规范》中未对此取值做定义，因此目前国密局的SSLVPN检测平台采用了此值，因此所有通过平台测试的厂商也都采用了这个值。

关于使用编译后的动态库，openssl相关通信异常

关于使用编译后的动态库（下载后使用make clean,./config,make。未使用自定义编译参数），启动openssl服务，使用网页链接后出现：
在高级设置中启用 TLS 1.0、TLS 1.1 和 TLS 1.2，然后尝试再次连接到 https://192.177.65.75 。如果此错误依然存在，请与站点管理员联系。

请问关老师，目前版本是否支持openssl通信（目前使用库后，原rsa套件使用场景也异常）。
若通信是否有需要别的设置或者操作。

ps：
Linux下编译时出现ecp_nistz256.o未定义错误
需要将crypto\ec下makefile增加 .s的删除
clean:
rm -f *.s *.o */.o .obj lib tags core .pure .nfs *.old *.bak fluff

gmssl和openssl混用的问题

我的redhat linux安装时系统已经预置了openssl-0.9.8，为了不妨碍原有openssl使用，我把gmssl编译安装到了普通用户里，应用链接普通用户里的gmssl（ln -s ~/lib/openssl-1.0.1-gmssl.so ~/lib/libcrypto.so），使用没问题，但是系统自带的ssh、sftp一直报错：“OpenSSL version mismatch , Built against 90802f , you have 10201000”，因为ssh、sftp发现链接的gmssl和系统预置的openssl版本不对，请问怎么解决？我的应用链接了第三方共享库，这个库ldd出来链接了libcrypto。

是否在SSL通讯过程中支持了SM2/SM3/SM4算法

你好！

首先，你这个项目非常了不起，意义重大。

我想问下现在是否支持sm2的证书使用OpenSSL的SSL通讯。比如使用s_server和s_client。

我们也正在研究OpenSSL支持国密，希望可以一起交流。

SKF使用问题

作者您好，
我在GitHub上下载master版本的gmssl，安装在centos7上，需要用到SKF，但是我在用ENGINE加载的时候发现ENGINE_load_skf接口不可见，看了源码后发现是有宏OPENSSL_NO_DYNAMIC_ENGINE控制，重新编译后问题来了。
问题：编译正常通过，但是编译test程序报SKF_nid_to_encparam、bind_helper接口未定义，我查找源码发现这个接口确实是没有定义，求大神给予解答，指点SKF的使用方法。

编译已通过，但没有发现sm2 与 sm4的命令

您好，编译通过了。但是并没有发现sm2 与 sm4的命令，请问有稍微详细的使用说明吗？十分感谢！

GmSSL> ?
openssl:Error: '?' is an invalid command.

Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dh
dhparam dsa dsaparam ec
ecparam enc engine errstr
gendh gendsa genpkey genrsa
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand req
rsa rsautl s_client s_server
s_time sess_id smime speed
spkac srp ts verify
version x509

Message Digest commands (see the `dgst' command for more details)
md4 md5 mdc2 rmd160
sha sha1 sm3

Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb base64 bf
bf-cbc bf-cfb bf-ecb bf-ofb
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
camellia-256-cbc camellia-256-ecb cast cast-cbc
cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des des-cbc des-cfb des-ecb
des-ede des-ede-cbc des-ede-cfb des-ede-ofb
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx idea
idea-cbc idea-cfb idea-ecb idea-ofb
rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
rc2-cfb rc2-ecb rc2-ofb rc4
rc4-40 seed seed-cbc seed-cfb
seed-ecb seed-ofb sms4 sms4-cbc
sms4-cfb sms4-ecb sms4-ofb zuc

linux环境下，编译异常

编译出现以下错误：
OOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -c -o ecp_nistz256-x86_64.o ecp_nistz256-x86_64.s
ecp_nistz256-x86_64.s: Assembler messages:
ecp_nistz256-x86_64.s:823: Error: no such instruction: mulxq %r9,%r8,%r9' ecp_nistz256-x86_64.s:824: Error: no such instruction:mulxq %r10,%rcx,%r10'
ecp_nistz256-x86_64.s:827: Error: no such instruction: mulxq %r11,%rbp,%r11' ecp_nistz256-x86_64.s:830: Error: no such instruction:mulxq %r12,%rcx,%r12'
ecp_nistz256-x86_64.s:833: Error: no such instruction: shlxq %r14,%r8,%rbp' ecp_nistz256-x86_64.s:835: Error: no such instruction:shrxq %r14,%r8,%rcx'
ecp_nistz256-x86_64.s:843: Error: no such instruction: mulxq %r15,%rcx,%rbp' ecp_nistz256-x86_64.s:852: Error: no such instruction:mulxq 0+128(%rsi),%rcx,%rbp'
ecp_nistz256-x86_64.s:853: Error: no such instruction: `adcxq %rcx,%r9'

ecp_nistz256-x86_64.s:854: Error: no such instruction: `adoxq %rbp,%r10'

ecp_nistz256-x86_64.s:1451: Error: suffix or operands invalid for vpand' ecp_nistz256-x86_64.s:1453: Error: suffix or operands invalid forvpxor'
ecp_nistz256-x86_64.s:1454: Error: suffix or operands invalid for vpxor' make[2]: *** [ecp_nistz256-x86_64.o] Error 1 make[2]: Leaving directory/IDE/share/GmSSL-master/crypto/ec'
make[1]: *** [subdirs] Error 1
make[1]: Leaving directory `/IDE/share/GmSSL-master/crypto'
make: *** [build_crypto] Error 1

环境：[root@ide_81 GmSSL-master]# cat /proc/version
Linux version 2.6.32-358.el6.x86_64 (root@CGSLv4-64) (gcc version 4.4.6 20110731 (Red Hat 4.4.6-3) (GCC) ) #1 SMP Wed Nov 6 23:48:01 EST 2013
[root@ide_81 GmSSL-master]#

网上下的openssl编译正常。然而编译GMSSL 通过不了。
不知道问题出现在哪里？请问你用的是什么环境？谢谢

一处内存泄露，忘知悉，辛苦！

问题：
SM2_do_encrypt函数中，未释放point内存。
由于加解密密集用到，所以此处比较严重！

解决：
增加：
if (point) EC_POINT_free(point);

辛苦原作者了！

jni例子中sms4加密解密函数的问题

自带的jni例子在调用对称加密解密函数时，返回值填充过多的0

https://github.com/guanzhi/GmSSL/blob/master/jni/GmSSL.c#L176

是否应该在
if (!(ret = (*env)->NewByteArray(env, outlen))) { PRINT_ERROR(); goto end; }
之前？

windows下编译GmSSL执行do_ms卡住

你好！

我试着编译GmSSL在windows下：
OS：win10 64位
编译成32位的动态库。
目前情况：
D:\src\GmSSL\guanzhi-GmSSL-cc31670>ms\do_ms

D:\src\GmSSL\guanzhi-GmSSL-cc31670>perl util\mkfiles.pl 1>MINFO

D:\src\GmSSL\guanzhi-GmSSL-cc31670>perl util\mk1mf.pl no-asm VC-WIN32 1>ms\nt.m
ak

D:\src\GmSSL\guanzhi-GmSSL-cc31670>perl util\mk1mf.pl dll no-asm VC-WIN32 1>ms
ntdll.mak

D:\src\GmSSL\guanzhi-GmSSL-cc31670>if x == x goto skipce

D:\src\GmSSL\guanzhi-GmSSL-cc31670>perl -d util\mkdef.pl 32 libeay 1>ms\libeay3
2.def

然后就卡住了。

请问是什么问题？

请问SM2证书目前具体是哪里不完善

这个项目很棒，正在学习。不过有个疑问作者说SM2证书和规范的证书还有差距，这个具体是指？
望指教。谢谢

在windows下面无法编译通过。

win10+vs2015。使用openssl的编译方法：
perl Configure VC-WIN32
ms\do_nasm
nmake -f ms\ntdll.mak

以上几个命令行编译openssl标准库一次通过，编译gmssl时的输出如下：
D:\opensource\GmSSL>perl Configure VC-WIN32
Configuring for VC-WIN32
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
no-gmp [default] OPENSSL_NO_GMP (skip dir)
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5
no-libunbound [experimental] OPENSSL_NO_LIBUNBOUND (skip dir)
no-md2 [default] OPENSSL_NO_MD2 (skip dir)
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)
no-sctp [default] OPENSSL_NO_SCTP (skip dir)
no-shared [default]
no-ssl-trace [default] OPENSSL_NO_SSL_TRACE (skip dir)
no-store [experimental] OPENSSL_NO_STORE (skip dir)
no-unit-test [default] OPENSSL_NO_UNIT_TEST (skip dir)
no-zlib [default]
no-zlib-dynamic [default]
IsMK1MF=1
CC =cl
CFLAG =-DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
EX_LIBS =
CPUID_OBJ =x86cpuid.o
BN_ASM =bn-586.o co-586.o x86-mont.o x86-gf2m.o
EC_ASM =
DES_ENC =des-586.o crypt586.o
AES_ENC =aes-586.o vpaes-x86.o aesni-x86.o
BF_ENC =bf-586.o
CAST_ENC =cast-586.o
RC4_ENC =rc4-586.o
RC5_ENC =rc5-586.o
MD5_OBJ_ASM =md5-586.o
SHA1_OBJ_ASM =sha1-586.o sha256-586.o sha512-586.o
RMD160_OBJ_ASM=rmd-586.o
CMLL_ENC =cmll-x86.o
MODES_OBJ =ghash-x86.o
ENGINES_OBJ =
PROCESSOR =
RANLIB =true
ARFLAGS =
PERL =perl
THIRTY_TWO_BIT mode
BN_LLONG mode
RC4_INDEX mode
RC4_CHUNK is undefined

Configured for VC-WIN32.

D:\opensource\GmSSL>ms\do_nasm

D:\opensource\GmSSL>perl util\mkfiles.pl 1>MINFO

D:\opensource\GmSSL>perl util\mk1mf.pl nasm VC-WIN32 1>ms\nt.mak

D:\opensource\GmSSL>perl util\mk1mf.pl dll nasm VC-WIN32 1>ms\ntdll.mak

D:\opensource\GmSSL>perl util\mk1mf.pl nasm BC-NT 1>ms\bcb.mak

D:\opensource\GmSSL>perl util\mkdef.pl 32 libeay 1>ms\libeay32.def

D:\opensource\GmSSL>perl util\mkdef.pl 32 ssleay 1>ms\ssleay32.def

D:\opensource\GmSSL>nmake -f ms\ntdll.mak

Building OpenSSL
perl util/mkdir-p.pl "tmp32dll"
created directory tmp32dll' perl util/mkdir-p.pl "out32dll" created directoryout32dll'
perl util/mkdir-p.pl "inc32"
created directory inc32' perl util/mkdir-p.pl "inc32\openssl" created directoryinc32/openssl'
perl .\util\copy-if-different.pl "..\e_os.h" "tmp32dll\e_os.h"
Copying: ././e_os.h to tmp32dll/e_os.h
perl .\util\copy-if-different.pl ".\crypto\cryptlib.h" "tmp32dll\cryptlib.h"
Copying: ./crypto/cryptlib.h to tmp32dll/cryptlib.h
perl .\util\copy-if-different.pl ".\crypto\buildinf.h" "tmp32dll\buildinf.h"
Copying: ./crypto/buildinf.h to tmp32dll/buildinf.h
perl .\util\copy-if-different.pl ".\crypto\md32_common.h" "tmp32dll\md32_common.h"
Copying: ./crypto/md32_common.h to tmp32dll/md32_common.h
perl .\util\copy-if-different.pl ".\crypto\o_time.h" "tmp32dll\o_time.h"
Copying: ./crypto/o_time.h to tmp32dll/o_time.h
perl .\util\copy-if-different.pl ".\crypto\o_str.h" "tmp32dll\o_str.h"
Copying: ./crypto/o_str.h to tmp32dll/o_str.h
perl .\util\copy-if-different.pl ".\crypto\o_dir.h" "tmp32dll\o_dir.h"
Copying: ./crypto/o_dir.h to tmp32dll/o_dir.h
perl .\util\copy-if-different.pl ".\crypto\constant_time_locl.h" "tmp32dll\constant_time_locl.h"
Copying: ./crypto/constant_time_locl.h to tmp32dll/constant_time_locl.h
perl .\util\copy-if-different.pl ".\crypto\md4\md4_locl.h" "tmp32dll\md4_locl.h"
Copying: ./crypto/md4/md4_locl.h to tmp32dll/md4_locl.h
perl .\util\copy-if-different.pl ".\crypto\md5\md5_locl.h" "tmp32dll\md5_locl.h"
Copying: ./crypto/md5/md5_locl.h to tmp32dll/md5_locl.h
perl .\util\copy-if-different.pl ".\crypto\sha\sha_locl.h" "tmp32dll\sha_locl.h"
Copying: ./crypto/sha/sha_locl.h to tmp32dll/sha_locl.h
perl .\util\copy-if-different.pl ".\crypto\ripemd\rmd_locl.h" "tmp32dll\rmd_locl.h"
Copying: ./crypto/ripemd/rmd_locl.h to tmp32dll/rmd_locl.h
perl .\util\copy-if-different.pl ".\crypto\ripemd\rmdconst.h" "tmp32dll\rmdconst.h"
Copying: ./crypto/ripemd/rmdconst.h to tmp32dll/rmdconst.h
perl .\util\copy-if-different.pl ".\crypto\des\des_locl.h" "tmp32dll\des_locl.h"
Copying: ./crypto/des/des_locl.h to tmp32dll/des_locl.h
perl .\util\copy-if-different.pl ".\crypto\des\rpc_des.h" "tmp32dll\rpc_des.h"
Copying: ./crypto/des/rpc_des.h to tmp32dll/rpc_des.h
perl .\util\copy-if-different.pl ".\crypto\des\spr.h" "tmp32dll\spr.h"
Copying: ./crypto/des/spr.h to tmp32dll/spr.h
perl .\util\copy-if-different.pl ".\crypto\des\des_ver.h" "tmp32dll\des_ver.h"
Copying: ./crypto/des/des_ver.h to tmp32dll/des_ver.h
perl .\util\copy-if-different.pl ".\crypto\rc2\rc2_locl.h" "tmp32dll\rc2_locl.h"
Copying: ./crypto/rc2/rc2_locl.h to tmp32dll/rc2_locl.h
perl .\util\copy-if-different.pl ".\crypto\rc4\rc4_locl.h" "tmp32dll\rc4_locl.h"
Copying: ./crypto/rc4/rc4_locl.h to tmp32dll/rc4_locl.h
perl .\util\copy-if-different.pl ".\crypto\idea\idea_lcl.h" "tmp32dll\idea_lcl.h"
Copying: ./crypto/idea/idea_lcl.h to tmp32dll/idea_lcl.h
perl .\util\copy-if-different.pl ".\crypto\bf\bf_pi.h" "tmp32dll\bf_pi.h"
Copying: ./crypto/bf/bf_pi.h to tmp32dll/bf_pi.h
perl .\util\copy-if-different.pl ".\crypto\bf\bf_locl.h" "tmp32dll\bf_locl.h"
Copying: ./crypto/bf/bf_locl.h to tmp32dll/bf_locl.h
perl .\util\copy-if-different.pl ".\crypto\cast\cast_s.h" "tmp32dll\cast_s.h"
Copying: ./crypto/cast/cast_s.h to tmp32dll/cast_s.h
perl .\util\copy-if-different.pl ".\crypto\cast\cast_lcl.h" "tmp32dll\cast_lcl.h"
Copying: ./crypto/cast/cast_lcl.h to tmp32dll/cast_lcl.h
perl .\util\copy-if-different.pl ".\crypto\aes\aes_locl.h" "tmp32dll\aes_locl.h"
Copying: ./crypto/aes/aes_locl.h to tmp32dll/aes_locl.h
perl .\util\copy-if-different.pl ".\crypto\camellia\cmll_locl.h" "tmp32dll\cmll_locl.h"
Copying: ./crypto/camellia/cmll_locl.h to tmp32dll/cmll_locl.h
perl .\util\copy-if-different.pl ".\crypto\seed\seed_locl.h" "tmp32dll\seed_locl.h"
Copying: ./crypto/seed/seed_locl.h to tmp32dll/seed_locl.h
perl .\util\copy-if-different.pl ".\crypto\modes\modes_lcl.h" "tmp32dll\modes_lcl.h"
Copying: ./crypto/modes/modes_lcl.h to tmp32dll/modes_lcl.h
perl .\util\copy-if-different.pl ".\crypto\bn\bn_lcl.h" "tmp32dll\bn_lcl.h"
Copying: ./crypto/bn/bn_lcl.h to tmp32dll/bn_lcl.h
perl .\util\copy-if-different.pl ".\crypto\bn\bn_prime.h" "tmp32dll\bn_prime.h"
Copying: ./crypto/bn/bn_prime.h to tmp32dll/bn_prime.h
perl .\util\copy-if-different.pl ".\crypto\dsa\dsa_locl.h" "tmp32dll\dsa_locl.h"
Copying: ./crypto/dsa/dsa_locl.h to tmp32dll/dsa_locl.h
perl .\util\copy-if-different.pl ".\crypto\ec\ec_lcl.h" "tmp32dll\ec_lcl.h"
Copying: ./crypto/ec/ec_lcl.h to tmp32dll/ec_lcl.h
perl .\util\copy-if-different.pl ".\crypto\ecdh\ech_locl.h" "tmp32dll\ech_locl.h"
Copying: ./crypto/ecdh/ech_locl.h to tmp32dll/ech_locl.h
perl .\util\copy-if-different.pl ".\crypto\ecdsa\ecs_locl.h" "tmp32dll\ecs_locl.h"
Copying: ./crypto/ecdsa/ecs_locl.h to tmp32dll/ecs_locl.h
perl .\util\copy-if-different.pl ".\crypto\bio\bio_lcl.h" "tmp32dll\bio_lcl.h"
Copying: ./crypto/bio/bio_lcl.h to tmp32dll/bio_lcl.h
perl .\util\copy-if-different.pl ".\crypto\objects\obj_dat.h" "tmp32dll\obj_dat.h"
Copying: ./crypto/objects/obj_dat.h to tmp32dll/obj_dat.h
perl .\util\copy-if-different.pl ".\crypto\objects\obj_xref.h" "tmp32dll\obj_xref.h"
Copying: ./crypto/objects/obj_xref.h to tmp32dll/obj_xref.h
perl .\util\copy-if-different.pl ".\crypto\evp\evp_locl.h" "tmp32dll\evp_locl.h"
Copying: ./crypto/evp/evp_locl.h to tmp32dll/evp_locl.h
perl .\util\copy-if-different.pl ".\crypto\asn1\asn1_locl.h" "tmp32dll\asn1_locl.h"
Copying: ./crypto/asn1/asn1_locl.h to tmp32dll/asn1_locl.h
perl .\util\copy-if-different.pl ".\crypto\x509\vpm_int.h" "tmp32dll\vpm_int.h"
Copying: ./crypto/x509/vpm_int.h to tmp32dll/vpm_int.h
perl .\util\copy-if-different.pl ".\crypto\x509v3\pcy_int.h" "tmp32dll\pcy_int.h"
Copying: ./crypto/x509v3/pcy_int.h to tmp32dll/pcy_int.h
perl .\util\copy-if-different.pl ".\crypto\cms\cms_lcl.h" "tmp32dll\cms_lcl.h"
Copying: ./crypto/cms/cms_lcl.h to tmp32dll/cms_lcl.h
perl .\util\copy-if-different.pl ".\crypto\conf\conf_def.h" "tmp32dll\conf_def.h"
Copying: ./crypto/conf/conf_def.h to tmp32dll/conf_def.h
perl .\util\copy-if-different.pl ".\crypto\ui\ui_locl.h" "tmp32dll\ui_locl.h"
Copying: ./crypto/ui/ui_locl.h to tmp32dll/ui_locl.h
perl .\util\copy-if-different.pl ".\crypto\whrlpool\wp_locl.h" "tmp32dll\wp_locl.h"
Copying: ./crypto/whrlpool/wp_locl.h to tmp32dll/wp_locl.h
NMAKE : fatal error U1073: 不知道如何生成“.\crypto\sm3\byteorder.h”
Stop.

D:\opensource\GmSSL>

dummy的编译和测试

关老师您好，engine/skf目录下的dummy例子怎么编译和测试，关于skf硬件设备，有更详细的指导文档吗。

360 的 ClientkeyExchange 貌似不能直接用 SM2_decrypt_with_recommended 进行解密

下面是 360 发送的 ClientkeyExchange （我手动分割了C1 C2 C3）
很明显是 Asn1 编码的，如果直接用 SM2_CIPHERTEXT_VALUE_decode 进行解码，会失败。

/****************************/
30 81 9a
02 21
00 c4 fe ba 1f
07 e0 d3 7c d2 b4 21 18 cc 31 51 d1 33 06 43 5d
ce fe 19 2d 58 04 5b 2d 06 6e ee 14

02 21
00 86
e3 3d 0f d3 83 5d 52 17 ce 2e 9f e8 d0 82 d2 4a
0d dd ef ff 1b 94 80 05 a6 c3 0e c9 51 e0 79

04 20
d1 b9 96 54 96 2a 5c d6 fe bd 3f 5c e1 ae c5
31 47 8f dc d6 27 17 e0 13 e6 f0 e3 f3 d5 c1 53
82

04 30
4d bf 48 13 84 bf 11 18 56 31 4e e7 da
d0 76 32 53 93 f0 0d bd 32 b2 e2 e0 48 12 bb d9
42 7d 3a 75 00 5c 29 12 3a 3e 55 ef 39 c0 40 2a
37 d5 90
/****************************/

还有一事不解，
GM/T 0024 -2014 SSLVPN技术规范中，对ClientkeyExchange 如下描述
case ECC:
opaque ECCEncryptedPreMasterSecret<...>

ECCEncryptedPreMasterSecret:
使用ECC加密算法时，用服务端加密公钥加密预主密钥

也意味着，加密的结果也即 ECCEncryptedPreMasterSecret<...> 应该满足
GM/T 0003.4-2012 SM2椭圆曲线公钥密码算法第4部分：公钥加密算法 6.1节的 C = C1 || C2 || C3格式

但是360抓包的结果，怎么看都和规范描述的不一致啊。

Linux 下make如下错误

gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -c -o x86_64cpuid.o x86_64cpuid.s
ar r ../libcrypto.a cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o x86_64cpuid.o
ar: creating ../libcrypto.a
test -z "" || ar r ../libcrypto.a fipscanister.o
/usr/bin/ranlib ../libcrypto.a || echo Never mind.
making all in crypto/objects...
make[2]: Entering directory /home/haozhongkai/coding/GmSSL/crypto/objects' /usr/bin/perl objects.pl objects.txt obj_mac.num obj_mac.h Added OID dsa objects.txt:41:Undefined identifier X9_62_id_fieldType make[2]: *** [obj_mac.h] Error 25 make[2]: Leaving directory /home/haozhongkai/coding/GmSSL/crypto/objects

Linux环境下make编译报错

我在Linux环境下编译时，出错，请问谁知道是什么原因呢？非常感谢。

原来是在windows下编译，一直没有编译成功。后安装了RedHat的虚拟机。
大体步骤如下：
unzip Gmssl.zip
./config no-idea no-mdc2 no-rc5 no-asm shared --prefix=/test/lib
make depend
make
之后就报如下图所示的错误了，非常感谢您的答复。

最后一步了，360访问居然提示“服务器证书验证出错 ”这个错误

错误描述：服务器证书验证出错

我已经发送了finished给360，360直接断开，也不回alert，真奇怪。
我以为finish中prf计算错误，于是我随便改了一下prf计算结果，再回给360,360则回复alert。这意味着
我原始的prf是正确的。
其次我验证360发给我的prf，验证通过了，这意味着我对prf的实现也是对的。
难道是证书的问题？谁有环境拿我证书试一下。
（我拿友商设备试了，也这个错误，之前试过是通的。。）

你好,SM2对于iOS开发真机报错

你好,这是在mac环境下编译后,导入项目,真机运行时报错:
ld: warning: ld: warning: ignoring file /Users/a123456/Desktop/SM2 SM4/libcrypto.a, file was built for archive which is not the architecture being linked (arm64): /Users/a123456/Desktop/SM2 SM4/libcrypto.aignoring file /Users/a123456/Desktop/SM2 SM4/libssl.a, file was built for archive which is not the architecture being linked (arm64): /Users/a123456/Desktop/SM2 SM4/libssl.a

ld: warning: object file (/Users/a123456/Desktop/SM2 SM4/zhlcs/Classes/SDK/XYKeyboard/libXYKeyboard.a(CharacterKeyboard.o)) was built for newer iOS version (9.0) than being linked (7.0)
ld: warning: object file (/Users/a123456/Desktop/SM2 SM4/zhlcs/Classes/SDK/XYKeyboard/libXYKeyboard.a(NumberKeyboardThird.o)) was built for newer iOS version (9.0) than being linked (7.0)
ld: warning: object file (/Users/a123456/Desktop/SM2 SM4/zhlcs/Classes/SDK/XYKeyboard/libXYKeyboard.a(KeyboardTool.o)) was built for newer iOS version (9.0) than being linked (7.0)
ld: warning: object file (/Users/a123456/Desktop/SM2 SM4/zhlcs/Classes/SDK/XYKeyboard/libXYKeyboard.a(Keyboard.o)) was built for newer iOS version (9.0) than being linked (7.0)
ld: warning: object file (/Users/a123456/Desktop/SM2 SM4/zhlcs/Classes/SDK/XYKeyboard/libXYKeyboard.a(XYKeyboard.o)) was built for newer iOS version (9.0) than being linked (7.0)
ld: warning: object file (/Users/a123456/Desktop/SM2 SM4/zhlcs/Classes/SDK/XYKeyboard/libXYKeyboard.a(NumberKeyboardFirst.o)) was built for newer iOS version (9.0) than being linked (7.0)
ld: warning: object file (/Users/a123456/Desktop/SM2 SM4/zhlcs/Classes/SDK/XYKeyboard/libXYKeyboard.a(NumberKeyboardSecond.o)) was built for newer iOS version (9.0) than being linked (7.0)
ld: warning: object file (/Users/a123456/Desktop/SM2 SM4/zhlcs/Classes/SDK/XYKeyboard/libXYKeyboard.a(UIView+LVExtension.o)) was built for newer iOS version (9.0) than being linked (7.0)
Undefined symbols for architecture arm64:
"_EVP_sm3", referenced from:
_test_sm2_enc in sm2Plugin.o
"_EC_POINT_point2hex", referenced from:
_test_sm2_enc in sm2Plugin.o
"_EC_KEY_new", referenced from:
-[sm2Plugin sm2:] in sm2Plugin.o
"_EC_POINT_point2oct", referenced from:
_SM2_do_encrypt in sm2_enc.o
"_KDF_get_x9_63", referenced from:
_SM2_do_encrypt in sm2_enc.o
"_CRYPTO_malloc", referenced from:
_SM2_do_encrypt in sm2_enc.o
"_BN_new", referenced from:
_SM2_do_encrypt in sm2_enc.o
"_EC_GROUP_get_order", referenced from:
_SM2_do_encrypt in sm2_enc.o
"_EVP_DigestInit_ex", referenced from:
_SM2_do_encrypt in sm2_enc.o
"_EC_POINT_new", referenced from:
_SM2_do_encrypt in sm2_enc.o
"_BN_CTX_new", referenced from:
_SM2_do_encrypt in sm2_enc.o
-[sm2Plugin sm2:] in sm2Plugin.o
_test_sm2_enc in sm2Plugin.o
"_EVP_MD_CTX_create", referenced from:
_SM2_do_encrypt in sm2_enc.o
"_EC_KEY_get0_group", referenced from:
_SM2_do_encrypt in sm2_enc.o
-[sm2Plugin sm2:] in sm2Plugin.o
_test_sm2_enc in sm2Plugin.o
"_EC_GROUP_get_cofactor", referenced from:
_SM2_do_encrypt in sm2_enc.o
"_EC_KEY_get0_public_key", referenced from:
_SM2_do_encrypt in sm2_enc.o
"_EC_GROUP_get_degree", referenced from:
_SM2_do_encrypt in sm2_enc.o
"_EC_POINT_hex2point", referenced from:
-[sm2Plugin sm2:] in sm2Plugin.o
"_BN_rand_range", referenced from:
_SM2_do_encrypt in sm2_enc.o
"_OpenSSLDie", referenced from:
_SM2_do_encrypt in sm2_enc.o
_test_sm2_enc in sm2Plugin.o
"_BN_free", referenced from:
_SM2_do_encrypt in sm2_enc.o
"_EVP_DigestUpdate", referenced from:
_SM2_do_encrypt in sm2_enc.o
"_EVP_DigestFinal_ex", referenced from:
_SM2_do_encrypt in sm2_enc.o
"_EC_POINT_mul", referenced from:
_SM2_do_encrypt in sm2_enc.o
"_EC_POINT_free", referenced from:
_SM2_CIPHERTEXT_VALUE_free in sm2_enc.o
"_BN_CTX_free", referenced from:
_SM2_do_encrypt in sm2_enc.o
"_BN_num_bits", referenced from:
_SM2_do_encrypt in sm2_enc.o
"_EC_POINT_is_at_infinity", referenced from:
_SM2_do_encrypt in sm2_enc.o
"_EVP_MD_CTX_destroy", referenced from:
_SM2_do_encrypt in sm2_enc.o
"_EC_KEY_new_by_curve_name", referenced from:
-[sm2Plugin sm2:] in sm2Plugin.o
"_CRYPTO_free", referenced from:
_SM2_CIPHERTEXT_VALUE_free in sm2_enc.o
ld: symbol(s) not found for architecture arm64
clang: error: linker command failed with exit code 1 (use -v to see invocation)

找不不到对应的开发手册

看Wiki里面的介绍，说有个开发手册，但是找不到，请问在哪里可以获得？

centos 64bits编译失败

centos 6.5 x86_64，make的时候失败：

   link_app.${shlib_target}

make[2]: Entering directory /root/tmp/GmSSL-master/apps' ( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}"; LDCMD="${LDCMD:-gcc}"; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM}"; LIBPATH=for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq; LIBPATH=echo $LIBPATH | sed -e 's/ /:/g'; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=gmssl} gmssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o ${LIBDEPS} ) ../libcrypto.a(ecp_nistz256.o): In functionecp_nistz256_points_mul':
ecp_nistz256.c:(.text+0x67c): undefined reference to ecp_nistz256_select_w7' ecp_nistz256.c:(.text+0x699): undefined reference toecp_nistz256_neg'
ecp_nistz256.c:(.text+0x857): undefined reference to ecp_nistz256_select_w7' ecp_nistz256.c:(.text+0x867): undefined reference toecp_nistz256_neg'
ecp_nistz256.c:(.text+0x90e): undefined reference to ecp_nistz256_point_add_affine' ecp_nistz256.c:(.text+0xc06): undefined reference toecp_nistz256_point_add'
ecp_nistz256.c:(.text+0xea0): undefined reference to ecp_nistz256_point_double' ecp_nistz256.c:(.text+0xeba): undefined reference toecp_nistz256_point_add'
ecp_nistz256.c:(.text+0xee0): undefined reference to ecp_nistz256_point_double' ecp_nistz256.c:(.text+0xef0): undefined reference toecp_nistz256_point_double'
ecp_nistz256.c:(.text+0xf0c): undefined reference to ecp_nistz256_point_double' ecp_nistz256.c:(.text+0xf23): undefined reference toecp_nistz256_point_double'
ecp_nistz256.c:(.text+0xf42): undefined reference to ecp_nistz256_point_add' ecp_nistz256.c:(.text+0xf63): undefined reference toecp_nistz256_point_add'
ecp_nistz256.c:(.text+0xf7a): undefined reference to ecp_nistz256_point_add' ecp_nistz256.c:(.text+0xf91): undefined reference toecp_nistz256_point_add'
ecp_nistz256.c:(.text+0xfa1): undefined reference to ecp_nistz256_point_double' ecp_nistz256.c:(.text+0xfbd): undefined reference toecp_nistz256_point_double'

在ssl中无法使用sm2证书、key

在ssl server端使用sm2证书、key，
SSL_CTX_use_certificate_file、SSL_CTX_use_PrivateKey_file、SSL_CTX_check_private_key均通过，
但是ssl3_get_client_hello函数中调用的ssl3_choose_cipher返回null。

SM9算法

有没有最近在研究SM9的朋友啊？有些问题想要讨论下，有兴趣的可以一起探讨啊。

用脚本生成的证书貌似有误

使用sm2-initca.sh和sm2-initca.sh生成的证书貌似还是ecc的，与例子不一样，请问有其他的产生sm2证书的方式么?
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17722149558807527987 (0xf5f1b920b5118233)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=CN, ST=SF, L=SDF, O=S, OU=D, CN=S/emailAddress=F
Validity
Not Before: Nov 6 07:11:49 2015 GMT
Not After : Nov 3 07:11:49 2025 GMT
Subject: C=CN, ST=SF, L=SDF, O=S, OU=D, CN=S/emailAddress=F
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:91:8f:59:3d:ec:83:43:2a:d4:e4:50:13:28:60:
55:06:2b:af:4a:14:43:c0:4d:0c:38:21:81:34:5f:
98:13:fd:cf:43:cf:67:1a:cf:fd:74:3a:00:fe:94:
a4:1a:6a:d1:70:95:2f:a2:3d:31:19:7d:e3:99:50:
3c:c5:6a:f8:20
ASN1 OID: sm2p256v1
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:82:F8:15:EE:54:E0:E5:97:2F:FB:B8:AA:6D:DD:88:94:05:AF:D9
X509v3 Authority Key Identifier:
keyid:E6:82:F8:15:EE:54:E0:E5:97:2F:FB:B8:AA:6D:DD:88:94:05:AF:D9

        X509v3 Basic Constraints: 
            CA:TRUE
Signature Algorithm: ecdsa-with-SHA256
     30:45:02:21:00:85:1f:c4:35:43:25:d9:9e:76:a9:e7:dd:dc:
     58:b5:b0:2c:88:22:c2:d6:22:58:19:f3:13:9e:eb:07:34:96:
     3c:02:20:06:aa:d8:9b:7e:7b:d9:74:ab:85:2e:1f:b0:17:b2:
     ac:40:c2:13:89:5c:2a:54:fa:76:fa:b9:24:7a:40:13:ba

Linux下编译动态库失败

在CentOS7下，配置为编译动态库：

./config shared

然后在make的过程中失败，报告如下错误：

making all in apps...
make[1]: 进入目录“/root/GmSSL/apps”
rm -f gmssl
shlib_target=; if [ -n "libcrypto.so.1.0.0 libssl.so.1.0.0" ]; then
shlib_target="linux-shared";
elif [ -n "" ]; then
FIPSLD_CC="gcc"; CC=/usr/local/ssl/fips-2.0/bin/fipsld; export CC FIPSLD_CC;
fi;
LIBRARIES="-L.. -lssl -L.. -lcrypto" ;
make -f ../Makefile.shared -e
APPNAME=gmssl OBJECTS="gmssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o"
LIBDEPS=" $LIBRARIES -ldl"
link_app.${shlib_target}
make[2]: 进入目录“/root/GmSSL/apps”
../libcrypto.so：对‘PAILLIERerr’未定义的引用
collect2: 错误：ld 返回 1
make[2]: *** [link_app.gnu] 错误 1

guanzhi / gmssl Goto Github PK

gmssl's People

Contributors

Stargazers

Watchers

Forkers

gmssl's Issues

error MD2 is disabled.

ecp_nistz256-x86_64.s:854: Error: no such instruction: `adoxq %rbp,%r10'

Recommend Projects

Recommend Topics

Recommend Org

Jobs