[openssl] OpenSSL_1_1_1-stable update

yang.yang at baishancloud.com yang.yang at baishancloud.com
Wed Feb 27 02:11:19 UTC 2019


The branch OpenSSL_1_1_1-stable has been updated
       via  9c6d536f532a737216f2ae0e7d168c99ed989a0d (commit)
      from  e8dc6580368fdc26384fc69d58e038a3e1c6e368 (commit)


- Log -----------------------------------------------------------------
commit 9c6d536f532a737216f2ae0e7d168c99ed989a0d
Author: Paul Yang <yang.yang at baishancloud.com>
Date:   Mon Feb 25 17:34:03 2019 +0800

    Fix the default digest algorthm of SM2
    
    Currently SM2 shares the ameth with EC, so the current default digest
    algorithm returned is SHA256. This fixes the default digest algorithm of
    SM2 to SM3, which is the only valid digest algorithm for SM2 signature.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/8186)
    
    (cherry picked from commit e766f4a0531bffdab8ad2038279b755928d7a40a)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ec/ec_ameth.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 8b363e0..48aa801 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -504,7 +504,12 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 #endif
 
     case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-        *(int *)arg2 = NID_sha256;
+        if (EVP_PKEY_id(pkey) == EVP_PKEY_SM2) {
+            /* For SM2, the only valid digest-alg is SM3 */
+            *(int *)arg2 = NID_sm3;
+        } else {
+            *(int *)arg2 = NID_sha256;
+        }
         return 1;
 
     case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:


More information about the openssl-commits mailing list