[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Mon Mar 19 17:19:30 UTC 2018
The branch master has been updated
via dad8c264c78d1bc57b6fcf6c0204a00523c13940 (commit)
via 1bf2cc237e8ac8177a36d179441327f170f96f1b (commit)
from 1a54618ba6ec09b85f00f5ca12ef275b429ff18a (commit)
- Log -----------------------------------------------------------------
commit dad8c264c78d1bc57b6fcf6c0204a00523c13940
Author: Matt Caswell <matt at openssl.org>
Date: Mon Mar 19 16:24:49 2018 +0000
Fix no-ec
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5673)
commit 1bf2cc237e8ac8177a36d179441327f170f96f1b
Author: Matt Caswell <matt at openssl.org>
Date: Mon Mar 19 16:17:58 2018 +0000
Fix no-sm2
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5673)
-----------------------------------------------------------------------
Summary of changes:
Configure | 3 ++-
crypto/ec/ec_pmeth.c | 43 ++++++++++++++++++++++++-------------------
include/openssl/sm2.h | 8 ++++++--
test/evp_test.c | 23 +++++++++++++++++++++++
util/libcrypto.num | 20 ++++++++++----------
5 files changed, 65 insertions(+), 32 deletions(-)
diff --git a/Configure b/Configure
index e2c0604..a85beea 100755
--- a/Configure
+++ b/Configure
@@ -382,6 +382,7 @@ my @disablables = (
"seed",
"shared",
"siphash",
+ "sm2",
"sm3",
"sm4",
"sock",
@@ -484,7 +485,7 @@ my @disable_cascades = (
"apps" => [ "tests" ],
"tests" => [ "external-tests" ],
"comp" => [ "zlib" ],
- "ec" => [ "tls1_3" ],
+ "ec" => [ "tls1_3", "sm2" ],
sub { !$disabled{"unit-test"} } => [ "heartbeats" ],
sub { !$disabled{"msan"} } => [ "asm" ],
diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index 08dda12..7e963d9 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -205,24 +205,27 @@ static int pkey_ecies_encrypt(EVP_PKEY_CTX *ctx,
unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen)
{
- int ret, md_type;
- EC_PKEY_CTX *dctx = ctx->data;
+ int ret;
EC_KEY *ec = ctx->pkey->pkey.ec;
const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
- if (dctx->md)
- md_type = EVP_MD_type(dctx->md);
- else if (ec_nid == NID_sm2)
- md_type = NID_sm3;
- else
- md_type = NID_sha256;
-
if (ec_nid == NID_sm2) {
# if defined(OPENSSL_NO_SM2)
ret = -1;
# else
+ int md_type;
+ EC_PKEY_CTX *dctx = ctx->data;
+
+ if (dctx->md)
+ md_type = EVP_MD_type(dctx->md);
+ else if (ec_nid == NID_sm2)
+ md_type = NID_sm3;
+ else
+ md_type = NID_sha256;
+
if (out == NULL) {
- *outlen = SM2_ciphertext_size(ec, EVP_get_digestbynid(md_type), inlen);
+ *outlen = SM2_ciphertext_size(ec, EVP_get_digestbynid(md_type),
+ inlen);
ret = 1;
}
else {
@@ -242,22 +245,24 @@ static int pkey_ecies_decrypt(EVP_PKEY_CTX *ctx,
unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen)
{
- int ret, md_type;
- EC_PKEY_CTX *dctx = ctx->data;
+ int ret;
EC_KEY *ec = ctx->pkey->pkey.ec;
const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
- if (dctx->md)
- md_type = EVP_MD_type(dctx->md);
- else if (ec_nid == NID_sm2)
- md_type = NID_sm3;
- else
- md_type = NID_sha256;
-
if (ec_nid == NID_sm2) {
# if defined(OPENSSL_NO_SM2)
ret = -1;
# else
+ int md_type;
+ EC_PKEY_CTX *dctx = ctx->data;
+
+ if (dctx->md)
+ md_type = EVP_MD_type(dctx->md);
+ else if (ec_nid == NID_sm2)
+ md_type = NID_sm3;
+ else
+ md_type = NID_sha256;
+
if (out == NULL) {
*outlen = SM2_plaintext_size(ec, EVP_get_digestbynid(md_type), inlen);
ret = 1;
diff --git a/include/openssl/sm2.h b/include/openssl/sm2.h
index 892ffb1..a3c055b 100644
--- a/include/openssl/sm2.h
+++ b/include/openssl/sm2.h
@@ -11,11 +11,14 @@
#ifndef HEADER_SM2_H
# define HEADER_SM2_H
+# include <openssl/opensslconf.h>
-# include <openssl/ec.h>
+# ifndef OPENSSL_NO_SM2
+
+# include <openssl/ec.h>
/* The default user id as specified in GM/T 0009-2012 */
-# define SM2_DEFAULT_USERID "1234567812345678"
+# define SM2_DEFAULT_USERID "1234567812345678"
int SM2_compute_userid_digest(uint8_t *out,
const EVP_MD *digest,
@@ -71,4 +74,5 @@ int SM2_decrypt(const EC_KEY *key,
int ERR_load_SM2_strings(void);
+# endif /* OPENSSL_NO_SM2 */
#endif
diff --git a/test/evp_test.c b/test/evp_test.c
index 3244da6..32f843e 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -2413,6 +2413,23 @@ static char *take_value(PAIR *pp)
return p;
}
+static int key_disabled(EVP_PKEY *pkey)
+{
+#if defined(OPENSSL_NO_SM2) && !defined(OPENSSL_NO_EC)
+ int type = EVP_PKEY_base_id(pkey);
+
+ if (type == EVP_PKEY_EC) {
+ EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+ int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+
+ if (nid == NID_sm2)
+ return 1;
+ }
+#endif /* OPENSSL_NO_SM2 */
+
+ return 0;
+}
+
/*
* Read and parse one test. Return 0 if failure, 1 if okay.
*/
@@ -2439,6 +2456,7 @@ top:
if (strcmp(pp->key, "PrivateKey") == 0) {
pkey = PEM_read_bio_PrivateKey(t->s.key, NULL, 0, NULL);
if (pkey == NULL && !key_unsupported()) {
+ EVP_PKEY_free(pkey);
TEST_info("Can't read private key %s", pp->value);
TEST_openssl_errors();
return 0;
@@ -2447,6 +2465,7 @@ top:
} else if (strcmp(pp->key, "PublicKey") == 0) {
pkey = PEM_read_bio_PUBKEY(t->s.key, NULL, 0, NULL);
if (pkey == NULL && !key_unsupported()) {
+ EVP_PKEY_free(pkey);
TEST_info("Can't read public key %s", pp->value);
TEST_openssl_errors();
return 0;
@@ -2497,6 +2516,10 @@ top:
}
OPENSSL_free(keybin);
}
+ if (pkey != NULL && key_disabled(pkey)) {
+ EVP_PKEY_free(pkey);
+ pkey = NULL;
+ }
/* If we have a key add to list */
if (klist != NULL) {
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 96cbb2c..07d9d27 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4514,13 +4514,13 @@ EVP_PKEY_new_CMAC_key 4455 1_1_1 EXIST::FUNCTION:
EVP_PKEY_asn1_set_set_priv_key 4456 1_1_1 EXIST::FUNCTION:
EVP_PKEY_asn1_set_set_pub_key 4457 1_1_1 EXIST::FUNCTION:
RAND_DRBG_set_defaults 4458 1_1_1 EXIST::FUNCTION:
-SM2_decrypt 4459 1_1_1 EXIST::FUNCTION:
-SM2_do_sign 4460 1_1_1 EXIST::FUNCTION:
-SM2_compute_userid_digest 4461 1_1_1 EXIST::FUNCTION:
-SM2_encrypt 4462 1_1_1 EXIST::FUNCTION:
-SM2_ciphertext_size 4463 1_1_1 EXIST::FUNCTION:
-SM2_verify 4464 1_1_1 EXIST::FUNCTION:
-SM2_do_verify 4465 1_1_1 EXIST::FUNCTION:
-SM2_sign 4466 1_1_1 EXIST::FUNCTION:
-ERR_load_SM2_strings 4467 1_1_1 EXIST::FUNCTION:
-SM2_plaintext_size 4468 1_1_1 EXIST::FUNCTION:
+SM2_decrypt 4459 1_1_1 EXIST::FUNCTION:SM2
+SM2_do_sign 4460 1_1_1 EXIST::FUNCTION:SM2
+SM2_compute_userid_digest 4461 1_1_1 EXIST::FUNCTION:SM2
+SM2_encrypt 4462 1_1_1 EXIST::FUNCTION:SM2
+SM2_ciphertext_size 4463 1_1_1 EXIST::FUNCTION:SM2
+SM2_verify 4464 1_1_1 EXIST::FUNCTION:SM2
+SM2_do_verify 4465 1_1_1 EXIST::FUNCTION:SM2
+SM2_sign 4466 1_1_1 EXIST::FUNCTION:SM2
+ERR_load_SM2_strings 4467 1_1_1 EXIST::FUNCTION:SM2
+SM2_plaintext_size 4468 1_1_1 EXIST::FUNCTION:SM2
More information about the openssl-commits
mailing list