Projects
Mega:24.03:SP1:Everything
compat-openssl11
_service:tar_scm:Backport-Support-SM2-certifica...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:Backport-Support-SM2-certificate-verification.patch of Package compat-openssl11
From 7d86ccd1282aeff8f6d564c5d37625ffcc048f2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=A8=E6=B4=8B?= <yang.yang@baishancloud.com> Date: Fri, 26 Oct 2018 21:34:08 +0800 Subject: [PATCH 03/15] Support SM2 certificate verification Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8321) --- apps/verify.c | 45 +++++++++++++-- crypto/asn1/a_verify.c | 3 +- crypto/err/openssl.txt | 2 + crypto/objects/obj_dat.h | 17 ++++-- crypto/objects/obj_mac.num | 1 + crypto/objects/obj_xref.h | 4 +- crypto/objects/obj_xref.txt | 2 + crypto/objects/objects.txt | 2 + crypto/x509/x509_err.c | 2 + crypto/x509/x_all.c | 110 ++++++++++++++++++++++++++++++++++++ crypto/x509/x_x509.c | 12 ++++ fuzz/oids.txt | 1 + include/crypto/x509.h | 5 +- include/openssl/obj_mac.h | 7 ++- include/openssl/x509.h | 3 + include/openssl/x509err.h | 2 + util/libcrypto.num | 2 + 17 files changed, 204 insertions(+), 16 deletions(-) diff --git a/apps/verify.c b/apps/verify.c index 1f93856..09b31cf 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -21,7 +21,8 @@ static int cb(int ok, X509_STORE_CTX *ctx); static int check(X509_STORE *ctx, const char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, - STACK_OF(X509_CRL) *crls, int show_chain); + STACK_OF(X509_CRL) *crls, int show_chain, + unsigned char *sm2id, size_t sm2idlen); static int v_verbose = 0, vflags = 0; typedef enum OPTION_choice { @@ -29,7 +30,7 @@ typedef enum OPTION_choice { OPT_ENGINE, OPT_CAPATH, OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_UNTRUSTED, OPT_TRUSTED, OPT_CRLFILE, OPT_CRL_DOWNLOAD, OPT_SHOW_CHAIN, OPT_V_ENUM, OPT_NAMEOPT, - OPT_VERBOSE + OPT_VERBOSE, OPT_SM2ID, OPT_SM2HEXID } OPTION_CHOICE; const OPTIONS verify_options[] = { @@ -56,6 +57,12 @@ const OPTIONS verify_options[] = { OPT_V_OPTIONS, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, +#endif +#ifndef OPENSSL_NO_SM2 + {"sm2-id", OPT_SM2ID, 's', + "Specify an ID string to verify an SM2 certificate"}, + {"sm2-hex-id", OPT_SM2HEXID, 's', + "Specify a hex ID string to verify an SM2 certificate"}, #endif {NULL} }; @@ -71,6 +78,8 @@ int verify_main(int argc, char **argv) int noCApath = 0, noCAfile = 0; int vpmtouched = 0, crl_download = 0, show_chain = 0, i = 0, ret = 1; OPTION_CHOICE o; + unsigned char *sm2_id = NULL; + size_t sm2_idlen = 0; if ((vpm = X509_VERIFY_PARAM_new()) == NULL) goto end; @@ -158,6 +167,19 @@ int verify_main(int argc, char **argv) case OPT_VERBOSE: v_verbose = 1; break; + case OPT_SM2ID: + /* we assume the input is not a hex string */ + sm2_id = (unsigned char *)opt_arg(); + sm2_idlen = strlen((const char *)sm2_id); + break; + case OPT_SM2HEXID: + /* try to parse the input as hex string first */ + sm2_id = OPENSSL_hexstr2buf(opt_arg(), (long *)&sm2_idlen); + if (sm2_id == NULL) { + BIO_printf(bio_err, "Invalid hex string input\n"); + goto end; + } + break; } } argc = opt_num_rest(); @@ -183,12 +205,13 @@ int verify_main(int argc, char **argv) ret = 0; if (argc < 1) { - if (check(store, NULL, untrusted, trusted, crls, show_chain) != 1) + if (check(store, NULL, untrusted, trusted, crls, show_chain, + sm2_id, sm2_idlen) != 1) ret = -1; } else { for (i = 0; i < argc; i++) if (check(store, argv[i], untrusted, trusted, crls, - show_chain) != 1) + show_chain, sm2_id, sm2_idlen) != 1) ret = -1; } @@ -204,7 +227,8 @@ int verify_main(int argc, char **argv) static int check(X509_STORE *ctx, const char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, - STACK_OF(X509_CRL) *crls, int show_chain) + STACK_OF(X509_CRL) *crls, int show_chain, + unsigned char *sm2id, size_t sm2idlen) { X509 *x = NULL; int i = 0, ret = 0; @@ -216,6 +240,17 @@ static int check(X509_STORE *ctx, const char *file, if (x == NULL) goto end; + if (sm2id != NULL) { +#ifndef OPENSSL_NO_SM2 + ASN1_OCTET_STRING v; + + v.data = sm2id; + v.length = sm2idlen; + + X509_set_sm2_id(x, &v); +#endif + } + csc = X509_STORE_CTX_new(); if (csc == NULL) { printf("error %s: X.509 store context allocation failed\n", diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 4b5f542..f543aa1 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -94,7 +94,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, int mdnid, pknid; size_t inll = 0; - if (!pkey) { + if (pkey == NULL) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); return -1; } @@ -150,7 +150,6 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ret = 0; goto err; } - } inl = ASN1_item_i2d(asn, &buf_in, it); diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 902e97b..5e71e65 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1766,8 +1766,10 @@ X509_F_X509_STORE_NEW:158:X509_STORE_new X509_F_X509_TO_X509_REQ:126:X509_to_X509_REQ X509_F_X509_TRUST_ADD:133:X509_TRUST_add X509_F_X509_TRUST_SET:141:X509_TRUST_set +X509_F_X509_VERIFY:161:X509_verify X509_F_X509_VERIFY_CERT:127:X509_verify_cert X509_F_X509_VERIFY_PARAM_NEW:159:X509_VERIFY_PARAM_new +X509_F_X509_VERIFY_SM2:162:x509_verify_sm2 #Reason codes ASN1_R_ADDING_OBJECT:171:adding object diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 24b49a2..eb4cce4 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/obj_dat.pl * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at @@ -10,7 +10,7 @@ */ /* Serialized OID's */ -static const unsigned char so[7762] = { +static const unsigned char so[7770] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -1076,9 +1076,10 @@ static const unsigned char so[7762] = { 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x04, /* [ 7736] OBJ_id_tc26_gost_3410_2012_256_paramSetD */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0C, /* [ 7745] OBJ_hmacWithSHA512_224 */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x75, /* [ 7761] OBJ_SM2_with_SM3 */ }; -#define NUM_NID 1195 +#define NUM_NID 1196 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -2275,9 +2276,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"magma-mac", "magma-mac", NID_magma_mac}, {"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]}, {"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]}, + {"SM2-SM3", "SM2-with-SM3", NID_SM2_with_SM3, 8, &so[7761]}, }; -#define NUM_SN 1186 +#define NUM_SN 1187 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -2543,6 +2545,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1100, /* "SHAKE128" */ 1101, /* "SHAKE256" */ 1172, /* "SM2" */ + 1195, /* "SM2-SM3" */ 1143, /* "SM3" */ 1134, /* "SM4-CBC" */ 1137, /* "SM4-CFB" */ @@ -3467,7 +3470,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1093, /* "x509ExtAdmission" */ }; -#define NUM_LN 1186 +#define NUM_LN 1187 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -3623,6 +3626,7 @@ static const unsigned int ln_objs[NUM_LN] = { 1119, /* "RSA-SHA3-512" */ 188, /* "S/MIME" */ 167, /* "S/MIME Capabilities" */ + 1195, /* "SM2-with-SM3" */ 1006, /* "SNILS" */ 387, /* "SNMPv2" */ 1025, /* "SSH Client" */ @@ -4657,7 +4661,7 @@ static const unsigned int ln_objs[NUM_LN] = { 125, /* "zlib compression" */ }; -#define NUM_OBJ 1071 +#define NUM_OBJ 1072 static const unsigned int obj_objs[NUM_OBJ] = { 0, /* OBJ_undef 0 */ 181, /* OBJ_iso 1 */ @@ -5126,6 +5130,7 @@ static const unsigned int obj_objs[NUM_OBJ] = { 1139, /* OBJ_sm4_ctr 1 2 156 10197 1 104 7 */ 1172, /* OBJ_sm2 1 2 156 10197 1 301 */ 1143, /* OBJ_sm3 1 2 156 10197 1 401 */ + 1195, /* OBJ_SM2_with_SM3 1 2 156 10197 1 501 */ 1144, /* OBJ_sm3WithRSAEncryption 1 2 156 10197 1 504 */ 776, /* OBJ_seed_ecb 1 2 410 200004 1 3 */ 777, /* OBJ_seed_cbc 1 2 410 200004 1 4 */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 1b6a9c6..8b797b0 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1192,3 +1192,4 @@ magma_cfb 1191 magma_mac 1192 hmacWithSHA512_224 1193 hmacWithSHA512_256 1194 +SM2_with_SM3 1195 diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h index 5c3561a..1acfcde 100644 --- a/crypto/objects/obj_xref.h +++ b/crypto/objects/obj_xref.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by objxref.pl * - * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -79,6 +79,7 @@ static const nid_triple sigoid_srt[] = { {NID_RSA_SHA3_256, NID_sha3_256, NID_rsaEncryption}, {NID_RSA_SHA3_384, NID_sha3_384, NID_rsaEncryption}, {NID_RSA_SHA3_512, NID_sha3_512, NID_rsaEncryption}, + {NID_SM2_with_SM3, NID_sm3, NID_sm2}, }; static const nid_triple *const sigoid_srt_xref[] = { @@ -125,4 +126,5 @@ static const nid_triple *const sigoid_srt_xref[] = { &sigoid_srt[45], &sigoid_srt[46], &sigoid_srt[47], + &sigoid_srt[48], }; diff --git a/crypto/objects/obj_xref.txt b/crypto/objects/obj_xref.txt index ca3e744..f3dd8ed 100644 --- a/crypto/objects/obj_xref.txt +++ b/crypto/objects/obj_xref.txt @@ -64,3 +64,5 @@ dhSinglePass_cofactorDH_sha224kdf_scheme sha224 dh_cofactor_kdf dhSinglePass_cofactorDH_sha256kdf_scheme sha256 dh_cofactor_kdf dhSinglePass_cofactorDH_sha384kdf_scheme sha384 dh_cofactor_kdf dhSinglePass_cofactorDH_sha512kdf_scheme sha512 dh_cofactor_kdf + +SM2_with_SM3 sm3 sm2 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index c49d4c5..be9da47 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -385,6 +385,8 @@ sm-scheme 301 : SM2 : sm2 sm-scheme 401 : SM3 : sm3 sm-scheme 504 : RSA-SM3 : sm3WithRSAEncryption +sm-scheme 501 : SM2-SM3 : SM2-with-SM3 + # From RFC4231 rsadsi 2 8 : : hmacWithSHA224 rsadsi 2 9 : : hmacWithSHA256 diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index bdd1e67..c91ad7c 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -105,9 +105,11 @@ static const ERR_STRING_DATA X509_str_functs[] = { {ERR_PACK(ERR_LIB_X509, X509_F_X509_TO_X509_REQ, 0), "X509_to_X509_REQ"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_ADD, 0), "X509_TRUST_add"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_SET, 0), "X509_TRUST_set"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY, 0), "X509_verify"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_CERT, 0), "X509_verify_cert"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_PARAM_NEW, 0), "X509_VERIFY_PARAM_new"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_SM2, 0), "x509_verify_sm2"}, {0, NULL} }; diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index a4e9cda..60a2892 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -19,10 +19,120 @@ #include <openssl/dsa.h> #include <openssl/x509v3.h> +#ifndef OPENSSL_NO_SM2 + +# include "crypto/asn1.h" +# include "crypto/evp.h" + +static int x509_verify_sm2(X509 *x, EVP_PKEY *pkey, int mdnid, int pknid) +{ + EVP_MD_CTX *ctx = NULL; + unsigned char *buf_in = NULL; + int ret = -1, inl = 0; + size_t inll = 0; + EVP_PKEY_CTX *pctx = NULL; + const EVP_MD *type = EVP_get_digestbynid(mdnid); + + if (type == NULL) { + X509err(X509_F_X509_VERIFY_SM2, + ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); + goto err; + } + + if (pkey == NULL) { + X509err(X509_F_X509_VERIFY_SM2, ERR_R_PASSED_NULL_PARAMETER); + return -1; + } + + if (x->signature.type == V_ASN1_BIT_STRING && x->signature.flags & 0x7) { + X509err(X509_F_X509_VERIFY_SM2, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + return -1; + } + + ctx = EVP_MD_CTX_new(); + if (ctx == NULL) { + X509err(X509_F_X509_VERIFY_SM2, ERR_R_MALLOC_FAILURE); + goto err; + } + + /* Check public key OID matches public key type */ + if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) { + X509err(X509_F_X509_VERIFY_SM2, ASN1_R_WRONG_PUBLIC_KEY_TYPE); + goto err; + } + + if (!EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)) { + X509err(X509_F_X509_VERIFY_SM2, ERR_R_EVP_LIB); + ret = 0; + goto err; + } + pctx = EVP_PKEY_CTX_new(pkey, NULL); + if (pctx == NULL) { + X509err(X509_F_X509_VERIFY_SM2, ERR_R_EVP_LIB); + ret = 0; + goto err; + } + if (EVP_PKEY_CTX_set1_id(pctx, x->sm2_id.data, x->sm2_id.length) != 1) { + X509err(X509_F_X509_VERIFY_SM2, ERR_R_EVP_LIB); + ret = 0; + goto err; + } + EVP_MD_CTX_set_pkey_ctx(ctx, pctx); + + if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { + X509err(X509_F_X509_VERIFY_SM2, ERR_R_EVP_LIB); + ret = 0; + goto err; + } + + inl = ASN1_item_i2d((ASN1_VALUE *)&x->cert_info, &buf_in, + ASN1_ITEM_rptr(X509_CINF)); + if (inl <= 0) { + X509err(X509_F_X509_VERIFY_SM2, ERR_R_INTERNAL_ERROR); + goto err; + } + if (buf_in == NULL) { + X509err(X509_F_X509_VERIFY_SM2, ERR_R_MALLOC_FAILURE); + goto err; + } + inll = inl; + + ret = EVP_DigestVerify(ctx, x->signature.data, + (size_t)x->signature.length, buf_in, inl); + if (ret <= 0) { + X509err(X509_F_X509_VERIFY_SM2, ERR_R_EVP_LIB); + goto err; + } + ret = 1; + err: + OPENSSL_clear_free(buf_in, inll); + EVP_MD_CTX_free(ctx); + EVP_PKEY_CTX_free(pctx); + return ret; +} +#endif + int X509_verify(X509 *a, EVP_PKEY *r) { +#ifndef OPENSSL_NO_SM2 + int mdnid, pknid; +#endif + if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature)) return 0; + +#ifndef OPENSSL_NO_SM2 + /* Convert signature OID into digest and public key OIDs */ + if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->sig_alg.algorithm), + &mdnid, &pknid)) { + X509err(X509_F_X509_VERIFY, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); + return 0; + } + + if (pknid == NID_sm2) + return x509_verify_sm2(a, r, mdnid, pknid); +#endif + return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg, &a->signature, &a->cert_info, r)); } diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index 7aa8b77..1beab78 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -245,3 +245,15 @@ int X509_get_signature_nid(const X509 *x) { return OBJ_obj2nid(x->sig_alg.algorithm); } + +#ifndef OPENSSL_NO_SM2 +void X509_set_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id) +{ + x->sm2_id = *sm2_id; +} + +ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x) +{ + return &x->sm2_id; +} +#endif diff --git a/fuzz/oids.txt b/fuzz/oids.txt index eda55e4..8dfdea9 100644 --- a/fuzz/oids.txt +++ b/fuzz/oids.txt @@ -1063,3 +1063,4 @@ OBJ_id_tc26_gost_3410_2012_256_paramSetC="\x2A\x85\x03\x07\x01\x02\x01\x01\x03" OBJ_id_tc26_gost_3410_2012_256_paramSetD="\x2A\x85\x03\x07\x01\x02\x01\x01\x04" OBJ_hmacWithSHA512_224="\x2A\x86\x48\x86\xF7\x0D\x02\x0C" OBJ_hmacWithSHA512_256="\x2A\x86\x48\x86\xF7\x0D\x02\x0D" +OBJ_SM2_with_SM3="\x2A\x81\x1C\xCF\x55\x01\x83\x75" diff --git a/include/crypto/x509.h b/include/crypto/x509.h index 243ea74..418c427 100644 --- a/include/crypto/x509.h +++ b/include/crypto/x509.h @@ -177,7 +177,7 @@ struct x509_st { STACK_OF(DIST_POINT) *crldp; STACK_OF(GENERAL_NAME) *altname; NAME_CONSTRAINTS *nc; -#ifndef OPENSSL_NO_RFC3779 +# ifndef OPENSSL_NO_RFC3779 STACK_OF(IPAddressFamily) *rfc3779_addr; struct ASIdentifiers_st *rfc3779_asid; # endif @@ -185,6 +185,9 @@ struct x509_st { X509_CERT_AUX *aux; CRYPTO_RWLOCK *lock; volatile int ex_cached; +# ifndef OPENSSL_NO_SM2 + ASN1_OCTET_STRING sm2_id; +# endif } /* X509 */ ; /* diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index eb812ed..9b125c1 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/objects.pl * - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at @@ -1179,6 +1179,11 @@ #define NID_sm3WithRSAEncryption 1144 #define OBJ_sm3WithRSAEncryption OBJ_sm_scheme,504L +#define SN_SM2_with_SM3 "SM2-SM3" +#define LN_SM2_with_SM3 "SM2-with-SM3" +#define NID_SM2_with_SM3 1195 +#define OBJ_SM2_with_SM3 OBJ_sm_scheme,501L + #define LN_hmacWithSHA224 "hmacWithSHA224" #define NID_hmacWithSHA224 798 #define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 3ff86ec..5f17057 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -573,6 +573,9 @@ void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x); int X509_get_signature_nid(const X509 *x); +void X509_set_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id); +ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x); + int X509_trusted(const X509 *x); int X509_alias_set1(X509 *x, const unsigned char *name, int len); int X509_keyid_set1(X509 *x, const unsigned char *id, int len); diff --git a/include/openssl/x509err.h b/include/openssl/x509err.h index cd08673..06d75f0 100644 --- a/include/openssl/x509err.h +++ b/include/openssl/x509err.h @@ -81,8 +81,10 @@ int ERR_load_X509_strings(void); # define X509_F_X509_TO_X509_REQ 126 # define X509_F_X509_TRUST_ADD 133 # define X509_F_X509_TRUST_SET 141 +# define X509_F_X509_VERIFY 161 # define X509_F_X509_VERIFY_CERT 127 # define X509_F_X509_VERIFY_PARAM_NEW 159 +# define X509_F_X509_VERIFY_SM2 162 /* * X509 reason codes. diff --git a/util/libcrypto.num b/util/libcrypto.num index 1566231..8635ac4 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4626,3 +4626,5 @@ FIPS_drbg_get_strength 6379 1_1_0g EXIST::FUNCTION: FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION: FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION: FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION: +X509_set_sm2_id 6383 1_1_1m EXIST::FUNCTION: +X509_get0_sm2_id 6384 1_1_1m EXIST::FUNCTION: -- 2.20.1 (Apple Git-117)
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2