From 1bf2cc237e8ac8177a36d179441327f170f96f1b Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 19 Mar 2018 16:17:58 +0000 Subject: [PATCH] Fix no-sm2 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/5673) --- Configure | 1 + crypto/ec/ec_pmeth.c | 43 ++++++++++++++++++++++++------------------- include/openssl/sm2.h | 8 ++++++-- test/evp_test.c | 23 +++++++++++++++++++++++ util/libcrypto.num | 20 ++++++++++---------- 5 files changed, 64 insertions(+), 31 deletions(-) diff --git a/Configure b/Configure index e2c0604cb1..3daba802db 100755 --- a/Configure +++ b/Configure @@ -382,6 +382,7 @@ my @disablables = ( "seed", "shared", "siphash", + "sm2", "sm3", "sm4", "sock", diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 08dda12eeb..7e963d9712 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -205,24 +205,27 @@ static int pkey_ecies_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen) { - int ret, md_type; - EC_PKEY_CTX *dctx = ctx->data; + int ret; EC_KEY *ec = ctx->pkey->pkey.ec; const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); - if (dctx->md) - md_type = EVP_MD_type(dctx->md); - else if (ec_nid == NID_sm2) - md_type = NID_sm3; - else - md_type = NID_sha256; - if (ec_nid == NID_sm2) { # if defined(OPENSSL_NO_SM2) ret = -1; # else + int md_type; + EC_PKEY_CTX *dctx = ctx->data; + + if (dctx->md) + md_type = EVP_MD_type(dctx->md); + else if (ec_nid == NID_sm2) + md_type = NID_sm3; + else + md_type = NID_sha256; + if (out == NULL) { - *outlen = SM2_ciphertext_size(ec, EVP_get_digestbynid(md_type), inlen); + *outlen = SM2_ciphertext_size(ec, EVP_get_digestbynid(md_type), + inlen); ret = 1; } else { @@ -242,22 +245,24 @@ static int pkey_ecies_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen) { - int ret, md_type; - EC_PKEY_CTX *dctx = ctx->data; + int ret; EC_KEY *ec = ctx->pkey->pkey.ec; const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); - if (dctx->md) - md_type = EVP_MD_type(dctx->md); - else if (ec_nid == NID_sm2) - md_type = NID_sm3; - else - md_type = NID_sha256; - if (ec_nid == NID_sm2) { # if defined(OPENSSL_NO_SM2) ret = -1; # else + int md_type; + EC_PKEY_CTX *dctx = ctx->data; + + if (dctx->md) + md_type = EVP_MD_type(dctx->md); + else if (ec_nid == NID_sm2) + md_type = NID_sm3; + else + md_type = NID_sha256; + if (out == NULL) { *outlen = SM2_plaintext_size(ec, EVP_get_digestbynid(md_type), inlen); ret = 1; diff --git a/include/openssl/sm2.h b/include/openssl/sm2.h index 892ffb152a..a3c055b199 100644 --- a/include/openssl/sm2.h +++ b/include/openssl/sm2.h @@ -11,11 +11,14 @@ #ifndef HEADER_SM2_H # define HEADER_SM2_H +# include -# include +# ifndef OPENSSL_NO_SM2 + +# include /* The default user id as specified in GM/T 0009-2012 */ -# define SM2_DEFAULT_USERID "1234567812345678" +# define SM2_DEFAULT_USERID "1234567812345678" int SM2_compute_userid_digest(uint8_t *out, const EVP_MD *digest, @@ -71,4 +74,5 @@ int SM2_decrypt(const EC_KEY *key, int ERR_load_SM2_strings(void); +# endif /* OPENSSL_NO_SM2 */ #endif diff --git a/test/evp_test.c b/test/evp_test.c index 3244da6549..32f843e156 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -2413,6 +2413,23 @@ static char *take_value(PAIR *pp) return p; } +static int key_disabled(EVP_PKEY *pkey) +{ +#if defined(OPENSSL_NO_SM2) && !defined(OPENSSL_NO_EC) + int type = EVP_PKEY_base_id(pkey); + + if (type == EVP_PKEY_EC) { + EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); + int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + + if (nid == NID_sm2) + return 1; + } +#endif /* OPENSSL_NO_SM2 */ + + return 0; +} + /* * Read and parse one test. Return 0 if failure, 1 if okay. */ @@ -2439,6 +2456,7 @@ top: if (strcmp(pp->key, "PrivateKey") == 0) { pkey = PEM_read_bio_PrivateKey(t->s.key, NULL, 0, NULL); if (pkey == NULL && !key_unsupported()) { + EVP_PKEY_free(pkey); TEST_info("Can't read private key %s", pp->value); TEST_openssl_errors(); return 0; @@ -2447,6 +2465,7 @@ top: } else if (strcmp(pp->key, "PublicKey") == 0) { pkey = PEM_read_bio_PUBKEY(t->s.key, NULL, 0, NULL); if (pkey == NULL && !key_unsupported()) { + EVP_PKEY_free(pkey); TEST_info("Can't read public key %s", pp->value); TEST_openssl_errors(); return 0; @@ -2497,6 +2516,10 @@ top: } OPENSSL_free(keybin); } + if (pkey != NULL && key_disabled(pkey)) { + EVP_PKEY_free(pkey); + pkey = NULL; + } /* If we have a key add to list */ if (klist != NULL) { diff --git a/util/libcrypto.num b/util/libcrypto.num index 96cbb2c3df..07d9d27d21 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4514,13 +4514,13 @@ EVP_PKEY_new_CMAC_key 4455 1_1_1 EXIST::FUNCTION: EVP_PKEY_asn1_set_set_priv_key 4456 1_1_1 EXIST::FUNCTION: EVP_PKEY_asn1_set_set_pub_key 4457 1_1_1 EXIST::FUNCTION: RAND_DRBG_set_defaults 4458 1_1_1 EXIST::FUNCTION: -SM2_decrypt 4459 1_1_1 EXIST::FUNCTION: -SM2_do_sign 4460 1_1_1 EXIST::FUNCTION: -SM2_compute_userid_digest 4461 1_1_1 EXIST::FUNCTION: -SM2_encrypt 4462 1_1_1 EXIST::FUNCTION: -SM2_ciphertext_size 4463 1_1_1 EXIST::FUNCTION: -SM2_verify 4464 1_1_1 EXIST::FUNCTION: -SM2_do_verify 4465 1_1_1 EXIST::FUNCTION: -SM2_sign 4466 1_1_1 EXIST::FUNCTION: -ERR_load_SM2_strings 4467 1_1_1 EXIST::FUNCTION: -SM2_plaintext_size 4468 1_1_1 EXIST::FUNCTION: +SM2_decrypt 4459 1_1_1 EXIST::FUNCTION:SM2 +SM2_do_sign 4460 1_1_1 EXIST::FUNCTION:SM2 +SM2_compute_userid_digest 4461 1_1_1 EXIST::FUNCTION:SM2 +SM2_encrypt 4462 1_1_1 EXIST::FUNCTION:SM2 +SM2_ciphertext_size 4463 1_1_1 EXIST::FUNCTION:SM2 +SM2_verify 4464 1_1_1 EXIST::FUNCTION:SM2 +SM2_do_verify 4465 1_1_1 EXIST::FUNCTION:SM2 +SM2_sign 4466 1_1_1 EXIST::FUNCTION:SM2 +ERR_load_SM2_strings 4467 1_1_1 EXIST::FUNCTION:SM2 +SM2_plaintext_size 4468 1_1_1 EXIST::FUNCTION:SM2 -- GitLab