packages/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support sm2 CMS signature and default sm2 id

Browse Source
This commit is contained in:
Huaxin Lu 2023-09-01 21:21:32 +08:00
parent 2d4cc130cc
commit 460a914ab2
3 changed files with 106 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
Feature-support-SM2-CMS-signature.patch Normal file
View File

@ -0,0 +1,41 @@
From e7f35b6f10599a574acb3bcca40845eeccfdc63b Mon Sep 17 00:00:00 2001
From: Huaxin Lu <luhuaxin1@huawei.com>
Date: Fri, 1 Sep 2023 20:08:46 +0800
Subject: [PATCH] Support SM2 CMS signature
Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
---
crypto/cms/cms_sd.c | 2 +-
crypto/evp/p_lib.c | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 34c021b..093b41c 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -232,7 +232,7 @@ static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
EVP_PKEY *pkey = si->pkey;
int i;
- if (EVP_PKEY_is_a(pkey, "DSA") || EVP_PKEY_is_a(pkey, "EC"))
+ if (EVP_PKEY_is_a(pkey, "DSA") || EVP_PKEY_is_a(pkey, "EC") || EVP_PKEY_is_a(pkey, "SM2"))
return ossl_cms_ecdsa_dsa_sign(si, cmd);
else if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS"))
return ossl_cms_rsa_sign(si, cmd);
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index f6acb5b..9567bb0 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -982,6 +982,9 @@ int EVP_PKEY_type(int type)
int EVP_PKEY_get_id(const EVP_PKEY *pkey)
{
+ if (EVP_PKEY_is_a(pkey, "SM2")) {
+ return EVP_PKEY_SM2;
+ }
return pkey->type;
}
--
2.33.0

59
Feature-use-default-id-if-SM2-id-is-not-set.patch Normal file
View File

@ -0,0 +1,59 @@
From 12f6ee3806c1f04a682b4c31aeb510a2dca602ef Mon Sep 17 00:00:00 2001
From: Huaxin Lu <luhuaxin1@huawei.com>
Date: Fri, 1 Sep 2023 20:27:45 +0800
Subject: [PATCH] use default id if SM2 id is not set
Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
---
crypto/sm2/sm2_sign.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c
index ff5be9b..33d3a73 100644
--- a/crypto/sm2/sm2_sign.c
+++ b/crypto/sm2/sm2_sign.c
@@ -42,6 +42,8 @@ int ossl_sm2_compute_z_digest(uint8_t *out,
uint8_t *buf = NULL;
uint16_t entl = 0;
uint8_t e_byte = 0;
+ const uint8_t *f_id = id;
+ size_t f_id_len = id_len;
hash = EVP_MD_CTX_new();
ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(key));
@@ -68,15 +70,21 @@ int ossl_sm2_compute_z_digest(uint8_t *out,
goto done;
}
+ /* if id is not set, use default id */
+ if (f_id == NULL || f_id_len == 0) {
+ f_id = (const uint8_t *)SM2_DEFAULT_USERID;
+ f_id_len = strlen(SM2_DEFAULT_USERID);
+ }
+
/* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */
- if (id_len >= (UINT16_MAX / 8)) {
+ if (f_id_len >= (UINT16_MAX / 8)) {
/* too large */
ERR_raise(ERR_LIB_SM2, SM2_R_ID_TOO_LARGE);
goto done;
}
- entl = (uint16_t)(8 * id_len);
+ entl = (uint16_t)(8 * f_id_len);
e_byte = entl >> 8;
if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
@@ -89,7 +97,7 @@ int ossl_sm2_compute_z_digest(uint8_t *out,
goto done;
}
- if (id_len > 0 && !EVP_DigestUpdate(hash, id, id_len)) {
+ if (f_id_len > 0 && !EVP_DigestUpdate(hash, f_id, f_id_len)) {
ERR_raise(ERR_LIB_SM2, ERR_R_EVP_LIB);
goto done;
}
--
2.33.0

7
openssl.spec
View File

@ -2,7 +2,7 @@
Name: openssl Name: openssl
Epoch: 1 Epoch: 1
Version: 3.0.9 Version: 3.0.9
Release: 2 Release: 3
Summary: Cryptography and SSL/TLS Toolkit Summary: Cryptography and SSL/TLS Toolkit
License: OpenSSL and SSLeay License: OpenSSL and SSLeay
URL: https://www.openssl.org/ URL: https://www.openssl.org/
@ -30,6 +30,8 @@ Patch18: backport-Fix-DH_check-excessive-time-with-over-sized-modulus.patch
Patch19: backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch Patch19: backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch
Patch20: backport-DH_check-Do-not-try-checking-q-properties-if-it-is-o.patch Patch20: backport-DH_check-Do-not-try-checking-q-properties-if-it-is-o.patch
Patch21: backport-dhtest.c-Add-test-of-DH_check-with-q-p-1.patch Patch21: backport-dhtest.c-Add-test-of-DH_check-with-q-p-1.patch
Patch22: Feature-support-SM2-CMS-signature.patch
Patch23: Feature-use-default-id-if-SM2-id-is-not-set.patch
BuildRequires: gcc gcc-c++ perl make lksctp-tools-devel coreutils util-linux zlib-devel BuildRequires: gcc gcc-c++ perl make lksctp-tools-devel coreutils util-linux zlib-devel
Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
@ -230,6 +232,9 @@ make test || :
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Wed Sep 13 2023 luhuaxin <luhuaxin1@huawei.com> - 1:3.0.9-3
- Support SM2 CMS signature and use SM2 default id
* Tue Aug 08 2023 zhujianwei <zhujianwei7@huawei.com> - 1:3.0.9-2 * Tue Aug 08 2023 zhujianwei <zhujianwei7@huawei.com> - 1:3.0.9-2
- fix CVE-2023-2975 CVE-2023-3446 CVE-2023-3816 - fix CVE-2023-2975 CVE-2023-3446 CVE-2023-3816