[openssl] master update

kaishen.yy at antfin.com kaishen.yy at antfin.com
Thu Aug 22 02:34:11 UTC 2019


The branch master has been updated
       via  a45eb7e8918f055115e0a1f206f8b74a2ed06dc6 (commit)
      from  e1178600cc5d40b1e21c4a01d224afd2d8c7498a (commit)


- Log -----------------------------------------------------------------
commit a45eb7e8918f055115e0a1f206f8b74a2ed06dc6
Author: Paul Yang <kaishen.yy at antfin.com>
Date:   Tue Jul 30 23:05:44 2019 +0800

    Support parsing of SM2 ID in hexdecimal
    
    The current EVP_PEKY_ctrl for SM2 has no capability of parsing an ID
    input in hexdecimal.
    
    The newly added ctrl string is called: sm2_hex_id
    
    Test cases and documentation are updated.
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/9584)

-----------------------------------------------------------------------

Summary of changes:
 crypto/sm2/sm2_pmeth.c     | 19 +++++++++++++++++++
 doc/man1/pkeyutl.pod       |  7 +++++++
 include/openssl/ec.h       |  1 -
 test/recipes/25-test_req.t | 15 +++++++++++++--
 4 files changed, 39 insertions(+), 3 deletions(-)

diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c
index 8c81ca37e2..56e015d94e 100644
--- a/crypto/sm2/sm2_pmeth.c
+++ b/crypto/sm2/sm2_pmeth.c
@@ -232,6 +232,10 @@ static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 static int pkey_sm2_ctrl_str(EVP_PKEY_CTX *ctx,
                              const char *type, const char *value)
 {
+    uint8_t *hex_id;
+    long hex_len = 0;
+    int ret = 0;
+
     if (strcmp(type, "ec_paramgen_curve") == 0) {
         int nid = NID_undef;
 
@@ -255,6 +259,21 @@ static int pkey_sm2_ctrl_str(EVP_PKEY_CTX *ctx,
     } else if (strcmp(type, "sm2_id") == 0) {
         return pkey_sm2_ctrl(ctx, EVP_PKEY_CTRL_SET1_ID,
                              (int)strlen(value), (void *)value);
+    } else if (strcmp(type, "sm2_hex_id") == 0) {
+        /*
+         * TODO(3.0): reconsider the name "sm2_hex_id", OR change
+         * OSSL_PARAM_construct_from_text() / OSSL_PARAM_allocate_from_text()
+         * to handle infix "_hex_"
+         */
+        hex_id = OPENSSL_hexstr2buf((const char *)value, &hex_len);
+        if (hex_id == NULL) {
+            SM2err(SM2_F_PKEY_SM2_CTRL_STR, ERR_R_PASSED_INVALID_ARGUMENT);
+            return 0;
+        }
+        ret = pkey_sm2_ctrl(ctx, EVP_PKEY_CTRL_SET1_ID, (int)hex_len,
+                            (void *)hex_id);
+        OPENSSL_free(hex_id);
+        return ret;
     }
 
     return -2;
diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod
index 3a7f31b894..1829435f5b 100644
--- a/doc/man1/pkeyutl.pod
+++ b/doc/man1/pkeyutl.pod
@@ -341,6 +341,13 @@ This sets the ID string used in SM2 sign or verify operations. While verifying
 an SM2 signature, the ID string must be the same one used when signing the data.
 Otherwise the verification will fail.
 
+=item B<sm2_hex_id:hex_string>
+
+This sets the ID string used in SM2 sign or verify operations. While verifying
+an SM2 signature, the ID string must be the same one used when signing the data.
+Otherwise the verification will fail. The ID string provided with this option
+should be a valid hexadecimal value.
+
 =back
 
 =head1 EXAMPLES
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 3e87fac9b4..807a64b31d 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -1494,7 +1494,6 @@ void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
 # define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \
         EVP_PKEY_CTX_ctrl(ctx, -1, -1, \
                                 EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id))
-
 # define EVP_PKEY_CTX_get1_id(ctx, id) \
         EVP_PKEY_CTX_ctrl(ctx, -1, -1, \
                                 EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id))
diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index 127b338634..7dae692482 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -59,10 +59,10 @@ subtest "generating certificate requests" => sub {
 };
 
 subtest "generating SM2 certificate requests" => sub {
-    plan tests => 2;
+    plan tests => 4;
 
     SKIP: {
-        skip "SM2 is not supported by this OpenSSL build", 2
+        skip "SM2 is not supported by this OpenSSL build", 4
         if disabled("sm2");
         ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
@@ -74,6 +74,17 @@ subtest "generating SM2 certificate requests" => sub {
                     "-verify", "-in", "testreq.pem", "-noout",
                     "-sm2-id", "1234567812345678", "-sm3"])),
            "Verifying signature on SM2 certificate request");
+
+        ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+                    "-new", "-key", srctop_file("test", "certs", "sm2.key"),
+                    "-sigopt", "sm2_hex_id:DEADBEEF",
+                    "-out", "testreq.pem", "-sm3"])),
+           "Generating SM2 certificate request with hex id");
+
+        ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+                    "-verify", "-in", "testreq.pem", "-noout",
+                    "-sm2-hex-id", "DEADBEEF", "-sm3"])),
+           "Verifying signature on SM2 certificate request");
     }
 };
 


More information about the openssl-commits mailing list