Projects
home:Eustace:branches:Eulaceura:Factory
compat-openssl11
_service:obs_scm:Backport-Support-parsing-of-SM...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:obs_scm:Backport-Support-parsing-of-SM2-ID-in-hexdecimal.patch of Package compat-openssl11
From 1d9e832e41858b13a96899d842afd183f1c66c48 Mon Sep 17 00:00:00 2001 From: Paul Yang <kaishen.yy@antfin.com> Date: Tue, 30 Jul 2019 23:05:44 +0800 Subject: [PATCH 11/15] Support parsing of SM2 ID in hexdecimal The current EVP_PEKY_ctrl for SM2 has no capability of parsing an ID input in hexdecimal. The newly added ctrl string is called: sm2_hex_id Test cases and documentation are updated. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9584) --- crypto/sm2/sm2_pmeth.c | 19 +++++++++++++++++++ doc/man1/pkeyutl.pod | 7 +++++++ include/openssl/ec.h | 1 - test/recipes/25-test_req.t | 15 +++++++++++++-- 4 files changed, 39 insertions(+), 3 deletions(-) diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c index 837bdc1..9551d70 100644 --- a/crypto/sm2/sm2_pmeth.c +++ b/crypto/sm2/sm2_pmeth.c @@ -232,6 +232,10 @@ static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) static int pkey_sm2_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) { + uint8_t *hex_id; + long hex_len = 0; + int ret = 0; + if (strcmp(type, "ec_paramgen_curve") == 0) { int nid = NID_undef; @@ -255,6 +259,21 @@ static int pkey_sm2_ctrl_str(EVP_PKEY_CTX *ctx, } else if (strcmp(type, "sm2_id") == 0) { return pkey_sm2_ctrl(ctx, EVP_PKEY_CTRL_SET1_ID, (int)strlen(value), (void *)value); + } else if (strcmp(type, "sm2_hex_id") == 0) { + /* + * TODO(3.0): reconsider the name "sm2_hex_id", OR change + * OSSL_PARAM_construct_from_text() / OSSL_PARAM_allocate_from_text() + * to handle infix "_hex_" + */ + hex_id = OPENSSL_hexstr2buf((const char *)value, &hex_len); + if (hex_id == NULL) { + SM2err(SM2_F_PKEY_SM2_CTRL_STR, ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } + ret = pkey_sm2_ctrl(ctx, EVP_PKEY_CTRL_SET1_ID, (int)hex_len, + (void *)hex_id); + OPENSSL_free(hex_id); + return ret; } return -2; diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod index f0f80af..1a742ab 100644 --- a/doc/man1/pkeyutl.pod +++ b/doc/man1/pkeyutl.pod @@ -329,6 +329,13 @@ This sets the ID string used in SM2 sign or verify operations. While verifying an SM2 signature, the ID string must be the same one used when signing the data. Otherwise the verification will fail. +=item B<sm2_hex_id:hex_string> + +This sets the ID string used in SM2 sign or verify operations. While verifying +an SM2 signature, the ID string must be the same one used when signing the data. +Otherwise the verification will fail. The ID string provided with this option +should be a valid hexadecimal value. + =back =head1 EXAMPLES diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 24baf53..e8c8869 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1444,7 +1444,6 @@ void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, # define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \ EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id)) - # define EVP_PKEY_CTX_get1_id(ctx, id) \ EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id)) diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t index 8289959..d53e577 100644 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -182,10 +182,10 @@ subtest "generating certificate requests" => sub { }; subtest "generating SM2 certificate requests" => sub { - plan tests => 2; + plan tests => 4; SKIP: { - skip "SM2 is not supported by this OpenSSL build", 2 + skip "SM2 is not supported by this OpenSSL build", 4 if disabled("sm2"); ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), "-new", "-key", srctop_file("test", "certs", "sm2.key"), @@ -197,6 +197,17 @@ subtest "generating SM2 certificate requests" => sub { "-verify", "-in", "testreq.pem", "-noout", "-sm2-id", "1234567812345678", "-sm3"])), "Verifying signature on SM2 certificate request"); + + ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), + "-new", "-key", srctop_file("test", "certs", "sm2.key"), + "-sigopt", "sm2_hex_id:DEADBEEF", + "-out", "testreq.pem", "-sm3"])), + "Generating SM2 certificate request with hex id"); + + ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), + "-verify", "-in", "testreq.pem", "-noout", + "-sm2-hex-id", "DEADBEEF", "-sm3"])), + "Verifying signature on SM2 certificate request"); } }; -- 2.20.1 (Apple Git-117)
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2