未验证 提交 d3e18d7a 编写于 作者: O openharmony_ci 提交者: Gitee

!98 release1.0.1分支修复CVE漏洞CVE-2021-3711 and CVE-2021-3712

Merge pull request !98 from wanghao-free/OpenHarmony_1.0.1_release
...@@ -38,7 +38,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) ...@@ -38,7 +38,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
} }
chal = spki->spkac->challenge; chal = spki->spkac->challenge;
if (chal->length) if (chal->length)
BIO_printf(out, " Challenge String: %s\n", chal->data); BIO_printf(out, " Challenge String: %.*s\n", chal->length, chal->data);
i = OBJ_obj2nid(spki->sig_algor.algorithm); i = OBJ_obj2nid(spki->sig_algor.algorithm);
BIO_printf(out, " Signature Algorithm: %s", BIO_printf(out, " Signature Algorithm: %s",
(i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
......
...@@ -747,7 +747,10 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) ...@@ -747,7 +747,10 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
ret->seed_len = params->curve->seed->length; ret->seed_len = params->curve->seed->length;
} }
if (!params->order || !params->base || !params->base->data) { if (params->order == NULL
|| params->base == NULL
|| params->base->data == NULL
|| params->base->length == 0) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR); ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
goto err; goto err;
} }
......
...@@ -61,29 +61,20 @@ static size_t ec_field_size(const EC_GROUP *group) ...@@ -61,29 +61,20 @@ static size_t ec_field_size(const EC_GROUP *group)
return field_size; return field_size;
} }
int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size)
size_t *pt_size)
{ {
const size_t field_size = ec_field_size(EC_KEY_get0_group(key)); struct SM2_Ciphertext_st *sm2_ctext = NULL;
const int md_size = EVP_MD_size(digest);
size_t overhead;
if (md_size < 0) { sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size);
SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_DIGEST);
return 0;
}
if (field_size == 0) {
SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_FIELD);
return 0;
}
overhead = 10 + 2 * field_size + (size_t)md_size; if (sm2_ctext == NULL) {
if (msg_len <= overhead) {
SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_ENCODING); SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_ENCODING);
return 0; return 0;
} }
*pt_size = msg_len - overhead; *pt_size = sm2_ctext->C2->length;
SM2_Ciphertext_free(sm2_ctext);
return 1; return 1;
} }
......
...@@ -151,7 +151,7 @@ static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx, ...@@ -151,7 +151,7 @@ static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx,
const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md; const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md;
if (out == NULL) { if (out == NULL) {
if (!sm2_plaintext_size(ec, md, inlen, outlen)) if (!sm2_plaintext_size(in, inlen, outlen))
return -1; return -1;
else else
return 1; return 1;
......
...@@ -9,6 +9,7 @@ ...@@ -9,6 +9,7 @@
#include <stdio.h> #include <stdio.h>
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include "crypto/x509.h"
#include <openssl/conf.h> #include <openssl/conf.h>
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include "ext_dat.h" #include "ext_dat.h"
...@@ -99,17 +100,20 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, ...@@ -99,17 +100,20 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
break; break;
case GEN_EMAIL: case GEN_EMAIL:
if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret)) if (!x509v3_add_len_value_uchar("email", gen->d.ia5->data,
gen->d.ia5->length, &ret))
return NULL; return NULL;
break; break;
case GEN_DNS: case GEN_DNS:
if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret)) if (!x509v3_add_len_value_uchar("DNS", gen->d.ia5->data,
gen->d.ia5->length, &ret))
return NULL; return NULL;
break; break;
case GEN_URI: case GEN_URI:
if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret)) if (!x509v3_add_len_value_uchar("URI", gen->d.ia5->data,
gen->d.ia5->length, &ret))
return NULL; return NULL;
break; break;
......
...@@ -422,7 +422,8 @@ static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, ...@@ -422,7 +422,8 @@ static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
qualinfo = sk_POLICYQUALINFO_value(quals, i); qualinfo = sk_POLICYQUALINFO_value(quals, i);
switch (OBJ_obj2nid(qualinfo->pqualid)) { switch (OBJ_obj2nid(qualinfo->pqualid)) {
case NID_id_qt_cps: case NID_id_qt_cps:
BIO_printf(out, "%*sCPS: %s\n", indent, "", BIO_printf(out, "%*sCPS: %.*s\n", indent, "",
qualinfo->d.cpsuri->length,
qualinfo->d.cpsuri->data); qualinfo->d.cpsuri->data);
break; break;
...@@ -447,7 +448,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) ...@@ -447,7 +448,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent)
if (notice->noticeref) { if (notice->noticeref) {
NOTICEREF *ref; NOTICEREF *ref;
ref = notice->noticeref; ref = notice->noticeref;
BIO_printf(out, "%*sOrganization: %s\n", indent, "", BIO_printf(out, "%*sOrganization: %.*s\n", indent, "",
ref->organization->length,
ref->organization->data); ref->organization->data);
BIO_printf(out, "%*sNumber%s: ", indent, "", BIO_printf(out, "%*sNumber%s: ", indent, "",
sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
...@@ -470,7 +472,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) ...@@ -470,7 +472,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent)
BIO_puts(out, "\n"); BIO_puts(out, "\n");
} }
if (notice->exptext) if (notice->exptext)
BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "",
notice->exptext->length,
notice->exptext->data); notice->exptext->data);
} }
......
...@@ -63,8 +63,31 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = { ...@@ -63,8 +63,31 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
#define IA5_OFFSET_LEN(ia5base, offset) \
((ia5base)->length - ((unsigned char *)(offset) - (ia5base)->data))
/* Like memchr but for ASN1_IA5STRING. Additionally you can specify the
* starting point to search from
*/
# define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start))
/* Like memrrchr but for ASN1_IA5STRING */
static char *ia5memrchr(ASN1_IA5STRING *str, int c)
{
int i;
for (i = str->length; i > 0 && str->data[i - 1] != c; i--);
if (i == 0)
return NULL;
return (char *)&str->data[i - 1];
}
/* /*
* We cannot use strncasecmp here because that applies locale specific rules. * We cannot use strncasecmp here because that applies locale specific rules. It
* also doesn't work with ASN1_STRINGs that may have embedded NUL characters.
* For example in Turkish 'I' is not the uppercase character for 'i'. We need to * For example in Turkish 'I' is not the uppercase character for 'i'. We need to
* do a simple ASCII case comparison ignoring the locale (that is why we use * do a simple ASCII case comparison ignoring the locale (that is why we use
* numeric constants below). * numeric constants below).
...@@ -89,20 +112,12 @@ static int ia5ncasecmp(const char *s1, const char *s2, size_t n) ...@@ -89,20 +112,12 @@ static int ia5ncasecmp(const char *s1, const char *s2, size_t n)
/* c1 > c2 */ /* c1 > c2 */
return 1; return 1;
} else if (*s1 == 0) {
/* If we get here we know that *s2 == 0 too */
return 0;
} }
} }
return 0; return 0;
} }
static int ia5casecmp(const char *s1, const char *s2)
{
return ia5ncasecmp(s1, s2, SIZE_MAX);
}
static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
{ {
...@@ -337,7 +352,7 @@ static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen) ...@@ -337,7 +352,7 @@ static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen)
--utf8_length; --utf8_length;
/* Reject *embedded* NULs */ /* Reject *embedded* NULs */
if ((size_t)utf8_length != strlen((char *)utf8_value)) { if (memchr(utf8_value, 0, utf8_length) != NULL) {
OPENSSL_free(utf8_value); OPENSSL_free(utf8_value);
return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
} }
...@@ -536,9 +551,14 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) ...@@ -536,9 +551,14 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
{ {
char *baseptr = (char *)base->data; char *baseptr = (char *)base->data;
char *dnsptr = (char *)dns->data; char *dnsptr = (char *)dns->data;
/* Empty matches everything */ /* Empty matches everything */
if (!*baseptr) if (base->length == 0)
return X509_V_OK; return X509_V_OK;
if (dns->length < base->length)
return X509_V_ERR_PERMITTED_VIOLATION;
/* /*
* Otherwise can add zero or more components on the left so compare RHS * Otherwise can add zero or more components on the left so compare RHS
* and if dns is longer and expect '.' as preceding character. * and if dns is longer and expect '.' as preceding character.
...@@ -549,7 +569,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) ...@@ -549,7 +569,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_ERR_PERMITTED_VIOLATION;
} }
if (ia5casecmp(baseptr, dnsptr)) if (ia5ncasecmp(baseptr, dnsptr, base->length))
return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK; return X509_V_OK;
...@@ -560,16 +580,17 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) ...@@ -560,16 +580,17 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
{ {
const char *baseptr = (char *)base->data; const char *baseptr = (char *)base->data;
const char *emlptr = (char *)eml->data; const char *emlptr = (char *)eml->data;
const char *baseat = ia5memrchr(base, '@');
const char *emlat = ia5memrchr(eml, '@');
size_t basehostlen, emlhostlen;
const char *baseat = strchr(baseptr, '@');
const char *emlat = strchr(emlptr, '@');
if (!emlat) if (!emlat)
return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
/* Special case: initial '.' is RHS match */ /* Special case: initial '.' is RHS match */
if (!baseat && (*baseptr == '.')) { if (!baseat && base->length > 0 && (*baseptr == '.')) {
if (eml->length > base->length) { if (eml->length > base->length) {
emlptr += eml->length - base->length; emlptr += eml->length - base->length;
if (ia5casecmp(baseptr, emlptr) == 0) if (ia5ncasecmp(baseptr, emlptr, base->length) == 0)
return X509_V_OK; return X509_V_OK;
} }
return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_ERR_PERMITTED_VIOLATION;
...@@ -589,8 +610,10 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) ...@@ -589,8 +610,10 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
baseptr = baseat + 1; baseptr = baseat + 1;
} }
emlptr = emlat + 1; emlptr = emlat + 1;
basehostlen = IA5_OFFSET_LEN(base, baseptr);
emlhostlen = IA5_OFFSET_LEN(eml, emlptr);
/* Just have hostname left to match: case insensitive */ /* Just have hostname left to match: case insensitive */
if (ia5casecmp(baseptr, emlptr)) if (basehostlen != emlhostlen || ia5ncasecmp(baseptr, emlptr, emlhostlen))
return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK; return X509_V_OK;
...@@ -601,10 +624,14 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) ...@@ -601,10 +624,14 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
{ {
const char *baseptr = (char *)base->data; const char *baseptr = (char *)base->data;
const char *hostptr = (char *)uri->data; const char *hostptr = (char *)uri->data;
const char *p = strchr(hostptr, ':'); const char *p = ia5memchr(uri, (char *)uri->data, ':');
int hostlen; int hostlen;
/* Check for foo:// and skip past it */ /* Check for foo:// and skip past it */
if (!p || (p[1] != '/') || (p[2] != '/')) if (p == NULL
|| IA5_OFFSET_LEN(uri, p) < 3
|| p[1] != '/'
|| p[2] != '/')
return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
hostptr = p + 3; hostptr = p + 3;
...@@ -612,13 +639,13 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) ...@@ -612,13 +639,13 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
/* Look for a port indicator as end of hostname first */ /* Look for a port indicator as end of hostname first */
p = strchr(hostptr, ':'); p = ia5memchr(uri, hostptr, ':');
/* Otherwise look for trailing slash */ /* Otherwise look for trailing slash */
if (!p) if (p == NULL)
p = strchr(hostptr, '/'); p = ia5memchr(uri, hostptr, '/');
if (!p) if (p == NULL)
hostlen = strlen(hostptr); hostlen = IA5_OFFSET_LEN(uri, hostptr);
else else
hostlen = p - hostptr; hostlen = p - hostptr;
...@@ -626,7 +653,7 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) ...@@ -626,7 +653,7 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
/* Special case: initial '.' is RHS match */ /* Special case: initial '.' is RHS match */
if (*baseptr == '.') { if (base->length > 0 && *baseptr == '.') {
if (hostlen > base->length) { if (hostlen > base->length) {
p = hostptr + hostlen - base->length; p = hostptr + hostlen - base->length;
if (ia5ncasecmp(p, baseptr, base->length) == 0) if (ia5ncasecmp(p, baseptr, base->length) == 0)
......
...@@ -77,7 +77,8 @@ static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, ...@@ -77,7 +77,8 @@ static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
BIO_puts(out, "\n"); BIO_puts(out, "\n");
if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "",
pci->proxyPolicy->policy->length,
pci->proxyPolicy->policy->data); pci->proxyPolicy->policy->data);
return 1; return 1;
} }
......
...@@ -12,6 +12,7 @@ ...@@ -12,6 +12,7 @@
#include "e_os.h" #include "e_os.h"
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <stdio.h> #include <stdio.h>
#include <string.h>
#include "crypto/ctype.h" #include "crypto/ctype.h"
#include <openssl/conf.h> #include <openssl/conf.h>
#include <openssl/crypto.h> #include <openssl/crypto.h>
...@@ -34,17 +35,26 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen); ...@@ -34,17 +35,26 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen);
/* Add a CONF_VALUE name value pair to stack */ /* Add a CONF_VALUE name value pair to stack */
int X509V3_add_value(const char *name, const char *value, static int x509v3_add_len_value(const char *name, const char *value,
STACK_OF(CONF_VALUE) **extlist) size_t vallen, STACK_OF(CONF_VALUE) **extlist)
{ {
CONF_VALUE *vtmp = NULL; CONF_VALUE *vtmp = NULL;
char *tname = NULL, *tvalue = NULL; char *tname = NULL, *tvalue = NULL;
int sk_allocated = (*extlist == NULL); int sk_allocated = (*extlist == NULL);
if (name && (tname = OPENSSL_strdup(name)) == NULL) if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL)
goto err;
if (value && (tvalue = OPENSSL_strdup(value)) == NULL)
goto err; goto err;
if (value != NULL && vallen > 0) {
/*
* We tolerate a single trailing NUL character, but otherwise no
* embedded NULs
*/
if (memchr(value, 0, vallen - 1) != NULL)
goto err;
tvalue = OPENSSL_strndup(value, vallen);
if (tvalue == NULL)
goto err;
}
if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL) if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL)
goto err; goto err;
if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL) if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL)
...@@ -67,10 +77,26 @@ int X509V3_add_value(const char *name, const char *value, ...@@ -67,10 +77,26 @@ int X509V3_add_value(const char *name, const char *value,
return 0; return 0;
} }
int X509V3_add_value(const char *name, const char *value,
STACK_OF(CONF_VALUE) **extlist)
{
return x509v3_add_len_value(name, value,
value != NULL ? strlen((const char *)value) : 0,
extlist);
}
int X509V3_add_value_uchar(const char *name, const unsigned char *value, int X509V3_add_value_uchar(const char *name, const unsigned char *value,
STACK_OF(CONF_VALUE) **extlist) STACK_OF(CONF_VALUE) **extlist)
{ {
return X509V3_add_value(name, (const char *)value, extlist); return x509v3_add_len_value(name, (const char *)value,
value != NULL ? strlen((const char *)value) : 0,
extlist);
}
int x509v3_add_len_value_uchar(const char *name, const unsigned char *value,
size_t vallen, STACK_OF(CONF_VALUE) **extlist)
{
return x509v3_add_len_value(name, (const char *)value, vallen, extlist);
} }
/* Free function for STACK_OF(CONF_VALUE) */ /* Free function for STACK_OF(CONF_VALUE) */
...@@ -502,18 +528,26 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email ...@@ -502,18 +528,26 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email
/* First some sanity checks */ /* First some sanity checks */
if (email->type != V_ASN1_IA5STRING) if (email->type != V_ASN1_IA5STRING)
return 1; return 1;
if (!email->data || !email->length) if (email->data == NULL || email->length == 0)
return 1;
if (memchr(email->data, 0, email->length) != NULL)
return 1; return 1;
if (*sk == NULL) if (*sk == NULL)
*sk = sk_OPENSSL_STRING_new(sk_strcmp); *sk = sk_OPENSSL_STRING_new(sk_strcmp);
if (*sk == NULL) if (*sk == NULL)
return 0; return 0;
emtmp = OPENSSL_strndup((char *)email->data, email->length);
if (emtmp == NULL)
return 0;
/* Don't add duplicates */ /* Don't add duplicates */
if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) {
OPENSSL_free(emtmp);
return 1; return 1;
emtmp = OPENSSL_strdup((char *)email->data); }
if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) { if (!sk_OPENSSL_STRING_push(*sk, emtmp)) {
OPENSSL_free(emtmp); /* free on push failure */ OPENSSL_free(emtmp); /* free on push failure */
X509_email_free(*sk); X509_email_free(*sk);
*sk = NULL; *sk = NULL;
return 0; return 0;
......
...@@ -60,8 +60,7 @@ int sm2_verify(const unsigned char *dgst, int dgstlen, ...@@ -60,8 +60,7 @@ int sm2_verify(const unsigned char *dgst, int dgstlen,
int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
size_t *ct_size); size_t *ct_size);
int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size);
size_t *pt_size);
int sm2_encrypt(const EC_KEY *key, int sm2_encrypt(const EC_KEY *key,
const EVP_MD *digest, const EVP_MD *digest,
......
...@@ -8,6 +8,8 @@ ...@@ -8,6 +8,8 @@
*/ */
#include "internal/refcount.h" #include "internal/refcount.h"
#include <openssl/x509.h>
#include <openssl/conf.h>
/* Internal X509 structures and functions: not for application use */ /* Internal X509 structures and functions: not for application use */
...@@ -284,3 +286,6 @@ int a2i_ipadd(unsigned char *ipout, const char *ipasc); ...@@ -284,3 +286,6 @@ int a2i_ipadd(unsigned char *ipout, const char *ipasc);
int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm); int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
void x509_init_sig_info(X509 *x); void x509_init_sig_info(X509 *x);
int x509v3_add_len_value_uchar(const char *name, const unsigned char *value,
size_t vallen, STACK_OF(CONF_VALUE) **extlist);
...@@ -185,7 +185,7 @@ static int test_sm2_crypt(const EC_GROUP *group, ...@@ -185,7 +185,7 @@ static int test_sm2_crypt(const EC_GROUP *group,
if (!TEST_mem_eq(ctext, ctext_len, expected, ctext_len)) if (!TEST_mem_eq(ctext, ctext_len, expected, ctext_len))
goto done; goto done;
if (!TEST_true(sm2_plaintext_size(key, digest, ctext_len, &ptext_len)) if (!TEST_true(sm2_plaintext_size(ctext, ctext_len, &ptext_len))
|| !TEST_int_eq(ptext_len, msg_len)) || !TEST_int_eq(ptext_len, msg_len))
goto done; goto done;
......
...@@ -330,10 +330,12 @@ static int test_x509_time(int idx) ...@@ -330,10 +330,12 @@ static int test_x509_time(int idx)
/* if t is not NULL but expected_string is NULL, it is an 'OK' case too */ /* if t is not NULL but expected_string is NULL, it is an 'OK' case too */
if (t != NULL && x509_format_tests[idx].expected_string) { if (t != NULL && x509_format_tests[idx].expected_string) {
if (!TEST_str_eq((const char *)t->data, if (!TEST_mem_eq((const char *)t->data, t->length,
x509_format_tests[idx].expected_string)) { x509_format_tests[idx].expected_string,
TEST_info("test_x509_time(%d) failed: expected_string %s, got %s\n", strlen(x509_format_tests[idx].expected_string))) {
idx, x509_format_tests[idx].expected_string, t->data); TEST_info("test_x509_time(%d) failed: expected_string %s, got %.*s\n",
idx, x509_format_tests[idx].expected_string, t->length,
t->data);
goto out; goto out;
} }
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册