Fix no-sm2
authorMatt Caswell <matt@openssl.org>
Mon, 19 Mar 2018 16:17:58 +0000 (16:17 +0000)
committerMatt Caswell <matt@openssl.org>
Mon, 19 Mar 2018 17:12:19 +0000 (17:12 +0000)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5673)

Configure
crypto/ec/ec_pmeth.c
include/openssl/sm2.h
test/evp_test.c
util/libcrypto.num

index e2c0604..3daba80 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -382,6 +382,7 @@ my @disablables = (
     "seed",
     "shared",
     "siphash",
+    "sm2",
     "sm3",
     "sm4",
     "sock",
index 08dda12..7e963d9 100644 (file)
@@ -205,24 +205,27 @@ static int pkey_ecies_encrypt(EVP_PKEY_CTX *ctx,
                               unsigned char *out, size_t *outlen,
                               const unsigned char *in, size_t inlen)
 {
-    int ret, md_type;
-    EC_PKEY_CTX *dctx = ctx->data;
+    int ret;
     EC_KEY *ec = ctx->pkey->pkey.ec;
     const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
 
-    if (dctx->md)
-        md_type = EVP_MD_type(dctx->md);
-    else if (ec_nid == NID_sm2)
-        md_type = NID_sm3;
-    else
-        md_type = NID_sha256;
-
     if (ec_nid == NID_sm2) {
 # if defined(OPENSSL_NO_SM2)
         ret = -1;
 # else
+        int md_type;
+        EC_PKEY_CTX *dctx = ctx->data;
+
+        if (dctx->md)
+            md_type = EVP_MD_type(dctx->md);
+        else if (ec_nid == NID_sm2)
+            md_type = NID_sm3;
+        else
+            md_type = NID_sha256;
+
         if (out == NULL) {
-            *outlen = SM2_ciphertext_size(ec, EVP_get_digestbynid(md_type), inlen);
+            *outlen = SM2_ciphertext_size(ec, EVP_get_digestbynid(md_type),
+                                          inlen);
             ret = 1;
         }
         else {
@@ -242,22 +245,24 @@ static int pkey_ecies_decrypt(EVP_PKEY_CTX *ctx,
                               unsigned char *out, size_t *outlen,
                               const unsigned char *in, size_t inlen)
 {
-    int ret, md_type;
-    EC_PKEY_CTX *dctx = ctx->data;
+    int ret;
     EC_KEY *ec = ctx->pkey->pkey.ec;
     const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
 
-    if (dctx->md)
-        md_type = EVP_MD_type(dctx->md);
-    else if (ec_nid == NID_sm2)
-        md_type = NID_sm3;
-    else
-        md_type = NID_sha256;
-
     if (ec_nid == NID_sm2) {
 # if defined(OPENSSL_NO_SM2)
         ret = -1;
 # else
+        int md_type;
+        EC_PKEY_CTX *dctx = ctx->data;
+
+        if (dctx->md)
+            md_type = EVP_MD_type(dctx->md);
+        else if (ec_nid == NID_sm2)
+            md_type = NID_sm3;
+        else
+            md_type = NID_sha256;
+
         if (out == NULL) {
             *outlen = SM2_plaintext_size(ec, EVP_get_digestbynid(md_type), inlen);
             ret = 1;
index 892ffb1..a3c055b 100644 (file)
 
 #ifndef HEADER_SM2_H
 # define HEADER_SM2_H
+# include <openssl/opensslconf.h>
 
-# include <openssl/ec.h>
+# ifndef OPENSSL_NO_SM2
+
+#  include <openssl/ec.h>
 
 /* The default user id as specified in GM/T 0009-2012 */
-# define SM2_DEFAULT_USERID "1234567812345678"
+#  define SM2_DEFAULT_USERID "1234567812345678"
 
 int SM2_compute_userid_digest(uint8_t *out,
                               const EVP_MD *digest,
@@ -71,4 +74,5 @@ int SM2_decrypt(const EC_KEY *key,
 
 int ERR_load_SM2_strings(void);
 
+# endif /* OPENSSL_NO_SM2 */
 #endif
index 3244da6..32f843e 100644 (file)
@@ -2413,6 +2413,23 @@ static char *take_value(PAIR *pp)
     return p;
 }
 
+static int key_disabled(EVP_PKEY *pkey)
+{
+#if defined(OPENSSL_NO_SM2) && !defined(OPENSSL_NO_EC)
+    int type = EVP_PKEY_base_id(pkey);
+
+    if (type == EVP_PKEY_EC) {
+        EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+        int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+
+        if (nid == NID_sm2)
+            return 1;
+    }
+#endif /* OPENSSL_NO_SM2 */
+
+    return 0;
+}
+
 /*
  * Read and parse one test.  Return 0 if failure, 1 if okay.
  */
@@ -2439,6 +2456,7 @@ top:
     if (strcmp(pp->key, "PrivateKey") == 0) {
         pkey = PEM_read_bio_PrivateKey(t->s.key, NULL, 0, NULL);
         if (pkey == NULL && !key_unsupported()) {
+            EVP_PKEY_free(pkey);
             TEST_info("Can't read private key %s", pp->value);
             TEST_openssl_errors();
             return 0;
@@ -2447,6 +2465,7 @@ top:
     } else if (strcmp(pp->key, "PublicKey") == 0) {
         pkey = PEM_read_bio_PUBKEY(t->s.key, NULL, 0, NULL);
         if (pkey == NULL && !key_unsupported()) {
+            EVP_PKEY_free(pkey);
             TEST_info("Can't read public key %s", pp->value);
             TEST_openssl_errors();
             return 0;
@@ -2497,6 +2516,10 @@ top:
         }
         OPENSSL_free(keybin);
     }
+    if (pkey != NULL && key_disabled(pkey)) {
+        EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
 
     /* If we have a key add to list */
     if (klist != NULL) {
index 96cbb2c..07d9d27 100644 (file)
@@ -4514,13 +4514,13 @@ EVP_PKEY_new_CMAC_key                   4455    1_1_1   EXIST::FUNCTION:
 EVP_PKEY_asn1_set_set_priv_key          4456   1_1_1   EXIST::FUNCTION:
 EVP_PKEY_asn1_set_set_pub_key           4457   1_1_1   EXIST::FUNCTION:
 RAND_DRBG_set_defaults                  4458   1_1_1   EXIST::FUNCTION:
-SM2_decrypt                             4459   1_1_1   EXIST::FUNCTION:
-SM2_do_sign                             4460   1_1_1   EXIST::FUNCTION:
-SM2_compute_userid_digest               4461   1_1_1   EXIST::FUNCTION:
-SM2_encrypt                             4462   1_1_1   EXIST::FUNCTION:
-SM2_ciphertext_size                     4463   1_1_1   EXIST::FUNCTION:
-SM2_verify                              4464   1_1_1   EXIST::FUNCTION:
-SM2_do_verify                           4465   1_1_1   EXIST::FUNCTION:
-SM2_sign                                4466   1_1_1   EXIST::FUNCTION:
-ERR_load_SM2_strings                    4467   1_1_1   EXIST::FUNCTION:
-SM2_plaintext_size                      4468   1_1_1   EXIST::FUNCTION:
+SM2_decrypt                             4459   1_1_1   EXIST::FUNCTION:SM2
+SM2_do_sign                             4460   1_1_1   EXIST::FUNCTION:SM2
+SM2_compute_userid_digest               4461   1_1_1   EXIST::FUNCTION:SM2
+SM2_encrypt                             4462   1_1_1   EXIST::FUNCTION:SM2
+SM2_ciphertext_size                     4463   1_1_1   EXIST::FUNCTION:SM2
+SM2_verify                              4464   1_1_1   EXIST::FUNCTION:SM2
+SM2_do_verify                           4465   1_1_1   EXIST::FUNCTION:SM2
+SM2_sign                                4466   1_1_1   EXIST::FUNCTION:SM2
+ERR_load_SM2_strings                    4467   1_1_1   EXIST::FUNCTION:SM2
+SM2_plaintext_size                      4468   1_1_1   EXIST::FUNCTION:SM2