Bugfix for SM2 certificate chain verify
This commit is contained in:
Huaxin Lu
parent
a4a25552fe
commit
aa056b2188
@ -1,7 +1,7 @@
|
|||||||
From 9137b68d161ccb95b1019c4885d0519ebbf4678a Mon Sep 17 00:00:00 2001
|
From df8dab733a8795e896acfd459b2b9adc9607e831 Mon Sep 17 00:00:00 2001
|
||||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||||
Date: Mon, 7 Nov 2022 11:46:33 +0800
|
Date: Mon, 7 Nov 2022 11:46:33 +0800
|
||||||
Subject: [PATCH 4/5] shim cryptlib support sm2 signature verify
|
Subject: [PATCH 1/2] shim cryptlib support sm2 signature verify
|
||||||
|
|
||||||
Co-authored-by: Yusong Gao <gaoyusong2@huawei.com>
|
Co-authored-by: Yusong Gao <gaoyusong2@huawei.com>
|
||||||
Signed-off-by: Yusong Gao <gaoyusong2@huawei.com>
|
Signed-off-by: Yusong Gao <gaoyusong2@huawei.com>
|
||||||
@ -12,9 +12,9 @@ Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
|
|||||||
Cryptlib/Include/openssl/ec.h | 20 ++
|
Cryptlib/Include/openssl/ec.h | 20 ++
|
||||||
Cryptlib/Include/openssl/ecdsa.h | 7 +
|
Cryptlib/Include/openssl/ecdsa.h | 7 +
|
||||||
Cryptlib/Include/openssl/err.h | 6 +
|
Cryptlib/Include/openssl/err.h | 6 +
|
||||||
Cryptlib/Include/openssl/evp.h | 25 +++
|
Cryptlib/Include/openssl/evp.h | 27 ++-
|
||||||
Cryptlib/Include/openssl/obj_mac.h | 33 +++
|
Cryptlib/Include/openssl/obj_mac.h | 33 +++
|
||||||
Cryptlib/Include/openssl/opensslconf.h | 8 +-
|
Cryptlib/Include/openssl/opensslconf.h | 7 +-
|
||||||
Cryptlib/Include/openssl/x509.h | 7 +
|
Cryptlib/Include/openssl/x509.h | 7 +
|
||||||
Cryptlib/Library/BaseCryptLib.h | 111 ++++++++++
|
Cryptlib/Library/BaseCryptLib.h | 111 ++++++++++
|
||||||
Cryptlib/Makefile | 6 +
|
Cryptlib/Makefile | 6 +
|
||||||
@ -27,7 +27,7 @@ Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
|
|||||||
Cryptlib/OpenSSL/crypto/err/err.c | 1 +
|
Cryptlib/OpenSSL/crypto/err/err.c | 1 +
|
||||||
Cryptlib/OpenSSL/crypto/evp/c_alld.c | 3 +
|
Cryptlib/OpenSSL/crypto/evp/c_alld.c | 3 +
|
||||||
Cryptlib/OpenSSL/crypto/evp/digest.c | 62 +++++-
|
Cryptlib/OpenSSL/crypto/evp/digest.c | 62 +++++-
|
||||||
Cryptlib/OpenSSL/crypto/evp/evp_lib.c | 5 +
|
Cryptlib/OpenSSL/crypto/evp/evp_lib.c | 24 +++
|
||||||
Cryptlib/OpenSSL/crypto/evp/evp_locl.h | 10 +
|
Cryptlib/OpenSSL/crypto/evp/evp_locl.h | 10 +
|
||||||
Cryptlib/OpenSSL/crypto/evp/m_sigver.c | 17 ++
|
Cryptlib/OpenSSL/crypto/evp/m_sigver.c | 17 ++
|
||||||
Cryptlib/OpenSSL/crypto/evp/p_lib.c | 44 ++++
|
Cryptlib/OpenSSL/crypto/evp/p_lib.c | 44 ++++
|
||||||
@ -37,14 +37,14 @@ Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
|
|||||||
Cryptlib/OpenSSL/crypto/objects/obj_dat.h | 46 +++-
|
Cryptlib/OpenSSL/crypto/objects/obj_dat.h | 46 +++-
|
||||||
Cryptlib/OpenSSL/crypto/objects/obj_xref.h | 2 +
|
Cryptlib/OpenSSL/crypto/objects/obj_xref.h | 2 +
|
||||||
Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c | 34 ++-
|
Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c | 34 ++-
|
||||||
Cryptlib/OpenSSL/crypto/x509/x_all.c | 142 +++++++++++++
|
Cryptlib/OpenSSL/crypto/x509/x_all.c | 145 +++++++++++++
|
||||||
Cryptlib/Pk/CryptPkcs7Verify.c | 5 +
|
Cryptlib/Pk/CryptPkcs7Verify.c | 5 +
|
||||||
32 files changed, 997 insertions(+), 38 deletions(-)
|
32 files changed, 1020 insertions(+), 38 deletions(-)
|
||||||
create mode 100644 Cryptlib/Hash/CryptSm3.c
|
create mode 100644 Cryptlib/Hash/CryptSm3.c
|
||||||
|
|
||||||
diff --git a/Cryptlib/Hash/CryptSm3.c b/Cryptlib/Hash/CryptSm3.c
|
diff --git a/Cryptlib/Hash/CryptSm3.c b/Cryptlib/Hash/CryptSm3.c
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..c522365
|
index 0000000..84d7acc
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/Cryptlib/Hash/CryptSm3.c
|
+++ b/Cryptlib/Hash/CryptSm3.c
|
||||||
@@ -0,0 +1,231 @@
|
@@ -0,0 +1,231 @@
|
||||||
@ -271,7 +271,7 @@ index 0000000..c522365
|
|||||||
+ //
|
+ //
|
||||||
+ // OpenSSL SM3 Hash Computation.
|
+ // OpenSSL SM3 Hash Computation.
|
||||||
+ //
|
+ //
|
||||||
+
|
+
|
||||||
+ SM3_CTX c;
|
+ SM3_CTX c;
|
||||||
+ sm3_init(&c);
|
+ sm3_init(&c);
|
||||||
+ sm3_update(&c, Data, DataSize);
|
+ sm3_update(&c, Data, DataSize);
|
||||||
@ -433,7 +433,7 @@ index 5a01980..c8286e1 100644
|
|||||||
/*
|
/*
|
||||||
* 99 is the maximum possible ERR_R_... code, higher values are reserved for
|
* 99 is the maximum possible ERR_R_... code, higher values are reserved for
|
||||||
diff --git a/Cryptlib/Include/openssl/evp.h b/Cryptlib/Include/openssl/evp.h
|
diff --git a/Cryptlib/Include/openssl/evp.h b/Cryptlib/Include/openssl/evp.h
|
||||||
index 376f260..4e1d9bb 100644
|
index 376f260..26e8f04 100644
|
||||||
--- a/Cryptlib/Include/openssl/evp.h
|
--- a/Cryptlib/Include/openssl/evp.h
|
||||||
+++ b/Cryptlib/Include/openssl/evp.h
|
+++ b/Cryptlib/Include/openssl/evp.h
|
||||||
@@ -115,6 +115,7 @@
|
@@ -115,6 +115,7 @@
|
||||||
@ -457,16 +457,17 @@ index 376f260..4e1d9bb 100644
|
|||||||
/*
|
/*
|
||||||
* Type needs to be a bit field Sub-type needs to be for variations on the
|
* Type needs to be a bit field Sub-type needs to be for variations on the
|
||||||
* method, as in, can it do arbitrary encryption....
|
* method, as in, can it do arbitrary encryption....
|
||||||
@@ -526,6 +533,8 @@ const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
|
@@ -526,6 +533,9 @@ const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
|
||||||
# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e))
|
# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e))
|
||||||
# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e))
|
# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e))
|
||||||
|
|
||||||
|
+void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx);
|
||||||
+void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
|
+void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
|
||||||
+
|
+
|
||||||
int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
|
int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
|
||||||
# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
|
# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
|
||||||
int EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
|
int EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
|
||||||
@@ -583,6 +592,9 @@ int EVP_Cipher(EVP_CIPHER_CTX *c,
|
@@ -583,6 +593,9 @@ int EVP_Cipher(EVP_CIPHER_CTX *c,
|
||||||
# define EVP_delete_digest_alias(alias) \
|
# define EVP_delete_digest_alias(alias) \
|
||||||
OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
|
OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
|
||||||
|
|
||||||
@ -476,7 +477,7 @@ index 376f260..4e1d9bb 100644
|
|||||||
void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
|
void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
|
||||||
int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
|
int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
|
||||||
EVP_MD_CTX *EVP_MD_CTX_create(void);
|
EVP_MD_CTX *EVP_MD_CTX_create(void);
|
||||||
@@ -666,6 +678,10 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
@@ -666,6 +679,10 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx,
|
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx,
|
||||||
const unsigned char *sig, size_t siglen);
|
const unsigned char *sig, size_t siglen);
|
||||||
|
|
||||||
@ -487,7 +488,7 @@ index 376f260..4e1d9bb 100644
|
|||||||
int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
|
int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
|
||||||
const unsigned char *ek, int ekl, const unsigned char *iv,
|
const unsigned char *ek, int ekl, const unsigned char *iv,
|
||||||
EVP_PKEY *priv);
|
EVP_PKEY *priv);
|
||||||
@@ -741,6 +757,9 @@ const EVP_MD *EVP_ripemd160(void);
|
@@ -741,6 +758,9 @@ const EVP_MD *EVP_ripemd160(void);
|
||||||
# ifndef OPENSSL_NO_WHIRLPOOL
|
# ifndef OPENSSL_NO_WHIRLPOOL
|
||||||
const EVP_MD *EVP_whirlpool(void);
|
const EVP_MD *EVP_whirlpool(void);
|
||||||
# endif
|
# endif
|
||||||
@ -497,7 +498,7 @@ index 376f260..4e1d9bb 100644
|
|||||||
const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
|
const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
|
||||||
# ifndef OPENSSL_NO_DES
|
# ifndef OPENSSL_NO_DES
|
||||||
const EVP_CIPHER *EVP_des_ecb(void);
|
const EVP_CIPHER *EVP_des_ecb(void);
|
||||||
@@ -954,10 +973,15 @@ int EVP_PKEY_base_id(const EVP_PKEY *pkey);
|
@@ -954,10 +974,15 @@ int EVP_PKEY_base_id(const EVP_PKEY *pkey);
|
||||||
int EVP_PKEY_bits(EVP_PKEY *pkey);
|
int EVP_PKEY_bits(EVP_PKEY *pkey);
|
||||||
int EVP_PKEY_size(EVP_PKEY *pkey);
|
int EVP_PKEY_size(EVP_PKEY *pkey);
|
||||||
int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
|
int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
|
||||||
@ -513,7 +514,7 @@ index 376f260..4e1d9bb 100644
|
|||||||
# ifndef OPENSSL_NO_RSA
|
# ifndef OPENSSL_NO_RSA
|
||||||
struct rsa_st;
|
struct rsa_st;
|
||||||
int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
|
int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
|
||||||
@@ -976,6 +1000,7 @@ struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
|
@@ -976,6 +1001,7 @@ struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
|
||||||
# ifndef OPENSSL_NO_EC
|
# ifndef OPENSSL_NO_EC
|
||||||
struct ec_key_st;
|
struct ec_key_st;
|
||||||
int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
|
int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
|
||||||
@ -521,6 +522,14 @@ index 376f260..4e1d9bb 100644
|
|||||||
struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
|
struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
|
||||||
# endif
|
# endif
|
||||||
|
|
||||||
|
@@ -1268,7 +1294,6 @@ int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
|
||||||
|
int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
|
||||||
|
int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
|
||||||
|
|
||||||
|
-void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
|
||||||
|
EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
|
||||||
|
|
||||||
|
int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
|
||||||
diff --git a/Cryptlib/Include/openssl/obj_mac.h b/Cryptlib/Include/openssl/obj_mac.h
|
diff --git a/Cryptlib/Include/openssl/obj_mac.h b/Cryptlib/Include/openssl/obj_mac.h
|
||||||
index 779c309..91b75e0 100644
|
index 779c309..91b75e0 100644
|
||||||
--- a/Cryptlib/Include/openssl/obj_mac.h
|
--- a/Cryptlib/Include/openssl/obj_mac.h
|
||||||
@ -563,18 +572,10 @@ index 779c309..91b75e0 100644
|
|||||||
+#define NID_SM2_with_SM3 964
|
+#define NID_SM2_with_SM3 964
|
||||||
+#define OBJ_SM2_with_SM3 OBJ_sm_scheme,501L
|
+#define OBJ_SM2_with_SM3 OBJ_sm_scheme,501L
|
||||||
diff --git a/Cryptlib/Include/openssl/opensslconf.h b/Cryptlib/Include/openssl/opensslconf.h
|
diff --git a/Cryptlib/Include/openssl/opensslconf.h b/Cryptlib/Include/openssl/opensslconf.h
|
||||||
index 4a36e9f..6f19ce6 100644
|
index 4a36e9f..12ec552 100644
|
||||||
--- a/Cryptlib/Include/openssl/opensslconf.h
|
--- a/Cryptlib/Include/openssl/opensslconf.h
|
||||||
+++ b/Cryptlib/Include/openssl/opensslconf.h
|
+++ b/Cryptlib/Include/openssl/opensslconf.h
|
||||||
@@ -10,7 +10,6 @@ extern "C" {
|
@@ -41,8 +41,8 @@ extern "C" {
|
||||||
#endif
|
|
||||||
#ifndef OPENSSL_DOING_MAKEDEPEND
|
|
||||||
|
|
||||||
-
|
|
||||||
#ifndef OPENSSL_NO_BF
|
|
||||||
# define OPENSSL_NO_BF
|
|
||||||
#endif
|
|
||||||
@@ -41,8 +40,8 @@ extern "C" {
|
|
||||||
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
|
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
|
||||||
# define OPENSSL_NO_DYNAMIC_ENGINE
|
# define OPENSSL_NO_DYNAMIC_ENGINE
|
||||||
#endif
|
#endif
|
||||||
@ -585,7 +586,7 @@ index 4a36e9f..6f19ce6 100644
|
|||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||||
# define OPENSSL_NO_EC_NISTP_64_GCC_128
|
# define OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||||
@@ -50,9 +49,6 @@ extern "C" {
|
@@ -50,9 +50,6 @@ extern "C" {
|
||||||
#ifndef OPENSSL_NO_ECDH
|
#ifndef OPENSSL_NO_ECDH
|
||||||
# define OPENSSL_NO_ECDH
|
# define OPENSSL_NO_ECDH
|
||||||
#endif
|
#endif
|
||||||
@ -750,7 +751,7 @@ index 2df8bd2..a7fea2c 100644
|
|||||||
// MAC (Message Authentication Code) Primitive
|
// MAC (Message Authentication Code) Primitive
|
||||||
//=====================================================================================
|
//=====================================================================================
|
||||||
diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile
|
diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile
|
||||||
index 89fd5cd..7885a1a 100644
|
index 89fd5cd..c95a960 100644
|
||||||
--- a/Cryptlib/Makefile
|
--- a/Cryptlib/Makefile
|
||||||
+++ b/Cryptlib/Makefile
|
+++ b/Cryptlib/Makefile
|
||||||
@@ -66,6 +66,12 @@ OBJS = Hash/CryptMd4Null.o \
|
@@ -66,6 +66,12 @@ OBJS = Hash/CryptMd4Null.o \
|
||||||
@ -767,7 +768,7 @@ index 89fd5cd..7885a1a 100644
|
|||||||
|
|
||||||
libcryptlib.a: $(OBJS)
|
libcryptlib.a: $(OBJS)
|
||||||
diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile
|
diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile
|
||||||
index 795f471..32fb235 100644
|
index 795f471..4923ac3 100644
|
||||||
--- a/Cryptlib/OpenSSL/Makefile
|
--- a/Cryptlib/OpenSSL/Makefile
|
||||||
+++ b/Cryptlib/OpenSSL/Makefile
|
+++ b/Cryptlib/OpenSSL/Makefile
|
||||||
@@ -459,7 +459,43 @@ OBJS = crypto/cryptlib.o \
|
@@ -459,7 +459,43 @@ OBJS = crypto/cryptlib.o \
|
||||||
@ -1074,10 +1075,10 @@ index 4db1796..ffc03ef 100644
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c
|
diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c
|
||||||
index 7e0bab9..5945494 100644
|
index 7e0bab9..24da25d 100644
|
||||||
--- a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c
|
--- a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c
|
||||||
+++ b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c
|
+++ b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c
|
||||||
@@ -389,3 +389,8 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
|
@@ -389,3 +389,27 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
|
||||||
{
|
{
|
||||||
return (ctx->flags & flags);
|
return (ctx->flags & flags);
|
||||||
}
|
}
|
||||||
@ -1086,6 +1087,25 @@ index 7e0bab9..5945494 100644
|
|||||||
+{
|
+{
|
||||||
+ return ctx->md_data;
|
+ return ctx->md_data;
|
||||||
+}
|
+}
|
||||||
|
+
|
||||||
|
+void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx)
|
||||||
|
+{
|
||||||
|
+ /*
|
||||||
|
+ * it's reasonable to set NULL pctx (a.k.a clear the ctx->pctx), so
|
||||||
|
+ * we have to deal with the cleanup job here.
|
||||||
|
+ */
|
||||||
|
+ if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
|
||||||
|
+ EVP_PKEY_CTX_free(ctx->pctx);
|
||||||
|
+
|
||||||
|
+ ctx->pctx = pctx;
|
||||||
|
+
|
||||||
|
+ if (pctx != NULL) {
|
||||||
|
+ /* make sure pctx is not freed when destroying EVP_MD_CTX */
|
||||||
|
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
|
||||||
|
+ } else {
|
||||||
|
+ EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_locl.h b/Cryptlib/OpenSSL/crypto/evp/evp_locl.h
|
diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_locl.h b/Cryptlib/OpenSSL/crypto/evp/evp_locl.h
|
||||||
index 2bb709a..1d179ef 100644
|
index 2bb709a..1d179ef 100644
|
||||||
--- a/Cryptlib/OpenSSL/crypto/evp/evp_locl.h
|
--- a/Cryptlib/OpenSSL/crypto/evp/evp_locl.h
|
||||||
@ -1642,10 +1662,10 @@ index dd6c73f..846fcf8 100644
|
|||||||
return (ret);
|
return (ret);
|
||||||
}
|
}
|
||||||
diff --git a/Cryptlib/OpenSSL/crypto/x509/x_all.c b/Cryptlib/OpenSSL/crypto/x509/x_all.c
|
diff --git a/Cryptlib/OpenSSL/crypto/x509/x_all.c b/Cryptlib/OpenSSL/crypto/x509/x_all.c
|
||||||
index 0f26c54..0228582 100644
|
index 0f26c54..59a41e3 100644
|
||||||
--- a/Cryptlib/OpenSSL/crypto/x509/x_all.c
|
--- a/Cryptlib/OpenSSL/crypto/x509/x_all.c
|
||||||
+++ b/Cryptlib/OpenSSL/crypto/x509/x_all.c
|
+++ b/Cryptlib/OpenSSL/crypto/x509/x_all.c
|
||||||
@@ -71,16 +71,158 @@
|
@@ -71,16 +71,161 @@
|
||||||
# include <openssl/dsa.h>
|
# include <openssl/dsa.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -1660,7 +1680,7 @@ index 0f26c54..0228582 100644
|
|||||||
+{
|
+{
|
||||||
+ X509 *x = NULL;
|
+ X509 *x = NULL;
|
||||||
+ X509_REQ *r = NULL;
|
+ X509_REQ *r = NULL;
|
||||||
+ EVP_MD_CTX ctx;
|
+ EVP_MD_CTX *ctx = NULL;
|
||||||
+ unsigned char *buf_in = NULL;
|
+ unsigned char *buf_in = NULL;
|
||||||
+ int ret = -1, inl = 0;
|
+ int ret = -1, inl = 0;
|
||||||
+ size_t inll = 0;
|
+ size_t inll = 0;
|
||||||
@ -1694,17 +1714,20 @@ index 0f26c54..0228582 100644
|
|||||||
+ return -1;
|
+ return -1;
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ EVP_MD_CTX_init(&ctx);
|
+ ctx = EVP_MD_CTX_new();
|
||||||
|
+ if (ctx == NULL)
|
||||||
|
+ goto err;
|
||||||
+
|
+
|
||||||
+ /* Check public key OID matches public key type */
|
+ /* Check public key OID matches public key type */
|
||||||
+ if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) {
|
+ if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) {
|
||||||
+ goto err;
|
+ goto err;
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ if (!EVP_PKEY_set_type(pkey, EVP_PKEY_SM2)) {
|
+ if (!EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)) {
|
||||||
+ ret = 0;
|
+ ret = 0;
|
||||||
+ goto err;
|
+ goto err;
|
||||||
+ }
|
+ }
|
||||||
|
+
|
||||||
+ pctx = EVP_PKEY_CTX_new(pkey, NULL);
|
+ pctx = EVP_PKEY_CTX_new(pkey, NULL);
|
||||||
+ if (pctx == NULL) {
|
+ if (pctx == NULL) {
|
||||||
+ ret = 0;
|
+ ret = 0;
|
||||||
@ -1716,9 +1739,9 @@ index 0f26c54..0228582 100644
|
|||||||
+ ret = 0;
|
+ ret = 0;
|
||||||
+ goto err;
|
+ goto err;
|
||||||
+ }
|
+ }
|
||||||
+ EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
|
|
||||||
+
|
+
|
||||||
+ if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) {
|
+ EVP_MD_CTX_set_pkey_ctx(ctx, pctx);
|
||||||
|
+ if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) {
|
||||||
+ ret = 0;
|
+ ret = 0;
|
||||||
+ goto err;
|
+ goto err;
|
||||||
+ }
|
+ }
|
||||||
@ -1735,7 +1758,7 @@ index 0f26c54..0228582 100644
|
|||||||
+ }
|
+ }
|
||||||
+ inll = inl;
|
+ inll = inl;
|
||||||
+
|
+
|
||||||
+ ret = EVP_DigestVerify(&ctx, signature->data,
|
+ ret = EVP_DigestVerify(ctx, signature->data,
|
||||||
+ (size_t)signature->length, buf_in, inl);
|
+ (size_t)signature->length, buf_in, inl);
|
||||||
+ if (ret <= 0) {
|
+ if (ret <= 0) {
|
||||||
+ goto err;
|
+ goto err;
|
||||||
@ -1743,7 +1766,7 @@ index 0f26c54..0228582 100644
|
|||||||
+ ret = 1;
|
+ ret = 1;
|
||||||
+ err:
|
+ err:
|
||||||
+ OPENSSL_cleanse(buf_in, inll);
|
+ OPENSSL_cleanse(buf_in, inll);
|
||||||
+ EVP_MD_CTX_cleanup(&ctx);
|
+ EVP_MD_CTX_free(ctx);
|
||||||
+ EVP_PKEY_CTX_free(pctx);
|
+ EVP_PKEY_CTX_free(pctx);
|
||||||
+ return ret;
|
+ return ret;
|
||||||
+}
|
+}
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
From 946a1e8e7fc05b8c5bfd522ba806eeea3e0344d6 Mon Sep 17 00:00:00 2001
|
From e1f5fc87be6581b63550218d991c713ad0f23113 Mon Sep 17 00:00:00 2001
|
||||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||||
Date: Mon, 7 Nov 2022 11:47:42 +0800
|
Date: Mon, 7 Nov 2022 11:47:42 +0800
|
||||||
Subject: [PATCH] shim support sm2 and sm3 algorithm
|
Subject: [PATCH 2/2] shim support sm2 and sm3 algorithm
|
||||||
|
|
||||||
Co-authored-by: Yusong Gao <gaoyusong2@huawei.com>
|
Co-authored-by: Yusong Gao <gaoyusong2@huawei.com>
|
||||||
Signed-off-by: Yusong Gao <gaoyusong2@huawei.com>
|
Signed-off-by: Yusong Gao <gaoyusong2@huawei.com>
|
||||||
@ -104,7 +104,7 @@ index e97b29c..7a4f356 100644
|
|||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
diff --git a/pe.c b/pe.c
|
diff --git a/pe.c b/pe.c
|
||||||
index ba3e2bb..37b08a3 100644
|
index ba3e2bb..f48d635 100644
|
||||||
--- a/pe.c
|
--- a/pe.c
|
||||||
+++ b/pe.c
|
+++ b/pe.c
|
||||||
@@ -297,13 +297,24 @@ get_section_vma_by_name (char *name, size_t namesz,
|
@@ -297,13 +297,24 @@ get_section_vma_by_name (char *name, size_t namesz,
|
||||||
|
|||||||
@ -22,7 +22,7 @@
|
|||||||
|
|
||||||
Name: shim
|
Name: shim
|
||||||
Version: 15.6
|
Version: 15.6
|
||||||
Release: 5
|
Release: 6
|
||||||
Summary: First-stage UEFI bootloader
|
Summary: First-stage UEFI bootloader
|
||||||
ExclusiveArch: x86_64 aarch64
|
ExclusiveArch: x86_64 aarch64
|
||||||
License: BSD
|
License: BSD
|
||||||
@ -144,6 +144,9 @@ cd ..
|
|||||||
/usr/src/debug/%{name}-%{version}-%{release}/*
|
/usr/src/debug/%{name}-%{version}-%{release}/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Nov 11 2022 luhuaxin <luhuaxin1@huawei.com> - 15.6-6
|
||||||
|
- Bugfix for SM2 certificate chain verify
|
||||||
|
|
||||||
* Fri Nov 11 2022 luhuaxin <luhuaxin1@huawei.com> - 15.6-5
|
* Fri Nov 11 2022 luhuaxin <luhuaxin1@huawei.com> - 15.6-5
|
||||||
- Bugfix for SMx feature
|
- Bugfix for SMx feature
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user