diff --git a/Backport-Add-documents-for-SM2-cert-verification.patch b/Backport-Add-documents-for-SM2-cert-verification.patch deleted file mode 100644 index 4c8acd108067a9d4c72ce7ffb908319602d0b9b2..0000000000000000000000000000000000000000 --- a/Backport-Add-documents-for-SM2-cert-verification.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 400e9ffc906d66318e4f9364494809d5a519c718 Mon Sep 17 00:00:00 2001 -From: Paul Yang -Date: Wed, 13 Mar 2019 17:22:31 +0800 -Subject: [PATCH 06/15] Add documents for SM2 cert verification - -This follows #8321 which added the SM2 certificate verification feature. -This commit adds the related docs - the newly added 2 APIs and options -in apps/verify. - -Reviewed-by: Paul Dale -(Merged from https://github.com/openssl/openssl/pull/8465) ---- - doc/man1/verify.pod | 14 ++++++++++++ - doc/man3/X509_get0_sm2_id.pod | 43 +++++++++++++++++++++++++++++++++++ - 2 files changed, 57 insertions(+) - create mode 100644 doc/man3/X509_get0_sm2_id.pod - -diff --git a/doc/man1/verify.pod b/doc/man1/verify.pod -index da2b702..a6b6b2b 100644 ---- a/doc/man1/verify.pod -+++ b/doc/man1/verify.pod -@@ -50,6 +50,8 @@ B B - [B<-verify_name name>] - [B<-x509_strict>] - [B<-show_chain>] -+[B<-sm2-id string>] -+[B<-sm2-hex-id hex-string>] - [B<->] - [certificates] - -@@ -319,6 +321,16 @@ Display information about the certificate chain that has been built (if - successful). Certificates in the chain that came from the untrusted list will be - flagged as "untrusted". - -+=item B<-sm2-id> -+ -+Specify the ID string to use when verifying an SM2 certificate. The ID string is -+required by the SM2 signature algorithm for signing and verification. -+ -+=item B<-sm2-hex-id> -+ -+Specify a binary ID string to use when signing or verifying using an SM2 -+certificate. The argument for this option is string of hexadecimal digits. -+ - =item B<-> - - Indicates the last option. All arguments following this are assumed to be -@@ -774,6 +786,8 @@ The B<-show_chain> option was added in OpenSSL 1.1.0. - The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and - is silently ignored. - -+The B<-sm2-id> and B<-sm2-hex-id> options were added in OpenSSL 3.0.0. -+ - =head1 COPYRIGHT - - Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. -diff --git a/doc/man3/X509_get0_sm2_id.pod b/doc/man3/X509_get0_sm2_id.pod -new file mode 100644 -index 0000000..84da71e ---- /dev/null -+++ b/doc/man3/X509_get0_sm2_id.pod -@@ -0,0 +1,43 @@ -+=pod -+ -+=head1 NAME -+ -+X509_get0_sm2_id, X509_set_sm2_id - get or set SM2 ID for certificate operations -+ -+=head1 SYNOPSIS -+ -+ #include -+ -+ ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x); -+ void X509_set_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id); -+ -+=head1 DESCRIPTION -+ -+X509_get0_sm2_id() gets the ID value of an SM2 certificate B by returning an -+B object which should not be freed by the caller. -+X509_set_sm2_id() sets the B value to an SM2 certificate B. -+ -+=head1 NOTES -+ -+SM2 signature algorithm requires an ID value when generating and verifying a -+signature. The functions described in this manual provide the user with the -+ability to set and retrieve the SM2 ID value. -+ -+=head1 RETURN VALUES -+ -+X509_set_sm2_id() does not return a value. -+ -+=head1 SEE ALSO -+ -+L, L -+ -+=head1 COPYRIGHT -+ -+Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. -+ -+Licensed under the Apache License 2.0 (the "License"). You may not use -+this file except in compliance with the License. You can obtain a copy -+in the file LICENSE in the source distribution or at -+L. -+ -+=cut --- -2.20.1 (Apple Git-117) - diff --git a/Backport-Add-test-cases-for-SM2-cert-verification.patch b/Backport-Add-test-cases-for-SM2-cert-verification.patch deleted file mode 100644 index d1e2c68720dae01409065a009490c99af3791f08..0000000000000000000000000000000000000000 --- a/Backport-Add-test-cases-for-SM2-cert-verification.patch +++ /dev/null @@ -1,127 +0,0 @@ -From c08251384c0405c151a90b315b8f333c38c74eb2 Mon Sep 17 00:00:00 2001 -From: Paul Yang -Date: Wed, 13 Mar 2019 16:54:11 +0800 -Subject: [PATCH 05/15] Add test cases for SM2 cert verification - -This follows #8321 which added the SM2 certificate verification feature. -This commit adds some test cases for #8321. - -Reviewed-by: Paul Dale -(Merged from https://github.com/openssl/openssl/pull/8465) ---- - test/certs/sm2-ca-cert.pem | 14 +++++++++++++ - test/certs/{sm2.crt => sm2.pem} | 0 - test/recipes/20-test_pkeyutl.t | 37 +++++++++++++-------------------- - test/recipes/25-test_verify.t | 14 ++++++++++++- - 4 files changed, 42 insertions(+), 23 deletions(-) - create mode 100644 test/certs/sm2-ca-cert.pem - rename test/certs/{sm2.crt => sm2.pem} (100%) - -diff --git a/test/certs/sm2-ca-cert.pem b/test/certs/sm2-ca-cert.pem -new file mode 100644 -index 0000000..5677ac6 ---- /dev/null -+++ b/test/certs/sm2-ca-cert.pem -@@ -0,0 +1,14 @@ -+-----BEGIN CERTIFICATE----- -+MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT -+AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl -+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe -+Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw -+CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn -+MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG -+SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU -+5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW -+BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU -+5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI -+ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X -+YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3 -+-----END CERTIFICATE----- -diff --git a/test/certs/sm2.crt b/test/certs/sm2.pem -similarity index 100% -rename from test/certs/sm2.crt -rename to test/certs/sm2.pem -diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t -index 1457530..a36d41e 100644 ---- a/test/recipes/20-test_pkeyutl.t -+++ b/test/recipes/20-test_pkeyutl.t -@@ -17,32 +17,25 @@ setup("test_pkeyutl"); - - plan tests => 2; - --sub sign --{ -- # Utilize the sm2.crt as the TBS file -- return run(app(([ 'openssl', 'pkeyutl', '-sign', -- '-in', srctop_file('test', 'certs', 'sm2.crt'), -- '-inkey', srctop_file('test', 'certs', 'sm2.key'), -- '-out', 'signature.sm2', '-rawin', -- '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))); --} -- --sub verify --{ -- # Utilize the sm2.crt as the TBS file -- return run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', -- '-in', srctop_file('test', 'certs', 'sm2.crt'), -- '-inkey', srctop_file('test', 'certs', 'sm2.crt'), -- '-sigfile', 'signature.sm2', '-rawin', -- '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))); --} -+# For the tests below we use the cert itself as the TBS file - - SKIP: { - skip "Skipping tests that require EC, SM2 or SM3", 2 - if disabled("ec") || disabled("sm2") || disabled("sm3"); - -- ok(sign, "Sign a piece of data using SM2"); -- ok(verify, "Verify an SM2 signature against a piece of data"); -+ # SM2 -+ ok(run(app(([ 'openssl', 'pkeyutl', '-sign', -+ '-in', srctop_file('test', 'certs', 'sm2.pem'), -+ '-inkey', srctop_file('test', 'certs', 'sm2.key'), -+ '-out', 'signature.dat', '-rawin', -+ '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))), -+ "Sign a piece of data using SM2"); -+ ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', -+ '-in', srctop_file('test', 'certs', 'sm2.pem'), -+ '-inkey', srctop_file('test', 'certs', 'sm2.pem'), -+ '-sigfile', 'signature.dat', '-rawin', -+ '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))), -+ "Verify an SM2 signature against a piece of data"); - } - --unlink 'signature.sm2'; -+unlink 'signature.dat'; -diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t -index ffa48ed..b340833 100644 ---- a/test/recipes/25-test_verify.t -+++ b/test/recipes/25-test_verify.t -@@ -27,7 +27,7 @@ sub verify { - run(app([@args])); - } - --plan tests => 146; -+plan tests => 148; - - # Canonical success - ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), -@@ -409,3 +409,15 @@ SKIP: { - "ED25519 signature"); - - } -+ -+SKIP: { -+ skip "SM2 is not supported by this OpenSSL build", 1 -+ if disabled("sm2"); -+ -+ # Test '-sm2-id' and '-sm2-hex-id' option -+ ok(verify("sm2", "any", ["sm2-ca-cert"], [], "-sm2-id", "1234567812345678"), -+ "SM2 ID test"); -+ ok(verify("sm2", "any", ["sm2-ca-cert"], [], "-sm2-hex-id", -+ "31323334353637383132333435363738"), -+ "SM2 hex ID test"); -+} --- -2.20.1 (Apple Git-117) - diff --git a/Backport-Fix-a-document-description-in-apps-req.patch b/Backport-Fix-a-document-description-in-apps-req.patch deleted file mode 100644 index 421d83b47ce2f26531b424b73e268f733d7dd029..0000000000000000000000000000000000000000 --- a/Backport-Fix-a-document-description-in-apps-req.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 7e64be50900c4aa8cd040c4e3999540883bdeeb6 Mon Sep 17 00:00:00 2001 -From: Paul Yang -Date: Thu, 26 Sep 2019 10:57:23 +0800 -Subject: [PATCH 13/15] Fix a document description in apps/req - -Reviewed-by: Matt Caswell -(Merged from https://github.com/openssl/openssl/pull/9958) ---- - doc/man1/req.pod | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/doc/man1/req.pod b/doc/man1/req.pod -index 7b00bad..e117ec6 100644 ---- a/doc/man1/req.pod -+++ b/doc/man1/req.pod -@@ -348,8 +348,8 @@ string is required by the SM2 signature algorithm for signing and verification. - - =item B<-sm2-hex-id> - --Specify a binary ID string to use when signing or verifying using an SM2 --certificate. The argument for this option is string of hexadecimal digits. -+Specify a binary ID string to use when verifying an SM2 certificate request. The -+argument for this option is string of hexadecimal digits. - - =back - --- -2.20.1 (Apple Git-117) - diff --git a/Backport-Fix-a-double-free-issue-when-signing-SM2-cert.patch b/Backport-Fix-a-double-free-issue-when-signing-SM2-cert.patch deleted file mode 100644 index e7e27cde1fbcd965520bc6c4bf3ba3a4eda4021b..0000000000000000000000000000000000000000 --- a/Backport-Fix-a-double-free-issue-when-signing-SM2-cert.patch +++ /dev/null @@ -1,121 +0,0 @@ -From a63238684c1d2e15f417f766f44418a8b52ef383 Mon Sep 17 00:00:00 2001 -From: Paul Yang -Date: Sat, 21 Sep 2019 00:32:57 +0800 -Subject: [PATCH 12/15] Fix a double free issue when signing SM2 cert - -If the SM2 ID value has not been passed correctly when signing an SM2 -certificate/certificate request, a double free occurs. For instance: - - openssl req -x509 ... -sm2-id 1234567812345678 - -The '-sm2-id' should not be used in this scenario, while the '-sigopt' is -the correct one to use. Documentation has also been updated to make the -options more clear. - -Reviewed-by: Matt Caswell -(Merged from https://github.com/openssl/openssl/pull/9958) ---- - apps/req.c | 48 ++++++++++++++++++++++++++++++------------------ - doc/man1/req.pod | 4 ++-- - 2 files changed, 32 insertions(+), 20 deletions(-) - -diff --git a/apps/req.c b/apps/req.c -index 96f1edd..95dd0e4 100644 ---- a/apps/req.c -+++ b/apps/req.c -@@ -1756,15 +1756,19 @@ int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md, - #endif - - rv = do_sign_init(mctx, pkey, md, sigopts); -- if (rv > 0) -+ if (rv > 0) { - rv = X509_sign_ctx(x, mctx); - #ifndef OPENSSL_NO_SM2 -- /* only in SM2 case we need to free the pctx explicitly */ -- if (ec_pkey_is_sm2(pkey)) { -- pctx = EVP_MD_CTX_pkey_ctx(mctx); -- EVP_PKEY_CTX_free(pctx); -- } -+ /* -+ * only in SM2 case we need to free the pctx explicitly -+ * if do_sign_init() fails, pctx is already freed in it -+ */ -+ if (ec_pkey_is_sm2(pkey)) { -+ pctx = EVP_MD_CTX_pkey_ctx(mctx); -+ EVP_PKEY_CTX_free(pctx); -+ } - #endif -+ } - EVP_MD_CTX_free(mctx); - return rv > 0 ? 1 : 0; - } -@@ -1779,15 +1783,19 @@ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, - #endif - - rv = do_sign_init(mctx, pkey, md, sigopts); -- if (rv > 0) -+ if (rv > 0) { - rv = X509_REQ_sign_ctx(x, mctx); - #ifndef OPENSSL_NO_SM2 -- /* only in SM2 case we need to free the pctx explicitly */ -- if (ec_pkey_is_sm2(pkey)) { -- pctx = EVP_MD_CTX_pkey_ctx(mctx); -- EVP_PKEY_CTX_free(pctx); -- } -+ /* -+ * only in SM2 case we need to free the pctx explicitly -+ * if do_sign_init() fails, pctx is already freed in it -+ */ -+ if (ec_pkey_is_sm2(pkey)) { -+ pctx = EVP_MD_CTX_pkey_ctx(mctx); -+ EVP_PKEY_CTX_free(pctx); -+ } - #endif -+ } - EVP_MD_CTX_free(mctx); - return rv > 0 ? 1 : 0; - } -@@ -1802,15 +1810,19 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, - #endif - - rv = do_sign_init(mctx, pkey, md, sigopts); -- if (rv > 0) -+ if (rv > 0) { - rv = X509_CRL_sign_ctx(x, mctx); - #ifndef OPENSSL_NO_SM2 -- /* only in SM2 case we need to free the pctx explicitly */ -- if (ec_pkey_is_sm2(pkey)) { -- pctx = EVP_MD_CTX_pkey_ctx(mctx); -- EVP_PKEY_CTX_free(pctx); -- } -+ /* -+ * only in SM2 case we need to free the pctx explicitly -+ * if do_sign_init() fails, no need to double free pctx -+ */ -+ if (ec_pkey_is_sm2(pkey)) { -+ pctx = EVP_MD_CTX_pkey_ctx(mctx); -+ EVP_PKEY_CTX_free(pctx); -+ } - #endif -+ } - EVP_MD_CTX_free(mctx); - return rv > 0 ? 1 : 0; - } -diff --git a/doc/man1/req.pod b/doc/man1/req.pod -index 3b9fcc3..7b00bad 100644 ---- a/doc/man1/req.pod -+++ b/doc/man1/req.pod -@@ -343,8 +343,8 @@ for key generation operations. - - =item B<-sm2-id> - --Specify the ID string to use when verifying an SM2 certificate. The ID string is --required by the SM2 signature algorithm for signing and verification. -+Specify the ID string to use when verifying an SM2 certificate request. The ID -+string is required by the SM2 signature algorithm for signing and verification. - - =item B<-sm2-hex-id> - --- -2.20.1 (Apple Git-117) - diff --git a/Backport-Fix-a-memleak-in-apps-verify.patch b/Backport-Fix-a-memleak-in-apps-verify.patch deleted file mode 100644 index 53c211811e25a91da6ec0f10ec80882d3bc1800c..0000000000000000000000000000000000000000 --- a/Backport-Fix-a-memleak-in-apps-verify.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 1c243548ef736329b08344ad9191803e5a93ec17 Mon Sep 17 00:00:00 2001 -From: Paul Yang -Date: Wed, 13 Mar 2019 18:04:05 +0800 -Subject: [PATCH 07/15] Fix a memleak in apps/verify - -Reviewed-by: Paul Dale -(Merged from https://github.com/openssl/openssl/pull/8465) ---- - apps/verify.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/apps/verify.c b/apps/verify.c -index 09b31cf..5052d80 100644 ---- a/apps/verify.c -+++ b/apps/verify.c -@@ -80,6 +80,7 @@ int verify_main(int argc, char **argv) - OPTION_CHOICE o; - unsigned char *sm2_id = NULL; - size_t sm2_idlen = 0; -+ int sm2_free = 0; - - if ((vpm = X509_VERIFY_PARAM_new()) == NULL) - goto end; -@@ -174,6 +175,7 @@ int verify_main(int argc, char **argv) - break; - case OPT_SM2HEXID: - /* try to parse the input as hex string first */ -+ sm2_free = 1; - sm2_id = OPENSSL_hexstr2buf(opt_arg(), (long *)&sm2_idlen); - if (sm2_id == NULL) { - BIO_printf(bio_err, "Invalid hex string input\n"); -@@ -216,6 +218,8 @@ int verify_main(int argc, char **argv) - } - - end: -+ if (sm2_free) -+ OPENSSL_free(sm2_id); - X509_VERIFY_PARAM_free(vpm); - X509_STORE_free(store); - sk_X509_pop_free(untrusted, X509_free); --- -2.20.1 (Apple Git-117) - diff --git a/Backport-Fix-no-ec-no-sm2-and-no-sm3.patch b/Backport-Fix-no-ec-no-sm2-and-no-sm3.patch deleted file mode 100644 index 6e1a9f3782668d64fdfd639d5dcf773112ef04dc..0000000000000000000000000000000000000000 --- a/Backport-Fix-no-ec-no-sm2-and-no-sm3.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 380cf570be1ded495141e16ceab7afb7f7c57ab7 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Thu, 28 Feb 2019 13:47:26 +0000 -Subject: [PATCH 02/15] Fix no-ec, no-sm2 and no-sm3 - -Reviewed-by: Richard Levitte -(Merged from https://github.com/openssl/openssl/pull/8372) ---- - apps/pkeyutl.c | 11 +++++++---- - test/recipes/20-test_pkeyutl.t | 9 +++++++-- - 2 files changed, 14 insertions(+), 6 deletions(-) - -diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c -index bca0464..1d3d57b 100644 ---- a/apps/pkeyutl.c -+++ b/apps/pkeyutl.c -@@ -473,14 +473,16 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, - } - ctx = EVP_PKEY_CTX_new_id(kdfnid, impl); - } else { -- EC_KEY *eckey = NULL; -- const EC_GROUP *group = NULL; -- int nid; -- - if (pkey == NULL) - goto end; -+ -+#ifndef OPENSSL_NO_EC - /* SM2 needs a special treatment */ - if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { -+ EC_KEY *eckey = NULL; -+ const EC_GROUP *group = NULL; -+ int nid; -+ - if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL - || (group = EC_KEY_get0_group(eckey)) == NULL - || (nid = EC_GROUP_get_curve_name(group)) == 0) -@@ -488,6 +490,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, - if (nid == NID_sm2) - EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); - } -+#endif - *pkeysize = EVP_PKEY_size(pkey); - ctx = EVP_PKEY_CTX_new(pkey, impl); - if (ppkey != NULL) -diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t -index a051138..1457530 100644 ---- a/test/recipes/20-test_pkeyutl.t -+++ b/test/recipes/20-test_pkeyutl.t -@@ -37,7 +37,12 @@ sub verify - '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))); - } - --ok(sign, "Sign a piece of data using SM2"); --ok(verify, "Verify an SM2 signature against a piece of data"); -+SKIP: { -+ skip "Skipping tests that require EC, SM2 or SM3", 2 -+ if disabled("ec") || disabled("sm2") || disabled("sm3"); -+ -+ ok(sign, "Sign a piece of data using SM2"); -+ ok(verify, "Verify an SM2 signature against a piece of data"); -+} - - unlink 'signature.sm2'; --- -2.20.1 (Apple Git-117) - diff --git a/Backport-Guard-some-SM2-functions-with-OPENSSL_NO_SM2.patch b/Backport-Guard-some-SM2-functions-with-OPENSSL_NO_SM2.patch deleted file mode 100644 index 87b3bfd4add5c25537a4fb2b4bfc878d952a5fd5..0000000000000000000000000000000000000000 --- a/Backport-Guard-some-SM2-functions-with-OPENSSL_NO_SM2.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 908570d02b683195ddfdc8e8c324638bfaa0d2c2 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Thu, 14 Mar 2019 11:14:38 +0000 -Subject: [PATCH 04/15] Guard some SM2 functions with OPENSSL_NO_SM2 - -Fixes the no-ec build - -Reviewed-by: Richard Levitte -(Merged from https://github.com/openssl/openssl/pull/8481) ---- - include/openssl/x509.h | 2 ++ - util/libcrypto.num | 4 ++-- - 2 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/include/openssl/x509.h b/include/openssl/x509.h -index 5f17057..5c88251 100644 ---- a/include/openssl/x509.h -+++ b/include/openssl/x509.h -@@ -573,8 +573,10 @@ void X509_get0_signature(const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg, const X509 *x); - int X509_get_signature_nid(const X509 *x); - -+# ifndef OPENSSL_NO_SM2 - void X509_set_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id); - ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x); -+# endif - - int X509_trusted(const X509 *x); - int X509_alias_set1(X509 *x, const unsigned char *name, int len); -diff --git a/util/libcrypto.num b/util/libcrypto.num -index 8635ac4..233d1c7 100644 ---- a/util/libcrypto.num -+++ b/util/libcrypto.num -@@ -4626,5 +4626,5 @@ FIPS_drbg_get_strength 6379 1_1_0g EXIST::FUNCTION: - FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION: - FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION: - FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION: --X509_set_sm2_id 6383 1_1_1m EXIST::FUNCTION: --X509_get0_sm2_id 6384 1_1_1m EXIST::FUNCTION: -+X509_set_sm2_id 6383 1_1_1m EXIST::FUNCTION:SM2 -+X509_get0_sm2_id 6384 1_1_1m EXIST::FUNCTION:SM2 --- -2.20.1 (Apple Git-117) - diff --git a/Backport-Make-X509_set_sm2_id-consistent-with-other-setters.patch b/Backport-Make-X509_set_sm2_id-consistent-with-other-setters.patch deleted file mode 100644 index daeeee816c3497ad6418c902fa9ab471475a1e14..0000000000000000000000000000000000000000 --- a/Backport-Make-X509_set_sm2_id-consistent-with-other-setters.patch +++ /dev/null @@ -1,320 +0,0 @@ -From 0717cc33d72b011cce4f53661c58d628b684275c Mon Sep 17 00:00:00 2001 -From: Paul Yang -Date: Mon, 1 Apr 2019 10:21:53 +0900 -Subject: [PATCH 09/15] Make X509_set_sm2_id consistent with other setters - -This commit makes the X509_set_sm2_id to 'set0' behaviour, which means -the memory management is passed to X509 and user doesn't need to free -the sm2_id parameter later. API name also changes to X509_set0_sm2_id. - -Document and test case are also updated. - -Reviewed-by: Matt Caswell -(Merged from https://github.com/openssl/openssl/pull/8626) ---- - apps/verify.c | 40 +++++++++++++++++++----------- - crypto/x509/x_all.c | 5 +++- - crypto/x509/x_x509.c | 13 +++++++--- - doc/man3/X509_get0_sm2_id.pod | 12 ++++++--- - include/crypto/x509.h | 2 +- - include/openssl/x509.h | 2 +- - test/verify_extra_test.c | 46 +++++++++++++++++++++++++++++++++++ - util/libcrypto.num | 2 +- - 8 files changed, 97 insertions(+), 25 deletions(-) - -diff --git a/apps/verify.c b/apps/verify.c -index 5052d80..9000567 100644 ---- a/apps/verify.c -+++ b/apps/verify.c -@@ -246,27 +246,37 @@ static int check(X509_STORE *ctx, const char *file, - - if (sm2id != NULL) { - #ifndef OPENSSL_NO_SM2 -- ASN1_OCTET_STRING v; -+ ASN1_OCTET_STRING *v; - -- v.data = sm2id; -- v.length = sm2idlen; -+ v = ASN1_OCTET_STRING_new(); -+ if (v == NULL) { -+ BIO_printf(bio_err, "error: SM2 ID allocation failed\n"); -+ goto end; -+ } - -- X509_set_sm2_id(x, &v); -+ if (!ASN1_OCTET_STRING_set(v, sm2id, sm2idlen)) { -+ BIO_printf(bio_err, "error: setting SM2 ID failed\n"); -+ ASN1_OCTET_STRING_free(v); -+ goto end; -+ } -+ -+ X509_set0_sm2_id(x, v); - #endif - } - - csc = X509_STORE_CTX_new(); - if (csc == NULL) { -- printf("error %s: X.509 store context allocation failed\n", -- (file == NULL) ? "stdin" : file); -+ BIO_printf(bio_err, "error %s: X.509 store context allocation failed\n", -+ (file == NULL) ? "stdin" : file); - goto end; - } - - X509_STORE_set_flags(ctx, vflags); - if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { - X509_STORE_CTX_free(csc); -- printf("error %s: X.509 store context initialization failed\n", -- (file == NULL) ? "stdin" : file); -+ BIO_printf(bio_err, -+ "error %s: X.509 store context initialization failed\n", -+ (file == NULL) ? "stdin" : file); - goto end; - } - if (tchain != NULL) -@@ -275,28 +285,30 @@ static int check(X509_STORE *ctx, const char *file, - X509_STORE_CTX_set0_crls(csc, crls); - i = X509_verify_cert(csc); - if (i > 0 && X509_STORE_CTX_get_error(csc) == X509_V_OK) { -- printf("%s: OK\n", (file == NULL) ? "stdin" : file); -+ BIO_printf(bio_out, "%s: OK\n", (file == NULL) ? "stdin" : file); - ret = 1; - if (show_chain) { - int j; - - chain = X509_STORE_CTX_get1_chain(csc); - num_untrusted = X509_STORE_CTX_get_num_untrusted(csc); -- printf("Chain:\n"); -+ BIO_printf(bio_out, "Chain:\n"); - for (j = 0; j < sk_X509_num(chain); j++) { - X509 *cert = sk_X509_value(chain, j); -- printf("depth=%d: ", j); -+ BIO_printf(bio_out, "depth=%d: ", j); - X509_NAME_print_ex_fp(stdout, - X509_get_subject_name(cert), - 0, get_nameopt()); - if (j < num_untrusted) -- printf(" (untrusted)"); -- printf("\n"); -+ BIO_printf(bio_out, " (untrusted)"); -+ BIO_printf(bio_out, "\n"); - } - sk_X509_pop_free(chain, X509_free); - } - } else { -- printf("error %s: verification failed\n", (file == NULL) ? "stdin" : file); -+ BIO_printf(bio_err, -+ "error %s: verification failed\n", -+ (file == NULL) ? "stdin" : file); - } - X509_STORE_CTX_free(csc); - -diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c -index 60a2892..9c8aea5 100644 ---- a/crypto/x509/x_all.c -+++ b/crypto/x509/x_all.c -@@ -72,7 +72,10 @@ static int x509_verify_sm2(X509 *x, EVP_PKEY *pkey, int mdnid, int pknid) - ret = 0; - goto err; - } -- if (EVP_PKEY_CTX_set1_id(pctx, x->sm2_id.data, x->sm2_id.length) != 1) { -+ /* NOTE: we tolerate no actual ID, to provide maximum flexibility */ -+ if (x->sm2_id != NULL -+ && EVP_PKEY_CTX_set1_id(pctx, x->sm2_id->data, -+ x->sm2_id->length) != 1) { - X509err(X509_F_X509_VERIFY_SM2, ERR_R_EVP_LIB); - ret = 0; - goto err; -diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c -index 1beab78..fb03bb2 100644 ---- a/crypto/x509/x_x509.c -+++ b/crypto/x509/x_x509.c -@@ -72,6 +72,9 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - #ifndef OPENSSL_NO_RFC3779 - ret->rfc3779_addr = NULL; - ret->rfc3779_asid = NULL; -+#endif -+#ifndef OPENSSL_NO_SM2 -+ ret->sm2_id = NULL; - #endif - ret->aux = NULL; - ret->crldp = NULL; -@@ -91,6 +94,9 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - #ifndef OPENSSL_NO_RFC3779 - sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); - ASIdentifiers_free(ret->rfc3779_asid); -+#endif -+#ifndef OPENSSL_NO_SM2 -+ ASN1_OCTET_STRING_free(ret->sm2_id); - #endif - break; - -@@ -247,13 +253,14 @@ int X509_get_signature_nid(const X509 *x) - } - - #ifndef OPENSSL_NO_SM2 --void X509_set_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id) -+void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id) - { -- x->sm2_id = *sm2_id; -+ ASN1_OCTET_STRING_free(x->sm2_id); -+ x->sm2_id = sm2_id; - } - - ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x) - { -- return &x->sm2_id; -+ return x->sm2_id; - } - #endif -diff --git a/doc/man3/X509_get0_sm2_id.pod b/doc/man3/X509_get0_sm2_id.pod -index 84da71e..9698c86 100644 ---- a/doc/man3/X509_get0_sm2_id.pod -+++ b/doc/man3/X509_get0_sm2_id.pod -@@ -2,20 +2,24 @@ - - =head1 NAME - --X509_get0_sm2_id, X509_set_sm2_id - get or set SM2 ID for certificate operations -+X509_get0_sm2_id, X509_set0_sm2_id - get or set SM2 ID for certificate operations - - =head1 SYNOPSIS - - #include - - ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x); -- void X509_set_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id); -+ void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id); - - =head1 DESCRIPTION - - X509_get0_sm2_id() gets the ID value of an SM2 certificate B by returning an - B object which should not be freed by the caller. --X509_set_sm2_id() sets the B value to an SM2 certificate B. -+ -+X509_set0_sm2_id() sets the B value to an SM2 certificate B. Calling -+this function transfers the memory management of the value to the X509 object, -+and therefore the value that has been passed in should not be freed by the -+caller after this function has been called. - - =head1 NOTES - -@@ -25,7 +29,7 @@ ability to set and retrieve the SM2 ID value. - - =head1 RETURN VALUES - --X509_set_sm2_id() does not return a value. -+X509_set0_sm2_id() does not return a value. - - =head1 SEE ALSO - -diff --git a/include/crypto/x509.h b/include/crypto/x509.h -index 418c427..5c314a8 100644 ---- a/include/crypto/x509.h -+++ b/include/crypto/x509.h -@@ -186,7 +186,7 @@ struct x509_st { - CRYPTO_RWLOCK *lock; - volatile int ex_cached; - # ifndef OPENSSL_NO_SM2 -- ASN1_OCTET_STRING sm2_id; -+ ASN1_OCTET_STRING *sm2_id; - # endif - } /* X509 */ ; - -diff --git a/include/openssl/x509.h b/include/openssl/x509.h -index 5c88251..a02cf50 100644 ---- a/include/openssl/x509.h -+++ b/include/openssl/x509.h -@@ -574,7 +574,7 @@ void X509_get0_signature(const ASN1_BIT_STRING **psig, - int X509_get_signature_nid(const X509 *x); - - # ifndef OPENSSL_NO_SM2 --void X509_set_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id); -+void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id); - ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x); - # endif - -diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c -index b9959e0..763ea4f 100644 ---- a/test/verify_extra_test.c -+++ b/test/verify_extra_test.c -@@ -8,6 +8,7 @@ - */ - - #include -+#include - #include - #include - #include -@@ -231,6 +232,48 @@ static int test_self_signed_bad(void) - return test_self_signed(bad_f, 0); - } - -+#ifndef OPENSSL_NO_SM2 -+static int test_sm2_id(void) -+{ -+ /* we only need an X509 structure, no matter if it's a real SM2 cert */ -+ X509 *x = NULL; -+ BIO *bio = NULL; -+ int ret = 0; -+ ASN1_OCTET_STRING *v = NULL, *v2 = NULL; -+ char *sm2id = "this is an ID"; -+ -+ bio = BIO_new_file(bad_f, "r"); -+ if (bio == NULL) -+ goto err; -+ -+ x = PEM_read_bio_X509(bio, NULL, 0, NULL); -+ if (x == NULL) -+ goto err; -+ -+ v = ASN1_OCTET_STRING_new(); -+ if (v == NULL) -+ goto err; -+ -+ if (!ASN1_OCTET_STRING_set(v, (unsigned char *)sm2id, (int)strlen(sm2id))) { -+ ASN1_OCTET_STRING_free(v); -+ goto err; -+ } -+ -+ X509_set0_sm2_id(x, v); -+ -+ v2 = X509_get0_sm2_id(x); -+ if (!TEST_ptr(v2) -+ || !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0)) -+ goto err; -+ -+ ret = 1; -+ err: -+ X509_free(x); -+ BIO_free(bio); -+ return ret; -+} -+#endif -+ - int setup_tests(void) - { - if (!TEST_ptr(roots_f = test_get_argument(0)) -@@ -245,5 +288,8 @@ int setup_tests(void) - ADD_TEST(test_store_ctx); - ADD_TEST(test_self_signed_good); - ADD_TEST(test_self_signed_bad); -+#ifndef OPENSSL_NO_SM2 -+ ADD_TEST(test_sm2_id); -+#endif - return 1; - } -diff --git a/util/libcrypto.num b/util/libcrypto.num -index 233d1c7..d7abe91 100644 ---- a/util/libcrypto.num -+++ b/util/libcrypto.num -@@ -4626,5 +4626,5 @@ FIPS_drbg_get_strength 6379 1_1_0g EXIST::FUNCTION: - FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION: - FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION: - FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION: --X509_set_sm2_id 6383 1_1_1m EXIST::FUNCTION:SM2 -+X509_set0_sm2_id 6383 1_1_1m EXIST::FUNCTION:SM2 - X509_get0_sm2_id 6384 1_1_1m EXIST::FUNCTION:SM2 --- -2.20.1 (Apple Git-117) - diff --git a/Backport-SM3-acceleration-with-SM3-hardware-instruction-on-aa.patch b/Backport-SM3-acceleration-with-SM3-hardware-instruction-on-aa.patch deleted file mode 100644 index 722d5061beb145474c72e3731cdfdf6f0eee823f..0000000000000000000000000000000000000000 --- a/Backport-SM3-acceleration-with-SM3-hardware-instruction-on-aa.patch +++ /dev/null @@ -1,492 +0,0 @@ -From 4d2e328357ac4b468d4762a5a5f615d7e7bf46a6 Mon Sep 17 00:00:00 2001 -From: Xu Yizhou -Date: Thu, 27 Oct 2022 20:49:34 +0800 -Subject: [PATCH 1/3] SM3 acceleration with SM3 hardware instruction on aarch64 - -This patch contains the following two PRs, - -1. SM3 acceleration with SM3 hardware instruction on aarch64 - -SM3 hardware instruction is optional feature of crypto extension for -aarch64. This implementation accelerates SM3 via SM3 instructions. For -the platform not supporting SM3 instruction, the original C -implementation still works. Thanks to AliBaba for testing and reporting -the following perf numbers for Yitian710: - -Benchmark on T-Head Yitian-710 2.75GHz: - -Before: -type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes -sm3 49297.82k 121062.63k 223106.05k 283371.52k 307574.10k 309400.92k - -After (33% - 74% faster): -type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes -sm3 65640.01k 179121.79k 359854.59k 481448.96k 534055.59k 538274.47k - -Reviewed-by: Paul Dale -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/17454) - -2. Fix sm3ss1 translation issue in sm3-armv8.pl - -Reviewed-by: Tomas Mraz -Reviewed-by: Matt Caswell -Reviewed-by: Paul Dale -(Merged from https://github.com/openssl/openssl/pull/17542) - -Signed-off-by: Xu Yizhou ---- - Configurations/00-base-templates.conf | 1 + - Configure | 4 + - crypto/arm64cpuid.pl | 7 + - crypto/arm_arch.h | 1 + - crypto/armcap.c | 10 + - crypto/sm3/asm/sm3-armv8.pl | 280 ++++++++++++++++++++++++++ - crypto/sm3/build.info | 15 +- - crypto/sm3/sm3_local.h | 16 +- - 8 files changed, 332 insertions(+), 2 deletions(-) - create mode 100644 crypto/sm3/asm/sm3-armv8.pl - -diff --git a/Configurations/00-base-templates.conf b/Configurations/00-base-templates.conf -index 1d35012..a67ae65 100644 ---- a/Configurations/00-base-templates.conf -+++ b/Configurations/00-base-templates.conf -@@ -322,6 +322,7 @@ my %targets=( - poly1305_asm_src=> "poly1305-armv8.S", - keccak1600_asm_src => "keccak1600-armv8.S", - sm4_asm_src => "vpsm4_ex-armv8.S", -+ sm3_asm_src => "sm3-armv8.S", - }, - parisc11_asm => { - template => 1, -diff --git a/Configure b/Configure -index 3bfe360..fce460d 100755 ---- a/Configure -+++ b/Configure -@@ -1423,6 +1423,9 @@ unless ($disabled{asm}) { - if ($target{sm4_asm_src} ne "") { - push @{$config{lib_defines}}, "VPSM4_EX_ASM"; - } -+ if ($target{sm3_asm_src} ne "") { -+ push @{$config{lib_defines}}, "SM3_ASM"; -+ } - } - - my %predefined_C = compiler_predefined($config{CROSS_COMPILE}.$config{CC}); -@@ -3379,6 +3382,7 @@ sub print_table_entry - "multilib", - "build_scheme", - "sm4_asm_src", -+ "sm3_asm_src", - ); - - if ($type eq "TABLE") { -diff --git a/crypto/arm64cpuid.pl b/crypto/arm64cpuid.pl -index 319927e..1e9b167 100755 ---- a/crypto/arm64cpuid.pl -+++ b/crypto/arm64cpuid.pl -@@ -78,6 +78,13 @@ _armv8_sha512_probe: - ret - .size _armv8_sha512_probe,.-_armv8_sha512_probe - -+.globl _armv8_sm3_probe -+.type _armv8_sm3_probe,%function -+_armv8_sm3_probe: -+ .long 0xce63c004 // sm3partw1 v4.4s, v0.4s, v3.4s -+ ret -+.size _armv8_sm3_probe,.-_armv8_sm3_probe -+ - .globl OPENSSL_cleanse - .type OPENSSL_cleanse,%function - .align 5 -diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h -index 8b71055..8839b21 100644 ---- a/crypto/arm_arch.h -+++ b/crypto/arm_arch.h -@@ -80,5 +80,6 @@ extern unsigned int OPENSSL_armcap_P; - # define ARMV8_SHA256 (1<<4) - # define ARMV8_PMULL (1<<5) - # define ARMV8_SHA512 (1<<6) -+# define ARMV8_SM3 (1<<9) - - #endif -diff --git a/crypto/armcap.c b/crypto/armcap.c -index 48c5d4d..8b2f4a5 100644 ---- a/crypto/armcap.c -+++ b/crypto/armcap.c -@@ -47,6 +47,7 @@ void _armv8_sha1_probe(void); - void _armv8_sha256_probe(void); - void _armv8_pmull_probe(void); - # ifdef __aarch64__ -+void _armv8_sm3_probe(void); - void _armv8_sha512_probe(void); - # endif - uint32_t _armv7_tick(void); -@@ -130,6 +131,7 @@ static unsigned long getauxval(unsigned long key) - # define HWCAP_CE_PMULL (1 << 4) - # define HWCAP_CE_SHA1 (1 << 5) - # define HWCAP_CE_SHA256 (1 << 6) -+# define HWCAP_CE_SM3 (1 << 18) - # define HWCAP_CE_SHA512 (1 << 21) - # endif - -@@ -190,6 +192,9 @@ void OPENSSL_cpuid_setup(void) - # ifdef __aarch64__ - if (hwcap & HWCAP_CE_SHA512) - OPENSSL_armcap_P |= ARMV8_SHA512; -+ -+ if (hwcap & HWCAP_CE_SM3) -+ OPENSSL_armcap_P |= ARMV8_SM3; - # endif - } - # endif -@@ -233,6 +238,11 @@ void OPENSSL_cpuid_setup(void) - _armv8_sha512_probe(); - OPENSSL_armcap_P |= ARMV8_SHA512; - } -+ -+ if (sigsetjmp(ill_jmp, 1) == 0) { -+ _armv8_sm3_probe(); -+ OPENSSL_armcap_P |= ARMV8_SM3; -+ } - # endif - } - # endif -diff --git a/crypto/sm3/asm/sm3-armv8.pl b/crypto/sm3/asm/sm3-armv8.pl -new file mode 100644 -index 0000000..677ca52 ---- /dev/null -+++ b/crypto/sm3/asm/sm3-armv8.pl -@@ -0,0 +1,280 @@ -+#! /usr/bin/env perl -+# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+# -+# This module implements support for Armv8 SM3 instructions -+ -+# $output is the last argument if it looks like a file (it has an extension) -+# $flavour is the first argument if it doesn't look like a file -+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -+$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; -+ -+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or -+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or -+die "can't locate arm-xlate.pl"; -+ -+open OUT,"| \"$^X\" $xlate $flavour \"$output\"" -+ or die "can't call $xlate: $!"; -+*STDOUT=*OUT; -+ -+# Message expanding: -+# Wj <- P1(W[j-16]^W[j-9]^(W[j-3]<<<15))^(W[j-13]<<<7)^W[j-6] -+# Input: s0, s1, s2, s3 -+# s0 = w0 | w1 | w2 | w3 -+# s1 = w4 | w5 | w6 | w7 -+# s2 = w8 | w9 | w10 | w11 -+# s3 = w12 | w13 | w14 | w15 -+# Output: s4 -+sub msg_exp () { -+my $s0 = shift; -+my $s1 = shift; -+my $s2 = shift; -+my $s3 = shift; -+my $s4 = shift; -+my $vtmp1 = shift; -+my $vtmp2 = shift; -+$code.=<<___; -+ // s4 = w7 | w8 | w9 | w10 -+ ext $s4.16b, $s1.16b, $s2.16b, #12 -+ // vtmp1 = w3 | w4 | w5 | w6 -+ ext $vtmp1.16b, $s0.16b, $s1.16b, #12 -+ // vtmp2 = w10 | w11 | w12 | w13 -+ ext $vtmp2.16b, $s2.16b, $s3.16b, #8 -+ sm3partw1 $s4.4s, $s0.4s, $s3.4s -+ sm3partw2 $s4.4s, $vtmp2.4s, $vtmp1.4s -+___ -+} -+ -+# A round of compresson function -+# Input: -+# ab - choose instruction among sm3tt1a, sm3tt1b, sm3tt2a, sm3tt2b -+# vstate0 - vstate1, store digest status(A - H) -+# vconst0 - vconst1, interleaved used to store Tj <<< j -+# vtmp - temporary register -+# vw - for sm3tt1ab, vw = s0 eor s1 -+# s0 - for sm3tt2ab, just be s0 -+# i, choose wj' or wj from vw -+sub round () { -+my $ab = shift; -+my $vstate0 = shift; -+my $vstate1 = shift; -+my $vconst0 = shift; -+my $vconst1 = shift; -+my $vtmp = shift; -+my $vw = shift; -+my $s0 = shift; -+my $i = shift; -+$code.=<<___; -+ sm3ss1 $vtmp.4s, $vstate0.4s, $vconst0.4s, $vstate1.4s -+ shl $vconst1.4s, $vconst0.4s, #1 -+ sri $vconst1.4s, $vconst0.4s, #31 -+ sm3tt1$ab $vstate0.4s, $vtmp.4s, $vw.4s[$i] -+ sm3tt2$ab $vstate1.4s, $vtmp.4s, $s0.4s[$i] -+___ -+} -+ -+sub qround () { -+my $ab = shift; -+my $vstate0 = shift; -+my $vstate1 = shift; -+my $vconst0 = shift; -+my $vconst1 = shift; -+my $vtmp1 = shift; -+my $vtmp2 = shift; -+my $s0 = shift; -+my $s1 = shift; -+my $s2 = shift; -+my $s3 = shift; -+my $s4 = shift; -+ if($s4) { -+ &msg_exp($s0, $s1, $s2, $s3, $s4, $vtmp1, $vtmp2); -+ } -+$code.=<<___; -+ eor $vtmp1.16b, $s0.16b, $s1.16b -+___ -+ &round($ab, $vstate0, $vstate1, $vconst0, $vconst1, $vtmp2, -+ $vtmp1, $s0, 0); -+ &round($ab, $vstate0, $vstate1, $vconst1, $vconst0, $vtmp2, -+ $vtmp1, $s0, 1); -+ &round($ab, $vstate0, $vstate1, $vconst0, $vconst1, $vtmp2, -+ $vtmp1, $s0, 2); -+ &round($ab, $vstate0, $vstate1, $vconst1, $vconst0, $vtmp2, -+ $vtmp1, $s0, 3); -+} -+ -+$code=<<___; -+#include "arm_arch.h" -+.arch armv8.2-a -+.text -+___ -+ -+{{{ -+my ($pstate,$pdata,$num)=("x0","x1","w2"); -+my ($state1,$state2)=("v5","v6"); -+my ($sconst1, $sconst2)=("s16","s17"); -+my ($vconst1, $vconst2)=("v16","v17"); -+my ($s0,$s1,$s2,$s3,$s4)=map("v$_",(0..4)); -+my ($bkstate1,$bkstate2)=("v18","v19"); -+my ($vconst_tmp1,$vconst_tmp2)=("v20","v21"); -+my ($vtmp1,$vtmp2)=("v22","v23"); -+my $constaddr="x8"; -+# void ossl_hwsm3_block_data_order(SM3_CTX *c, const void *p, size_t num) -+$code.=<<___; -+.globl ossl_hwsm3_block_data_order -+.type ossl_hwsm3_block_data_order,%function -+.align 5 -+ossl_hwsm3_block_data_order: -+ // load state -+ ld1 {$state1.4s-$state2.4s}, [$pstate] -+ rev64 $state1.4s, $state1.4s -+ rev64 $state2.4s, $state2.4s -+ ext $state1.16b, $state1.16b, $state1.16b, #8 -+ ext $state2.16b, $state2.16b, $state2.16b, #8 -+ -+ adr $constaddr, .Tj -+ ldp $sconst1, $sconst2, [$constaddr] -+ -+.Loop: -+ // load input -+ ld1 {$s0.16b-$s3.16b}, [$pdata], #64 -+ sub $num, $num, #1 -+ -+ mov $bkstate1.16b, $state1.16b -+ mov $bkstate2.16b, $state2.16b -+ -+#ifndef __ARMEB__ -+ rev32 $s0.16b, $s0.16b -+ rev32 $s1.16b, $s1.16b -+ rev32 $s2.16b, $s2.16b -+ rev32 $s3.16b, $s3.16b -+#endif -+ -+ ext $vconst_tmp1.16b, $vconst1.16b, $vconst1.16b, #4 -+___ -+ &qround("a",$state1,$state2,$vconst_tmp1,$vconst_tmp2,$vtmp1,$vtmp2, -+ $s0,$s1,$s2,$s3,$s4); -+ &qround("a",$state1,$state2,$vconst_tmp1,$vconst_tmp2,$vtmp1,$vtmp2, -+ $s1,$s2,$s3,$s4,$s0); -+ &qround("a",$state1,$state2,$vconst_tmp1,$vconst_tmp2,$vtmp1,$vtmp2, -+ $s2,$s3,$s4,$s0,$s1); -+ &qround("a",$state1,$state2,$vconst_tmp1,$vconst_tmp2,$vtmp1,$vtmp2, -+ $s3,$s4,$s0,$s1,$s2); -+ -+$code.=<<___; -+ ext $vconst_tmp1.16b, $vconst2.16b, $vconst2.16b, #4 -+___ -+ -+ &qround("b",$state1,$state2,$vconst_tmp1,$vconst_tmp2,$vtmp1,$vtmp2, -+ $s4,$s0,$s1,$s2,$s3); -+ &qround("b",$state1,$state2,$vconst_tmp1,$vconst_tmp2,$vtmp1,$vtmp2, -+ $s0,$s1,$s2,$s3,$s4); -+ &qround("b",$state1,$state2,$vconst_tmp1,$vconst_tmp2,$vtmp1,$vtmp2, -+ $s1,$s2,$s3,$s4,$s0); -+ &qround("b",$state1,$state2,$vconst_tmp1,$vconst_tmp2,$vtmp1,$vtmp2, -+ $s2,$s3,$s4,$s0,$s1); -+ &qround("b",$state1,$state2,$vconst_tmp1,$vconst_tmp2,$vtmp1,$vtmp2, -+ $s3,$s4,$s0,$s1,$s2); -+ &qround("b",$state1,$state2,$vconst_tmp1,$vconst_tmp2,$vtmp1,$vtmp2, -+ $s4,$s0,$s1,$s2,$s3); -+ &qround("b",$state1,$state2,$vconst_tmp1,$vconst_tmp2,$vtmp1,$vtmp2, -+ $s0,$s1,$s2,$s3,$s4); -+ &qround("b",$state1,$state2,$vconst_tmp1,$vconst_tmp2,$vtmp1,$vtmp2, -+ $s1,$s2,$s3,$s4,$s0); -+ &qround("b",$state1,$state2,$vconst_tmp1,$vconst_tmp2,$vtmp1,$vtmp2, -+ $s2,$s3,$s4,$s0,$s1); -+ &qround("b",$state1,$state2,$vconst_tmp1,$vconst_tmp2,$vtmp1,$vtmp2, -+ $s3,$s4); -+ &qround("b",$state1,$state2,$vconst_tmp1,$vconst_tmp2,$vtmp1,$vtmp2, -+ $s4,$s0); -+ &qround("b",$state1,$state2,$vconst_tmp1,$vconst_tmp2,$vtmp1,$vtmp2, -+ $s0,$s1); -+ -+$code.=<<___; -+ eor $state1.16b, $state1.16b, $bkstate1.16b -+ eor $state2.16b, $state2.16b, $bkstate2.16b -+ -+ // any remained blocks? -+ cbnz $num, .Loop -+ -+ // save state -+ rev64 $state1.4s, $state1.4s -+ rev64 $state2.4s, $state2.4s -+ ext $state1.16b, $state1.16b, $state1.16b, #8 -+ ext $state2.16b, $state2.16b, $state2.16b, #8 -+ st1 {$state1.4s-$state2.4s}, [$pstate] -+ ret -+.size ossl_hwsm3_block_data_order,.-ossl_hwsm3_block_data_order -+ -+.align 3 -+.Tj: -+.word 0x79cc4519, 0x9d8a7a87 -+___ -+}}} -+ -+######################################### -+my %sm3partopcode = ( -+ "sm3partw1" => 0xce60C000, -+ "sm3partw2" => 0xce60C400); -+ -+my %sm3ss1opcode = ( -+ "sm3ss1" => 0xce400000); -+ -+my %sm3ttopcode = ( -+ "sm3tt1a" => 0xce408000, -+ "sm3tt1b" => 0xce408400, -+ "sm3tt2a" => 0xce408800, -+ "sm3tt2b" => 0xce408C00); -+ -+sub unsm3part { -+ my ($mnemonic,$arg)=@_; -+ -+ $arg=~ m/[qv](\d+)[^,]*,\s*[qv](\d+)[^,]*,\s*[qv](\d+)/o -+ && -+ sprintf ".inst\t0x%08x\t//%s %s", -+ $sm3partopcode{$mnemonic}|$1|($2<<5)|($3<<16), -+ $mnemonic,$arg; -+} -+ -+sub unsm3ss1 { -+ my ($mnemonic,$arg)=@_; -+ -+ $arg=~ m/[qv](\d+)[^,]*,\s*[qv](\d+)[^,]*,\s*[qv](\d+)[^,]*,\s*[qv](\d+)/o -+ && -+ sprintf ".inst\t0x%08x\t//%s %s", -+ $sm3ss1opcode{$mnemonic}|$1|($2<<5)|($3<<16)|($4<<10), -+ $mnemonic,$arg; -+} -+ -+sub unsm3tt { -+ my ($mnemonic,$arg)=@_; -+ -+ $arg=~ m/[qv](\d+)[^,]*,\s*[qv](\d+)[^,]*,\s*[qv](\d+)[^,]*\[([0-3])\]/o -+ && -+ sprintf ".inst\t0x%08x\t//%s %s", -+ $sm3ttopcode{$mnemonic}|$1|($2<<5)|($3<<16)|($4<<12), -+ $mnemonic,$arg; -+} -+ -+open SELF,$0; -+while() { -+ next if (/^#!/); -+ last if (!s/^#/\/\// and !/^$/); -+ print; -+} -+close SELF; -+ -+foreach(split("\n",$code)) { -+ s/\`([^\`]*)\`/eval($1)/ge; -+ -+ s/\b(sm3partw[1-2])\s+([qv].*)/unsm3part($1,$2)/ge; -+ s/\b(sm3ss1)\s+([qv].*)/unsm3ss1($1,$2)/ge; -+ s/\b(sm3tt[1-2][a-b])\s+([qv].*)/unsm3tt($1,$2)/ge; -+ print $_,"\n"; -+} -+ -+close STDOUT or die "error closing STDOUT: $!"; -diff --git a/crypto/sm3/build.info b/crypto/sm3/build.info -index 6009b19..e113729 100644 ---- a/crypto/sm3/build.info -+++ b/crypto/sm3/build.info -@@ -1,2 +1,15 @@ - LIBS=../../libcrypto --SOURCE[../../libcrypto]=sm3.c m_sm3.c -+SOURCE[../../libcrypto]=\ -+ sm3.c m_sm3.c {- $target{sm3_asm_src} -} -+ -+GENERATE[sm3-armv8.S]=asm/sm3-armv8.pl $(PERLASM_SCHEME) -+INCLUDE[sm3-armv8.o]=.. -+ -+BEGINRAW[Makefile] -+##### SM3 assembler implementations -+ -+# GNU make "catch all" -+{- $builddir -}/sm3-%.S: {- $sourcedir -}/asm/sm3-%.pl -+ CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@ -+ -+ENDRAW[Makefile] -\ No newline at end of file -diff --git a/crypto/sm3/sm3_local.h b/crypto/sm3/sm3_local.h -index 7171de5..aafff63 100644 ---- a/crypto/sm3/sm3_local.h -+++ b/crypto/sm3/sm3_local.h -@@ -32,7 +32,21 @@ - ll=(c)->G; (void)HOST_l2c(ll, (s)); \ - ll=(c)->H; (void)HOST_l2c(ll, (s)); \ - } while (0) --#define HASH_BLOCK_DATA_ORDER sm3_block_data_order -+ -+#if defined(SM3_ASM) -+# if defined(__aarch64__) -+# include "crypto/arm_arch.h" -+# define HWSM3_CAPABLE (OPENSSL_armcap_P & ARMV8_SM3) -+void ossl_hwsm3_block_data_order(SM3_CTX *c, const void *p, size_t num); -+# endif -+#endif -+ -+#if defined(HWSM3_CAPABLE) -+# define HASH_BLOCK_DATA_ORDER (HWSM3_CAPABLE ? ossl_hwsm3_block_data_order \ -+ : sm3_block_data_order) -+#else -+# define HASH_BLOCK_DATA_ORDER sm3_block_data_order -+#endif - - void sm3_transform(SM3_CTX *c, const unsigned char *data); - --- -2.36.1 - diff --git a/Backport-SM4-optimization-for-ARM-by-HW-instruction.patch b/Backport-SM4-optimization-for-ARM-by-HW-instruction.patch deleted file mode 100644 index f525e708169046c40aebbcf61924f116e5ee2038..0000000000000000000000000000000000000000 --- a/Backport-SM4-optimization-for-ARM-by-HW-instruction.patch +++ /dev/null @@ -1,1032 +0,0 @@ -From 4f7e522f7fda2c55c4915396d08f8c9cf3b3fba8 Mon Sep 17 00:00:00 2001 -From: Xu Yizhou -Date: Fri, 28 Oct 2022 11:24:28 +0800 -Subject: [PATCH 2/3] SM4 optimization for ARM by HW instruction - -This patch is a copy of the following PR, with -some extra supporting code. - -1. SM4 optimization for ARM by HW instruction - -This patch implements the SM4 optimization for ARM processor, -using SM4 HW instruction, which is an optional feature of -crypto extension for aarch64 V8. - -Tested on some modern ARM micro-architectures with SM4 support, the -performance uplift can be observed around 8X~40X over existing -C implementation in openssl. Algorithms that can be parallelized -(like CTR, ECB, CBC decryption) are on higher end, with algorithm -like CBC encryption on lower end (due to inter-block dependency) - -Perf data on Yitian-710 2.75GHz hardware, before and after optimization: - -Before: -type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes -SM4-CTR 105787.80k 107837.87k 108380.84k 108462.08k 108549.46k 108554.92k -SM4-ECB 111924.58k 118173.76k 119776.00k 120093.70k 120264.02k 120274.94k -SM4-CBC 106428.09k 109190.98k 109674.33k 109774.51k 109827.41k 109827.41k - -After (7.4x - 36.6x faster): -type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes -SM4-CTR 781979.02k 2432994.28k 3437753.86k 3834177.88k 3963715.58k 3974556.33k -SM4-ECB 937590.69k 2941689.02k 3945751.81k 4328655.87k 4459181.40k 4468692.31k -SM4-CBC 890639.88k 1027746.58k 1050621.78k 1056696.66k 1058613.93k 1058701.31k - -Signed-off-by: Daniel Hu - -Reviewed-by: Paul Dale -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/17455\) - -Signed-off-by: Xu Yizhou ---- - Configurations/00-base-templates.conf | 2 +- - Configure | 3 +- - crypto/arm64cpuid.pl | 7 + - crypto/arm_arch.h | 1 + - crypto/armcap.c | 10 + - crypto/evp/e_sm4.c | 88 ++-- - crypto/sm4/asm/sm4-armv8.pl | 629 ++++++++++++++++++++++++++ - crypto/sm4/build.info | 13 +- - include/crypto/sm4_platform.h | 70 +++ - 9 files changed, 788 insertions(+), 35 deletions(-) - create mode 100644 crypto/sm4/asm/sm4-armv8.pl - create mode 100644 include/crypto/sm4_platform.h - -diff --git a/Configurations/00-base-templates.conf b/Configurations/00-base-templates.conf -index a67ae65..a26d081 100644 ---- a/Configurations/00-base-templates.conf -+++ b/Configurations/00-base-templates.conf -@@ -321,7 +321,7 @@ my %targets=( - chacha_asm_src => "chacha-armv8.S", - poly1305_asm_src=> "poly1305-armv8.S", - keccak1600_asm_src => "keccak1600-armv8.S", -- sm4_asm_src => "vpsm4_ex-armv8.S", -+ sm4_asm_src => "sm4-armv8.S vpsm4_ex-armv8.S", - sm3_asm_src => "sm3-armv8.S", - }, - parisc11_asm => { -diff --git a/Configure b/Configure -index fce460d..d013204 100755 ---- a/Configure -+++ b/Configure -@@ -1421,7 +1421,8 @@ unless ($disabled{asm}) { - push @{$config{lib_defines}}, "POLY1305_ASM"; - } - if ($target{sm4_asm_src} ne "") { -- push @{$config{lib_defines}}, "VPSM4_EX_ASM"; -+ push @{$config{lib_defines}}, "SM4_ASM" if ($target{sm4_asm_src} =~ m/sm4/); -+ push @{$config{lib_defines}}, "VPSM4_EX_ASM" if ($target{sm4_asm_src} =~ m/vpsm4_ex/); - } - if ($target{sm3_asm_src} ne "") { - push @{$config{lib_defines}}, "SM3_ASM"; -diff --git a/crypto/arm64cpuid.pl b/crypto/arm64cpuid.pl -index 1e9b167..341167b 100755 ---- a/crypto/arm64cpuid.pl -+++ b/crypto/arm64cpuid.pl -@@ -71,6 +71,13 @@ _armv8_pmull_probe: - ret - .size _armv8_pmull_probe,.-_armv8_pmull_probe - -+.globl _armv8_sm4_probe -+.type _armv8_sm4_probe,%function -+_armv8_sm4_probe: -+ .long 0xcec08400 // sm4e v0.4s, v0.4s -+ ret -+.size _armv8_sm4_probe,.-_armv8_sm4_probe -+ - .globl _armv8_sha512_probe - .type _armv8_sha512_probe,%function - _armv8_sha512_probe: -diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h -index 8839b21..0f6f7ca 100644 ---- a/crypto/arm_arch.h -+++ b/crypto/arm_arch.h -@@ -81,5 +81,6 @@ extern unsigned int OPENSSL_armcap_P; - # define ARMV8_PMULL (1<<5) - # define ARMV8_SHA512 (1<<6) - # define ARMV8_SM3 (1<<9) -+# define ARMV8_SM4 (1<<10) - - #endif -diff --git a/crypto/armcap.c b/crypto/armcap.c -index 8b2f4a5..73bcad1 100644 ---- a/crypto/armcap.c -+++ b/crypto/armcap.c -@@ -48,6 +48,7 @@ void _armv8_sha256_probe(void); - void _armv8_pmull_probe(void); - # ifdef __aarch64__ - void _armv8_sm3_probe(void); -+void _armv8_sm4_probe(void); - void _armv8_sha512_probe(void); - # endif - uint32_t _armv7_tick(void); -@@ -132,6 +133,7 @@ static unsigned long getauxval(unsigned long key) - # define HWCAP_CE_SHA1 (1 << 5) - # define HWCAP_CE_SHA256 (1 << 6) - # define HWCAP_CE_SM3 (1 << 18) -+# define HWCAP_CE_SM4 (1 << 19) - # define HWCAP_CE_SHA512 (1 << 21) - # endif - -@@ -190,6 +192,9 @@ void OPENSSL_cpuid_setup(void) - OPENSSL_armcap_P |= ARMV8_SHA256; - - # ifdef __aarch64__ -+ if (hwcap & HWCAP_CE_SM4) -+ OPENSSL_armcap_P |= ARMV8_SM4; -+ - if (hwcap & HWCAP_CE_SHA512) - OPENSSL_armcap_P |= ARMV8_SHA512; - -@@ -234,6 +239,11 @@ void OPENSSL_cpuid_setup(void) - OPENSSL_armcap_P |= ARMV8_SHA256; - } - # if defined(__aarch64__) && !defined(__APPLE__) -+ if (sigsetjmp(ill_jmp, 1) == 0) { -+ _armv8_sm4_probe(); -+ OPENSSL_armcap_P |= ARMV8_SM4; -+ } -+ - if (sigsetjmp(ill_jmp, 1) == 0) { - _armv8_sha512_probe(); - OPENSSL_armcap_P |= ARMV8_SHA512; -diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c -index 169d6c7..eaa5ba0 100644 ---- a/crypto/evp/e_sm4.c -+++ b/crypto/evp/e_sm4.c -@@ -15,17 +15,11 @@ - # include - # include "crypto/sm4.h" - # include "crypto/evp.h" -+# include "crypto/sm4_platform.h" - # include "evp_local.h" - # include "modes_local.h" - --#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__)) --# include "arm_arch.h" --# if __ARM_MAX_ARCH__>=7 --# if defined(VPSM4_EX_ASM) --# define VPSM4_EX_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) --# endif --# endif --#endif -+ - - typedef struct { - union { -@@ -35,28 +29,11 @@ typedef struct { - block128_f block; - union { - ecb128_f ecb; -+ cbc128_f cbc; -+ ctr128_f ctr; - } stream; - } EVP_SM4_KEY; - --#ifdef VPSM4_EX_CAPABLE --void vpsm4_ex_set_encrypt_key(const unsigned char *userKey, SM4_KEY *key); --void vpsm4_ex_set_decrypt_key(const unsigned char *userKey, SM4_KEY *key); --#define vpsm4_ex_encrypt SM4_encrypt --#define vpsm4_ex_decrypt SM4_encrypt --void vpsm4_ex_ecb_encrypt( -- const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key, const int enc); --/* xts mode in GB/T 17964-2021 */ --void vpsm4_ex_xts_encrypt_gb(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1, -- const SM4_KEY *key2, const uint8_t iv[16]); --void vpsm4_ex_xts_decrypt_gb(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1, -- const SM4_KEY *key2, const uint8_t iv[16]); --/* xts mode in IEEE Std 1619-2007 */ --void vpsm4_ex_xts_encrypt(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1, -- const SM4_KEY *key2, const uint8_t iv[16]); --void vpsm4_ex_xts_decrypt(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1, -- const SM4_KEY *key2, const uint8_t iv[16]); --#endif -- - # define BLOCK_CIPHER_generic(nid,blocksize,ivlen,nmode,mode,MODE,flags) \ - static const EVP_CIPHER sm4_##mode = { \ - nid##_##nmode,blocksize,128/8,ivlen, \ -@@ -84,6 +61,21 @@ static int sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - - mode = EVP_CIPHER_CTX_mode(ctx); - if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) { -+#ifdef HWSM4_CAPABLE -+ if (HWSM4_CAPABLE) { -+ HWSM4_set_decrypt_key(key, &dat->ks.ks); -+ dat->block = (block128_f) HWSM4_decrypt; -+ dat->stream.cbc = NULL; -+# ifdef HWSM4_cbc_encrypt -+ if (mode == EVP_CIPH_CBC_MODE) -+ dat->stream.cbc = (cbc128_f) HWSM4_cbc_encrypt; -+# endif -+# ifdef HWSM4_ecb_encrypt -+ if (mode == EVP_CIPH_ECB_MODE) -+ dat->stream.ecb = (ecb128_f) HWSM4_ecb_encrypt; -+# endif -+ } else -+#endif - #ifdef VPSM4_EX_CAPABLE - if (VPSM4_EX_CAPABLE) { - vpsm4_ex_set_decrypt_key(key, &dat->ks.ks); -@@ -97,6 +89,29 @@ static int sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - SM4_set_key(key, EVP_CIPHER_CTX_get_cipher_data(ctx)); - } - } else { -+#ifdef HWSM4_CAPABLE -+ if (HWSM4_CAPABLE) { -+ HWSM4_set_encrypt_key(key, &dat->ks.ks); -+ dat->block = (block128_f) HWSM4_encrypt; -+ dat->stream.cbc = NULL; -+# ifdef HWSM4_cbc_encrypt -+ if (mode == EVP_CIPH_CBC_MODE) -+ dat->stream.cbc = (cbc128_f) HWSM4_cbc_encrypt; -+ else -+# endif -+# ifdef HWSM4_ecb_encrypt -+ if (mode == EVP_CIPH_ECB_MODE) -+ dat->stream.ecb = (ecb128_f) HWSM4_ecb_encrypt; -+ else -+# endif -+# ifdef HWSM4_ctr32_encrypt_blocks -+ if (mode == EVP_CIPH_CTR_MODE) -+ dat->stream.ctr = (ctr128_f) HWSM4_ctr32_encrypt_blocks; -+ else -+# endif -+ (void)0; /* terminate potentially open 'else' */ -+ } else -+#endif - #ifdef VPSM4_EX_CAPABLE - if (VPSM4_EX_CAPABLE) { - vpsm4_ex_set_encrypt_key(key, &dat->ks.ks); -@@ -118,7 +133,10 @@ static int sm4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - { - EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY,ctx); - -- if (EVP_CIPHER_CTX_encrypting(ctx)) -+ if (dat->stream.cbc) -+ (*dat->stream.cbc) (in, out, len, &dat->ks.ks, ctx->iv, -+ EVP_CIPHER_CTX_encrypting(ctx)); -+ else if (EVP_CIPHER_CTX_encrypting(ctx)) - CRYPTO_cbc128_encrypt(in, out, len, &dat->ks.ks, - EVP_CIPHER_CTX_iv_noconst(ctx), dat->block); - else -@@ -183,10 +201,16 @@ static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - return 0; - num = (unsigned int)n; - -- CRYPTO_ctr128_encrypt(in, out, len, &dat->ks.ks, -- ctx->iv, -- EVP_CIPHER_CTX_buf_noconst(ctx), &num, -- dat->block); -+ if (dat->stream.ctr) -+ CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, -+ ctx->iv, -+ EVP_CIPHER_CTX_buf_noconst(ctx), -+ &num, dat->stream.ctr); -+ else -+ CRYPTO_ctr128_encrypt(in, out, len, &dat->ks.ks, -+ ctx->iv, -+ EVP_CIPHER_CTX_buf_noconst(ctx), &num, -+ dat->block); - EVP_CIPHER_CTX_set_num(ctx, num); - return 1; - } -diff --git a/crypto/sm4/asm/sm4-armv8.pl b/crypto/sm4/asm/sm4-armv8.pl -new file mode 100644 -index 0000000..dbacad2 ---- /dev/null -+++ b/crypto/sm4/asm/sm4-armv8.pl -@@ -0,0 +1,629 @@ -+#! /usr/bin/env perl -+# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+ -+# -+# This module implements support for SM4 hw support on aarch64 -+# Oct 2021 -+# -+ -+# $output is the last argument if it looks like a file (it has an extension) -+# $flavour is the first argument if it doesn't look like a file -+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -+$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; -+ -+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or -+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or -+die "can't locate arm-xlate.pl"; -+ -+open OUT,"| \"$^X\" $xlate $flavour \"$output\"" -+ or die "can't call $xlate: $!"; -+*STDOUT=*OUT; -+ -+$prefix="sm4_v8"; -+my @rks=map("v$_",(0..7)); -+ -+sub rev32() { -+my $dst = shift; -+my $src = shift; -+$code.=<<___; -+#ifndef __ARMEB__ -+ rev32 $dst.16b,$src.16b -+#endif -+___ -+} -+ -+sub enc_blk () { -+my $data = shift; -+$code.=<<___; -+ sm4e $data.4s,@rks[0].4s -+ sm4e $data.4s,@rks[1].4s -+ sm4e $data.4s,@rks[2].4s -+ sm4e $data.4s,@rks[3].4s -+ sm4e $data.4s,@rks[4].4s -+ sm4e $data.4s,@rks[5].4s -+ sm4e $data.4s,@rks[6].4s -+ sm4e $data.4s,@rks[7].4s -+ rev64 $data.4S,$data.4S -+ ext $data.16b,$data.16b,$data.16b,#8 -+___ -+} -+ -+sub enc_4blks () { -+my $data0 = shift; -+my $data1 = shift; -+my $data2 = shift; -+my $data3 = shift; -+$code.=<<___; -+ sm4e $data0.4s,@rks[0].4s -+ sm4e $data1.4s,@rks[0].4s -+ sm4e $data2.4s,@rks[0].4s -+ sm4e $data3.4s,@rks[0].4s -+ -+ sm4e $data0.4s,@rks[1].4s -+ sm4e $data1.4s,@rks[1].4s -+ sm4e $data2.4s,@rks[1].4s -+ sm4e $data3.4s,@rks[1].4s -+ -+ sm4e $data0.4s,@rks[2].4s -+ sm4e $data1.4s,@rks[2].4s -+ sm4e $data2.4s,@rks[2].4s -+ sm4e $data3.4s,@rks[2].4s -+ -+ sm4e $data0.4s,@rks[3].4s -+ sm4e $data1.4s,@rks[3].4s -+ sm4e $data2.4s,@rks[3].4s -+ sm4e $data3.4s,@rks[3].4s -+ -+ sm4e $data0.4s,@rks[4].4s -+ sm4e $data1.4s,@rks[4].4s -+ sm4e $data2.4s,@rks[4].4s -+ sm4e $data3.4s,@rks[4].4s -+ -+ sm4e $data0.4s,@rks[5].4s -+ sm4e $data1.4s,@rks[5].4s -+ sm4e $data2.4s,@rks[5].4s -+ sm4e $data3.4s,@rks[5].4s -+ -+ sm4e $data0.4s,@rks[6].4s -+ sm4e $data1.4s,@rks[6].4s -+ sm4e $data2.4s,@rks[6].4s -+ sm4e $data3.4s,@rks[6].4s -+ -+ sm4e $data0.4s,@rks[7].4s -+ rev64 $data0.4S,$data0.4S -+ sm4e $data1.4s,@rks[7].4s -+ ext $data0.16b,$data0.16b,$data0.16b,#8 -+ rev64 $data1.4S,$data1.4S -+ sm4e $data2.4s,@rks[7].4s -+ ext $data1.16b,$data1.16b,$data1.16b,#8 -+ rev64 $data2.4S,$data2.4S -+ sm4e $data3.4s,@rks[7].4s -+ ext $data2.16b,$data2.16b,$data2.16b,#8 -+ rev64 $data3.4S,$data3.4S -+ ext $data3.16b,$data3.16b,$data3.16b,#8 -+___ -+} -+ -+$code=<<___; -+#include "arm_arch.h" -+.arch armv8-a+crypto -+.text -+___ -+ -+{{{ -+$code.=<<___; -+.align 6 -+.Lck: -+ .long 0x00070E15, 0x1C232A31, 0x383F464D, 0x545B6269 -+ .long 0x70777E85, 0x8C939AA1, 0xA8AFB6BD, 0xC4CBD2D9 -+ .long 0xE0E7EEF5, 0xFC030A11, 0x181F262D, 0x343B4249 -+ .long 0x50575E65, 0x6C737A81, 0x888F969D, 0xA4ABB2B9 -+ .long 0xC0C7CED5, 0xDCE3EAF1, 0xF8FF060D, 0x141B2229 -+ .long 0x30373E45, 0x4C535A61, 0x686F767D, 0x848B9299 -+ .long 0xA0A7AEB5, 0xBCC3CAD1, 0xD8DFE6ED, 0xF4FB0209 -+ .long 0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279 -+.Lfk: -+ .long 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc -+___ -+}}} -+ -+{{{ -+my ($key,$keys)=("x0","x1"); -+my ($tmp)=("x2"); -+my ($key0,$key1,$key2,$key3,$key4,$key5,$key6,$key7)=map("v$_",(0..7)); -+my ($const0,$const1,$const2,$const3,$const4,$const5,$const6,$const7)=map("v$_",(16..23)); -+my ($fkconst) = ("v24"); -+$code.=<<___; -+.globl ${prefix}_set_encrypt_key -+.type ${prefix}_set_encrypt_key,%function -+.align 5 -+${prefix}_set_encrypt_key: -+ ld1 {$key0.4s},[$key] -+ adr $tmp,.Lfk -+ ld1 {$fkconst.4s},[$tmp] -+ adr $tmp,.Lck -+ ld1 {$const0.4s,$const1.4s,$const2.4s,$const3.4s},[$tmp],64 -+___ -+ &rev32($key0, $key0); -+$code.=<<___; -+ ld1 {$const4.4s,$const5.4s,$const6.4s,$const7.4s},[$tmp] -+ eor $key0.16b,$key0.16b,$fkconst.16b; -+ sm4ekey $key0.4S,$key0.4S,$const0.4S -+ sm4ekey $key1.4S,$key0.4S,$const1.4S -+ sm4ekey $key2.4S,$key1.4S,$const2.4S -+ sm4ekey $key3.4S,$key2.4S,$const3.4S -+ sm4ekey $key4.4S,$key3.4S,$const4.4S -+ st1 {$key0.4s,$key1.4s,$key2.4s,$key3.4s},[$keys],64 -+ sm4ekey $key5.4S,$key4.4S,$const5.4S -+ sm4ekey $key6.4S,$key5.4S,$const6.4S -+ sm4ekey $key7.4S,$key6.4S,$const7.4S -+ st1 {$key4.4s,$key5.4s,$key6.4s,$key7.4s},[$keys] -+ ret -+.size ${prefix}_set_encrypt_key,.-${prefix}_set_encrypt_key -+___ -+}}} -+ -+{{{ -+my ($key,$keys)=("x0","x1"); -+my ($tmp)=("x2"); -+my ($key7,$key6,$key5,$key4,$key3,$key2,$key1,$key0)=map("v$_",(0..7)); -+my ($const0,$const1,$const2,$const3,$const4,$const5,$const6,$const7)=map("v$_",(16..23)); -+my ($fkconst) = ("v24"); -+$code.=<<___; -+.globl ${prefix}_set_decrypt_key -+.type ${prefix}_set_decrypt_key,%function -+.align 5 -+${prefix}_set_decrypt_key: -+ ld1 {$key0.4s},[$key] -+ adr $tmp,.Lfk -+ ld1 {$fkconst.4s},[$tmp] -+ adr $tmp, .Lck -+ ld1 {$const0.4s,$const1.4s,$const2.4s,$const3.4s},[$tmp],64 -+___ -+ &rev32($key0, $key0); -+$code.=<<___; -+ ld1 {$const4.4s,$const5.4s,$const6.4s,$const7.4s},[$tmp] -+ eor $key0.16b, $key0.16b,$fkconst.16b; -+ sm4ekey $key0.4S,$key0.4S,$const0.4S -+ sm4ekey $key1.4S,$key0.4S,$const1.4S -+ sm4ekey $key2.4S,$key1.4S,$const2.4S -+ rev64 $key0.4s,$key0.4s -+ rev64 $key1.4s,$key1.4s -+ ext $key0.16b,$key0.16b,$key0.16b,#8 -+ ext $key1.16b,$key1.16b,$key1.16b,#8 -+ sm4ekey $key3.4S,$key2.4S,$const3.4S -+ sm4ekey $key4.4S,$key3.4S,$const4.4S -+ rev64 $key2.4s,$key2.4s -+ rev64 $key3.4s,$key3.4s -+ ext $key2.16b,$key2.16b,$key2.16b,#8 -+ ext $key3.16b,$key3.16b,$key3.16b,#8 -+ sm4ekey $key5.4S,$key4.4S,$const5.4S -+ sm4ekey $key6.4S,$key5.4S,$const6.4S -+ rev64 $key4.4s,$key4.4s -+ rev64 $key5.4s,$key5.4s -+ ext $key4.16b,$key4.16b,$key4.16b,#8 -+ ext $key5.16b,$key5.16b,$key5.16b,#8 -+ sm4ekey $key7.4S,$key6.4S,$const7.4S -+ rev64 $key6.4s, $key6.4s -+ rev64 $key7.4s, $key7.4s -+ ext $key6.16b,$key6.16b,$key6.16b,#8 -+ ext $key7.16b,$key7.16b,$key7.16b,#8 -+ st1 {$key7.4s,$key6.4s,$key5.4s,$key4.4s},[$keys],64 -+ st1 {$key3.4s,$key2.4s,$key1.4s,$key0.4s},[$keys] -+ ret -+.size ${prefix}_set_decrypt_key,.-${prefix}_set_decrypt_key -+___ -+}}} -+ -+{{{ -+sub gen_block () { -+my $dir = shift; -+my ($inp,$out,$rk)=map("x$_",(0..2)); -+my ($data)=("v16"); -+$code.=<<___; -+.globl ${prefix}_${dir}crypt -+.type ${prefix}_${dir}crypt,%function -+.align 5 -+${prefix}_${dir}crypt: -+ ld1 {$data.4s},[$inp] -+ ld1 {@rks[0].4s,@rks[1].4s,@rks[2].4s,@rks[3].4s},[$rk],64 -+ ld1 {@rks[4].4s,@rks[5].4s,@rks[6].4s,@rks[7].4s},[$rk] -+___ -+ &rev32($data,$data); -+ &enc_blk($data); -+ &rev32($data,$data); -+$code.=<<___; -+ st1 {$data.4s},[$out] -+ ret -+.size ${prefix}_${dir}crypt,.-${prefix}_${dir}crypt -+___ -+} -+ -+&gen_block("en"); -+&gen_block("de"); -+}}} -+ -+{{{ -+my ($inp,$out,$len,$rk)=map("x$_",(0..3)); -+my ($enc) = ("w4"); -+my @dat=map("v$_",(16..23)); -+$code.=<<___; -+.globl ${prefix}_ecb_encrypt -+.type ${prefix}_ecb_encrypt,%function -+.align 5 -+${prefix}_ecb_encrypt: -+ ld1 {@rks[0].4s,@rks[1].4s,@rks[2].4s,@rks[3].4s},[$rk],#64 -+ ld1 {@rks[4].4s,@rks[5].4s,@rks[6].4s,@rks[7].4s},[$rk] -+1: -+ cmp $len,#64 -+ b.lt 1f -+ ld1 {@dat[0].4s,@dat[1].4s,@dat[2].4s,@dat[3].4s},[$inp],#64 -+ cmp $len,#128 -+ b.lt 2f -+ ld1 {@dat[4].4s,@dat[5].4s,@dat[6].4s,@dat[7].4s},[$inp],#64 -+ // 8 blocks -+___ -+ &rev32(@dat[0],@dat[0]); -+ &rev32(@dat[1],@dat[1]); -+ &rev32(@dat[2],@dat[2]); -+ &rev32(@dat[3],@dat[3]); -+ &rev32(@dat[4],@dat[4]); -+ &rev32(@dat[5],@dat[5]); -+ &rev32(@dat[6],@dat[6]); -+ &rev32(@dat[7],@dat[7]); -+ &enc_4blks(@dat[0],@dat[1],@dat[2],@dat[3]); -+ &enc_4blks(@dat[4],@dat[5],@dat[6],@dat[7]); -+ &rev32(@dat[0],@dat[0]); -+ &rev32(@dat[1],@dat[1]); -+ &rev32(@dat[2],@dat[2]); -+ &rev32(@dat[3],@dat[3]); -+ &rev32(@dat[4],@dat[4]); -+ &rev32(@dat[5],@dat[5]); -+$code.=<<___; -+ st1 {@dat[0].4s,@dat[1].4s,@dat[2].4s,@dat[3].4s},[$out],#64 -+___ -+ &rev32(@dat[6],@dat[6]); -+ &rev32(@dat[7],@dat[7]); -+$code.=<<___; -+ st1 {@dat[4].4s,@dat[5].4s,@dat[6].4s,@dat[7].4s},[$out],#64 -+ subs $len,$len,#128 -+ b.gt 1b -+ ret -+ // 4 blocks -+2: -+___ -+ &rev32(@dat[0],@dat[0]); -+ &rev32(@dat[1],@dat[1]); -+ &rev32(@dat[2],@dat[2]); -+ &rev32(@dat[3],@dat[3]); -+ &enc_4blks(@dat[0],@dat[1],@dat[2],@dat[3]); -+ &rev32(@dat[0],@dat[0]); -+ &rev32(@dat[1],@dat[1]); -+ &rev32(@dat[2],@dat[2]); -+ &rev32(@dat[3],@dat[3]); -+$code.=<<___; -+ st1 {@dat[0].4s,@dat[1].4s,@dat[2].4s,@dat[3].4s},[$out],#64 -+ subs $len,$len,#64 -+ b.gt 1b -+1: -+ subs $len,$len,#16 -+ b.lt 1f -+ ld1 {@dat[0].4s},[$inp],#16 -+___ -+ &rev32(@dat[0],@dat[0]); -+ &enc_blk(@dat[0]); -+ &rev32(@dat[0],@dat[0]); -+$code.=<<___; -+ st1 {@dat[0].4s},[$out],#16 -+ b.ne 1b -+1: -+ ret -+.size ${prefix}_ecb_encrypt,.-${prefix}_ecb_encrypt -+___ -+}}} -+ -+{{{ -+my ($inp,$out,$len,$rk,$ivp)=map("x$_",(0..4)); -+my ($enc) = ("w5"); -+my @dat=map("v$_",(16..23)); -+my @in=map("v$_",(24..31)); -+my ($ivec) = ("v8"); -+$code.=<<___; -+.globl ${prefix}_cbc_encrypt -+.type ${prefix}_cbc_encrypt,%function -+.align 5 -+${prefix}_cbc_encrypt: -+ stp d8,d9,[sp, #-16]! -+ -+ ld1 {@rks[0].4s,@rks[1].4s,@rks[2].4s,@rks[3].4s},[$rk],#64 -+ ld1 {@rks[4].4s,@rks[5].4s,@rks[6].4s,@rks[7].4s},[$rk] -+ ld1 {$ivec.4s},[$ivp] -+ cmp $enc,#0 -+ b.eq .Ldec -+1: -+ cmp $len, #64 -+ b.lt 1f -+ ld1 {@dat[0].4s,@dat[1].4s,@dat[2].4s,@dat[3].4s},[$inp],#64 -+ eor @dat[0].16b,@dat[0].16b,$ivec.16b -+___ -+ &rev32(@dat[1],@dat[1]); -+ &rev32(@dat[0],@dat[0]); -+ &rev32(@dat[2],@dat[2]); -+ &rev32(@dat[3],@dat[3]); -+ &enc_blk(@dat[0]); -+$code.=<<___; -+ eor @dat[1].16b,@dat[1].16b,@dat[0].16b -+___ -+ &enc_blk(@dat[1]); -+ &rev32(@dat[0],@dat[0]); -+$code.=<<___; -+ eor @dat[2].16b,@dat[2].16b,@dat[1].16b -+___ -+ &enc_blk(@dat[2]); -+ &rev32(@dat[1],@dat[1]); -+$code.=<<___; -+ eor @dat[3].16b,@dat[3].16b,@dat[2].16b -+___ -+ &enc_blk(@dat[3]); -+ &rev32(@dat[2],@dat[2]); -+ &rev32(@dat[3],@dat[3]); -+$code.=<<___; -+ mov $ivec.16b,@dat[3].16b -+ st1 {@dat[0].4s,@dat[1].4s,@dat[2].4s,@dat[3].4s},[$out],#64 -+ subs $len,$len,#64 -+ b.ne 1b -+1: -+ subs $len,$len,#16 -+ b.lt 3f -+ ld1 {@dat[0].4s},[$inp],#16 -+ eor $ivec.16b,$ivec.16b,@dat[0].16b -+___ -+ &rev32($ivec,$ivec); -+ &enc_blk($ivec); -+ &rev32($ivec,$ivec); -+$code.=<<___; -+ st1 {$ivec.16b},[$out],#16 -+ b.ne 1b -+ b 3f -+.Ldec: -+1: -+ cmp $len, #64 -+ b.lt 1f -+ ld1 {@dat[0].4s,@dat[1].4s,@dat[2].4s,@dat[3].4s},[$inp] -+ ld1 {@in[0].4s,@in[1].4s,@in[2].4s,@in[3].4s},[$inp],#64 -+ cmp $len,#128 -+ b.lt 2f -+ // 8 blocks mode -+ ld1 {@dat[4].4s,@dat[5].4s,@dat[6].4s,@dat[7].4s},[$inp] -+ ld1 {@in[4].4s,@in[5].4s,@in[6].4s,@in[7].4s},[$inp],#64 -+___ -+ &rev32(@dat[0],@dat[0]); -+ &rev32(@dat[1],@dat[1]); -+ &rev32(@dat[2],@dat[2]); -+ &rev32(@dat[3],$dat[3]); -+ &rev32(@dat[4],@dat[4]); -+ &rev32(@dat[5],@dat[5]); -+ &rev32(@dat[6],@dat[6]); -+ &rev32(@dat[7],$dat[7]); -+ &enc_4blks(@dat[0],@dat[1],@dat[2],@dat[3]); -+ &enc_4blks(@dat[4],@dat[5],@dat[6],@dat[7]); -+ &rev32(@dat[0],@dat[0]); -+ &rev32(@dat[1],@dat[1]); -+ &rev32(@dat[2],@dat[2]); -+ &rev32(@dat[3],@dat[3]); -+ &rev32(@dat[4],@dat[4]); -+ &rev32(@dat[5],@dat[5]); -+ &rev32(@dat[6],@dat[6]); -+ &rev32(@dat[7],@dat[7]); -+$code.=<<___; -+ eor @dat[0].16b,@dat[0].16b,$ivec.16b -+ eor @dat[1].16b,@dat[1].16b,@in[0].16b -+ eor @dat[2].16b,@dat[2].16b,@in[1].16b -+ mov $ivec.16b,@in[7].16b -+ eor @dat[3].16b,$dat[3].16b,@in[2].16b -+ eor @dat[4].16b,$dat[4].16b,@in[3].16b -+ eor @dat[5].16b,$dat[5].16b,@in[4].16b -+ eor @dat[6].16b,$dat[6].16b,@in[5].16b -+ eor @dat[7].16b,$dat[7].16b,@in[6].16b -+ st1 {@dat[0].4s,@dat[1].4s,@dat[2].4s,@dat[3].4s},[$out],#64 -+ st1 {@dat[4].4s,@dat[5].4s,@dat[6].4s,@dat[7].4s},[$out],#64 -+ subs $len,$len,128 -+ b.gt 1b -+ b 3f -+ // 4 blocks mode -+2: -+___ -+ &rev32(@dat[0],@dat[0]); -+ &rev32(@dat[1],@dat[1]); -+ &rev32(@dat[2],@dat[2]); -+ &rev32(@dat[3],$dat[3]); -+ &enc_4blks(@dat[0],@dat[1],@dat[2],@dat[3]); -+ &rev32(@dat[0],@dat[0]); -+ &rev32(@dat[1],@dat[1]); -+ &rev32(@dat[2],@dat[2]); -+ &rev32(@dat[3],@dat[3]); -+$code.=<<___; -+ eor @dat[0].16b,@dat[0].16b,$ivec.16b -+ eor @dat[1].16b,@dat[1].16b,@in[0].16b -+ mov $ivec.16b,@in[3].16b -+ eor @dat[2].16b,@dat[2].16b,@in[1].16b -+ eor @dat[3].16b,$dat[3].16b,@in[2].16b -+ st1 {@dat[0].4s,@dat[1].4s,@dat[2].4s,@dat[3].4s},[$out],#64 -+ subs $len,$len,#64 -+ b.gt 1b -+1: -+ subs $len,$len,#16 -+ b.lt 3f -+ ld1 {@dat[0].4s},[$inp],#16 -+ mov @in[0].16b,@dat[0].16b -+___ -+ &rev32(@dat[0],@dat[0]); -+ &enc_blk(@dat[0]); -+ &rev32(@dat[0],@dat[0]); -+$code.=<<___; -+ eor @dat[0].16b,@dat[0].16b,$ivec.16b -+ mov $ivec.16b,@in[0].16b -+ st1 {@dat[0].16b},[$out],#16 -+ b.ne 1b -+3: -+ // save back IV -+ st1 {$ivec.16b},[$ivp] -+ ldp d8,d9,[sp],#16 -+ ret -+.size ${prefix}_cbc_encrypt,.-${prefix}_cbc_encrypt -+___ -+}}} -+ -+{{{ -+my ($inp,$out,$len,$rk,$ivp)=map("x$_",(0..4)); -+my ($ctr)=("w5"); -+my @dat=map("v$_",(16..23)); -+my @in=map("v$_",(24..31)); -+my ($ivec)=("v8"); -+$code.=<<___; -+.globl ${prefix}_ctr32_encrypt_blocks -+.type ${prefix}_ctr32_encrypt_blocks,%function -+.align 5 -+${prefix}_ctr32_encrypt_blocks: -+ stp d8,d9,[sp, #-16]! -+ -+ ld1 {$ivec.4s},[$ivp] -+ ld1 {@rks[0].4s,@rks[1].4s,@rks[2].4s,@rks[3].4s},[$rk],64 -+ ld1 {@rks[4].4s,@rks[5].4s,@rks[6].4s,@rks[7].4s},[$rk] -+___ -+ &rev32($ivec,$ivec); -+$code.=<<___; -+ mov $ctr,$ivec.s[3] -+1: -+ cmp $len,#4 -+ b.lt 1f -+ ld1 {@in[0].4s,@in[1].4s,@in[2].4s,@in[3].4s},[$inp],#64 -+ mov @dat[0].16b,$ivec.16b -+ mov @dat[1].16b,$ivec.16b -+ mov @dat[2].16b,$ivec.16b -+ mov @dat[3].16b,$ivec.16b -+ add $ctr,$ctr,#1 -+ mov $dat[1].s[3],$ctr -+ add $ctr,$ctr,#1 -+ mov @dat[2].s[3],$ctr -+ add $ctr,$ctr,#1 -+ mov @dat[3].s[3],$ctr -+ cmp $len,#8 -+ b.lt 2f -+ ld1 {@in[4].4s,@in[5].4s,@in[6].4s,@in[7].4s},[$inp],#64 -+ mov @dat[4].16b,$ivec.16b -+ mov @dat[5].16b,$ivec.16b -+ mov @dat[6].16b,$ivec.16b -+ mov @dat[7].16b,$ivec.16b -+ add $ctr,$ctr,#1 -+ mov $dat[4].s[3],$ctr -+ add $ctr,$ctr,#1 -+ mov @dat[5].s[3],$ctr -+ add $ctr,$ctr,#1 -+ mov @dat[6].s[3],$ctr -+ add $ctr,$ctr,#1 -+ mov @dat[7].s[3],$ctr -+___ -+ &enc_4blks(@dat[0],@dat[1],@dat[2],@dat[3]); -+ &enc_4blks(@dat[4],@dat[5],@dat[6],@dat[7]); -+ &rev32(@dat[0],@dat[0]); -+ &rev32(@dat[1],@dat[1]); -+ &rev32(@dat[2],@dat[2]); -+ &rev32(@dat[3],@dat[3]); -+ &rev32(@dat[4],@dat[4]); -+ &rev32(@dat[5],@dat[5]); -+ &rev32(@dat[6],@dat[6]); -+ &rev32(@dat[7],@dat[7]); -+$code.=<<___; -+ eor @dat[0].16b,@dat[0].16b,@in[0].16b -+ eor @dat[1].16b,@dat[1].16b,@in[1].16b -+ eor @dat[2].16b,@dat[2].16b,@in[2].16b -+ eor @dat[3].16b,@dat[3].16b,@in[3].16b -+ eor @dat[4].16b,@dat[4].16b,@in[4].16b -+ eor @dat[5].16b,@dat[5].16b,@in[5].16b -+ eor @dat[6].16b,@dat[6].16b,@in[6].16b -+ eor @dat[7].16b,@dat[7].16b,@in[7].16b -+ st1 {@dat[0].4s,@dat[1].4s,@dat[2].4s,@dat[3].4s},[$out],#64 -+ st1 {@dat[4].4s,@dat[5].4s,@dat[6].4s,@dat[7].4s},[$out],#64 -+ subs $len,$len,#8 -+ b.eq 3f -+ add $ctr,$ctr,#1 -+ mov $ivec.s[3],$ctr -+ b 1b -+2: -+___ -+ &enc_4blks(@dat[0],@dat[1],@dat[2],@dat[3]); -+ &rev32(@dat[0],@dat[0]); -+ &rev32(@dat[1],@dat[1]); -+ &rev32(@dat[2],@dat[2]); -+ &rev32(@dat[3],@dat[3]); -+$code.=<<___; -+ eor @dat[0].16b,@dat[0].16b,@in[0].16b -+ eor @dat[1].16b,@dat[1].16b,@in[1].16b -+ eor @dat[2].16b,@dat[2].16b,@in[2].16b -+ eor @dat[3].16b,@dat[3].16b,@in[3].16b -+ st1 {@dat[0].4s,@dat[1].4s,@dat[2].4s,@dat[3].4s},[$out],#64 -+ subs $len,$len,#4 -+ b.eq 3f -+ add $ctr,$ctr,#1 -+ mov $ivec.s[3],$ctr -+ b 1b -+1: -+ subs $len,$len,#1 -+ b.lt 3f -+ mov $dat[0].16b,$ivec.16b -+ ld1 {@in[0].4s},[$inp],#16 -+___ -+ &enc_blk(@dat[0]); -+ &rev32(@dat[0],@dat[0]); -+$code.=<<___; -+ eor $dat[0].16b,$dat[0].16b,@in[0].16b -+ st1 {$dat[0].4s},[$out],#16 -+ b.eq 3f -+ add $ctr,$ctr,#1 -+ mov $ivec.s[3],$ctr -+ b 1b -+3: -+ ldp d8,d9,[sp],#16 -+ ret -+.size ${prefix}_ctr32_encrypt_blocks,.-${prefix}_ctr32_encrypt_blocks -+___ -+}}} -+######################################## -+{ my %opcode = ( -+ "sm4e" => 0xcec08400, -+ "sm4ekey" => 0xce60c800); -+ -+ sub unsm4 { -+ my ($mnemonic,$arg)=@_; -+ -+ $arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+))?/o -+ && -+ sprintf ".inst\t0x%08x\t//%s %s", -+ $opcode{$mnemonic}|$1|($2<<5)|($3<<16), -+ $mnemonic,$arg; -+ } -+} -+ -+open SELF,$0; -+while() { -+ next if (/^#!/); -+ last if (!s/^#/\/\// and !/^$/); -+ print; -+} -+close SELF; -+ -+foreach(split("\n",$code)) { -+ s/\`([^\`]*)\`/eval($1)/ge; -+ -+ s/\b(sm4\w+)\s+([qv].*)/unsm4($1,$2)/ge; -+ print $_,"\n"; -+} -+ -+close STDOUT or die "error closing STDOUT: $!"; -diff --git a/crypto/sm4/build.info b/crypto/sm4/build.info -index bb042c5..4d26ede 100644 ---- a/crypto/sm4/build.info -+++ b/crypto/sm4/build.info -@@ -2,6 +2,17 @@ LIBS=../../libcrypto - SOURCE[../../libcrypto]=\ - sm4.c {- $target{sm4_asm_src} -} - -+GENERATE[sm4-armv8.S]=asm/sm4-armv8.pl $(PERLASM_SCHEME) -+INCLUDE[sm4-armv8.o]=.. - - GENERATE[vpsm4_ex-armv8.S]=asm/vpsm4_ex-armv8.pl $(PERLASM_SCHEME) --INCLUDE[vpsm4_ex-armv8.o]=.. -\ No newline at end of file -+INCLUDE[vpsm4_ex-armv8.o]=.. -+ -+BEGINRAW[Makefile] -+##### SM4 assembler implementations -+ -+# GNU make "catch all" -+{- $builddir -}/sm4-%.S: {- $sourcedir -}/asm/sm4-%.pl -+ CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@ -+ -+ENDRAW[Makefile] -diff --git a/include/crypto/sm4_platform.h b/include/crypto/sm4_platform.h -new file mode 100644 -index 0000000..2f5a6cf ---- /dev/null -+++ b/include/crypto/sm4_platform.h -@@ -0,0 +1,70 @@ -+/* -+ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the Apache License 2.0 (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#ifndef OSSL_SM4_PLATFORM_H -+# define OSSL_SM4_PLATFORM_H -+# pragma once -+ -+# if defined(OPENSSL_CPUID_OBJ) -+# if (defined(__arm__) || defined(__arm) || defined(__aarch64__)) -+# include "arm_arch.h" -+# if __ARM_MAX_ARCH__>=7 -+# if defined(VPSM4_EX_ASM) -+# define VPSM4_EX_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) -+# endif -+# define HWSM4_CAPABLE (OPENSSL_armcap_P & ARMV8_SM4) -+# define HWSM4_set_encrypt_key sm4_v8_set_encrypt_key -+# define HWSM4_set_decrypt_key sm4_v8_set_decrypt_key -+# define HWSM4_encrypt sm4_v8_encrypt -+# define HWSM4_decrypt sm4_v8_decrypt -+# define HWSM4_cbc_encrypt sm4_v8_cbc_encrypt -+# define HWSM4_ecb_encrypt sm4_v8_ecb_encrypt -+# define HWSM4_ctr32_encrypt_blocks sm4_v8_ctr32_encrypt_blocks -+# endif -+# endif -+# endif /* OPENSSL_CPUID_OBJ */ -+ -+# if defined(HWSM4_CAPABLE) -+int HWSM4_set_encrypt_key(const unsigned char *userKey, SM4_KEY *key); -+int HWSM4_set_decrypt_key(const unsigned char *userKey, SM4_KEY *key); -+void HWSM4_encrypt(const unsigned char *in, unsigned char *out, -+ const SM4_KEY *key); -+void HWSM4_decrypt(const unsigned char *in, unsigned char *out, -+ const SM4_KEY *key); -+void HWSM4_cbc_encrypt(const unsigned char *in, unsigned char *out, -+ size_t length, const SM4_KEY *key, -+ unsigned char *ivec, const int enc); -+void HWSM4_ecb_encrypt(const unsigned char *in, unsigned char *out, -+ size_t length, const SM4_KEY *key, -+ const int enc); -+void HWSM4_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, -+ size_t len, const void *key, -+ const unsigned char ivec[16]); -+# endif /* HWSM4_CAPABLE */ -+ -+#ifdef VPSM4_EX_CAPABLE -+void vpsm4_ex_set_encrypt_key(const unsigned char *userKey, SM4_KEY *key); -+void vpsm4_ex_set_decrypt_key(const unsigned char *userKey, SM4_KEY *key); -+#define vpsm4_ex_encrypt SM4_encrypt -+#define vpsm4_ex_decrypt SM4_encrypt -+void vpsm4_ex_ecb_encrypt( -+ const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key, const int enc); -+/* xts mode in GB/T 17964-2021 */ -+void vpsm4_ex_xts_encrypt_gb(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1, -+ const SM4_KEY *key2, const uint8_t iv[16]); -+void vpsm4_ex_xts_decrypt_gb(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1, -+ const SM4_KEY *key2, const uint8_t iv[16]); -+/* xts mode in IEEE Std 1619-2007 */ -+void vpsm4_ex_xts_encrypt(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1, -+ const SM4_KEY *key2, const uint8_t iv[16]); -+void vpsm4_ex_xts_decrypt(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1, -+ const SM4_KEY *key2, const uint8_t iv[16]); -+#endif /* VPSM4_EX_CAPABLE */ -+ -+#endif /* OSSL_SM4_PLATFORM_H */ -\ No newline at end of file --- -2.36.1 - diff --git a/Backport-Skip-the-correct-number-of-tests-if-SM2-is-disabled.patch b/Backport-Skip-the-correct-number-of-tests-if-SM2-is-disabled.patch deleted file mode 100644 index b0e5f9d266eb773a0439b8fe5eeb7a65801005ac..0000000000000000000000000000000000000000 --- a/Backport-Skip-the-correct-number-of-tests-if-SM2-is-disabled.patch +++ /dev/null @@ -1,30 +0,0 @@ -From f0dd65378296590d87250bf2130bad567483ee3d Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Wed, 3 Apr 2019 09:44:41 +0100 -Subject: [PATCH 08/15] Skip the correct number of tests if SM2 is disabled - -Fixes no-sm2 (and also no-sm3 and no-ec) - -Reviewed-by: Richard Levitte -Reviewed-by: Paul Dale -(Merged from https://github.com/openssl/openssl/pull/8650) ---- - test/recipes/25-test_verify.t | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t -index b340833..d254bd8 100644 ---- a/test/recipes/25-test_verify.t -+++ b/test/recipes/25-test_verify.t -@@ -411,7 +411,7 @@ SKIP: { - } - - SKIP: { -- skip "SM2 is not supported by this OpenSSL build", 1 -+ skip "SM2 is not supported by this OpenSSL build", 2 - if disabled("sm2"); - - # Test '-sm2-id' and '-sm2-hex-id' option --- -2.20.1 (Apple Git-117) - diff --git a/Backport-Support-SM2-certificate-signing.patch b/Backport-Support-SM2-certificate-signing.patch deleted file mode 100644 index 11e84cc2fa0014df44a341b8362bb08b6073a3c9..0000000000000000000000000000000000000000 --- a/Backport-Support-SM2-certificate-signing.patch +++ /dev/null @@ -1,1189 +0,0 @@ -From 0bacd53ecedfef3ca8af4a8884c46ec8e47c83fa Mon Sep 17 00:00:00 2001 -From: Paul Yang -Date: Wed, 5 Jun 2019 14:46:48 +0800 -Subject: [PATCH 10/15] Support SM2 certificate signing - -SM2 certificate signing request can be created and signed by OpenSSL -now, both in library and apps. - -Documentation and test cases are added. - -Reviewed-by: Tim Hudson -Reviewed-by: Shane Lontis -(Merged from https://github.com/openssl/openssl/pull/9085) ---- - CHANGES | 3 + - apps/ca.c | 68 ++++++++++++- - apps/req.c | 149 ++++++++++++++++++++++++++-- - crypto/asn1/a_sign.c | 13 ++- - crypto/ec/ec_pmeth.c | 3 +- - crypto/err/openssl.txt | 3 + - crypto/x509/x509_err.c | 4 + - crypto/x509/x_all.c | 85 ++++++++++++---- - crypto/x509/x_req.c | 38 ++++++- - crypto/x509/x_x509.c | 3 + - doc/man1/ca.pod | 16 +++ - doc/man1/req.pod | 21 ++++ - doc/man3/X509_get0_sm2_id.pod | 12 ++- - include/crypto/x509.h | 3 + - include/openssl/x509.h | 2 + - include/openssl/x509err.h | 3 + - test/certs/sm2-csr.pem | 9 ++ - test/certs/sm2-root.crt | 14 +++ - test/certs/sm2-root.key | 5 + - test/recipes/25-test_req.t | 21 +++- - test/recipes/70-test_verify_extra.t | 3 +- - test/recipes/80-test_ca.t | 20 +++- - test/verify_extra_test.c | 45 ++++++++- - util/libcrypto.num | 2 + - 24 files changed, 501 insertions(+), 44 deletions(-) - create mode 100644 test/certs/sm2-csr.pem - create mode 100644 test/certs/sm2-root.crt - create mode 100644 test/certs/sm2-root.key - -diff --git a/CHANGES b/CHANGES -index 9d58cb0..6ab70fe 100644 ---- a/CHANGES -+++ b/CHANGES -@@ -9,6 +9,9 @@ - - Changes between 1.1.1l and 1.1.1m [14 Dec 2021] - -+ *) Support SM2 signing and verification schemes with X509 certificate. -+ [Paul Yang] -+ - *) Avoid loading of a dynamic engine twice. - - [Bernd Edlinger] -diff --git a/apps/ca.c b/apps/ca.c -index 390ac37..795ee2c 100755 ---- a/apps/ca.c -+++ b/apps/ca.c -@@ -96,7 +96,8 @@ static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509, - const char *enddate, - long days, int batch, const char *ext_sect, CONF *conf, - int verbose, unsigned long certopt, unsigned long nameopt, -- int default_op, int ext_copy, int selfsign); -+ int default_op, int ext_copy, int selfsign, -+ unsigned char *sm2_id, size_t sm2idlen); - static int certify_cert(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509, - const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, -@@ -147,7 +148,7 @@ typedef enum OPTION_choice { - OPT_INFILES, OPT_SS_CERT, OPT_SPKAC, OPT_REVOKE, OPT_VALID, - OPT_EXTENSIONS, OPT_EXTFILE, OPT_STATUS, OPT_UPDATEDB, OPT_CRLEXTS, - OPT_RAND_SERIAL, -- OPT_R_ENUM, -+ OPT_R_ENUM, OPT_SM2ID, OPT_SM2HEXID, - /* Do not change the order here; see related case statements below */ - OPT_CRL_REASON, OPT_CRL_HOLD, OPT_CRL_COMPROMISE, OPT_CRL_CA_COMPROMISE - } OPTION_CHOICE; -@@ -217,6 +218,12 @@ const OPTIONS ca_options[] = { - OPT_R_OPTIONS, - #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -+#endif -+#ifndef OPENSSL_NO_SM2 -+ {"sm2-id", OPT_SM2ID, 's', -+ "Specify an ID string to verify an SM2 certificate request"}, -+ {"sm2-hex-id", OPT_SM2HEXID, 's', -+ "Specify a hex ID string to verify an SM2 certificate request"}, - #endif - {NULL} - }; -@@ -262,6 +269,9 @@ int ca_main(int argc, char **argv) - REVINFO_TYPE rev_type = REV_NONE; - X509_REVOKED *r = NULL; - OPTION_CHOICE o; -+ unsigned char *sm2_id = NULL; -+ size_t sm2_idlen = 0; -+ int sm2_free = 0; - - prog = opt_init(argc, argv, ca_options); - while ((o = opt_next()) != OPT_EOF) { -@@ -425,6 +435,30 @@ opthelp: - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; -+ case OPT_SM2ID: -+ /* we assume the input is not a hex string */ -+ if (sm2_id != NULL) { -+ BIO_printf(bio_err, -+ "Use one of the options 'sm2-hex-id' or 'sm2-id'\n"); -+ goto end; -+ } -+ sm2_id = (unsigned char *)opt_arg(); -+ sm2_idlen = strlen((const char *)sm2_id); -+ break; -+ case OPT_SM2HEXID: -+ /* try to parse the input as hex string first */ -+ if (sm2_id != NULL) { -+ BIO_printf(bio_err, -+ "Use one of the options 'sm2-hex-id' or 'sm2-id'\n"); -+ goto end; -+ } -+ sm2_free = 1; -+ sm2_id = OPENSSL_hexstr2buf(opt_arg(), (long *)&sm2_idlen); -+ if (sm2_id == NULL) { -+ BIO_printf(bio_err, "Invalid hex string input\n"); -+ goto end; -+ } -+ break; - } - } - end_of_options: -@@ -913,7 +947,8 @@ end_of_options: - j = certify(&x, infile, pkey, x509p, dgst, sigopts, attribs, db, - serial, subj, chtype, multirdn, email_dn, startdate, - enddate, days, batch, extensions, conf, verbose, -- certopt, get_nameopt(), default_op, ext_copy, selfsign); -+ certopt, get_nameopt(), default_op, ext_copy, selfsign, -+ sm2_id, sm2_idlen); - if (j < 0) - goto end; - if (j > 0) { -@@ -932,7 +967,8 @@ end_of_options: - j = certify(&x, argv[i], pkey, x509p, dgst, sigopts, attribs, db, - serial, subj, chtype, multirdn, email_dn, startdate, - enddate, days, batch, extensions, conf, verbose, -- certopt, get_nameopt(), default_op, ext_copy, selfsign); -+ certopt, get_nameopt(), default_op, ext_copy, selfsign, -+ sm2_id, sm2_idlen); - if (j < 0) - goto end; - if (j > 0) { -@@ -1230,6 +1266,8 @@ end_of_options: - ret = 0; - - end: -+ if (sm2_free) -+ OPENSSL_free(sm2_id); - if (ret) - ERR_print_errors(bio_err); - BIO_free_all(Sout); -@@ -1268,7 +1306,8 @@ static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509, - const char *enddate, - long days, int batch, const char *ext_sect, CONF *lconf, - int verbose, unsigned long certopt, unsigned long nameopt, -- int default_op, int ext_copy, int selfsign) -+ int default_op, int ext_copy, int selfsign, -+ unsigned char *sm2id, size_t sm2idlen) - { - X509_REQ *req = NULL; - BIO *in = NULL; -@@ -1300,6 +1339,25 @@ static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509, - BIO_printf(bio_err, "error unpacking public key\n"); - goto end; - } -+ if (sm2id != NULL) { -+#ifndef OPENSSL_NO_SM2 -+ ASN1_OCTET_STRING *v; -+ -+ v = ASN1_OCTET_STRING_new(); -+ if (v == NULL) { -+ BIO_printf(bio_err, "error: SM2 ID allocation failed\n"); -+ goto end; -+ } -+ -+ if (!ASN1_OCTET_STRING_set(v, sm2id, sm2idlen)) { -+ BIO_printf(bio_err, "error: setting SM2 ID failed\n"); -+ ASN1_OCTET_STRING_free(v); -+ goto end; -+ } -+ -+ X509_REQ_set0_sm2_id(req, v); -+#endif -+ } - i = X509_REQ_verify(req, pktmp); - pktmp = NULL; - if (i < 0) { -diff --git a/apps/req.c b/apps/req.c -index a603907..96f1edd 100644 ---- a/apps/req.c -+++ b/apps/req.c -@@ -90,7 +90,7 @@ typedef enum OPTION_choice { - OPT_VERIFY, OPT_NODES, OPT_NOOUT, OPT_VERBOSE, OPT_UTF8, - OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJ, OPT_SUBJECT, OPT_TEXT, OPT_X509, - OPT_MULTIVALUE_RDN, OPT_DAYS, OPT_SET_SERIAL, OPT_ADDEXT, OPT_EXTENSIONS, -- OPT_REQEXTS, OPT_PRECERT, OPT_MD, -+ OPT_REQEXTS, OPT_PRECERT, OPT_MD, OPT_SM2ID, OPT_SM2HEXID, - OPT_R_ENUM - } OPTION_CHOICE; - -@@ -145,6 +145,12 @@ const OPTIONS req_options[] = { - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, - {"keygen_engine", OPT_KEYGEN_ENGINE, 's', - "Specify engine to be used for key generation operations"}, -+#endif -+#ifndef OPENSSL_NO_SM2 -+ {"sm2-id", OPT_SM2ID, 's', -+ "Specify an ID string to verify an SM2 certificate request"}, -+ {"sm2-hex-id", OPT_SM2HEXID, 's', -+ "Specify a hex ID string to verify an SM2 certificate request"}, - #endif - {NULL} - }; -@@ -242,6 +248,9 @@ int req_main(int argc, char **argv) - int nodes = 0, newhdr = 0, subject = 0, pubkey = 0, precert = 0; - long newkey = -1; - unsigned long chtype = MBSTRING_ASC, reqflag = 0; -+ unsigned char *sm2_id = NULL; -+ size_t sm2_idlen = 0; -+ int sm2_free = 0; - - #ifndef OPENSSL_NO_DES - cipher = EVP_des_ede3_cbc(); -@@ -417,6 +426,29 @@ int req_main(int argc, char **argv) - goto opthelp; - digest = md_alg; - break; -+ case OPT_SM2ID: -+ if (sm2_id != NULL) { -+ BIO_printf(bio_err, -+ "Use one of the options 'sm2-hex-id' or 'sm2-id'\n"); -+ goto end; -+ } -+ sm2_id = (unsigned char *)opt_arg(); -+ sm2_idlen = strlen((const char *)sm2_id); -+ break; -+ case OPT_SM2HEXID: -+ if (sm2_id != NULL) { -+ BIO_printf(bio_err, -+ "Use one of the options 'sm2-hex-id' or 'sm2-id'\n"); -+ goto end; -+ } -+ /* try to parse the input as hex string first */ -+ sm2_free = 1; -+ sm2_id = OPENSSL_hexstr2buf(opt_arg(), (long *)&sm2_idlen); -+ if (sm2_id == NULL) { -+ BIO_printf(bio_err, "Invalid hex string input\n"); -+ goto end; -+ } -+ break; - } - } - argc = opt_num_rest(); -@@ -849,6 +881,26 @@ int req_main(int argc, char **argv) - goto end; - } - -+ if (sm2_id != NULL) { -+#ifndef OPENSSL_NO_SM2 -+ ASN1_OCTET_STRING *v; -+ -+ v = ASN1_OCTET_STRING_new(); -+ if (v == NULL) { -+ BIO_printf(bio_err, "error: SM2 ID allocation failed\n"); -+ goto end; -+ } -+ -+ if (!ASN1_OCTET_STRING_set(v, sm2_id, sm2_idlen)) { -+ BIO_printf(bio_err, "error: setting SM2 ID failed\n"); -+ ASN1_OCTET_STRING_free(v); -+ goto end; -+ } -+ -+ X509_REQ_set0_sm2_id(req, v); -+#endif -+ } -+ - i = X509_REQ_verify(req, tpubkey); - - if (i < 0) { -@@ -957,6 +1009,8 @@ int req_main(int argc, char **argv) - } - ret = 0; - end: -+ if (sm2_free) -+ OPENSSL_free(sm2_id); - if (ret) { - ERR_print_errors(bio_err); - } -@@ -1611,14 +1665,58 @@ static int genpkey_cb(EVP_PKEY_CTX *ctx) - return 1; - } - -+#ifndef OPENSSL_NO_SM2 -+static int ec_pkey_is_sm2(EVP_PKEY *pkey) -+{ -+ EC_KEY *eckey = NULL; -+ const EC_GROUP *group = NULL; -+ -+ if (EVP_PKEY_id(pkey) == EVP_PKEY_SM2) -+ return 1; -+ if (EVP_PKEY_id(pkey) == EVP_PKEY_EC -+ && (eckey = EVP_PKEY_get0_EC_KEY(pkey)) != NULL -+ && (group = EC_KEY_get0_group(eckey)) != NULL -+ && EC_GROUP_get_curve_name(group) == NID_sm2) -+ return 1; -+ return 0; -+} -+#endif -+ - static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey, - const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) - { - EVP_PKEY_CTX *pkctx = NULL; -- int i, def_nid; -+#ifndef OPENSSL_NO_SM2 -+ EVP_PKEY_CTX *pctx = NULL; -+#endif -+ int i, def_nid, ret = 0; - - if (ctx == NULL) -- return 0; -+ goto err; -+#ifndef OPENSSL_NO_SM2 -+ if (ec_pkey_is_sm2(pkey)) { -+ /* initialize some SM2-specific code */ -+ if (!EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)) { -+ BIO_printf(bio_err, "Internal error.\n"); -+ goto err; -+ } -+ pctx = EVP_PKEY_CTX_new(pkey, NULL); -+ if (pctx == NULL) { -+ BIO_printf(bio_err, "memory allocation failure.\n"); -+ goto err; -+ } -+ /* set SM2 ID from sig options before calling the real init routine */ -+ for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) { -+ char *sigopt = sk_OPENSSL_STRING_value(sigopts, i); -+ if (pkey_ctrl_string(pctx, sigopt) <= 0) { -+ BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt); -+ ERR_print_errors(bio_err); -+ goto err; -+ } -+ } -+ EVP_MD_CTX_set_pkey_ctx(ctx, pctx); -+ } -+#endif - /* - * EVP_PKEY_get_default_digest_nid() returns 2 if the digest is mandatory - * for this algorithm. -@@ -1629,16 +1727,23 @@ static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey, - md = NULL; - } - if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey)) -- return 0; -+ goto err; - for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) { - char *sigopt = sk_OPENSSL_STRING_value(sigopts, i); - if (pkey_ctrl_string(pkctx, sigopt) <= 0) { - BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt); - ERR_print_errors(bio_err); -- return 0; -+ goto err; - } - } -- return 1; -+ -+ ret = 1; -+ err: -+#ifndef OPENSSL_NO_SM2 -+ if (!ret) -+ EVP_PKEY_CTX_free(pctx); -+#endif -+ return ret; - } - - int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md, -@@ -1646,10 +1751,20 @@ int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md, - { - int rv; - EVP_MD_CTX *mctx = EVP_MD_CTX_new(); -+#ifndef OPENSSL_NO_SM2 -+ EVP_PKEY_CTX *pctx = NULL; -+#endif - - rv = do_sign_init(mctx, pkey, md, sigopts); - if (rv > 0) - rv = X509_sign_ctx(x, mctx); -+#ifndef OPENSSL_NO_SM2 -+ /* only in SM2 case we need to free the pctx explicitly */ -+ if (ec_pkey_is_sm2(pkey)) { -+ pctx = EVP_MD_CTX_pkey_ctx(mctx); -+ EVP_PKEY_CTX_free(pctx); -+ } -+#endif - EVP_MD_CTX_free(mctx); - return rv > 0 ? 1 : 0; - } -@@ -1659,9 +1774,20 @@ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, - { - int rv; - EVP_MD_CTX *mctx = EVP_MD_CTX_new(); -+#ifndef OPENSSL_NO_SM2 -+ EVP_PKEY_CTX *pctx = NULL; -+#endif -+ - rv = do_sign_init(mctx, pkey, md, sigopts); - if (rv > 0) - rv = X509_REQ_sign_ctx(x, mctx); -+#ifndef OPENSSL_NO_SM2 -+ /* only in SM2 case we need to free the pctx explicitly */ -+ if (ec_pkey_is_sm2(pkey)) { -+ pctx = EVP_MD_CTX_pkey_ctx(mctx); -+ EVP_PKEY_CTX_free(pctx); -+ } -+#endif - EVP_MD_CTX_free(mctx); - return rv > 0 ? 1 : 0; - } -@@ -1671,9 +1797,20 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, - { - int rv; - EVP_MD_CTX *mctx = EVP_MD_CTX_new(); -+#ifndef OPENSSL_NO_SM2 -+ EVP_PKEY_CTX *pctx = NULL; -+#endif -+ - rv = do_sign_init(mctx, pkey, md, sigopts); - if (rv > 0) - rv = X509_CRL_sign_ctx(x, mctx); -+#ifndef OPENSSL_NO_SM2 -+ /* only in SM2 case we need to free the pctx explicitly */ -+ if (ec_pkey_is_sm2(pkey)) { -+ pctx = EVP_MD_CTX_pkey_ctx(mctx); -+ EVP_PKEY_CTX_free(pctx); -+ } -+#endif - EVP_MD_CTX_free(mctx); - return rv > 0 ? 1 : 0; - } -diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c -index 72381b6..c29080b 100644 ---- a/crypto/asn1/a_sign.c -+++ b/crypto/asn1/a_sign.c -@@ -145,7 +145,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, - unsigned char *buf_in = NULL, *buf_out = NULL; - size_t inl = 0, outl = 0, outll = 0; - int signid, paramtype, buf_len = 0; -- int rv; -+ int rv, pkey_id; - - type = EVP_MD_CTX_md(ctx); - pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); -@@ -184,9 +184,14 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, - ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); - goto err; - } -- if (!OBJ_find_sigid_by_algs(&signid, -- EVP_MD_nid(type), -- pkey->ameth->pkey_id)) { -+ -+ pkey_id = -+#ifndef OPENSSL_NO_SM2 -+ EVP_PKEY_id(pkey) == NID_sm2 ? NID_sm2 : -+#endif -+ pkey->ameth->pkey_id; -+ -+ if (!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type), pkey_id)) { - ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, - ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); - goto err; -diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c -index 77876a0..591f27a 100644 ---- a/crypto/ec/ec_pmeth.c -+++ b/crypto/ec/ec_pmeth.c -@@ -327,7 +327,8 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) - EVP_MD_type((const EVP_MD *)p2) != NID_sha3_224 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha3_256 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha3_384 && -- EVP_MD_type((const EVP_MD *)p2) != NID_sha3_512) { -+ EVP_MD_type((const EVP_MD *)p2) != NID_sha3_512 && -+ EVP_MD_type((const EVP_MD *)p2) != NID_sm3) { - ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE); - return 0; - } -diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt -index 5e71e65..b93cace 100644 ---- a/crypto/err/openssl.txt -+++ b/crypto/err/openssl.txt -@@ -1711,6 +1711,7 @@ X509_F_BUILD_CHAIN:106:build_chain - X509_F_BY_FILE_CTRL:101:by_file_ctrl - X509_F_CHECK_NAME_CONSTRAINTS:149:check_name_constraints - X509_F_CHECK_POLICY:145:check_policy -+X509_F_COMMON_VERIFY_SM2:165:common_verify_sm2 - X509_F_DANE_I2D:107:dane_i2d - X509_F_DIR_CTRL:102:dir_ctrl - X509_F_GET_CERT_BY_SUBJECT:103:get_cert_by_subject -@@ -1755,6 +1756,8 @@ X509_F_X509_REQ_CHECK_PRIVATE_KEY:144:X509_REQ_check_private_key - X509_F_X509_REQ_PRINT_EX:121:X509_REQ_print_ex - X509_F_X509_REQ_PRINT_FP:122:X509_REQ_print_fp - X509_F_X509_REQ_TO_X509:123:X509_REQ_to_X509 -+X509_F_X509_REQ_VERIFY:163:X509_REQ_verify -+X509_F_X509_REQ_VERIFY_SM2:164:x509_req_verify_sm2 - X509_F_X509_STORE_ADD_CERT:124:X509_STORE_add_cert - X509_F_X509_STORE_ADD_CRL:125:X509_STORE_add_crl - X509_F_X509_STORE_ADD_LOOKUP:157:X509_STORE_add_lookup -diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c -index c91ad7c..f02793b 100644 ---- a/crypto/x509/x509_err.c -+++ b/crypto/x509/x509_err.c -@@ -20,6 +20,7 @@ static const ERR_STRING_DATA X509_str_functs[] = { - {ERR_PACK(ERR_LIB_X509, X509_F_CHECK_NAME_CONSTRAINTS, 0), - "check_name_constraints"}, - {ERR_PACK(ERR_LIB_X509, X509_F_CHECK_POLICY, 0), "check_policy"}, -+ {ERR_PACK(ERR_LIB_X509, X509_F_COMMON_VERIFY_SM2, 0), "common_verify_sm2"}, - {ERR_PACK(ERR_LIB_X509, X509_F_DANE_I2D, 0), "dane_i2d"}, - {ERR_PACK(ERR_LIB_X509, X509_F_DIR_CTRL, 0), "dir_ctrl"}, - {ERR_PACK(ERR_LIB_X509, X509_F_GET_CERT_BY_SUBJECT, 0), -@@ -87,6 +88,9 @@ static const ERR_STRING_DATA X509_str_functs[] = { - {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_PRINT_EX, 0), "X509_REQ_print_ex"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_PRINT_FP, 0), "X509_REQ_print_fp"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_TO_X509, 0), "X509_REQ_to_X509"}, -+ {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_VERIFY, 0), "X509_REQ_verify"}, -+ {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_VERIFY_SM2, 0), -+ "x509_req_verify_sm2"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_CERT, 0), - "X509_STORE_add_cert"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_CRL, 0), -diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c -index 9c8aea5..5c371f5 100644 ---- a/crypto/x509/x_all.c -+++ b/crypto/x509/x_all.c -@@ -24,86 +24,105 @@ - # include "crypto/asn1.h" - # include "crypto/evp.h" - --static int x509_verify_sm2(X509 *x, EVP_PKEY *pkey, int mdnid, int pknid) -+static int common_verify_sm2(void *data, EVP_PKEY *pkey, -+ int mdnid, int pknid, int req) - { -+ X509 *x = NULL; -+ X509_REQ *r = NULL; - EVP_MD_CTX *ctx = NULL; - unsigned char *buf_in = NULL; - int ret = -1, inl = 0; - size_t inll = 0; - EVP_PKEY_CTX *pctx = NULL; - const EVP_MD *type = EVP_get_digestbynid(mdnid); -+ ASN1_BIT_STRING *signature = NULL; -+ ASN1_OCTET_STRING *sm2_id = NULL; -+ ASN1_VALUE *tbv = NULL; - - if (type == NULL) { -- X509err(X509_F_X509_VERIFY_SM2, -+ X509err(X509_F_COMMON_VERIFY_SM2, - ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); - goto err; - } - - if (pkey == NULL) { -- X509err(X509_F_X509_VERIFY_SM2, ERR_R_PASSED_NULL_PARAMETER); -+ X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_PASSED_NULL_PARAMETER); - return -1; - } - -- if (x->signature.type == V_ASN1_BIT_STRING && x->signature.flags & 0x7) { -- X509err(X509_F_X509_VERIFY_SM2, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); -+ if (req == 1) { -+ r = (X509_REQ *)data; -+ signature = r->signature; -+ sm2_id = r->sm2_id; -+ tbv = (ASN1_VALUE *)&r->req_info; -+ } else { -+ x = (X509 *)data; -+ signature = &x->signature; -+ sm2_id = x->sm2_id; -+ tbv = (ASN1_VALUE *)&x->cert_info; -+ } -+ -+ if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { -+ X509err(X509_F_COMMON_VERIFY_SM2, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); - return -1; - } - - ctx = EVP_MD_CTX_new(); - if (ctx == NULL) { -- X509err(X509_F_X509_VERIFY_SM2, ERR_R_MALLOC_FAILURE); -+ X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* Check public key OID matches public key type */ - if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) { -- X509err(X509_F_X509_VERIFY_SM2, ASN1_R_WRONG_PUBLIC_KEY_TYPE); -+ X509err(X509_F_COMMON_VERIFY_SM2, ASN1_R_WRONG_PUBLIC_KEY_TYPE); - goto err; - } - - if (!EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)) { -- X509err(X509_F_X509_VERIFY_SM2, ERR_R_EVP_LIB); -+ X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_EVP_LIB); - ret = 0; - goto err; - } - pctx = EVP_PKEY_CTX_new(pkey, NULL); - if (pctx == NULL) { -- X509err(X509_F_X509_VERIFY_SM2, ERR_R_EVP_LIB); -+ X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_EVP_LIB); - ret = 0; - goto err; - } - /* NOTE: we tolerate no actual ID, to provide maximum flexibility */ -- if (x->sm2_id != NULL -- && EVP_PKEY_CTX_set1_id(pctx, x->sm2_id->data, -- x->sm2_id->length) != 1) { -- X509err(X509_F_X509_VERIFY_SM2, ERR_R_EVP_LIB); -+ if (sm2_id != NULL -+ && EVP_PKEY_CTX_set1_id(pctx, sm2_id->data, sm2_id->length) != 1) { -+ X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_EVP_LIB); - ret = 0; - goto err; - } - EVP_MD_CTX_set_pkey_ctx(ctx, pctx); - - if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { -- X509err(X509_F_X509_VERIFY_SM2, ERR_R_EVP_LIB); -+ X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_EVP_LIB); - ret = 0; - goto err; - } - -- inl = ASN1_item_i2d((ASN1_VALUE *)&x->cert_info, &buf_in, -+ inl = ASN1_item_i2d(tbv, &buf_in, -+ req == 1 ? -+ ASN1_ITEM_rptr(X509_REQ_INFO) : - ASN1_ITEM_rptr(X509_CINF)); - if (inl <= 0) { -- X509err(X509_F_X509_VERIFY_SM2, ERR_R_INTERNAL_ERROR); -+ X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_INTERNAL_ERROR); - goto err; - } - if (buf_in == NULL) { -- X509err(X509_F_X509_VERIFY_SM2, ERR_R_MALLOC_FAILURE); -+ X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_MALLOC_FAILURE); - goto err; - } - inll = inl; - -- ret = EVP_DigestVerify(ctx, x->signature.data, -- (size_t)x->signature.length, buf_in, inl); -+ ret = EVP_DigestVerify(ctx, signature->data, -+ (size_t)signature->length, buf_in, inl); - if (ret <= 0) { -- X509err(X509_F_X509_VERIFY_SM2, ERR_R_EVP_LIB); -+ X509err(X509_F_COMMON_VERIFY_SM2, ERR_R_EVP_LIB); - goto err; - } - ret = 1; -@@ -113,6 +132,18 @@ static int x509_verify_sm2(X509 *x, EVP_PKEY *pkey, int mdnid, int pknid) - EVP_PKEY_CTX_free(pctx); - return ret; - } -+ -+static int x509_verify_sm2(X509 *x, EVP_PKEY *pkey, int mdnid, int pknid) -+{ -+ return common_verify_sm2(x, pkey, mdnid, pknid, 0); -+} -+ -+static int x509_req_verify_sm2(X509_REQ *x, EVP_PKEY *pkey, -+ int mdnid, int pknid) -+{ -+ return common_verify_sm2(x, pkey, mdnid, pknid, 1); -+} -+ - #endif - - int X509_verify(X509 *a, EVP_PKEY *r) -@@ -142,6 +173,20 @@ int X509_verify(X509 *a, EVP_PKEY *r) - - int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) - { -+#ifndef OPENSSL_NO_SM2 -+ int mdnid, pknid; -+ -+ /* Convert signature OID into digest and public key OIDs */ -+ if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->sig_alg.algorithm), -+ &mdnid, &pknid)) { -+ X509err(X509_F_X509_REQ_VERIFY, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); -+ return 0; -+ } -+ -+ if (pknid == NID_sm2) -+ return x509_req_verify_sm2(a, r, mdnid, pknid); -+#endif -+ - return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO), - &a->sig_alg, a->signature, &a->req_info, r)); - } -diff --git a/crypto/x509/x_req.c b/crypto/x509/x_req.c -index d2b02f6..de4ff2c 100644 ---- a/crypto/x509/x_req.c -+++ b/crypto/x509/x_req.c -@@ -45,6 +45,29 @@ static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - return 1; - } - -+static int req_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, -+ void *exarg) -+{ -+#ifndef OPENSSL_NO_SM2 -+ X509_REQ *ret = (X509_REQ *)*pval; -+ -+ switch (operation) { -+ case ASN1_OP_D2I_PRE: -+ ASN1_OCTET_STRING_free(ret->sm2_id); -+ /* fall thru */ -+ case ASN1_OP_NEW_POST: -+ ret->sm2_id = NULL; -+ break; -+ -+ case ASN1_OP_FREE_POST: -+ ASN1_OCTET_STRING_free(ret->sm2_id); -+ break; -+ } -+#endif -+ -+ return 1; -+} -+ - ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = { - ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME), -@@ -57,7 +80,7 @@ ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = { - - IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO) - --ASN1_SEQUENCE_ref(X509_REQ, 0) = { -+ASN1_SEQUENCE_ref(X509_REQ, req_cb) = { - ASN1_EMBED(X509_REQ, req_info, X509_REQ_INFO), - ASN1_EMBED(X509_REQ, sig_alg, X509_ALGOR), - ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) -@@ -66,3 +89,16 @@ ASN1_SEQUENCE_ref(X509_REQ, 0) = { - IMPLEMENT_ASN1_FUNCTIONS(X509_REQ) - - IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ) -+ -+#ifndef OPENSSL_NO_SM2 -+void X509_REQ_set0_sm2_id(X509_REQ *x, ASN1_OCTET_STRING *sm2_id) -+{ -+ ASN1_OCTET_STRING_free(x->sm2_id); -+ x->sm2_id = sm2_id; -+} -+ -+ASN1_OCTET_STRING *X509_REQ_get0_sm2_id(X509_REQ *x) -+{ -+ return x->sm2_id; -+} -+#endif -diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c -index fb03bb2..8c27265 100644 ---- a/crypto/x509/x_x509.c -+++ b/crypto/x509/x_x509.c -@@ -53,6 +53,9 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); - ASIdentifiers_free(ret->rfc3779_asid); - #endif -+#ifndef OPENSSL_NO_SM2 -+ ASN1_OCTET_STRING_free(ret->sm2_id); -+#endif - - /* fall thru */ - -diff --git a/doc/man1/ca.pod b/doc/man1/ca.pod -index 4380d86..1a6c53e 100644 ---- a/doc/man1/ca.pod -+++ b/doc/man1/ca.pod -@@ -57,6 +57,8 @@ B B - [B<-multivalue-rdn>] - [B<-rand file...>] - [B<-writerand file>] -+[B<-sm2-id string>] -+[B<-sm2-hex-id hex-string>] - - =head1 DESCRIPTION - -@@ -303,6 +305,16 @@ all others. - Writes random data to the specified I upon exit. - This can be used with a subsequent B<-rand> flag. - -+=item B<-sm2-id> -+ -+Specify the ID string to use when verifying an SM2 certificate. The ID string is -+required by the SM2 signature algorithm for signing and verification. -+ -+=item B<-sm2-hex-id> -+ -+Specify a binary ID string to use when signing or verifying using an SM2 -+certificate. The argument for this option is string of hexadecimal digits. -+ - =back - - =head1 CRL OPTIONS -@@ -600,6 +612,10 @@ Sign a certificate request: - - openssl ca -in req.pem -out newcert.pem - -+Sign an SM2 certificate request: -+ -+ openssl ca -in sm2.csr -out sm2.crt -md sm3 -sigopt "sm2_id:1234567812345678" -sm2-id "1234567812345678" -+ - Sign a certificate request, using CA extensions: - - openssl ca -in req.pem -extensions v3_ca -out newcert.pem -diff --git a/doc/man1/req.pod b/doc/man1/req.pod -index 539b843..3b9fcc3 100644 ---- a/doc/man1/req.pod -+++ b/doc/man1/req.pod -@@ -50,6 +50,8 @@ B B - [B<-batch>] - [B<-verbose>] - [B<-engine id>] -+[B<-sm2-id string>] -+[B<-sm2-hex-id hex-string>] - - =head1 DESCRIPTION - -@@ -339,6 +341,16 @@ for all available algorithms. - Specifies an engine (by its unique B string) which would be used - for key generation operations. - -+=item B<-sm2-id> -+ -+Specify the ID string to use when verifying an SM2 certificate. The ID string is -+required by the SM2 signature algorithm for signing and verification. -+ -+=item B<-sm2-hex-id> -+ -+Specify a binary ID string to use when signing or verifying using an SM2 -+certificate. The argument for this option is string of hexadecimal digits. -+ - =back - - =head1 CONFIGURATION FILE FORMAT -@@ -534,6 +546,15 @@ Generate a self signed root certificate: - - openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem - -+Create an SM2 private key and then generate a certificate request from it: -+ -+ openssl ecparam -genkey -name SM2 -out sm2.key -+ openssl req -new -key sm2.key -out sm2.csr -sm3 -sigopt "sm2_id:1234567812345678" -+ -+Examine and verify an SM2 certificate request: -+ -+ openssl req -verify -in sm2.csr -sm3 -sm2-id 1234567812345678 -+ - Example of a file pointed to by the B option: - - 1.2.3.4 shortName A longer Name -diff --git a/doc/man3/X509_get0_sm2_id.pod b/doc/man3/X509_get0_sm2_id.pod -index 9698c86..d8a85d7 100644 ---- a/doc/man3/X509_get0_sm2_id.pod -+++ b/doc/man3/X509_get0_sm2_id.pod -@@ -2,7 +2,9 @@ - - =head1 NAME - --X509_get0_sm2_id, X509_set0_sm2_id - get or set SM2 ID for certificate operations -+X509_get0_sm2_id, X509_set0_sm2_id, -+X509_REQ_get0_sm2_id, X509_REQ_set0_sm2_id -+- get or set SM2 ID for certificate operations - - =head1 SYNOPSIS - -@@ -10,6 +12,8 @@ X509_get0_sm2_id, X509_set0_sm2_id - get or set SM2 ID for certificate operation - - ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x); - void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id); -+ ASN1_OCTET_STRING *X509_REQ_get0_sm2_id(X509_REQ *x); -+ void X509_REQ_set0_sm2_id(X509_REQ *x, ASN1_OCTET_STRING *sm2_id); - - =head1 DESCRIPTION - -@@ -21,6 +25,10 @@ this function transfers the memory management of the value to the X509 object, - and therefore the value that has been passed in should not be freed by the - caller after this function has been called. - -+X509_REQ_get0_sm2_id() and X509_REQ_set0_sm2_id() have the same functionality -+as X509_get0_sm2_id() and X509_set0_sm2_id() except that they deal with -+B objects instead of B. -+ - =head1 NOTES - - SM2 signature algorithm requires an ID value when generating and verifying a -@@ -29,7 +37,7 @@ ability to set and retrieve the SM2 ID value. - - =head1 RETURN VALUES - --X509_set0_sm2_id() does not return a value. -+X509_set0_sm2_id() and X509_REQ_set0_sm2_id() do not return a value. - - =head1 SEE ALSO - -diff --git a/include/crypto/x509.h b/include/crypto/x509.h -index 5c314a8..a6e812a 100644 ---- a/include/crypto/x509.h -+++ b/include/crypto/x509.h -@@ -73,6 +73,9 @@ struct X509_req_st { - ASN1_BIT_STRING *signature; /* signature */ - CRYPTO_REF_COUNT references; - CRYPTO_RWLOCK *lock; -+# ifndef OPENSSL_NO_SM2 -+ ASN1_OCTET_STRING *sm2_id; -+# endif - }; - - struct X509_crl_info_st { -diff --git a/include/openssl/x509.h b/include/openssl/x509.h -index a02cf50..42e9eee 100644 ---- a/include/openssl/x509.h -+++ b/include/openssl/x509.h -@@ -576,6 +576,8 @@ int X509_get_signature_nid(const X509 *x); - # ifndef OPENSSL_NO_SM2 - void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id); - ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x); -+void X509_REQ_set0_sm2_id(X509_REQ *x, ASN1_OCTET_STRING *sm2_id); -+ASN1_OCTET_STRING *X509_REQ_get0_sm2_id(X509_REQ *x); - # endif - - int X509_trusted(const X509 *x); -diff --git a/include/openssl/x509err.h b/include/openssl/x509err.h -index 06d75f0..0a84ef0 100644 ---- a/include/openssl/x509err.h -+++ b/include/openssl/x509err.h -@@ -26,6 +26,7 @@ int ERR_load_X509_strings(void); - # define X509_F_BY_FILE_CTRL 101 - # define X509_F_CHECK_NAME_CONSTRAINTS 149 - # define X509_F_CHECK_POLICY 145 -+# define X509_F_COMMON_VERIFY_SM2 165 - # define X509_F_DANE_I2D 107 - # define X509_F_DIR_CTRL 102 - # define X509_F_GET_CERT_BY_SUBJECT 103 -@@ -70,6 +71,8 @@ int ERR_load_X509_strings(void); - # define X509_F_X509_REQ_PRINT_EX 121 - # define X509_F_X509_REQ_PRINT_FP 122 - # define X509_F_X509_REQ_TO_X509 123 -+# define X509_F_X509_REQ_VERIFY 163 -+# define X509_F_X509_REQ_VERIFY_SM2 164 - # define X509_F_X509_STORE_ADD_CERT 124 - # define X509_F_X509_STORE_ADD_CRL 125 - # define X509_F_X509_STORE_ADD_LOOKUP 157 -diff --git a/test/certs/sm2-csr.pem b/test/certs/sm2-csr.pem -new file mode 100644 -index 0000000..a6dcca8 ---- /dev/null -+++ b/test/certs/sm2-csr.pem -@@ -0,0 +1,9 @@ -+-----BEGIN CERTIFICATE REQUEST----- -+MIIBMTCB1wIBADB1MQswCQYDVQQGEwJDTjERMA8GA1UECAwITGlhb25pbmcxETAP -+BgNVBAcMCFNoZW55YW5nMQwwCgYDVQQKDANUZXQxDDAKBgNVBAsMA1RldDELMAkG -+A1UEAwwCb28xFzAVBgkqhkiG9w0BCQEWCG9vQG9vLm9vMFkwEwYHKoZIzj0CAQYI -+KoEcz1UBgi0DQgAE1NjdOpldcjTkuZpdGDNyHAnhK9cB2RZ7jAmFzt7jgEs9OHSg -+rb3crjz+qGZfqyJ5AyZulQ7gdARzb1H55jvw5qAAMAoGCCqBHM9VAYN1A0kAMEYC -+IQCacUXA8kyTTDwEm89Yz9qjsbfd8/N32lnzKxuKCcXJwQIhAIpugCbfeWuPxUQO -+7AvQS3yxBp1yn0FbTT2XVSyYy6To -+-----END CERTIFICATE REQUEST----- -diff --git a/test/certs/sm2-root.crt b/test/certs/sm2-root.crt -new file mode 100644 -index 0000000..5677ac6 ---- /dev/null -+++ b/test/certs/sm2-root.crt -@@ -0,0 +1,14 @@ -+-----BEGIN CERTIFICATE----- -+MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT -+AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl -+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe -+Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw -+CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn -+MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG -+SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU -+5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW -+BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU -+5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI -+ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X -+YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3 -+-----END CERTIFICATE----- -diff --git a/test/certs/sm2-root.key b/test/certs/sm2-root.key -new file mode 100644 -index 0000000..4bda65b ---- /dev/null -+++ b/test/certs/sm2-root.key -@@ -0,0 +1,5 @@ -+-----BEGIN PRIVATE KEY----- -+MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQglktdVbLA5tyXMc+9 -+KV4ikyDaFZNnXqfNAzUVqTlqn8GhRANCAAR0WJ6hK6HwXVz6bb7zu/gUlScXKR7k -+xp2flD621OZFRFDGlJzTnjCWZf70RopmQpvwJEXiZkX529eREh0frLKe -+-----END PRIVATE KEY----- -diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t -index 383120c..8289959 100644 ---- a/test/recipes/25-test_req.t -+++ b/test/recipes/25-test_req.t -@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; - - setup("test_req"); - --plan tests => 14; -+plan tests => 15; - - require_ok(srctop_file('test','recipes','tconversion.pl')); - -@@ -181,6 +181,25 @@ subtest "generating certificate requests" => sub { - "Verifying signature on request"); - }; - -+subtest "generating SM2 certificate requests" => sub { -+ plan tests => 2; -+ -+ SKIP: { -+ skip "SM2 is not supported by this OpenSSL build", 2 -+ if disabled("sm2"); -+ ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), -+ "-new", "-key", srctop_file("test", "certs", "sm2.key"), -+ "-sigopt", "sm2_id:1234567812345678", -+ "-out", "testreq.pem", "-sm3"])), -+ "Generating SM2 certificate request"); -+ -+ ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), -+ "-verify", "-in", "testreq.pem", "-noout", -+ "-sm2-id", "1234567812345678", "-sm3"])), -+ "Verifying signature on SM2 certificate request"); -+ } -+}; -+ - my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf")); - - run_conversion('req conversions', -diff --git a/test/recipes/70-test_verify_extra.t b/test/recipes/70-test_verify_extra.t -index 8c7c957..1571115 100644 ---- a/test/recipes/70-test_verify_extra.t -+++ b/test/recipes/70-test_verify_extra.t -@@ -17,4 +17,5 @@ ok(run(test(["verify_extra_test", - srctop_file("test", "certs", "roots.pem"), - srctop_file("test", "certs", "untrusted.pem"), - srctop_file("test", "certs", "bad.pem"), -- srctop_file("test", "certs", "rootCA.pem")]))); -+ srctop_file("test", "certs", "rootCA.pem"), -+ srctop_file("test", "certs", "sm2-csr.pem")]))); -diff --git a/test/recipes/80-test_ca.t b/test/recipes/80-test_ca.t -index 557777e..92557cf 100644 ---- a/test/recipes/80-test_ca.t -+++ b/test/recipes/80-test_ca.t -@@ -23,7 +23,7 @@ my $std_openssl_cnf = - - rmtree("demoCA", { safe => 0 }); - --plan tests => 5; -+plan tests => 6; - SKIP: { - $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "CAss.cnf").'"'; - skip "failed creating CA structure", 4 -@@ -51,9 +51,25 @@ plan tests => 5; - 'creating new pre-certificate'); - } - -+SKIP: { -+ skip "SM2 is not supported by this OpenSSL build", 1 -+ if disabled("sm2"); -+ -+ is(yes(cmdstr(app(["openssl", "ca", "-config", -+ srctop_file("test", "CAss.cnf"), -+ "-in", srctop_file("test", "certs", "sm2-csr.pem"), -+ "-out", "sm2-test.crt", -+ "-sigopt", "sm2_id:1234567812345678", -+ "-sm2-id", "1234567812345678", -+ "-md", "sm3", -+ "-cert", srctop_file("test", "certs", "sm2-root.crt"), -+ "-keyfile", srctop_file("test", "certs", "sm2-root.key")]))), -+ 0, -+ "Signing SM2 certificate request"); -+} - - rmtree("demoCA", { safe => 0 }); --unlink "newcert.pem", "newreq.pem", "newkey.pem"; -+unlink "newcert.pem", "newreq.pem", "newkey.pem", "sm2-test.crt"; - - - sub yes { -diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c -index 763ea4f..d69653c 100644 ---- a/test/verify_extra_test.c -+++ b/test/verify_extra_test.c -@@ -20,6 +20,7 @@ static const char *roots_f; - static const char *untrusted_f; - static const char *bad_f; - static const char *good_f; -+static const char *req_f; - - static X509 *load_cert_pem(const char *file) - { -@@ -272,6 +273,46 @@ static int test_sm2_id(void) - BIO_free(bio); - return ret; - } -+ -+static int test_req_sm2_id(void) -+{ -+ /* we only need an X509_REQ structure, no matter if it's a real SM2 cert */ -+ X509_REQ *x = NULL; -+ BIO *bio = NULL; -+ int ret = 0; -+ ASN1_OCTET_STRING *v = NULL, *v2 = NULL; -+ char *sm2id = "this is an ID"; -+ -+ bio = BIO_new_file(req_f, "r"); -+ if (bio == NULL) -+ goto err; -+ -+ x = PEM_read_bio_X509_REQ(bio, NULL, 0, NULL); -+ if (x == NULL) -+ goto err; -+ -+ v = ASN1_OCTET_STRING_new(); -+ if (v == NULL) -+ goto err; -+ -+ if (!ASN1_OCTET_STRING_set(v, (unsigned char *)sm2id, (int)strlen(sm2id))) { -+ ASN1_OCTET_STRING_free(v); -+ goto err; -+ } -+ -+ X509_REQ_set0_sm2_id(x, v); -+ -+ v2 = X509_REQ_get0_sm2_id(x); -+ if (!TEST_ptr(v2) -+ || !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0)) -+ goto err; -+ -+ ret = 1; -+ err: -+ X509_REQ_free(x); -+ BIO_free(bio); -+ return ret; -+} - #endif - - int setup_tests(void) -@@ -279,7 +320,8 @@ int setup_tests(void) - if (!TEST_ptr(roots_f = test_get_argument(0)) - || !TEST_ptr(untrusted_f = test_get_argument(1)) - || !TEST_ptr(bad_f = test_get_argument(2)) -- || !TEST_ptr(good_f = test_get_argument(3))) { -+ || !TEST_ptr(good_f = test_get_argument(3)) -+ || !TEST_ptr(req_f = test_get_argument(4))) { - TEST_error("usage: verify_extra_test roots.pem untrusted.pem bad.pem good.pem\n"); - return 0; - } -@@ -290,6 +332,7 @@ int setup_tests(void) - ADD_TEST(test_self_signed_bad); - #ifndef OPENSSL_NO_SM2 - ADD_TEST(test_sm2_id); -+ ADD_TEST(test_req_sm2_id); - #endif - return 1; - } -diff --git a/util/libcrypto.num b/util/libcrypto.num -index d7abe91..81a6388 100644 ---- a/util/libcrypto.num -+++ b/util/libcrypto.num -@@ -4628,3 +4628,5 @@ FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION: - FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION: - X509_set0_sm2_id 6383 1_1_1m EXIST::FUNCTION:SM2 - X509_get0_sm2_id 6384 1_1_1m EXIST::FUNCTION:SM2 -+X509_REQ_get0_sm2_id 6385 1_1_1m EXIST::FUNCTION:SM2 -+X509_REQ_set0_sm2_id 6386 1_1_1m EXIST::FUNCTION:SM2 --- -2.20.1 (Apple Git-117) - diff --git a/Backport-Support-SM2-certificate-verification.patch b/Backport-Support-SM2-certificate-verification.patch deleted file mode 100644 index 87c5aded3062def070e7787f9f0ef5df1384e076..0000000000000000000000000000000000000000 --- a/Backport-Support-SM2-certificate-verification.patch +++ /dev/null @@ -1,579 +0,0 @@ -From 7d86ccd1282aeff8f6d564c5d37625ffcc048f2d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=E6=9D=A8=E6=B4=8B?= -Date: Fri, 26 Oct 2018 21:34:08 +0800 -Subject: [PATCH 03/15] Support SM2 certificate verification - -Reviewed-by: Tim Hudson -(Merged from https://github.com/openssl/openssl/pull/8321) ---- - apps/verify.c | 45 +++++++++++++-- - crypto/asn1/a_verify.c | 3 +- - crypto/err/openssl.txt | 2 + - crypto/objects/obj_dat.h | 17 ++++-- - crypto/objects/obj_mac.num | 1 + - crypto/objects/obj_xref.h | 4 +- - crypto/objects/obj_xref.txt | 2 + - crypto/objects/objects.txt | 2 + - crypto/x509/x509_err.c | 2 + - crypto/x509/x_all.c | 110 ++++++++++++++++++++++++++++++++++++ - crypto/x509/x_x509.c | 12 ++++ - fuzz/oids.txt | 1 + - include/crypto/x509.h | 5 +- - include/openssl/obj_mac.h | 7 ++- - include/openssl/x509.h | 3 + - include/openssl/x509err.h | 2 + - util/libcrypto.num | 2 + - 17 files changed, 204 insertions(+), 16 deletions(-) - -diff --git a/apps/verify.c b/apps/verify.c -index 1f93856..09b31cf 100644 ---- a/apps/verify.c -+++ b/apps/verify.c -@@ -21,7 +21,8 @@ - static int cb(int ok, X509_STORE_CTX *ctx); - static int check(X509_STORE *ctx, const char *file, - STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, -- STACK_OF(X509_CRL) *crls, int show_chain); -+ STACK_OF(X509_CRL) *crls, int show_chain, -+ unsigned char *sm2id, size_t sm2idlen); - static int v_verbose = 0, vflags = 0; - - typedef enum OPTION_choice { -@@ -29,7 +30,7 @@ typedef enum OPTION_choice { - OPT_ENGINE, OPT_CAPATH, OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, - OPT_UNTRUSTED, OPT_TRUSTED, OPT_CRLFILE, OPT_CRL_DOWNLOAD, OPT_SHOW_CHAIN, - OPT_V_ENUM, OPT_NAMEOPT, -- OPT_VERBOSE -+ OPT_VERBOSE, OPT_SM2ID, OPT_SM2HEXID - } OPTION_CHOICE; - - const OPTIONS verify_options[] = { -@@ -56,6 +57,12 @@ const OPTIONS verify_options[] = { - OPT_V_OPTIONS, - #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -+#endif -+#ifndef OPENSSL_NO_SM2 -+ {"sm2-id", OPT_SM2ID, 's', -+ "Specify an ID string to verify an SM2 certificate"}, -+ {"sm2-hex-id", OPT_SM2HEXID, 's', -+ "Specify a hex ID string to verify an SM2 certificate"}, - #endif - {NULL} - }; -@@ -71,6 +78,8 @@ int verify_main(int argc, char **argv) - int noCApath = 0, noCAfile = 0; - int vpmtouched = 0, crl_download = 0, show_chain = 0, i = 0, ret = 1; - OPTION_CHOICE o; -+ unsigned char *sm2_id = NULL; -+ size_t sm2_idlen = 0; - - if ((vpm = X509_VERIFY_PARAM_new()) == NULL) - goto end; -@@ -158,6 +167,19 @@ int verify_main(int argc, char **argv) - case OPT_VERBOSE: - v_verbose = 1; - break; -+ case OPT_SM2ID: -+ /* we assume the input is not a hex string */ -+ sm2_id = (unsigned char *)opt_arg(); -+ sm2_idlen = strlen((const char *)sm2_id); -+ break; -+ case OPT_SM2HEXID: -+ /* try to parse the input as hex string first */ -+ sm2_id = OPENSSL_hexstr2buf(opt_arg(), (long *)&sm2_idlen); -+ if (sm2_id == NULL) { -+ BIO_printf(bio_err, "Invalid hex string input\n"); -+ goto end; -+ } -+ break; - } - } - argc = opt_num_rest(); -@@ -183,12 +205,13 @@ int verify_main(int argc, char **argv) - - ret = 0; - if (argc < 1) { -- if (check(store, NULL, untrusted, trusted, crls, show_chain) != 1) -+ if (check(store, NULL, untrusted, trusted, crls, show_chain, -+ sm2_id, sm2_idlen) != 1) - ret = -1; - } else { - for (i = 0; i < argc; i++) - if (check(store, argv[i], untrusted, trusted, crls, -- show_chain) != 1) -+ show_chain, sm2_id, sm2_idlen) != 1) - ret = -1; - } - -@@ -204,7 +227,8 @@ int verify_main(int argc, char **argv) - - static int check(X509_STORE *ctx, const char *file, - STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, -- STACK_OF(X509_CRL) *crls, int show_chain) -+ STACK_OF(X509_CRL) *crls, int show_chain, -+ unsigned char *sm2id, size_t sm2idlen) - { - X509 *x = NULL; - int i = 0, ret = 0; -@@ -216,6 +240,17 @@ static int check(X509_STORE *ctx, const char *file, - if (x == NULL) - goto end; - -+ if (sm2id != NULL) { -+#ifndef OPENSSL_NO_SM2 -+ ASN1_OCTET_STRING v; -+ -+ v.data = sm2id; -+ v.length = sm2idlen; -+ -+ X509_set_sm2_id(x, &v); -+#endif -+ } -+ - csc = X509_STORE_CTX_new(); - if (csc == NULL) { - printf("error %s: X.509 store context allocation failed\n", -diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c -index 4b5f542..f543aa1 100644 ---- a/crypto/asn1/a_verify.c -+++ b/crypto/asn1/a_verify.c -@@ -94,7 +94,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, - int mdnid, pknid; - size_t inll = 0; - -- if (!pkey) { -+ if (pkey == NULL) { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); - return -1; - } -@@ -150,7 +150,6 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, - ret = 0; - goto err; - } -- - } - - inl = ASN1_item_i2d(asn, &buf_in, it); -diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt -index 902e97b..5e71e65 100644 ---- a/crypto/err/openssl.txt -+++ b/crypto/err/openssl.txt -@@ -1766,8 +1766,10 @@ X509_F_X509_STORE_NEW:158:X509_STORE_new - X509_F_X509_TO_X509_REQ:126:X509_to_X509_REQ - X509_F_X509_TRUST_ADD:133:X509_TRUST_add - X509_F_X509_TRUST_SET:141:X509_TRUST_set -+X509_F_X509_VERIFY:161:X509_verify - X509_F_X509_VERIFY_CERT:127:X509_verify_cert - X509_F_X509_VERIFY_PARAM_NEW:159:X509_VERIFY_PARAM_new -+X509_F_X509_VERIFY_SM2:162:x509_verify_sm2 - - #Reason codes - ASN1_R_ADDING_OBJECT:171:adding object -diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h -index 24b49a2..eb4cce4 100644 ---- a/crypto/objects/obj_dat.h -+++ b/crypto/objects/obj_dat.h -@@ -2,7 +2,7 @@ - * WARNING: do not edit! - * Generated by crypto/objects/obj_dat.pl - * -- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at -@@ -10,7 +10,7 @@ - */ - - /* Serialized OID's */ --static const unsigned char so[7762] = { -+static const unsigned char so[7770] = { - 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ -@@ -1076,9 +1076,10 @@ static const unsigned char so[7762] = { - 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x04, /* [ 7736] OBJ_id_tc26_gost_3410_2012_256_paramSetD */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0C, /* [ 7745] OBJ_hmacWithSHA512_224 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */ -+ 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x75, /* [ 7761] OBJ_SM2_with_SM3 */ - }; - --#define NUM_NID 1195 -+#define NUM_NID 1196 - static const ASN1_OBJECT nid_objs[NUM_NID] = { - {"UNDEF", "undefined", NID_undef}, - {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, -@@ -2275,9 +2276,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { - {"magma-mac", "magma-mac", NID_magma_mac}, - {"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]}, - {"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]}, -+ {"SM2-SM3", "SM2-with-SM3", NID_SM2_with_SM3, 8, &so[7761]}, - }; - --#define NUM_SN 1186 -+#define NUM_SN 1187 - static const unsigned int sn_objs[NUM_SN] = { - 364, /* "AD_DVCS" */ - 419, /* "AES-128-CBC" */ -@@ -2543,6 +2545,7 @@ static const unsigned int sn_objs[NUM_SN] = { - 1100, /* "SHAKE128" */ - 1101, /* "SHAKE256" */ - 1172, /* "SM2" */ -+ 1195, /* "SM2-SM3" */ - 1143, /* "SM3" */ - 1134, /* "SM4-CBC" */ - 1137, /* "SM4-CFB" */ -@@ -3467,7 +3470,7 @@ static const unsigned int sn_objs[NUM_SN] = { - 1093, /* "x509ExtAdmission" */ - }; - --#define NUM_LN 1186 -+#define NUM_LN 1187 - static const unsigned int ln_objs[NUM_LN] = { - 363, /* "AD Time Stamping" */ - 405, /* "ANSI X9.62" */ -@@ -3623,6 +3626,7 @@ static const unsigned int ln_objs[NUM_LN] = { - 1119, /* "RSA-SHA3-512" */ - 188, /* "S/MIME" */ - 167, /* "S/MIME Capabilities" */ -+ 1195, /* "SM2-with-SM3" */ - 1006, /* "SNILS" */ - 387, /* "SNMPv2" */ - 1025, /* "SSH Client" */ -@@ -4657,7 +4661,7 @@ static const unsigned int ln_objs[NUM_LN] = { - 125, /* "zlib compression" */ - }; - --#define NUM_OBJ 1071 -+#define NUM_OBJ 1072 - static const unsigned int obj_objs[NUM_OBJ] = { - 0, /* OBJ_undef 0 */ - 181, /* OBJ_iso 1 */ -@@ -5126,6 +5130,7 @@ static const unsigned int obj_objs[NUM_OBJ] = { - 1139, /* OBJ_sm4_ctr 1 2 156 10197 1 104 7 */ - 1172, /* OBJ_sm2 1 2 156 10197 1 301 */ - 1143, /* OBJ_sm3 1 2 156 10197 1 401 */ -+ 1195, /* OBJ_SM2_with_SM3 1 2 156 10197 1 501 */ - 1144, /* OBJ_sm3WithRSAEncryption 1 2 156 10197 1 504 */ - 776, /* OBJ_seed_ecb 1 2 410 200004 1 3 */ - 777, /* OBJ_seed_cbc 1 2 410 200004 1 4 */ -diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num -index 1b6a9c6..8b797b0 100644 ---- a/crypto/objects/obj_mac.num -+++ b/crypto/objects/obj_mac.num -@@ -1192,3 +1192,4 @@ magma_cfb 1191 - magma_mac 1192 - hmacWithSHA512_224 1193 - hmacWithSHA512_256 1194 -+SM2_with_SM3 1195 -diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h -index 5c3561a..1acfcde 100644 ---- a/crypto/objects/obj_xref.h -+++ b/crypto/objects/obj_xref.h -@@ -2,7 +2,7 @@ - * WARNING: do not edit! - * Generated by objxref.pl - * -- * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -79,6 +79,7 @@ static const nid_triple sigoid_srt[] = { - {NID_RSA_SHA3_256, NID_sha3_256, NID_rsaEncryption}, - {NID_RSA_SHA3_384, NID_sha3_384, NID_rsaEncryption}, - {NID_RSA_SHA3_512, NID_sha3_512, NID_rsaEncryption}, -+ {NID_SM2_with_SM3, NID_sm3, NID_sm2}, - }; - - static const nid_triple *const sigoid_srt_xref[] = { -@@ -125,4 +126,5 @@ static const nid_triple *const sigoid_srt_xref[] = { - &sigoid_srt[45], - &sigoid_srt[46], - &sigoid_srt[47], -+ &sigoid_srt[48], - }; -diff --git a/crypto/objects/obj_xref.txt b/crypto/objects/obj_xref.txt -index ca3e744..f3dd8ed 100644 ---- a/crypto/objects/obj_xref.txt -+++ b/crypto/objects/obj_xref.txt -@@ -64,3 +64,5 @@ dhSinglePass_cofactorDH_sha224kdf_scheme sha224 dh_cofactor_kdf - dhSinglePass_cofactorDH_sha256kdf_scheme sha256 dh_cofactor_kdf - dhSinglePass_cofactorDH_sha384kdf_scheme sha384 dh_cofactor_kdf - dhSinglePass_cofactorDH_sha512kdf_scheme sha512 dh_cofactor_kdf -+ -+SM2_with_SM3 sm3 sm2 -diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt -index c49d4c5..be9da47 100644 ---- a/crypto/objects/objects.txt -+++ b/crypto/objects/objects.txt -@@ -385,6 +385,8 @@ sm-scheme 301 : SM2 : sm2 - sm-scheme 401 : SM3 : sm3 - sm-scheme 504 : RSA-SM3 : sm3WithRSAEncryption - -+sm-scheme 501 : SM2-SM3 : SM2-with-SM3 -+ - # From RFC4231 - rsadsi 2 8 : : hmacWithSHA224 - rsadsi 2 9 : : hmacWithSHA256 -diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c -index bdd1e67..c91ad7c 100644 ---- a/crypto/x509/x509_err.c -+++ b/crypto/x509/x509_err.c -@@ -105,9 +105,11 @@ static const ERR_STRING_DATA X509_str_functs[] = { - {ERR_PACK(ERR_LIB_X509, X509_F_X509_TO_X509_REQ, 0), "X509_to_X509_REQ"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_ADD, 0), "X509_TRUST_add"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_SET, 0), "X509_TRUST_set"}, -+ {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY, 0), "X509_verify"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_CERT, 0), "X509_verify_cert"}, - {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_PARAM_NEW, 0), - "X509_VERIFY_PARAM_new"}, -+ {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_SM2, 0), "x509_verify_sm2"}, - {0, NULL} - }; - -diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c -index a4e9cda..60a2892 100644 ---- a/crypto/x509/x_all.c -+++ b/crypto/x509/x_all.c -@@ -19,10 +19,120 @@ - #include - #include - -+#ifndef OPENSSL_NO_SM2 -+ -+# include "crypto/asn1.h" -+# include "crypto/evp.h" -+ -+static int x509_verify_sm2(X509 *x, EVP_PKEY *pkey, int mdnid, int pknid) -+{ -+ EVP_MD_CTX *ctx = NULL; -+ unsigned char *buf_in = NULL; -+ int ret = -1, inl = 0; -+ size_t inll = 0; -+ EVP_PKEY_CTX *pctx = NULL; -+ const EVP_MD *type = EVP_get_digestbynid(mdnid); -+ -+ if (type == NULL) { -+ X509err(X509_F_X509_VERIFY_SM2, -+ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); -+ goto err; -+ } -+ -+ if (pkey == NULL) { -+ X509err(X509_F_X509_VERIFY_SM2, ERR_R_PASSED_NULL_PARAMETER); -+ return -1; -+ } -+ -+ if (x->signature.type == V_ASN1_BIT_STRING && x->signature.flags & 0x7) { -+ X509err(X509_F_X509_VERIFY_SM2, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); -+ return -1; -+ } -+ -+ ctx = EVP_MD_CTX_new(); -+ if (ctx == NULL) { -+ X509err(X509_F_X509_VERIFY_SM2, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /* Check public key OID matches public key type */ -+ if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) { -+ X509err(X509_F_X509_VERIFY_SM2, ASN1_R_WRONG_PUBLIC_KEY_TYPE); -+ goto err; -+ } -+ -+ if (!EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)) { -+ X509err(X509_F_X509_VERIFY_SM2, ERR_R_EVP_LIB); -+ ret = 0; -+ goto err; -+ } -+ pctx = EVP_PKEY_CTX_new(pkey, NULL); -+ if (pctx == NULL) { -+ X509err(X509_F_X509_VERIFY_SM2, ERR_R_EVP_LIB); -+ ret = 0; -+ goto err; -+ } -+ if (EVP_PKEY_CTX_set1_id(pctx, x->sm2_id.data, x->sm2_id.length) != 1) { -+ X509err(X509_F_X509_VERIFY_SM2, ERR_R_EVP_LIB); -+ ret = 0; -+ goto err; -+ } -+ EVP_MD_CTX_set_pkey_ctx(ctx, pctx); -+ -+ if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { -+ X509err(X509_F_X509_VERIFY_SM2, ERR_R_EVP_LIB); -+ ret = 0; -+ goto err; -+ } -+ -+ inl = ASN1_item_i2d((ASN1_VALUE *)&x->cert_info, &buf_in, -+ ASN1_ITEM_rptr(X509_CINF)); -+ if (inl <= 0) { -+ X509err(X509_F_X509_VERIFY_SM2, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ if (buf_in == NULL) { -+ X509err(X509_F_X509_VERIFY_SM2, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ inll = inl; -+ -+ ret = EVP_DigestVerify(ctx, x->signature.data, -+ (size_t)x->signature.length, buf_in, inl); -+ if (ret <= 0) { -+ X509err(X509_F_X509_VERIFY_SM2, ERR_R_EVP_LIB); -+ goto err; -+ } -+ ret = 1; -+ err: -+ OPENSSL_clear_free(buf_in, inll); -+ EVP_MD_CTX_free(ctx); -+ EVP_PKEY_CTX_free(pctx); -+ return ret; -+} -+#endif -+ - int X509_verify(X509 *a, EVP_PKEY *r) - { -+#ifndef OPENSSL_NO_SM2 -+ int mdnid, pknid; -+#endif -+ - if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature)) - return 0; -+ -+#ifndef OPENSSL_NO_SM2 -+ /* Convert signature OID into digest and public key OIDs */ -+ if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->sig_alg.algorithm), -+ &mdnid, &pknid)) { -+ X509err(X509_F_X509_VERIFY, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); -+ return 0; -+ } -+ -+ if (pknid == NID_sm2) -+ return x509_verify_sm2(a, r, mdnid, pknid); -+#endif -+ - return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg, - &a->signature, &a->cert_info, r)); - } -diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c -index 7aa8b77..1beab78 100644 ---- a/crypto/x509/x_x509.c -+++ b/crypto/x509/x_x509.c -@@ -245,3 +245,15 @@ int X509_get_signature_nid(const X509 *x) - { - return OBJ_obj2nid(x->sig_alg.algorithm); - } -+ -+#ifndef OPENSSL_NO_SM2 -+void X509_set_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id) -+{ -+ x->sm2_id = *sm2_id; -+} -+ -+ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x) -+{ -+ return &x->sm2_id; -+} -+#endif -diff --git a/fuzz/oids.txt b/fuzz/oids.txt -index eda55e4..8dfdea9 100644 ---- a/fuzz/oids.txt -+++ b/fuzz/oids.txt -@@ -1063,3 +1063,4 @@ OBJ_id_tc26_gost_3410_2012_256_paramSetC="\x2A\x85\x03\x07\x01\x02\x01\x01\x03" - OBJ_id_tc26_gost_3410_2012_256_paramSetD="\x2A\x85\x03\x07\x01\x02\x01\x01\x04" - OBJ_hmacWithSHA512_224="\x2A\x86\x48\x86\xF7\x0D\x02\x0C" - OBJ_hmacWithSHA512_256="\x2A\x86\x48\x86\xF7\x0D\x02\x0D" -+OBJ_SM2_with_SM3="\x2A\x81\x1C\xCF\x55\x01\x83\x75" -diff --git a/include/crypto/x509.h b/include/crypto/x509.h -index 243ea74..418c427 100644 ---- a/include/crypto/x509.h -+++ b/include/crypto/x509.h -@@ -177,7 +177,7 @@ struct x509_st { - STACK_OF(DIST_POINT) *crldp; - STACK_OF(GENERAL_NAME) *altname; - NAME_CONSTRAINTS *nc; --#ifndef OPENSSL_NO_RFC3779 -+# ifndef OPENSSL_NO_RFC3779 - STACK_OF(IPAddressFamily) *rfc3779_addr; - struct ASIdentifiers_st *rfc3779_asid; - # endif -@@ -185,6 +185,9 @@ struct x509_st { - X509_CERT_AUX *aux; - CRYPTO_RWLOCK *lock; - volatile int ex_cached; -+# ifndef OPENSSL_NO_SM2 -+ ASN1_OCTET_STRING sm2_id; -+# endif - } /* X509 */ ; - - /* -diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h -index eb812ed..9b125c1 100644 ---- a/include/openssl/obj_mac.h -+++ b/include/openssl/obj_mac.h -@@ -2,7 +2,7 @@ - * WARNING: do not edit! - * Generated by crypto/objects/objects.pl - * -- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at -@@ -1179,6 +1179,11 @@ - #define NID_sm3WithRSAEncryption 1144 - #define OBJ_sm3WithRSAEncryption OBJ_sm_scheme,504L - -+#define SN_SM2_with_SM3 "SM2-SM3" -+#define LN_SM2_with_SM3 "SM2-with-SM3" -+#define NID_SM2_with_SM3 1195 -+#define OBJ_SM2_with_SM3 OBJ_sm_scheme,501L -+ - #define LN_hmacWithSHA224 "hmacWithSHA224" - #define NID_hmacWithSHA224 798 - #define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L -diff --git a/include/openssl/x509.h b/include/openssl/x509.h -index 3ff86ec..5f17057 100644 ---- a/include/openssl/x509.h -+++ b/include/openssl/x509.h -@@ -573,6 +573,9 @@ void X509_get0_signature(const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg, const X509 *x); - int X509_get_signature_nid(const X509 *x); - -+void X509_set_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id); -+ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x); -+ - int X509_trusted(const X509 *x); - int X509_alias_set1(X509 *x, const unsigned char *name, int len); - int X509_keyid_set1(X509 *x, const unsigned char *id, int len); -diff --git a/include/openssl/x509err.h b/include/openssl/x509err.h -index cd08673..06d75f0 100644 ---- a/include/openssl/x509err.h -+++ b/include/openssl/x509err.h -@@ -81,8 +81,10 @@ int ERR_load_X509_strings(void); - # define X509_F_X509_TO_X509_REQ 126 - # define X509_F_X509_TRUST_ADD 133 - # define X509_F_X509_TRUST_SET 141 -+# define X509_F_X509_VERIFY 161 - # define X509_F_X509_VERIFY_CERT 127 - # define X509_F_X509_VERIFY_PARAM_NEW 159 -+# define X509_F_X509_VERIFY_SM2 162 - - /* - * X509 reason codes. -diff --git a/util/libcrypto.num b/util/libcrypto.num -index 1566231..8635ac4 100644 ---- a/util/libcrypto.num -+++ b/util/libcrypto.num -@@ -4626,3 +4626,5 @@ FIPS_drbg_get_strength 6379 1_1_0g EXIST::FUNCTION: - FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION: - FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION: - FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION: -+X509_set_sm2_id 6383 1_1_1m EXIST::FUNCTION: -+X509_get0_sm2_id 6384 1_1_1m EXIST::FUNCTION: --- -2.20.1 (Apple Git-117) - diff --git a/Backport-Support-parsing-of-SM2-ID-in-hexdecimal.patch b/Backport-Support-parsing-of-SM2-ID-in-hexdecimal.patch deleted file mode 100644 index 1e0f5917ca14b1a64239d0719f9fdecf66974947..0000000000000000000000000000000000000000 --- a/Backport-Support-parsing-of-SM2-ID-in-hexdecimal.patch +++ /dev/null @@ -1,127 +0,0 @@ -From 1d9e832e41858b13a96899d842afd183f1c66c48 Mon Sep 17 00:00:00 2001 -From: Paul Yang -Date: Tue, 30 Jul 2019 23:05:44 +0800 -Subject: [PATCH 11/15] Support parsing of SM2 ID in hexdecimal - -The current EVP_PEKY_ctrl for SM2 has no capability of parsing an ID -input in hexdecimal. - -The newly added ctrl string is called: sm2_hex_id - -Test cases and documentation are updated. - -Reviewed-by: Tim Hudson -Reviewed-by: Richard Levitte -(Merged from https://github.com/openssl/openssl/pull/9584) ---- - crypto/sm2/sm2_pmeth.c | 19 +++++++++++++++++++ - doc/man1/pkeyutl.pod | 7 +++++++ - include/openssl/ec.h | 1 - - test/recipes/25-test_req.t | 15 +++++++++++++-- - 4 files changed, 39 insertions(+), 3 deletions(-) - -diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c -index 837bdc1..9551d70 100644 ---- a/crypto/sm2/sm2_pmeth.c -+++ b/crypto/sm2/sm2_pmeth.c -@@ -232,6 +232,10 @@ static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) - static int pkey_sm2_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) - { -+ uint8_t *hex_id; -+ long hex_len = 0; -+ int ret = 0; -+ - if (strcmp(type, "ec_paramgen_curve") == 0) { - int nid = NID_undef; - -@@ -255,6 +259,21 @@ static int pkey_sm2_ctrl_str(EVP_PKEY_CTX *ctx, - } else if (strcmp(type, "sm2_id") == 0) { - return pkey_sm2_ctrl(ctx, EVP_PKEY_CTRL_SET1_ID, - (int)strlen(value), (void *)value); -+ } else if (strcmp(type, "sm2_hex_id") == 0) { -+ /* -+ * TODO(3.0): reconsider the name "sm2_hex_id", OR change -+ * OSSL_PARAM_construct_from_text() / OSSL_PARAM_allocate_from_text() -+ * to handle infix "_hex_" -+ */ -+ hex_id = OPENSSL_hexstr2buf((const char *)value, &hex_len); -+ if (hex_id == NULL) { -+ SM2err(SM2_F_PKEY_SM2_CTRL_STR, ERR_R_PASSED_INVALID_ARGUMENT); -+ return 0; -+ } -+ ret = pkey_sm2_ctrl(ctx, EVP_PKEY_CTRL_SET1_ID, (int)hex_len, -+ (void *)hex_id); -+ OPENSSL_free(hex_id); -+ return ret; - } - - return -2; -diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod -index f0f80af..1a742ab 100644 ---- a/doc/man1/pkeyutl.pod -+++ b/doc/man1/pkeyutl.pod -@@ -329,6 +329,13 @@ This sets the ID string used in SM2 sign or verify operations. While verifying - an SM2 signature, the ID string must be the same one used when signing the data. - Otherwise the verification will fail. - -+=item B -+ -+This sets the ID string used in SM2 sign or verify operations. While verifying -+an SM2 signature, the ID string must be the same one used when signing the data. -+Otherwise the verification will fail. The ID string provided with this option -+should be a valid hexadecimal value. -+ - =back - - =head1 EXAMPLES -diff --git a/include/openssl/ec.h b/include/openssl/ec.h -index 24baf53..e8c8869 100644 ---- a/include/openssl/ec.h -+++ b/include/openssl/ec.h -@@ -1444,7 +1444,6 @@ void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, - # define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \ - EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ - EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id)) -- - # define EVP_PKEY_CTX_get1_id(ctx, id) \ - EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ - EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id)) -diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t -index 8289959..d53e577 100644 ---- a/test/recipes/25-test_req.t -+++ b/test/recipes/25-test_req.t -@@ -182,10 +182,10 @@ subtest "generating certificate requests" => sub { - }; - - subtest "generating SM2 certificate requests" => sub { -- plan tests => 2; -+ plan tests => 4; - - SKIP: { -- skip "SM2 is not supported by this OpenSSL build", 2 -+ skip "SM2 is not supported by this OpenSSL build", 4 - if disabled("sm2"); - ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), - "-new", "-key", srctop_file("test", "certs", "sm2.key"), -@@ -197,6 +197,17 @@ subtest "generating SM2 certificate requests" => sub { - "-verify", "-in", "testreq.pem", "-noout", - "-sm2-id", "1234567812345678", "-sm3"])), - "Verifying signature on SM2 certificate request"); -+ -+ ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), -+ "-new", "-key", srctop_file("test", "certs", "sm2.key"), -+ "-sigopt", "sm2_hex_id:DEADBEEF", -+ "-out", "testreq.pem", "-sm3"])), -+ "Generating SM2 certificate request with hex id"); -+ -+ ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), -+ "-verify", "-in", "testreq.pem", "-noout", -+ "-sm2-hex-id", "DEADBEEF", "-sm3"])), -+ "Verifying signature on SM2 certificate request"); - } - }; - --- -2.20.1 (Apple Git-117) - diff --git a/Backport-Support-raw-input-data-in-apps-pkeyutl.patch b/Backport-Support-raw-input-data-in-apps-pkeyutl.patch deleted file mode 100644 index cd973db8caeb1a119027a5af1be0bb803e74c73a..0000000000000000000000000000000000000000 --- a/Backport-Support-raw-input-data-in-apps-pkeyutl.patch +++ /dev/null @@ -1,482 +0,0 @@ -From b14bf717ccb166cce13173a817106effb02f6c2e Mon Sep 17 00:00:00 2001 -From: Paul Yang -Date: Wed, 16 Jan 2019 16:16:28 +0800 -Subject: [PATCH 01/15] Support raw input data in apps/pkeyutl - -Some signature algorithms require special treatment for digesting, such -as SM2. This patch adds the ability of handling raw input data in -apps/pkeyutl other than accepting only pre-hashed input data. - -Beside, SM2 requries an ID string when signing or verifying a piece of data, -this patch also adds the ability for apps/pkeyutil to specify that ID -string. - -Reviewed-by: Matt Caswell -(Merged from https://github.com/openssl/openssl/pull/8186) ---- - apps/pkeyutl.c | 168 +++++++++++++++++++++++++++++---- - crypto/sm2/sm2_pmeth.c | 3 + - doc/man1/pkeyutl.pod | 45 +++++++++ - test/certs/sm2.crt | 13 +++ - test/certs/sm2.key | 5 + - test/recipes/20-test_pkeyutl.t | 43 +++++++++ - 6 files changed, 260 insertions(+), 17 deletions(-) - create mode 100644 test/certs/sm2.crt - create mode 100644 test/certs/sm2.key - create mode 100644 test/recipes/20-test_pkeyutl.t - -diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c -index 831e14d..bca0464 100644 ---- a/apps/pkeyutl.c -+++ b/apps/pkeyutl.c -@@ -22,7 +22,7 @@ - static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, - const char *keyfile, int keyform, int key_type, - char *passinarg, int pkey_op, ENGINE *e, -- const int impl); -+ const int impl, EVP_PKEY **ppkey); - - static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, - ENGINE *e); -@@ -31,6 +31,11 @@ static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, - unsigned char *out, size_t *poutlen, - const unsigned char *in, size_t inlen); - -+static int do_raw_keyop(int pkey_op, EVP_PKEY_CTX *ctx, -+ const EVP_MD *md, EVP_PKEY *pkey, BIO *in, -+ unsigned char *sig, int siglen, -+ unsigned char **out, size_t *poutlen); -+ - typedef enum OPTION_choice { - OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_ENGINE, OPT_ENGINE_IMPL, OPT_IN, OPT_OUT, -@@ -38,12 +43,15 @@ typedef enum OPTION_choice { - OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT, - OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN, - OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_KDF, OPT_KDFLEN, -- OPT_R_ENUM -+ OPT_R_ENUM, OPT_RAWIN, OPT_DIGEST - } OPTION_CHOICE; - - const OPTIONS pkeyutl_options[] = { - {"help", OPT_HELP, '-', "Display this summary"}, - {"in", OPT_IN, '<', "Input file - default stdin"}, -+ {"rawin", OPT_RAWIN, '-', "Indicate the input data is in raw form"}, -+ {"digest", OPT_DIGEST, 's', -+ "Specify the digest algorithm when signing the raw input data"}, - {"out", OPT_OUT, '>', "Output file - default stdout"}, - {"pubin", OPT_PUBIN, '-', "Input is a public key"}, - {"certin", OPT_CERTIN, '-', "Input is a cert with a public key"}, -@@ -80,6 +88,7 @@ int pkeyutl_main(int argc, char **argv) - BIO *in = NULL, *out = NULL; - ENGINE *e = NULL; - EVP_PKEY_CTX *ctx = NULL; -+ EVP_PKEY *pkey = NULL; - char *infile = NULL, *outfile = NULL, *sigfile = NULL, *passinarg = NULL; - char hexdump = 0, asn1parse = 0, rev = 0, *prog; - unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL; -@@ -94,6 +103,8 @@ int pkeyutl_main(int argc, char **argv) - const char *kdfalg = NULL; - int kdflen = 0; - STACK_OF(OPENSSL_STRING) *pkeyopts = NULL; -+ int rawin = 0; -+ const EVP_MD *md = NULL; - - prog = opt_init(argc, argv, pkeyutl_options); - while ((o = opt_next()) != OPT_EOF) { -@@ -192,12 +203,39 @@ int pkeyutl_main(int argc, char **argv) - goto end; - } - break; -+ case OPT_RAWIN: -+ rawin = 1; -+ break; -+ case OPT_DIGEST: -+ if (!opt_md(opt_arg(), &md)) -+ goto end; -+ break; - } - } - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - -+ if (rawin && pkey_op != EVP_PKEY_OP_SIGN && pkey_op != EVP_PKEY_OP_VERIFY) { -+ BIO_printf(bio_err, -+ "%s: -rawin can only be used with -sign or -verify\n", -+ prog); -+ goto opthelp; -+ } -+ -+ if (md != NULL && !rawin) { -+ BIO_printf(bio_err, -+ "%s: -digest can only be used with -rawin\n", -+ prog); -+ goto opthelp; -+ } -+ -+ if (rawin && rev) { -+ BIO_printf(bio_err, "%s: -rev cannot be used with raw input\n", -+ prog); -+ goto opthelp; -+ } -+ - if (kdfalg != NULL) { - if (kdflen == 0) { - BIO_printf(bio_err, -@@ -214,7 +252,7 @@ int pkeyutl_main(int argc, char **argv) - goto opthelp; - } - ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type, -- passinarg, pkey_op, e, engine_impl); -+ passinarg, pkey_op, e, engine_impl, &pkey); - if (ctx == NULL) { - BIO_printf(bio_err, "%s: Error initializing context\n", prog); - ERR_print_errors(bio_err); -@@ -277,7 +315,8 @@ int pkeyutl_main(int argc, char **argv) - } - } - -- if (in != NULL) { -+ /* Raw input data is handled elsewhere */ -+ if (in != NULL && !rawin) { - /* Read the input data */ - buf_inlen = bio_to_mem(&buf_in, keysize * 10, in); - if (buf_inlen < 0) { -@@ -296,8 +335,9 @@ int pkeyutl_main(int argc, char **argv) - } - } - -- /* Sanity check the input */ -- if (buf_inlen > EVP_MAX_MD_SIZE -+ /* Sanity check the input if the input is not raw */ -+ if (!rawin -+ && buf_inlen > EVP_MAX_MD_SIZE - && (pkey_op == EVP_PKEY_OP_SIGN - || pkey_op == EVP_PKEY_OP_VERIFY)) { - BIO_printf(bio_err, -@@ -306,8 +346,13 @@ int pkeyutl_main(int argc, char **argv) - } - - if (pkey_op == EVP_PKEY_OP_VERIFY) { -- rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen, -- buf_in, (size_t)buf_inlen); -+ if (rawin) { -+ rv = do_raw_keyop(pkey_op, ctx, md, pkey, in, sig, siglen, -+ NULL, 0); -+ } else { -+ rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen, -+ buf_in, (size_t)buf_inlen); -+ } - if (rv == 1) { - BIO_puts(out, "Signature Verified Successfully\n"); - ret = 0; -@@ -320,14 +365,20 @@ int pkeyutl_main(int argc, char **argv) - buf_outlen = kdflen; - rv = 1; - } else { -- rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen, -- buf_in, (size_t)buf_inlen); -- } -- if (rv > 0 && buf_outlen != 0) { -- buf_out = app_malloc(buf_outlen, "buffer output"); -- rv = do_keyop(ctx, pkey_op, -- buf_out, (size_t *)&buf_outlen, -- buf_in, (size_t)buf_inlen); -+ if (rawin) { -+ /* rawin allocates the buffer in do_raw_keyop() */ -+ rv = do_raw_keyop(pkey_op, ctx, md, pkey, in, NULL, 0, -+ &buf_out, (size_t *)&buf_outlen); -+ } else { -+ rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen, -+ buf_in, (size_t)buf_inlen); -+ if (rv > 0 && buf_outlen != 0) { -+ buf_out = app_malloc(buf_outlen, "buffer output"); -+ rv = do_keyop(ctx, pkey_op, -+ buf_out, (size_t *)&buf_outlen, -+ buf_in, (size_t)buf_inlen); -+ } -+ } - } - if (rv <= 0) { - if (pkey_op != EVP_PKEY_OP_DERIVE) { -@@ -364,7 +415,7 @@ int pkeyutl_main(int argc, char **argv) - static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, - const char *keyfile, int keyform, int key_type, - char *passinarg, int pkey_op, ENGINE *e, -- const int engine_impl) -+ const int engine_impl, EVP_PKEY **ppkey) - { - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *ctx = NULL; -@@ -422,10 +473,25 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, - } - ctx = EVP_PKEY_CTX_new_id(kdfnid, impl); - } else { -+ EC_KEY *eckey = NULL; -+ const EC_GROUP *group = NULL; -+ int nid; -+ - if (pkey == NULL) - goto end; -+ /* SM2 needs a special treatment */ -+ if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { -+ if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL -+ || (group = EC_KEY_get0_group(eckey)) == NULL -+ || (nid = EC_GROUP_get_curve_name(group)) == 0) -+ goto end; -+ if (nid == NID_sm2) -+ EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); -+ } - *pkeysize = EVP_PKEY_size(pkey); - ctx = EVP_PKEY_CTX_new(pkey, impl); -+ if (ppkey != NULL) -+ *ppkey = pkey; - EVP_PKEY_free(pkey); - } - -@@ -522,3 +588,71 @@ static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, - } - return rv; - } -+ -+#define TBUF_MAXSIZE 2048 -+ -+static int do_raw_keyop(int pkey_op, EVP_PKEY_CTX *ctx, -+ const EVP_MD *md, EVP_PKEY *pkey, BIO *in, -+ unsigned char *sig, int siglen, -+ unsigned char **out, size_t *poutlen) -+{ -+ int rv = 0; -+ EVP_MD_CTX *mctx = NULL; -+ unsigned char tbuf[TBUF_MAXSIZE]; -+ int tbuf_len = 0; -+ -+ if ((mctx = EVP_MD_CTX_new()) == NULL) { -+ BIO_printf(bio_err, "Error: out of memory\n"); -+ return rv; -+ } -+ EVP_MD_CTX_set_pkey_ctx(mctx, ctx); -+ -+ switch(pkey_op) { -+ case EVP_PKEY_OP_VERIFY: -+ if (EVP_DigestVerifyInit(mctx, NULL, md, NULL, pkey) != 1) -+ goto end; -+ for (;;) { -+ tbuf_len = BIO_read(in, tbuf, TBUF_MAXSIZE); -+ if (tbuf_len == 0) -+ break; -+ if (tbuf_len < 0) { -+ BIO_printf(bio_err, "Error reading raw input data\n"); -+ goto end; -+ } -+ rv = EVP_DigestVerifyUpdate(mctx, tbuf, (size_t)tbuf_len); -+ if (rv != 1) { -+ BIO_printf(bio_err, "Error verifying raw input data\n"); -+ goto end; -+ } -+ } -+ rv = EVP_DigestVerifyFinal(mctx, sig, (size_t)siglen); -+ break; -+ case EVP_PKEY_OP_SIGN: -+ if (EVP_DigestSignInit(mctx, NULL, md, NULL, pkey) != 1) -+ goto end; -+ for (;;) { -+ tbuf_len = BIO_read(in, tbuf, TBUF_MAXSIZE); -+ if (tbuf_len == 0) -+ break; -+ if (tbuf_len < 0) { -+ BIO_printf(bio_err, "Error reading raw input data\n"); -+ goto end; -+ } -+ rv = EVP_DigestSignUpdate(mctx, tbuf, (size_t)tbuf_len); -+ if (rv != 1) { -+ BIO_printf(bio_err, "Error signing raw input data\n"); -+ goto end; -+ } -+ } -+ rv = EVP_DigestSignFinal(mctx, NULL, poutlen); -+ if (rv == 1 && out != NULL) { -+ *out = app_malloc(*poutlen, "buffer output"); -+ rv = EVP_DigestSignFinal(mctx, *out, poutlen); -+ } -+ break; -+ } -+ -+ end: -+ EVP_MD_CTX_free(mctx); -+ return rv; -+} -diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c -index 0e722b9..837bdc1 100644 ---- a/crypto/sm2/sm2_pmeth.c -+++ b/crypto/sm2/sm2_pmeth.c -@@ -252,6 +252,9 @@ static int pkey_sm2_ctrl_str(EVP_PKEY_CTX *ctx, - else - return -2; - return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc); -+ } else if (strcmp(type, "sm2_id") == 0) { -+ return pkey_sm2_ctrl(ctx, EVP_PKEY_CTRL_SET1_ID, -+ (int)strlen(value), (void *)value); - } - - return -2; -diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod -index f6fd48d..f0f80af 100644 ---- a/doc/man1/pkeyutl.pod -+++ b/doc/man1/pkeyutl.pod -@@ -10,6 +10,8 @@ pkeyutl - public key algorithm utility - B B - [B<-help>] - [B<-in file>] -+[B<-rawin>] -+[B<-digest algorithm>] - [B<-out file>] - [B<-sigfile file>] - [B<-inkey file>] -@@ -54,6 +56,23 @@ Print out a usage message. - This specifies the input filename to read data from or standard input - if this option is not specified. - -+=item B<-rawin> -+ -+This indicates that the input data is raw data, which is not hashed by any -+message digest algorithm. The user can specify a digest algorithm by using -+the B<-digest> option. This option can only be used with B<-sign> and -+B<-verify>. -+ -+=item B<-digest algorithm> -+ -+This specifies the digest algorithm which is used to hash the input data before -+signing or verifying it with the input key. This option could be omitted if the -+signature algorithm does not require one (for instance, EdDSA). If this option -+is omitted but the signature algorithm requires one, a default value will be -+used. For signature algorithms like RSA, DSA and ECDSA, SHA-256 will be the -+default digest algorithm. For SM2, it will be SM3. If this option is present, -+then the B<-rawin> option must be also specified to B. -+ - =item B<-out filename> - - Specifies the output filename to write to or standard output by -@@ -296,6 +315,22 @@ the B<-pkeyopt> B option. - The X25519 and X448 algorithms support key derivation only. Currently there are - no additional options. - -+=head1 SM2 -+ -+The SM2 algorithm supports sign, verify, encrypt and decrypt operations. For -+the sign and verify operations, SM2 requires an ID string to be passed in. The -+following B value is supported: -+ -+=over 4 -+ -+=item B -+ -+This sets the ID string used in SM2 sign or verify operations. While verifying -+an SM2 signature, the ID string must be the same one used when signing the data. -+Otherwise the verification will fail. -+ -+=back -+ - =head1 EXAMPLES - - Sign some data using a private key: -@@ -329,6 +364,16 @@ Decrypt some data using a private key with OAEP padding using SHA256: - openssl pkeyutl -decrypt -in file -inkey key.pem -out secret \ - -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 - -+Sign some data using an L private key and a specific ID: -+ -+ openssl pkeyutl -sign -in file -inkey sm2.key -out sig -rawin -digest sm3 \ -+ -pkeyopt sm2_id:someid -+ -+Verify some data using an L certificate and a specific ID: -+ -+ openssl pkeyutl -verify -certin -in file -inkey sm2.cert -sigfile sig \ -+ -rawin -digest sm3 -pkeyopt sm2_id:someid -+ - =head1 SEE ALSO - - L, L, L -diff --git a/test/certs/sm2.crt b/test/certs/sm2.crt -new file mode 100644 -index 0000000..189abb1 ---- /dev/null -+++ b/test/certs/sm2.crt -@@ -0,0 +1,13 @@ -+-----BEGIN CERTIFICATE----- -+MIIB6DCCAY6gAwIBAgIJAKH2BR6ITHZeMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT -+AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl -+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe -+Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMG8xCzAJBgNVBAYTAkNOMQsw -+CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn -+MRAwDgYDVQQLDAdUZXN0IE9VMRswGQYDVQQDDBJUZXN0IFNNMiBTaWduIENlcnQw -+WTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAQwqeNkWp7fiu1KZnuDkAucpM8piEzE -+TL1ymrcrOBvv8mhNNkeb20asbWgFQI2zOrSM99/sXGn9rM2/usM/MlcaoxowGDAJ -+BgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNIADBFAiEA9edBnAqT -+TNuGIUIvXsj6/nP+AzXA9HGtAIY4nrqW8LkCIHyZzhRTlxYtgfqkDl0OK5QQRCZH -+OZOfmtx613VyzXwc -+-----END CERTIFICATE----- -diff --git a/test/certs/sm2.key b/test/certs/sm2.key -new file mode 100644 -index 0000000..1efd364 ---- /dev/null -+++ b/test/certs/sm2.key -@@ -0,0 +1,5 @@ -+-----BEGIN PRIVATE KEY----- -+MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgSKhk+4xGyDI+IS2H -+WVfFPDxh1qv5+wtrddaIsGNXGZihRANCAAQwqeNkWp7fiu1KZnuDkAucpM8piEzE -+TL1ymrcrOBvv8mhNNkeb20asbWgFQI2zOrSM99/sXGn9rM2/usM/Mlca -+-----END PRIVATE KEY----- -diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t -new file mode 100644 -index 0000000..a051138 ---- /dev/null -+++ b/test/recipes/20-test_pkeyutl.t -@@ -0,0 +1,43 @@ -+#! /usr/bin/env perl -+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+ -+use strict; -+use warnings; -+ -+use File::Spec; -+use OpenSSL::Test qw/:DEFAULT srctop_file/; -+use OpenSSL::Test::Utils; -+ -+setup("test_pkeyutl"); -+ -+plan tests => 2; -+ -+sub sign -+{ -+ # Utilize the sm2.crt as the TBS file -+ return run(app(([ 'openssl', 'pkeyutl', '-sign', -+ '-in', srctop_file('test', 'certs', 'sm2.crt'), -+ '-inkey', srctop_file('test', 'certs', 'sm2.key'), -+ '-out', 'signature.sm2', '-rawin', -+ '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))); -+} -+ -+sub verify -+{ -+ # Utilize the sm2.crt as the TBS file -+ return run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', -+ '-in', srctop_file('test', 'certs', 'sm2.crt'), -+ '-inkey', srctop_file('test', 'certs', 'sm2.crt'), -+ '-sigfile', 'signature.sm2', '-rawin', -+ '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))); -+} -+ -+ok(sign, "Sign a piece of data using SM2"); -+ok(verify, "Verify an SM2 signature against a piece of data"); -+ -+unlink 'signature.sm2'; --- -2.20.1 (Apple Git-117) - diff --git a/CVE-2022-0778-Add-a-negative-testcase-for-BN_mod_sqrt.patch b/CVE-2022-0778-Add-a-negative-testcase-for-BN_mod_sqrt.patch deleted file mode 100644 index b066c77c4f093338e088175dfe4914a2b4e3ae2f..0000000000000000000000000000000000000000 --- a/CVE-2022-0778-Add-a-negative-testcase-for-BN_mod_sqrt.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 3ef5c3034e5c545f34d6929568f3f2b10ac4bdf0 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Mon, 28 Feb 2022 18:26:35 +0100 -Subject: [PATCH] Add a negative testcase for BN_mod_sqrt - -Reviewed-by: Paul Dale -Reviewed-by: Matt Caswell ---- - test/bntest.c | 11 ++++++++++- - test/recipes/10-test_bn_data/bnmod.txt | 12 ++++++++++++ - 2 files changed, 22 insertions(+), 1 deletion(-) - -diff --git a/test/bntest.c b/test/bntest.c -index 390dd80073..1cab660bca 100644 ---- a/test/bntest.c -+++ b/test/bntest.c -@@ -1729,8 +1729,17 @@ static int file_modsqrt(STANZA *s) - || !TEST_ptr(ret2 = BN_new())) - goto err; - -+ if (BN_is_negative(mod_sqrt)) { -+ /* A negative testcase */ -+ if (!TEST_ptr_null(BN_mod_sqrt(ret, a, p, ctx))) -+ goto err; -+ -+ st = 1; -+ goto err; -+ } -+ - /* There are two possible answers. */ -- if (!TEST_true(BN_mod_sqrt(ret, a, p, ctx)) -+ if (!TEST_ptr(BN_mod_sqrt(ret, a, p, ctx)) - || !TEST_true(BN_sub(ret2, p, ret))) - goto err; - -diff --git a/test/recipes/10-test_bn_data/bnmod.txt b/test/recipes/10-test_bn_data/bnmod.txt -index 5ea4d031f2..e28cc6bfb0 100644 ---- a/test/recipes/10-test_bn_data/bnmod.txt -+++ b/test/recipes/10-test_bn_data/bnmod.txt -@@ -2799,3 +2799,15 @@ P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f - ModSqrt = a1d52989f12f204d3d2167d9b1e6c8a6174c0c786a979a5952383b7b8bd186 - A = 2eee37cf06228a387788188e650bc6d8a2ff402931443f69156a29155eca07dcb45f3aac238d92943c0c25c896098716baa433f25bd696a142f5a69d5d937e81 - P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f -+ -+# Negative testcases for BN_mod_sqrt() -+ -+# This one triggers an infinite loop with unfixed implementation -+# It should just fail. -+ModSqrt = -1 -+A = 20a7ee -+P = 460201 -+ -+ModSqrt = -1 -+A = 65bebdb00a96fc814ec44b81f98b59fba3c30203928fa5214c51e0a97091645280c947b005847f239758482b9bfc45b066fde340d1fe32fc9c1bf02e1b2d0ed -+P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f --- -2.27.0 - diff --git a/CVE-2022-0778-Fix-possible-infinite-loop-in-BN_mod_sqrt.patch b/CVE-2022-0778-Fix-possible-infinite-loop-in-BN_mod_sqrt.patch deleted file mode 100644 index 653b8fba621d07cb8b7a4d1dfff33ceb8a57be91..0000000000000000000000000000000000000000 --- a/CVE-2022-0778-Fix-possible-infinite-loop-in-BN_mod_sqrt.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 3118eb64934499d93db3230748a452351d1d9a65 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Mon, 28 Feb 2022 18:26:21 +0100 -Subject: [PATCH] Fix possible infinite loop in BN_mod_sqrt() - -The calculation in some cases does not finish for non-prime p. - -This fixes CVE-2022-0778. - -Based on patch by David Benjamin . - -Reviewed-by: Paul Dale -Reviewed-by: Matt Caswell ---- - crypto/bn/bn_sqrt.c | 30 ++++++++++++++++++------------ - 1 file changed, 18 insertions(+), 12 deletions(-) - -diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c -index 1723d5ded5..53b0f55985 100644 ---- a/crypto/bn/bn_sqrt.c -+++ b/crypto/bn/bn_sqrt.c -@@ -14,7 +14,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) - /* - * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks - * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number -- * Theory", algorithm 1.5.1). 'p' must be prime! -+ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or -+ * an incorrect "result" will be returned. - */ - { - BIGNUM *ret = in; -@@ -301,18 +302,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) - goto vrfy; - } - -- /* find smallest i such that b^(2^i) = 1 */ -- i = 1; -- if (!BN_mod_sqr(t, b, p, ctx)) -- goto end; -- while (!BN_is_one(t)) { -- i++; -- if (i == e) { -- BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); -- goto end; -+ /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */ -+ for (i = 1; i < e; i++) { -+ if (i == 1) { -+ if (!BN_mod_sqr(t, b, p, ctx)) -+ goto end; -+ -+ } else { -+ if (!BN_mod_mul(t, t, t, p, ctx)) -+ goto end; - } -- if (!BN_mod_mul(t, t, t, p, ctx)) -- goto end; -+ if (BN_is_one(t)) -+ break; -+ } -+ /* If not found, a is not a square or p is not prime. */ -+ if (i >= e) { -+ BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); -+ goto end; - } - - /* t := y^2^(e - i - 1) */ --- -2.27.0 - diff --git a/CVE-2022-1292.patch b/CVE-2022-1292.patch deleted file mode 100644 index 9e38095689f2f79b4891f101d0b27262ba5e3c6f..0000000000000000000000000000000000000000 --- a/CVE-2022-1292.patch +++ /dev/null @@ -1,76 +0,0 @@ -From e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Tue, 26 Apr 2022 12:40:24 +0200 -Subject: [PATCH] c_rehash: Do not use shell to invoke openssl - -Except on VMS where it is safe. - -This fixes CVE-2022-1292. - -Reviewed-by: Matthias St. Pierre -Reviewed-by: Matt Caswell ---- - tools/c_rehash.in | 29 +++++++++++++++++++++++++---- - 1 file changed, 25 insertions(+), 4 deletions(-) - -diff --git a/tools/c_rehash.in b/tools/c_rehash.in -index fa7c6c9..83c1cc8 100644 ---- a/tools/c_rehash.in -+++ b/tools/c_rehash.in -@@ -152,6 +152,23 @@ sub check_file { - return ($is_cert, $is_crl); - } - -+sub compute_hash { -+ my $fh; -+ if ( $^O eq "VMS" ) { -+ # VMS uses the open through shell -+ # The file names are safe there and list form is unsupported -+ if (!open($fh, "-|", join(' ', @_))) { -+ print STDERR "Cannot compute hash on '$fname'\n"; -+ return; -+ } -+ } else { -+ if (!open($fh, "-|", @_)) { -+ print STDERR "Cannot compute hash on '$fname'\n"; -+ return; -+ } -+ } -+ return (<$fh>, <$fh>); -+} - - # Link a certificate to its subject name hash value, each hash is of - # the form . where n is an integer. If the hash value already exists -@@ -161,10 +178,12 @@ sub check_file { - - sub link_hash_cert { - my $fname = $_[0]; -- $fname =~ s/\"/\\\"/g; -- my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; -+ my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash, -+ "-fingerprint", "-noout", -+ "-in", $fname); - chomp $hash; - chomp $fprint; -+ return if !$hash; - $fprint =~ s/^.*=//; - $fprint =~ tr/://d; - my $suffix = 0; -@@ -202,10 +221,12 @@ sub link_hash_cert { - - sub link_hash_crl { - my $fname = $_[0]; -- $fname =~ s/'/'\\''/g; -- my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; -+ my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash, -+ "-fingerprint", "-noout", -+ "-in", $fname); - chomp $hash; - chomp $fprint; -+ return if !$hash; - $fprint =~ s/^.*=//; - $fprint =~ tr/://d; - my $suffix = 0; --- -1.8.3.1 - diff --git a/CVE-2022-2068-Fix-file-operations-in-c_rehash.patch b/CVE-2022-2068-Fix-file-operations-in-c_rehash.patch deleted file mode 100644 index 7b2d6eaa61e6c51676e5f725b56667e32277f6ab..0000000000000000000000000000000000000000 --- a/CVE-2022-2068-Fix-file-operations-in-c_rehash.patch +++ /dev/null @@ -1,257 +0,0 @@ -From 9639817dac8bbbaa64d09efad7464ccc405527c7 Mon Sep 17 00:00:00 2001 -From: Daniel Fiala -Date: Sun, 29 May 2022 20:11:24 +0200 -Subject: [PATCH] Fix file operations in c_rehash. - -CVE-2022-2068 - -Reviewed-by: Matt Caswell -Reviewed-by: Richard Levitte ---- - tools/c_rehash.in | 216 +++++++++++++++++++++++++++--------------------------- - 1 file changed, 107 insertions(+), 109 deletions(-) - -diff --git a/tools/c_rehash.in b/tools/c_rehash.in -index cfd18f5..9d2a6f6 100644 ---- a/tools/c_rehash.in -+++ b/tools/c_rehash.in -@@ -104,52 +104,78 @@ foreach (@dirlist) { - } - exit($errorcount); - -+sub copy_file { -+ my ($src_fname, $dst_fname) = @_; -+ -+ if (open(my $in, "<", $src_fname)) { -+ if (open(my $out, ">", $dst_fname)) { -+ print $out $_ while (<$in>); -+ close $out; -+ } else { -+ warn "Cannot open $dst_fname for write, $!"; -+ } -+ close $in; -+ } else { -+ warn "Cannot open $src_fname for read, $!"; -+ } -+} -+ - sub hash_dir { -- my %hashlist; -- print "Doing $_[0]\n"; -- chdir $_[0]; -- opendir(DIR, "."); -- my @flist = sort readdir(DIR); -- closedir DIR; -- if ( $removelinks ) { -- # Delete any existing symbolic links -- foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { -- if (-l $_) { -- print "unlink $_" if $verbose; -- unlink $_ || warn "Can't unlink $_, $!\n"; -- } -- } -- } -- FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) { -- # Check to see if certificates and/or CRLs present. -- my ($cert, $crl) = check_file($fname); -- if (!$cert && !$crl) { -- print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; -- next; -- } -- link_hash_cert($fname) if ($cert); -- link_hash_crl($fname) if ($crl); -- } -+ my $dir = shift; -+ my %hashlist; -+ -+ print "Doing $dir\n"; -+ -+ if (!chdir $dir) { -+ print STDERR "WARNING: Cannot chdir to '$dir', $!\n"; -+ return; -+ } -+ -+ opendir(DIR, ".") || print STDERR "WARNING: Cannot opendir '.', $!\n"; -+ my @flist = sort readdir(DIR); -+ closedir DIR; -+ if ( $removelinks ) { -+ # Delete any existing symbolic links -+ foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { -+ if (-l $_) { -+ print "unlink $_\n" if $verbose; -+ unlink $_ || warn "Can't unlink $_, $!\n"; -+ } -+ } -+ } -+ FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) { -+ # Check to see if certificates and/or CRLs present. -+ my ($cert, $crl) = check_file($fname); -+ if (!$cert && !$crl) { -+ print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; -+ next; -+ } -+ link_hash_cert($fname) if ($cert); -+ link_hash_crl($fname) if ($crl); -+ } -+ -+ chdir $pwd; - } - - sub check_file { -- my ($is_cert, $is_crl) = (0,0); -- my $fname = $_[0]; -- open IN, $fname; -- while() { -- if (/^-----BEGIN (.*)-----/) { -- my $hdr = $1; -- if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { -- $is_cert = 1; -- last if ($is_crl); -- } elsif ($hdr eq "X509 CRL") { -- $is_crl = 1; -- last if ($is_cert); -- } -- } -- } -- close IN; -- return ($is_cert, $is_crl); -+ my ($is_cert, $is_crl) = (0,0); -+ my $fname = $_[0]; -+ -+ open(my $in, "<", $fname); -+ while(<$in>) { -+ if (/^-----BEGIN (.*)-----/) { -+ my $hdr = $1; -+ if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { -+ $is_cert = 1; -+ last if ($is_crl); -+ } elsif ($hdr eq "X509 CRL") { -+ $is_crl = 1; -+ last if ($is_cert); -+ } -+ } -+ } -+ close $in; -+ return ($is_cert, $is_crl); - } - - sub compute_hash { -@@ -177,76 +203,48 @@ sub compute_hash { - # certificate fingerprints - - sub link_hash_cert { -- my $fname = $_[0]; -- my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash, -- "-fingerprint", "-noout", -- "-in", $fname); -- chomp $hash; -- chomp $fprint; -- return if !$hash; -- $fprint =~ s/^.*=//; -- $fprint =~ tr/://d; -- my $suffix = 0; -- # Search for an unused hash filename -- while(exists $hashlist{"$hash.$suffix"}) { -- # Hash matches: if fingerprint matches its a duplicate cert -- if ($hashlist{"$hash.$suffix"} eq $fprint) { -- print STDERR "WARNING: Skipping duplicate certificate $fname\n"; -- return; -- } -- $suffix++; -- } -- $hash .= ".$suffix"; -- if ($symlink_exists) { -- print "link $fname -> $hash\n" if $verbose; -- symlink $fname, $hash || warn "Can't symlink, $!"; -- } else { -- print "copy $fname -> $hash\n" if $verbose; -- if (open($in, "<", $fname)) { -- if (open($out,">", $hash)) { -- print $out $_ while (<$in>); -- close $out; -- } else { -- warn "can't open $hash for write, $!"; -- } -- close $in; -- } else { -- warn "can't open $fname for read, $!"; -- } -- } -- $hashlist{$hash} = $fprint; -+ link_hash($_[0], 'cert'); - } - - # Same as above except for a CRL. CRL links are of the form .r - - sub link_hash_crl { -- my $fname = $_[0]; -- my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash, -- "-fingerprint", "-noout", -- "-in", $fname); -- chomp $hash; -- chomp $fprint; -- return if !$hash; -- $fprint =~ s/^.*=//; -- $fprint =~ tr/://d; -- my $suffix = 0; -- # Search for an unused hash filename -- while(exists $hashlist{"$hash.r$suffix"}) { -- # Hash matches: if fingerprint matches its a duplicate cert -- if ($hashlist{"$hash.r$suffix"} eq $fprint) { -- print STDERR "WARNING: Skipping duplicate CRL $fname\n"; -- return; -- } -- $suffix++; -- } -- $hash .= ".r$suffix"; -- if ($symlink_exists) { -- print "link $fname -> $hash\n" if $verbose; -- symlink $fname, $hash || warn "Can't symlink, $!"; -- } else { -- print "cp $fname -> $hash\n" if $verbose; -- system ("cp", $fname, $hash); -- warn "Can't copy, $!" if ($? >> 8) != 0; -- } -- $hashlist{$hash} = $fprint; -+ link_hash($_[0], 'crl'); -+} -+ -+sub link_hash { -+ my ($fname, $type) = @_; -+ my $is_cert = $type eq 'cert'; -+ -+ my ($hash, $fprint) = compute_hash($openssl, -+ $is_cert ? "x509" : "crl", -+ $is_cert ? $x509hash : $crlhash, -+ "-fingerprint", "-noout", -+ "-in", $fname); -+ chomp $hash; -+ chomp $fprint; -+ return if !$hash; -+ $fprint =~ s/^.*=//; -+ $fprint =~ tr/://d; -+ my $suffix = 0; -+ # Search for an unused hash filename -+ my $crlmark = $is_cert ? "" : "r"; -+ while(exists $hashlist{"$hash.$crlmark$suffix"}) { -+ # Hash matches: if fingerprint matches its a duplicate cert -+ if ($hashlist{"$hash.$crlmark$suffix"} eq $fprint) { -+ my $what = $is_cert ? 'certificate' : 'CRL'; -+ print STDERR "WARNING: Skipping duplicate $what $fname\n"; -+ return; -+ } -+ $suffix++; -+ } -+ $hash .= ".$crlmark$suffix"; -+ if ($symlink_exists) { -+ print "link $fname -> $hash\n" if $verbose; -+ symlink $fname, $hash || warn "Can't symlink, $!"; -+ } else { -+ print "copy $fname -> $hash\n" if $verbose; -+ copy_file($fname, $hash); -+ } -+ $hashlist{$hash} = $fprint; - } --- -1.8.3.1 - diff --git a/CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch b/CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch deleted file mode 100644 index 05d71ab798b5f73b311b9617e92c230a39d047fc..0000000000000000000000000000000000000000 --- a/CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 919925673d6c9cfed3c1085497f5dfbbed5fc431 Mon Sep 17 00:00:00 2001 -From: Alex Chernyakhovsky -Date: Thu, 16 Jun 2022 12:00:22 +1000 -Subject: [PATCH] Fix AES OCB encrypt/decrypt for x86 AES-NI -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path -that performs operations on 6 16-byte blocks concurrently (the -"grandloop") and then proceeds to handle the "short" tail (which can -be anywhere from 0 to 5 blocks) that remain. - -As part of initialization, the assembly initializes $len to the true -length, less 96 bytes and converts it to a pointer so that the $inp -can be compared to it. Each iteration of "grandloop" checks to see if -there's a full 96-byte chunk to process, and if so, continues. Once -this has been exhausted, it falls through to "short", which handles -the remaining zero to five blocks. - -Unfortunately, the jump at the end of "grandloop" had a fencepost -error, doing a `jb` ("jump below") rather than `jbe` (jump below or -equal). This should be `jbe`, as $inp is pointing to the *end* of the -chunk currently being handled. If $inp == $len, that means that -there's a whole 96-byte chunk waiting to be handled. If $inp > $len, -then there's 5 or fewer 16-byte blocks left to be handled, and the -fall-through is intended. - -The net effect of `jb` instead of `jbe` is that the last 16-byte block -of the last 96-byte chunk was completely omitted. The contents of -`out` in this position were never written to. Additionally, since -those bytes were never processed, the authentication tag generated is -also incorrect. - -The same fencepost error, and identical logic, exists in both -aesni_ocb_encrypt and aesni_ocb_decrypt. - -This addresses CVE-2022-2097. - -Co-authored-by: Alejandro Sedeño -Co-authored-by: David Benjamin - -Reviewed-by: Paul Dale -Reviewed-by: Tomas Mraz ---- - crypto/aes/asm/aesni-x86.pl | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl -index fe2b265..812758e 100644 ---- a/crypto/aes/asm/aesni-x86.pl -+++ b/crypto/aes/asm/aesni-x86.pl -@@ -2027,7 +2027,7 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out); - &movdqu (&QWP(-16*2,$out,$inp),$inout4); - &movdqu (&QWP(-16*1,$out,$inp),$inout5); - &cmp ($inp,$len); # done yet? -- &jb (&label("grandloop")); -+ &jbe (&label("grandloop")); - - &set_label("short"); - &add ($len,16*6); -@@ -2453,7 +2453,7 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out); - &pxor ($rndkey1,$inout5); - &movdqu (&QWP(-16*1,$out,$inp),$inout5); - &cmp ($inp,$len); # done yet? -- &jb (&label("grandloop")); -+ &jbe (&label("grandloop")); - - &set_label("short"); - &add ($len,16*6); --- -1.8.3.1 - diff --git a/Feature-PKCS7-sign-and-verify-support-SM2-algorithm.patch b/Feature-PKCS7-sign-and-verify-support-SM2-algorithm.patch deleted file mode 100644 index fc588ada8c238200a07988b1edb18fa5973c8bbc..0000000000000000000000000000000000000000 --- a/Feature-PKCS7-sign-and-verify-support-SM2-algorithm.patch +++ /dev/null @@ -1,74 +0,0 @@ -From fa3d5b8af929c296f4d684345dedf1e2b4b390e2 Mon Sep 17 00:00:00 2001 -From: gaoyusong -Date: Fri, 30 Sep 2022 12:10:15 +0800 -Subject: [PATCH] PKCS7 sign and verify support SM2 algorithm - -Signed-off-by: Huaxin Lu ---- - crypto/pkcs7/pk7_doit.c | 23 +++++++++++++++++++++-- - crypto/sm2/sm2_pmeth.c | 1 + - 2 files changed, 22 insertions(+), 2 deletions(-) - -diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c -index f63fbc5..916a35a 100644 ---- a/crypto/pkcs7/pk7_doit.c -+++ b/crypto/pkcs7/pk7_doit.c -@@ -946,6 +946,9 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - STACK_OF(X509_ATTRIBUTE) *sk; - BIO *btmp; - EVP_PKEY *pkey; -+#ifndef OPENSSL_NO_SM2 -+ EVP_PKEY_CTX *pctx = NULL; -+#endif - - mdc_tmp = EVP_MD_CTX_new(); - if (mdc_tmp == NULL) { -@@ -1013,7 +1016,19 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - goto err; - } - -- if (!EVP_VerifyInit_ex(mdc_tmp, EVP_get_digestbynid(md_type), NULL)) -+ pkey = X509_get0_pubkey(x509); -+ if (!pkey) { -+ ret = -1; -+ goto err; -+ } -+ -+ ret = -+#ifndef OPENSSL_NO_SM2 -+ EVP_PKEY_is_sm2(pkey) ? -+ EVP_DigestVerifyInit(mdc_tmp, &pctx, EVP_get_digestbynid(md_type), NULL, pkey) : -+#endif -+ EVP_VerifyInit_ex(mdc_tmp, EVP_get_digestbynid(md_type), NULL); -+ if (!ret) - goto err; - - alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, -@@ -1036,7 +1051,11 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - goto err; - } - -- i = EVP_VerifyFinal(mdc_tmp, os->data, os->length, pkey); -+ i = -+#ifndef OPENSSL_NO_SM2 -+ EVP_PKEY_is_sm2(pkey) ? EVP_DigestVerifyFinal(mdc_tmp, os->data, os->length) : -+#endif -+ EVP_VerifyFinal(mdc_tmp, os->data, os->length, pkey); - if (i <= 0) { - PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE); - ret = -1; -diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c -index 1998812..53cdbe9 100644 ---- a/crypto/sm2/sm2_pmeth.c -+++ b/crypto/sm2/sm2_pmeth.c -@@ -221,6 +221,7 @@ static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) - return 1; - - case EVP_PKEY_CTRL_DIGESTINIT: -+ case EVP_PKEY_CTRL_PKCS7_SIGN: - /* nothing to be inited, this is to suppress the error... */ - return 1; - --- -2.33.0 - diff --git a/Feature-SM4-XTS-optimization-for-ARM-by-HW-instruction.patch b/Feature-SM4-XTS-optimization-for-ARM-by-HW-instruction.patch deleted file mode 100644 index fef2d8f49a1316f6461156d035bea02a1dffcbfb..0000000000000000000000000000000000000000 --- a/Feature-SM4-XTS-optimization-for-ARM-by-HW-instruction.patch +++ /dev/null @@ -1,621 +0,0 @@ -From 3f0898b2aea424f18f58a182803478f25548674e Mon Sep 17 00:00:00 2001 -From: Xu Yizhou -Date: Wed, 2 Nov 2022 11:13:07 +0800 -Subject: [PATCH 3/3] SM4 XTS optimization for ARM by HW instruction - -This patch implements the SM4 XTS optimization for ARM processor, -using SM4 HW instruction, which is an optional feature of -crypto extension for aarch64 V8. - -Signed-off-by: Xu Yizhou ---- - crypto/evp/e_sm4.c | 28 ++ - crypto/sm4/asm/sm4-armv8.pl | 498 +++++++++++++++++++++++++++++++++- - include/crypto/sm4_platform.h | 14 + - 3 files changed, 537 insertions(+), 3 deletions(-) - -diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c -index eaa5ba0..da4dbd3 100644 ---- a/crypto/evp/e_sm4.c -+++ b/crypto/evp/e_sm4.c -@@ -281,6 +281,34 @@ static int sm4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; - xctx->stream_gb = NULL; - xctx->stream = NULL; -+#ifdef HWSM4_CAPABLE -+ if (HWSM4_CAPABLE) { -+ if (enc) { -+ HWSM4_set_encrypt_key(key, &xctx->ks1.ks); -+ xctx->xts.block1 = (block128_f) HWSM4_encrypt; -+# ifdef HWSM4_xts_encrypt_gb -+ xctx->stream_gb = HWSM4_xts_encrypt_gb; -+# endif -+# ifdef HWSM4_xts_encrypt -+ xctx->stream = HWSM4_xts_encrypt; -+# endif -+ } else { -+ HWSM4_set_decrypt_key(key, &xctx->ks1.ks); -+ xctx->xts.block1 = (block128_f) HWSM4_decrypt; -+# ifdef HWSM4_xts_decrypt_gb -+ xctx->stream_gb = HWSM4_xts_decrypt_gb; -+# endif -+# ifdef HWSM4_xts_decrypt -+ xctx->stream = HWSM4_xts_decrypt; -+# endif -+ } -+ HWSM4_set_encrypt_key(key + bytes, &xctx->ks2.ks); -+ xctx->xts.block2 = (block128_f) HWSM4_encrypt; -+ -+ xctx->xts.key1 = &xctx->ks1; -+ break; -+ } else -+#endif - #ifdef VPSM4_EX_CAPABLE - if (VPSM4_EX_CAPABLE) { - if (enc) { -diff --git a/crypto/sm4/asm/sm4-armv8.pl b/crypto/sm4/asm/sm4-armv8.pl -index dbacad2..923c1c0 100644 ---- a/crypto/sm4/asm/sm4-armv8.pl -+++ b/crypto/sm4/asm/sm4-armv8.pl -@@ -11,9 +11,9 @@ - # Oct 2021 - # - --# $output is the last argument if it looks like a file (it has an extension) -+# $outut is the last argument if it looks like a file (it has an extension) - # $flavour is the first argument if it doesn't look like a file --$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -+$outut = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; - $flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - - $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -@@ -21,7 +21,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or - die "can't locate arm-xlate.pl"; - --open OUT,"| \"$^X\" $xlate $flavour \"$output\"" -+open OUT,"| \"$^X\" $xlate $flavour \"$outut\"" - or die "can't call $xlate: $!"; - *STDOUT=*OUT; - -@@ -110,6 +110,120 @@ $code.=<<___; - ___ - } - -+sub mov_reg_to_vec() { -+ my $src0 = shift; -+ my $src1 = shift; -+ my $desv = shift; -+$code.=<<___; -+ mov $desv.d[0],$src0 -+ mov $desv.d[1],$src1 -+#ifdef __ARMEB__ -+ rev32 $desv.16b,$desv.16b -+#endif -+___ -+} -+ -+sub mov_vec_to_reg() { -+ my $srcv = shift; -+ my $des0 = shift; -+ my $des1 = shift; -+$code.=<<___; -+ mov $des0,$srcv.d[0] -+ mov $des1,$srcv.d[1] -+___ -+} -+ -+sub compute_tweak() { -+ my $src0 = shift; -+ my $src1 = shift; -+ my $des0 = shift; -+ my $des1 = shift; -+ my $tmp0 = shift; -+ my $tmp1 = shift; -+ my $magic = shift; -+$code.=<<___; -+ extr x$tmp1,$src1,$src1,#32 -+ extr $des1,$src1,$src0,#63 -+ and w$tmp0,w$magic,w$tmp1,asr#31 -+ eor $des0,x$tmp0,$src0,lsl#1 -+___ -+} -+ -+sub compute_tweak_vec() { -+ my $src = shift; -+ my $des = shift; -+ my $tmp0 = shift; -+ my $tmp1 = shift; -+ my $magic = shift; -+ &rbit($tmp1,$src); -+$code.=<<___; -+ shl $des.16b, $tmp1.16b, #1 -+ ext $tmp0.16b, $tmp1.16b, $tmp1.16b,#15 -+ ushr $tmp0.16b, $tmp0.16b, #7 -+ mul $tmp0.16b, $tmp0.16b, $magic.16b -+ eor $des.16b, $des.16b, $tmp0.16b -+___ -+ &rbit($des,$des); -+} -+ -+sub mov_en_to_enc(){ -+ my $en = shift; -+ my $enc = shift; -+ if ($en eq "en") { -+$code.=<<___; -+ mov $enc,1 -+___ -+ } else { -+$code.=<<___; -+ mov $enc,0 -+___ -+ } -+} -+ -+sub rbit() { -+ my $dst = shift; -+ my $src = shift; -+ -+ if ($src and ("$src" ne "$dst")) { -+ if ($standard eq "_gb") { -+$code.=<<___; -+ rbit $dst.16b,$src.16b -+___ -+ } else { -+$code.=<<___; -+ mov $dst.16b,$src.16b -+___ -+ } -+ } else { -+ if ($standard eq "_gb") { -+$code.=<<___; -+ rbit $dst.16b,$src.16b -+___ -+ } -+ } -+} -+ -+sub rev32_armeb() { -+ my $dst = shift; -+ my $src = shift; -+ -+ if ($src and ("$src" ne "$dst")) { -+$code.=<<___; -+#ifdef __ARMEB__ -+ rev32 $dst.16b,$src.16b -+#else -+ mov $dst.16b,$src.16b -+#endif -+___ -+ } else { -+$code.=<<___; -+#ifdef __ARMEB__ -+ rev32 $dst.16b,$dst.16b -+#endif -+___ -+ } -+} -+ - $code=<<___; - #include "arm_arch.h" - .arch armv8-a+crypto -@@ -595,6 +709,384 @@ $code.=<<___; - .size ${prefix}_ctr32_encrypt_blocks,.-${prefix}_ctr32_encrypt_blocks - ___ - }}} -+ -+ -+{{{ -+my ($inp,$out,$len,$rk1,$rk2,$ivp)=map("x$_",(0..5)); -+my ($blocks)=("x2"); -+my ($enc)=("x6"); -+my ($remain)=("x7"); -+my @twx=map("x$_",(9..24)); -+my $lastBlk=("x25"); -+ -+my @tweak=map("v$_",(8..15)); -+my @dat=map("v$_",(16..23)); -+my $lastTweak=("v24"); -+ -+# x/w/v/q registers for compute tweak -+my ($magic)=("8"); -+my ($tmp0,$tmp1)=("26","27"); -+my ($qMagic,$vMagic)=("q25","v25"); -+my ($vTmp0,$vTmp1)=("v26","v27"); -+ -+sub gen_xts_do_cipher() { -+$code.=<<___; -+.globl ${prefix}_xts_do_cipher${standard} -+.type ${prefix}_xts_do_cipher${standard},%function -+.align 5 -+${prefix}_xts_do_cipher${standard}: -+ mov w$magic,0x87 -+ ldr $qMagic, =0x01010101010101010101010101010187 -+ // used to encrypt the XORed plaintext blocks -+ ld1 {@rks[0].4s,@rks[1].4s,@rks[2].4s,@rks[3].4s},[$rk2],#64 -+ ld1 {@rks[4].4s,@rks[5].4s,@rks[6].4s,@rks[7].4s},[$rk2] -+ ld1 {@tweak[0].4s}, [$ivp] -+___ -+ &rev32(@tweak[0],@tweak[0]); -+ &enc_blk(@tweak[0]); -+ &rev32(@tweak[0],@tweak[0]); -+$code.=<<___; -+ // used to encrypt the initial vector to yield the initial tweak -+ ld1 {@rks[0].4s,@rks[1].4s,@rks[2].4s,@rks[3].4s},[$rk1],#64 -+ ld1 {@rks[4].4s,@rks[5].4s,@rks[6].4s,@rks[7].4s},[$rk1] -+ -+ and $remain,$len,#0x0F -+ // convert length into blocks -+ lsr $blocks,$len,4 -+ cmp $blocks,#1 // $len must be at least 16 -+ b.lt 99f -+ -+ cmp $remain,0 // if $len is a multiple of 16 -+ b.eq .xts_encrypt_blocks${standard} -+ // if $len is not a multiple of 16 -+ subs $blocks,$blocks,#1 -+ b.eq .only_2blks_tweak${standard} // if $len is less than 32 -+ -+.xts_encrypt_blocks${standard}: -+___ -+ &rbit(@tweak[0],@tweak[0]); -+ &rev32_armeb(@tweak[0],@tweak[0]); -+ &mov_vec_to_reg(@tweak[0],@twx[0],@twx[1]); -+ &compute_tweak(@twx[0],@twx[1],@twx[2],@twx[3],$tmp0,$tmp1,$magic); -+ &compute_tweak(@twx[2],@twx[3],@twx[4],@twx[5],$tmp0,$tmp1,$magic); -+ &compute_tweak(@twx[4],@twx[5],@twx[6],@twx[7],$tmp0,$tmp1,$magic); -+ &compute_tweak(@twx[6],@twx[7],@twx[8],@twx[9],$tmp0,$tmp1,$magic); -+ &compute_tweak(@twx[8],@twx[9],@twx[10],@twx[11],$tmp0,$tmp1,$magic); -+ &compute_tweak(@twx[10],@twx[11],@twx[12],@twx[13],$tmp0,$tmp1,$magic); -+ &compute_tweak(@twx[12],@twx[13],@twx[14],@twx[15],$tmp0,$tmp1,$magic); -+$code.=<<___; -+1: -+ cmp $blocks,#8 -+___ -+ &mov_reg_to_vec(@twx[0],@twx[1],@tweak[0]); -+ &compute_tweak(@twx[14],@twx[15],@twx[0],@twx[1],$tmp0,$tmp1,$magic); -+ &mov_reg_to_vec(@twx[2],@twx[3],@tweak[1]); -+ &compute_tweak(@twx[0],@twx[1],@twx[2],@twx[3],$tmp0,$tmp1,$magic); -+ &mov_reg_to_vec(@twx[4],@twx[5],@tweak[2]); -+ &compute_tweak(@twx[2],@twx[3],@twx[4],@twx[5],$tmp0,$tmp1,$magic); -+ &mov_reg_to_vec(@twx[6],@twx[7],@tweak[3]); -+ &compute_tweak(@twx[4],@twx[5],@twx[6],@twx[7],$tmp0,$tmp1,$magic); -+ &mov_reg_to_vec(@twx[8],@twx[9],@tweak[4]); -+ &compute_tweak(@twx[6],@twx[7],@twx[8],@twx[9],$tmp0,$tmp1,$magic); -+ &mov_reg_to_vec(@twx[10],@twx[11],@tweak[5]); -+ &compute_tweak(@twx[8],@twx[9],@twx[10],@twx[11],$tmp0,$tmp1,$magic); -+ &mov_reg_to_vec(@twx[12],@twx[13],@tweak[6]); -+ &compute_tweak(@twx[10],@twx[11],@twx[12],@twx[13],$tmp0,$tmp1,$magic); -+ &mov_reg_to_vec(@twx[14],@twx[15],@tweak[7]); -+ &compute_tweak(@twx[12],@twx[13],@twx[14],@twx[15],$tmp0,$tmp1,$magic); -+$code.=<<___; -+ b.lt 2f -+ ld1 {@dat[0].4s,@dat[1].4s,@dat[2].4s,@dat[3].4s},[$inp],#64 -+___ -+ &rbit(@tweak[0],@tweak[0]); -+ &rbit(@tweak[1],@tweak[1]); -+ &rbit(@tweak[2],@tweak[2]); -+ &rbit(@tweak[3],@tweak[3]); -+$code.=<<___; -+ eor @dat[0].16b, @dat[0].16b, @tweak[0].16b -+ eor @dat[1].16b, @dat[1].16b, @tweak[1].16b -+ eor @dat[2].16b, @dat[2].16b, @tweak[2].16b -+ eor @dat[3].16b, @dat[3].16b, @tweak[3].16b -+ ld1 {@dat[4].4s,@dat[5].4s,@dat[6].4s,@dat[7].4s},[$inp],#64 -+___ -+ &rbit(@tweak[4],@tweak[4]); -+ &rbit(@tweak[5],@tweak[5]); -+ &rbit(@tweak[6],@tweak[6]); -+ &rbit(@tweak[7],@tweak[7]); -+$code.=<<___; -+ eor @dat[4].16b, @dat[4].16b, @tweak[4].16b -+ eor @dat[5].16b, @dat[5].16b, @tweak[5].16b -+ eor @dat[6].16b, @dat[6].16b, @tweak[6].16b -+ eor @dat[7].16b, @dat[7].16b, @tweak[7].16b -+___ -+ &rev32(@dat[0],@dat[0]); -+ &rev32(@dat[1],@dat[1]); -+ &rev32(@dat[2],@dat[2]); -+ &rev32(@dat[3],@dat[3]); -+ &rev32(@dat[4],@dat[4]); -+ &rev32(@dat[5],@dat[5]); -+ &rev32(@dat[6],@dat[6]); -+ &rev32(@dat[7],@dat[7]); -+ &enc_4blks(@dat[0],@dat[1],@dat[2],@dat[3]); -+ &enc_4blks(@dat[4],@dat[5],@dat[6],@dat[7]); -+ &rev32(@dat[0],@dat[0]); -+ &rev32(@dat[1],@dat[1]); -+ &rev32(@dat[2],@dat[2]); -+ &rev32(@dat[3],@dat[3]); -+ &rev32(@dat[4],@dat[4]); -+ &rev32(@dat[5],@dat[5]); -+ &rev32(@dat[6],@dat[6]); -+ &rev32(@dat[7],@dat[7]); -+$code.=<<___; -+ eor @dat[0].16b, @dat[0].16b, @tweak[0].16b -+ eor @dat[1].16b, @dat[1].16b, @tweak[1].16b -+ eor @dat[2].16b, @dat[2].16b, @tweak[2].16b -+ eor @dat[3].16b, @dat[3].16b, @tweak[3].16b -+ eor @dat[4].16b, @dat[4].16b, @tweak[4].16b -+ eor @dat[5].16b, @dat[5].16b, @tweak[5].16b -+ eor @dat[6].16b, @dat[6].16b, @tweak[6].16b -+ eor @dat[7].16b, @dat[7].16b, @tweak[7].16b -+ -+ // save the last tweak -+ mov $lastTweak.16b,@tweak[7].16b -+ st1 {@dat[0].4s,@dat[1].4s,@dat[2].4s,@dat[3].4s},[$out],#64 -+ st1 {@dat[4].4s,@dat[5].4s,@dat[6].4s,@dat[7].4s},[$out],#64 -+ subs $blocks,$blocks,#8 -+ b.eq 100f -+ b 1b -+2: -+ // process 4 blocks -+ cmp $blocks,#4 -+ b.lt 1f -+ ld1 {@dat[0].4s,@dat[1].4s,@dat[2].4s,@dat[3].4s},[$inp],#64 -+___ -+ &rbit(@tweak[0],@tweak[0]); -+ &rbit(@tweak[1],@tweak[1]); -+ &rbit(@tweak[2],@tweak[2]); -+ &rbit(@tweak[3],@tweak[3]); -+$code.=<<___; -+ eor @dat[0].16b, @dat[0].16b, @tweak[0].16b -+ eor @dat[1].16b, @dat[1].16b, @tweak[1].16b -+ eor @dat[2].16b, @dat[2].16b, @tweak[2].16b -+ eor @dat[3].16b, @dat[3].16b, @tweak[3].16b -+___ -+ &rev32(@dat[0],@dat[0]); -+ &rev32(@dat[1],@dat[1]); -+ &rev32(@dat[2],@dat[2]); -+ &rev32(@dat[3],@dat[3]); -+ &enc_4blks(@dat[0],@dat[1],@dat[2],@dat[3]); -+ &rev32(@dat[0],@dat[0]); -+ &rev32(@dat[1],@dat[1]); -+ &rev32(@dat[2],@dat[2]); -+ &rev32(@dat[3],@dat[3]); -+$code.=<<___; -+ eor @dat[0].16b, @dat[0].16b, @tweak[0].16b -+ eor @dat[1].16b, @dat[1].16b, @tweak[1].16b -+ eor @dat[2].16b, @dat[2].16b, @tweak[2].16b -+ eor @dat[3].16b, @dat[3].16b, @tweak[3].16b -+ st1 {@dat[0].4s,@dat[1].4s,@dat[2].4s,@dat[3].4s},[$out],#64 -+ sub $blocks,$blocks,#4 -+ mov @tweak[0].16b,@tweak[4].16b -+ mov @tweak[1].16b,@tweak[5].16b -+ mov @tweak[2].16b,@tweak[6].16b -+ // save the last tweak -+ mov $lastTweak.16b,@tweak[3].16b -+1: -+ // process last block -+ cmp $blocks,#1 -+ b.lt 100f -+ b.gt 1f -+ ld1 {@dat[0].4s},[$inp],#16 -+___ -+ &rbit(@tweak[0],@tweak[0]); -+$code.=<<___; -+ eor @dat[0].16b, @dat[0].16b, @tweak[0].16b -+___ -+ &rev32(@dat[0],@dat[0]); -+ &enc_blk(@dat[0]); -+ &rev32(@dat[0],@dat[0]); -+$code.=<<___; -+ eor @dat[0].16b, @dat[0].16b, @tweak[0].16b -+ st1 {@dat[0].4s},[$out],#16 -+ // save the last tweak -+ mov $lastTweak.16b,@tweak[0].16b -+ b 100f -+1: // process last 2 blocks -+ cmp $blocks,#2 -+ b.gt 1f -+ ld1 {@dat[0].4s,@dat[1].4s},[$inp],#32 -+___ -+ &rbit(@tweak[0],@tweak[0]); -+ &rbit(@tweak[1],@tweak[1]); -+$code.=<<___; -+ eor @dat[0].16b, @dat[0].16b, @tweak[0].16b -+ eor @dat[1].16b, @dat[1].16b, @tweak[1].16b -+___ -+ &rev32(@dat[0],@dat[0]); -+ &rev32(@dat[1],@dat[1]); -+ &enc_4blks(@dat[0],@dat[1],@dat[2],@dat[3]); -+ &rev32(@dat[0],@dat[0]); -+ &rev32(@dat[1],@dat[1]); -+$code.=<<___; -+ eor @dat[0].16b, @dat[0].16b, @tweak[0].16b -+ eor @dat[1].16b, @dat[1].16b, @tweak[1].16b -+ st1 {@dat[0].4s,@dat[1].4s},[$out],#32 -+ // save the last tweak -+ mov $lastTweak.16b,@tweak[1].16b -+ b 100f -+1: // process last 3 blocks -+ ld1 {@dat[0].4s,@dat[1].4s,@dat[2].4s},[$inp],#48 -+___ -+ &rbit(@tweak[0],@tweak[0]); -+ &rbit(@tweak[1],@tweak[1]); -+ &rbit(@tweak[2],@tweak[2]); -+$code.=<<___; -+ eor @dat[0].16b, @dat[0].16b, @tweak[0].16b -+ eor @dat[1].16b, @dat[1].16b, @tweak[1].16b -+ eor @dat[2].16b, @dat[2].16b, @tweak[2].16b -+___ -+ &rev32(@dat[0],@dat[0]); -+ &rev32(@dat[1],@dat[1]); -+ &rev32(@dat[2],@dat[2]); -+ &enc_4blks(@dat[0],@dat[1],@dat[2],@dat[3]); -+ &rev32(@dat[0],@dat[0]); -+ &rev32(@dat[1],@dat[1]); -+ &rev32(@dat[2],@dat[2]); -+$code.=<<___; -+ eor @dat[0].16b, @dat[0].16b, @tweak[0].16b -+ eor @dat[1].16b, @dat[1].16b, @tweak[1].16b -+ eor @dat[2].16b, @dat[2].16b, @tweak[2].16b -+ st1 {@dat[0].4s,@dat[1].4s,@dat[2].4s},[$out],#48 -+ // save the last tweak -+ mov $lastTweak.16b,@tweak[2].16b -+100: -+ cmp $remain,0 -+ b.eq 99f -+ -+// This brance calculates the last two tweaks, -+// while the encryption/decryption length is larger than 32 -+.last_2blks_tweak${standard}: -+___ -+ &rev32_armeb($lastTweak,$lastTweak); -+ &compute_tweak_vec($lastTweak,@tweak[1],$vTmp0,$vTmp1,$vMagic); -+ &compute_tweak_vec(@tweak[1],@tweak[2],$vTmp0,$vTmp1,$vMagic); -+$code.=<<___; -+ b .check_dec${standard} -+ -+ -+// This brance calculates the last two tweaks, -+// while the encryption/decryption length is less than 32, who only need two tweaks -+.only_2blks_tweak${standard}: -+ mov @tweak[1].16b,@tweak[0].16b -+___ -+ &rev32_armeb(@tweak[1],@tweak[1]); -+ &compute_tweak_vec(@tweak[1],@tweak[2],$vTmp0,$vTmp1,$vMagic); -+$code.=<<___; -+ b .check_dec${standard} -+ -+ -+// Determine whether encryption or decryption is required. -+// The last two tweaks need to be swapped for decryption. -+.check_dec${standard}: -+ // encryption:1 decryption:0 -+ cmp $enc,1 -+ b.eq .prcess_last_2blks${standard} -+ mov $vTmp0.16B,@tweak[1].16b -+ mov @tweak[1].16B,@tweak[2].16b -+ mov @tweak[2].16B,$vTmp0.16b -+ -+.prcess_last_2blks${standard}: -+___ -+ &rev32_armeb(@tweak[1],@tweak[1]); -+ &rev32_armeb(@tweak[2],@tweak[2]); -+$code.=<<___; -+ ld1 {@dat[0].4s},[$inp],#16 -+ eor @dat[0].16b, @dat[0].16b, @tweak[1].16b -+___ -+ &rev32(@dat[0],@dat[0]); -+ &enc_blk(@dat[0]); -+ &rev32(@dat[0],@dat[0]); -+$code.=<<___; -+ eor @dat[0].16b, @dat[0].16b, @tweak[1].16b -+ st1 {@dat[0].4s},[$out],#16 -+ -+ sub $lastBlk,$out,16 -+ .loop${standard}: -+ subs $remain,$remain,1 -+ ldrb w$tmp0,[$lastBlk,$remain] -+ ldrb w$tmp1,[$inp,$remain] -+ strb w$tmp1,[$lastBlk,$remain] -+ strb w$tmp0,[$out,$remain] -+ b.gt .loop${standard} -+ ld1 {@dat[0].4s}, [$lastBlk] -+ eor @dat[0].16b, @dat[0].16b, @tweak[2].16b -+___ -+ &rev32(@dat[0],@dat[0]); -+ &enc_blk(@dat[0]); -+ &rev32(@dat[0],@dat[0]); -+$code.=<<___; -+ eor @dat[0].16b, @dat[0].16b, @tweak[2].16b -+ st1 {@dat[0].4s}, [$lastBlk] -+99: -+ ret -+.size ${prefix}_xts_do_cipher${standard},.-${prefix}_xts_do_cipher${standard} -+___ -+} #end of gen_xts_do_cipher -+ -+}}} -+ -+{{{ -+my ($enc)=("w6"); -+ -+sub gen_xts_cipher() { -+ my $en = shift; -+$code.=<<___; -+.globl ${prefix}_xts_${en}crypt${standard} -+.type ${prefix}_xts_${en}crypt${standard},%function -+.align 5 -+${prefix}_xts_${en}crypt${standard}: -+ stp x15, x16, [sp, #-0x10]! -+ stp x17, x18, [sp, #-0x10]! -+ stp x19, x20, [sp, #-0x10]! -+ stp x21, x22, [sp, #-0x10]! -+ stp x23, x24, [sp, #-0x10]! -+ stp x25, x26, [sp, #-0x10]! -+ stp x27, x28, [sp, #-0x10]! -+ stp x29, x30, [sp, #-0x10]! -+ stp d8, d9, [sp, #-0x10]! -+ stp d10, d11, [sp, #-0x10]! -+ stp d12, d13, [sp, #-0x10]! -+ stp d14, d15, [sp, #-0x10]! -+___ -+ &mov_en_to_enc($en,$enc); -+$code.=<<___; -+ bl ${prefix}_xts_do_cipher${standard} -+ ldp d14, d15, [sp], #0x10 -+ ldp d12, d13, [sp], #0x10 -+ ldp d10, d11, [sp], #0x10 -+ ldp d8, d9, [sp], #0x10 -+ ldp x29, x30, [sp], #0x10 -+ ldp x27, x28, [sp], #0x10 -+ ldp x25, x26, [sp], #0x10 -+ ldp x23, x24, [sp], #0x10 -+ ldp x21, x22, [sp], #0x10 -+ ldp x19, x20, [sp], #0x10 -+ ldp x17, x18, [sp], #0x10 -+ ldp x15, x16, [sp], #0x10 -+ ret -+.size ${prefix}_xts_${en}crypt${standard},.-${prefix}_xts_${en}crypt${standard} -+___ -+ -+} # end of gen_xts_cipher -+$standard="_gb"; -+&gen_xts_do_cipher(); -+&gen_xts_cipher("en"); -+&gen_xts_cipher("de"); -+$standard=""; -+&gen_xts_do_cipher(); -+&gen_xts_cipher("en"); -+&gen_xts_cipher("de"); -+}}} - ######################################## - { my %opcode = ( - "sm4e" => 0xcec08400, -diff --git a/include/crypto/sm4_platform.h b/include/crypto/sm4_platform.h -index 2f5a6cf..0bde96f 100644 ---- a/include/crypto/sm4_platform.h -+++ b/include/crypto/sm4_platform.h -@@ -26,6 +26,10 @@ - # define HWSM4_cbc_encrypt sm4_v8_cbc_encrypt - # define HWSM4_ecb_encrypt sm4_v8_ecb_encrypt - # define HWSM4_ctr32_encrypt_blocks sm4_v8_ctr32_encrypt_blocks -+# define HWSM4_xts_encrypt_gb sm4_v8_xts_encrypt_gb -+# define HWSM4_xts_decrypt_gb sm4_v8_xts_decrypt_gb -+# define HWSM4_xts_encrypt sm4_v8_xts_encrypt -+# define HWSM4_xts_decrypt sm4_v8_xts_decrypt - # endif - # endif - # endif /* OPENSSL_CPUID_OBJ */ -@@ -46,6 +50,16 @@ void HWSM4_ecb_encrypt(const unsigned char *in, unsigned char *out, - void HWSM4_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - const unsigned char ivec[16]); -+/* xts mode in GB/T 17964-2021 */ -+void HWSM4_xts_encrypt_gb(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1, -+ const SM4_KEY *key2, const uint8_t iv[16]); -+void HWSM4_xts_decrypt_gb(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1, -+ const SM4_KEY *key2, const uint8_t iv[16]); -+/* xts mode in IEEE Std 1619-2007 */ -+void HWSM4_xts_encrypt(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1, -+ const SM4_KEY *key2, const uint8_t iv[16]); -+void HWSM4_xts_decrypt(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1, -+ const SM4_KEY *key2, const uint8_t iv[16]); - # endif /* HWSM4_CAPABLE */ - - #ifdef VPSM4_EX_CAPABLE --- -2.36.1 - diff --git a/Feature-Support-TLCP-protocol.patch b/Feature-Support-TLCP-protocol.patch deleted file mode 100644 index b510e6dbddd710cbc365623b4ff11c4ed405009d..0000000000000000000000000000000000000000 --- a/Feature-Support-TLCP-protocol.patch +++ /dev/null @@ -1,6353 +0,0 @@ -From 897ef4d611facba29cde86fac6d161984d524da4 Mon Sep 17 00:00:00 2001 -From: s_c_c -Date: Mon, 27 Jun 2022 10:28:38 +0800 -Subject: [PATCH] Support TLCP protocol - -TLCP_method(), TLCP_server_method(), TLCP_client_method() are the GM version-specific methods for TLCP protocol. -Valid TLCP ciphersuite names are ECDHE-SM4-CBC-SM3 and ECC-SM4-CBC-SM3. Additionally enable-tlcp(argument to Configure) was required. ---- - Configure | 7 +- - apps/s_client.c | 60 +- - crypto/dh/dh_err.c | 8 +- - crypto/dsa/dsa_err.c | 8 +- - crypto/err/openssl.txt | 34 +- - crypto/evp/evp_err.c | 6 +- - crypto/evp/p_lib.c | 18 + - crypto/rsa/rsa_err.c | 23 +- - crypto/sm2/build.info | 2 +- - crypto/sm2/sm2_err.c | 4 +- - crypto/sm2/sm2_kep.c | 254 ++++++ - crypto/sm2/sm2_pmeth.c | 4 + - doc/man1/s_client.pod | 9 + - doc/man3/EVP_PKEY_set1_RSA.pod | 9 +- - doc/man3/SSL_CTX_new.pod | 19 +- - doc/man3/SSL_CTX_set_options.pod | 4 +- - doc/man3/SSL_CTX_use_certificate.pod | 56 +- - doc/man7/ssl.pod | 40 + - include/crypto/sm2.h | 1 + - include/crypto/sm2err.h | 12 +- - include/openssl/dherr.h | 15 +- - include/openssl/dsaerr.h | 18 +- - include/openssl/evp.h | 4 + - include/openssl/evperr.h | 17 +- - include/openssl/rsaerr.h | 32 +- - include/openssl/sm2.h | 20 + - include/openssl/ssl.h | 71 ++ - include/openssl/sslerr.h | 33 +- - include/openssl/tls1.h | 20 + - include/openssl/x509.h | 4 + - include/openssl/x509err.h | 4 +- - ssl/methods.c | 36 + - ssl/record/ssl3_record.c | 4 + - ssl/s3_lib.c | 126 +++ - ssl/ssl_asn1.c | 3 +- - ssl/ssl_cert.c | 18 + - ssl/ssl_cert_table.h | 6 +- - ssl/ssl_ciph.c | 46 +- - ssl/ssl_err.c | 54 +- - ssl/ssl_lib.c | 81 +- - ssl/ssl_local.h | 69 +- - ssl/ssl_rsa.c | 541 +++++++++++++ - ssl/ssl_sess.c | 3 + - ssl/ssl_stat.c | 28 + - ssl/statem/extensions.c | 6 +- - ssl/statem/extensions_clnt.c | 3 + - ssl/statem/extensions_srvr.c | 6 +- - ssl/statem/statem.c | 4 + - ssl/statem/statem_clnt.c | 434 ++++++++++ - ssl/statem/statem_lib.c | 182 ++++- - ssl/statem/statem_srvr.c | 445 ++++++++++- - ssl/t1_enc.c | 84 ++ - ssl/t1_lib.c | 130 ++- - test/build.info | 6 +- - test/ciphername_test.c | 3 + - test/recipes/85-test_tlcp.t | 34 + - .../85-test_tlcp_data/ecdsa-client-cert.pem | 12 + - .../85-test_tlcp_data/ecdsa-client-key.pem | 5 + - .../85-test_tlcp_data/ecdsa-root-cert.pem | 14 + - .../85-test_tlcp_data/ecdsa-server-cert.pem | 12 + - .../85-test_tlcp_data/ecdsa-server-key.pem | 5 + - .../85-test_tlcp_data/sm2-client-enc-cert.pem | 12 + - .../85-test_tlcp_data/sm2-client-enc-key.pem | 5 + - .../85-test_tlcp_data/sm2-client-sig-cert.pem | 12 + - .../85-test_tlcp_data/sm2-client-sig-key.pem | 5 + - .../85-test_tlcp_data/sm2-root-cert.pem | 14 + - .../85-test_tlcp_data/sm2-server-enc-cert.pem | 12 + - .../85-test_tlcp_data/sm2-server-enc-key.pem | 5 + - .../85-test_tlcp_data/sm2-server-sig-cert.pem | 12 + - .../85-test_tlcp_data/sm2-server-sig-key.pem | 5 + - test/sm2_internal_test.c | 111 +++ - test/tlcptest.c | 746 ++++++++++++++++++ - util/libcrypto.num | 2 + - util/libssl.num | 17 + - 74 files changed, 4065 insertions(+), 109 deletions(-) - create mode 100644 crypto/sm2/sm2_kep.c - create mode 100644 include/openssl/sm2.h - create mode 100644 test/recipes/85-test_tlcp.t - create mode 100644 test/recipes/85-test_tlcp_data/ecdsa-client-cert.pem - create mode 100644 test/recipes/85-test_tlcp_data/ecdsa-client-key.pem - create mode 100644 test/recipes/85-test_tlcp_data/ecdsa-root-cert.pem - create mode 100644 test/recipes/85-test_tlcp_data/ecdsa-server-cert.pem - create mode 100644 test/recipes/85-test_tlcp_data/ecdsa-server-key.pem - create mode 100644 test/recipes/85-test_tlcp_data/sm2-client-enc-cert.pem - create mode 100644 test/recipes/85-test_tlcp_data/sm2-client-enc-key.pem - create mode 100644 test/recipes/85-test_tlcp_data/sm2-client-sig-cert.pem - create mode 100644 test/recipes/85-test_tlcp_data/sm2-client-sig-key.pem - create mode 100644 test/recipes/85-test_tlcp_data/sm2-root-cert.pem - create mode 100644 test/recipes/85-test_tlcp_data/sm2-server-enc-cert.pem - create mode 100644 test/recipes/85-test_tlcp_data/sm2-server-enc-key.pem - create mode 100644 test/recipes/85-test_tlcp_data/sm2-server-sig-cert.pem - create mode 100644 test/recipes/85-test_tlcp_data/sm2-server-sig-key.pem - create mode 100644 test/tlcptest.c - -diff --git a/Configure b/Configure -index 4236e6c..a41c897 100755 ---- a/Configure -+++ b/Configure -@@ -425,6 +425,7 @@ my @disablables = ( - "stdio", - "tests", - "threads", -+ "tlcp", - "tls", - "ts", - "ubsan", -@@ -469,6 +470,7 @@ our %disabled = ( # "what" => "comment" - "ssl-trace" => "default", - "ssl3" => "default", - "ssl3-method" => "default", -+ "tlcp" => "default", - "ubsan" => "default", - "unit-test" => "default", - "weak-ssl-ciphers" => "default", -@@ -512,8 +514,9 @@ my @disable_cascades = ( - "apps" => [ "tests" ], - "tests" => [ "external-tests" ], - "comp" => [ "zlib" ], -- "ec" => [ "tls1_3", "sm2" ], -- "sm3" => [ "sm2" ], -+ "ec" => [ "tls1_3", "sm2", "tlcp" ], -+ "sm3" => [ "sm2", "tlcp" ], -+ "sm2" => [ "tlcp" ], - sub { !$disabled{"unit-test"} } => [ "heartbeats" ], - - sub { !$disabled{"msan"} } => [ "asm" ], -diff --git a/apps/s_client.c b/apps/s_client.c -index 121cd14..a41f98a 100644 ---- a/apps/s_client.c -+++ b/apps/s_client.c -@@ -578,6 +578,7 @@ typedef enum OPTION_choice { - OPT_SRPUSER, OPT_SRPPASS, OPT_SRP_STRENGTH, OPT_SRP_LATEUSER, - OPT_SRP_MOREGROUPS, - #endif -+ OPT_TLCP, OPT_DCERT, OPT_DKEY, OPT_DPASS, - OPT_SSL3, OPT_SSL_CONFIG, - OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, - OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS, -@@ -738,6 +739,12 @@ const OPTIONS s_client_options[] = { - #ifndef OPENSSL_NO_TLS1_3 - {"tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3"}, - #endif -+#ifndef OPENSSL_NO_TCLP -+ {"tlcp", OPT_TLCP, '-', "Just use TLCP"}, -+ {"dcert", OPT_DCERT, '<', "Encryption certificate file to use (usually for TLCP)"}, -+ {"dkey", OPT_DKEY, '<', "Encryption private key file to use (usually for TLCP)"}, -+ {"dpass", OPT_DPASS, 's', "Encryption private key file pass phrase source"}, -+#endif - #ifndef OPENSSL_NO_DTLS - {"dtls", OPT_DTLS, '-', "Use any version of DTLS"}, - {"timeout", OPT_TIMEOUT, '-', -@@ -836,7 +843,7 @@ static const OPT_PAIR services[] = { - - #define IS_PROT_FLAG(o) \ - (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \ -- || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) -+ || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2 || o == OPT_TLCP) - - /* Free |*dest| and optionally set it to a copy of |source|. */ - static void freeandcopy(char **dest, const char *source) -@@ -982,6 +989,10 @@ int s_client_main(int argc, char **argv) - #ifndef OPENSSL_NO_SCTP - int sctp_label_bug = 0; - #endif -+ char *s_dcert_file = NULL, *s_dkey_file = NULL; -+ char *dpassarg = NULL, *dpass = NULL; -+ X509 *s_dcert = NULL; -+ EVP_PKEY *s_dkey = NULL; - - FD_ZERO(&readfds); - FD_ZERO(&writefds); -@@ -1318,6 +1329,14 @@ int s_client_main(int argc, char **argv) - socket_type = SOCK_STREAM; - #ifndef OPENSSL_NO_DTLS - isdtls = 0; -+#endif -+ break; -+ case OPT_TLCP: -+ min_version = TLCP_VERSION; -+ max_version = TLCP_VERSION; -+ socket_type = SOCK_STREAM; -+#ifndef OPENSSL_NO_DTLS -+ isdtls = 0; - #endif - break; - case OPT_DTLS: -@@ -1381,6 +1400,15 @@ int s_client_main(int argc, char **argv) - case OPT_KEY: - key_file = opt_arg(); - break; -+ case OPT_DCERT: -+ s_dcert_file = opt_arg(); -+ break; -+ case OPT_DPASS: -+ dpassarg = opt_arg(); -+ break; -+ case OPT_DKEY: -+ s_dkey_file = opt_arg(); -+ break; - case OPT_RECONNECT: - reconnect = 5; - break; -@@ -1650,7 +1678,7 @@ int s_client_main(int argc, char **argv) - next_proto.data = NULL; - #endif - -- if (!app_passwd(passarg, NULL, &pass, NULL)) { -+ if (!app_passwd(passarg, dpassarg, &pass, &dpass)) { - BIO_printf(bio_err, "Error getting password\n"); - goto end; - } -@@ -1681,6 +1709,26 @@ int s_client_main(int argc, char **argv) - goto end; - } - -+ if (s_dcert_file != NULL) { -+ if (s_dkey_file == NULL) -+ s_dkey_file = s_dcert_file; -+ -+ s_dkey = load_key(s_dkey_file, key_format, 0, dpass, e, -+ "Encrypt certificate private key file"); -+ if (s_dkey == NULL) { -+ ERR_print_errors(bio_err); -+ goto end; -+ } -+ -+ s_dcert = load_cert(s_dcert_file, key_format, -+ "Encrypt server certificate file"); -+ -+ if (s_dcert == NULL) { -+ ERR_print_errors(bio_err); -+ goto end; -+ } -+ } -+ - if (crl_file != NULL) { - X509_CRL *crl; - crl = load_crl(crl_file, crl_format); -@@ -1932,6 +1980,11 @@ int s_client_main(int argc, char **argv) - - if (!set_cert_key_stuff(ctx, cert, key, chain, build_chain)) - goto end; -+ -+ if (s_dcert != NULL) { -+ if (!set_cert_key_stuff(ctx, s_dcert, s_dkey, chain, build_chain)) -+ goto end; -+ } - - if (!noservername) { - tlsextcbp.biodebug = bio_err; -@@ -3146,6 +3199,9 @@ int s_client_main(int argc, char **argv) - EVP_PKEY_free(key); - sk_X509_pop_free(chain, X509_free); - OPENSSL_free(pass); -+ X509_free(s_dcert); -+ EVP_PKEY_free(s_dkey); -+ OPENSSL_free(dpass); - #ifndef OPENSSL_NO_SRP - OPENSSL_free(srp_arg.srppassin); - #endif -diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c -index 9778138..c7ac6ae 100644 ---- a/crypto/dh/dh_err.c -+++ b/crypto/dh/dh_err.c -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -26,8 +26,8 @@ static const ERR_STRING_DATA DH_str_functs[] = { - {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0), - "dh_cms_set_shared_info"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_COMPUTE_KEY, 0), "DH_compute_key"}, -- {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_KEY, 0), "DH_generate_key"}, -- {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_PARAMETERS_EX, 0), "DH_generate_parameters_ex"}, -+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_PARAMETERS_EX, 0), -+ "DH_generate_parameters_ex"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_DUP, 0), "DH_meth_dup"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_NEW, 0), "DH_meth_new"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_SET1_NAME, 0), "DH_meth_set1_name"}, -@@ -78,11 +78,11 @@ static const ERR_STRING_DATA DH_str_reasons[] = { - {ERR_PACK(ERR_LIB_DH, 0, DH_R_KEY_SIZE_TOO_SMALL), "key size too small"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"}, -+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_NON_FIPS_METHOD), "non fips method"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR), - "not suitable generator"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PRIVATE_VALUE), "no private value"}, -- {ERR_PACK(ERR_LIB_DH, 0, DH_R_NON_FIPS_METHOD), "non FIPS method"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), - "parameter encoding error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"}, -diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c -index d85d221..26210c5 100644 ---- a/crypto/dsa/dsa_err.c -+++ b/crypto/dsa/dsa_err.c -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -24,7 +24,8 @@ static const ERR_STRING_DATA DSA_str_functs[] = { - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_SIGN, 0), "DSA_do_sign"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_VERIFY, 0), "DSA_do_verify"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_KEY, 0), "DSA_generate_key"}, -- {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_PARAMETERS_EX, 0), "DSA_generate_parameters_ex"}, -+ {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_PARAMETERS_EX, 0), -+ "DSA_generate_parameters_ex"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_DUP, 0), "DSA_meth_dup"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_NEW, 0), "DSA_meth_new"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_SET1_NAME, 0), "DSA_meth_set1_name"}, -@@ -60,8 +61,9 @@ static const ERR_STRING_DATA DSA_str_reasons[] = { - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PRIVATE_KEY), - "missing private key"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, -+ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NON_FIPS_DSA_METHOD), -+ "non fips dsa method"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"}, -- {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NON_FIPS_DSA_METHOD), "non FIPS DSA method"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR), - "parameter encoding error"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"}, -diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt -index b93cace..3ea4c02 100644 ---- a/crypto/err/openssl.txt -+++ b/crypto/err/openssl.txt -@@ -1,4 +1,4 @@ --# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. -+# Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. - # - # Licensed under the OpenSSL license (the "License"). You may not use - # this file except in compliance with the License. You can obtain a copy -@@ -1102,6 +1102,7 @@ SM2_F_PKEY_SM2_CTRL_STR:110:pkey_sm2_ctrl_str - SM2_F_PKEY_SM2_DIGEST_CUSTOM:114:pkey_sm2_digest_custom - SM2_F_PKEY_SM2_INIT:111:pkey_sm2_init - SM2_F_PKEY_SM2_SIGN:112:pkey_sm2_sign -+SM2_F_SM2_COMPUTE_KEY:116:SM2_compute_key - SM2_F_SM2_COMPUTE_MSG_HASH:100:sm2_compute_msg_hash - SM2_F_SM2_COMPUTE_USERID_DIGEST:101:sm2_compute_userid_digest - SM2_F_SM2_COMPUTE_Z_DIGEST:113:sm2_compute_z_digest -@@ -1184,7 +1185,7 @@ SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE:431:* - SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE:601:\ - ossl_statem_server_post_process_message - SSL_F_OSSL_STATEM_SERVER_POST_WORK:602:ossl_statem_server_post_work --SSL_F_OSSL_STATEM_SERVER_PRE_WORK:640: -+SSL_F_OSSL_STATEM_SERVER_PRE_WORK:640:ossl_statem_server_pre_work - SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE:603:ossl_statem_server_process_message - SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION:418:ossl_statem_server_read_transition - SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION:604:\ -@@ -1270,6 +1271,10 @@ SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH:551:\ - SSL_F_SSL_CTX_USE_CERTIFICATE:171:SSL_CTX_use_certificate - SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1:172:SSL_CTX_use_certificate_ASN1 - SSL_F_SSL_CTX_USE_CERTIFICATE_FILE:173:SSL_CTX_use_certificate_file -+SSL_F_SSL_CTX_USE_GM_CERTIFICATE:641:SSL_CTX_use_gm_certificate -+SSL_F_SSL_CTX_USE_GM_CERTIFICATE_ASN1:642:SSL_CTX_use_gm_certificate_ASN1 -+SSL_F_SSL_CTX_USE_GM_PRIVATEKEY:643:SSL_CTX_use_gm_PrivateKey -+SSL_F_SSL_CTX_USE_GM_PRIVATEKEY_ASN1:644:SSL_CTX_use_gm_PrivateKey_ASN1 - SSL_F_SSL_CTX_USE_PRIVATEKEY:174:SSL_CTX_use_PrivateKey - SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1:175:SSL_CTX_use_PrivateKey_ASN1 - SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE:176:SSL_CTX_use_PrivateKey_file -@@ -1296,7 +1301,9 @@ SSL_F_SSL_GET_SIGN_PKEY:183:* - SSL_F_SSL_HANDSHAKE_HASH:560:ssl_handshake_hash - SSL_F_SSL_INIT_WBIO_BUFFER:184:ssl_init_wbio_buffer - SSL_F_SSL_KEY_UPDATE:515:SSL_key_update -+SSL_F_SSL_LOAD_CERT_FILE:645:ssl_load_cert_file - SSL_F_SSL_LOAD_CLIENT_CA_FILE:185:SSL_load_client_CA_file -+SSL_F_SSL_LOAD_PKEY_FILE:646:ssl_load_pkey_file - SSL_F_SSL_LOG_MASTER_SECRET:498:* - SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE:499:ssl_log_rsa_client_key_exchange - SSL_F_SSL_MODULE_INIT:392:ssl_module_init -@@ -1330,11 +1337,14 @@ SSL_F_SSL_SET_CERT_AND_KEY:621:ssl_set_cert_and_key - SSL_F_SSL_SET_CIPHER_LIST:271:SSL_set_cipher_list - SSL_F_SSL_SET_CT_VALIDATION_CALLBACK:399:SSL_set_ct_validation_callback - SSL_F_SSL_SET_FD:192:SSL_set_fd -+SSL_F_SSL_SET_GM_CERT_AND_KEY:647:ssl_set_gm_cert_and_key - SSL_F_SSL_SET_PKEY:193:ssl_set_pkey - SSL_F_SSL_SET_RFD:194:SSL_set_rfd - SSL_F_SSL_SET_SESSION:195:SSL_set_session - SSL_F_SSL_SET_SESSION_ID_CONTEXT:218:SSL_set_session_id_context - SSL_F_SSL_SET_SESSION_TICKET_EXT:294:SSL_set_session_ticket_ext -+SSL_F_SSL_SET_SIGN_ENC_CERT:648:ssl_set_sign_enc_cert -+SSL_F_SSL_SET_SIGN_ENC_PKEY:649:ssl_set_sign_enc_pkey - SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH:550:SSL_set_tlsext_max_fragment_length - SSL_F_SSL_SET_WFD:196:SSL_set_wfd - SSL_F_SSL_SHUTDOWN:224:SSL_shutdown -@@ -1345,6 +1355,10 @@ SSL_F_SSL_UNDEFINED_VOID_FUNCTION:244:ssl_undefined_void_function - SSL_F_SSL_USE_CERTIFICATE:198:SSL_use_certificate - SSL_F_SSL_USE_CERTIFICATE_ASN1:199:SSL_use_certificate_ASN1 - SSL_F_SSL_USE_CERTIFICATE_FILE:200:SSL_use_certificate_file -+SSL_F_SSL_USE_GM_CERTIFICATE:650:SSL_use_gm_certificate -+SSL_F_SSL_USE_GM_CERTIFICATE_ASN1:651:SSL_use_gm_certificate_ASN1 -+SSL_F_SSL_USE_GM_PRIVATEKEY:652:SSL_use_gm_PrivateKey -+SSL_F_SSL_USE_GM_PRIVATEKEY_ASN1:653:SSL_use_gm_PrivateKey_ASN1 - SSL_F_SSL_USE_PRIVATEKEY:201:SSL_use_PrivateKey - SSL_F_SSL_USE_PRIVATEKEY_ASN1:202:SSL_use_PrivateKey_ASN1 - SSL_F_SSL_USE_PRIVATEKEY_FILE:203:SSL_use_PrivateKey_file -@@ -1361,6 +1375,20 @@ SSL_F_SSL_WRITE_EARLY_FINISH:527:* - SSL_F_SSL_WRITE_EX:433:SSL_write_ex - SSL_F_SSL_WRITE_INTERNAL:524:ssl_write_internal - SSL_F_STATE_MACHINE:353:state_machine -+SSL_F_TLCP_CHOOSE_SIGALG:662:tlcp_choose_sigalg -+SSL_F_TLCP_CONSTRUCT_CKE_SM2DHE:663:tlcp_construct_cke_sm2dhe -+SSL_F_TLCP_CONSTRUCT_CKE_SM2ECC:658:tlcp_construct_cke_sm2ecc -+SSL_F_TLCP_CONSTRUCT_CLIENT_KEY_EXCHANGE:654:tlcp_construct_client_key_exchange -+SSL_F_TLCP_CONSTRUCT_SERVER_KEY_EXCHANGE:655:tlcp_construct_server_key_exchange -+SSL_F_TLCP_CONSTRUCT_SKE_SM2DHE:664:tlcp_construct_ske_sm2dhe -+SSL_F_TLCP_CONSTRUCT_SKE_SM2ECC:659:tlcp_construct_ske_sm2ecc -+SSL_F_TLCP_DERIVE:665:tlcp_derive -+SSL_F_TLCP_PROCESS_CKE_SM2DHE:666:tlcp_process_cke_sm2dhe -+SSL_F_TLCP_PROCESS_CKE_SM2ECC:660:tlcp_process_cke_sm2ecc -+SSL_F_TLCP_PROCESS_CLIENT_KEY_EXCHANGE:656:tlcp_process_client_key_exchange -+SSL_F_TLCP_PROCESS_KEY_EXCHANGE:657:tlcp_process_key_exchange -+SSL_F_TLCP_PROCESS_SKE_SM2DHE:667:tlcp_process_ske_sm2dhe -+SSL_F_TLCP_PROCESS_SKE_SM2ECC:661:tlcp_process_ske_sm2ecc - SSL_F_TLS12_CHECK_PEER_SIGALG:333:tls12_check_peer_sigalg - SSL_F_TLS12_COPY_SIGALGS:533:tls12_copy_sigalgs - SSL_F_TLS13_CHANGE_CIPHER_STATE:440:tls13_change_cipher_state -@@ -1769,7 +1797,7 @@ X509_F_X509_STORE_NEW:158:X509_STORE_new - X509_F_X509_TO_X509_REQ:126:X509_to_X509_REQ - X509_F_X509_TRUST_ADD:133:X509_TRUST_add - X509_F_X509_TRUST_SET:141:X509_TRUST_set --X509_F_X509_VERIFY:161:X509_verify -+X509_F_X509_VERIFY:166:X509_verify - X509_F_X509_VERIFY_CERT:127:X509_verify_cert - X509_F_X509_VERIFY_PARAM_NEW:159:X509_VERIFY_PARAM_new - X509_F_X509_VERIFY_SM2:162:x509_verify_sm2 -diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c -index daf7fdc..e3c9e05 100644 ---- a/crypto/evp/evp_err.c -+++ b/crypto/evp/evp_err.c -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -187,7 +187,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { - "different key types"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS), - "different parameters"}, -- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DISABLED_FOR_FIPS), "disabled for FIPS"}, -+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DISABLED_FOR_FIPS), "disabled for fips"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION), - "error loading section"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE), -@@ -279,8 +279,6 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { - "wrap mode not allowed"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH), - "wrong final block length"}, -- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE), -- "xts data unit is too large"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS), - "xts duplicated keys"}, - {0, NULL} -diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c -index 1f36cb2..9e25ae1 100644 ---- a/crypto/evp/p_lib.c -+++ b/crypto/evp/p_lib.c -@@ -459,6 +459,24 @@ const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len) - } - #endif - -+# ifndef OPENSSL_NO_SM2 -+int EVP_PKEY_is_sm2(EVP_PKEY *pkey) -+{ -+ EC_KEY *eckey; -+ const EC_GROUP *group; -+ if (pkey == NULL) { -+ return 0; -+ } -+ if (EVP_PKEY_id(pkey) == EVP_PKEY_EC -+ && (eckey = EVP_PKEY_get0_EC_KEY(pkey)) != NULL -+ && (group = EC_KEY_get0_group(eckey)) != NULL -+ && EC_GROUP_get_curve_name(group) == NID_sm2) { -+ return 1; -+ } -+ return EVP_PKEY_id(pkey) == EVP_PKEY_SM2; -+} -+# endif -+ - #ifndef OPENSSL_NO_RSA - int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) - { -diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c -index cf43265..888fd07 100644 ---- a/crypto/rsa/rsa_err.c -+++ b/crypto/rsa/rsa_err.c -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -34,7 +34,8 @@ static const ERR_STRING_DATA RSA_str_functs[] = { - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY_EX, 0), "RSA_check_key_ex"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_DECRYPT, 0), "rsa_cms_decrypt"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_VERIFY, 0), "rsa_cms_verify"}, -- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_KEY_EX, 0), "RSA_generate_key_ex"}, -+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_KEY_EX, 0), -+ "RSA_generate_key_ex"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_MULTI_PRIME_KEY, 0), - "RSA_generate_multi_prime_key"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ITEM_VERIFY, 0), "rsa_item_verify"}, -@@ -93,16 +94,21 @@ static const ERR_STRING_DATA RSA_str_functs[] = { - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PARAM_DECODE, 0), "rsa_param_decode"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT, 0), "RSA_print"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT_FP, 0), "RSA_print_fp"}, -+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_DECRYPT, 0), -+ "RSA_private_decrypt"}, -+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_ENCRYPT, 0), -+ "RSA_private_encrypt"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_DECODE, 0), "rsa_priv_decode"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_ENCODE, 0), "rsa_priv_encode"}, -- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_DECRYPT, 0), "RSA_private_decrypt"}, -- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_ENCRYPT, 0), "RSA_private_encrypt"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_GET_PARAM, 0), "rsa_pss_get_param"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_TO_CTX, 0), "rsa_pss_to_ctx"}, -- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUB_DECODE, 0), "rsa_pub_decode"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUBLIC_DECRYPT, 0), "RSA_public_decrypt"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUBLIC_ENCRYPT, 0), "RSA_public_encrypt"}, -+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUB_DECODE, 0), "rsa_pub_decode"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SETUP_BLINDING, 0), "RSA_setup_blinding"}, -+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_DEFAULT_METHOD, 0), -+ "RSA_set_default_method"}, -+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_METHOD, 0), "RSA_set_method"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN, 0), "RSA_sign"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN_ASN1_OCTET_STRING, 0), - "RSA_sign_ASN1_OCTET_STRING"}, -@@ -111,8 +117,6 @@ static const ERR_STRING_DATA RSA_str_functs[] = { - "RSA_verify_ASN1_OCTET_STRING"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 0), - "RSA_verify_PKCS1_PSS_mgf1"}, -- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_DEFAULT_METHOD, 0), "RSA_set_default_method"}, -- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_METHOD, 0), "RSA_set_method"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_SETUP_TBUF, 0), "setup_tbuf"}, - {0, NULL} - }; -@@ -193,8 +197,9 @@ static const ERR_STRING_DATA RSA_str_reasons[] = { - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D), - "mp exponent not congruent to d"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_R_NOT_PRIME), "mp r not prime"}, -+ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NON_FIPS_RSA_METHOD), -+ "non fips rsa method"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"}, -- {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NON_FIPS_RSA_METHOD), "non FIPS rsa method"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NULL_BEFORE_BLOCK_MISSING), - "null before block missing"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES), -@@ -204,7 +209,7 @@ static const ERR_STRING_DATA RSA_str_reasons[] = { - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR), - "oaep decoding error"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE), -- "operation not allowed in FIPS mode"}, -+ "operation not allowed in fips mode"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), - "operation not supported for this keytype"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED), -diff --git a/crypto/sm2/build.info b/crypto/sm2/build.info -index be76d96..adaf5f3 100644 ---- a/crypto/sm2/build.info -+++ b/crypto/sm2/build.info -@@ -1,5 +1,5 @@ - LIBS=../../libcrypto - SOURCE[../../libcrypto]=\ -- sm2_sign.c sm2_crypt.c sm2_err.c sm2_pmeth.c -+ sm2_sign.c sm2_crypt.c sm2_err.c sm2_pmeth.c sm2_kep.c - - -diff --git a/crypto/sm2/sm2_err.c b/crypto/sm2/sm2_err.c -index e5973e9..f5f75cb 100644 ---- a/crypto/sm2/sm2_err.c -+++ b/crypto/sm2/sm2_err.c -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -21,6 +21,7 @@ static const ERR_STRING_DATA SM2_str_functs[] = { - "pkey_sm2_digest_custom"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_INIT, 0), "pkey_sm2_init"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_SIGN, 0), "pkey_sm2_sign"}, -+ {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_KEY, 0), "SM2_compute_key"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_MSG_HASH, 0), - "sm2_compute_msg_hash"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_USERID_DIGEST, 0), -@@ -51,6 +52,7 @@ static const ERR_STRING_DATA SM2_str_reasons[] = { - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_ENCODING), "invalid encoding"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_FIELD), "invalid field"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NO_PARAMETERS_SET), "no parameters set"}, -+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NO_PRIVATE_VALUE), "no private value"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_USER_ID_TOO_LARGE), "user id too large"}, - {0, NULL} - }; -diff --git a/crypto/sm2/sm2_kep.c b/crypto/sm2/sm2_kep.c -new file mode 100644 -index 0000000..a7bd681 ---- /dev/null -+++ b/crypto/sm2/sm2_kep.c -@@ -0,0 +1,254 @@ -+/* -+ * Copyright 2019 The BabaSSL Project Authors. All Rights Reserved. -+ */ -+ -+#include "internal/cryptlib.h" -+#include -+#include -+#include -+#include "crypto/sm2.h" -+#include "crypto/ec.h" /* ecdh_KDF_X9_63() */ -+#include "crypto/sm2err.h" -+ -+ -+#ifndef OPENSSL_NO_SM2 -+int SM2_compute_key(void *out, size_t outlen, int server, -+ const char *peer_uid, int peer_uid_len, -+ const char *self_uid, int self_uid_len, -+ const EC_KEY *peer_ecdhe_key, const EC_KEY *self_ecdhe_key, -+ const EC_KEY *peer_pub_key, const EC_KEY *self_eckey, -+ const EVP_MD *md) -+{ -+ BN_CTX *ctx = NULL; -+ EC_POINT *UorV = NULL; -+ const EC_POINT *Rs, *Rp; -+ BIGNUM *Xs = NULL, *Xp = NULL, *h = NULL, *t = NULL, *two_power_w = NULL, *order = NULL; -+ const BIGNUM *priv_key, *r; -+ const EC_GROUP *group; -+ int w; -+ int ret = -1; -+ size_t buflen, len; -+ unsigned char *buf = NULL; -+ size_t elemet_len, idx; -+ -+ if (outlen > INT_MAX) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (peer_pub_key == NULL || self_eckey == NULL) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, SM2_R_NO_PRIVATE_VALUE); -+ goto err; -+ } -+ -+ priv_key = EC_KEY_get0_private_key(self_eckey); -+ if (priv_key == NULL) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, SM2_R_NO_PRIVATE_VALUE); -+ goto err; -+ } -+ -+ if (peer_ecdhe_key == NULL || self_ecdhe_key == NULL) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_PASSED_NULL_PARAMETER); -+ goto err; -+ } -+ -+ Rs = EC_KEY_get0_public_key(self_ecdhe_key); -+ Rp = EC_KEY_get0_public_key(peer_ecdhe_key); -+ r = EC_KEY_get0_private_key(self_ecdhe_key); -+ -+ if (Rs == NULL || Rp == NULL || r == NULL) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_PASSED_NULL_PARAMETER); -+ goto err; -+ } -+ -+ ctx = BN_CTX_new(); -+ if (ctx == NULL) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ BN_CTX_start(ctx); -+ Xs = BN_CTX_get(ctx); -+ Xp = BN_CTX_get(ctx); -+ h = BN_CTX_get(ctx); -+ t = BN_CTX_get(ctx); -+ two_power_w = BN_CTX_get(ctx); -+ order = BN_CTX_get(ctx); -+ -+ if (order == NULL) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ group = EC_KEY_get0_group(self_eckey); -+ -+ if (!EC_GROUP_get_order(group, order, ctx) -+ || !EC_GROUP_get_cofactor(group, h, ctx)) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ w = (BN_num_bits(order) + 1) / 2 - 1; -+ if (!BN_lshift(two_power_w, BN_value_one(), w)) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /*Third: Caculate -- X = 2 ^ w + (x & (2 ^ w - 1)) = 2 ^ w + (x mod 2 ^ w)*/ -+ UorV = EC_POINT_new(group); -+ if (UorV == NULL) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /*Test peer public key On curve*/ -+ if (!EC_POINT_is_on_curve(group, Rp, ctx)) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /*Get x*/ -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) -+ == NID_X9_62_prime_field) { -+ if (!EC_POINT_get_affine_coordinates_GFp(group, Rs, Xs, NULL, ctx)) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ if (!EC_POINT_get_affine_coordinates_GFp(group, Rp, Xp, NULL, ctx)) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_EC_LIB); -+ goto err; -+ } -+ } -+ -+ /*x mod 2 ^ w*/ -+ /*Caculate Self x*/ -+ if (!BN_nnmod(Xs, Xs, two_power_w, ctx)) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ if (!BN_add(Xs, Xs, two_power_w)) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /*Caculate Peer x*/ -+ if (!BN_nnmod(Xp, Xp, two_power_w, ctx)) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ if (!BN_add(Xp, Xp, two_power_w)) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /*Forth: Caculate t*/ -+ if (!BN_mod_mul(t, Xs, r, order, ctx)) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ if (!BN_mod_add(t, t, priv_key, order, ctx)) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /*Fifth: Caculate V or U*/ -+ if (!BN_mul(t, t, h, ctx)) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* [x]R */ -+ if (!EC_POINT_mul(group, UorV, NULL, Rp, Xp, ctx)) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /* P + [x]R */ -+ if (!EC_POINT_add(group, UorV, UorV, -+ EC_KEY_get0_public_key(peer_pub_key), ctx)) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ if (!EC_POINT_mul(group, UorV, NULL, UorV, t, ctx)) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ if (EC_POINT_is_at_infinity(group, UorV)) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ /*Sixth: Caculate Key -- Need Xuorv, Yuorv, Zc, Zs, klen*/ -+ -+ elemet_len = (size_t)((EC_GROUP_get_degree(group) + 7) / 8); -+ buflen = elemet_len * 2 + 32 * 2 + 1; /*add 1 byte tag*/ -+ buf = (unsigned char *)OPENSSL_zalloc(buflen + 10); -+ if (buf == NULL) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ /*1 : Get public key for UorV, Notice: the first byte is a tag, not a valid char*/ -+ idx = EC_POINT_point2oct(group, UorV, 4, buf, buflen, ctx); -+ if (!idx) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ len = EVP_MD_size(md); -+ -+ /* Z_A || Z_B, server is initiator(Z_A), client is responder(Z_B) */ -+ if (server) { -+ if (!sm2_compute_z_digest((uint8_t *)(buf + idx), md, -+ (const uint8_t *)self_uid, -+ self_uid_len, self_eckey)) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ idx += len; -+ } -+ -+ if (!sm2_compute_z_digest((uint8_t *)(buf + idx), md, -+ (const uint8_t *)peer_uid, peer_uid_len, -+ peer_pub_key)) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ idx += len; -+ -+ if (!server) { -+ if (!sm2_compute_z_digest((uint8_t *)(buf + idx), md, -+ (const uint8_t *)self_uid, -+ self_uid_len, self_eckey)) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ idx += len; -+ } -+ -+ if (!ecdh_KDF_X9_63(out, outlen, (const unsigned char *)(buf + 1), idx - 1, -+ NULL, 0, md)) { -+ SM2err(SM2_F_SM2_COMPUTE_KEY, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ ret = outlen; -+ -+ err: -+ EC_POINT_free(UorV); -+ OPENSSL_free(buf); -+ if (ctx != NULL) -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ -+ return ret; -+} -+ -+#endif -diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c -index 9551d70..1998812 100644 ---- a/crypto/sm2/sm2_pmeth.c -+++ b/crypto/sm2/sm2_pmeth.c -@@ -287,6 +287,10 @@ static int pkey_sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) - const EVP_MD *md = EVP_MD_CTX_md(mctx); - int mdlen = EVP_MD_size(md); - -+ if (!smctx->id_set) -+ (void)pkey_sm2_ctrl(ctx, EVP_PKEY_CTRL_SET1_ID, SM2_DEFAULT_USERID_LEN -+ , (void *)SM2_DEFAULT_USERID); -+ - if (!smctx->id_set) { - /* - * An ID value must be set. The specifications are not clear whether a -diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod -index f1a2c4a..8fa82a1 100644 ---- a/doc/man1/s_client.pod -+++ b/doc/man1/s_client.pod -@@ -20,8 +20,10 @@ B B - [B<-verify depth>] - [B<-verify_return_error>] - [B<-cert filename>] -+[B<-dcert filename>] - [B<-certform DER|PEM>] - [B<-key filename>] -+[B<-dkey filename>] - [B<-keyform DER|PEM>] - [B<-cert_chain filename>] - [B<-build_chain>] -@@ -32,6 +34,7 @@ B B - [B<-xcertform PEM|DER>] - [B<-xkeyform PEM|DER>] - [B<-pass arg>] -+[B<-dpass arg>] - [B<-CApath directory>] - [B<-CAfile filename>] - [B<-chainCApath directory>] -@@ -91,6 +94,7 @@ B B - [B<-tls1_1>] - [B<-tls1_2>] - [B<-tls1_3>] -+[B<-tlcp>] - [B<-no_ssl3>] - [B<-no_tls1>] - [B<-no_tls1_1>] -@@ -214,6 +218,11 @@ ClientHello message. Cannot be used in conjunction with the B<-servername> or - The certificate to use, if one is requested by the server. The default is - not to use a certificate. - -+=item B<-dcert infile>, B<-dkey infile>, B<-dpass val> -+ -+Specify an encryption certificate, private key and passphrase -+respectively, usually for TLCP. -+ - =item B<-certform format> - - The certificate format to use: DER or PEM. PEM is the default. -diff --git a/doc/man3/EVP_PKEY_set1_RSA.pod b/doc/man3/EVP_PKEY_set1_RSA.pod -index d571e58..f9ee16d 100644 ---- a/doc/man3/EVP_PKEY_set1_RSA.pod -+++ b/doc/man3/EVP_PKEY_set1_RSA.pod -@@ -9,7 +9,7 @@ EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, - EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, - EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, - EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type, --EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions -+EVP_PKEY_is_sm2, EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions - - =head1 SYNOPSIS - -@@ -45,6 +45,8 @@ EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions - int EVP_PKEY_type(int type); - int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); - -+ int EVP_PKEY_is_sm2(EVP_PKEY *pkey); -+ - ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); - int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine); - -@@ -93,6 +95,9 @@ EVP_PKEY_set_alias_type() allows modifying a EVP_PKEY to use a - different set of algorithms than the default. This is currently used - to support SM2 keys, which use an identical encoding to ECDSA. - -+EVP_PKEY_is_sm2() can be used to determine whether the B is -+SM2 curve. -+ - =head1 NOTES - - In accordance with the OpenSSL naming convention the key obtained -@@ -134,6 +139,8 @@ EVP_PKEY_set1_engine() returns 1 for success and 0 for failure. - - EVP_PKEY_set_alias_type() returns 1 for success and 0 for error. - -+EVP_PKEY_is_sm2() returns 1 for success and 0 for error. -+ - =head1 EXAMPLES - - After loading an ECC key, it is possible to convert it to using SM2 -diff --git a/doc/man3/SSL_CTX_new.pod b/doc/man3/SSL_CTX_new.pod -index a6c036c..23f93f6 100644 ---- a/doc/man3/SSL_CTX_new.pod -+++ b/doc/man3/SSL_CTX_new.pod -@@ -9,7 +9,8 @@ TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method, - TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method, - SSLv23_client_method, DTLS_method, DTLS_server_method, DTLS_client_method, - DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method, --DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method -+DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method, -+TLCP_method, TLCP_server_method, TLCP_client_method, - - create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled - functions - -@@ -68,6 +69,12 @@ functions - const SSL_METHOD *DTLSv1_2_client_method(void); - #endif - -+ #ifndef OPENSSL_NO_TLCP -+ const SSL_METHOD *TLCP_method(void); -+ const SSL_METHOD *TLCP_server_method(void); -+ const SSL_METHOD *TLCP_client_method(void); -+ #endif -+ - =head1 DESCRIPTION - - SSL_CTX_new() creates a new B object as framework to -@@ -93,6 +100,8 @@ These are the general-purpose I SSL/TLS methods. - The actual protocol version used will be negotiated to the highest version - mutually supported by the client and the server. - The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. -+TLS_method() and TLS_server_method() can aslo support TLCP protocol -+by using TLCP_client_method(). - Applications should use these methods, and avoid the version-specific - methods described below, which are deprecated. - -@@ -141,6 +150,12 @@ These methods are deprecated. - These are the version-specific methods for DTLSv1. - These methods are deprecated. - -+=item TLCP_method(), TLCP_server_method(), TLCP_client_method() -+ -+These are the GM version-specific methods for TLCP protocol. -+Valid TLCP ciphersuite names are ECDHE-SM4-CBC-SM3 and ECC-SM4-CBC-SM3. -+B(argument to Configure) was required. -+ - =back - - SSL_CTX_new() initializes the list of ciphers, the session cache setting, the -@@ -162,7 +177,7 @@ allow newer protocols like TLS 1.0, TLS 1.1, TLS 1.2 or TLS 1.3. - - The list of protocols available can also be limited using the - B, B, B, --B, B and B -+B, B, B and B - options of the - L or L functions, but this approach - is not recommended. Clients should avoid creating "holes" in the set of -diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod -index 969e036..304e966 100644 ---- a/doc/man3/SSL_CTX_set_options.pod -+++ b/doc/man3/SSL_CTX_set_options.pod -@@ -114,11 +114,11 @@ preferences. When not set, the SSL server will always follow the clients - preferences. When set, the SSL/TLS server will choose following its - own preferences. - --=item SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, -+=item SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLCP - SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2 - - These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol --versions with TLS or the DTLSv1, DTLSv1.2 versions with DTLS, -+versions with TLS or the DTLSv1, DTLSv1.2 versions with DTLS, TLCP - respectively. - As of OpenSSL 1.1.0, these options are deprecated, use - L and -diff --git a/doc/man3/SSL_CTX_use_certificate.pod b/doc/man3/SSL_CTX_use_certificate.pod -index b065d8f..7a717e7 100644 ---- a/doc/man3/SSL_CTX_use_certificate.pod -+++ b/doc/man3/SSL_CTX_use_certificate.pod -@@ -12,7 +12,12 @@ SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, - SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, - SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, - SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key, --SSL_CTX_use_cert_and_key, SSL_use_cert_and_key -+SSL_CTX_use_cert_and_key, SSL_use_cert_and_key, -+SSL_CTX_use_gm_certificate, SSL_CTX_use_gm_certificate_ASN1, SSL_CTX_use_gm_certificate_file, -+SSL_use_gm_certificate, SSL_use_gm_certificate_ASN1, SSL_use_gm_certificate_file, -+SSL_CTX_use_gm_PrivateKey, SSL_CTX_use_gm_PrivateKey_ASN1, SSL_CTX_use_gm_PrivateKey_file, -+SSL_use_gm_PrivateKey, SSL_use_gm_PrivateKey_ASN1, SSL_use_gm_PrivateKey_file, -+SSL_CTX_use_gm_cert_and_key, SSL_use_gm_cert_and_key - - load certificate and key data - - =head1 SYNOPSIS -@@ -26,6 +31,13 @@ SSL_CTX_use_cert_and_key, SSL_use_cert_and_key - int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); - int SSL_use_certificate_file(SSL *ssl, const char *file, int type); - -+ int SSL_CTX_use_gm_certificate(SSL_CTX *ctx, X509 *x, int usage); -+ int SSL_CTX_use_gm_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d, int usage); -+ int SSL_CTX_use_gm_certificate_file(SSL_CTX *ctx, const char *file, int type, int usage); -+ int SSL_use_gm_certificate(SSL *ssl, X509 *x, int usage); -+ int SSL_use_gm_certificate_ASN1(SSL *ssl, unsigned char *d, int len, int usage); -+ int SSL_use_gm_certificate_file(SSL *ssl, const char *file, int type, int usage); -+ - int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); - int SSL_use_certificate_chain_file(SSL *ssl, const char *file); - -@@ -43,12 +55,23 @@ SSL_CTX_use_cert_and_key, SSL_use_cert_and_key - int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); - int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); - -+ int SSL_CTX_use_gm_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey, int usage); -+ int SSL_CTX_use_gm_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, -+ long len, int usage); -+ int SSL_CTX_use_gm_PrivateKey_file(SSL_CTX *ctx, const char *file, int type, int usage); -+ int SSL_use_gm_PrivateKey(SSL *ssl, EVP_PKEY *pkey, int usage); -+ int SSL_use_gm_PrivateKey_ASN1(int pk, SSL *ssl, unsigned char *d, long len, int usage); -+ int SSL_use_gm_PrivateKey_file(SSL *ssl, const char *file, int type, int usage); -+ - int SSL_CTX_check_private_key(const SSL_CTX *ctx); - int SSL_check_private_key(const SSL *ssl); - - int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); - int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); - -+ int SSL_CTX_use_gm_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override, int usage); -+ int SSL_use_gm_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override, int usage); -+ - =head1 DESCRIPTION - - These functions load the certificates and private keys into the SSL_CTX -@@ -81,6 +104,21 @@ SSL_use_certificate_file() loads the certificate from B into B. - See the NOTES section on why SSL_CTX_use_certificate_chain_file() - should be preferred. - -+SSL_CTX_use_gm_certificate() loads the certificate B into B -+and specify B. SSL_use_gm_certificate() loads B into B -+and specify B. The B should be SSL_USAGE_SIG or SSL_USAGE_ENC. -+ -+SSL_CTX_use_gm_certificate_ASN1() loads the ASN1 encoded certificate from -+the memory location B (with length B) into B and specify B, -+SSL_use_gm_certificate_ASN1() loads the ASN1 encoded certificate into B -+and specify B. -+ -+SSL_CTX_use_gm_certificate_file() loads the first certificate stored in B -+into B and specify B. The formatting B of the certificate must -+be specified from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. -+SSL_use_gm_certificate_file() loads the certificate from B into B -+and specify B. -+ - SSL_CTX_use_certificate_chain_file() loads a certificate chain from - B into B. The certificates must be in PEM format and must - be sorted starting with the subject's certificate (actual client or server -@@ -127,6 +165,22 @@ B to B. SSL_use_PrivateKey_file() adds the first private key found - in B to B; SSL_use_RSAPrivateKey_file() adds the first private - RSA key found to B. - -+SSL_CTX_use_gm_PrivateKey() adds B as private key to B and -+specify B. SSL_CTX_use_gm_PrivateKey_ASN1() adds the private key of -+type B stored at memory location B (length B) to B and -+specify B. SSL_CTX_use_gm_PrivateKey_file() adds the first private -+key found in B to B. The formatting B of the private key -+must be specified from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. -+ -+SSL_use_PrivateKey() adds B as private key to B and sprcify B. -+SSL_use_gm_PrivateKey_ASN1() adds the private key to B and sprcify B. -+SSL_use_gm_PrivateKey_file() adds the first private key found in B to B -+and sprcify B. -+ -+SSL_CTX_use_gm_cert_and_key() and SSL_use_gm_cert_and_key() assign the X.509 -+certificate B, private key B, and certificate B onto the -+corresponding B or B and specify B. -+ - SSL_CTX_check_private_key() checks the consistency of a private key with - the corresponding certificate loaded into B. If more than one - key/certificate pair (RSA/DSA) is installed, the last item installed will -diff --git a/doc/man7/ssl.pod b/doc/man7/ssl.pod -index d439860..8d7293a 100644 ---- a/doc/man7/ssl.pod -+++ b/doc/man7/ssl.pod -@@ -183,6 +183,18 @@ Constructor for the SSLv3 SSL_METHOD structure for clients. - - Constructor for the SSLv3 SSL_METHOD structure for servers. - -+=item const SSL_METHOD *B(void); -+ -+Constructor for the TLCP SSL_METHOD structure for clients, servers or both. -+ -+=item const SSL_METHOD *B(void); -+ -+Constructor for the TLCP SSL_METHOD structure for clients. -+ -+=item const SSL_METHOD *B(void); -+ -+Constructor for the TLCP SSL_METHOD structure for servers. -+ - =back - - =head2 Dealing with Ciphers -@@ -393,6 +405,12 @@ Use the file path to locate trusted CA certificates. - - =item int B(SSL_CTX *ctx, const char *file, int type); - -+=item int B(SSL_CTX *ctx, EVP_PKEY *pkey, int usage); -+ -+=item int B(int type, SSL_CTX *ctx, unsigned char *d, long len, int usage); -+ -+=item int B(SSL_CTX *ctx, const char *file, int type, int usage); -+ - =item int B(SSL_CTX *ctx, X509 *x); - - =item int B(SSL_CTX *ctx, int len, unsigned char *d); -@@ -401,6 +419,14 @@ Use the file path to locate trusted CA certificates. - - =item int B(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); - -+=item int B(SSL_CTX *ctx, X509 *x, int usage); -+ -+=item int B(SSL_CTX *ctx, int len, unsigned char *d, int usage); -+ -+=item int B(SSL_CTX *ctx, const char *file, int type, int usage); -+ -+=item int B(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override, int usage); -+ - =item X509 *B(const SSL_CTX *ctx); - - =item EVP_PKEY *B(const SSL_CTX *ctx); -@@ -704,6 +730,12 @@ Returns the current handshake state. - - =item int B(SSL *ssl, const char *file, int type); - -+=item int B(SSL *ssl, EVP_PKEY *pkey, int usage); -+ -+=item int B(int type, SSL *ssl, unsigned char *d, long len, int usage); -+ -+=item int B(SSL *ssl, const char *file, int type, int usage); -+ - =item int B(SSL *ssl, X509 *x); - - =item int B(SSL *ssl, int len, unsigned char *d); -@@ -712,6 +744,14 @@ Returns the current handshake state. - - =item int B(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); - -+=item int B(SSL *ssl, X509 *x, int usage); -+ -+=item int B(SSL *ssl, int len, unsigned char *d, int usage); -+ -+=item int B(SSL *ssl, const char *file, int type, int usage); -+ -+=item int B(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override, int usage); -+ - =item int B(const SSL *ssl); - - =item int B(const SSL *ssl); -diff --git a/include/crypto/sm2.h b/include/crypto/sm2.h -index a7f5548..720bdd4 100644 ---- a/include/crypto/sm2.h -+++ b/include/crypto/sm2.h -@@ -19,6 +19,7 @@ - - /* The default user id as specified in GM/T 0009-2012 */ - # define SM2_DEFAULT_USERID "1234567812345678" -+# define SM2_DEFAULT_USERID_LEN 16 - - int sm2_compute_z_digest(uint8_t *out, - const EVP_MD *digest, -diff --git a/include/crypto/sm2err.h b/include/crypto/sm2err.h -index d1c0ee2..251c4f9 100644 ---- a/include/crypto/sm2err.h -+++ b/include/crypto/sm2err.h -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -8,12 +8,10 @@ - * https://www.openssl.org/source/license.html - */ - --#ifndef OSSL_CRYPTO_SM2ERR_H --# define OSSL_CRYPTO_SM2ERR_H -+#ifndef HEADER_SM2ERR_H -+# define HEADER_SM2ERR_H - --# ifndef HEADER_SYMHACKS_H --# include --# endif -+# include - - # include - -@@ -33,6 +31,7 @@ int ERR_load_SM2_strings(void); - # define SM2_F_PKEY_SM2_DIGEST_CUSTOM 114 - # define SM2_F_PKEY_SM2_INIT 111 - # define SM2_F_PKEY_SM2_SIGN 112 -+# define SM2_F_SM2_COMPUTE_KEY 116 - # define SM2_F_SM2_COMPUTE_MSG_HASH 100 - # define SM2_F_SM2_COMPUTE_USERID_DIGEST 101 - # define SM2_F_SM2_COMPUTE_Z_DIGEST 113 -@@ -59,6 +58,7 @@ int ERR_load_SM2_strings(void); - # define SM2_R_INVALID_ENCODING 104 - # define SM2_R_INVALID_FIELD 105 - # define SM2_R_NO_PARAMETERS_SET 109 -+# define SM2_R_NO_PRIVATE_VALUE 113 - # define SM2_R_USER_ID_TOO_LARGE 106 - - # endif -diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h -index b2d62eb..e7fdb21 100644 ---- a/include/openssl/dherr.h -+++ b/include/openssl/dherr.h -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -11,9 +11,7 @@ - #ifndef HEADER_DHERR_H - # define HEADER_DHERR_H - --# ifndef HEADER_SYMHACKS_H --# include --# endif -+# include - - # include - -@@ -36,9 +34,8 @@ int ERR_load_DH_strings(void); - # define DH_F_DH_CMS_DECRYPT 114 - # define DH_F_DH_CMS_SET_PEERKEY 115 - # define DH_F_DH_CMS_SET_SHARED_INFO 116 --# define DH_F_DH_COMPUTE_KEY 203 --# define DH_F_DH_GENERATE_KEY 202 --# define DH_F_DH_GENERATE_PARAMETERS_EX 201 -+# define DH_F_DH_COMPUTE_KEY 126 -+# define DH_F_DH_GENERATE_PARAMETERS_EX 127 - # define DH_F_DH_METH_DUP 117 - # define DH_F_DH_METH_NEW 118 - # define DH_F_DH_METH_SET1_NAME 119 -@@ -76,14 +73,14 @@ int ERR_load_DH_strings(void); - # define DH_R_INVALID_PARAMETER_NID 114 - # define DH_R_INVALID_PUBKEY 102 - # define DH_R_KDF_PARAMETER_ERROR 112 --# define DH_R_KEY_SIZE_TOO_SMALL 201 - # define DH_R_KEYS_NOT_SET 108 -+# define DH_R_KEY_SIZE_TOO_SMALL 126 - # define DH_R_MISSING_PUBKEY 125 - # define DH_R_MODULUS_TOO_LARGE 103 -+# define DH_R_NON_FIPS_METHOD 127 - # define DH_R_NOT_SUITABLE_GENERATOR 120 - # define DH_R_NO_PARAMETERS_SET 107 - # define DH_R_NO_PRIVATE_VALUE 100 --# define DH_R_NON_FIPS_METHOD 202 - # define DH_R_PARAMETER_ENCODING_ERROR 105 - # define DH_R_PEER_KEY_ERROR 111 - # define DH_R_SHARED_INFO_ERROR 113 -diff --git a/include/openssl/dsaerr.h b/include/openssl/dsaerr.h -index 19f650a..83f1b68 100644 ---- a/include/openssl/dsaerr.h -+++ b/include/openssl/dsaerr.h -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -11,9 +11,7 @@ - #ifndef HEADER_DSAERR_H - # define HEADER_DSAERR_H - --# ifndef HEADER_SYMHACKS_H --# include --# endif -+# include - - # include - -@@ -29,13 +27,13 @@ int ERR_load_DSA_strings(void); - */ - # define DSA_F_DSAPARAMS_PRINT 100 - # define DSA_F_DSAPARAMS_PRINT_FP 101 --# define DSA_F_DSA_BUILTIN_KEYGEN 202 -+# define DSA_F_DSA_BUILTIN_KEYGEN 108 - # define DSA_F_DSA_BUILTIN_PARAMGEN 125 - # define DSA_F_DSA_BUILTIN_PARAMGEN2 126 --# define DSA_F_DSA_GENERATE_KEY 201 --# define DSA_F_DSA_GENERATE_PARAMETERS_EX 200 - # define DSA_F_DSA_DO_SIGN 112 - # define DSA_F_DSA_DO_VERIFY 113 -+# define DSA_F_DSA_GENERATE_KEY 109 -+# define DSA_F_DSA_GENERATE_PARAMETERS_EX 110 - # define DSA_F_DSA_METH_DUP 127 - # define DSA_F_DSA_METH_NEW 128 - # define DSA_F_DSA_METH_SET1_NAME 129 -@@ -63,13 +61,13 @@ int ERR_load_DSA_strings(void); - # define DSA_R_DECODE_ERROR 104 - # define DSA_R_INVALID_DIGEST_TYPE 106 - # define DSA_R_INVALID_PARAMETERS 112 --# define DSA_R_KEY_SIZE_INVALID 201 --# define DSA_R_KEY_SIZE_TOO_SMALL 202 -+# define DSA_R_KEY_SIZE_INVALID 114 -+# define DSA_R_KEY_SIZE_TOO_SMALL 115 - # define DSA_R_MISSING_PARAMETERS 101 - # define DSA_R_MISSING_PRIVATE_KEY 111 - # define DSA_R_MODULUS_TOO_LARGE 103 -+# define DSA_R_NON_FIPS_DSA_METHOD 116 - # define DSA_R_NO_PARAMETERS_SET 107 --# define DSA_R_NON_FIPS_DSA_METHOD 200 - # define DSA_R_PARAMETER_ENCODING_ERROR 105 - # define DSA_R_Q_NOT_PRIME 113 - # define DSA_R_SEED_LEN_SMALL 110 -diff --git a/include/openssl/evp.h b/include/openssl/evp.h -index 0f7fbd1..3116c1b 100644 ---- a/include/openssl/evp.h -+++ b/include/openssl/evp.h -@@ -1011,6 +1011,10 @@ const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); - const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); - # endif - -+# ifndef OPENSSL_NO_SM2 -+int EVP_PKEY_is_sm2(EVP_PKEY *pkey); -+# endif -+ - # ifndef OPENSSL_NO_RSA - struct rsa_st; - int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); -diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h -index bfa2e68..da604ca 100644 ---- a/include/openssl/evperr.h -+++ b/include/openssl/evperr.h -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -22,15 +22,15 @@ int ERR_load_EVP_strings(void); - * EVP function codes. - */ - # define EVP_F_AESNI_INIT_KEY 165 --# define EVP_F_AESNI_XTS_INIT_KEY 233 -+# define EVP_F_AESNI_XTS_INIT_KEY 207 - # define EVP_F_AES_GCM_CTRL 196 - # define EVP_F_AES_INIT_KEY 133 - # define EVP_F_AES_OCB_CIPHER 169 - # define EVP_F_AES_T4_INIT_KEY 178 --# define EVP_F_AES_T4_XTS_INIT_KEY 234 -+# define EVP_F_AES_T4_XTS_INIT_KEY 208 - # define EVP_F_AES_WRAP_CIPHER 170 --# define EVP_F_AES_XTS_CIPHER 229 --# define EVP_F_AES_XTS_INIT_KEY 235 -+# define EVP_F_AES_XTS_CIPHER 210 -+# define EVP_F_AES_XTS_INIT_KEY 209 - # define EVP_F_ALG_MODULE_INIT 177 - # define EVP_F_ARIA_CCM_INIT_KEY 175 - # define EVP_F_ARIA_GCM_CTRL 197 -@@ -141,9 +141,9 @@ int ERR_load_EVP_strings(void); - # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 - # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 - # define EVP_R_DECODE_ERROR 114 --# define EVP_R_DISABLED_FOR_FIPS 200 - # define EVP_R_DIFFERENT_KEY_TYPES 101 - # define EVP_R_DIFFERENT_PARAMETERS 153 -+# define EVP_R_DISABLED_FOR_FIPS 185 - # define EVP_R_ERROR_LOADING_SECTION 165 - # define EVP_R_ERROR_SETTING_FIPS_MODE 166 - # define EVP_R_EXPECTING_AN_HMAC_KEY 174 -@@ -186,7 +186,7 @@ int ERR_load_EVP_strings(void); - # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 - # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 - # define EVP_R_PUBLIC_KEY_NOT_RSA 106 --# define EVP_R_TOO_LARGE 201 -+# define EVP_R_TOO_LARGE 186 - # define EVP_R_UNKNOWN_CIPHER 160 - # define EVP_R_UNKNOWN_DIGEST 161 - # define EVP_R_UNKNOWN_OPTION 169 -@@ -202,7 +202,6 @@ int ERR_load_EVP_strings(void); - # define EVP_R_UNSUPPORTED_SALT_TYPE 126 - # define EVP_R_WRAP_MODE_NOT_ALLOWED 170 - # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 --# define EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE 191 --# define EVP_R_XTS_DUPLICATED_KEYS 192 -+# define EVP_R_XTS_DUPLICATED_KEYS 183 - - #endif -diff --git a/include/openssl/rsaerr.h b/include/openssl/rsaerr.h -index a8bcfdf..6bbd265 100644 ---- a/include/openssl/rsaerr.h -+++ b/include/openssl/rsaerr.h -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -11,9 +11,7 @@ - #ifndef HEADER_RSAERR_H - # define HEADER_RSAERR_H - --# ifndef HEADER_SYMHACKS_H --# include --# endif -+# include - - # ifdef __cplusplus - extern "C" -@@ -25,7 +23,7 @@ int ERR_load_RSA_strings(void); - */ - # define RSA_F_CHECK_PADDING_MD 140 - # define RSA_F_ENCODE_PKCS1 146 --# define RSA_F_FIPS_RSA_BUILTIN_KEYGEN 206 -+# define RSA_F_FIPS_RSA_BUILTIN_KEYGEN 168 - # define RSA_F_INT_RSA_VERIFY 145 - # define RSA_F_OLD_RSA_PRIV_DECODE 147 - # define RSA_F_PKEY_PSS_INIT 165 -@@ -40,8 +38,8 @@ int ERR_load_RSA_strings(void); - # define RSA_F_RSA_CHECK_KEY_EX 160 - # define RSA_F_RSA_CMS_DECRYPT 159 - # define RSA_F_RSA_CMS_VERIFY 158 --# define RSA_F_RSA_GENERATE_KEY_EX 204 --# define RSA_F_RSA_GENERATE_MULTI_PRIME_KEY 207 -+# define RSA_F_RSA_GENERATE_KEY_EX 169 -+# define RSA_F_RSA_GENERATE_MULTI_PRIME_KEY 170 - # define RSA_F_RSA_ITEM_VERIFY 148 - # define RSA_F_RSA_METH_DUP 161 - # define RSA_F_RSA_METH_NEW 162 -@@ -77,18 +75,18 @@ int ERR_load_RSA_strings(void); - # define RSA_F_RSA_PARAM_DECODE 164 - # define RSA_F_RSA_PRINT 115 - # define RSA_F_RSA_PRINT_FP 116 -+# define RSA_F_RSA_PRIVATE_DECRYPT 171 -+# define RSA_F_RSA_PRIVATE_ENCRYPT 172 - # define RSA_F_RSA_PRIV_DECODE 150 - # define RSA_F_RSA_PRIV_ENCODE 138 --# define RSA_F_RSA_PRIVATE_DECRYPT 200 --# define RSA_F_RSA_PRIVATE_ENCRYPT 201 - # define RSA_F_RSA_PSS_GET_PARAM 151 - # define RSA_F_RSA_PSS_TO_CTX 155 -+# define RSA_F_RSA_PUBLIC_DECRYPT 173 -+# define RSA_F_RSA_PUBLIC_ENCRYPT 174 - # define RSA_F_RSA_PUB_DECODE 139 --# define RSA_F_RSA_PUBLIC_DECRYPT 202 --# define RSA_F_RSA_PUBLIC_ENCRYPT 203 - # define RSA_F_RSA_SETUP_BLINDING 136 --# define RSA_F_RSA_SET_DEFAULT_METHOD 205 --# define RSA_F_RSA_SET_METHOD 204 -+# define RSA_F_RSA_SET_DEFAULT_METHOD 175 -+# define RSA_F_RSA_SET_METHOD 176 - # define RSA_F_RSA_SIGN 117 - # define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 - # define RSA_F_RSA_VERIFY 119 -@@ -139,19 +137,19 @@ int ERR_load_RSA_strings(void); - # define RSA_R_KEY_PRIME_NUM_INVALID 165 - # define RSA_R_KEY_SIZE_TOO_SMALL 120 - # define RSA_R_LAST_OCTET_INVALID 134 --# define RSA_R_MISSING_PRIVATE_KEY 179 - # define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152 -+# define RSA_R_MISSING_PRIVATE_KEY 179 - # define RSA_R_MODULUS_TOO_LARGE 105 - # define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 168 - # define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169 - # define RSA_R_MP_R_NOT_PRIME 170 -+# define RSA_R_NON_FIPS_RSA_METHOD 171 - # define RSA_R_NO_PUBLIC_EXPONENT 140 --# define RSA_R_NON_FIPS_RSA_METHOD 200 - # define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 - # define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 172 - # define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 - # define RSA_R_OAEP_DECODING_ERROR 121 --# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 201 -+# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 173 - # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 - # define RSA_R_PADDING_CHECK_FAILED 114 - # define RSA_R_PKCS_DECODING_ERROR 159 -@@ -171,7 +169,7 @@ int ERR_load_RSA_strings(void); - # define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 - # define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 - # define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 --# define RSA_R_UNSUPPORTED_PARAMETERS 202 -+# define RSA_R_UNSUPPORTED_PARAMETERS 174 - # define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 - # define RSA_R_VALUE_MISSING 147 - # define RSA_R_WRONG_SIGNATURE_LENGTH 119 -diff --git a/include/openssl/sm2.h b/include/openssl/sm2.h -new file mode 100644 -index 0000000..505ebfc ---- /dev/null -+++ b/include/openssl/sm2.h -@@ -0,0 +1,20 @@ -+#ifndef HEADER_SM2_H -+# define HEADER_SM2_H -+ -+#include "ossl_typ.h" -+ -+# ifdef __cplusplus -+extern "C" { -+# endif -+ -+int SM2_compute_key(void *out, size_t outlen, -+ int server, const char *peer_uid, int peer_uid_len, -+ const char *self_uid, int self_uid_len, -+ const EC_KEY *peer_ecdhe_key, const EC_KEY *self_ecdhe_key, -+ const EC_KEY *peer_pub_key, const EC_KEY *self_eckey, -+ const EVP_MD *md); -+ -+# ifdef __cplusplus -+} -+# endif -+#endif -diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h -index fd0c5a9..a6acbc4 100644 ---- a/include/openssl/ssl.h -+++ b/include/openssl/ssl.h -@@ -300,6 +300,11 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); - * Reserved value (until OpenSSL 1.2.0) 0x00000001U - * Reserved value (until OpenSSL 1.2.0) 0x00000002U - */ -+#ifndef OPENSSL_NO_TLCP -+/* Use reserved value for the position of enc cert, default is placed at the end */ -+# define SSL_OP_ENCCERT_SECOND_POSITION 0x00000002U -+#endif -+ - /* Allow initial connection to servers that don't support RI */ - # define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U - -@@ -383,8 +388,15 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); - # define SSL_OP_NO_DTLSv1 0x04000000U - # define SSL_OP_NO_DTLSv1_2 0x08000000U - -+#ifndef OPENSSL_NO_TLCP -+/* Use reserved value for TCLP(GB/T 38636-2020) */ -+# define SSL_OP_NO_TLCP 0x00000001U -+# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_TLCP|SSL_OP_NO_SSLv3|\ -+ SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3) -+#else - # define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\ - SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3) -+#endif - # define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2) - - /* Disallow all renegotiation */ -@@ -1041,6 +1053,11 @@ typedef enum { - TLS_ST_SR_END_OF_EARLY_DATA - } OSSL_HANDSHAKE_STATE; - -+#ifndef OPENSSL_NO_TLCP -+# define SSL_USAGE_SIG 0 -+# define SSL_USAGE_ENC 1 -+#endif -+ - /* - * Most of the following state values are no longer used and are defined to be - * the closest equivalent value in the current state machine code. Not all -@@ -1177,6 +1194,19 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) - /* fatal */ - # define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK - # define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL -+ -+/* These alert types are for TLCP */ -+# define SSL_AD_UNSUPPORTED_SITE2SITE TLCP_AD_UNSUPPORTED_SITE2SITE -+/* fatal */ -+# define SSL_AD_NO_AREA TLCP_AD_NO_AREA -+# define SSL_AD_UNSUPPORTED_AREATYPE TLCP_AD_UNSUPPORTED_AREATYPE -+# define SSL_AD_BAD_IBCPARAM TLCP_AD_BAD_IBCPARAM -+/* fatal */ -+# define SSL_AD_UNSUPPORTED_IBCPARAM TLCP_AD_UNSUPPORTED_IBCPARAM -+/* fatal */ -+# define SSL_AD_IDENTITY_NEED TLCP_AD_IDENTITY_NEED -+/* fatal */ -+ - # define SSL_ERROR_NONE 0 - # define SSL_ERROR_SSL 1 - # define SSL_ERROR_WANT_READ 2 -@@ -1560,9 +1590,20 @@ __owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); - __owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, - long len); - # endif -+# ifndef OPENSSL_NO_TLCP -+__owur int SSL_use_gm_PrivateKey(SSL *ssl, EVP_PKEY *pkey, int usage); -+__owur int SSL_use_gm_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, -+ long len, int usage); -+# endif - __owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); - __owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, - long len); -+# ifndef OPENSSL_NO_TLCP -+__owur int SSL_use_gm_certificate(SSL *ssl, X509 *x, int usage); -+__owur int SSL_use_gm_certificate_ASN1(SSL *ssl, const unsigned char *d, int len, int usage); -+__owur int SSL_use_gm_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, -+ STACK_OF(X509) *chain, int override, int usage); -+# endif - __owur int SSL_use_certificate(SSL *ssl, X509 *x); - __owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); - __owur int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, -@@ -1585,6 +1626,11 @@ __owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); - __owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); - #endif - -+#ifndef OPENSSL_NO_TLCP -+__owur int SSL_use_gm_PrivateKey_file(SSL *ssl, const char *file, int type, int usage); -+__owur int SSL_use_gm_certificate_file(SSL *ssl, const char *file, int type, int usage); -+#endif -+ - __owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); - __owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type); - -@@ -1592,6 +1638,13 @@ __owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type); - __owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, - int type); - #endif -+ -+#ifndef OPENSSL_NO_TLCP -+__owur int SSL_CTX_use_gm_PrivateKey_file(SSL_CTX *ctx, const char *file, -+ int type, int usage); -+__owur int SSL_CTX_use_gm_certificate_file(SSL_CTX *ctx, const char *file, -+ int type, int usage); -+#endif - __owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, - int type); - __owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, -@@ -1695,6 +1748,18 @@ __owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); - __owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, - long len); - # endif -+ -+# ifndef OPENSSL_NO_TLCP -+__owur int SSL_CTX_use_gm_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey, int usage); -+__owur int SSL_CTX_use_gm_PrivateKey_ASN1(int pk, SSL_CTX *ctx, -+ const unsigned char *d, long len, int usage); -+__owur int SSL_CTX_use_gm_certificate(SSL_CTX *ctx, X509 *x, int usage); -+__owur int SSL_CTX_use_gm_certificate_ASN1(SSL_CTX *ctx, int len, -+ const unsigned char *d, int usage); -+__owur int SSL_CTX_use_gm_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, -+ STACK_OF(X509) *chain, int override, int usage); -+# endif -+ - __owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); - __owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, - const unsigned char *d, long len); -@@ -1873,6 +1938,12 @@ __owur const SSL_METHOD *TLS_method(void); - __owur const SSL_METHOD *TLS_server_method(void); - __owur const SSL_METHOD *TLS_client_method(void); - -+#ifndef OPENSSL_NO_TLCP -+__owur const SSL_METHOD *TLCP_method(void); -+__owur const SSL_METHOD *TLCP_server_method(void); -+__owur const SSL_METHOD *TLCP_client_method(void); -+#endif -+ - # ifndef OPENSSL_NO_TLS1_METHOD - DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */ - DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) -diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h -index 701d61c..aa5f56a 100644 ---- a/include/openssl/sslerr.h -+++ b/include/openssl/sslerr.h -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -11,9 +11,7 @@ - #ifndef HEADER_SSLERR_H - # define HEADER_SSLERR_H - --# ifndef HEADER_SYMHACKS_H --# include --# endif -+# include - - # ifdef __cplusplus - extern "C" -@@ -171,6 +169,10 @@ int ERR_load_SSL_strings(void); - # define SSL_F_SSL_CTX_USE_CERTIFICATE 171 - # define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 - # define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 -+# define SSL_F_SSL_CTX_USE_GM_CERTIFICATE 641 -+# define SSL_F_SSL_CTX_USE_GM_CERTIFICATE_ASN1 642 -+# define SSL_F_SSL_CTX_USE_GM_PRIVATEKEY 643 -+# define SSL_F_SSL_CTX_USE_GM_PRIVATEKEY_ASN1 644 - # define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 - # define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 - # define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 -@@ -197,7 +199,9 @@ int ERR_load_SSL_strings(void); - # define SSL_F_SSL_HANDSHAKE_HASH 560 - # define SSL_F_SSL_INIT_WBIO_BUFFER 184 - # define SSL_F_SSL_KEY_UPDATE 515 -+# define SSL_F_SSL_LOAD_CERT_FILE 645 - # define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 -+# define SSL_F_SSL_LOAD_PKEY_FILE 646 - # define SSL_F_SSL_LOG_MASTER_SECRET 498 - # define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE 499 - # define SSL_F_SSL_MODULE_INIT 392 -@@ -231,11 +235,14 @@ int ERR_load_SSL_strings(void); - # define SSL_F_SSL_SET_CIPHER_LIST 271 - # define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 399 - # define SSL_F_SSL_SET_FD 192 -+# define SSL_F_SSL_SET_GM_CERT_AND_KEY 647 - # define SSL_F_SSL_SET_PKEY 193 - # define SSL_F_SSL_SET_RFD 194 - # define SSL_F_SSL_SET_SESSION 195 - # define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 - # define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 -+# define SSL_F_SSL_SET_SIGN_ENC_CERT 648 -+# define SSL_F_SSL_SET_SIGN_ENC_PKEY 649 - # define SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH 550 - # define SSL_F_SSL_SET_WFD 196 - # define SSL_F_SSL_SHUTDOWN 224 -@@ -246,6 +253,10 @@ int ERR_load_SSL_strings(void); - # define SSL_F_SSL_USE_CERTIFICATE 198 - # define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 - # define SSL_F_SSL_USE_CERTIFICATE_FILE 200 -+# define SSL_F_SSL_USE_GM_CERTIFICATE 650 -+# define SSL_F_SSL_USE_GM_CERTIFICATE_ASN1 651 -+# define SSL_F_SSL_USE_GM_PRIVATEKEY 652 -+# define SSL_F_SSL_USE_GM_PRIVATEKEY_ASN1 653 - # define SSL_F_SSL_USE_PRIVATEKEY 201 - # define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 - # define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 -@@ -262,6 +273,20 @@ int ERR_load_SSL_strings(void); - # define SSL_F_SSL_WRITE_EX 433 - # define SSL_F_SSL_WRITE_INTERNAL 524 - # define SSL_F_STATE_MACHINE 353 -+# define SSL_F_TLCP_CHOOSE_SIGALG 662 -+# define SSL_F_TLCP_CONSTRUCT_CKE_SM2DHE 663 -+# define SSL_F_TLCP_CONSTRUCT_CKE_SM2ECC 658 -+# define SSL_F_TLCP_CONSTRUCT_CLIENT_KEY_EXCHANGE 654 -+# define SSL_F_TLCP_CONSTRUCT_SERVER_KEY_EXCHANGE 655 -+# define SSL_F_TLCP_CONSTRUCT_SKE_SM2DHE 664 -+# define SSL_F_TLCP_CONSTRUCT_SKE_SM2ECC 659 -+# define SSL_F_TLCP_DERIVE 665 -+# define SSL_F_TLCP_PROCESS_CKE_SM2DHE 666 -+# define SSL_F_TLCP_PROCESS_CKE_SM2ECC 660 -+# define SSL_F_TLCP_PROCESS_CLIENT_KEY_EXCHANGE 656 -+# define SSL_F_TLCP_PROCESS_KEY_EXCHANGE 657 -+# define SSL_F_TLCP_PROCESS_SKE_SM2DHE 667 -+# define SSL_F_TLCP_PROCESS_SKE_SM2ECC 661 - # define SSL_F_TLS12_CHECK_PEER_SIGALG 333 - # define SSL_F_TLS12_COPY_SIGALGS 533 - # define SSL_F_TLS13_CHANGE_CIPHER_STATE 440 -diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h -index 76d9fda..f05382a 100644 ---- a/include/openssl/tls1.h -+++ b/include/openssl/tls1.h -@@ -24,6 +24,7 @@ extern "C" { - # define OPENSSL_TLS_SECURITY_LEVEL 1 - # endif - -+# define TLCP_VERSION 0x0101 - # define TLS1_VERSION 0x0301 - # define TLS1_1_VERSION 0x0302 - # define TLS1_2_VERSION 0x0303 -@@ -33,6 +34,9 @@ extern "C" { - /* Special value for method supporting multiple versions */ - # define TLS_ANY_VERSION 0x10000 - -+# define TLCP_VERSION_MAJOR 0x01 -+# define TLCP_VERSION_MINOR 0x01 -+ - # define TLS1_VERSION_MAJOR 0x03 - # define TLS1_VERSION_MINOR 0x01 - -@@ -73,6 +77,14 @@ extern "C" { - # define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ - # define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */ - -+/* TLCP(GB/T 38636-2020) alerts */ -+# define TLCP_AD_UNSUPPORTED_SITE2SITE 200 /* fatal */ -+# define TLCP_AD_NO_AREA 201 -+# define TLCP_AD_UNSUPPORTED_AREATYPE 202 -+# define TLCP_AD_BAD_IBCPARAM 203 /* fatal */ -+# define TLCP_AD_UNSUPPORTED_IBCPARAM 204 /* fatal */ -+# define TLCP_AD_IDENTITY_NEED 205 /* fatal */ -+ - /* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ - # define TLSEXT_TYPE_server_name 0 - # define TLSEXT_TYPE_max_fragment_length 1 -@@ -641,6 +653,10 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) - # define TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06E - # define TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06F - -+/* some TLCP ciphersuites from GB/T 38636-2020 */ -+# define TLCP_CK_ECDHE_SM2_WITH_SM4_CBC_SM3 0x0300E011 -+# define TLCP_CK_ECC_SM2_WITH_SM4_CBC_SM3 0x0300E013 -+ - /* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ - # define TLS1_RFC_RSA_WITH_AES_128_SHA "TLS_RSA_WITH_AES_128_CBC_SHA" - # define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" -@@ -1127,6 +1143,10 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) - # define TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "RSA-PSK-ARIA128-GCM-SHA256" - # define TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "RSA-PSK-ARIA256-GCM-SHA384" - -+/* some TLCP ciphersuites from GB/T 38636-2020 */ -+# define TLCP_TXT_ECDHE_SM2_WITH_SM4_CBC_SM3 "ECDHE-SM4-CBC-SM3" -+# define TLCP_TXT_ECC_SM2_WITH_SM4_CBC_SM3 "ECC-SM4-CBC-SM3" -+ - # define TLS_CT_RSA_SIGN 1 - # define TLS_CT_DSS_SIGN 2 - # define TLS_CT_RSA_FIXED_DH 3 -diff --git a/include/openssl/x509.h b/include/openssl/x509.h -index 42e9eee..f6e82f1 100644 ---- a/include/openssl/x509.h -+++ b/include/openssl/x509.h -@@ -55,6 +55,10 @@ extern "C" { - # define X509v3_KU_ENCIPHER_ONLY 0x0001 - # define X509v3_KU_DECIPHER_ONLY 0x8000 - # define X509v3_KU_UNDEF 0xffff -+/* For TLCP sm2 certificates */ -+# define X509v3_KU_SM2_SIGN (X509v3_KU_DIGITAL_SIGNATURE | X509v3_KU_NON_REPUDIATION) -+# define X509v3_KU_SM2_ENC_ENCIPHERMENT (X509v3_KU_KEY_ENCIPHERMENT | X509v3_KU_DATA_ENCIPHERMENT) -+# define X509v3_KU_SM2_ENC_CIPHER_ONLY (X509v3_KU_ENCIPHER_ONLY | X509v3_KU_DECIPHER_ONLY) - - struct X509_algor_st { - ASN1_OBJECT *algorithm; -diff --git a/include/openssl/x509err.h b/include/openssl/x509err.h -index 0a84ef0..1e51e04 100644 ---- a/include/openssl/x509err.h -+++ b/include/openssl/x509err.h -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -84,7 +84,7 @@ int ERR_load_X509_strings(void); - # define X509_F_X509_TO_X509_REQ 126 - # define X509_F_X509_TRUST_ADD 133 - # define X509_F_X509_TRUST_SET 141 --# define X509_F_X509_VERIFY 161 -+# define X509_F_X509_VERIFY 166 - # define X509_F_X509_VERIFY_CERT 127 - # define X509_F_X509_VERIFY_PARAM_NEW 159 - # define X509_F_X509_VERIFY_SM2 162 -diff --git a/ssl/methods.c b/ssl/methods.c -index c5e8898..2a6cd73 100644 ---- a/ssl/methods.c -+++ b/ssl/methods.c -@@ -109,6 +109,25 @@ IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1, - IMPLEMENT_ssl3_meth_func(sslv3_client_method, - ssl_undefined_function, ossl_statem_connect) - #endif -+/*- -+ * TLCP methods -+ */ -+#ifndef OPENSSL_NO_TLCP -+IMPLEMENT_tls_meth_func(TLCP_VERSION, 0, SSL_OP_NO_TLCP, -+ tlcp_method, -+ ossl_statem_accept, -+ ossl_statem_connect, TLCP_enc_data) -+ -+IMPLEMENT_tls_meth_func(TLCP_VERSION, 0, SSL_OP_NO_TLCP, -+ tlcp_server_method, -+ ossl_statem_accept, -+ ssl_undefined_function, TLCP_enc_data) -+ -+IMPLEMENT_tls_meth_func(TLCP_VERSION, 0, SSL_OP_NO_TLCP, -+ tlcp_client_method, -+ ssl_undefined_function, -+ ossl_statem_connect, TLCP_enc_data) -+#endif - /*- - * DTLS methods - */ -@@ -207,6 +226,23 @@ const SSL_METHOD *TLSv1_1_client_method(void) - } - # endif - -+# ifndef OPENSSL_NO_TLCP -+const SSL_METHOD *TLCP_method(void) -+{ -+ return tlcp_method(); -+} -+ -+const SSL_METHOD *TLCP_server_method(void) -+{ -+ return tlcp_server_method(); -+} -+ -+const SSL_METHOD *TLCP_client_method(void) -+{ -+ return tlcp_client_method(); -+} -+# endif -+ - # ifndef OPENSSL_NO_TLS1_METHOD - const SSL_METHOD *TLSv1_method(void) - { -diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c -index f158544..af825b1 100644 ---- a/ssl/record/ssl3_record.c -+++ b/ssl/record/ssl3_record.c -@@ -309,7 +309,11 @@ int ssl3_get_record(SSL *s) - return -1; - } - -+#ifndef OPENSSL_NO_TLCP -+ if ((version >> 8) != SSL3_VERSION_MAJOR && (version != TLCP_VERSION)) { -+#else - if ((version >> 8) != SSL3_VERSION_MAJOR) { -+#endif - if (RECORD_LAYER_is_first_record(&s->rlayer)) { - /* Go back to start of packet, look at the five bytes - * that we have. */ -diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index 918cab0..5ecd953 100644 ---- a/ssl/s3_lib.c -+++ b/ssl/s3_lib.c -@@ -15,6 +15,8 @@ - #include "ssl_local.h" - #include - #include -+#include "include/crypto/sm2.h" -+#include - #include - #include "internal/cryptlib.h" - -@@ -2667,6 +2669,43 @@ static SSL_CIPHER ssl3_ciphers[] = { - }, - #endif /* OPENSSL_NO_GOST */ - -+#ifndef OPENSSL_NO_TLCP -+ { -+ 1, -+ TLCP_TXT_ECDHE_SM2_WITH_SM4_CBC_SM3, -+ NULL, -+ TLCP_CK_ECDHE_SM2_WITH_SM4_CBC_SM3, -+ SSL_kSM2DHE, -+ SSL_aSM2, -+ SSL_SM4CBC, -+ SSL_SM3, -+ TLCP_VERSION, -+ TLS1_2_VERSION, -+ 0, 0, -+ SSL_HIGH, -+ SSL_HANDSHAKE_MAC_SM3 | TLS1_PRF_SM3, -+ 128, -+ 128, -+ }, -+ { -+ 1, -+ TLCP_TXT_ECC_SM2_WITH_SM4_CBC_SM3, -+ NULL, -+ TLCP_CK_ECC_SM2_WITH_SM4_CBC_SM3, -+ SSL_kSM2ECC, -+ SSL_aSM2, -+ SSL_SM4CBC, -+ SSL_SM3, -+ TLCP_VERSION, -+ TLS1_2_VERSION, -+ 0, 0, -+ SSL_HIGH, -+ SSL_HANDSHAKE_MAC_SM3 | TLS1_PRF_SM3, -+ 128, -+ 128, -+ }, -+#endif /* OPENSSL_NO_TLCP */ -+ - #ifndef OPENSSL_NO_IDEA - { - 1, -@@ -4313,6 +4352,20 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, - ret = tmp; - continue; - } -+#ifndef OPENSSL_NO_TLCP -+ /* Prefer ECC-SM4-CBC-SM3 while enabling TLCP */ -+ if (!(s->options & SSL_OP_NO_TLCP)) { -+ const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii); -+ -+ if (tmp->id == TLCP_CK_ECC_SM2_WITH_SM4_CBC_SM3) { -+ ret = tmp; -+ break; -+ } -+ if (ret == NULL) -+ ret = tmp; -+ continue; -+ } -+#endif - ret = sk_SSL_CIPHER_value(allow, ii); - break; - } -@@ -4856,3 +4909,76 @@ EVP_PKEY *ssl_dh_to_pkey(DH *dh) - return ret; - } - #endif -+ -+#ifndef OPENSSL_NO_TLCP -+int tlcp_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey) -+{ -+ unsigned char *pms; -+ int pmslen = SSL_MAX_MASTER_KEY_LENGTH; -+ EC_KEY *tmp_peer_pub_key, *tmp_self_priv_key; -+ EC_KEY *self_priv_key, *peer_pub_key; -+ X509 *peer_enc_cert; -+ int ret; -+ -+ if ((tmp_self_priv_key = EVP_PKEY_get0_EC_KEY(privkey)) == NULL -+ || (tmp_peer_pub_key = EVP_PKEY_get0_EC_KEY(pubkey)) == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_DERIVE, -+ ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ -+ if (s->cert->pkeys[SSL_PKEY_SM2_ENC].privatekey == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_DERIVE, -+ ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ -+ if ((self_priv_key = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_SM2_ENC].privatekey)) == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_DERIVE, -+ ERR_R_EC_LIB); -+ return 0; -+ } -+ -+ peer_enc_cert = ssl_get_sm2_enc_cert(s, s->session->peer_chain); -+ if (peer_enc_cert == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_DERIVE, -+ ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ -+ if ((peer_pub_key = EVP_PKEY_get0_EC_KEY(X509_get0_pubkey(peer_enc_cert))) == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_DERIVE, -+ ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ -+ pms = OPENSSL_malloc(pmslen); -+ if (pms == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_DERIVE, -+ ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ -+ if (SM2_compute_key(pms, pmslen, s->server, -+ SM2_DEFAULT_USERID, SM2_DEFAULT_USERID_LEN, -+ SM2_DEFAULT_USERID, SM2_DEFAULT_USERID_LEN, -+ tmp_peer_pub_key, tmp_self_priv_key, -+ peer_pub_key, self_priv_key, -+ EVP_sm3()) != pmslen) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_DERIVE, -+ ERR_R_INTERNAL_ERROR); -+ OPENSSL_free(pms); -+ return 0; -+ } -+ -+ if (s->server) { -+ ret = ssl_generate_master_secret(s, pms, (size_t)pmslen, 1); -+ } else { -+ s->s3->tmp.pms = pms; -+ s->s3->tmp.pmslen = pmslen; -+ ret = 1; -+ } -+ -+ return ret; -+} -+#endif -diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c -index 9264364..beb3c3b 100644 ---- a/ssl/ssl_asn1.c -+++ b/ssl/ssl_asn1.c -@@ -265,7 +265,8 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, - - if ((as->ssl_version >> 8) != SSL3_VERSION_MAJOR - && (as->ssl_version >> 8) != DTLS1_VERSION_MAJOR -- && as->ssl_version != DTLS1_BAD_VER) { -+ && as->ssl_version != DTLS1_BAD_VER -+ && as->ssl_version != TLCP_VERSION) { - SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION); - goto err; - } -diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c -index e7feda8..73d76a5 100644 ---- a/ssl/ssl_cert.c -+++ b/ssl/ssl_cert.c -@@ -937,18 +937,31 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, - return 0; - /* Level 3: forward secure ciphersuites only */ - if (level >= 3 && c->min_tls != TLS1_3_VERSION && -+#ifndef OPENSSL_NO_TLCP -+ !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH | SSL_kSM2DHE))) -+#else - !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))) -+#endif - return 0; - break; - } - case SSL_SECOP_VERSION: - if (!SSL_IS_DTLS(s)) { -+#ifndef OPENSSL_NO_TLCP -+ /* SSLv3 not allowed at level 2 */ -+ if (nid <= SSL3_VERSION && nid != TLCP_VERSION && level >= 2) -+ return 0; -+ /* TLS v1.1 and above only for level 3 */ -+ if (nid <= TLS1_VERSION && nid != TLCP_VERSION && level >= 3) -+ return 0; -+#else - /* SSLv3 not allowed at level 2 */ - if (nid <= SSL3_VERSION && level >= 2) - return 0; - /* TLS v1.1 and above only for level 3 */ - if (nid <= TLS1_VERSION && level >= 3) - return 0; -+#endif - /* TLS v1.2 only for level 4 and above */ - if (nid <= TLS1_1_VERSION && level >= 4) - return 0; -@@ -1003,6 +1016,11 @@ const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx) - { - int nid = EVP_PKEY_id(pk); - size_t tmpidx; -+#ifndef OPENSSL_NO_TLCP -+ if (EVP_PKEY_is_sm2((EVP_PKEY *)pk)) { -+ nid = NID_sm2; -+ } -+#endif - - if (nid == NID_undef) - return NULL; -diff --git a/ssl/ssl_cert_table.h b/ssl/ssl_cert_table.h -index 0c47241..1e1864f 100644 ---- a/ssl/ssl_cert_table.h -+++ b/ssl/ssl_cert_table.h -@@ -19,5 +19,9 @@ static const SSL_CERT_LOOKUP ssl_cert_info [] = { - {NID_id_GostR3410_2012_256, SSL_aGOST12}, /* SSL_PKEY_GOST12_256 */ - {NID_id_GostR3410_2012_512, SSL_aGOST12}, /* SSL_PKEY_GOST12_512 */ - {EVP_PKEY_ED25519, SSL_aECDSA}, /* SSL_PKEY_ED25519 */ -- {EVP_PKEY_ED448, SSL_aECDSA} /* SSL_PKEY_ED448 */ -+ {EVP_PKEY_ED448, SSL_aECDSA}, /* SSL_PKEY_ED448 */ -+#ifndef OPENSSL_NO_TLCP -+ {EVP_PKEY_SM2, SSL_aSM2}, /* SSL_PKEY_SM2_SIGN */ -+ {EVP_PKEY_SM2, SSL_aSM2} /* SSL_PKEY_SM2_ENC */ -+#endif - }; -diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index b8eba0c..b0d50b5 100644 ---- a/ssl/ssl_ciph.c -+++ b/ssl/ssl_ciph.c -@@ -43,7 +43,12 @@ - #define SSL_ENC_CHACHA_IDX 19 - #define SSL_ENC_ARIA128GCM_IDX 20 - #define SSL_ENC_ARIA256GCM_IDX 21 -+#ifndef OPENSSL_NO_TLCP -+#define SSL_ENC_SM4CBC_IDX 22 -+#define SSL_ENC_NUM_IDX 23 -+#else - #define SSL_ENC_NUM_IDX 22 -+#endif - - /* NB: make sure indices in these tables match values above */ - -@@ -76,6 +81,9 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { - {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */ - {SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */ - {SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */ -+#ifndef OPENSSL_NO_TLCP -+ {SSL_SM4CBC, NID_sm4_cbc}, /* SSL_ENC_SM4CBC_IDX 22*/ -+#endif - }; - - static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]; -@@ -110,11 +118,17 @@ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = { - {SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */ - {0, NID_md5_sha1}, /* SSL_MD_MD5_SHA1_IDX 9 */ - {0, NID_sha224}, /* SSL_MD_SHA224_IDX 10 */ -- {0, NID_sha512} /* SSL_MD_SHA512_IDX 11 */ -+ {0, NID_sha512}, /* SSL_MD_SHA512_IDX 11 */ -+#ifndef OPENSSL_NO_TLCP -+ {SSL_SM3, NID_sm3} /* SSL_MD_SM3_IDX 12 */ -+#endif - }; - - static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { -- NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL -+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, -+#ifndef OPENSSL_NO_TLCP -+ NULL -+#endif - }; - - /* *INDENT-OFF* */ -@@ -172,7 +186,10 @@ static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { - /* GOST2012_512 */ - EVP_PKEY_HMAC, - /* MD5/SHA1, SHA224, SHA512 */ -- NID_undef, NID_undef, NID_undef -+ NID_undef, NID_undef, NID_undef, -+#ifndef OPENSSL_NO_TLCP -+ EVP_PKEY_HMAC -+#endif - }; - - static size_t ssl_mac_secret_size[SSL_MD_NUM_IDX]; -@@ -1696,6 +1713,14 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) - case SSL_kANY: - kx = "any"; - break; -+#ifndef OPENSSL_NO_TLCP -+ case SSL_kSM2ECC: -+ kx = "SM2ECC"; -+ break; -+ case SSL_kSM2DHE: -+ kx = "SM2DHE"; -+ break; -+#endif - default: - kx = "unknown"; - } -@@ -1729,6 +1754,11 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) - case SSL_aANY: - au = "any"; - break; -+#ifndef OPENSSL_NO_TLCP -+ case SSL_aSM2: -+ au = "SM2"; -+ break; -+#endif - default: - au = "unknown"; - break; -@@ -1799,6 +1829,11 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) - case SSL_CHACHA20POLY1305: - enc = "CHACHA20/POLY1305(256)"; - break; -+#ifndef OPENSSL_NO_TLCP -+ case SSL_SM4CBC: -+ enc = "SM4CBC"; -+ break; -+#endif - default: - enc = "unknown"; - break; -@@ -1831,6 +1866,11 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) - case SSL_GOST12_512: - mac = "GOST2012"; - break; -+#ifndef OPENSSL_NO_TLCP -+ case SSL_SM3: -+ mac = "SM3"; -+ break; -+#endif - default: - mac = "unknown"; - break; -diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c -index 324f2cc..5a7c42a 100644 ---- a/ssl/ssl_err.c -+++ b/ssl/ssl_err.c -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -113,6 +113,8 @@ static const ERR_STRING_DATA SSL_str_functs[] = { - "ossl_statem_server_post_process_message"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_POST_WORK, 0), - "ossl_statem_server_post_work"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_PRE_WORK, 0), -+ "ossl_statem_server_pre_work"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE, 0), - "ossl_statem_server_process_message"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION, 0), -@@ -244,6 +246,14 @@ static const ERR_STRING_DATA SSL_str_functs[] = { - "SSL_CTX_use_certificate_ASN1"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, 0), - "SSL_CTX_use_certificate_file"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_GM_CERTIFICATE, 0), -+ "SSL_CTX_use_gm_certificate"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_GM_CERTIFICATE_ASN1, 0), -+ "SSL_CTX_use_gm_certificate_ASN1"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_GM_PRIVATEKEY, 0), -+ "SSL_CTX_use_gm_PrivateKey"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_GM_PRIVATEKEY_ASN1, 0), -+ "SSL_CTX_use_gm_PrivateKey_ASN1"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PRIVATEKEY, 0), - "SSL_CTX_use_PrivateKey"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, 0), -@@ -285,8 +295,10 @@ static const ERR_STRING_DATA SSL_str_functs[] = { - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_INIT_WBIO_BUFFER, 0), - "ssl_init_wbio_buffer"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_KEY_UPDATE, 0), "SSL_key_update"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_LOAD_CERT_FILE, 0), "ssl_load_cert_file"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_LOAD_CLIENT_CA_FILE, 0), - "SSL_load_client_CA_file"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_LOAD_PKEY_FILE, 0), "ssl_load_pkey_file"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_LOG_MASTER_SECRET, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, 0), - "ssl_log_rsa_client_key_exchange"}, -@@ -331,6 +343,8 @@ static const ERR_STRING_DATA SSL_str_functs[] = { - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CT_VALIDATION_CALLBACK, 0), - "SSL_set_ct_validation_callback"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_FD, 0), "SSL_set_fd"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_GM_CERT_AND_KEY, 0), -+ "ssl_set_gm_cert_and_key"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_PKEY, 0), "ssl_set_pkey"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_RFD, 0), "SSL_set_rfd"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_SESSION, 0), "SSL_set_session"}, -@@ -338,6 +352,10 @@ static const ERR_STRING_DATA SSL_str_functs[] = { - "SSL_set_session_id_context"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_SESSION_TICKET_EXT, 0), - "SSL_set_session_ticket_ext"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_SIGN_ENC_CERT, 0), -+ "ssl_set_sign_enc_cert"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_SIGN_ENC_PKEY, 0), -+ "ssl_set_sign_enc_pkey"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH, 0), - "SSL_set_tlsext_max_fragment_length"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_WFD, 0), "SSL_set_wfd"}, -@@ -355,6 +373,14 @@ static const ERR_STRING_DATA SSL_str_functs[] = { - "SSL_use_certificate_ASN1"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_CERTIFICATE_FILE, 0), - "SSL_use_certificate_file"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_GM_CERTIFICATE, 0), -+ "SSL_use_gm_certificate"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_GM_CERTIFICATE_ASN1, 0), -+ "SSL_use_gm_certificate_ASN1"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_GM_PRIVATEKEY, 0), -+ "SSL_use_gm_PrivateKey"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_GM_PRIVATEKEY_ASN1, 0), -+ "SSL_use_gm_PrivateKey_ASN1"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PRIVATEKEY, 0), "SSL_use_PrivateKey"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PRIVATEKEY_ASN1, 0), - "SSL_use_PrivateKey_ASN1"}, -@@ -380,6 +406,32 @@ static const ERR_STRING_DATA SSL_str_functs[] = { - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_EX, 0), "SSL_write_ex"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_INTERNAL, 0), "ssl_write_internal"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_STATE_MACHINE, 0), "state_machine"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_TLCP_CHOOSE_SIGALG, 0), "tlcp_choose_sigalg"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_TLCP_CONSTRUCT_CKE_SM2DHE, 0), -+ "tlcp_construct_cke_sm2dhe"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_TLCP_CONSTRUCT_CKE_SM2ECC, 0), -+ "tlcp_construct_cke_sm2ecc"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_TLCP_CONSTRUCT_CLIENT_KEY_EXCHANGE, 0), -+ "tlcp_construct_client_key_exchange"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_TLCP_CONSTRUCT_SERVER_KEY_EXCHANGE, 0), -+ "tlcp_construct_server_key_exchange"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_TLCP_CONSTRUCT_SKE_SM2DHE, 0), -+ "tlcp_construct_ske_sm2dhe"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_TLCP_CONSTRUCT_SKE_SM2ECC, 0), -+ "tlcp_construct_ske_sm2ecc"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_TLCP_DERIVE, 0), "tlcp_derive"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_TLCP_PROCESS_CKE_SM2DHE, 0), -+ "tlcp_process_cke_sm2dhe"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_TLCP_PROCESS_CKE_SM2ECC, 0), -+ "tlcp_process_cke_sm2ecc"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_TLCP_PROCESS_CLIENT_KEY_EXCHANGE, 0), -+ "tlcp_process_client_key_exchange"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_TLCP_PROCESS_KEY_EXCHANGE, 0), -+ "tlcp_process_key_exchange"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_TLCP_PROCESS_SKE_SM2DHE, 0), -+ "tlcp_process_ske_sm2dhe"}, -+ {ERR_PACK(ERR_LIB_SSL, SSL_F_TLCP_PROCESS_SKE_SM2ECC, 0), -+ "tlcp_process_ske_sm2ecc"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS12_CHECK_PEER_SIGALG, 0), - "tls12_check_peer_sigalg"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS12_COPY_SIGALGS, 0), "tls12_copy_sigalgs"}, -diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index 78c4f99..27e5ed2 100644 ---- a/ssl/ssl_lib.c -+++ b/ssl/ssl_lib.c -@@ -560,8 +560,14 @@ static int ssl_check_allowed_versions(int min_version, int max_version) - #ifdef OPENSSL_NO_TLS1_3 - || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version) - #endif -- ) -+ ) { -+#ifndef OPENSSL_NO_TLCP -+ if (min_version == TLCP_VERSION || max_version == TLCP_VERSION) { -+ return 1; -+ } -+#endif - return 0; -+ } - } - return 1; - } -@@ -3365,6 +3371,9 @@ void ssl_set_masks(SSL *s) - unsigned long mask_k, mask_a; - #ifndef OPENSSL_NO_EC - int have_ecc_cert, ecdsa_ok; -+#endif -+#ifndef OPENSSL_NO_TLCP -+ int tlcp_sm2_sign, tlcp_sm2_enc; - #endif - if (c == NULL) - return; -@@ -3380,14 +3389,23 @@ void ssl_set_masks(SSL *s) - dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID; - #ifndef OPENSSL_NO_EC - have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID; -+#endif -+#ifndef OPENSSL_NO_TLCP -+ tlcp_sm2_sign = ssl_has_cert(s, SSL_PKEY_SM2_SIGN); -+ tlcp_sm2_enc = ssl_has_cert(s, SSL_PKEY_SM2_ENC); - #endif - mask_k = 0; - mask_a = 0; - - #ifdef CIPHER_DEBUG -+#ifndef OPENSSL_NO_TLCP -+ fprintf(stderr, "dht=%d re=%d rs=%d ds=%d tss=%d tse=%d\n", -+ dh_tmp, rsa_enc, rsa_sign, dsa_sign, tlcp_sm2_sign, tlcp_sm2_enc); -+#else - fprintf(stderr, "dht=%d re=%d rs=%d ds=%d\n", - dh_tmp, rsa_enc, rsa_sign, dsa_sign); - #endif -+#endif - - #ifndef OPENSSL_NO_GOST - if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) { -@@ -3457,6 +3475,14 @@ void ssl_set_masks(SSL *s) - mask_k |= SSL_kECDHE; - #endif - -+#ifndef OPENSSL_NO_TLCP -+ if (tlcp_sm2_sign) -+ mask_a |= SSL_aSM2; -+ -+ if (tlcp_sm2_enc) -+ mask_k |= SSL_kSM2ECC | SSL_kSM2DHE; -+#endif -+ - #ifndef OPENSSL_NO_PSK - mask_k |= SSL_kPSK; - mask_a |= SSL_aPSK; -@@ -3786,6 +3812,11 @@ const char *ssl_protocol_to_string(int version) - case TLS1_VERSION: - return "TLSv1"; - -+#ifndef OPENSSL_NO_TLCP -+ case TLCP_VERSION: -+ return "TLCP"; -+#endif -+ - case SSL3_VERSION: - return "SSLv3"; - -@@ -5700,3 +5731,51 @@ void SSL_set_allow_early_data_cb(SSL *s, - s->allow_early_data_cb = cb; - s->allow_early_data_cb_data = arg; - } -+ -+#ifndef OPENSSL_NO_TLCP -+int ssl_is_sm2_cert(X509 *x) -+{ -+ return x && EVP_PKEY_is_sm2(X509_get0_pubkey(x)); -+} -+ -+int ssl_is_sm2_sign_usage(X509 *x) -+{ -+ return x && (X509_get_extension_flags(x) & EXFLAG_KUSAGE) && -+ (X509_get_key_usage(x) & X509v3_KU_SM2_SIGN); -+} -+ -+int ssl_is_sm2_enc_usage(X509 *x) -+{ -+ return x && (X509_get_extension_flags(x) & EXFLAG_KUSAGE) && -+ ((X509_get_key_usage(x) & X509v3_KU_SM2_ENC_ENCIPHERMENT) || -+ ((X509_get_key_usage(x) & X509v3_KU_SM2_ENC_CIPHER_ONLY) && -+ (X509_get_key_usage(x) & X509v3_KU_KEY_AGREEMENT)) -+ ); -+} -+ -+X509 *ssl_get_sm2_enc_cert(SSL *s, STACK_OF(X509) *chain) -+{ -+ X509 *x; -+ int i; -+ -+ for (i = sk_X509_num(chain) - 1; i >= 0 ; --i) { -+ x = sk_X509_value(chain, i); -+ if (ssl_is_sm2_cert(x) && ssl_is_sm2_enc_usage(x)) { -+ return x; -+ } -+ } -+ return NULL; -+} -+ -+int ssl_get_sm2_cert_id(X509 *x, size_t *id) -+{ -+ if (ssl_is_sm2_sign_usage(x) && !ssl_is_sm2_enc_usage(x)) { -+ *id = SSL_PKEY_SM2_SIGN; -+ return 1; -+ } else if (!ssl_is_sm2_sign_usage(x) && ssl_is_sm2_enc_usage(x)) { -+ *id = SSL_PKEY_SM2_ENC; -+ return 1; -+ } -+ return 0; -+} -+#endif -\ No newline at end of file -diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h -index a33cb9a..8135248 100644 ---- a/ssl/ssl_local.h -+++ b/ssl/ssl_local.h -@@ -177,6 +177,13 @@ - # define SSL_kECDHEPSK 0x00000080U - # define SSL_kDHEPSK 0x00000100U - -+#ifndef OPENSSL_NO_TLCP -+/* TLCP ECC*/ -+# define SSL_kSM2ECC 0x00000800U -+/* TLCP ECDHE */ -+# define SSL_kSM2DHE 0x00001000U -+#endif -+ - /* all PSK */ - - # define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK) -@@ -203,9 +210,21 @@ - # define SSL_aGOST12 0x00000080U - /* Any appropriate signature auth (for TLS 1.3 ciphersuites) */ - # define SSL_aANY 0x00000000U -+ -+#ifndef OPENSSL_NO_TLCP -+/* SM2 auth */ -+# define SSL_aSM2 0x00000100U -+#endif -+ -+#ifndef OPENSSL_NO_TLCP -+/* All bits requiring a certificate */ -+#define SSL_aCERT \ -+ (SSL_aRSA | SSL_aDSS | SSL_aECDSA | SSL_aGOST01 | SSL_aGOST12 | SSL_aSM2) -+#else - /* All bits requiring a certificate */ - #define SSL_aCERT \ - (SSL_aRSA | SSL_aDSS | SSL_aECDSA | SSL_aGOST01 | SSL_aGOST12) -+#endif - - /* Bits for algorithm_enc (symmetric encryption) */ - # define SSL_DES 0x00000001U -@@ -231,6 +250,10 @@ - # define SSL_ARIA128GCM 0x00100000U - # define SSL_ARIA256GCM 0x00200000U - -+#ifndef OPENSSL_NO_TLCP -+# define SSL_SM4CBC 0x00800000U -+#endif -+ - # define SSL_AESGCM (SSL_AES128GCM | SSL_AES256GCM) - # define SSL_AESCCM (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8) - # define SSL_AES (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM) -@@ -253,6 +276,10 @@ - # define SSL_GOST89MAC12 0x00000100U - # define SSL_GOST12_512 0x00000200U - -+#ifndef OPENSSL_NO_TLCP -+# define SSL_SM3 0x00000400U -+#endif -+ - /* - * When adding new digest in the ssl_ciph.c and increment SSL_MD_NUM_IDX make - * sure to update this constant too -@@ -270,8 +297,12 @@ - # define SSL_MD_MD5_SHA1_IDX 9 - # define SSL_MD_SHA224_IDX 10 - # define SSL_MD_SHA512_IDX 11 -+#ifndef OPENSSL_NO_TLCP -+# define SSL_MD_SM3_IDX 12 -+# define SSL_MAX_DIGEST 13 -+#else - # define SSL_MAX_DIGEST 12 -- -+#endif - /* Bits for algorithm2 (handshake digests and other extra flags) */ - - /* Bits 0-7 are handshake MAC */ -@@ -283,6 +314,9 @@ - # define SSL_HANDSHAKE_MAC_GOST12_256 SSL_MD_GOST12_256_IDX - # define SSL_HANDSHAKE_MAC_GOST12_512 SSL_MD_GOST12_512_IDX - # define SSL_HANDSHAKE_MAC_DEFAULT SSL_HANDSHAKE_MAC_MD5_SHA1 -+#ifndef OPENSSL_NO_TLCP -+# define SSL_HANDSHAKE_MAC_SM3 SSL_MD_SM3_IDX -+#endif - - /* Bits 8-15 bits are PRF */ - # define TLS1_PRF_DGST_SHIFT 8 -@@ -293,6 +327,9 @@ - # define TLS1_PRF_GOST12_256 (SSL_MD_GOST12_256_IDX << TLS1_PRF_DGST_SHIFT) - # define TLS1_PRF_GOST12_512 (SSL_MD_GOST12_512_IDX << TLS1_PRF_DGST_SHIFT) - # define TLS1_PRF (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT) -+#ifndef OPENSSL_NO_TLCP -+# define TLS1_PRF_SM3 (SSL_MD_SM3_IDX << TLS1_PRF_DGST_SHIFT) -+#endif - - /* - * Stream MAC for GOST ciphersuites from cryptopro draft (currently this also -@@ -318,6 +355,8 @@ - /* Check if an SSL structure is using DTLS */ - # define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) - -+# define SSL_IS_TLCP(s) (s->version == TLCP_VERSION) -+ - /* Check if we are using TLSv1.3 */ - # define SSL_IS_TLS13(s) (!SSL_IS_DTLS(s) \ - && (s)->method->version >= TLS1_3_VERSION \ -@@ -383,7 +422,13 @@ - # define SSL_PKEY_GOST12_512 6 - # define SSL_PKEY_ED25519 7 - # define SSL_PKEY_ED448 8 -+#ifndef OPENSSL_NO_TLCP -+# define SSL_PKEY_SM2_SIGN 9 -+# define SSL_PKEY_SM2_ENC 10 -+# define SSL_PKEY_NUM 11 -+#else - # define SSL_PKEY_NUM 9 -+#endif - - /*- - * SSL_kRSA <- RSA_ENC -@@ -2027,6 +2072,9 @@ typedef enum downgrade_en { - #define TLSEXT_SIGALG_ecdsa_secp521r1_sha512 0x0603 - #define TLSEXT_SIGALG_ecdsa_sha224 0x0303 - #define TLSEXT_SIGALG_ecdsa_sha1 0x0203 -+#ifndef OPENSSL_NO_TLCP -+#define TLSEXT_SIGALG_sm2dsa_sm3 0x0708 -+#endif - #define TLSEXT_SIGALG_rsa_pss_rsae_sha256 0x0804 - #define TLSEXT_SIGALG_rsa_pss_rsae_sha384 0x0805 - #define TLSEXT_SIGALG_rsa_pss_rsae_sha512 0x0806 -@@ -2096,6 +2144,18 @@ __owur const SSL_METHOD *dtls_bad_ver_client_method(void); - __owur const SSL_METHOD *dtlsv1_2_method(void); - __owur const SSL_METHOD *dtlsv1_2_server_method(void); - __owur const SSL_METHOD *dtlsv1_2_client_method(void); -+# ifndef OPENSSL_NO_TLCP -+__owur const SSL_METHOD *tlcp_method(void); -+__owur const SSL_METHOD *tlcp_server_method(void); -+__owur const SSL_METHOD *tlcp_client_method(void); -+ -+/* TLCP helper functions */ -+__owur int ssl_is_sm2_cert(X509 *x); -+__owur int ssl_is_sm2_sign_usage(X509 *x); -+__owur int ssl_is_sm2_enc_usage(X509 *x); -+__owur X509 *ssl_get_sm2_enc_cert(SSL *s, STACK_OF(X509) *chain); -+__owur int ssl_get_sm2_cert_id(X509 *x, size_t *id); -+# endif - - extern const SSL3_ENC_METHOD TLSv1_enc_data; - extern const SSL3_ENC_METHOD TLSv1_1_enc_data; -@@ -2104,6 +2164,9 @@ extern const SSL3_ENC_METHOD TLSv1_3_enc_data; - extern const SSL3_ENC_METHOD SSLv3_enc_data; - extern const SSL3_ENC_METHOD DTLSv1_enc_data; - extern const SSL3_ENC_METHOD DTLSv1_2_enc_data; -+# ifndef OPENSSL_NO_TLCP -+extern const SSL3_ENC_METHOD TLCP_enc_data; -+# endif - - /* - * Flags for SSL methods -@@ -2331,6 +2394,7 @@ __owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, - __owur EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm); - __owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, - int genmaster); -+__owur int tlcp_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey); - __owur EVP_PKEY *ssl_dh_to_pkey(DH *dh); - __owur unsigned int ssl_get_max_send_fragment(const SSL *ssl); - __owur unsigned int ssl_get_split_send_fragment(const SSL *ssl); -@@ -2502,6 +2566,9 @@ __owur int tls13_export_keying_material_early(SSL *s, unsigned char *out, - __owur int tls1_alert_code(int code); - __owur int tls13_alert_code(int code); - __owur int ssl3_alert_code(int code); -+# ifndef OPENSSL_NO_TLCP -+__owur int tlcp_alert_code(int code); -+# endif - - # ifndef OPENSSL_NO_EC - __owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); -diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c -index 6457c0c..5a495ec 100644 ---- a/ssl/ssl_rsa.c -+++ b/ssl/ssl_rsa.c -@@ -19,6 +19,15 @@ - static int ssl_set_cert(CERT *c, X509 *x509); - static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); - -+#ifndef OPENSSL_NO_TLCP -+#include -+ -+static int ssl_set_sign_enc_pkey(CERT *c, EVP_PKEY *pkey, size_t id); -+static int ssl_set_sign_enc_cert(CERT *c, X509 *x, size_t id); -+static int ssl_load_pkey_file(SSL *ssl, SSL_CTX *ctx, const char *file, int type, EVP_PKEY **pkey); -+static int ssl_load_cert_file(SSL *ssl, SSL_CTX *ctx, const char *file, int type, X509 **x); -+#endif -+ - #define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \ - | SSL_EXT_CLIENT_HELLO \ - | SSL_EXT_TLS1_2_SERVER_HELLO \ -@@ -97,6 +106,99 @@ int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) - return ret; - } - -+#ifndef OPENSSL_NO_TLCP -+static int ssl_load_cert_file(SSL *ssl, SSL_CTX *ctx, const char *file, int type, X509 **x) -+{ -+ int j; -+ BIO *in; -+ int ret = 0; -+ *x = NULL; -+ -+ in = BIO_new(BIO_s_file()); -+ if (in == NULL) { -+ SSLerr(SSL_F_SSL_LOAD_CERT_FILE, ERR_R_BUF_LIB); -+ goto end; -+ } -+ -+ if (BIO_read_filename(in, file) <= 0) { -+ SSLerr(SSL_F_SSL_LOAD_CERT_FILE, ERR_R_SYS_LIB); -+ goto end; -+ } -+ if (type == SSL_FILETYPE_ASN1) { -+ j = ERR_R_ASN1_LIB; -+ *x = d2i_X509_bio(in, NULL); -+ } else if (type == SSL_FILETYPE_PEM) { -+ j = ERR_R_PEM_LIB; -+ pem_password_cb *cb = (ssl != NULL) ? ssl->default_passwd_callback : -+ ctx->default_passwd_callback; -+ void *userdata = (ssl != NULL) ? ssl->default_passwd_callback_userdata : -+ ctx->default_passwd_callback_userdata; -+ *x = PEM_read_bio_X509(in, NULL, cb, userdata); -+ } else { -+ SSLerr(SSL_F_SSL_LOAD_CERT_FILE, SSL_R_BAD_SSL_FILETYPE); -+ goto end; -+ } -+ -+ if (*x == NULL) { -+ SSLerr(SSL_F_SSL_LOAD_CERT_FILE, j); -+ goto end; -+ } -+ ret = 1; -+end: -+ BIO_free(in); -+ return ret; -+} -+ -+int SSL_use_gm_certificate(SSL *ssl, X509 *x, int usage) -+{ -+ int rv; -+ if (x == NULL) { -+ SSLerr(SSL_F_SSL_USE_GM_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ rv = ssl_security_cert(ssl, NULL, x, 0, 1); -+ if (rv != 1) { -+ SSLerr(SSL_F_SSL_USE_GM_CERTIFICATE, rv); -+ return 0; -+ } -+ if (usage == SSL_USAGE_SIG) { -+ return ssl_set_sign_enc_cert(ssl->cert, x, SSL_PKEY_SM2_SIGN); -+ } else if (usage == SSL_USAGE_ENC) { -+ return ssl_set_sign_enc_cert(ssl->cert, x, SSL_PKEY_SM2_ENC); -+ } -+ SSLerr(SSL_F_SSL_USE_GM_CERTIFICATE, ERR_R_PASSED_INVALID_ARGUMENT); -+ return 0; -+} -+ -+int SSL_use_gm_certificate_ASN1(SSL *ssl, const unsigned char *d, int len, int usage) -+{ -+ X509 *x; -+ int ret; -+ -+ x = d2i_X509(NULL, &d, (long)len); -+ if (x == NULL) { -+ SSLerr(SSL_F_SSL_USE_GM_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); -+ return 0; -+ } -+ -+ ret = SSL_use_gm_certificate(ssl, x, usage); -+ X509_free(x); -+ return ret; -+} -+ -+int SSL_use_gm_certificate_file(SSL *ssl, const char *file, int type, int usage) -+{ -+ int ret; -+ X509 *x = NULL; -+ ret = ssl_load_cert_file(ssl, NULL, file, type, &x); -+ if (ret == 1) { -+ ret = SSL_use_gm_certificate(ssl, x, usage); -+ } -+ X509_free(x); -+ return ret; -+} -+#endif -+ - #ifndef OPENSSL_NO_RSA - int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) - { -@@ -162,6 +264,50 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) - return 1; - } - -+#ifndef OPENSSL_NO_TLCP -+int ssl_set_sign_enc_pkey(CERT *c, EVP_PKEY *pkey, size_t id) -+{ -+ if (id != SSL_PKEY_SM2_SIGN && id != SSL_PKEY_SM2_ENC) { -+ SSLerr(SSL_F_SSL_SET_SIGN_ENC_PKEY, ERR_R_PASSED_INVALID_ARGUMENT); -+ return 0; -+ } -+ -+ if (EVP_PKEY_is_sm2(pkey) == 0) { -+ SSLerr(SSL_F_SSL_SET_SIGN_ENC_PKEY, SSL_R_UNKNOWN_PKEY_TYPE); -+ return 0; -+ } -+ -+ if (c->pkeys[id].x509 != NULL) { -+ EVP_PKEY *pktmp; -+ pktmp = X509_get0_pubkey(c->pkeys[id].x509); -+ if (pktmp == NULL) { -+ SSLerr(SSL_F_SSL_SET_SIGN_ENC_PKEY, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ /* -+ * The return code from EVP_PKEY_copy_parameters is deliberately -+ * ignored. Some EVP_PKEY types cannot do this. -+ */ -+ EVP_PKEY_copy_parameters(pktmp, pkey); -+ ERR_clear_error(); -+ -+ if (!X509_check_private_key(c->pkeys[id].x509, pkey)) { -+ X509_free(c->pkeys[id].x509); -+ c->pkeys[id].x509 = NULL; -+ return 0; -+ } -+ } -+ -+ EVP_PKEY_free(c->pkeys[id].privatekey); -+ EVP_PKEY_up_ref(pkey); -+ c->pkeys[id].privatekey = pkey; -+ if (id != SSL_PKEY_SM2_ENC) { -+ c->key = &(c->pkeys[id]); -+ } -+ return 1; -+} -+#endif -+ - #ifndef OPENSSL_NO_RSA - int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) - { -@@ -228,6 +374,17 @@ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) - SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } -+#ifndef OPENSSL_NO_TLCP -+ if (EVP_PKEY_is_sm2(pkey)) { -+ if (X509_check_private_key(ssl->cert->pkeys[SSL_PKEY_SM2_SIGN].x509, pkey)) { -+ return ssl_set_sign_enc_pkey(ssl->cert, pkey, SSL_PKEY_SM2_SIGN); -+ } else if (X509_check_private_key(ssl->cert->pkeys[SSL_PKEY_SM2_ENC].x509, pkey)) { -+ return ssl_set_sign_enc_pkey(ssl->cert, pkey, SSL_PKEY_SM2_ENC); -+ } -+ SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_INVALID_ARGUMENT); -+ return 0; -+ } -+#endif - ret = ssl_set_pkey(ssl->cert, pkey); - return ret; - } -@@ -289,6 +446,94 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, - return ret; - } - -+#ifndef OPENSSL_NO_TLCP -+static int ssl_load_pkey_file(SSL *ssl, SSL_CTX *ctx, const char *file, int type, EVP_PKEY **pkey) -+{ -+ int j, ret = 0; -+ BIO *in; -+ *pkey = NULL; -+ -+ in = BIO_new(BIO_s_file()); -+ if (in == NULL) { -+ SSLerr(SSL_F_SSL_LOAD_PKEY_FILE, ERR_R_BUF_LIB); -+ goto end; -+ } -+ -+ if (BIO_read_filename(in, file) <= 0) { -+ SSLerr(SSL_F_SSL_LOAD_PKEY_FILE, ERR_R_SYS_LIB); -+ goto end; -+ } -+ if (type == SSL_FILETYPE_PEM) { -+ j = ERR_R_PEM_LIB; -+ pem_password_cb *cb = (ssl != NULL) ? ssl->default_passwd_callback : -+ ctx->default_passwd_callback; -+ void *userdata = (ssl != NULL) ? ssl->default_passwd_callback_userdata : -+ ctx->default_passwd_callback_userdata; -+ *pkey = PEM_read_bio_PrivateKey(in, NULL, cb, userdata); -+ } else if (type == SSL_FILETYPE_ASN1) { -+ j = ERR_R_ASN1_LIB; -+ *pkey = d2i_PrivateKey_bio(in, NULL); -+ } else { -+ SSLerr(SSL_F_SSL_LOAD_PKEY_FILE, SSL_R_BAD_SSL_FILETYPE); -+ goto end; -+ } -+ if (*pkey == NULL) { -+ SSLerr(SSL_F_SSL_LOAD_PKEY_FILE, j); -+ goto end; -+ } -+ ret = 1; -+end: -+ BIO_free(in); -+ return ret; -+} -+ -+int SSL_use_gm_PrivateKey(SSL *ssl, EVP_PKEY *pkey, int usage) -+{ -+ if (pkey == NULL) { -+ SSLerr(SSL_F_SSL_USE_GM_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ if (usage == SSL_USAGE_SIG) { -+ return ssl_set_sign_enc_pkey(ssl->cert, pkey, SSL_PKEY_SM2_SIGN); -+ } else if (usage == SSL_USAGE_ENC) { -+ return ssl_set_sign_enc_pkey(ssl->cert, pkey, SSL_PKEY_SM2_ENC); -+ } -+ SSLerr(SSL_F_SSL_USE_GM_PRIVATEKEY, ERR_R_PASSED_INVALID_ARGUMENT); -+ return 0; -+} -+ -+int SSL_use_gm_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, -+ long len, int usage) -+{ -+ int ret; -+ const unsigned char *p; -+ EVP_PKEY *pkey; -+ -+ p = d; -+ if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) { -+ SSLerr(SSL_F_SSL_USE_GM_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); -+ return 0; -+ } -+ -+ ret = SSL_use_gm_PrivateKey(ssl, pkey, usage); -+ EVP_PKEY_free(pkey); -+ return ret; -+} -+ -+int SSL_use_gm_PrivateKey_file(SSL *ssl, const char *file, int type, int usage) -+{ -+ int ret; -+ EVP_PKEY *pkey = NULL; -+ -+ ret = ssl_load_pkey_file(ssl, NULL, file, type, &pkey); -+ if (ret == 1) { -+ ret = SSL_use_gm_PrivateKey(ssl, pkey, usage); -+ } -+ EVP_PKEY_free(pkey); -+ return ret; -+} -+#endif -+ - int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) - { - int rv; -@@ -319,6 +564,12 @@ static int ssl_set_cert(CERT *c, X509 *x) - SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE); - return 0; - } -+#ifndef OPENSSL_NO_TLCP -+ if (i == SSL_PKEY_SM2_SIGN && !ssl_get_sm2_cert_id(x, &i)) { -+ SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE); -+ return 0; -+ } -+#endif - #ifndef OPENSSL_NO_EC - if (i == SSL_PKEY_ECC && !EC_KEY_can_sign(EVP_PKEY_get0_EC_KEY(pkey))) { - SSLerr(SSL_F_SSL_SET_CERT, SSL_R_ECC_CERT_NOT_FOR_SIGNING); -@@ -349,7 +600,13 @@ static int ssl_set_cert(CERT *c, X509 *x) - X509_free(c->pkeys[i].x509); - X509_up_ref(x); - c->pkeys[i].x509 = x; -+#ifndef OPENSSL_NO_TLCP -+ if (i != SSL_PKEY_SM2_ENC) { -+ c->key = &(c->pkeys[i]); -+ } -+#else - c->key = &(c->pkeys[i]); -+#endif - - return 1; - } -@@ -411,6 +668,109 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) - return ret; - } - -+#ifndef OPENSSL_NO_TLCP -+static int ssl_set_sign_enc_cert(CERT *c, X509 *x, size_t id) -+{ -+ EVP_PKEY *pkey; -+ -+ pkey = X509_get0_pubkey(x); -+ if (pkey == NULL) { -+ SSLerr(SSL_F_SSL_SET_SIGN_ENC_CERT, SSL_R_X509_LIB); -+ return 0; -+ } -+ -+ if (ssl_is_sm2_cert(x) == 0 || -+ (id == SSL_PKEY_SM2_ENC && !ssl_is_sm2_enc_usage(x)) || -+ (id == SSL_PKEY_SM2_SIGN && !ssl_is_sm2_sign_usage(x))) { -+ SSLerr(SSL_F_SSL_SET_SIGN_ENC_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE); -+ return 0; -+ } -+ -+ if (id == SSL_PKEY_SM2_SIGN && !EC_KEY_can_sign(EVP_PKEY_get0_EC_KEY(pkey))) { -+ SSLerr(SSL_F_SSL_SET_SIGN_ENC_CERT, SSL_R_ECC_CERT_NOT_FOR_SIGNING); -+ return 0; -+ } -+ -+ if (c->pkeys[id].privatekey != NULL) { -+ /* -+ * The return code from EVP_PKEY_copy_parameters is deliberately -+ * ignored. Some EVP_PKEY types cannot do this. -+ */ -+ EVP_PKEY_copy_parameters(pkey, c->pkeys[id].privatekey); -+ ERR_clear_error(); -+ -+ if (!X509_check_private_key(x, c->pkeys[id].privatekey)) { -+ /* -+ * don't fail for a cert/key mismatch, just free current private -+ * key (when switching to a different cert & key, first this -+ * function should be used, then ssl_set_pkey -+ */ -+ EVP_PKEY_free(c->pkeys[id].privatekey); -+ c->pkeys[id].privatekey = NULL; -+ /* clear error queue */ -+ ERR_clear_error(); -+ } -+ } -+ -+ X509_free(c->pkeys[id].x509); -+ X509_up_ref(x); -+ c->pkeys[id].x509 = x; -+ if (id != SSL_PKEY_SM2_ENC) { -+ c->key = &(c->pkeys[id]); -+ } -+ return 1; -+} -+ -+int SSL_CTX_use_gm_certificate(SSL_CTX *ctx, X509 *x, int usage) -+{ -+ int rv; -+ if (x == NULL) { -+ SSLerr(SSL_F_SSL_CTX_USE_GM_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ rv = ssl_security_cert(NULL, ctx, x, 0, 1); -+ if (rv != 1) { -+ SSLerr(SSL_F_SSL_CTX_USE_GM_CERTIFICATE, rv); -+ return 0; -+ } -+ if (usage == SSL_USAGE_SIG) { -+ return ssl_set_sign_enc_cert(ctx->cert, x, SSL_PKEY_SM2_SIGN); -+ } else if (usage == SSL_USAGE_ENC) { -+ return ssl_set_sign_enc_cert(ctx->cert, x, SSL_PKEY_SM2_ENC); -+ } -+ SSLerr(SSL_F_SSL_CTX_USE_GM_CERTIFICATE, ERR_R_PASSED_INVALID_ARGUMENT); -+ return 0; -+} -+ -+int SSL_CTX_use_gm_certificate_file(SSL_CTX *ctx, const char *file, int type, int usage) -+{ -+ int ret; -+ X509 *x = NULL; -+ ret = ssl_load_cert_file(NULL, ctx, file, type, &x); -+ if (ret == 1) { -+ ret = SSL_CTX_use_gm_certificate(ctx, x, usage); -+ } -+ X509_free(x); -+ return ret; -+} -+ -+int SSL_CTX_use_gm_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d, int usage) -+{ -+ X509 *x; -+ int ret; -+ -+ x = d2i_X509(NULL, &d, (long)len); -+ if (x == NULL) { -+ SSLerr(SSL_F_SSL_CTX_USE_GM_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); -+ return 0; -+ } -+ -+ ret = SSL_CTX_use_gm_certificate(ctx, x, usage); -+ X509_free(x); -+ return ret; -+} -+#endif -+ - #ifndef OPENSSL_NO_RSA - int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) - { -@@ -502,6 +862,17 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } -+#ifndef OPENSSL_NO_TLCP -+ if (EVP_PKEY_is_sm2(pkey)) { -+ if (X509_check_private_key(ctx->cert->pkeys[SSL_PKEY_SM2_SIGN].x509, pkey)) { -+ return ssl_set_sign_enc_pkey(ctx->cert, pkey, SSL_PKEY_SM2_SIGN); -+ } else if (X509_check_private_key(ctx->cert->pkeys[SSL_PKEY_SM2_ENC].x509, pkey)) { -+ return ssl_set_sign_enc_pkey(ctx->cert, pkey, SSL_PKEY_SM2_ENC); -+ } -+ SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_INVALID_ARGUMENT); -+ return 0; -+ } -+#endif - return ssl_set_pkey(ctx->cert, pkey); - } - -@@ -562,6 +933,54 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, - return ret; - } - -+#ifndef OPENSSL_NO_TLCP -+int SSL_CTX_use_gm_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey, int usage) -+{ -+ if (pkey == NULL) { -+ SSLerr(SSL_F_SSL_CTX_USE_GM_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); -+ return 0; -+ } -+ if (usage == SSL_USAGE_SIG) { -+ return ssl_set_sign_enc_pkey(ctx->cert, pkey, SSL_PKEY_SM2_SIGN); -+ } else if (usage == SSL_USAGE_ENC) { -+ return ssl_set_sign_enc_pkey(ctx->cert, pkey, SSL_PKEY_SM2_ENC); -+ } -+ SSLerr(SSL_F_SSL_CTX_USE_GM_PRIVATEKEY, ERR_R_PASSED_INVALID_ARGUMENT); -+ return 0; -+} -+ -+int SSL_CTX_use_gm_PrivateKey_file(SSL_CTX *ctx, const char *file, int type, int usage) -+{ -+ int ret; -+ EVP_PKEY *pkey = NULL; -+ -+ ret = ssl_load_pkey_file(NULL, ctx, file, type, &pkey); -+ if (ret == 1) { -+ ret = SSL_CTX_use_gm_PrivateKey(ctx, pkey, usage); -+ } -+ EVP_PKEY_free(pkey); -+ return ret; -+} -+ -+int SSL_CTX_use_gm_PrivateKey_ASN1(int type, SSL_CTX *ctx, -+ const unsigned char *d, long len, int usage) -+{ -+ int ret; -+ const unsigned char *p; -+ EVP_PKEY *pkey; -+ -+ p = d; -+ if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) { -+ SSLerr(SSL_F_SSL_CTX_USE_GM_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); -+ return 0; -+ } -+ -+ ret = SSL_CTX_use_gm_PrivateKey(ctx, pkey, usage); -+ EVP_PKEY_free(pkey); -+ return ret; -+} -+#endif -+ - /* - * Read a file that contains our certificate in "PEM" format, possibly - * followed by a sequence of CA certificates that should be sent to the peer -@@ -1073,6 +1492,12 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr - SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE); - goto out; - } -+#ifndef OPENSSL_NO_TLCP -+ if (i == SSL_PKEY_SM2_SIGN && !ssl_get_sm2_cert_id(x509, &i)) { -+ SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE); -+ return 0; -+ } -+#endif - - if (!override && (c->pkeys[i].x509 != NULL - || c->pkeys[i].privatekey != NULL -@@ -1101,7 +1526,13 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr - EVP_PKEY_up_ref(privatekey); - c->pkeys[i].privatekey = privatekey; - -+#ifndef OPENSSL_NO_TLCP -+ if (i != SSL_PKEY_SM2_ENC) { -+ c->key = &(c->pkeys[i]); -+ } -+#else - c->key = &(c->pkeys[i]); -+#endif - - ret = 1; - out: -@@ -1120,3 +1551,113 @@ int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, - { - return ssl_set_cert_and_key(NULL, ctx, x509, privatekey, chain, override); - } -+ -+#ifndef OPENSSL_NO_TLCP -+static int ssl_set_gm_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, -+ STACK_OF(X509) *chain, int override, int usage) -+{ -+ int ret = 0; -+ size_t id; -+ int j; -+ int rv; -+ CERT *c = ssl != NULL ? ssl->cert : ctx->cert; -+ STACK_OF(X509) *dup_chain = NULL; -+ EVP_PKEY *pubkey = NULL; -+ -+ /* Do all security checks before anything else */ -+ rv = ssl_security_cert(ssl, ctx, x509, 0, 1); -+ if (rv != 1) { -+ SSLerr(SSL_F_SSL_SET_GM_CERT_AND_KEY, rv); -+ goto out; -+ } -+ for (j = 0; j < sk_X509_num(chain); j++) { -+ rv = ssl_security_cert(ssl, ctx, sk_X509_value(chain, j), 0, 0); -+ if (rv != 1) { -+ SSLerr(SSL_F_SSL_SET_GM_CERT_AND_KEY, rv); -+ goto out; -+ } -+ } -+ -+ pubkey = X509_get_pubkey(x509); /* bumps reference */ -+ if (pubkey == NULL) -+ goto out; -+ if (privatekey == NULL) { -+ privatekey = pubkey; -+ } else { -+ /* For RSA, which has no parameters, missing returns 0 */ -+ if (EVP_PKEY_missing_parameters(privatekey)) { -+ if (EVP_PKEY_missing_parameters(pubkey)) { -+ /* nobody has parameters? - error */ -+ SSLerr(SSL_F_SSL_SET_GM_CERT_AND_KEY, SSL_R_MISSING_PARAMETERS); -+ goto out; -+ } else { -+ /* copy to privatekey from pubkey */ -+ EVP_PKEY_copy_parameters(privatekey, pubkey); -+ } -+ } else if (EVP_PKEY_missing_parameters(pubkey)) { -+ /* copy to pubkey from privatekey */ -+ EVP_PKEY_copy_parameters(pubkey, privatekey); -+ } /* else both have parameters */ -+ -+ /* check that key <-> cert match */ -+ if (EVP_PKEY_cmp(pubkey, privatekey) != 1) { -+ SSLerr(SSL_F_SSL_SET_GM_CERT_AND_KEY, SSL_R_PRIVATE_KEY_MISMATCH); -+ goto out; -+ } -+ } -+ if (usage == SSL_USAGE_SIG) { -+ id = SSL_PKEY_SM2_SIGN; -+ } else if (usage == SSL_USAGE_ENC) { -+ id = SSL_PKEY_SM2_ENC; -+ } else { -+ SSLerr(SSL_F_SSL_SET_GM_CERT_AND_KEY, ERR_R_PASSED_INVALID_ARGUMENT); -+ goto out; -+ } -+ -+ if (!override && (c->pkeys[id].x509 != NULL -+ || c->pkeys[id].privatekey != NULL -+ || c->pkeys[id].chain != NULL)) { -+ /* No override, and something already there */ -+ SSLerr(SSL_F_SSL_SET_GM_CERT_AND_KEY, SSL_R_NOT_REPLACING_CERTIFICATE); -+ goto out; -+ } -+ -+ if (chain != NULL) { -+ dup_chain = X509_chain_up_ref(chain); -+ if (dup_chain == NULL) { -+ SSLerr(SSL_F_SSL_SET_GM_CERT_AND_KEY, ERR_R_MALLOC_FAILURE); -+ goto out; -+ } -+ } -+ -+ sk_X509_pop_free(c->pkeys[id].chain, X509_free); -+ c->pkeys[id].chain = dup_chain; -+ -+ X509_free(c->pkeys[id].x509); -+ X509_up_ref(x509); -+ c->pkeys[id].x509 = x509; -+ -+ EVP_PKEY_free(c->pkeys[id].privatekey); -+ EVP_PKEY_up_ref(privatekey); -+ c->pkeys[id].privatekey = privatekey; -+ if (id != SSL_PKEY_SM2_ENC) { -+ c->key = &(c->pkeys[id]); -+ } -+ ret = 1; -+ out: -+ EVP_PKEY_free(pubkey); -+ return ret; -+} -+ -+int SSL_use_gm_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, -+ STACK_OF(X509) *chain, int override, int usage) -+{ -+ return ssl_set_gm_cert_and_key(ssl, NULL, x509, privatekey, chain, override, usage); -+} -+ -+int SSL_CTX_use_gm_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, -+ STACK_OF(X509) *chain, int override, int usage) -+{ -+ return ssl_set_gm_cert_and_key(NULL, ctx, x509, privatekey, chain, override, usage); -+} -+#endif -\ No newline at end of file -diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c -index cda6b7c..fb354e6 100644 ---- a/ssl/ssl_sess.c -+++ b/ssl/ssl_sess.c -@@ -283,6 +283,9 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss) - GEN_SESSION_CB cb = def_generate_session_id; - - switch (s->version) { -+#ifndef OPENSSL_NO_TLCP -+ case TLCP_VERSION: -+#endif - case SSL3_VERSION: - case TLS1_VERSION: - case TLS1_1_VERSION: -diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c -index ca51c03..1750bdb 100644 ---- a/ssl/ssl_stat.c -+++ b/ssl/ssl_stat.c -@@ -312,6 +312,20 @@ const char *SSL_alert_desc_string(int value) - return "BH"; - case TLS1_AD_UNKNOWN_PSK_IDENTITY: - return "UP"; -+#ifndef OPENSSL_NO_TLCP -+ case TLCP_AD_UNSUPPORTED_SITE2SITE: -+ return "U2"; -+ case TLCP_AD_NO_AREA: -+ return "NA"; -+ case TLCP_AD_UNSUPPORTED_AREATYPE: -+ return "AT"; -+ case TLCP_AD_BAD_IBCPARAM: -+ return "BI"; -+ case TLCP_AD_UNSUPPORTED_IBCPARAM: -+ return "UI"; -+ case TLCP_AD_IDENTITY_NEED: -+ return "IN"; -+#endif - default: - return "UK"; - } -@@ -382,6 +396,20 @@ const char *SSL_alert_desc_string_long(int value) - return "unknown PSK identity"; - case TLS1_AD_NO_APPLICATION_PROTOCOL: - return "no application protocol"; -+#ifndef OPENSSL_NO_TLCP -+ case TLCP_AD_UNSUPPORTED_SITE2SITE: -+ return "unsupported site2site"; -+ case TLCP_AD_NO_AREA: -+ return "no area"; -+ case TLCP_AD_UNSUPPORTED_AREATYPE: -+ return "unsupported areatype"; -+ case TLCP_AD_BAD_IBCPARAM: -+ return "bad ibcparam"; -+ case TLCP_AD_UNSUPPORTED_IBCPARAM: -+ return "unsupported ibcparam"; -+ case TLCP_AD_IDENTITY_NEED: -+ return "identity need"; -+#endif - default: - return "unknown"; - } -diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c -index 0f39275..a03b6cd 100644 ---- a/ssl/statem/extensions.c -+++ b/ssl/statem/extensions.c -@@ -1056,7 +1056,11 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent) - && s->ext.ecpointformats_len > 0 - && s->ext.peer_ecpointformats != NULL - && s->ext.peer_ecpointformats_len > 0 -- && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) { -+ && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA) -+#ifndef OPENSSL_NO_TLCP -+ || (alg_k & SSL_kSM2DHE) || (alg_a & SSL_aSM2) -+#endif -+ )) { - /* we are using an ECC cipher */ - size_t i; - unsigned char *list = s->ext.peer_ecpointformats; -diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c -index 9d38ac2..23ca93e 100644 ---- a/ssl/statem/extensions_clnt.c -+++ b/ssl/statem/extensions_clnt.c -@@ -132,6 +132,9 @@ static int use_ecc(SSL *s) - alg_a = c->algorithm_auth; - if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) - || (alg_a & SSL_aECDSA) -+#ifndef OPENSSL_NO_TLCP -+ || (alg_k & SSL_kSM2DHE) || (alg_a & SSL_aSM2) -+#endif - || c->min_tls >= TLS1_3_VERSION) { - ret = 1; - break; -diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c -index 04f64f8..7c5e3bf 100644 ---- a/ssl/statem/extensions_srvr.c -+++ b/ssl/statem/extensions_srvr.c -@@ -1386,7 +1386,11 @@ EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, - { - unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; -- int using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) -+ int using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA) -+#ifndef OPENSSL_NO_TLCP -+ || (alg_k & SSL_kSM2DHE) || (alg_a & SSL_aSM2) -+#endif -+ ) - && (s->ext.peer_ecpointformats != NULL); - const unsigned char *plist; - size_t plistlen; -diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c -index 20f5bd5..d1fc2cc 100644 ---- a/ssl/statem/statem.c -+++ b/ssl/statem/statem.c -@@ -361,7 +361,11 @@ static int state_machine(SSL *s, int server) - goto end; - } - } else { -+#ifndef OPENSSL_NO_TLCP -+ if ((s->version >> 8) != SSL3_VERSION_MAJOR && s->version != TLCP_VERSION) { -+#else - if ((s->version >> 8) != SSL3_VERSION_MAJOR) { -+#endif - SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE, - ERR_R_INTERNAL_ERROR); - goto end; -diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c -index d1a3969..052a733 100644 ---- a/ssl/statem/statem_clnt.c -+++ b/ssl/statem/statem_clnt.c -@@ -61,6 +61,10 @@ static int key_exchange_expected(SSL *s) - { - long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - -+#ifndef OPENSSL_NO_TLCP -+ if (SSL_IS_TLCP(s)) -+ return 1; -+#endif - /* - * Can't skip server key exchange if this is an ephemeral - * ciphersuite or for SRP -@@ -2252,8 +2256,277 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) - #endif - } - -+#ifndef OPENSSL_NO_TLCP -+static int tlcp_process_ske_sm2ecc(SSL *s, PACKET *pkt) -+{ -+ EVP_MD_CTX *md_ctx = NULL; -+ EVP_PKEY_CTX *pctx = NULL; -+ unsigned char *encbuf = NULL; -+ unsigned char *tbs = NULL; -+ -+ PACKET signature; -+ X509 *peer_sign_cert; -+ X509 *peer_enc_cert; -+ EVP_PKEY *peer_sign_pkey; -+ const EVP_MD *md; -+ unsigned char *tmp; -+ int rv, ebuflen, tbslen; -+ -+ rv = 0; -+ peer_sign_cert = s->session->peer; -+ peer_enc_cert = ssl_get_sm2_enc_cert(s, s->session->peer_chain); -+ if (peer_sign_cert == NULL || peer_enc_cert == NULL -+ || !ssl_is_sm2_cert(peer_sign_cert) -+ || !ssl_is_sm2_sign_usage(peer_sign_cert)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_PROCESS_SKE_SM2ECC, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ peer_sign_pkey = X509_get0_pubkey(peer_sign_cert); -+ if (!EVP_PKEY_set_alias_type(peer_sign_pkey, EVP_PKEY_SM2)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_PROCESS_SKE_SM2ECC, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ /* Get the signature algorithm according to the peer sign key */ -+ if (SSL_USE_SIGALGS(s)) { -+ unsigned int sigalg; -+ -+ if (!PACKET_get_net_2(pkt, &sigalg)) { -+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLCP_PROCESS_SKE_SM2ECC, -+ SSL_R_LENGTH_TOO_SHORT); -+ goto err; -+ } -+ if (tls12_check_peer_sigalg(s, sigalg, peer_sign_pkey) <=0) { -+ /* SSLfatal() already called */ -+ goto err; -+ } -+ } else if (!tls1_set_peer_legacy_sigalg(s, peer_sign_pkey)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_PROCESS_SKE_SM2ECC, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ if (!tls1_lookup_md(s->s3->tmp.peer_sigalg, &md) -+ || EVP_PKEY_size(peer_sign_pkey) < 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_PROCESS_SKE_SM2ECC, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ if (!PACKET_get_length_prefixed_2(pkt, &signature) -+ || PACKET_remaining(pkt) != 0 -+ || PACKET_remaining(&signature) > EVP_PKEY_size(peer_sign_pkey)) { -+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLCP_PROCESS_SKE_SM2ECC, -+ SSL_R_LENGTH_MISMATCH); -+ goto err; -+ } -+ -+ ebuflen = i2d_X509(peer_enc_cert, NULL); -+ if (ebuflen < 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_PROCESS_SKE_SM2ECC, -+ ERR_R_BUF_LIB); -+ goto err; -+ } -+ -+ md_ctx = EVP_MD_CTX_new(); -+ encbuf = OPENSSL_malloc(ebuflen + 3); -+ if (md_ctx == NULL || encbuf == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_PROCESS_SKE_SM2ECC, -+ ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ /* Encode the DER encoding of an X509 structure, reserve 3 bytes for length */ -+ tmp = encbuf; -+ l2n3(ebuflen, tmp); -+ ebuflen = i2d_X509(peer_enc_cert, &tmp); -+ if (ebuflen < 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_PROCESS_SKE_SM2ECC, -+ ERR_R_BUF_LIB); -+ goto err; -+ } -+ ebuflen += 3; -+ -+ if (EVP_DigestVerifyInit(md_ctx, &pctx, md, NULL, peer_sign_pkey) <= 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_PROCESS_SKE_SM2ECC, -+ ERR_R_EVP_LIB); -+ goto err; -+ } -+ -+ tbslen = construct_key_exchange_tbs(s, &tbs, encbuf, ebuflen); -+ if (tbslen == 0) { -+ goto err; -+ } -+ -+ rv = EVP_DigestVerify(md_ctx, PACKET_data(&signature), -+ PACKET_remaining(&signature), tbs, tbslen); -+ if (rv <= 0) { -+ SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLCP_PROCESS_SKE_SM2ECC, -+ SSL_R_BAD_SIGNATURE); -+ } -+err: -+ OPENSSL_free(encbuf); -+ OPENSSL_free(tbs); -+ EVP_MD_CTX_free(md_ctx); -+ return rv; -+} -+ -+static int tlcp_process_ske_sm2dhe(SSL *s, PACKET *pkt) -+{ -+ unsigned char *ecparams; -+ int ecparams_len; -+ PACKET pt_encoded; -+ PACKET signature; -+ EVP_PKEY *pkey; -+ EVP_PKEY_CTX *pctx; -+ EVP_PKEY_CTX *verify_ctx; -+ EVP_MD_CTX *md_ctx = NULL; -+ char *id = "1234567812345678"; -+ int ret = 0; -+ int max_sig_len; -+ -+ if(!PACKET_get_bytes(pkt, (const unsigned char**)&ecparams, 3) -+ || !PACKET_get_length_prefixed_1(pkt, &pt_encoded) -+ || !PACKET_get_length_prefixed_2(pkt, &signature) -+ ) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_PROCESS_SKE_SM2DHE, SSL_R_LENGTH_TOO_SHORT); -+ return 0; -+ } -+ -+ if (PACKET_remaining(pkt) != 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_PROCESS_SKE_SM2DHE, SSL_R_LENGTH_TOO_LONG); -+ return 0; -+ } -+ -+ // generate tmp pkey s->s3->peer_tmp with peer pub key -+ if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_PROCESS_SKE_SM2DHE, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ -+ if (EVP_PKEY_paramgen_init(pctx) <= 0 -+ || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2) <= 0 -+ || EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_PROCESS_SKE_SM2DHE, ERR_R_EVP_LIB); -+ goto end; -+ } -+ -+ if (s->s3->peer_tmp == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_PROCESS_SKE_SM2DHE, ERR_R_INTERNAL_ERROR); -+ goto end; -+ } -+ -+ if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp, -+ PACKET_data(&pt_encoded), PACKET_remaining(&pt_encoded))) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_PROCESS_SKE_SM2DHE, SSL_R_BAD_ECPOINT); -+ goto end; -+ } -+ -+ // verify the msg using peer sign cert's pubkey -+ if ((pkey = X509_get0_pubkey(s->session->peer)) == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_PROCESS_SKE_SM2DHE, ERR_R_INTERNAL_ERROR); -+ goto end; -+ } -+ -+ max_sig_len = EVP_PKEY_size(pkey); -+ if (PACKET_remaining(&signature) > max_sig_len) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_PROCESS_SKE_SM2DHE, SSL_R_LENGTH_TOO_LONG); -+ goto end; -+ } -+ -+ if (!EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_PROCESS_SKE_SM2DHE, ERR_R_EVP_LIB); -+ goto end; -+ } -+ -+ if ((md_ctx = EVP_MD_CTX_new()) == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_PROCESS_SKE_SM2DHE, ERR_R_MALLOC_FAILURE); -+ goto end; -+ } -+ -+ if (EVP_DigestVerifyInit(md_ctx, &verify_ctx, EVP_sm3(), NULL, pkey) <= 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_PROCESS_SKE_SM2DHE, ERR_R_EVP_LIB); -+ goto end; -+ } -+ -+ if (EVP_PKEY_CTX_set1_id(verify_ctx, id, strlen(id)) <= 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_PROCESS_SKE_SM2DHE, ERR_R_EVP_LIB); -+ goto end; -+ } -+ -+ ecparams_len = PACKET_data(&pt_encoded) + PACKET_remaining(&pt_encoded) - ecparams; -+ if (EVP_DigestVerifyUpdate(md_ctx, s->s3->client_random, SSL3_RANDOM_SIZE) <= 0 -+ || EVP_DigestVerifyUpdate(md_ctx, s->s3->server_random, SSL3_RANDOM_SIZE) <= 0 -+ || EVP_DigestVerifyUpdate(md_ctx, ecparams, ecparams_len) <= 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_PROCESS_SKE_SM2DHE, ERR_R_EVP_LIB); -+ goto end; -+ } -+ -+ if (EVP_DigestVerifyFinal(md_ctx, -+ PACKET_data(&signature), PACKET_remaining(&signature)) <= 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_PROCESS_SKE_SM2DHE, SSL_R_BAD_SIGNATURE); -+ goto end; -+ } -+ -+ ret = 1; -+ -+end: -+ EVP_PKEY_CTX_free(pctx); -+ EVP_MD_CTX_free(md_ctx); -+ -+ return ret; -+} -+ -+static MSG_PROCESS_RETURN tlcp_process_key_exchange(SSL *s, PACKET *pkt) -+{ -+ unsigned long alg_k; -+ -+ alg_k = s->s3->tmp.new_cipher->algorithm_mkey; -+ -+ if (alg_k & SSL_kSM2ECC) { -+ if (!tlcp_process_ske_sm2ecc(s, pkt)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ } else if (alg_k & SSL_kSM2DHE) { -+ if (!tlcp_process_ske_sm2dhe(s, pkt)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ } else { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ return MSG_PROCESS_CONTINUE_READING; -+err: -+ return MSG_PROCESS_ERROR; -+} -+#endif -+ - MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) - { -+#ifndef OPENSSL_NO_TLCP -+ if (SSL_IS_TLCP(s)) -+ return tlcp_process_key_exchange(s, pkt); -+#endif - long alg_k; - EVP_PKEY *pkey = NULL; - EVP_MD_CTX *md_ctx = NULL; -@@ -3315,8 +3588,169 @@ static int tls_construct_cke_srp(SSL *s, WPACKET *pkt) - #endif - } - -+#ifndef OPENSSL_NO_TLCP -+static int tlcp_construct_cke_sm2ecc(SSL *s, WPACKET *pkt) -+{ -+ unsigned char *encdata = NULL; -+ EVP_PKEY_CTX *pctx = NULL; -+ unsigned char *pms = NULL; -+ size_t pmslen = 0; -+ -+ X509 *peer_enc_cert; -+ EVP_PKEY *peer_enc_pkey; -+ size_t enclen; -+ -+ peer_enc_cert = ssl_get_sm2_enc_cert(s, s->session->peer_chain); -+ peer_enc_pkey = X509_get0_pubkey(peer_enc_cert); -+ if (peer_enc_cert == NULL || peer_enc_pkey == NULL -+ || !EVP_PKEY_set_alias_type(peer_enc_pkey, EVP_PKEY_SM2)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_CONSTRUCT_CKE_SM2ECC, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ pmslen = SSL_MAX_MASTER_KEY_LENGTH; -+ pms = OPENSSL_malloc(pmslen); -+ if (pms == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_CKE_SM2ECC, -+ ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ pms[0] = s->client_version >> 8; -+ pms[1] = s->client_version & 0xff; -+ if (RAND_bytes(pms + 2, (int)(pmslen - 2)) <= 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_CKE_SM2ECC, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ if (!WPACKET_start_sub_packet_u16(pkt)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_CKE_SM2ECC, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ /* Encrypt premaster secret { client_version, random[46] }*/ -+ pctx = EVP_PKEY_CTX_new(peer_enc_pkey, NULL); -+ if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0 -+ || EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_CKE_SM2ECC, -+ ERR_R_EVP_LIB); -+ goto err; -+ } -+ if (!WPACKET_reserve_bytes(pkt, enclen, &encdata) -+ || EVP_PKEY_encrypt(pctx, encdata, &enclen, pms, pmslen) <= 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_CKE_SM2ECC, -+ ERR_R_EVP_LIB); -+ goto err; -+ } -+ pkt->written += enclen; -+ pkt->curr += enclen; -+ EVP_PKEY_CTX_free(pctx); -+ pctx = NULL; -+ -+ if (!WPACKET_close(pkt)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_CKE_SM2ECC, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ s->s3->tmp.pms = pms; -+ s->s3->tmp.pmslen = pmslen; -+ -+ return 1; -+err: -+ OPENSSL_clear_free(pms, pmslen); -+ EVP_PKEY_CTX_free(pctx); -+ return 0; -+} -+ -+static int tlcp_construct_cke_sm2dhe(SSL *s, WPACKET *pkt) -+{ -+ EVP_PKEY *skey, *ckey; -+ unsigned char * pt_encoded = NULL; -+ int pt_encoded_len; -+ int ret = 0; -+ -+ if ((skey = s->s3->peer_tmp) == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_CONSTRUCT_CKE_SM2DHE, ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ -+ if (!WPACKET_put_bytes_u8(pkt, NAMED_CURVE_TYPE) -+ || !WPACKET_put_bytes_u8(pkt, 0) -+ || !WPACKET_put_bytes_u8(pkt, 41)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_CONSTRUCT_CKE_SM2DHE, ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ -+ if ((ckey = ssl_generate_pkey(skey)) == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_CONSTRUCT_CKE_SM2DHE, ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ -+ if ((pt_encoded_len = EVP_PKEY_get1_tls_encodedpoint(ckey, &pt_encoded)) <= 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_CONSTRUCT_CKE_SM2DHE, ERR_R_EC_LIB); -+ goto end; -+ } -+ -+ if (!WPACKET_sub_memcpy_u8(pkt, pt_encoded, pt_encoded_len)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_CONSTRUCT_CKE_SM2DHE, ERR_R_INTERNAL_ERROR); -+ goto end; -+ } -+ -+ if (!tlcp_derive(s, ckey, skey)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_CONSTRUCT_CKE_SM2DHE, ERR_R_INTERNAL_ERROR); -+ goto end; -+ } -+ -+ ret = 1; -+ -+end: -+ EVP_PKEY_free(ckey); -+ if (pt_encoded) { -+ OPENSSL_free(pt_encoded); -+ } -+ -+ return ret; -+} -+ -+static int tlcp_construct_client_key_exchange(SSL *s, WPACKET *pkt) -+{ -+ unsigned long alg_k; -+ -+ alg_k = s->s3->tmp.new_cipher->algorithm_mkey; -+ -+ if (alg_k & SSL_kSM2ECC) { -+ if (!tlcp_construct_cke_sm2ecc(s, pkt)) -+ goto err; -+ } else if (alg_k & SSL_kSM2DHE) { -+ if (!tlcp_construct_cke_sm2dhe(s, pkt)) -+ goto err; -+ } else { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ return 1; -+err: -+ return 0; -+} -+#endif -+ - int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt) - { -+#ifndef OPENSSL_NO_TLCP -+ if (SSL_IS_TLCP(s)) -+ return tlcp_construct_client_key_exchange(s, pkt); -+#endif - unsigned long alg_k; - - alg_k = s->s3->tmp.new_cipher->algorithm_mkey; -diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c -index 695caab..777a474 100644 ---- a/ssl/statem/statem_lib.c -+++ b/ssl/statem/statem_lib.c -@@ -227,6 +227,29 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, - return 1; - } - -+#ifndef OPENSSL_NO_TLCP -+static int get_tbs_hash_data(void *hdata, size_t hdatalen, unsigned char *out, size_t *outlen) -+{ -+ EVP_MD_CTX *md_ctx; -+ int rv = 0; -+ -+ md_ctx = EVP_MD_CTX_new(); -+ if (md_ctx == NULL) -+ goto err; -+ -+ // TLCP is only used SM3 -+ if (!EVP_DigestInit(md_ctx, EVP_sm3()) -+ || !EVP_DigestUpdate(md_ctx, (const void *)hdata, hdatalen) -+ || !EVP_DigestFinal(md_ctx, out, (unsigned int *)outlen)) { -+ goto err; -+ } -+ rv = 1; -+err: -+ EVP_MD_CTX_free(md_ctx); -+ return rv; -+} -+#endif -+ - int tls_construct_cert_verify(SSL *s, WPACKET *pkt) - { - EVP_PKEY *pkey = NULL; -@@ -238,6 +261,9 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) - unsigned char *sig = NULL; - unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE]; - const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg; -+#ifndef OPENSSL_NO_TLCP -+ unsigned char out[EVP_MAX_MD_SIZE] = {0}; -+#endif - - if (lu == NULL || s->s3->tmp.cert == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, -@@ -251,6 +277,15 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) - ERR_R_INTERNAL_ERROR); - goto err; - } -+#ifndef OPENSSL_NO_TLCP -+ if (SSL_IS_TLCP(s) && EVP_PKEY_is_sm2(pkey)) { -+ if (!EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ } -+#endif - - mctx = EVP_MD_CTX_new(); - if (mctx == NULL) { -@@ -264,7 +299,17 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) - /* SSLfatal() already called */ - goto err; - } -- -+#ifndef OPENSSL_NO_TLCP -+ if (SSL_IS_TLCP(s)) { -+ if (!get_tbs_hash_data(hdata, hdatalen, out, &hdatalen)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ /* Use new hash data for sign */ -+ hdata = out; -+ } -+#endif - if (SSL_USE_SIGALGS(s) && !WPACKET_put_bytes_u16(pkt, lu->sigalg)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, - ERR_R_INTERNAL_ERROR); -@@ -359,6 +404,9 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) - unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE]; - EVP_MD_CTX *mctx = EVP_MD_CTX_new(); - EVP_PKEY_CTX *pctx = NULL; -+#ifndef OPENSSL_NO_TLCP -+ unsigned char out[EVP_MAX_MD_SIZE] = {0}; -+#endif - - if (mctx == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, -@@ -373,6 +421,15 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) - ERR_R_INTERNAL_ERROR); - goto err; - } -+#ifndef OPENSSL_NO_TLCP -+ if (SSL_IS_TLCP(s) && EVP_PKEY_is_sm2(pkey)) { -+ if (!EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ } -+#endif - - if (ssl_cert_lookup_by_pkey(pkey, NULL) == NULL) { - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_CERT_VERIFY, -@@ -448,6 +505,17 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) - /* SSLfatal() already called */ - goto err; - } -+#ifndef OPENSSL_NO_TLCP -+ if (SSL_IS_TLCP(s)) { -+ if (!get_tbs_hash_data(hdata, hdatalen, out, &hdatalen)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ /* Use new hash data for verify */ -+ hdata = out; -+ } -+#endif - - #ifdef SSL_DEBUG - fprintf(stderr, "Using client verify alg %s\n", -@@ -907,6 +975,60 @@ static int ssl_add_cert_to_wpacket(SSL *s, WPACKET *pkt, X509 *x, int chain) - return 1; - } - -+#ifndef OPENSSL_NO_TLCP -+static int ssl_add_sm2_cert_for_tlcp(SSL *s, STACK_OF(X509) *chain, WPACKET *pkt, X509 *sign_cert) -+{ -+ CERT_PKEY *enc_cpk; -+ X509 *x; -+ int i = 0; -+ int idx = 0; -+ int count; -+ X509 *enc_cert; -+ -+ enc_cpk = &s->cert->pkeys[SSL_PKEY_SM2_ENC]; -+ // server must have enc cert -+ if (s->server && (enc_cpk == NULL || enc_cpk->x509 == NULL)) -+ return 0; -+ -+ enc_cert = enc_cpk->x509; -+ -+ if (sign_cert != NULL) { -+ if (!ssl_add_cert_to_wpacket(s, pkt, sign_cert, idx++)) { -+ return 0; -+ } -+ } else { -+ if (!ssl_add_cert_to_wpacket(s, pkt, sk_X509_value(chain, i++), idx++)) { -+ return 0; -+ } -+ } -+ -+ // enc cert put the second position -+ if (enc_cert != NULL && (s->options & SSL_OP_ENCCERT_SECOND_POSITION)) { -+ if (!ssl_add_cert_to_wpacket(s, pkt, enc_cert, idx++)) { -+ return 0; -+ } -+ enc_cert = NULL; -+ } -+ -+ count = sk_X509_num(chain); -+ for (; i < count; i++) { -+ x = sk_X509_value(chain, i); -+ if (!ssl_add_cert_to_wpacket(s, pkt, x, idx++)) { -+ return 0; -+ } -+ } -+ -+ // enc cert in the last position -+ if (enc_cert) { -+ if (!ssl_add_cert_to_wpacket(s, pkt, enc_cpk->x509, idx++)) { -+ return 0; -+ } -+ } -+ -+ return 1; -+} -+#endif -+ - /* Add certificate chain to provided WPACKET */ - static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk) - { -@@ -972,6 +1094,14 @@ static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk) - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN, i); - return 0; - } -+#ifndef OPENSSL_NO_TLCP -+ if (SSL_IS_TLCP(s)) { -+ if (!ssl_add_sm2_cert_for_tlcp(s, chain, pkt, NULL)) { -+ X509_STORE_CTX_free(xs_ctx); -+ return 0; -+ } -+ } else { -+#endif - chain_count = sk_X509_num(chain); - for (i = 0; i < chain_count; i++) { - x = sk_X509_value(chain, i); -@@ -982,6 +1112,9 @@ static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk) - return 0; - } - } -+#ifndef OPENSSL_NO_TLCP -+ } -+#endif - X509_STORE_CTX_free(xs_ctx); - } else { - i = ssl_security_cert_chain(s, extra_certs, x, 0); -@@ -989,6 +1122,11 @@ static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk) - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN, i); - return 0; - } -+#ifndef OPENSSL_NO_TLCP -+ if (SSL_IS_TLCP(s)) { -+ return ssl_add_sm2_cert_for_tlcp(s, extra_certs, pkt, x); -+ } else { -+#endif - if (!ssl_add_cert_to_wpacket(s, pkt, x, 0)) { - /* SSLfatal() already called */ - return 0; -@@ -1000,6 +1138,9 @@ static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk) - return 0; - } - } -+#ifndef OPENSSL_NO_TLCP -+ } -+#endif - } - return 1; - } -@@ -1444,6 +1585,9 @@ static const version_info tls_version_table[] = { - #else - {TLS1_VERSION, NULL, NULL}, - #endif -+#ifndef OPENSSL_NO_TLCP -+ {TLCP_VERSION, tlcp_client_method, tlcp_server_method}, -+#endif - #ifndef OPENSSL_NO_SSL3 - {SSL3_VERSION, sslv3_client_method, sslv3_server_method}, - #else -@@ -1596,7 +1740,10 @@ int ssl_version_supported(const SSL *s, int version, const SSL_METHOD **meth) - } - - for (vent = table; -- vent->version != 0 && version_cmp(s, version, vent->version) <= 0; -+#ifndef OPENSSL_NO_TLCP -+ ((version == SSL3_VERSION) && (vent->version == TLCP_VERSION)) || -+#endif -+ (vent->version != 0 && version_cmp(s, version, vent->version) <= 0); - ++vent) { - if (vent->cmeth != NULL - && version_cmp(s, version, vent->version) == 0 -@@ -1675,8 +1822,11 @@ int ssl_set_version_bound(int method_version, int version, int *bound) - *bound = version; - return 1; - } -- -+#ifndef OPENSSL_NO_TLCP -+ valid_tls = version >= TLCP_VERSION && version <= TLS_MAX_VERSION; -+#else - valid_tls = version >= SSL3_VERSION && version <= TLS_MAX_VERSION; -+#endif - valid_dtls = - DTLS_VERSION_LE(version, DTLS_MAX_VERSION) && - DTLS_VERSION_GE(version, DTLS1_BAD_VER); -@@ -1868,6 +2018,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) - const SSL_METHOD *method; - - if (vent->smeth == NULL || -+#ifndef OPENSSL_NO_TLCP -+ ((client_version != TLCP_VERSION) && (vent->version == TLCP_VERSION)) || -+#endif - version_cmp(s, client_version, vent->version) < 0) - continue; - method = vent->smeth(); -@@ -2097,6 +2250,11 @@ int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version, - * A table entry with a NULL client method is still a hole in the - * "version capability" vector. - */ -+#ifndef OPENSSL_NO_TLCP -+ if (vent->version == TLCP_VERSION) { -+ continue; -+ } -+#endif - if (vent->cmeth == NULL) { - hole = 1; - tmp_real_max = 0; -@@ -2120,7 +2278,23 @@ int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version, - hole = 0; - } - } -- -+#ifndef OPENSSL_NO_TLCP -+ if (version == 0 && s->method->version == TLS_ANY_VERSION) { -+ /* -+ * enable tlcp condition (when only sslv3 version, dont choose tlcp): -+ * 1. version is TLS_ANY_VERSION, and all tls/ssl protocol disabled -+ * 2. max version > sslv3 or max version == tlcp_version -+ * 3. s->options not set SSL_OP_NO_TLCP -+ */ -+ if ((s->max_proto_version > SSL3_VERSION -+ || s->max_proto_version == TLCP_VERSION -+ || s->max_proto_version == 0) -+ && (s->options & SSL_OP_NO_TLCP) == 0) { -+ *min_version = *max_version = TLCP_VERSION; -+ return 0; -+ } -+ } -+#endif - *max_version = version; - - /* Fail if everything is disabled */ -diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c -index d701c46..ef13eec 100644 ---- a/ssl/statem/statem_srvr.c -+++ b/ssl/statem/statem_srvr.c -@@ -325,6 +325,11 @@ static int send_server_key_exchange(SSL *s) - { - unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - -+#ifndef OPENSSL_NO_TLCP -+ /* TLCP: send ServerKeyExchange */ -+ if (SSL_IS_TLCP(s)) -+ return 1; -+#endif - /* - * only send a ServerKeyExchange if DH or fortezza but we have a - * sign only certificate PSK: may send PSK identity hints For -@@ -2356,7 +2361,17 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) - } - } - #endif -- -+#ifndef OPENSSL_NO_TLCP -+ /* -+ * As described by TLCP, when using ecdhe algorithm, -+ * client is required to send a certificate, -+ * so we set VEERFY_PEER mode. -+ */ -+ if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSM2DHE) { -+ SSL_set_verify(s, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT -+ | SSL_VERIFY_CLIENT_ONCE, NULL); -+ } -+#endif - return WORK_FINISHED_STOP; - err: - return WORK_ERROR; -@@ -2485,8 +2500,270 @@ int tls_construct_server_done(SSL *s, WPACKET *pkt) - return 1; - } - -+#ifndef OPENSSL_NO_TLCP -+static int tlcp_construct_ske_sm2ecc(SSL *s, WPACKET *pkt) -+{ -+ EVP_MD_CTX *md_ctx = NULL; -+ EVP_PKEY_CTX *pctx = NULL; -+ unsigned char *encbuf = NULL; -+ unsigned char *tbs = NULL; -+ -+ const SIGALG_LOOKUP *lu; -+ EVP_PKEY *sign_pkey; -+ X509 *enc_cert; -+ const EVP_MD *md; -+ unsigned char *sigbytes1, *sigbytes2, *tmp; -+ size_t siglen, tbslen; -+ int rv, ebuflen; -+ -+ rv = 0; -+ lu = s->s3->tmp.sigalg; -+ sign_pkey = s->cert->pkeys[SSL_PKEY_SM2_SIGN].privatekey; -+ enc_cert = s->cert->pkeys[SSL_PKEY_SM2_ENC].x509; -+ -+ if (lu == NULL || sign_pkey == NULL || enc_cert == NULL -+ || !tls1_lookup_md(lu, &md)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_CONSTRUCT_SKE_SM2ECC, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ if (!EVP_PKEY_is_sm2(sign_pkey) -+ || !EVP_PKEY_set_alias_type(sign_pkey, EVP_PKEY_SM2)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_CONSTRUCT_SKE_SM2ECC, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ /* send signature algorithm */ -+ if (SSL_USE_SIGALGS(s) && !WPACKET_put_bytes_u16(pkt, lu->sigalg)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_CONSTRUCT_SKE_SM2ECC, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ ebuflen = i2d_X509(enc_cert, NULL); -+ if (ebuflen < 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_SKE_SM2ECC, -+ ERR_R_BUF_LIB); -+ goto err; -+ } -+ -+ md_ctx = EVP_MD_CTX_new(); -+ encbuf = OPENSSL_malloc(ebuflen + 3); -+ if (md_ctx == NULL || encbuf == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_SKE_SM2ECC, -+ ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ /* Encode the DER encoding of an X509 structure, reserve 3 bytes for length */ -+ tmp = encbuf; -+ l2n3(ebuflen, tmp); -+ ebuflen = i2d_X509(enc_cert, &tmp); -+ if (ebuflen < 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_SKE_SM2ECC, -+ ERR_R_BUF_LIB); -+ goto err; -+ } -+ ebuflen += 3; -+ -+ siglen = EVP_PKEY_size(sign_pkey); -+ if (!WPACKET_sub_reserve_bytes_u16(pkt, siglen, &sigbytes1) -+ || EVP_DigestSignInit(md_ctx, &pctx, md, NULL, sign_pkey) <= 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_CONSTRUCT_SKE_SM2ECC, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ /* -+ * As described by TLCP, client_random, server_random and encryption -+ * certificate are signed. -+ */ -+ tbslen = construct_key_exchange_tbs(s, &tbs, encbuf, ebuflen); -+ if (tbslen == 0) { -+ goto err; -+ } -+ -+ rv = EVP_DigestSign(md_ctx, sigbytes1, &siglen, tbs, tbslen); -+ -+ if (rv <= 0 || !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2) -+ || sigbytes1 != sigbytes2) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_CONSTRUCT_SKE_SM2ECC, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+err: -+ OPENSSL_free(encbuf); -+ OPENSSL_free(tbs); -+ EVP_MD_CTX_free(md_ctx); -+ return rv; -+} -+ -+static int tlcp_construct_ske_sm2dhe(SSL *s, WPACKET *pkt) -+{ -+ EVP_PKEY_CTX *ctx; -+ EVP_PKEY *pkey; -+ EVP_MD_CTX *md_ctx = NULL; -+ unsigned char *pt; -+ int ptLen; -+ char *id = "1234567812345678"; -+ unsigned char *ecparam; -+ size_t ecparam_len = 0; -+ int ret = 0; -+ size_t siglen; -+ unsigned char *sig; -+ -+ ecparam = WPACKET_get_curr(pkt); -+ -+ // ECParam: NameCurved, curvedtype {NameCurved(3), curveid(41, rfc8898 defined, but this msg is ignored) -+ if (!WPACKET_put_bytes_u8(pkt, NAMED_CURVE_TYPE) -+ || !WPACKET_put_bytes_u8(pkt, 0) -+ || !WPACKET_put_bytes_u8(pkt, 41)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_SKE_SM2DHE, -+ ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ -+ pkey = s->cert->pkeys[SSL_PKEY_SM2_SIGN].privatekey; -+ if (pkey == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_SKE_SM2DHE, -+ ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ -+ if (s->s3->tmp.pkey != NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_SKE_SM2DHE, -+ ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ s->s3->tmp.pkey = ssl_generate_pkey_group(s, 41); -+ if (s->s3->tmp.pkey == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_SKE_SM2DHE, -+ ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ -+ ptLen = EVP_PKEY_get1_tls_encodedpoint(s->s3->tmp.pkey, &pt); -+ if (ptLen == 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_SKE_SM2DHE, -+ ERR_R_EC_LIB); -+ return 0; -+ } -+ -+ if (!WPACKET_sub_memcpy_u8(pkt, pt, ptLen)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_SKE_SM2DHE, -+ ERR_R_INTERNAL_ERROR); -+ OPENSSL_free(pt); -+ return 0; -+ } -+ OPENSSL_free(pt); -+ ecparam_len = WPACKET_get_curr(pkt) - ecparam; -+ -+ if (!EVP_PKEY_is_sm2(pkey) || !EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_SKE_SM2DHE, -+ ERR_R_EC_LIB); -+ goto err; -+ } -+ -+ md_ctx = EVP_MD_CTX_new(); -+ if (md_ctx == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_SKE_SM2DHE, -+ ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ -+ if (EVP_DigestSignInit(md_ctx, &ctx, EVP_sm3(), NULL, pkey) <= 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_SKE_SM2DHE, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ if (EVP_PKEY_CTX_set1_id(ctx, id, strlen(id)) <= 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_SKE_SM2DHE, -+ ERR_R_EC_LIB); -+ return 0; -+ } -+ -+ if (EVP_DigestSignUpdate(md_ctx, s->s3->client_random, SSL3_RANDOM_SIZE) <= 0 -+ || EVP_DigestSignUpdate(md_ctx, s->s3->server_random, SSL3_RANDOM_SIZE) <= 0 -+ || EVP_DigestSignUpdate(md_ctx, ecparam, ecparam_len) <= 0 -+ ) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_SKE_SM2DHE, -+ ERR_R_EVP_LIB); -+ goto err; -+ } -+ -+ if ((siglen = EVP_PKEY_size(pkey)) <= 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_SKE_SM2DHE, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ if (!WPACKET_sub_reserve_bytes_u16(pkt, siglen, &sig)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_SKE_SM2DHE, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ if (EVP_DigestSignFinal(md_ctx, sig, &siglen) <= 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_SKE_SM2DHE, -+ SSL_R_SIGNATURE_ALGORITHMS_ERROR); -+ goto err; -+ } -+ -+ unsigned char* sig2 = NULL; -+ if (!WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sig2) || sig != sig2) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CONSTRUCT_SKE_SM2DHE, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ ret = 1; -+ -+err: -+ EVP_MD_CTX_free(md_ctx); -+ if (!ret && s->s3->tmp.pkey) { -+ EVP_PKEY_free(s->s3->tmp.pkey); -+ s->s3->tmp.pkey = NULL; -+ } -+ -+ return ret; -+} -+ -+static int tlcp_construct_server_key_exchange(SSL *s, WPACKET *pkt) -+{ -+ unsigned long alg_k; -+ -+ alg_k = s->s3->tmp.new_cipher->algorithm_mkey; -+ -+ if (alg_k & SSL_kSM2ECC) { -+ if (!tlcp_construct_ske_sm2ecc(s, pkt)) -+ goto err; -+ } else if (alg_k & SSL_kSM2DHE) { -+ if (!tlcp_construct_ske_sm2dhe(s, pkt)) -+ goto err; -+ } else { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ return 1; -+err: -+ return 0; -+} -+#endif -+ - int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) - { -+#ifndef OPENSSL_NO_TLCP -+ if (SSL_IS_TLCP(s)) -+ return tlcp_construct_server_key_exchange(s, pkt); -+#endif - #ifndef OPENSSL_NO_DH - EVP_PKEY *pkdh = NULL; - #endif -@@ -3455,8 +3732,174 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt) - #endif - } - -+#ifndef OPENSSL_NO_TLCP -+static int tlcp_process_cke_sm2ecc(SSL *s, PACKET *pkt) -+{ -+ EVP_PKEY_CTX *pctx = NULL; -+ int ret = 0; -+ -+ unsigned char premaster_secret[SSL_MAX_MASTER_KEY_LENGTH]; -+ EVP_PKEY *enc_prv_pkey; -+ PACKET enc_premaster; -+ size_t decrypt_len; -+ -+ enc_prv_pkey = s->cert->pkeys[SSL_PKEY_SM2_ENC].privatekey; -+ if (enc_prv_pkey == NULL || !EVP_PKEY_is_sm2(enc_prv_pkey) -+ || !EVP_PKEY_set_alias_type(enc_prv_pkey, EVP_PKEY_SM2)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_PROCESS_CKE_SM2ECC, -+ SSL_R_NO_PRIVATE_KEY_ASSIGNED); -+ return 0; -+ } -+ -+ if (!PACKET_get_length_prefixed_2(pkt, &enc_premaster) -+ || PACKET_remaining(pkt) != 0) { -+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLCP_PROCESS_CKE_SM2ECC, -+ SSL_R_LENGTH_MISMATCH); -+ return 0; -+ } -+ -+ pctx = EVP_PKEY_CTX_new(enc_prv_pkey, NULL); -+ if (pctx == NULL || EVP_PKEY_decrypt_init(pctx) <= 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_PROCESS_CKE_SM2ECC, -+ ERR_R_EVP_LIB); -+ goto err; -+ } -+ -+ /* Decrypt premaster secret { client_version, random[46] }*/ -+ decrypt_len = sizeof(premaster_secret); -+ if (EVP_PKEY_decrypt(pctx, premaster_secret, &decrypt_len, -+ PACKET_data(&enc_premaster), PACKET_remaining(&enc_premaster)) <= 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_PROCESS_CKE_SM2ECC, -+ ERR_R_EVP_LIB); -+ goto err; -+ } -+ if (decrypt_len != SSL_MAX_MASTER_KEY_LENGTH) { -+ SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLCP_PROCESS_CKE_SM2ECC, -+ SSL_R_DECRYPTION_FAILED); -+ goto err; -+ } -+ -+ /* Check client version */ -+ if (constant_time_eq_8(premaster_secret[0], (unsigned)(s->client_version >> 8)) == 0 || -+ constant_time_eq_8(premaster_secret[1], (unsigned)(s->client_version & 0xff)) == 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_PROCESS_CKE_SM2ECC, -+ ERR_R_INTERNAL_ERROR); -+ goto err; -+ } -+ -+ if (!ssl_generate_master_secret(s, premaster_secret, -+ sizeof(premaster_secret), 0)) { -+ /* SSLfatal() already called */ -+ goto err; -+ } -+ -+ ret = 1; -+ err: -+ OPENSSL_cleanse(premaster_secret, sizeof(premaster_secret)); -+ EVP_PKEY_CTX_free(pctx); -+ return ret; -+} -+ -+static int tlcp_process_cke_sm2dhe(SSL *s, PACKET *pkt) -+{ -+ int ret = 0; -+ const unsigned char *ecparams; -+ PACKET pt_encoded; -+ EVP_PKEY *skey; -+ EVP_PKEY *ckey = NULL; -+ -+ if ((skey = s->s3->tmp.pkey) == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_PROCESS_CKE_SM2DHE, -+ ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ -+ if (!PACKET_get_bytes(pkt, &ecparams, 3)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_PROCESS_CKE_SM2DHE, -+ SSL_R_LENGTH_TOO_SHORT); -+ goto end; -+ } -+ -+ if (!PACKET_get_length_prefixed_1(pkt, &pt_encoded)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_PROCESS_CKE_SM2DHE, -+ SSL_R_LENGTH_TOO_SHORT); -+ goto end; -+ } -+ -+ if (PACKET_remaining(pkt) != 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_PROCESS_CKE_SM2DHE, -+ SSL_R_LENGTH_TOO_LONG); -+ goto end; -+ } -+ -+ if ((ckey = EVP_PKEY_new()) == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_PROCESS_CKE_SM2DHE, -+ ERR_R_MALLOC_FAILURE); -+ goto end; -+ } -+ -+ if (EVP_PKEY_copy_parameters(ckey, skey) <= 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_PROCESS_CKE_SM2DHE, -+ ERR_R_INTERNAL_ERROR); -+ goto end; -+ } -+ -+ if (EVP_PKEY_set1_tls_encodedpoint(ckey, -+ PACKET_data(&pt_encoded), PACKET_remaining(&pt_encoded)) <= 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_PROCESS_CKE_SM2DHE, -+ ERR_R_EC_LIB); -+ goto end; -+ } -+ -+ if (!tlcp_derive(s, skey, ckey)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_PROCESS_CKE_SM2DHE, -+ ERR_R_INTERNAL_ERROR); -+ goto end; -+ } -+ -+ ret = 1; -+ -+end: -+ EVP_PKEY_free(ckey); -+ EVP_PKEY_free(skey); -+ s->s3->tmp.pkey = NULL; -+ -+ return ret; -+} -+ -+static MSG_PROCESS_RETURN tlcp_process_client_key_exchange(SSL *s, PACKET *pkt) -+{ -+ unsigned long alg_k; -+ -+ alg_k = s->s3->tmp.new_cipher->algorithm_mkey; -+ -+ if (alg_k & SSL_kSM2ECC) { -+ if (!tlcp_process_cke_sm2ecc(s, pkt)) { -+ goto err; -+ } -+ } else if (alg_k & SSL_kSM2DHE) { -+ if (!tlcp_process_cke_sm2dhe(s, pkt)) { -+ goto err; -+ } -+ } else { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, -+ SSL_F_TLCP_PROCESS_CLIENT_KEY_EXCHANGE, -+ SSL_R_UNKNOWN_CIPHER_TYPE); -+ goto err; -+ } -+ -+ return MSG_PROCESS_CONTINUE_PROCESSING; -+err: -+ return MSG_PROCESS_ERROR; -+} -+#endif -+ - MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) - { -+#ifndef OPENSSL_NO_TLCP -+ if (SSL_IS_TLCP(s)) -+ return tlcp_process_client_key_exchange(s, pkt); -+#endif - unsigned long alg_k; - - alg_k = s->s3->tmp.new_cipher->algorithm_mkey; -diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c -index c85c0b0..e86a663 100644 ---- a/ssl/t1_enc.c -+++ b/ssl/t1_enc.c -@@ -676,3 +676,87 @@ int tls1_alert_code(int code) - return -1; - } - } -+ -+#ifndef OPENSSL_NO_TLCP -+int tlcp_alert_code(int code) -+{ -+ switch (code) { -+ case SSL_AD_CLOSE_NOTIFY: -+ return (SSL3_AD_CLOSE_NOTIFY); -+ case SSL_AD_UNEXPECTED_MESSAGE: -+ return (SSL3_AD_UNEXPECTED_MESSAGE); -+ case SSL_AD_BAD_RECORD_MAC: -+ return (SSL3_AD_BAD_RECORD_MAC); -+ case SSL_AD_DECRYPTION_FAILED: -+ return (TLS1_AD_DECRYPTION_FAILED); -+ case SSL_AD_RECORD_OVERFLOW: -+ return (TLS1_AD_RECORD_OVERFLOW); -+ case SSL_AD_DECOMPRESSION_FAILURE: -+ return (SSL3_AD_DECOMPRESSION_FAILURE); -+ case SSL_AD_HANDSHAKE_FAILURE: -+ return (SSL3_AD_HANDSHAKE_FAILURE); -+ case SSL_AD_BAD_CERTIFICATE: -+ return (SSL3_AD_BAD_CERTIFICATE); -+ case SSL_AD_UNSUPPORTED_CERTIFICATE: -+ return (SSL3_AD_UNSUPPORTED_CERTIFICATE); -+ case SSL_AD_CERTIFICATE_REVOKED: -+ return (SSL3_AD_CERTIFICATE_REVOKED); -+ case SSL_AD_CERTIFICATE_EXPIRED: -+ return (SSL3_AD_CERTIFICATE_EXPIRED); -+ case SSL_AD_CERTIFICATE_UNKNOWN: -+ return (SSL3_AD_CERTIFICATE_UNKNOWN); -+ case SSL_AD_ILLEGAL_PARAMETER: -+ return (SSL3_AD_ILLEGAL_PARAMETER); -+ case SSL_AD_UNKNOWN_CA: -+ return (TLS1_AD_UNKNOWN_CA); -+ case SSL_AD_ACCESS_DENIED: -+ return (TLS1_AD_ACCESS_DENIED); -+ case SSL_AD_DECODE_ERROR: -+ return (TLS1_AD_DECODE_ERROR); -+ case SSL_AD_DECRYPT_ERROR: -+ return (TLS1_AD_DECRYPT_ERROR); -+ case SSL_AD_EXPORT_RESTRICTION: -+ return (TLS1_AD_EXPORT_RESTRICTION); -+ case SSL_AD_PROTOCOL_VERSION: -+ return (TLS1_AD_PROTOCOL_VERSION); -+ case SSL_AD_INSUFFICIENT_SECURITY: -+ return (TLS1_AD_INSUFFICIENT_SECURITY); -+ case SSL_AD_INTERNAL_ERROR: -+ return (TLS1_AD_INTERNAL_ERROR); -+ case SSL_AD_USER_CANCELLED: -+ return (TLS1_AD_USER_CANCELLED); -+ case SSL_AD_NO_RENEGOTIATION: -+ return (TLS1_AD_NO_RENEGOTIATION); -+ case SSL_AD_UNSUPPORTED_EXTENSION: -+ return (TLS1_AD_UNSUPPORTED_EXTENSION); -+ case SSL_AD_CERTIFICATE_UNOBTAINABLE: -+ return (TLS1_AD_CERTIFICATE_UNOBTAINABLE); -+ case SSL_AD_UNRECOGNIZED_NAME: -+ return (TLS1_AD_UNRECOGNIZED_NAME); -+ case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: -+ return (TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE); -+ case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: -+ return (TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); -+ case SSL_AD_INAPPROPRIATE_FALLBACK: -+ return (TLS1_AD_INAPPROPRIATE_FALLBACK); -+ case SSL_AD_NO_APPLICATION_PROTOCOL: -+ return (TLS1_AD_NO_APPLICATION_PROTOCOL); -+ case SSL_AD_CERTIFICATE_REQUIRED: -+ return (SSL_AD_HANDSHAKE_FAILURE); -+ case SSL_AD_UNSUPPORTED_SITE2SITE: -+ return (TLCP_AD_UNSUPPORTED_SITE2SITE); -+ case SSL_AD_NO_AREA: -+ return (TLCP_AD_NO_AREA); -+ case SSL_AD_UNSUPPORTED_AREATYPE: -+ return (TLCP_AD_UNSUPPORTED_AREATYPE); -+ case SSL_AD_BAD_IBCPARAM: -+ return (TLCP_AD_BAD_IBCPARAM); -+ case SSL_AD_UNSUPPORTED_IBCPARAM: -+ return (TLCP_AD_UNSUPPORTED_IBCPARAM); -+ case SSL_AD_IDENTITY_NEED: -+ return (TLCP_AD_IDENTITY_NEED); -+ default: -+ return (-1); -+ } -+} -+#endif -\ No newline at end of file -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index 841feec..8b4a61b 100644 ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -93,6 +93,25 @@ SSL3_ENC_METHOD const TLSv1_3_enc_data = { - ssl3_handshake_write - }; - -+#ifndef OPENSSL_NO_TLCP -+SSL3_ENC_METHOD const TLCP_enc_data = { -+ tls1_enc, -+ tls1_mac, -+ tls1_setup_key_block, -+ tls1_generate_master_secret, -+ tls1_change_cipher_state, -+ tls1_final_finish_mac, -+ TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, -+ TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, -+ tlcp_alert_code, -+ tls1_export_keying_material, -+ SSL_ENC_FLAG_EXPLICIT_IV, -+ ssl3_set_handshake_header, -+ tls_close_construct_packet, -+ ssl3_handshake_write -+}; -+#endif -+ - long tls1_default_timeout(void) - { - /* -@@ -169,6 +188,9 @@ static const TLS_GROUP_INFO nid_list[] = { - {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */ - {EVP_PKEY_X25519, 128, TLS_CURVE_CUSTOM}, /* X25519 (29) */ - {EVP_PKEY_X448, 224, TLS_CURVE_CUSTOM}, /* X448 (30) */ -+#ifndef OPENSSL_NO_TLCP -+ [40] = {EVP_PKEY_SM2, 128, TLS_CURVE_PRIME} /* sm2 (41) */ -+#endif - }; - - static const unsigned char ecformats_default[] = { -@@ -184,6 +206,9 @@ static const uint16_t eccurves_default[] = { - 30, /* X448 (30) */ - 25, /* secp521r1 (25) */ - 24, /* secp384r1 (24) */ -+#ifndef OPENSSL_NO_TLCP -+ 41, /* sm2 (41) */ -+#endif - }; - - static const uint16_t suiteb_curves[] = { -@@ -260,6 +285,12 @@ int tls_curve_allowed(SSL *s, uint16_t curve, int op) - # endif - if (FIPS_mode() && !(cinfo->flags & TLS_CURVE_FIPS)) - return 0; -+#ifndef OPENSSL_NO_TLCP -+ // SM2 is only allowed in TLCP -+ if (s->version != TLCP_VERSION && cinfo->nid == NID_sm2) { -+ return 0; -+ } -+#endif - ctmp[0] = curve >> 8; - ctmp[1] = curve & 0xff; - return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)ctmp); -@@ -547,6 +578,10 @@ void tls1_get_formatlist(SSL *s, const unsigned char **pformats, - /* For Suite B we don't support char2 fields */ - if (tls1_suiteb(s)) - *num_formats = sizeof(ecformats_default) - 1; -+#ifndef OPENSSL_NO_TLCP -+ else if (SSL_IS_TLCP(s)) // TLCP version only support uncompressed -+ *num_formats = sizeof(ecformats_default) - 2; -+#endif - else - *num_formats = sizeof(ecformats_default); - } -@@ -639,6 +674,9 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) - /* Default sigalg schemes */ - static const uint16_t tls12_sigalgs[] = { - #ifndef OPENSSL_NO_EC -+#ifndef OPENSSL_NO_TLCP -+ TLSEXT_SIGALG_sm2dsa_sm3, -+#endif - TLSEXT_SIGALG_ecdsa_secp256r1_sha256, - TLSEXT_SIGALG_ecdsa_secp384r1_sha384, - TLSEXT_SIGALG_ecdsa_secp521r1_sha512, -@@ -687,6 +725,11 @@ static const uint16_t suiteb_sigalgs[] = { - - static const SIGALG_LOOKUP sigalg_lookup_tbl[] = { - #ifndef OPENSSL_NO_EC -+#ifndef OPENSSL_NO_TLCP -+ {"sm2dsa_sm3", TLSEXT_SIGALG_sm2dsa_sm3, -+ NID_sm3, SSL_MD_SM3_IDX, EVP_PKEY_SM2, SSL_PKEY_SM2_SIGN, -+ NID_SM2_with_SM3, NID_sm2}, -+#endif - {"ecdsa_secp256r1_sha256", TLSEXT_SIGALG_ecdsa_secp256r1_sha256, - NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, - NID_ecdsa_with_SHA256, NID_X9_62_prime256v1}, -@@ -796,6 +839,10 @@ static const uint16_t tls_default_sigalg[] = { - TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, /* SSL_PKEY_GOST12_512 */ - 0, /* SSL_PKEY_ED25519 */ - 0, /* SSL_PKEY_ED448 */ -+#ifndef OPENSSL_NO_TLCP -+ TLSEXT_SIGALG_sm2dsa_sm3, /* SSL_PKEY_SM2_SIGN */ -+ 0, /* SSL_PKEY_SM2_ENC */ -+#endif - }; - - /* Lookup TLS signature algorithm */ -@@ -983,7 +1030,7 @@ int tls_check_sigalg_curve(const SSL *s, int curve) - - if (lu == NULL) - continue; -- if (lu->sig == EVP_PKEY_EC -+ if ((lu->sig == EVP_PKEY_EC || lu->sig == EVP_PKEY_SM2) - && lu->curve != NID_undef - && curve == lu->curve) - return 1; -@@ -1055,6 +1102,9 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) - if (lu == NULL - || (SSL_IS_TLS13(s) && (lu->hash == NID_sha1 || lu->hash == NID_sha224)) - || (pkeyid != lu->sig -+#ifndef OPENSSL_NO_TCLP -+ && (lu->sig != EVP_PKEY_SM2) -+#endif - && (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) { - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS12_CHECK_PEER_SIGALG, - SSL_R_WRONG_SIGNATURE_TYPE); -@@ -1199,6 +1249,13 @@ int ssl_set_client_disabled(SSL *s) - s->s3->tmp.mask_a |= SSL_aSRP; - s->s3->tmp.mask_k |= SSL_kSRP; - } -+#endif -+#ifndef OPENSSL_NO_TLCP -+ /* TLCP ciphersuites will be disabled while using other protocols */ -+ if (s->version != TLCP_VERSION) { -+ s->s3->tmp.mask_a |= SSL_aSM2; -+ s->s3->tmp.mask_k |= SSL_kSM2ECC | SSL_kSM2DHE; -+ } - #endif - return 1; - } -@@ -1319,7 +1376,11 @@ SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, - * (e.g. TLSv1.3) behave as if no ticket present to permit stateful - * resumption. - */ -+#ifndef OPENSSL_NO_TLCP -+ if ((s->version <= SSL3_VERSION && s->version != TLCP_VERSION) || !tls_use_ticket(s)) -+#else - if (s->version <= SSL3_VERSION || !tls_use_ticket(s)) -+#endif - return SSL_TICKET_NONE; - - ticketext = &hello->pre_proc_exts[TLSEXT_IDX_session_ticket]; -@@ -1597,6 +1658,13 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) - unsigned char sigalgstr[2]; - int secbits; - -+#ifndef OPENSSL_NO_TLCP -+ // SM2 is only allowed in TLCP -+ if (s->version != TLCP_VERSION && lu != NULL && lu->sig == EVP_PKEY_SM2) { -+ return 0; -+ } -+#endif -+ - /* See if sigalgs is recognised and if hash is enabled */ - if (!tls1_lookup_md(lu, NULL)) - return 0; -@@ -2430,6 +2498,10 @@ void tls1_set_cert_validity(SSL *s) - tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_512); - tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED25519); - tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED448); -+#ifndef OPENSSL_NO_TLCP -+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_SM2_ENC); -+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_SM2_SIGN); -+#endif - } - - /* User level utility function to check a chain is suitable */ -@@ -2734,6 +2806,55 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey) - return lu; - } - -+#ifndef OPENSSL_NO_TLCP -+int tlcp_choose_sigalg(SSL *s, int fatalerrs) -+{ -+ int sig_idx; -+ const SIGALG_LOOKUP *lu = NULL; -+ -+ // sever must used sm2dsa cert for signature -+ if (s->server) { -+ s->cert->key = &(s->cert->pkeys[SSL_PKEY_SM2_SIGN]); -+ } -+ -+ sig_idx = s->cert->key - s->cert->pkeys; -+ -+ // check cert is existed -+ if (!ssl_has_cert(s, sig_idx)) { -+ if (!fatalerrs) -+ return 1; -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CHOOSE_SIGALG, -+ ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ -+ // only support sm2dsa cert now -+ switch(sig_idx) { -+ case SSL_PKEY_ECC: -+ if (!EVP_PKEY_is_sm2(s->cert->key->privatekey)) -+ break; -+ case SSL_PKEY_SM2_SIGN: -+ lu = tls1_lookup_sigalg(TLSEXT_SIGALG_sm2dsa_sm3); -+ break; -+ default: -+ lu = NULL; -+ } -+ -+ if (lu == NULL) { -+ if (!fatalerrs) -+ return 1; -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLCP_CHOOSE_SIGALG, -+ ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ -+ s->s3->tmp.cert = &s->cert->pkeys[sig_idx]; -+ s->cert->key = s->s3->tmp.cert; -+ s->s3->tmp.sigalg = lu; -+ return 1; -+} -+#endif -+ - /* - * Choose an appropriate signature algorithm based on available certificates - * Sets chosen certificate and signature algorithm. -@@ -2753,6 +2874,12 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) - s->s3->tmp.cert = NULL; - s->s3->tmp.sigalg = NULL; - -+#ifndef OPENSSL_NO_TLCP -+ if (SSL_IS_TLCP(s)) { -+ return tlcp_choose_sigalg(s, fatalerrs); -+ } -+#endif -+ - if (SSL_IS_TLS13(s)) { - lu = find_sig_alg(s, NULL, NULL); - if (lu == NULL) { -@@ -2766,6 +2893,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) - /* If ciphersuite doesn't require a cert nothing to do */ - if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aCERT)) - return 1; -+ - if (!s->server && !ssl_has_cert(s, s->cert->key - s->cert->pkeys)) - return 1; - -diff --git a/test/build.info b/test/build.info -index 726bd22..db16a1f 100644 ---- a/test/build.info -+++ b/test/build.info -@@ -51,7 +51,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN - recordlentest drbgtest drbg_cavs_test sslbuffertest \ - time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \ - servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \ -- sysdefaulttest errtest ssl_ctx_test gosttest -+ sysdefaulttest errtest ssl_ctx_test gosttest tlcptest - - SOURCE[versions]=versions.c - INCLUDE[versions]=../include -@@ -320,6 +320,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN - INCLUDE[dtlstest]=../include - DEPEND[dtlstest]=../libcrypto ../libssl libtestutil.a - -+ SOURCE[tlcptest]=tlcptest.c ssltestlib.c -+ INCLUDE[tlcptest]=.. ../include -+ DEPEND[tlcptest]=../libcrypto ../libssl libtestutil.a -+ - SOURCE[sslcorrupttest]=sslcorrupttest.c ssltestlib.c - INCLUDE[sslcorrupttest]=../include - DEPEND[sslcorrupttest]=../libcrypto ../libssl libtestutil.a -diff --git a/test/ciphername_test.c b/test/ciphername_test.c -index 303e28f..5c9edf4 100644 ---- a/test/ciphername_test.c -+++ b/test/ciphername_test.c -@@ -434,6 +434,9 @@ static int test_cipher_name(void) - if ((id == 0xFF85) || (id == 0xFF87)) - /* skip GOST2012-GOST8912-GOST891 and GOST2012-NULL-GOST12 */ - continue; -+ if ((id == 0xE011) || (id == 0xE013)) -+ /* skip ECDHE_SM2_WITH_SM4_CBC_SM3 and ECC_SM2_WITH_SM4_CBC_SM3 */ -+ continue; - p = SSL_CIPHER_standard_name(c); - q = get_std_name_by_id(id); - if (!TEST_ptr(p)) { -diff --git a/test/recipes/85-test_tlcp.t b/test/recipes/85-test_tlcp.t -new file mode 100644 -index 0000000..eb87123 ---- /dev/null -+++ b/test/recipes/85-test_tlcp.t -@@ -0,0 +1,34 @@ -+#! /usr/bin/env perl -+# Copyright 2022 Huawei Technologies Co., Ltd. All Rights Reserved. -+# -+# Licensed under the OpenSSL license (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+ -+use OpenSSL::Test::Utils; -+use OpenSSL::Test qw/:DEFAULT data_file/; -+ -+setup("test_tlcp"); -+ -+plan skip_all => "TLCP is not supported by this OpenSSL build" -+ if disabled("tlcp"); -+ -+plan tests => 1; -+ -+ok(run(test(["tlcptest", -+ data_file("sm2-root-cert.pem"), # 0 -+ data_file("sm2-server-sig-cert.pem"), # 1 -+ data_file("sm2-server-sig-key.pem"), # 2 -+ data_file("sm2-server-enc-cert.pem"), # 3 -+ data_file("sm2-server-enc-key.pem"), # 4 -+ data_file("sm2-client-sig-cert.pem"), # 5 -+ data_file("sm2-client-sig-key.pem"), # 6 -+ data_file("sm2-client-enc-cert.pem"), # 7 -+ data_file("sm2-client-enc-key.pem"), # 8 -+ data_file("ecdsa-root-cert.pem"), # 9 -+ data_file("ecdsa-server-cert.pem"), # 10 -+ data_file("ecdsa-server-key.pem"), # 11 -+ data_file("ecdsa-client-cert.pem"), # 12 -+ data_file("ecdsa-client-key.pem") # 13 -+ ]))); -\ No newline at end of file -diff --git a/test/recipes/85-test_tlcp_data/ecdsa-client-cert.pem b/test/recipes/85-test_tlcp_data/ecdsa-client-cert.pem -new file mode 100644 -index 0000000..4f41232 ---- /dev/null -+++ b/test/recipes/85-test_tlcp_data/ecdsa-client-cert.pem -@@ -0,0 +1,12 @@ -+-----BEGIN CERTIFICATE----- -+MIIB2zCCAYGgAwIBAgIUIxUR+f5s2IPkP5kd86umC0jtOy0wCgYIKoZIzj0EAwIw -+YDELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCUd1YW5nZG9uZzERMA8GA1UECgwIVGVz -+dCBPcmcxEDAOBgNVBAsMB1Rlc3QgT1UxGDAWBgNVBAMMD1Rlc3QgQ0EgKEVDRFNB -+KTAeFw0yMjA1MTkwOTI3MTVaFw0yNjA2MjcwOTI3MTVaMF8xCzAJBgNVBAYTAkNO -+MRIwEAYDVQQIDAlHdWFuZ2RvbmcxETAPBgNVBAoMCFRlc3QgT3JnMRAwDgYDVQQL -+DAdUZXN0IE9VMRcwFQYDVQQDDA5jbGllbnQgKEVDRFNBKTBZMBMGByqGSM49AgEG -+CCqGSM49AwEHA0IABJg2jl8qqQkLHwcqKC+gu8SWpDNHl8x2xSlsNkS8hm2edlsJ -+5QHfMPw7b138CmEE2FEtMqCtpRtsQnb5JRcxfTajGjAYMAkGA1UdEwQCMAAwCwYD -+VR0PBAQDAgbAMAoGCCqGSM49BAMCA0gAMEUCICBPe4rSKQdIWdB3u8EZ9+AR6Slu -+wsqdPm8p2mE409x4AiEAx513RsVDYohfejrvJmEL9ELIHmqTHjX+WjTjfMR/qrY= -+-----END CERTIFICATE----- -diff --git a/test/recipes/85-test_tlcp_data/ecdsa-client-key.pem b/test/recipes/85-test_tlcp_data/ecdsa-client-key.pem -new file mode 100644 -index 0000000..8a356ba ---- /dev/null -+++ b/test/recipes/85-test_tlcp_data/ecdsa-client-key.pem -@@ -0,0 +1,5 @@ -+-----BEGIN PRIVATE KEY----- -+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgj/hA8kscmW1VDMMn -+jWDNu/JrGrZ5Xr1kH0Q61zpRhIShRANCAASYNo5fKqkJCx8HKigvoLvElqQzR5fM -+dsUpbDZEvIZtnnZbCeUB3zD8O29d/AphBNhRLTKgraUbbEJ2+SUXMX02 -+-----END PRIVATE KEY----- -diff --git a/test/recipes/85-test_tlcp_data/ecdsa-root-cert.pem b/test/recipes/85-test_tlcp_data/ecdsa-root-cert.pem -new file mode 100644 -index 0000000..80d8c06 ---- /dev/null -+++ b/test/recipes/85-test_tlcp_data/ecdsa-root-cert.pem -@@ -0,0 +1,14 @@ -+-----BEGIN CERTIFICATE----- -+MIICHzCCAcWgAwIBAgIUcxkoWsrQfKvdPzNFeZt9sUACCv8wCgYIKoZIzj0EAwIw -+YDELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCUd1YW5nZG9uZzERMA8GA1UECgwIVGVz -+dCBPcmcxEDAOBgNVBAsMB1Rlc3QgT1UxGDAWBgNVBAMMD1Rlc3QgQ0EgKEVDRFNB -+KTAeFw0yMjA1MTkwOTI3MTVaFw0yNjA2MjcwOTI3MTVaMGAxCzAJBgNVBAYTAkNO -+MRIwEAYDVQQIDAlHdWFuZ2RvbmcxETAPBgNVBAoMCFRlc3QgT3JnMRAwDgYDVQQL -+DAdUZXN0IE9VMRgwFgYDVQQDDA9UZXN0IENBIChFQ0RTQSkwWTATBgcqhkjOPQIB -+BggqhkjOPQMBBwNCAAQb8M+p/ywfaaLb6y5jP/6essKMw+HBYIzluA8JpAyuSEag -+hiiIegi/fJA9tONUKGGQrE92gFIjsyrGvwPnYqF1o10wWzAdBgNVHQ4EFgQU+BnE -+9UFgm03egYusuG7wtBeF12kwHwYDVR0jBBgwFoAU+BnE9UFgm03egYusuG7wtBeF -+12kwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwIDSAAwRQIh -+AO3LVs9OBinihB4W22ju3zoqfXTtHGdF0d9nbHbZEYqdAiAum1ZhMbtyWo/3YLDR -+2DqMuw5al5FbOlCIwrMbqcL+qQ== -+-----END CERTIFICATE----- -diff --git a/test/recipes/85-test_tlcp_data/ecdsa-server-cert.pem b/test/recipes/85-test_tlcp_data/ecdsa-server-cert.pem -new file mode 100644 -index 0000000..7e0d8d7 ---- /dev/null -+++ b/test/recipes/85-test_tlcp_data/ecdsa-server-cert.pem -@@ -0,0 +1,12 @@ -+-----BEGIN CERTIFICATE----- -+MIIB2zCCAYGgAwIBAgIUIxUR+f5s2IPkP5kd86umC0jtOywwCgYIKoZIzj0EAwIw -+YDELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCUd1YW5nZG9uZzERMA8GA1UECgwIVGVz -+dCBPcmcxEDAOBgNVBAsMB1Rlc3QgT1UxGDAWBgNVBAMMD1Rlc3QgQ0EgKEVDRFNB -+KTAeFw0yMjA1MTkwOTI3MTVaFw0yNjA2MjcwOTI3MTVaMF8xCzAJBgNVBAYTAkNO -+MRIwEAYDVQQIDAlHdWFuZ2RvbmcxETAPBgNVBAoMCFRlc3QgT3JnMRAwDgYDVQQL -+DAdUZXN0IE9VMRcwFQYDVQQDDA5zZXJ2ZXIgKEVDRFNBKTBZMBMGByqGSM49AgEG -+CCqGSM49AwEHA0IABAAmT2rADtfh1M/AW6n3cgLm2kEq/StWWcFDQ/AmTz54nFMp -+9AHt7xAqnizKl2UcdzUcDbhyBeNwjZ+80Eavvx2jGjAYMAkGA1UdEwQCMAAwCwYD -+VR0PBAQDAgbAMAoGCCqGSM49BAMCA0gAMEUCIQC70m1KUdKAsLI8zq78azjV2r/Z -+Oc6vwXfAqLKgF7EhtQIgYvh0XrMU9ETKKbfHORqJK+BD9DmFnAkxNpc9KVmN/D8= -+-----END CERTIFICATE----- -diff --git a/test/recipes/85-test_tlcp_data/ecdsa-server-key.pem b/test/recipes/85-test_tlcp_data/ecdsa-server-key.pem -new file mode 100644 -index 0000000..9d9af8d ---- /dev/null -+++ b/test/recipes/85-test_tlcp_data/ecdsa-server-key.pem -@@ -0,0 +1,5 @@ -+-----BEGIN PRIVATE KEY----- -+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgqMLQcziYtVwg+30u -+MvCIb3bYAfxAazvxQ8I69Jtml9uhRANCAAQAJk9qwA7X4dTPwFup93IC5tpBKv0r -+VlnBQ0PwJk8+eJxTKfQB7e8QKp4sypdlHHc1HA24cgXjcI2fvNBGr78d -+-----END PRIVATE KEY----- -diff --git a/test/recipes/85-test_tlcp_data/sm2-client-enc-cert.pem b/test/recipes/85-test_tlcp_data/sm2-client-enc-cert.pem -new file mode 100644 -index 0000000..4a3e3f0 ---- /dev/null -+++ b/test/recipes/85-test_tlcp_data/sm2-client-enc-cert.pem -@@ -0,0 +1,12 @@ -+-----BEGIN CERTIFICATE----- -+MIIB2DCCAYCgAwIBAgIUMsQnTMiHshN4IOMc/ydgCOWB3WQwCgYIKoEcz1UBg3Uw -+XjELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCUd1YW5nZG9uZzERMA8GA1UECgwIVGVz -+dCBPcmcxEDAOBgNVBAsMB1Rlc3QgT1UxFjAUBgNVBAMMDVRlc3QgQ0EgKFNNMikw -+HhcNMjIwNTE5MDkyNzEwWhcNMjYwNjI3MDkyNzEwWjBgMQswCQYDVQQGEwJDTjES -+MBAGA1UECAwJR3Vhbmdkb25nMREwDwYDVQQKDAhUZXN0IE9yZzEQMA4GA1UECwwH -+VGVzdCBPVTEYMBYGA1UEAwwPY2xpZW50IGVuYyhTTTIpMFkwEwYHKoZIzj0CAQYI -+KoEcz1UBgi0DQgAEsjxuZnSYi2M2iL4vUqHFdegJqxALkFxq+XiA/C8vQSMOCDaz -+8ZH1XrCwU3kMShiQyNM8AkjufKgCOGSB3B58qKMaMBgwCQYDVR0TBAIwADALBgNV -+HQ8EBAMCAzgwCgYIKoEcz1UBg3UDRgAwQwIgcwaVeJ3pa/WUuR28r9+tGRg2EIEO -+IOlzRUlo6mwqcDACHxugAc0CFsB1dUWLOJuwJtpYsEmNpNHwLzxa16cfW3w= -+-----END CERTIFICATE----- -diff --git a/test/recipes/85-test_tlcp_data/sm2-client-enc-key.pem b/test/recipes/85-test_tlcp_data/sm2-client-enc-key.pem -new file mode 100644 -index 0000000..7a03991 ---- /dev/null -+++ b/test/recipes/85-test_tlcp_data/sm2-client-enc-key.pem -@@ -0,0 +1,5 @@ -+-----BEGIN PRIVATE KEY----- -+MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQg5xwdNhYtjBcZ5YEd -+VNu5609rYpePHUZUlQvlAJIqMB2hRANCAASyPG5mdJiLYzaIvi9SocV16AmrEAuQ -+XGr5eID8Ly9BIw4INrPxkfVesLBTeQxKGJDI0zwCSO58qAI4ZIHcHnyo -+-----END PRIVATE KEY----- -diff --git a/test/recipes/85-test_tlcp_data/sm2-client-sig-cert.pem b/test/recipes/85-test_tlcp_data/sm2-client-sig-cert.pem -new file mode 100644 -index 0000000..ce539a6 ---- /dev/null -+++ b/test/recipes/85-test_tlcp_data/sm2-client-sig-cert.pem -@@ -0,0 +1,12 @@ -+-----BEGIN CERTIFICATE----- -+MIIB3DCCAYKgAwIBAgIUMsQnTMiHshN4IOMc/ydgCOWB3WMwCgYIKoEcz1UBg3Uw -+XjELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCUd1YW5nZG9uZzERMA8GA1UECgwIVGVz -+dCBPcmcxEDAOBgNVBAsMB1Rlc3QgT1UxFjAUBgNVBAMMDVRlc3QgQ0EgKFNNMikw -+HhcNMjIwNTE5MDkyNzEwWhcNMjYwNjI3MDkyNzEwWjBiMQswCQYDVQQGEwJDTjES -+MBAGA1UECAwJR3Vhbmdkb25nMREwDwYDVQQKDAhUZXN0IE9yZzEQMA4GA1UECwwH -+VGVzdCBPVTEaMBgGA1UEAwwRY2xpZW50IHNpZ24gKFNNMikwWTATBgcqhkjOPQIB -+BggqgRzPVQGCLQNCAAQDr0xTp4anFz8UHoMWyAWq/yYpiXdysF1dvciTvgET7CAA -+PydlOnKQw2K1NguwiecT4/XCpZMmbvhthMcCsyywoxowGDAJBgNVHRMEAjAAMAsG -+A1UdDwQEAwIGwDAKBggqgRzPVQGDdQNIADBFAiEA1pxw3tMJ6epz6r/wonHMWBE/ -+3MBbRIsOq9xxhOhqhyECIBR0V+O51j3gsuDwSqSU81rYLXPaE0RGuhbdWOHi4bII -+-----END CERTIFICATE----- -diff --git a/test/recipes/85-test_tlcp_data/sm2-client-sig-key.pem b/test/recipes/85-test_tlcp_data/sm2-client-sig-key.pem -new file mode 100644 -index 0000000..d2c537d ---- /dev/null -+++ b/test/recipes/85-test_tlcp_data/sm2-client-sig-key.pem -@@ -0,0 +1,5 @@ -+-----BEGIN PRIVATE KEY----- -+MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQg0x2USJzgAonYJeiQ -+VkBw/u6/uo6B9M88YVL3A1OmorKhRANCAAQDr0xTp4anFz8UHoMWyAWq/yYpiXdy -+sF1dvciTvgET7CAAPydlOnKQw2K1NguwiecT4/XCpZMmbvhthMcCsyyw -+-----END PRIVATE KEY----- -diff --git a/test/recipes/85-test_tlcp_data/sm2-root-cert.pem b/test/recipes/85-test_tlcp_data/sm2-root-cert.pem -new file mode 100644 -index 0000000..a20df8c ---- /dev/null -+++ b/test/recipes/85-test_tlcp_data/sm2-root-cert.pem -@@ -0,0 +1,14 @@ -+-----BEGIN CERTIFICATE----- -+MIICGjCCAcGgAwIBAgIUV3TWPlV09Vqm5/FpSqR7ryeGrfEwCgYIKoEcz1UBg3Uw -+XjELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCUd1YW5nZG9uZzERMA8GA1UECgwIVGVz -+dCBPcmcxEDAOBgNVBAsMB1Rlc3QgT1UxFjAUBgNVBAMMDVRlc3QgQ0EgKFNNMikw -+HhcNMjIwNTE5MDkyNzEwWhcNMjYwNjI3MDkyNzEwWjBeMQswCQYDVQQGEwJDTjES -+MBAGA1UECAwJR3Vhbmdkb25nMREwDwYDVQQKDAhUZXN0IE9yZzEQMA4GA1UECwwH -+VGVzdCBPVTEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTBZMBMGByqGSM49AgEGCCqB -+HM9VAYItA0IABHsTJfkk1NiaYrPidOIQHCGWBs77fKEhXoG1uONGTfHEDhhhA3EX -+QZBL9cVO//farVmKF9ipYR9GA4pk0wHtGEKjXTBbMB0GA1UdDgQWBBQ9YT+D7/Cv -+3KqG4b9YxuWOSbMRRzAfBgNVHSMEGDAWgBQ9YT+D7/Cv3KqG4b9YxuWOSbMRRzAM -+BgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNHADBEAiAOJ4al -+v3c1AHBohqZQkAAZsY9+LSH/3/e3C4Q4jQsDUQIgUDJFXbXSUrsMoKFmkvHONmz+ -+9zGXND9ctJ1Dineo9dI= -+-----END CERTIFICATE----- -diff --git a/test/recipes/85-test_tlcp_data/sm2-server-enc-cert.pem b/test/recipes/85-test_tlcp_data/sm2-server-enc-cert.pem -new file mode 100644 -index 0000000..c7a5ef2 ---- /dev/null -+++ b/test/recipes/85-test_tlcp_data/sm2-server-enc-cert.pem -@@ -0,0 +1,12 @@ -+-----BEGIN CERTIFICATE----- -+MIIB2jCCAYGgAwIBAgIUMsQnTMiHshN4IOMc/ydgCOWB3WIwCgYIKoEcz1UBg3Uw -+XjELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCUd1YW5nZG9uZzERMA8GA1UECgwIVGVz -+dCBPcmcxEDAOBgNVBAsMB1Rlc3QgT1UxFjAUBgNVBAMMDVRlc3QgQ0EgKFNNMikw -+HhcNMjIwNTE5MDkyNzEwWhcNMjYwNjI3MDkyNzEwWjBhMQswCQYDVQQGEwJDTjES -+MBAGA1UECAwJR3Vhbmdkb25nMREwDwYDVQQKDAhUZXN0IE9yZzEQMA4GA1UECwwH -+VGVzdCBPVTEZMBcGA1UEAwwQc2VydmVyIGVuYyAoU00yKTBZMBMGByqGSM49AgEG -+CCqBHM9VAYItA0IABCWsJ/Vs/68DYkqIgoTdE8zoOA86UMHLASZriw+AF0lbmiOD -+dngO7RvDd55OOAmFK6sY7d+vzsIeMNQus4YLkc2jGjAYMAkGA1UdEwQCMAAwCwYD -+VR0PBAQDAgM4MAoGCCqBHM9VAYN1A0cAMEQCICZgP6OiaVyAbYTX5yJpiwusEvDU -+bMB/+hpnNA0ors3zAiB4EkZEBWZkd0su+umAXpO44IYaDvUumPSaGZLBbg7m1w== -+-----END CERTIFICATE----- -diff --git a/test/recipes/85-test_tlcp_data/sm2-server-enc-key.pem b/test/recipes/85-test_tlcp_data/sm2-server-enc-key.pem -new file mode 100644 -index 0000000..ae509ec ---- /dev/null -+++ b/test/recipes/85-test_tlcp_data/sm2-server-enc-key.pem -@@ -0,0 +1,5 @@ -+-----BEGIN PRIVATE KEY----- -+MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgE32DrOaCm3ai/cPZ -+/9nnxJoCH171qVL7ignjIrMBGdGhRANCAAQlrCf1bP+vA2JKiIKE3RPM6DgPOlDB -+ywEma4sPgBdJW5ojg3Z4Du0bw3eeTjgJhSurGO3fr87CHjDULrOGC5HN -+-----END PRIVATE KEY----- -diff --git a/test/recipes/85-test_tlcp_data/sm2-server-sig-cert.pem b/test/recipes/85-test_tlcp_data/sm2-server-sig-cert.pem -new file mode 100644 -index 0000000..8238bad ---- /dev/null -+++ b/test/recipes/85-test_tlcp_data/sm2-server-sig-cert.pem -@@ -0,0 +1,12 @@ -+-----BEGIN CERTIFICATE----- -+MIIB2zCCAYKgAwIBAgIUMsQnTMiHshN4IOMc/ydgCOWB3WEwCgYIKoEcz1UBg3Uw -+XjELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCUd1YW5nZG9uZzERMA8GA1UECgwIVGVz -+dCBPcmcxEDAOBgNVBAsMB1Rlc3QgT1UxFjAUBgNVBAMMDVRlc3QgQ0EgKFNNMikw -+HhcNMjIwNTE5MDkyNzEwWhcNMjYwNjI3MDkyNzEwWjBiMQswCQYDVQQGEwJDTjES -+MBAGA1UECAwJR3Vhbmdkb25nMREwDwYDVQQKDAhUZXN0IE9yZzEQMA4GA1UECwwH -+VGVzdCBPVTEaMBgGA1UEAwwRc2VydmVyIHNpZ24gKFNNMikwWTATBgcqhkjOPQIB -+BggqgRzPVQGCLQNCAAQgP2f+HnNb6BWCGscITDpf53BwVvpj3gxrlHz05Po3i2IA -+qyL5yL2VE+bqTrxCFpQOHupjW3f5Bkihv7IUW/zMoxowGDAJBgNVHRMEAjAAMAsG -+A1UdDwQEAwIGwDAKBggqgRzPVQGDdQNHADBEAiA63GVhHaDzcVJ9DMLK/53wQZvg -+HR+tj4MCBtb6F9hL9QIgbojf0R49GnO6VYHHUx0fe+4+2DfAcMdVIutOmbpRc60= -+-----END CERTIFICATE----- -diff --git a/test/recipes/85-test_tlcp_data/sm2-server-sig-key.pem b/test/recipes/85-test_tlcp_data/sm2-server-sig-key.pem -new file mode 100644 -index 0000000..f7fa712 ---- /dev/null -+++ b/test/recipes/85-test_tlcp_data/sm2-server-sig-key.pem -@@ -0,0 +1,5 @@ -+-----BEGIN PRIVATE KEY----- -+MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgr9nuyaNIE7aSQw/I -+sc7JhizpuCPUNKBF9zZy1on8BHShRANCAAQgP2f+HnNb6BWCGscITDpf53BwVvpj -+3gxrlHz05Po3i2IAqyL5yL2VE+bqTrxCFpQOHupjW3f5Bkihv7IUW/zM -+-----END PRIVATE KEY----- -diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c -index 4951cd3..0ab84b2 100644 ---- a/test/sm2_internal_test.c -+++ b/test/sm2_internal_test.c -@@ -7,6 +7,7 @@ - * https://www.openssl.org/source/license.html - */ - -+#include - #include - #include - #include -@@ -17,6 +18,7 @@ - #include - #include - #include -+#include - #include "testutil.h" - - #ifndef OPENSSL_NO_SM2 -@@ -404,6 +406,114 @@ static int sm2_sig_test(void) - return testresult; - } - -+static EC_KEY* create_EC_key(EC_GROUP *group, const char *prv_hex, const char *x_hex, const char *y_hex) -+{ -+ BIGNUM *prv = NULL; -+ BIGNUM *x = NULL; -+ BIGNUM *y = NULL; -+ EC_KEY *key = NULL; -+ -+ if (!TEST_true(BN_hex2bn(&prv, prv_hex)) -+ || !TEST_true(BN_hex2bn(&x, x_hex)) -+ || !TEST_true(BN_hex2bn(&y, y_hex))) -+ goto err; -+ -+ if (!TEST_ptr(key = EC_KEY_new()) -+ || !TEST_true(EC_KEY_set_group(key, group)) -+ || !TEST_true(EC_KEY_set_private_key(key, prv)) -+ || !TEST_true(EC_KEY_set_public_key_affine_coordinates(key, x, y))) { -+ EC_KEY_free(key); -+ key = NULL; -+ } -+ -+err: -+ BN_free(prv); -+ BN_free(x); -+ BN_free(y); -+ -+ return key; -+} -+ -+static int sm2_key_exchange_test(void) -+{ -+ const char *userA = "ALICE123@YAHOO.COM"; -+ const char *userB = "BILL456@YAHOO.COM"; -+ const char *privA_hex = "6FCBA2EF9AE0AB902BC3BDE3FF915D44BA4CC78F88E2F8E7F8996D3B8CCEEDEE"; -+ const char *pubA_x_hex = "3099093BF3C137D8FCBBCDF4A2AE50F3B0F216C3122D79425FE03A45DBFE1655"; -+ const char *pubA_y_hex = "3DF79E8DAC1CF0ECBAA2F2B49D51A4B387F2EFAF482339086A27A8E05BAED98B"; -+ const char *privB_hex = "5E35D7D3F3C54DBAC72E61819E730B019A84208CA3A35E4C2E353DFCCB2A3B53"; -+ const char *pubB_x_hex = "245493D446C38D8CC0F118374690E7DF633A8A4BFB3329B5ECE604B2B4F37F43"; -+ const char *pubB_y_hex = "53C0869F4B9E17773DE68FEC45E14904E0DEA45BF6CECF9918C85EA047C60A4C"; -+ const char *ra = "83A2C9C8B96E5AF70BD480B472409A9A327257F1EBB73F5B073354B248668563"; -+ const char *x1 = "6CB5633816F4DD560B1DEC458310CBCC6856C09505324A6D23150C408F162BF0"; -+ const char *y1 = "0D6FCF62F1036C0A1B6DACCF57399223A65F7D7BF2D9637E5BBBEB857961BF1A"; -+ const char *rb = "33FE21940342161C55619C4A0C060293D543C80AF19748CE176D83477DE71C80"; -+ const char *x2 = "1799B2A2C778295300D9A2325C686129B8F2B5337B3DCF4514E8BBC19D900EE5"; -+ const char *y2 = "54C9288C82733EFDF7808AE7F27D0E732F7C73A7D9AC98B7D8740A91D0DB3CF4"; -+ -+ EC_KEY *keyA = NULL; -+ EC_KEY *keyB = NULL; -+ EC_KEY *keyRa = NULL; -+ EC_KEY *keyRb = NULL; -+ -+ unsigned char Ka[16]; -+ unsigned char Kb[16]; -+ unsigned char K[] = {0x55, 0xB0, 0xAC, 0x62, 0xA6, 0xB9, 0x27, 0xBA, 0x23, 0x70, 0x38, 0x32, 0xC8, 0x53, 0xDE, 0xD4}; -+ -+ int ret = 0; -+ -+ EC_GROUP *test_group = -+ create_EC_group -+ ("8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3", -+ "787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498", -+ "63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A", -+ "421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D", -+ "0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2", -+ "8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7", -+ "1"); -+ -+ if (!TEST_ptr(keyA = create_EC_key(test_group, privA_hex, pubA_x_hex, pubA_y_hex)) -+ || !TEST_ptr(keyB = create_EC_key(test_group, privB_hex, pubB_x_hex, pubB_y_hex))) -+ goto done; -+ -+ if (!TEST_ptr(keyRa = create_EC_key(test_group, ra, x1, y1)) -+ || !TEST_ptr(keyRb = create_EC_key(test_group, rb, x2, y2))) -+ goto done; -+ -+ ret = SM2_compute_key(Ka, sizeof(Ka), 1, -+ userB, strlen(userB), userA, strlen(userA), -+ keyRb, keyRa, -+ keyB, keyA, -+ EVP_sm3()); -+ if (!TEST_int_eq(ret, sizeof(Ka))) { -+ ret = 0; -+ goto done; -+ } -+ -+ ret = SM2_compute_key(Kb, sizeof(Kb), 0, -+ userA, strlen(userA), userB, strlen(userB), -+ keyRa, keyRb, -+ keyA, keyB, -+ EVP_sm3()); -+ if (!TEST_int_eq(ret, sizeof(Kb))) { -+ ret = 0; -+ goto done; -+ } -+ -+ if (!TEST_mem_eq(Ka, sizeof(Ka), K, sizeof(K)) -+ || !TEST_mem_eq(Kb, sizeof(Kb), K, sizeof(K))) -+ ret = 0; -+ -+done: -+ EC_KEY_free(keyA); -+ EC_KEY_free(keyB); -+ EC_KEY_free(keyRa); -+ EC_KEY_free(keyRb); -+ EC_GROUP_free(test_group); -+ -+ return ret; -+} -+ - #endif - - int setup_tests(void) -@@ -413,6 +523,7 @@ int setup_tests(void) - #else - ADD_TEST(sm2_crypt_test); - ADD_TEST(sm2_sig_test); -+ ADD_TEST(sm2_key_exchange_test); - #endif - return 1; - } -diff --git a/test/tlcptest.c b/test/tlcptest.c -new file mode 100644 -index 0000000..7ebf1a2 ---- /dev/null -+++ b/test/tlcptest.c -@@ -0,0 +1,746 @@ -+/* -+ * Copyright 2022 Huawei Technologies Co., Ltd. All Rights Reserved. -+ * -+ * Licensed under the OpenSSL license (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+ -+#include "internal/nelem.h" -+#include "ssltestlib.h" -+#include "testutil.h" -+ -+#ifndef OPENSSL_NO_TLCP -+ -+typedef enum { -+ IDX_SM2_ROOT_CERT = 0, -+ IDX_SM2_SERVER_SIG_CERT, -+ IDX_SM2_SERVER_SIG_KEY, -+ IDX_SM2_SERVER_ENC_CERT, -+ IDX_SM2_SERVER_ENC_KEY, -+ IDX_SM2_CLIENT_SIG_CERT, -+ IDX_SM2_CLIENT_SIG_KEY, -+ IDX_SM2_CLIENT_ENC_CERT, -+ IDX_SM2_CLIENT_ENC_KEY, -+ IDX_ECDSA_ROOT_CERT, -+ IDX_ECDSA_SERVER_CERT, -+ IDX_ECDSA_SERVER_KEY, -+ IDX_ECDSA_CLIENT_CERT, -+ IDX_ECDSA_CLIENT_KEY, -+ IDX_MAX -+} TEST_FILES_IDX; -+ -+#define OPTION_IS_CA 0x00000001U -+#define OPTION_IS_CERT 0x00000002U -+#define OPTION_IS_KEY 0x00000004U -+#define OPTION_USE_NEWAPI 0x00000008U -+#define OPTION_USE_EXTRA 0x00000010U -+#define OPTION_IS_SIG 0x00000020U -+#define OPTION_IS_ENC 0x00000040U -+ -+typedef struct { -+ TEST_FILES_IDX idx; -+ int flag; -+} LOAD_OPTION; -+ -+typedef struct { -+ const char *method_name; -+ const char *sid_ctx; -+ int verify_mode; -+ int ssl_options; -+ int set_version; -+ LOAD_OPTION load_options[IDX_MAX]; -+} SSL_CTX_OPTION; -+typedef struct { -+ const char *case_name; -+ SSL_CTX_OPTION server; -+ SSL_CTX_OPTION client; -+ const char *ciphersuite; -+ const char *expected_version; -+ const char *expected_cipher; -+ int regenotiate; -+ int reuse_session; -+} TLCP_TEST_CASE; -+ -+static const TLCP_TEST_CASE tlcp_test_cases[] = { -+ { "test_ecc_and_cert_position", -+ { -+ "TLS_server", NULL, SSL_VERIFY_PEER, SSL_OP_ENCCERT_SECOND_POSITION, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_SERVER_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_SERVER_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ { -+ "TLCP_client", NULL, SSL_VERIFY_PEER, SSL_OP_ENCCERT_SECOND_POSITION, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_CLIENT_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_CLIENT_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ "ECC-SM4-CBC-SM3", -+ "TLCP", -+ "ECC-SM4-CBC-SM3", -+ 0, 0 -+ }, -+ { "test_extra_cert", -+ { -+ "TLS_server", NULL, SSL_VERIFY_NONE, 0, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA | OPTION_USE_EXTRA}, -+ {IDX_SM2_SERVER_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_SERVER_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ { -+ "TLCP_client", NULL, SSL_VERIFY_NONE, 0, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA | OPTION_USE_EXTRA}, -+ {IDX_SM2_CLIENT_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_CLIENT_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ "ECC-SM4-CBC-SM3", -+ "TLCP", -+ "ECC-SM4-CBC-SM3", -+ 0, 0 -+ }, -+ { "test_ssl_op_no", -+ { -+ "TLS_server", NULL, SSL_VERIFY_PEER, SSL_OP_NO_TLSv1_3 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1 | SSL_OP_NO_SSLv3, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_SERVER_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_SERVER_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ { -+ "TLS_client", NULL, SSL_VERIFY_PEER, SSL_OP_NO_TLSv1_3 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1 | SSL_OP_NO_SSLv3, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_CLIENT_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_CLIENT_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ "ECC-SM4-CBC-SM3", -+ "TLCP", -+ "ECC-SM4-CBC-SM3", -+ 0, 0 -+ }, -+ { "test_set_version_bound", -+ { -+ "TLCP_server", NULL, SSL_VERIFY_PEER, 0, TLCP_VERSION, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_SERVER_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_SERVER_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ { -+ "TLS_client", NULL, SSL_VERIFY_PEER, 0, TLCP_VERSION, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_CLIENT_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_CLIENT_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ NULL, -+ "TLCP", -+ "ECC-SM4-CBC-SM3", -+ 0, 0 -+ }, -+ { "test_use_old_api_and_other_certs", -+ { -+ "TLS_server", NULL, SSL_VERIFY_PEER, 0, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_SERVER_SIG_CERT, OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_SIG_KEY, OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_SERVER_ENC_CERT, OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_ENC_KEY, OPTION_IS_ENC | OPTION_IS_KEY }, -+ {IDX_ECDSA_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_ECDSA_SERVER_CERT, OPTION_IS_CERT}, -+ {IDX_ECDSA_SERVER_KEY, OPTION_IS_KEY} -+ } -+ }, -+ { -+ "TLCP_client", NULL, SSL_VERIFY_PEER, 0, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_CLIENT_SIG_CERT, OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_SIG_KEY, OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_CLIENT_ENC_CERT, OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_ENC_KEY, OPTION_IS_ENC | OPTION_IS_KEY }, -+ {IDX_ECDSA_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_ECDSA_CLIENT_CERT, OPTION_IS_CERT}, -+ {IDX_ECDSA_CLIENT_KEY, OPTION_IS_KEY} -+ } -+ }, -+ NULL, -+ "TLCP", -+ "ECC-SM4-CBC-SM3", -+ 0, 0 -+ }, -+ { "test_sm2dhe_and_cert_position", -+ { -+ "TLS_server", NULL, SSL_VERIFY_PEER, SSL_OP_ENCCERT_SECOND_POSITION, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_SERVER_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_SERVER_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ { -+ "TLCP_client", NULL, SSL_VERIFY_PEER, SSL_OP_ENCCERT_SECOND_POSITION, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_CLIENT_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_CLIENT_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ "ECDHE-SM4-CBC-SM3", -+ "TLCP", -+ "ECDHE-SM4-CBC-SM3", -+ 0, 0 -+ }, -+ { "test_ecc_regenotiate", -+ { -+ "TLS_server", NULL, SSL_VERIFY_PEER, SSL_OP_ENCCERT_SECOND_POSITION, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_SERVER_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_SERVER_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ { -+ "TLCP_client", NULL, SSL_VERIFY_PEER, SSL_OP_ENCCERT_SECOND_POSITION, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_CLIENT_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_CLIENT_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ "ECC-SM4-CBC-SM3", -+ "TLCP", -+ "ECC-SM4-CBC-SM3", -+ 1, 0 -+ }, -+ { "test_sm2dhe_regenotiate", -+ { -+ "TLS_server", NULL, SSL_VERIFY_PEER, SSL_OP_ENCCERT_SECOND_POSITION, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_SERVER_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_SERVER_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ { -+ "TLCP_client", NULL, SSL_VERIFY_PEER, SSL_OP_ENCCERT_SECOND_POSITION, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_CLIENT_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_CLIENT_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ "ECDHE-SM4-CBC-SM3", -+ "TLCP", -+ "ECDHE-SM4-CBC-SM3", -+ 1, 0 -+ }, -+ { "test_ecc_reused_sessionid", -+ { -+ "TLS_server", "TEST", SSL_VERIFY_PEER, SSL_OP_NO_TICKET | SSL_OP_ENCCERT_SECOND_POSITION, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_SERVER_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_SERVER_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ { -+ "TLCP_client", NULL, SSL_VERIFY_PEER, SSL_OP_NO_TICKET | SSL_OP_ENCCERT_SECOND_POSITION, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_CLIENT_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_CLIENT_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ "ECC-SM4-CBC-SM3", -+ "TLCP", -+ "ECC-SM4-CBC-SM3", -+ 0, 1 -+ }, -+ { "test_sm2dhe_reused_sessionid", -+ { -+ "TLS_server", "TEST", SSL_VERIFY_PEER, SSL_OP_NO_TICKET | SSL_OP_ENCCERT_SECOND_POSITION, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_SERVER_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_SERVER_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ { -+ "TLCP_client", NULL, SSL_VERIFY_PEER, SSL_OP_NO_TICKET | SSL_OP_ENCCERT_SECOND_POSITION, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_CLIENT_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_CLIENT_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ "ECDHE-SM4-CBC-SM3", -+ "TLCP", -+ "ECDHE-SM4-CBC-SM3", -+ 0, 1 -+ }, -+ { "test_ecc_reused_ticket", -+ { -+ "TLS_server", NULL, SSL_VERIFY_NONE, SSL_OP_ENCCERT_SECOND_POSITION, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_SERVER_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_SERVER_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ { -+ "TLCP_client", NULL, SSL_VERIFY_NONE, SSL_OP_ENCCERT_SECOND_POSITION, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_CLIENT_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_CLIENT_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ "ECC-SM4-CBC-SM3", -+ "TLCP", -+ "ECC-SM4-CBC-SM3", -+ 0, 1 -+ }, -+ { "test_sm2dhe_reused_ticket", -+ { -+ "TLS_server", NULL, SSL_VERIFY_NONE, SSL_OP_ENCCERT_SECOND_POSITION, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_SERVER_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_SERVER_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_SERVER_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ { -+ "TLCP_client", NULL, SSL_VERIFY_NONE, SSL_OP_ENCCERT_SECOND_POSITION, 0, -+ { -+ {IDX_SM2_ROOT_CERT, OPTION_IS_CA}, -+ {IDX_SM2_CLIENT_SIG_CERT, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_SIG_KEY, OPTION_USE_NEWAPI | OPTION_IS_SIG | OPTION_IS_KEY }, -+ {IDX_SM2_CLIENT_ENC_CERT, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_CERT }, -+ {IDX_SM2_CLIENT_ENC_KEY, OPTION_USE_NEWAPI | OPTION_IS_ENC | OPTION_IS_KEY } -+ } -+ }, -+ "ECDHE-SM4-CBC-SM3", -+ "TLCP", -+ "ECDHE-SM4-CBC-SM3", -+ 0, 1 -+ }, -+}; -+ -+static const char *test_files[IDX_MAX]; -+ -+static X509 *PEM_file_to_X509(const char *file) -+{ -+ BIO *in; -+ X509 *x = NULL; -+ -+ in = BIO_new(BIO_s_file()); -+ if (in == NULL || BIO_read_filename(in, file) <= 0) -+ goto err; -+ -+ x = PEM_read_bio_X509(in, NULL, NULL, NULL); -+err: -+ BIO_free(in); -+ return x; -+} -+ -+static EVP_PKEY *PEM_file_to_PrivateKey(const char *file) -+{ -+ BIO *in; -+ EVP_PKEY *pkey = NULL; -+ -+ in = BIO_new(BIO_s_file()); -+ if (in == NULL || BIO_read_filename(in, file) <= 0) -+ goto err; -+ -+ pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL); -+err: -+ BIO_free(in); -+ return pkey; -+} -+ -+static int use_extra_cert_file(SSL_CTX *ctx, const char *file) -+{ -+ X509 *x; -+ -+ x = PEM_file_to_X509(file); -+ -+ if (x == NULL) -+ return 0; -+ -+ if (!SSL_CTX_add_extra_chain_cert(ctx, x)) { -+ X509_free(x); -+ return 0; -+ } -+ return 1; -+} -+ -+static int load_test_file_by_option(SSL_CTX *ctx, LOAD_OPTION opt) -+{ -+ int usage = -1; -+ if (opt.idx >= IDX_MAX) -+ return 0; -+ -+ if (opt.flag & OPTION_IS_CA) { -+ return (opt.flag & OPTION_USE_EXTRA) -+ ? use_extra_cert_file(ctx, test_files[opt.idx]) -+ : SSL_CTX_load_verify_locations(ctx, test_files[opt.idx], NULL); -+ } -+ -+ if (opt.flag & OPTION_IS_SIG) { -+ usage = SSL_USAGE_SIG; -+ } else if (opt.flag & OPTION_IS_ENC) { -+ usage = SSL_USAGE_ENC; -+ } -+ -+ if (opt.flag & OPTION_IS_CERT) { -+ return (opt.flag & OPTION_USE_NEWAPI) -+ ? SSL_CTX_use_gm_certificate_file(ctx, test_files[opt.idx], SSL_FILETYPE_PEM, usage) -+ : SSL_CTX_use_certificate_file(ctx, test_files[opt.idx], SSL_FILETYPE_PEM); -+ } else if (opt.flag & OPTION_IS_KEY){ -+ return (opt.flag & OPTION_USE_NEWAPI) -+ ? SSL_CTX_use_gm_PrivateKey_file(ctx, test_files[opt.idx], SSL_FILETYPE_PEM, usage) -+ : SSL_CTX_use_PrivateKey_file(ctx, test_files[opt.idx], SSL_FILETYPE_PEM); -+ } -+ return 1; -+} -+ -+static int load_test_files(SSL_CTX *ctx, LOAD_OPTION *opt, size_t optlen) -+{ -+ int i; -+ for (i = 0; i < optlen; ++i) { -+ if (!load_test_file_by_option(ctx, opt[i])) { -+ return 0; -+ } -+ } -+ return 1; -+} -+ -+static SSL_CTX *SSL_CTX_create_by_option(const SSL_CTX_OPTION *opt) -+{ -+ SSL_CTX *ctx = NULL; -+ if (opt == NULL) -+ return NULL; -+ -+ if (strcmp(opt->method_name, "TLS_server") == 0) { -+ ctx = SSL_CTX_new(TLS_server_method()); -+ } else if (strcmp(opt->method_name, "TLS_client") == 0) { -+ ctx = SSL_CTX_new(TLS_client_method()); -+ } else if (strcmp(opt->method_name, "TLCP_server") == 0) { -+ ctx = SSL_CTX_new(TLCP_server_method()); -+ } else if (strcmp(opt->method_name, "TLCP_client") == 0) { -+ ctx = SSL_CTX_new(TLCP_client_method()); -+ } -+ if (ctx == NULL) -+ return NULL; -+ -+ SSL_CTX_set_verify(ctx, opt->verify_mode, NULL); -+ SSL_CTX_set_options(ctx, opt->ssl_options); -+ SSL_CTX_set_min_proto_version(ctx, opt->set_version); -+ SSL_CTX_set_max_proto_version(ctx, opt->set_version); -+ -+ if (opt->sid_ctx -+ && SSL_CTX_set_session_id_context(ctx, (unsigned char*)opt->sid_ctx, strlen(opt->sid_ctx)) != 1) { -+ SSL_CTX_free(ctx); -+ return NULL; -+ } -+ -+ if (!load_test_files(ctx, (LOAD_OPTION *)opt->load_options, OSSL_NELEM(opt->load_options))) { -+ SSL_CTX_free(ctx); -+ return NULL; -+ } -+ return ctx; -+} -+ -+static int test_tlcp_regenotiate(SSL *server_ssl, SSL *client_ssl) -+{ -+ SSL_SESSION *sess_pre; -+ SSL_SESSION *sess_post; -+ -+ if (!TEST_ptr(sess_pre = SSL_get0_session(server_ssl))) -+ return 0; -+ -+ if (!TEST_int_eq(SSL_renegotiate(client_ssl), 1) -+ || !TEST_int_eq(SSL_renegotiate_pending(client_ssl), 1)) -+ return 0; -+ -+ for (int i = 0; i < 3; i++) { -+ unsigned char buf; -+ size_t readbytes; -+ int ret = SSL_read_ex(client_ssl, &buf, sizeof(buf), &readbytes); -+ if ((ret > 0 && !TEST_ulong_eq(readbytes, 0)) -+ || (ret <= 0 && !TEST_int_eq(SSL_get_error(client_ssl, 0), SSL_ERROR_WANT_READ))) { -+ return 0; -+ } -+ -+ ret = SSL_read_ex(server_ssl, &buf, sizeof(buf), &readbytes); -+ if ((ret > 0 && !TEST_ulong_eq(readbytes, 0)) -+ || (ret <= 0 && SSL_get_error(server_ssl, 0) != SSL_ERROR_WANT_READ)) { -+ if (!strcmp("ECDHE-SM4-CBC-SM3", SSL_CIPHER_get_name(SSL_get_current_cipher(client_ssl)))) -+ return 1; -+ return 0; -+ } -+ } -+ -+ if (!TEST_false(SSL_renegotiate_pending(client_ssl)) -+ || !TEST_int_eq(SSL_session_reused(client_ssl), 0) -+ || !TEST_int_eq(SSL_session_reused(server_ssl), 0) -+ || !TEST_ptr(sess_post = SSL_get0_session(server_ssl)) -+ || !TEST_ptr_ne(sess_pre, sess_post)) -+ return 0; -+ -+ return 1; -+} -+ -+static int test_tlcp_reuse_session(SSL **p_server_ssl, SSL **p_client_ssl) -+{ -+ int ret = 0; -+ SSL *server_ssl = *p_server_ssl; -+ SSL *client_ssl = *p_client_ssl; -+ SSL_CTX *server_ctx; -+ SSL_CTX *client_ctx; -+ SSL_SESSION *sess_pre; -+ SSL_SESSION *sess_post; -+ SSL_SESSION *sess; -+ const unsigned char *sess_pre_id; -+ unsigned int sess_pre_id_len; -+ const unsigned char *sess_post_id; -+ unsigned int sess_post_id_len; -+ const char *ciph_name = SSL_CIPHER_get_name(SSL_get_current_cipher(client_ssl)); -+ -+ if (!TEST_ptr(server_ctx = SSL_get_SSL_CTX(server_ssl)) -+ || !TEST_ptr(client_ctx = SSL_get_SSL_CTX(client_ssl))) -+ return 0; -+ -+ if (!TEST_ptr(sess_pre = SSL_get0_session(server_ssl))) -+ return 0; -+ -+ if (!TEST_ptr(sess = SSL_get1_session(client_ssl))) -+ return 0; -+ -+ shutdown_ssl_connection(server_ssl, client_ssl); -+ *p_server_ssl = NULL; -+ *p_client_ssl = NULL; -+ -+ if (!TEST_int_eq(create_ssl_objects(server_ctx, client_ctx, p_server_ssl, p_client_ssl, NULL, NULL), 1)) -+ goto out; -+ -+ server_ssl = *p_server_ssl; -+ client_ssl = *p_client_ssl; -+ -+ if (!TEST_int_eq(SSL_set_session(client_ssl, sess), 1)) -+ goto out; -+ -+ if (!TEST_int_eq(create_ssl_connection(server_ssl, client_ssl, SSL_ERROR_NONE), 1)) -+ goto out; -+ -+ if (!TEST_int_eq(SSL_session_reused(client_ssl), 1) -+ || !TEST_int_eq(SSL_session_reused(server_ssl), 1)) -+ goto out; -+ -+ if (!TEST_ptr(sess_post = SSL_get0_session(server_ssl)) -+ || !TEST_str_eq(ciph_name, SSL_CIPHER_get_name(SSL_get_current_cipher(client_ssl)))) -+ goto out; -+ -+ if ((SSL_get_options(client_ssl) & SSL_OP_NO_TICKET) && (SSL_get_options(server_ssl) & SSL_OP_NO_TICKET) -+ && !TEST_ptr_eq(sess_pre, sess_post)) -+ goto out; -+ -+ sess_post_id = SSL_SESSION_get_id(sess_post, &sess_post_id_len); -+ sess_pre_id = SSL_SESSION_get_id(sess, &sess_pre_id_len); -+ -+ if (!TEST_mem_eq(sess_pre_id, sess_pre_id_len, sess_post_id, sess_post_id_len)) -+ goto out; -+ -+ ret = 1; -+ -+out: -+ SSL_SESSION_free(sess); -+ -+ return ret; -+} -+ -+static int test_tlcp_ciphersuites(int idx) -+{ -+ int result = 0; -+ SSL_CTX *server_ctx = NULL; -+ SSL_CTX *client_ctx = NULL; -+ SSL *server_ssl = NULL; -+ SSL *client_ssl = NULL; -+ const TLCP_TEST_CASE *case_ptr; -+ -+ case_ptr = &tlcp_test_cases[idx]; -+ if (!TEST_ptr(server_ctx = SSL_CTX_create_by_option(&case_ptr->server)) -+ || !TEST_ptr(client_ctx = SSL_CTX_create_by_option(&case_ptr->client))) -+ goto err; -+ -+ if (case_ptr->ciphersuite != NULL && -+ !TEST_int_eq(SSL_CTX_set_cipher_list(client_ctx, case_ptr->ciphersuite), 1)) -+ goto err; -+ -+ if (!TEST_int_eq(create_ssl_objects(server_ctx, client_ctx -+ , &server_ssl, &client_ssl, NULL, NULL), 1)) -+ goto err; -+ -+ if (!TEST_int_eq(create_ssl_connection(server_ssl, client_ssl, SSL_ERROR_NONE), 1)) -+ goto err; -+ -+ if (case_ptr->expected_version != NULL && -+ !TEST_str_eq(SSL_get_version(client_ssl), case_ptr->expected_version)) -+ goto err; -+ -+ if (case_ptr->expected_cipher && -+ !TEST_str_eq(SSL_get_cipher(client_ssl), case_ptr->expected_cipher)) -+ goto err; -+ -+ if (case_ptr->regenotiate -+ && !TEST_int_eq(test_tlcp_regenotiate(server_ssl, client_ssl), 1)) -+ goto err; -+ -+ if (case_ptr->reuse_session -+ && !TEST_int_eq(test_tlcp_reuse_session(&server_ssl, &client_ssl), 1)) -+ goto err; -+ -+ result = 1; -+err: -+ if (server_ssl != NULL) -+ SSL_shutdown(server_ssl); -+ if (client_ssl != NULL) -+ SSL_shutdown(client_ssl); -+ SSL_free(server_ssl); -+ SSL_free(client_ssl); -+ SSL_CTX_free(server_ctx); -+ SSL_CTX_free(client_ctx); -+ return result; -+} -+ -+static int test_use_certs_and_keys(void) -+{ -+ SSL_CTX *ctx = NULL; -+ SSL *ssl = NULL; -+ X509 *x = NULL; -+ EVP_PKEY *pkey = NULL; -+ int result = 0; -+ -+ ctx = SSL_CTX_new(TLCP_method()); -+ if (ctx == NULL) -+ goto err; -+ -+ ssl = SSL_new(ctx); -+ if (ssl == NULL) -+ goto err; -+ -+ if (!TEST_int_ne(SSL_use_gm_certificate_file(ssl, test_files[IDX_ECDSA_SERVER_CERT], -+ SSL_FILETYPE_PEM, SSL_USAGE_SIG), 1) -+ || !TEST_int_ne(SSL_use_gm_PrivateKey_file(ssl, test_files[IDX_ECDSA_CLIENT_KEY], -+ SSL_FILETYPE_PEM, SSL_USAGE_SIG), 1)) { -+ goto err; -+ } -+ -+ if (!TEST_int_eq(SSL_use_certificate_file(ssl, test_files[IDX_SM2_SERVER_SIG_CERT], -+ SSL_FILETYPE_PEM), 1) -+ || !TEST_int_eq(SSL_use_gm_PrivateKey_file(ssl, test_files[IDX_SM2_SERVER_SIG_KEY], -+ SSL_FILETYPE_PEM, SSL_USAGE_SIG), 1) -+ || !TEST_int_eq(SSL_use_gm_certificate_file(ssl, test_files[IDX_SM2_SERVER_ENC_CERT], -+ SSL_FILETYPE_PEM, SSL_USAGE_ENC), 1) -+ || !TEST_int_eq(SSL_use_PrivateKey_file(ssl, test_files[IDX_SM2_SERVER_ENC_KEY], -+ SSL_FILETYPE_PEM), 1)){ -+ goto err; -+ } -+ -+ if (!TEST_ptr(x = PEM_file_to_X509(test_files[IDX_SM2_CLIENT_SIG_CERT])) -+ || !TEST_ptr(pkey = PEM_file_to_PrivateKey(test_files[IDX_SM2_CLIENT_SIG_KEY])) -+ || !TEST_int_eq(SSL_use_gm_cert_and_key(ssl, x, pkey, NULL, 1, SSL_USAGE_SIG), 1)) { -+ goto err; -+ } -+ result = 1; -+err: -+ X509_free(x); -+ -+ EVP_PKEY_free(pkey); -+ SSL_free(ssl); -+ SSL_CTX_free(ctx); -+ return result; -+} -+ -+#endif -+ -+int setup_tests(void) -+{ -+#ifndef OPENSSL_NO_TLCP -+ int argc; -+ -+ for (argc = 0; argc < IDX_MAX; ++argc) { -+ if (!TEST_ptr(test_files[argc] = test_get_argument(argc))) { -+ return 0; -+ } -+ } -+ -+ ADD_ALL_TESTS(test_tlcp_ciphersuites, OSSL_NELEM(tlcp_test_cases)); -+ ADD_TEST(test_use_certs_and_keys); -+#endif -+ return 1; -+} -diff --git a/util/libcrypto.num b/util/libcrypto.num -index 81a6388..95bccf9 100644 ---- a/util/libcrypto.num -+++ b/util/libcrypto.num -@@ -4630,3 +4630,5 @@ X509_set0_sm2_id 6383 1_1_1m EXIST::FUNCTION:SM2 - X509_get0_sm2_id 6384 1_1_1m EXIST::FUNCTION:SM2 - X509_REQ_get0_sm2_id 6385 1_1_1m EXIST::FUNCTION:SM2 - X509_REQ_set0_sm2_id 6386 1_1_1m EXIST::FUNCTION:SM2 -+EVP_PKEY_is_sm2 6387 1_1_1m EXIST::FUNCTION:SM2 -+SM2_compute_key 6388 1_1_1m EXIST::FUNCTION: -diff --git a/util/libssl.num b/util/libssl.num -index 297522c..f120bed 100644 ---- a/util/libssl.num -+++ b/util/libssl.num -@@ -498,3 +498,20 @@ SSL_CTX_get_recv_max_early_data 498 1_1_1 EXIST::FUNCTION: - SSL_CTX_set_recv_max_early_data 499 1_1_1 EXIST::FUNCTION: - SSL_CTX_set_post_handshake_auth 500 1_1_1 EXIST::FUNCTION: - SSL_get_signature_type_nid 501 1_1_1a EXIST::FUNCTION: -+SSL_use_gm_PrivateKey 502 1_1_1m EXIST::FUNCTION:TLCP -+SSL_CTX_use_gm_certificate_file 503 1_1_1m EXIST::FUNCTION:TLCP -+SSL_CTX_use_gm_certificate 504 1_1_1m EXIST::FUNCTION:TLCP -+SSL_use_gm_certificate_file 505 1_1_1m EXIST::FUNCTION:TLCP -+SSL_CTX_use_gm_certificate_ASN1 506 1_1_1m EXIST::FUNCTION:TLCP -+SSL_use_gm_PrivateKey_file 507 1_1_1m EXIST::FUNCTION:TLCP -+TLCP_method 508 1_1_1m EXIST::FUNCTION:TLCP -+SSL_CTX_use_gm_PrivateKey_file 509 1_1_1m EXIST::FUNCTION:TLCP -+SSL_use_gm_PrivateKey_ASN1 510 1_1_1m EXIST::FUNCTION:TLCP -+TLCP_client_method 511 1_1_1m EXIST::FUNCTION:TLCP -+SSL_CTX_use_gm_cert_and_key 512 1_1_1m EXIST::FUNCTION:TLCP -+SSL_CTX_use_gm_PrivateKey 513 1_1_1m EXIST::FUNCTION:TLCP -+TLCP_server_method 514 1_1_1m EXIST::FUNCTION:TLCP -+SSL_use_gm_cert_and_key 515 1_1_1m EXIST::FUNCTION:TLCP -+SSL_use_gm_certificate 516 1_1_1m EXIST::FUNCTION:TLCP -+SSL_use_gm_certificate_ASN1 517 1_1_1m EXIST::FUNCTION:TLCP -+SSL_CTX_use_gm_PrivateKey_ASN1 518 1_1_1m EXIST::FUNCTION:TLCP --- -2.20.1 (Apple Git-117) - diff --git a/Feature-X509-command-supports-SM2-certificate-signing-with-default-sm2id.patch b/Feature-X509-command-supports-SM2-certificate-signing-with-default-sm2id.patch deleted file mode 100644 index 99610bc9fa174112d79a2a44fd6e137d79ae86e2..0000000000000000000000000000000000000000 --- a/Feature-X509-command-supports-SM2-certificate-signing-with-default-sm2id.patch +++ /dev/null @@ -1,87 +0,0 @@ -From d3e1106ea296a2ec94d27dd34692c34ad543ad04 Mon Sep 17 00:00:00 2001 -From: s_c_c -Date: Wed, 29 Jun 2022 17:54:50 +0800 -Subject: [PATCH] X509 command supports SM2 certificate signing with default - sm2id - ---- - apps/x509.c | 4 ++++ - include/openssl/sm2.h | 9 +++++++++ - test/recipes/25-test_req.t | 13 ++++++++++--- - 3 files changed, 23 insertions(+), 3 deletions(-) - -diff --git a/apps/x509.c b/apps/x509.c -index 1043eba..2669894 100644 ---- a/apps/x509.c -+++ b/apps/x509.c -@@ -1078,6 +1078,10 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, - if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) - goto err; - } -+#ifndef OPENSSL_NO_SM2 -+ if (EVP_PKEY_is_sm2(pkey) && !EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)) -+ goto err; -+#endif - if (!X509_sign(x, pkey, digest)) - goto err; - return 1; -diff --git a/include/openssl/sm2.h b/include/openssl/sm2.h -index 505ebfc..cc517bc 100644 ---- a/include/openssl/sm2.h -+++ b/include/openssl/sm2.h -@@ -1,3 +1,12 @@ -+/* -+ * Copyright 2022 Huawei Technologies Co., Ltd. All Rights Reserved. -+ * -+ * Licensed under the OpenSSL license (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ - #ifndef HEADER_SM2_H - # define HEADER_SM2_H - -diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t -index d53e577..2b0c08c 100644 ---- a/test/recipes/25-test_req.t -+++ b/test/recipes/25-test_req.t -@@ -182,10 +182,10 @@ subtest "generating certificate requests" => sub { - }; - - subtest "generating SM2 certificate requests" => sub { -- plan tests => 4; -+ plan tests => 5; - - SKIP: { -- skip "SM2 is not supported by this OpenSSL build", 4 -+ skip "SM2 is not supported by this OpenSSL build", 5 - if disabled("sm2"); - ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), - "-new", "-key", srctop_file("test", "certs", "sm2.key"), -@@ -198,6 +198,13 @@ subtest "generating SM2 certificate requests" => sub { - "-sm2-id", "1234567812345678", "-sm3"])), - "Verifying signature on SM2 certificate request"); - -+ # Use default sm2 id -+ ok(run(app(["openssl", "x509", "-req", "-extfile", srctop_file("test", "CAss.cnf"), -+ "-extensions", "v3_ca", "-sm3", "-days", "365", -+ "-in", "testreq.pem", "-signkey", srctop_file("test", "certs", "sm2.key"), -+ "-out", "testsign.pem"])), -+ "Signing SM2 certificate request"); -+ - ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), - "-new", "-key", srctop_file("test", "certs", "sm2.key"), - "-sigopt", "sm2_hex_id:DEADBEEF", -@@ -218,7 +225,7 @@ run_conversion('req conversions', - run_conversion('req conversions -- testreq2', - srctop_file("test", "testreq2.pem")); - --unlink "testkey.pem", "testreq.pem", "testreq_withattrs_pem.pem", "testreq_withattrs_der.pem"; -+unlink "testkey.pem", "testreq.pem", "testreq_withattrs_pem.pem", "testreq_withattrs_der.pem", "testsign.pem"; - - sub run_conversion { - my $title = shift; --- -2.20.1 (Apple Git-117) - diff --git a/Feature-add-ARMv8-implementations-of-SM4-in-ECB-and-XTS.patch b/Feature-add-ARMv8-implementations-of-SM4-in-ECB-and-XTS.patch deleted file mode 100644 index 1deb0abab8b714390966fc5c9bf2c95c2e990067..0000000000000000000000000000000000000000 --- a/Feature-add-ARMv8-implementations-of-SM4-in-ECB-and-XTS.patch +++ /dev/null @@ -1,2225 +0,0 @@ -From df56c1da16d705fb6f471651feb77a69171af9e3 Mon Sep 17 00:00:00 2001 -From: Xu Yizhou -Date: Wed, 19 Oct 2022 13:28:58 +0800 -Subject: [PATCH] add ARMv8 implementations of SM4 in ECB and XTS - ---- - Configurations/00-base-templates.conf | 1 + - Configure | 4 + - crypto/evp/c_allc.c | 1 + - crypto/evp/e_sm4.c | 352 ++++++- - crypto/modes/build.info | 2 +- - crypto/modes/xts128gb.c | 204 ++++ - crypto/objects/obj_dat.h | 15 +- - crypto/objects/obj_mac.num | 1 + - crypto/objects/objects.txt | 1 + - crypto/sm4/asm/vpsm4_ex-armv8.pl | 1173 +++++++++++++++++++++ - crypto/sm4/build.info | 5 +- - doc/man3/EVP_sm4_xts.pod | 67 ++ - fuzz/oids.txt | 1 + - include/openssl/evp.h | 4 + - include/openssl/modes.h | 9 + - include/openssl/obj_mac.h | 5 + - test/evp_test.c | 17 +- - test/recipes/30-test_evp_data/evpciph.txt | 22 + - util/libcrypto.num | 2 + - 19 files changed, 1832 insertions(+), 54 deletions(-) - create mode 100644 crypto/modes/xts128gb.c - create mode 100644 crypto/sm4/asm/vpsm4_ex-armv8.pl - create mode 100644 doc/man3/EVP_sm4_xts.pod - -diff --git a/Configurations/00-base-templates.conf b/Configurations/00-base-templates.conf -index e01dc63..1d35012 100644 ---- a/Configurations/00-base-templates.conf -+++ b/Configurations/00-base-templates.conf -@@ -321,6 +321,7 @@ my %targets=( - chacha_asm_src => "chacha-armv8.S", - poly1305_asm_src=> "poly1305-armv8.S", - keccak1600_asm_src => "keccak1600-armv8.S", -+ sm4_asm_src => "vpsm4_ex-armv8.S", - }, - parisc11_asm => { - template => 1, -diff --git a/Configure b/Configure -index a41c897..3bfe360 100755 ---- a/Configure -+++ b/Configure -@@ -1420,6 +1420,9 @@ unless ($disabled{asm}) { - if ($target{poly1305_asm_src} ne "") { - push @{$config{lib_defines}}, "POLY1305_ASM"; - } -+ if ($target{sm4_asm_src} ne "") { -+ push @{$config{lib_defines}}, "VPSM4_EX_ASM"; -+ } - } - - my %predefined_C = compiler_predefined($config{CROSS_COMPILE}.$config{CC}); -@@ -3375,6 +3378,7 @@ sub print_table_entry - "mtoutflag", - "multilib", - "build_scheme", -+ "sm4_asm_src", - ); - - if ($type eq "TABLE") { -diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c -index 22fdcc4..01b0d1f 100644 ---- a/crypto/evp/c_allc.c -+++ b/crypto/evp/c_allc.c -@@ -85,6 +85,7 @@ void openssl_add_all_ciphers_int(void) - EVP_add_cipher(EVP_sm4_cfb()); - EVP_add_cipher(EVP_sm4_ofb()); - EVP_add_cipher(EVP_sm4_ctr()); -+ EVP_add_cipher(EVP_sm4_xts()); - EVP_add_cipher_alias(SN_sm4_cbc, "SM4"); - EVP_add_cipher_alias(SN_sm4_cbc, "sm4"); - #endif -diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c -index fce3279..169d6c7 100644 ---- a/crypto/evp/e_sm4.c -+++ b/crypto/evp/e_sm4.c -@@ -15,86 +15,346 @@ - # include - # include "crypto/sm4.h" - # include "crypto/evp.h" -+# include "evp_local.h" -+# include "modes_local.h" -+ -+#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__)) -+# include "arm_arch.h" -+# if __ARM_MAX_ARCH__>=7 -+# if defined(VPSM4_EX_ASM) -+# define VPSM4_EX_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) -+# endif -+# endif -+#endif - - typedef struct { -- SM4_KEY ks; -+ union { -+ double align; -+ SM4_KEY ks; -+ } ks; -+ block128_f block; -+ union { -+ ecb128_f ecb; -+ } stream; - } EVP_SM4_KEY; - -+#ifdef VPSM4_EX_CAPABLE -+void vpsm4_ex_set_encrypt_key(const unsigned char *userKey, SM4_KEY *key); -+void vpsm4_ex_set_decrypt_key(const unsigned char *userKey, SM4_KEY *key); -+#define vpsm4_ex_encrypt SM4_encrypt -+#define vpsm4_ex_decrypt SM4_encrypt -+void vpsm4_ex_ecb_encrypt( -+ const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key, const int enc); -+/* xts mode in GB/T 17964-2021 */ -+void vpsm4_ex_xts_encrypt_gb(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1, -+ const SM4_KEY *key2, const uint8_t iv[16]); -+void vpsm4_ex_xts_decrypt_gb(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1, -+ const SM4_KEY *key2, const uint8_t iv[16]); -+/* xts mode in IEEE Std 1619-2007 */ -+void vpsm4_ex_xts_encrypt(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1, -+ const SM4_KEY *key2, const uint8_t iv[16]); -+void vpsm4_ex_xts_decrypt(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1, -+ const SM4_KEY *key2, const uint8_t iv[16]); -+#endif -+ -+# define BLOCK_CIPHER_generic(nid,blocksize,ivlen,nmode,mode,MODE,flags) \ -+static const EVP_CIPHER sm4_##mode = { \ -+ nid##_##nmode,blocksize,128/8,ivlen, \ -+ flags|EVP_CIPH_##MODE##_MODE, \ -+ sm4_init_key, \ -+ sm4_##mode##_cipher, \ -+ NULL, \ -+ sizeof(EVP_SM4_KEY), \ -+ NULL,NULL,NULL,NULL }; \ -+const EVP_CIPHER *EVP_sm4_##mode(void) \ -+{ return &sm4_##mode; } -+ -+#define BLOCK_CIPHER_generic_pack(nid,flags) \ -+ BLOCK_CIPHER_generic(nid,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ -+ BLOCK_CIPHER_generic(nid,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ -+ BLOCK_CIPHER_generic(nid,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ -+ BLOCK_CIPHER_generic(nid,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ -+ BLOCK_CIPHER_generic(nid,1,16,ctr,ctr,CTR,flags) -+ - static int sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { -- SM4_set_key(key, EVP_CIPHER_CTX_get_cipher_data(ctx)); -+ int mode; -+ EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx); -+ -+ mode = EVP_CIPHER_CTX_mode(ctx); -+ if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) { -+#ifdef VPSM4_EX_CAPABLE -+ if (VPSM4_EX_CAPABLE) { -+ vpsm4_ex_set_decrypt_key(key, &dat->ks.ks); -+ dat->block = (block128_f) vpsm4_ex_decrypt; -+ if (mode == EVP_CIPH_ECB_MODE) -+ dat->stream.ecb = (ecb128_f) vpsm4_ex_ecb_encrypt; -+ } else -+#endif -+ { -+ dat->block = (block128_f)SM4_decrypt; -+ SM4_set_key(key, EVP_CIPHER_CTX_get_cipher_data(ctx)); -+ } -+ } else { -+#ifdef VPSM4_EX_CAPABLE -+ if (VPSM4_EX_CAPABLE) { -+ vpsm4_ex_set_encrypt_key(key, &dat->ks.ks); -+ dat->block = (block128_f) vpsm4_ex_encrypt; -+ if (mode == EVP_CIPH_ECB_MODE) -+ dat->stream.ecb = (ecb128_f) vpsm4_ex_ecb_encrypt; -+ } else -+#endif -+ { -+ dat->block = (block128_f)SM4_encrypt; -+ SM4_set_key(key, EVP_CIPHER_CTX_get_cipher_data(ctx)); -+ } -+ } - return 1; - } - --static void sm4_cbc_encrypt(const unsigned char *in, unsigned char *out, -- size_t len, const SM4_KEY *key, -- unsigned char *ivec, const int enc) -+static int sm4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, size_t len) - { -- if (enc) -- CRYPTO_cbc128_encrypt(in, out, len, key, ivec, -- (block128_f)SM4_encrypt); -+ EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY,ctx); -+ -+ if (EVP_CIPHER_CTX_encrypting(ctx)) -+ CRYPTO_cbc128_encrypt(in, out, len, &dat->ks.ks, -+ EVP_CIPHER_CTX_iv_noconst(ctx), dat->block); - else -- CRYPTO_cbc128_decrypt(in, out, len, key, ivec, -- (block128_f)SM4_decrypt); -+ CRYPTO_cbc128_decrypt(in, out, len, &dat->ks.ks, -+ EVP_CIPHER_CTX_iv_noconst(ctx), dat->block); -+ return 1; - } - --static void sm4_cfb128_encrypt(const unsigned char *in, unsigned char *out, -- size_t length, const SM4_KEY *key, -- unsigned char *ivec, int *num, const int enc) -+static int sm4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, size_t len) - { -- CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, -- (block128_f)SM4_encrypt); -+ EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY,ctx); -+ int num = EVP_CIPHER_CTX_num(ctx); -+ -+ CRYPTO_cfb128_encrypt(in, out, len, &dat->ks.ks, -+ ctx->iv, &num, -+ EVP_CIPHER_CTX_encrypting(ctx), dat->block); -+ EVP_CIPHER_CTX_set_num(ctx, num); -+ -+ return 1; - } - --static void sm4_ecb_encrypt(const unsigned char *in, unsigned char *out, -- const SM4_KEY *key, const int enc) -+static int sm4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, size_t len) - { -- if (enc) -- SM4_encrypt(in, out, key); -+ size_t bl = EVP_CIPHER_CTX_block_size(ctx); -+ size_t i; -+ EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY,ctx); -+ -+ if (len < bl){ -+ return 1; -+ } -+ if (dat->stream.ecb != NULL) -+ (*dat->stream.ecb) (in, out, len, &dat->ks.ks, -+ EVP_CIPHER_CTX_encrypting(ctx)); - else -- SM4_decrypt(in, out, key); -+ for (i = 0, len -= bl; i <= len; i += bl) -+ (*dat->block) (in + i, out + i, &dat->ks.ks); -+ return 1; - } - --static void sm4_ofb128_encrypt(const unsigned char *in, unsigned char *out, -- size_t length, const SM4_KEY *key, -- unsigned char *ivec, int *num) -+static int sm4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, size_t len) - { -- CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, -- (block128_f)SM4_encrypt); --} -+ EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY,ctx); -+ int num = EVP_CIPHER_CTX_num(ctx); - --IMPLEMENT_BLOCK_CIPHER(sm4, ks, sm4, EVP_SM4_KEY, NID_sm4, -- 16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1, -- sm4_init_key, 0, 0, 0, 0) -+ CRYPTO_ofb128_encrypt(in, out, len, &dat->ks.ks, -+ ctx->iv, &num, dat->block); -+ EVP_CIPHER_CTX_set_num(ctx, num); -+ return 1; -+} - - static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) - { -- unsigned int num = EVP_CIPHER_CTX_num(ctx); -- EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx); -+ int n = EVP_CIPHER_CTX_num(ctx); -+ unsigned int num; -+ EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY,ctx); -+ -+ if (n < 0) -+ return 0; -+ num = (unsigned int)n; - -- CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, -- EVP_CIPHER_CTX_iv_noconst(ctx), -- EVP_CIPHER_CTX_buf_noconst(ctx), &num, -- (block128_f)SM4_encrypt); -+ CRYPTO_ctr128_encrypt(in, out, len, &dat->ks.ks, -+ ctx->iv, -+ EVP_CIPHER_CTX_buf_noconst(ctx), &num, -+ dat->block); - EVP_CIPHER_CTX_set_num(ctx, num); - return 1; - } - --static const EVP_CIPHER sm4_ctr_mode = { -- NID_sm4_ctr, 1, 16, 16, -- EVP_CIPH_CTR_MODE, -- sm4_init_key, -- sm4_ctr_cipher, -- NULL, -- sizeof(EVP_SM4_KEY), -- NULL, NULL, NULL, NULL --}; -+BLOCK_CIPHER_generic_pack(NID_sm4, 0) - --const EVP_CIPHER *EVP_sm4_ctr(void) -+typedef struct { -+ union { -+ double align; -+ SM4_KEY ks; -+ } ks1, ks2; /* sm4 key schedules to use */ -+ XTS128_CONTEXT xts; -+ int std; /* 0 for xts mode in GB/T 17964-2021 */ -+ /* 1 for xts mode in IEEE Std 1619-2007 */ -+ void (*stream_gb) (const unsigned char *in, -+ unsigned char *out, size_t length, -+ const SM4_KEY *key1, const SM4_KEY *key2, -+ const unsigned char iv[16]); /* stream for xts mode in GB/T 17964-2021 */ -+ void (*stream) (const unsigned char *in, -+ unsigned char *out, size_t length, -+ const SM4_KEY *key1, const SM4_KEY *key2, -+ const unsigned char iv[16]); /* stream for xts mode in IEEE Std 1619-2007 */ -+} EVP_SM4_XTS_CTX; -+ -+static int sm4_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -+{ -+ EVP_SM4_XTS_CTX *xctx = EVP_C_DATA(EVP_SM4_XTS_CTX, c); -+ -+ if (type == EVP_CTRL_COPY) { -+ EVP_CIPHER_CTX *out = ptr; -+ EVP_SM4_XTS_CTX *xctx_out = EVP_C_DATA(EVP_SM4_XTS_CTX,out); -+ -+ if (xctx->xts.key1) { -+ if (xctx->xts.key1 != &xctx->ks1) -+ return 0; -+ xctx_out->xts.key1 = &xctx_out->ks1; -+ } -+ if (xctx->xts.key2) { -+ if (xctx->xts.key2 != &xctx->ks2) -+ return 0; -+ xctx_out->xts.key2 = &xctx_out->ks2; -+ } -+ return 1; -+ } else if (type == EVP_CTRL_XTS_STANDARD) { -+ if ((arg < 0) || (arg > 1)) -+ return 0; -+ xctx->std = arg; -+ return 1; -+ } else if (type != EVP_CTRL_INIT) -+ return -1; -+ /* key1 and key2 are used as an indicator both key and IV are set */ -+ xctx->xts.key1 = NULL; -+ xctx->xts.key2 = NULL; -+ return 1; -+} -+ -+static int sm4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -+ const unsigned char *iv, int enc) -+{ -+ EVP_SM4_XTS_CTX *xctx = EVP_C_DATA(EVP_SM4_XTS_CTX,ctx); -+ -+ if (!iv && !key) -+ return 1; -+ -+ if (key) -+ do { -+ /* The key is two half length keys in reality */ -+ const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; -+ xctx->stream_gb = NULL; -+ xctx->stream = NULL; -+#ifdef VPSM4_EX_CAPABLE -+ if (VPSM4_EX_CAPABLE) { -+ if (enc) { -+ vpsm4_ex_set_encrypt_key(key, &xctx->ks1.ks); -+ xctx->xts.block1 = (block128_f) vpsm4_ex_encrypt; -+ xctx->stream_gb = vpsm4_ex_xts_encrypt_gb; -+ xctx->stream = vpsm4_ex_xts_encrypt; -+ } else { -+ vpsm4_ex_set_decrypt_key(key, &xctx->ks1.ks); -+ xctx->xts.block1 = (block128_f) vpsm4_ex_decrypt; -+ xctx->stream_gb = vpsm4_ex_xts_decrypt_gb; -+ xctx->stream = vpsm4_ex_xts_decrypt; -+ } -+ vpsm4_ex_set_encrypt_key(key + bytes, &xctx->ks2.ks); -+ xctx->xts.block2 = (block128_f) vpsm4_ex_encrypt; -+ -+ xctx->xts.key1 = &xctx->ks1; -+ break; -+ } else -+#endif -+ (void)0; /* terminate potentially open 'else' */ -+ -+ if (enc) { -+ SM4_set_key(key, &xctx->ks1.ks); -+ xctx->xts.block1 = (block128_f) SM4_encrypt; -+ } else { -+ SM4_set_key(key, &xctx->ks1.ks); -+ xctx->xts.block1 = (block128_f) SM4_decrypt; -+ } -+ -+ SM4_set_key(key + bytes, &xctx->ks2.ks); -+ xctx->xts.block2 = (block128_f) SM4_encrypt; -+ -+ xctx->xts.key1 = &xctx->ks1; -+ } while (0); -+ -+ if (iv) { -+ xctx->xts.key2 = &xctx->ks2; -+ memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16); -+ } -+ -+ return 1; -+} -+ -+static int sm4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, size_t len) -+{ -+ EVP_SM4_XTS_CTX *xctx = EVP_C_DATA(EVP_SM4_XTS_CTX,ctx); -+ if (!xctx->xts.key1 || !xctx->xts.key2) -+ return 0; -+ if (!out || !in || len < SM4_BLOCK_SIZE) -+ return 0; -+ if (xctx->std) { -+ if (xctx->stream) -+ (*xctx->stream) (in, out, len, -+ xctx->xts.key1, xctx->xts.key2, -+ EVP_CIPHER_CTX_iv_noconst(ctx)); -+ else if (CRYPTO_xts128_encrypt(&xctx->xts, EVP_CIPHER_CTX_iv_noconst(ctx), -+ in, out, len, -+ EVP_CIPHER_CTX_encrypting(ctx))) -+ return 0; -+ } else { -+ if (xctx->stream_gb) -+ (*xctx->stream_gb) (in, out, len, -+ xctx->xts.key1, xctx->xts.key2, -+ EVP_CIPHER_CTX_iv_noconst(ctx)); -+ else if (CRYPTO_xts128gb_encrypt(&xctx->xts, EVP_CIPHER_CTX_iv_noconst(ctx), -+ in, out, len, -+ EVP_CIPHER_CTX_encrypting(ctx))) -+ return 0; -+ } -+ return 1; -+} -+ -+#define SM4_XTS_BLOCK_SIZE 1 -+#define SM4_XTS_IV_LENGTH 16 -+#define SM4_XTS_KEY_LENGTH 32 -+ -+#define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \ -+ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ -+ | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_XTS_MODE) -+ -+static const EVP_CIPHER sm4_xts_mode = { -+ NID_sm4_xts, -+ SM4_XTS_BLOCK_SIZE, -+ SM4_XTS_KEY_LENGTH, -+ SM4_XTS_IV_LENGTH, -+ XTS_FLAGS, -+ sm4_xts_init_key, -+ sm4_xts_cipher, -+ NULL, -+ sizeof(EVP_SM4_XTS_CTX), -+ NULL, NULL, sm4_xts_ctrl, NULL -+}; -+ -+const EVP_CIPHER *EVP_sm4_xts(void) - { -- return &sm4_ctr_mode; -+ return &sm4_xts_mode; - } - - #endif -diff --git a/crypto/modes/build.info b/crypto/modes/build.info -index 821340e..f974b04 100644 ---- a/crypto/modes/build.info -+++ b/crypto/modes/build.info -@@ -1,7 +1,7 @@ - LIBS=../../libcrypto - SOURCE[../../libcrypto]=\ - cbc128.c ctr128.c cts128.c cfb128.c ofb128.c gcm128.c \ -- ccm128.c xts128.c wrap128.c ocb128.c \ -+ ccm128.c xts128.c xts128gb.c wrap128.c ocb128.c \ - {- $target{modes_asm_src} -} - - INCLUDE[gcm128.o]=.. -diff --git a/crypto/modes/xts128gb.c b/crypto/modes/xts128gb.c -new file mode 100644 -index 0000000..8f57cc5 ---- /dev/null -+++ b/crypto/modes/xts128gb.c -@@ -0,0 +1,204 @@ -+/* -+ * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the OpenSSL license (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+// This is the xts mode in GB/T 17964-2021 -+#include -+#include "modes_local.h" -+#include -+ -+#ifndef STRICT_ALIGNMENT -+# ifdef __GNUC__ -+typedef u64 u64_a1 __attribute((__aligned__(1))); -+# else -+typedef u64 u64_a1; -+# endif -+#endif -+ -+int CRYPTO_xts128gb_encrypt(const XTS128_CONTEXT *ctx, -+ const unsigned char iv[16], -+ const unsigned char *inp, unsigned char *out, -+ size_t len, int enc) -+{ -+ const union { -+ long one; -+ char little; -+ } is_endian = { -+ 1 -+ }; -+ union { -+ u64 u[2]; -+ u32 d[4]; -+ u8 c[16]; -+ } tweak, scratch; -+ unsigned int i; -+ -+ if (len < 16) -+ return -1; -+ -+ memcpy(tweak.c, iv, 16); -+ -+ (*ctx->block2) (tweak.c, tweak.c, ctx->key2); -+ -+ if (!enc && (len % 16)) -+ len -= 16; -+ -+ while (len >= 16) { -+#if defined(STRICT_ALIGNMENT) -+ memcpy(scratch.c, inp, 16); -+ scratch.u[0] ^= tweak.u[0]; -+ scratch.u[1] ^= tweak.u[1]; -+#else -+ scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak.u[0]; -+ scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak.u[1]; -+#endif -+ (*ctx->block1) (scratch.c, scratch.c, ctx->key1); -+#if defined(STRICT_ALIGNMENT) -+ scratch.u[0] ^= tweak.u[0]; -+ scratch.u[1] ^= tweak.u[1]; -+ memcpy(out, scratch.c, 16); -+#else -+ ((u64_a1 *)out)[0] = scratch.u[0] ^= tweak.u[0]; -+ ((u64_a1 *)out)[1] = scratch.u[1] ^= tweak.u[1]; -+#endif -+ inp += 16; -+ out += 16; -+ len -= 16; -+ -+ if (len == 0) -+ return 0; -+ -+ if (is_endian.little) { -+ u8 res; -+ u64 hi, lo; -+#ifdef BSWAP8 -+ hi = BSWAP8(tweak.u[0]); -+ lo = BSWAP8(tweak.u[1]); -+#else -+ u8 *p = tweak.c; -+ -+ hi = (u64)GETU32(p) << 32 | GETU32(p + 4); -+ lo = (u64)GETU32(p + 8) << 32 | GETU32(p + 12); -+#endif -+ res = (u8)lo & 1; -+ tweak.u[0] = (lo >> 1) | (hi << 63); -+ tweak.u[1] = hi >> 1; -+ if (res) -+ tweak.c[15] ^= 0xe1; -+#ifdef BSWAP8 -+ hi = BSWAP8(tweak.u[0]); -+ lo = BSWAP8(tweak.u[1]); -+#else -+ p = tweak.c; -+ -+ hi = (u64)GETU32(p) << 32 | GETU32(p + 4); -+ lo = (u64)GETU32(p + 8) << 32 | GETU32(p + 12); -+#endif -+ tweak.u[0] = lo; -+ tweak.u[1] = hi; -+ } else { -+ u8 Cin, Cout; -+ Cin = 0; -+ for (i = 0; i < 16; ++i) { -+ Cout = (tweak.c[i] << 7) & 0x80; -+ tweak.c[i] = ((tweak.c[i] >> 1) + Cin) & 0xff; -+ Cin = Cout; -+ } -+ if (Cout) -+ tweak.c[0] ^= 0xe1; -+ } -+ } -+ if (enc) { -+ for (i = 0; i < len; ++i) { -+ u8 c = inp[i]; -+ out[i] = scratch.c[i]; -+ scratch.c[i] = c; -+ } -+ scratch.u[0] ^= tweak.u[0]; -+ scratch.u[1] ^= tweak.u[1]; -+ (*ctx->block1) (scratch.c, scratch.c, ctx->key1); -+ scratch.u[0] ^= tweak.u[0]; -+ scratch.u[1] ^= tweak.u[1]; -+ memcpy(out - 16, scratch.c, 16); -+ } else { -+ union { -+ u64 u[2]; -+ u8 c[16]; -+ } tweak1; -+ -+ if (is_endian.little) { -+ u8 res; -+ u64 hi, lo; -+#ifdef BSWAP8 -+ hi = BSWAP8(tweak.u[0]); -+ lo = BSWAP8(tweak.u[1]); -+#else -+ u8 *p = tweak.c; -+ -+ hi = (u64)GETU32(p) << 32 | GETU32(p + 4); -+ lo = (u64)GETU32(p + 8) << 32 | GETU32(p + 12); -+#endif -+ res = (u8)lo & 1; -+ tweak1.u[0] = (lo >> 1) | (hi << 63); -+ tweak1.u[1] = hi >> 1; -+ if (res) -+ tweak1.c[15] ^= 0xe1; -+#ifdef BSWAP8 -+ hi = BSWAP8(tweak1.u[0]); -+ lo = BSWAP8(tweak1.u[1]); -+#else -+ p = tweak1.c; -+ -+ hi = (u64)GETU32(p) << 32 | GETU32(p + 4); -+ lo = (u64)GETU32(p + 8) << 32 | GETU32(p + 12); -+#endif -+ tweak1.u[0] = lo; -+ tweak1.u[1] = hi; -+ } else { -+ u8 Cin, Cout; -+ Cin = 0; -+ for ( i = 0; i < 16; ++i ) { -+ Cout = (tweak.c[i] << 7) & 0x80; -+ tweak1.c[i] = ((tweak.c[i] >> 1) + Cin) & 0xff; -+ Cin = Cout; -+ } -+ if (Cout) -+ tweak1.c[0] ^= 0xe1; -+ } -+#if defined(STRICT_ALIGNMENT) -+ memcpy(scratch.c, inp, 16); -+ scratch.u[0] ^= tweak1.u[0]; -+ scratch.u[1] ^= tweak1.u[1]; -+#else -+ scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak1.u[0]; -+ scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak1.u[1]; -+#endif -+ (*ctx->block1) (scratch.c, scratch.c, ctx->key1); -+ scratch.u[0] ^= tweak1.u[0]; -+ scratch.u[1] ^= tweak1.u[1]; -+ -+ for (i = 0; i < len; ++i) { -+ u8 c = inp[16 + i]; -+ out[16 + i] = scratch.c[i]; -+ scratch.c[i] = c; -+ } -+ scratch.u[0] ^= tweak.u[0]; -+ scratch.u[1] ^= tweak.u[1]; -+ (*ctx->block1) (scratch.c, scratch.c, ctx->key1); -+#if defined(STRICT_ALIGNMENT) -+ scratch.u[0] ^= tweak.u[0]; -+ scratch.u[1] ^= tweak.u[1]; -+ memcpy(out, scratch.c, 16); -+#else -+ ((u64_a1 *)out)[0] = scratch.u[0] ^ tweak.u[0]; -+ ((u64_a1 *)out)[1] = scratch.u[1] ^ tweak.u[1]; -+#endif -+ } -+ -+ return 0; -+} -diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h -index eb4cce4..6d60f87 100644 ---- a/crypto/objects/obj_dat.h -+++ b/crypto/objects/obj_dat.h -@@ -10,7 +10,7 @@ - */ - - /* Serialized OID's */ --static const unsigned char so[7770] = { -+static const unsigned char so[7778] = { - 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ -@@ -1077,9 +1077,10 @@ static const unsigned char so[7770] = { - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0C, /* [ 7745] OBJ_hmacWithSHA512_224 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */ - 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x75, /* [ 7761] OBJ_SM2_with_SM3 */ -+ 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x0A, /* [ 7769] OBJ_sm4_xts */ - }; - --#define NUM_NID 1196 -+#define NUM_NID 1197 - static const ASN1_OBJECT nid_objs[NUM_NID] = { - {"UNDEF", "undefined", NID_undef}, - {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, -@@ -2277,9 +2278,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { - {"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]}, - {"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]}, - {"SM2-SM3", "SM2-with-SM3", NID_SM2_with_SM3, 8, &so[7761]}, -+ {"SM4-XTS", "sm4-xts", NID_sm4_xts, 8, &so[7769]}, - }; - --#define NUM_SN 1187 -+#define NUM_SN 1188 - static const unsigned int sn_objs[NUM_SN] = { - 364, /* "AD_DVCS" */ - 419, /* "AES-128-CBC" */ -@@ -2554,6 +2556,7 @@ static const unsigned int sn_objs[NUM_SN] = { - 1139, /* "SM4-CTR" */ - 1133, /* "SM4-ECB" */ - 1135, /* "SM4-OFB" */ -+ 1196, /* "SM4-XTS" */ - 188, /* "SMIME" */ - 167, /* "SMIME-CAPS" */ - 100, /* "SN" */ -@@ -3470,7 +3473,7 @@ static const unsigned int sn_objs[NUM_SN] = { - 1093, /* "x509ExtAdmission" */ - }; - --#define NUM_LN 1187 -+#define NUM_LN 1188 - static const unsigned int ln_objs[NUM_LN] = { - 363, /* "AD Time Stamping" */ - 405, /* "ANSI X9.62" */ -@@ -4613,6 +4616,7 @@ static const unsigned int ln_objs[NUM_LN] = { - 1139, /* "sm4-ctr" */ - 1133, /* "sm4-ecb" */ - 1135, /* "sm4-ofb" */ -+ 1196, /* "sm4-xts" */ - 16, /* "stateOrProvinceName" */ - 660, /* "streetAddress" */ - 498, /* "subtreeMaximumQuality" */ -@@ -4661,7 +4665,7 @@ static const unsigned int ln_objs[NUM_LN] = { - 125, /* "zlib compression" */ - }; - --#define NUM_OBJ 1072 -+#define NUM_OBJ 1073 - static const unsigned int obj_objs[NUM_OBJ] = { - 0, /* OBJ_undef 0 */ - 181, /* OBJ_iso 1 */ -@@ -5128,6 +5132,7 @@ static const unsigned int obj_objs[NUM_OBJ] = { - 1136, /* OBJ_sm4_cfb1 1 2 156 10197 1 104 5 */ - 1138, /* OBJ_sm4_cfb8 1 2 156 10197 1 104 6 */ - 1139, /* OBJ_sm4_ctr 1 2 156 10197 1 104 7 */ -+ 1196, /* OBJ_sm4_xts 1 2 156 10197 1 104 10 */ - 1172, /* OBJ_sm2 1 2 156 10197 1 301 */ - 1143, /* OBJ_sm3 1 2 156 10197 1 401 */ - 1195, /* OBJ_SM2_with_SM3 1 2 156 10197 1 501 */ -diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num -index 8b797b0..77ad385 100644 ---- a/crypto/objects/obj_mac.num -+++ b/crypto/objects/obj_mac.num -@@ -1193,3 +1193,4 @@ magma_mac 1192 - hmacWithSHA512_224 1193 - hmacWithSHA512_256 1194 - SM2_with_SM3 1195 -+sm4_xts 1196 -diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt -index be9da47..5713fae 100644 ---- a/crypto/objects/objects.txt -+++ b/crypto/objects/objects.txt -@@ -1520,6 +1520,7 @@ sm-scheme 104 4 : SM4-CFB : sm4-cfb - sm-scheme 104 5 : SM4-CFB1 : sm4-cfb1 - sm-scheme 104 6 : SM4-CFB8 : sm4-cfb8 - sm-scheme 104 7 : SM4-CTR : sm4-ctr -+sm-scheme 104 10 : SM4-XTS : sm4-xts - - # There is no OID that just denotes "HMAC" oddly enough... - -diff --git a/crypto/sm4/asm/vpsm4_ex-armv8.pl b/crypto/sm4/asm/vpsm4_ex-armv8.pl -new file mode 100644 -index 0000000..86a6f89 ---- /dev/null -+++ b/crypto/sm4/asm/vpsm4_ex-armv8.pl -@@ -0,0 +1,1173 @@ -+#! /usr/bin/env perl -+# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+ -+# -+# This module implements SM4 with ASIMD and AESE on AARCH64 -+# -+# Feb 2022 -+# -+ -+# $output is the last argument if it looks like a file (it has an extension) -+# $flavour is the first argument if it doesn't look like a file -+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -+$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; -+ -+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -+( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or -+( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or -+die "can't locate arm-xlate.pl"; -+ -+open OUT,"| \"$^X\" $xlate $flavour \"$output\"" -+ or die "can't call $xlate: $!"; -+*STDOUT=*OUT; -+ -+$prefix="vpsm4_ex"; -+my ($inp,$outp,$rks1,$rks2,$ivp,$enc)=("x0","x1","x3","x4","x5","x6"); -+my ($blocks,$len)=("x2","x2"); -+my $remain=("x7"); -+my ($ptr,$counter)=("x12","w13"); -+my ($wtmp0,$wtmp1,$wtmp2,$wtmp3)=("w8","w9","w10","w11"); -+my ($xtmp0,$xtmp1,$xtmp2,$xtmp3)=("x8","x9","x10","x11"); -+my ($word0,$word1,$word2,$word3)=("w14","w15","w16","w17"); -+my @twx=map("x$_",(14..29)); -+my $lastBlk=("x26"); -+ -+my @tweak=map("v$_",(0..7)); -+my @qtmp=map("q$_",(8..11)); -+my @vtmp=map("v$_",(8..11)); -+my ($rk0,$rk1)=("v12","v13"); -+my ($rka,$rkb)=("v14","v15"); -+my @data=map("v$_",(16..19)); -+my @datax=map("v$_",(20..23)); -+my ($vtmp4,$vtmp5)=("v24","v25"); -+my $lastTweak=("v25"); -+my ($MaskV,$TAHMatV,$TALMatV,$ATAHMatV,$ATALMatV,$ANDMaskV)=("v26","v27","v28","v29","v30","v31"); -+my ($MaskQ,$TAHMatQ,$TALMatQ,$ATAHMatQ,$ATALMatQ,$ANDMaskQ)=("q26","q27","q28","q29","q30","q31"); -+ -+sub rev32() { -+ my $dst = shift; -+ my $src = shift; -+ -+ if ($src and ("$src" ne "$dst")) { -+$code.=<<___; -+#ifndef __ARMEB__ -+ rev32 $dst.16b,$src.16b -+#else -+ mov $dst.16b,$src.16b -+#endif -+___ -+ } else { -+$code.=<<___; -+#ifndef __ARMEB__ -+ rev32 $dst.16b,$dst.16b -+#endif -+___ -+ } -+} -+ -+sub rev32_armeb() { -+ my $dst = shift; -+ my $src = shift; -+ -+ if ($src and ("$src" ne "$dst")) { -+$code.=<<___; -+#ifdef __ARMEB__ -+ rev32 $dst.16b,$src.16b -+#else -+ mov $dst.16b,$src.16b -+#endif -+___ -+ } else { -+$code.=<<___; -+#ifdef __ARMEB__ -+ rev32 $dst.16b,$dst.16b -+#endif -+___ -+ } -+} -+ -+sub transpose() { -+ my ($dat0,$dat1,$dat2,$dat3,$vt0,$vt1,$vt2,$vt3) = @_; -+ -+$code.=<<___; -+ zip1 $vt0.4s,$dat0.4s,$dat1.4s -+ zip2 $vt1.4s,$dat0.4s,$dat1.4s -+ zip1 $vt2.4s,$dat2.4s,$dat3.4s -+ zip2 $vt3.4s,$dat2.4s,$dat3.4s -+ zip1 $dat0.2d,$vt0.2d,$vt2.2d -+ zip2 $dat1.2d,$vt0.2d,$vt2.2d -+ zip1 $dat2.2d,$vt1.2d,$vt3.2d -+ zip2 $dat3.2d,$vt1.2d,$vt3.2d -+___ -+} -+ -+sub load_sbox_matrix () { -+$code.=<<___; -+ ldr $MaskQ, =0x0306090c0f0205080b0e0104070a0d00 -+ ldr $TAHMatQ, =0x22581a6002783a4062185a2042387a00 -+ ldr $TALMatQ, =0xc10bb67c4a803df715df62a89e54e923 -+ ldr $ATAHMatQ, =0x1407c6d56c7fbeadb9aa6b78c1d21300 -+ ldr $ATALMatQ, =0xe383c1a1fe9edcbc6404462679195b3b -+ ldr $ANDMaskQ, =0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f -+___ -+} -+# matrix multiplication Mat*x = (lowerMat*x) ^ (higherMat*x) -+sub mul_matrix() { -+ my $x = shift; -+ my $higherMat = shift; -+ my $lowerMat = shift; -+ my $tmp = shift; -+$code.=<<___; -+ ushr $tmp.16b, $x.16b, 4 -+ and $x.16b, $x.16b, $ANDMaskV.16b -+ tbl $x.16b, {$lowerMat.16b}, $x.16b -+ tbl $tmp.16b, {$higherMat.16b}, $tmp.16b -+ eor $x.16b, $x.16b, $tmp.16b -+___ -+} -+ -+# sbox operation for one single word -+sub sbox_1word () { -+ my $word = shift; -+ -+$code.=<<___; -+ mov @vtmp[3].s[0],$word -+ // optimize sbox using AESE instruction -+ tbl @vtmp[0].16b, {@vtmp[3].16b}, $MaskV.16b -+___ -+ &mul_matrix(@vtmp[0], $TAHMatV, $TALMatV, @vtmp[2]); -+$code.=<<___; -+ eor @vtmp[1].16b, @vtmp[1].16b, @vtmp[1].16b -+ aese @vtmp[0].16b,@vtmp[1].16b -+___ -+ &mul_matrix(@vtmp[0], $ATAHMatV, $ATALMatV, @vtmp[2]); -+$code.=<<___; -+ -+ mov $wtmp0,@vtmp[0].s[0] -+ eor $word,$wtmp0,$wtmp0,ror #32-2 -+ eor $word,$word,$wtmp0,ror #32-10 -+ eor $word,$word,$wtmp0,ror #32-18 -+ eor $word,$word,$wtmp0,ror #32-24 -+___ -+} -+ -+# sbox operation for 4-lane of words -+sub sbox() { -+ my $dat = shift; -+ -+$code.=<<___; -+ // optimize sbox using AESE instruction -+ tbl @vtmp[0].16b, {$dat.16b}, $MaskV.16b -+___ -+ &mul_matrix(@vtmp[0], $TAHMatV, $TALMatV, $vtmp4); -+$code.=<<___; -+ eor @vtmp[1].16b, @vtmp[1].16b, @vtmp[1].16b -+ aese @vtmp[0].16b,@vtmp[1].16b -+___ -+ &mul_matrix(@vtmp[0], $ATAHMatV, $ATALMatV, $vtmp4); -+$code.=<<___; -+ mov $dat.16b,@vtmp[0].16b -+ -+ // linear transformation -+ ushr @vtmp[0].4s,$dat.4s,32-2 -+ ushr @vtmp[1].4s,$dat.4s,32-10 -+ ushr @vtmp[2].4s,$dat.4s,32-18 -+ ushr @vtmp[3].4s,$dat.4s,32-24 -+ sli @vtmp[0].4s,$dat.4s,2 -+ sli @vtmp[1].4s,$dat.4s,10 -+ sli @vtmp[2].4s,$dat.4s,18 -+ sli @vtmp[3].4s,$dat.4s,24 -+ eor $vtmp4.16b,@vtmp[0].16b,$dat.16b -+ eor $vtmp4.16b,$vtmp4.16b,$vtmp[1].16b -+ eor $dat.16b,@vtmp[2].16b,@vtmp[3].16b -+ eor $dat.16b,$dat.16b,$vtmp4.16b -+___ -+} -+ -+# sbox operation for 8-lane of words -+sub sbox_double() { -+ my $dat = shift; -+ my $datx = shift; -+ -+$code.=<<___; -+ // optimize sbox using AESE instruction -+ tbl @vtmp[0].16b, {$dat.16b}, $MaskV.16b -+ tbl @vtmp[1].16b, {$datx.16b}, $MaskV.16b -+___ -+ &mul_matrix(@vtmp[0], $TAHMatV, $TALMatV, $vtmp4); -+ &mul_matrix(@vtmp[1], $TAHMatV, $TALMatV, $vtmp4); -+$code.=<<___; -+ eor $vtmp5.16b, $vtmp5.16b, $vtmp5.16b -+ aese @vtmp[0].16b,$vtmp5.16b -+ aese @vtmp[1].16b,$vtmp5.16b -+___ -+ &mul_matrix(@vtmp[0], $ATAHMatV, $ATALMatV,$vtmp4); -+ &mul_matrix(@vtmp[1], $ATAHMatV, $ATALMatV,$vtmp4); -+$code.=<<___; -+ mov $dat.16b,@vtmp[0].16b -+ mov $datx.16b,@vtmp[1].16b -+ -+ // linear transformation -+ ushr @vtmp[0].4s,$dat.4s,32-2 -+ ushr $vtmp5.4s,$datx.4s,32-2 -+ ushr @vtmp[1].4s,$dat.4s,32-10 -+ ushr @vtmp[2].4s,$dat.4s,32-18 -+ ushr @vtmp[3].4s,$dat.4s,32-24 -+ sli @vtmp[0].4s,$dat.4s,2 -+ sli $vtmp5.4s,$datx.4s,2 -+ sli @vtmp[1].4s,$dat.4s,10 -+ sli @vtmp[2].4s,$dat.4s,18 -+ sli @vtmp[3].4s,$dat.4s,24 -+ eor $vtmp4.16b,@vtmp[0].16b,$dat.16b -+ eor $vtmp4.16b,$vtmp4.16b,@vtmp[1].16b -+ eor $dat.16b,@vtmp[2].16b,@vtmp[3].16b -+ eor $dat.16b,$dat.16b,$vtmp4.16b -+ ushr @vtmp[1].4s,$datx.4s,32-10 -+ ushr @vtmp[2].4s,$datx.4s,32-18 -+ ushr @vtmp[3].4s,$datx.4s,32-24 -+ sli @vtmp[1].4s,$datx.4s,10 -+ sli @vtmp[2].4s,$datx.4s,18 -+ sli @vtmp[3].4s,$datx.4s,24 -+ eor $vtmp4.16b,$vtmp5.16b,$datx.16b -+ eor $vtmp4.16b,$vtmp4.16b,@vtmp[1].16b -+ eor $datx.16b,@vtmp[2].16b,@vtmp[3].16b -+ eor $datx.16b,$datx.16b,$vtmp4.16b -+___ -+} -+ -+# sm4 for one block of data, in scalar registers word0/word1/word2/word3 -+sub sm4_1blk () { -+ my $kptr = shift; -+ -+$code.=<<___; -+ ldp $wtmp0,$wtmp1,[$kptr],8 -+ /* B0 ^= SBOX(B1 ^ B2 ^ B3 ^ RK0) */ -+ eor $wtmp3,$word2,$word3 -+ eor $wtmp2,$wtmp0,$word1 -+ eor $wtmp3,$wtmp3,$wtmp2 -+___ -+ &sbox_1word($wtmp3); -+$code.=<<___; -+ eor $word0,$word0,$wtmp3 -+ /* B1 ^= SBOX(B0 ^ B2 ^ B3 ^ RK1) */ -+ eor $wtmp3,$word2,$word3 -+ eor $wtmp2,$word0,$wtmp1 -+ eor $wtmp3,$wtmp3,$wtmp2 -+___ -+ &sbox_1word($wtmp3); -+$code.=<<___; -+ ldp $wtmp0,$wtmp1,[$kptr],8 -+ eor $word1,$word1,$wtmp3 -+ /* B2 ^= SBOX(B0 ^ B1 ^ B3 ^ RK2) */ -+ eor $wtmp3,$word0,$word1 -+ eor $wtmp2,$wtmp0,$word3 -+ eor $wtmp3,$wtmp3,$wtmp2 -+___ -+ &sbox_1word($wtmp3); -+$code.=<<___; -+ eor $word2,$word2,$wtmp3 -+ /* B3 ^= SBOX(B0 ^ B1 ^ B2 ^ RK3) */ -+ eor $wtmp3,$word0,$word1 -+ eor $wtmp2,$word2,$wtmp1 -+ eor $wtmp3,$wtmp3,$wtmp2 -+___ -+ &sbox_1word($wtmp3); -+$code.=<<___; -+ eor $word3,$word3,$wtmp3 -+___ -+} -+ -+# sm4 for 4-lanes of data, in neon registers data0/data1/data2/data3 -+sub sm4_4blks () { -+ my $kptr = shift; -+ -+$code.=<<___; -+ ldp $wtmp0,$wtmp1,[$kptr],8 -+ dup $rk0.4s,$wtmp0 -+ dup $rk1.4s,$wtmp1 -+ -+ /* B0 ^= SBOX(B1 ^ B2 ^ B3 ^ RK0) */ -+ eor $rka.16b,@data[2].16b,@data[3].16b -+ eor $rk0.16b,@data[1].16b,$rk0.16b -+ eor $rk0.16b,$rka.16b,$rk0.16b -+___ -+ &sbox($rk0); -+$code.=<<___; -+ eor @data[0].16b,@data[0].16b,$rk0.16b -+ -+ /* B1 ^= SBOX(B0 ^ B2 ^ B3 ^ RK1) */ -+ eor $rka.16b,$rka.16b,@data[0].16b -+ eor $rk1.16b,$rka.16b,$rk1.16b -+___ -+ &sbox($rk1); -+$code.=<<___; -+ ldp $wtmp0,$wtmp1,[$kptr],8 -+ eor @data[1].16b,@data[1].16b,$rk1.16b -+ -+ dup $rk0.4s,$wtmp0 -+ dup $rk1.4s,$wtmp1 -+ -+ /* B2 ^= SBOX(B0 ^ B1 ^ B3 ^ RK2) */ -+ eor $rka.16b,@data[0].16b,@data[1].16b -+ eor $rk0.16b,@data[3].16b,$rk0.16b -+ eor $rk0.16b,$rka.16b,$rk0.16b -+___ -+ &sbox($rk0); -+$code.=<<___; -+ eor @data[2].16b,@data[2].16b,$rk0.16b -+ -+ /* B3 ^= SBOX(B0 ^ B1 ^ B2 ^ RK3) */ -+ eor $rka.16b,$rka.16b,@data[2].16b -+ eor $rk1.16b,$rka.16b,$rk1.16b -+___ -+ &sbox($rk1); -+$code.=<<___; -+ eor @data[3].16b,@data[3].16b,$rk1.16b -+___ -+} -+ -+# sm4 for 8 lanes of data, in neon registers -+# data0/data1/data2/data3 datax0/datax1/datax2/datax3 -+sub sm4_8blks () { -+ my $kptr = shift; -+ -+$code.=<<___; -+ ldp $wtmp0,$wtmp1,[$kptr],8 -+ /* B0 ^= SBOX(B1 ^ B2 ^ B3 ^ RK0) */ -+ dup $rk0.4s,$wtmp0 -+ eor $rka.16b,@data[2].16b,@data[3].16b -+ eor $rkb.16b,@datax[2].16b,@datax[3].16b -+ eor @vtmp[0].16b,@data[1].16b,$rk0.16b -+ eor @vtmp[1].16b,@datax[1].16b,$rk0.16b -+ eor $rk0.16b,$rka.16b,@vtmp[0].16b -+ eor $rk1.16b,$rkb.16b,@vtmp[1].16b -+___ -+ &sbox_double($rk0,$rk1); -+$code.=<<___; -+ eor @data[0].16b,@data[0].16b,$rk0.16b -+ eor @datax[0].16b,@datax[0].16b,$rk1.16b -+ -+ /* B1 ^= SBOX(B0 ^ B2 ^ B3 ^ RK1) */ -+ dup $rk1.4s,$wtmp1 -+ eor $rka.16b,$rka.16b,@data[0].16b -+ eor $rkb.16b,$rkb.16b,@datax[0].16b -+ eor $rk0.16b,$rka.16b,$rk1.16b -+ eor $rk1.16b,$rkb.16b,$rk1.16b -+___ -+ &sbox_double($rk0,$rk1); -+$code.=<<___; -+ ldp $wtmp0,$wtmp1,[$kptr],8 -+ eor @data[1].16b,@data[1].16b,$rk0.16b -+ eor @datax[1].16b,@datax[1].16b,$rk1.16b -+ -+ /* B2 ^= SBOX(B0 ^ B1 ^ B3 ^ RK2) */ -+ dup $rk0.4s,$wtmp0 -+ eor $rka.16b,@data[0].16b,@data[1].16b -+ eor $rkb.16b,@datax[0].16b,@datax[1].16b -+ eor @vtmp[0].16b,@data[3].16b,$rk0.16b -+ eor @vtmp[1].16b,@datax[3].16b,$rk0.16b -+ eor $rk0.16b,$rka.16b,@vtmp[0].16b -+ eor $rk1.16b,$rkb.16b,@vtmp[1].16b -+___ -+ &sbox_double($rk0,$rk1); -+$code.=<<___; -+ eor @data[2].16b,@data[2].16b,$rk0.16b -+ eor @datax[2].16b,@datax[2].16b,$rk1.16b -+ -+ /* B3 ^= SBOX(B0 ^ B1 ^ B2 ^ RK3) */ -+ dup $rk1.4s,$wtmp1 -+ eor $rka.16b,$rka.16b,@data[2].16b -+ eor $rkb.16b,$rkb.16b,@datax[2].16b -+ eor $rk0.16b,$rka.16b,$rk1.16b -+ eor $rk1.16b,$rkb.16b,$rk1.16b -+___ -+ &sbox_double($rk0,$rk1); -+$code.=<<___; -+ eor @data[3].16b,@data[3].16b,$rk0.16b -+ eor @datax[3].16b,@datax[3].16b,$rk1.16b -+___ -+} -+ -+sub encrypt_1blk_norev() { -+ my $dat = shift; -+ my $rks = shift; -+$code.=<<___; -+ mov $ptr,$rks -+ mov $counter,#8 -+ mov $word0,$dat.s[0] -+ mov $word1,$dat.s[1] -+ mov $word2,$dat.s[2] -+ mov $word3,$dat.s[3] -+10: -+___ -+ &sm4_1blk($ptr); -+$code.=<<___; -+ subs $counter,$counter,#1 -+ b.ne 10b -+ mov $dat.s[0],$word3 -+ mov $dat.s[1],$word2 -+ mov $dat.s[2],$word1 -+ mov $dat.s[3],$word0 -+___ -+} -+ -+sub encrypt_1blk() { -+ my $dat = shift; -+ my $rks = shift; -+ -+ &encrypt_1blk_norev($dat,$rks); -+ &rev32($dat,$dat); -+} -+ -+sub encrypt_4blks() { -+$code.=<<___; -+ mov $ptr,$rks1 -+ mov $counter,#8 -+10: -+___ -+ &sm4_4blks($ptr); -+$code.=<<___; -+ subs $counter,$counter,#1 -+ b.ne 10b -+___ -+ &rev32(@vtmp[3],@data[0]); -+ &rev32(@vtmp[2],@data[1]); -+ &rev32(@vtmp[1],@data[2]); -+ &rev32(@vtmp[0],@data[3]); -+} -+ -+sub encrypt_8blks() { -+ my $rks = shift; -+$code.=<<___; -+ mov $ptr,$rks -+ mov $counter,#8 -+10: -+___ -+ &sm4_8blks($ptr); -+$code.=<<___; -+ subs $counter,$counter,#1 -+ b.ne 10b -+___ -+ &rev32(@vtmp[3],@data[0]); -+ &rev32(@vtmp[2],@data[1]); -+ &rev32(@vtmp[1],@data[2]); -+ &rev32(@vtmp[0],@data[3]); -+ &rev32(@data[3],@datax[0]); -+ &rev32(@data[2],@datax[1]); -+ &rev32(@data[1],@datax[2]); -+ &rev32(@data[0],@datax[3]); -+} -+ -+sub mov_reg_to_vec() { -+ my $src0 = shift; -+ my $src1 = shift; -+ my $desv = shift; -+$code.=<<___; -+ mov $desv.d[0],$src0 -+ mov $desv.d[1],$src1 -+#ifdef __ARMEB__ -+ rev32 $desv.16b,$desv.16b -+#endif -+___ -+} -+ -+sub mov_vec_to_reg() { -+ my $srcv = shift; -+ my $des0 = shift; -+ my $des1 = shift; -+$code.=<<___; -+ mov $des0,$srcv.d[0] -+ mov $des1,$srcv.d[1] -+___ -+} -+ -+sub compute_tweak() { -+ my $src0 = shift; -+ my $src1 = shift; -+ my $des0 = shift; -+ my $des1 = shift; -+$code.=<<___; -+ mov $wtmp0,0x87 -+ extr $xtmp2,$src1,$src1,#32 -+ extr $des1,$src1,$src0,#63 -+ and $wtmp1,$wtmp0,$wtmp2,asr#31 -+ eor $des0,$xtmp1,$src0,lsl#1 -+___ -+} -+ -+sub compute_tweak_vec() { -+ my $src = shift; -+ my $des = shift; -+ &rbit(@vtmp[2],$src); -+$code.=<<___; -+ ldr @qtmp[0], =0x01010101010101010101010101010187 -+ shl $des.16b, @vtmp[2].16b, #1 -+ ext @vtmp[1].16b, @vtmp[2].16b, @vtmp[2].16b,#15 -+ ushr @vtmp[1].16b, @vtmp[1].16b, #7 -+ mul @vtmp[1].16b, @vtmp[1].16b, @vtmp[0].16b -+ eor $des.16b, $des.16b, @vtmp[1].16b -+___ -+ &rbit($des,$des); -+} -+ -+sub mov_en_to_enc(){ -+ my $en = shift; -+ if ($en eq "en") { -+$code.=<<___; -+ mov $enc,1 -+___ -+ } else { -+$code.=<<___; -+ mov $enc,0 -+___ -+ } -+} -+ -+sub rbit() { -+ my $dst = shift; -+ my $src = shift; -+ -+ if ($src and ("$src" ne "$dst")) { -+ if ($standard eq "_gb") { -+$code.=<<___; -+ rbit $dst.16b,$src.16b -+___ -+ } else { -+$code.=<<___; -+ mov $dst.16b,$src.16b -+___ -+ } -+ } else { -+ if ($standard eq "_gb") { -+$code.=<<___; -+ rbit $dst.16b,$src.16b -+___ -+ } -+ } -+} -+ -+$code=<<___; -+#include "arm_arch.h" -+.arch armv8-a+crypto -+.text -+ -+.type ${prefix}_consts,%object -+.align 7 -+${prefix}_consts: -+.Lck: -+ .long 0x00070E15, 0x1C232A31, 0x383F464D, 0x545B6269 -+ .long 0x70777E85, 0x8C939AA1, 0xA8AFB6BD, 0xC4CBD2D9 -+ .long 0xE0E7EEF5, 0xFC030A11, 0x181F262D, 0x343B4249 -+ .long 0x50575E65, 0x6C737A81, 0x888F969D, 0xA4ABB2B9 -+ .long 0xC0C7CED5, 0xDCE3EAF1, 0xF8FF060D, 0x141B2229 -+ .long 0x30373E45, 0x4C535A61, 0x686F767D, 0x848B9299 -+ .long 0xA0A7AEB5, 0xBCC3CAD1, 0xD8DFE6ED, 0xF4FB0209 -+ .long 0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279 -+.Lfk: -+ .long 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc -+.Lshuffles: -+ .long 0x07060504, 0x0B0A0908, 0x0F0E0D0C, 0x03020100 -+ -+.size ${prefix}_consts,.-${prefix}_consts -+___ -+ -+{{{ -+my ($userKey,$roundKey,$enc)=("x0","x1","w2"); -+my ($pointer,$schedules,$wtmp,$roundkey)=("x5","x6","w7","w8"); -+my ($vkey,$vfk,$vmap)=("v5","v6","v7"); -+$code.=<<___; -+.type ${prefix}_set_key,%function -+.align 4 -+${prefix}_set_key: -+ ld1 {$vkey.4s},[$userKey] -+___ -+ &load_sbox_matrix(); -+ &rev32($vkey,$vkey); -+$code.=<<___; -+ adr $pointer,.Lshuffles -+ ld1 {$vmap.4s},[$pointer] -+ adr $pointer,.Lfk -+ ld1 {$vfk.4s},[$pointer] -+ eor $vkey.16b,$vkey.16b,$vfk.16b -+ mov $schedules,#32 -+ adr $pointer,.Lck -+ movi @vtmp[0].16b,#64 -+ cbnz $enc,1f -+ add $roundKey,$roundKey,124 -+1: -+ mov $wtmp,$vkey.s[1] -+ ldr $roundkey,[$pointer],#4 -+ eor $roundkey,$roundkey,$wtmp -+ mov $wtmp,$vkey.s[2] -+ eor $roundkey,$roundkey,$wtmp -+ mov $wtmp,$vkey.s[3] -+ eor $roundkey,$roundkey,$wtmp -+ -+ // optimize sbox using AESE instruction -+ mov @data[0].s[0],$roundkey -+ tbl @vtmp[0].16b, {@data[0].16b}, $MaskV.16b -+___ -+ &mul_matrix(@vtmp[0], $TAHMatV, $TALMatV, @vtmp[2]); -+$code.=<<___; -+ eor @vtmp[1].16b, @vtmp[1].16b, @vtmp[1].16b -+ aese @vtmp[0].16b,@vtmp[1].16b -+___ -+ &mul_matrix(@vtmp[0], $ATAHMatV, $ATALMatV, @vtmp[2]); -+$code.=<<___; -+ mov $wtmp,@vtmp[0].s[0] -+ -+ // linear transformation -+ eor $roundkey,$wtmp,$wtmp,ror #19 -+ eor $roundkey,$roundkey,$wtmp,ror #9 -+ mov $wtmp,$vkey.s[0] -+ eor $roundkey,$roundkey,$wtmp -+ mov $vkey.s[0],$roundkey -+ cbz $enc,2f -+ str $roundkey,[$roundKey],#4 -+ b 3f -+2: -+ str $roundkey,[$roundKey],#-4 -+3: -+ tbl $vkey.16b,{$vkey.16b},$vmap.16b -+ subs $schedules,$schedules,#1 -+ b.ne 1b -+ ret -+.size ${prefix}_set_key,.-${prefix}_set_key -+___ -+}}} -+ -+ -+{{{ -+$code.=<<___; -+.type ${prefix}_enc_4blks,%function -+.align 4 -+${prefix}_enc_4blks: -+___ -+ &encrypt_4blks(); -+$code.=<<___; -+ ret -+.size ${prefix}_enc_4blks,.-${prefix}_enc_4blks -+___ -+}}} -+ -+{{{ -+$code.=<<___; -+.type ${prefix}_enc_8blks,%function -+.align 4 -+${prefix}_enc_8blks: -+___ -+ &encrypt_8blks($rks1); -+$code.=<<___; -+ ret -+.size ${prefix}_enc_8blks,.-${prefix}_enc_8blks -+___ -+}}} -+ -+{{{ -+my ($key,$keys)=("x0","x1"); -+$code.=<<___; -+.globl ${prefix}_set_encrypt_key -+.type ${prefix}_set_encrypt_key,%function -+.align 5 -+${prefix}_set_encrypt_key: -+ stp x29,x30,[sp,#-16]! -+ mov w2,1 -+ bl ${prefix}_set_key -+ ldp x29,x30,[sp],#16 -+ ret -+.size ${prefix}_set_encrypt_key,.-${prefix}_set_encrypt_key -+___ -+}}} -+ -+{{{ -+my ($key,$keys)=("x0","x1"); -+$code.=<<___; -+.globl ${prefix}_set_decrypt_key -+.type ${prefix}_set_decrypt_key,%function -+.align 5 -+${prefix}_set_decrypt_key: -+ stp x29,x30,[sp,#-16]! -+ mov w2,0 -+ bl ${prefix}_set_key -+ ldp x29,x30,[sp],#16 -+ ret -+.size ${prefix}_set_decrypt_key,.-${prefix}_set_decrypt_key -+___ -+}}} -+ -+ -+{{{ -+ -+$code.=<<___; -+.globl ${prefix}_ecb_encrypt -+.type ${prefix}_ecb_encrypt,%function -+.align 5 -+${prefix}_ecb_encrypt: -+ stp d8,d9,[sp,#-0x10]! -+ stp d10,d11,[sp,#-0x10]! -+ stp d12,d13,[sp,#-0x10]! -+ stp d14,d15,[sp,#-0x10]! -+ stp x16,x17,[sp,#-0x10]! -+ stp x29,x30,[sp,#-0x10]! -+___ -+ &load_sbox_matrix(); -+$code.=<<___; -+ // convert length into blocks -+ lsr x2,x2,4 -+.Lecb_8_blocks_process: -+ cmp $blocks,#8 -+ b.lt .Lecb_4_blocks_process -+ ld4 {@data[0].4s,@data[1].4s,@data[2].4s,@data[3].4s},[$inp],#64 -+ ld4 {@datax[0].4s,$datax[1].4s,@datax[2].4s,@datax[3].4s},[$inp],#64 -+___ -+ &rev32(@data[0],@data[0]); -+ &rev32(@data[1],@data[1]); -+ &rev32(@data[2],@data[2]); -+ &rev32(@data[3],@data[3]); -+ &rev32(@datax[0],@datax[0]); -+ &rev32(@datax[1],@datax[1]); -+ &rev32(@datax[2],@datax[2]); -+ &rev32(@datax[3],@datax[3]); -+$code.=<<___; -+ bl ${prefix}_enc_8blks -+ st4 {@vtmp[0].4s,@vtmp[1].4s,@vtmp[2].4s,@vtmp[3].4s},[$outp],#64 -+ st4 {@data[0].4s,@data[1].4s,@data[2].4s,@data[3].4s},[$outp],#64 -+ subs $blocks,$blocks,#8 -+ b.gt .Lecb_8_blocks_process -+ b 100f -+.Lecb_4_blocks_process: -+ cmp $blocks,#4 -+ b.lt 1f -+ ld4 {@data[0].4s,@data[1].4s,@data[2].4s,@data[3].4s},[$inp],#64 -+___ -+ &rev32(@data[0],@data[0]); -+ &rev32(@data[1],@data[1]); -+ &rev32(@data[2],@data[2]); -+ &rev32(@data[3],@data[3]); -+$code.=<<___; -+ bl ${prefix}_enc_4blks -+ st4 {@vtmp[0].4s,@vtmp[1].4s,@vtmp[2].4s,@vtmp[3].4s},[$outp],#64 -+ sub $blocks,$blocks,#4 -+1: -+ // process last block -+ cmp $blocks,#1 -+ b.lt 100f -+ b.gt 1f -+ ld1 {@data[0].4s},[$inp] -+___ -+ &rev32(@data[0],@data[0]); -+ &encrypt_1blk(@data[0],$rks1); -+$code.=<<___; -+ st1 {@data[0].4s},[$outp] -+ b 100f -+1: // process last 2 blocks -+ ld4 {@data[0].s,@data[1].s,@data[2].s,@data[3].s}[0],[$inp],#16 -+ ld4 {@data[0].s,@data[1].s,@data[2].s,@data[3].s}[1],[$inp],#16 -+ cmp $blocks,#2 -+ b.gt 1f -+___ -+ &rev32(@data[0],@data[0]); -+ &rev32(@data[1],@data[1]); -+ &rev32(@data[2],@data[2]); -+ &rev32(@data[3],@data[3]); -+$code.=<<___; -+ bl ${prefix}_enc_4blks -+ st4 {@vtmp[0].s-@vtmp[3].s}[0],[$outp],#16 -+ st4 {@vtmp[0].s-@vtmp[3].s}[1],[$outp] -+ b 100f -+1: // process last 3 blocks -+ ld4 {@data[0].s,@data[1].s,@data[2].s,@data[3].s}[2],[$inp],#16 -+___ -+ &rev32(@data[0],@data[0]); -+ &rev32(@data[1],@data[1]); -+ &rev32(@data[2],@data[2]); -+ &rev32(@data[3],@data[3]); -+$code.=<<___; -+ bl ${prefix}_enc_4blks -+ st4 {@vtmp[0].s-@vtmp[3].s}[0],[$outp],#16 -+ st4 {@vtmp[0].s-@vtmp[3].s}[1],[$outp],#16 -+ st4 {@vtmp[0].s-@vtmp[3].s}[2],[$outp] -+100: -+ ldp x29,x30,[sp],#0x10 -+ ldp x16,x17,[sp],#0x10 -+ ldp d14,d15,[sp],#0x10 -+ ldp d12,d13,[sp],#0x10 -+ ldp d10,d11,[sp],#0x10 -+ ldp d8,d9,[sp],#0x10 -+ ret -+.size ${prefix}_ecb_encrypt,.-${prefix}_ecb_encrypt -+___ -+}}} -+ -+{{{ -+sub gen_xts_do_cipher() { -+$code.=<<___; -+.globl ${prefix}_xts_do_cipher${standard} -+.type ${prefix}_xts_do_cipher${standard},%function -+.align 5 -+${prefix}_xts_do_cipher${standard}: -+ stp x29,x30,[sp,#-16]! -+ ld1 {@tweak[0].4s}, [$ivp] -+___ -+ &load_sbox_matrix(); -+ &rev32(@tweak[0],@tweak[0]); -+ &encrypt_1blk(@tweak[0],$rks2); -+$code.=<<___; -+ and $remain,$len,#0x0F -+ // convert length into blocks -+ lsr $blocks,$len,4 -+ cmp $blocks,#1 -+ b.lt .return${standard} -+ -+ cmp $remain,0 -+ // If the encryption/decryption Length is N times of 16, -+ // the all blocks are encrypted/decrypted in .xts_encrypt_blocks${standard} -+ b.eq .xts_encrypt_blocks${standard} -+ -+ // If the encryption/decryption length is not N times of 16, -+ // the last two blocks are encrypted/decrypted in .last_2blks_tweak${standard} or .only_2blks_tweak${standard} -+ // the other blocks are encrypted/decrypted in .xts_encrypt_blocks${standard} -+ subs $blocks,$blocks,#1 -+ b.eq .only_2blks_tweak${standard} -+.xts_encrypt_blocks${standard}: -+___ -+ &rbit(@tweak[0],@tweak[0]); -+ &rev32_armeb(@tweak[0],@tweak[0]); -+ &mov_vec_to_reg(@tweak[0],@twx[0],@twx[1]); -+ &compute_tweak(@twx[0],@twx[1],@twx[2],@twx[3]); -+ &compute_tweak(@twx[2],@twx[3],@twx[4],@twx[5]); -+ &compute_tweak(@twx[4],@twx[5],@twx[6],@twx[7]); -+ &compute_tweak(@twx[6],@twx[7],@twx[8],@twx[9]); -+ &compute_tweak(@twx[8],@twx[9],@twx[10],@twx[11]); -+ &compute_tweak(@twx[10],@twx[11],@twx[12],@twx[13]); -+ &compute_tweak(@twx[12],@twx[13],@twx[14],@twx[15]); -+$code.=<<___; -+.Lxts_8_blocks_process${standard}: -+ cmp $blocks,#8 -+___ -+ &mov_reg_to_vec(@twx[0],@twx[1],@tweak[0]); -+ &compute_tweak(@twx[14],@twx[15],@twx[0],@twx[1]); -+ &mov_reg_to_vec(@twx[2],@twx[3],@tweak[1]); -+ &compute_tweak(@twx[0],@twx[1],@twx[2],@twx[3]); -+ &mov_reg_to_vec(@twx[4],@twx[5],@tweak[2]); -+ &compute_tweak(@twx[2],@twx[3],@twx[4],@twx[5]); -+ &mov_reg_to_vec(@twx[6],@twx[7],@tweak[3]); -+ &compute_tweak(@twx[4],@twx[5],@twx[6],@twx[7]); -+ &mov_reg_to_vec(@twx[8],@twx[9],@tweak[4]); -+ &compute_tweak(@twx[6],@twx[7],@twx[8],@twx[9]); -+ &mov_reg_to_vec(@twx[10],@twx[11],@tweak[5]); -+ &compute_tweak(@twx[8],@twx[9],@twx[10],@twx[11]); -+ &mov_reg_to_vec(@twx[12],@twx[13],@tweak[6]); -+ &compute_tweak(@twx[10],@twx[11],@twx[12],@twx[13]); -+ &mov_reg_to_vec(@twx[14],@twx[15],@tweak[7]); -+ &compute_tweak(@twx[12],@twx[13],@twx[14],@twx[15]); -+$code.=<<___; -+ b.lt .Lxts_4_blocks_process${standard} -+ ld1 {@data[0].4s,@data[1].4s,@data[2].4s,@data[3].4s},[$inp],#64 -+___ -+ &rbit(@tweak[0],@tweak[0]); -+ &rbit(@tweak[1],@tweak[1]); -+ &rbit(@tweak[2],@tweak[2]); -+ &rbit(@tweak[3],@tweak[3]); -+$code.=<<___; -+ eor @data[0].16b, @data[0].16b, @tweak[0].16b -+ eor @data[1].16b, @data[1].16b, @tweak[1].16b -+ eor @data[2].16b, @data[2].16b, @tweak[2].16b -+ eor @data[3].16b, @data[3].16b, @tweak[3].16b -+ ld1 {@datax[0].4s,$datax[1].4s,@datax[2].4s,@datax[3].4s},[$inp],#64 -+___ -+ &rbit(@tweak[4],@tweak[4]); -+ &rbit(@tweak[5],@tweak[5]); -+ &rbit(@tweak[6],@tweak[6]); -+ &rbit(@tweak[7],@tweak[7]); -+$code.=<<___; -+ eor @datax[0].16b, @datax[0].16b, @tweak[4].16b -+ eor @datax[1].16b, @datax[1].16b, @tweak[5].16b -+ eor @datax[2].16b, @datax[2].16b, @tweak[6].16b -+ eor @datax[3].16b, @datax[3].16b, @tweak[7].16b -+___ -+ &rev32(@data[0],@data[0]); -+ &rev32(@data[1],@data[1]); -+ &rev32(@data[2],@data[2]); -+ &rev32(@data[3],@data[3]); -+ &rev32(@datax[0],@datax[0]); -+ &rev32(@datax[1],@datax[1]); -+ &rev32(@datax[2],@datax[2]); -+ &rev32(@datax[3],@datax[3]); -+ &transpose(@data,@vtmp); -+ &transpose(@datax,@vtmp); -+$code.=<<___; -+ bl ${prefix}_enc_8blks -+___ -+ &transpose(@vtmp,@datax); -+ &transpose(@data,@datax); -+$code.=<<___; -+ eor @vtmp[0].16b, @vtmp[0].16b, @tweak[0].16b -+ eor @vtmp[1].16b, @vtmp[1].16b, @tweak[1].16b -+ eor @vtmp[2].16b, @vtmp[2].16b, @tweak[2].16b -+ eor @vtmp[3].16b, @vtmp[3].16b, @tweak[3].16b -+ eor @data[0].16b, @data[0].16b, @tweak[4].16b -+ eor @data[1].16b, @data[1].16b, @tweak[5].16b -+ eor @data[2].16b, @data[2].16b, @tweak[6].16b -+ eor @data[3].16b, @data[3].16b, @tweak[7].16b -+ -+ // save the last tweak -+ mov $lastTweak.16b,@tweak[7].16b -+ st1 {@vtmp[0].4s,@vtmp[1].4s,@vtmp[2].4s,@vtmp[3].4s},[$outp],#64 -+ st1 {@data[0].4s,@data[1].4s,@data[2].4s,@data[3].4s},[$outp],#64 -+ subs $blocks,$blocks,#8 -+ b.gt .Lxts_8_blocks_process${standard} -+ b 100f -+.Lxts_4_blocks_process${standard}: -+ cmp $blocks,#4 -+ b.lt 1f -+ ld1 {@data[0].4s,@data[1].4s,@data[2].4s,@data[3].4s},[$inp],#64 -+___ -+ &rbit(@tweak[0],@tweak[0]); -+ &rbit(@tweak[1],@tweak[1]); -+ &rbit(@tweak[2],@tweak[2]); -+ &rbit(@tweak[3],@tweak[3]); -+$code.=<<___; -+ eor @data[0].16b, @data[0].16b, @tweak[0].16b -+ eor @data[1].16b, @data[1].16b, @tweak[1].16b -+ eor @data[2].16b, @data[2].16b, @tweak[2].16b -+ eor @data[3].16b, @data[3].16b, @tweak[3].16b -+___ -+ &rev32(@data[0],@data[0]); -+ &rev32(@data[1],@data[1]); -+ &rev32(@data[2],@data[2]); -+ &rev32(@data[3],@data[3]); -+ &transpose(@data,@vtmp); -+$code.=<<___; -+ bl ${prefix}_enc_4blks -+___ -+ &transpose(@vtmp,@data); -+$code.=<<___; -+ eor @vtmp[0].16b, @vtmp[0].16b, @tweak[0].16b -+ eor @vtmp[1].16b, @vtmp[1].16b, @tweak[1].16b -+ eor @vtmp[2].16b, @vtmp[2].16b, @tweak[2].16b -+ eor @vtmp[3].16b, @vtmp[3].16b, @tweak[3].16b -+ st1 {@vtmp[0].4s,@vtmp[1].4s,@vtmp[2].4s,@vtmp[3].4s},[$outp],#64 -+ sub $blocks,$blocks,#4 -+ mov @tweak[0].16b,@tweak[4].16b -+ mov @tweak[1].16b,@tweak[5].16b -+ mov @tweak[2].16b,@tweak[6].16b -+ // save the last tweak -+ mov $lastTweak.16b,@tweak[3].16b -+1: -+ // process last block -+ cmp $blocks,#1 -+ b.lt 100f -+ b.gt 1f -+ ld1 {@data[0].4s},[$inp],#16 -+___ -+ &rbit(@tweak[0],@tweak[0]); -+$code.=<<___; -+ eor @data[0].16b, @data[0].16b, @tweak[0].16b -+___ -+ &rev32(@data[0],@data[0]); -+ &encrypt_1blk(@data[0],$rks1); -+$code.=<<___; -+ eor @data[0].16b, @data[0].16b, @tweak[0].16b -+ st1 {@data[0].4s},[$outp],#16 -+ // save the last tweak -+ mov $lastTweak.16b,@tweak[0].16b -+ b 100f -+1: // process last 2 blocks -+ cmp $blocks,#2 -+ b.gt 1f -+ ld1 {@data[0].4s,@data[1].4s},[$inp],#32 -+___ -+ &rbit(@tweak[0],@tweak[0]); -+ &rbit(@tweak[1],@tweak[1]); -+$code.=<<___; -+ eor @data[0].16b, @data[0].16b, @tweak[0].16b -+ eor @data[1].16b, @data[1].16b, @tweak[1].16b -+___ -+ &rev32(@data[0],@data[0]); -+ &rev32(@data[1],@data[1]); -+ &transpose(@data,@vtmp); -+$code.=<<___; -+ bl ${prefix}_enc_4blks -+___ -+ &transpose(@vtmp,@data); -+$code.=<<___; -+ eor @vtmp[0].16b, @vtmp[0].16b, @tweak[0].16b -+ eor @vtmp[1].16b, @vtmp[1].16b, @tweak[1].16b -+ st1 {@vtmp[0].4s,@vtmp[1].4s},[$outp],#32 -+ // save the last tweak -+ mov $lastTweak.16b,@tweak[1].16b -+ b 100f -+1: // process last 3 blocks -+ ld1 {@data[0].4s,@data[1].4s,@data[2].4s},[$inp],#48 -+___ -+ &rbit(@tweak[0],@tweak[0]); -+ &rbit(@tweak[1],@tweak[1]); -+ &rbit(@tweak[2],@tweak[2]); -+$code.=<<___; -+ eor @data[0].16b, @data[0].16b, @tweak[0].16b -+ eor @data[1].16b, @data[1].16b, @tweak[1].16b -+ eor @data[2].16b, @data[2].16b, @tweak[2].16b -+___ -+ &rev32(@data[0],@data[0]); -+ &rev32(@data[1],@data[1]); -+ &rev32(@data[2],@data[2]); -+ &transpose(@data,@vtmp); -+$code.=<<___; -+ bl ${prefix}_enc_4blks -+___ -+ &transpose(@vtmp,@data); -+$code.=<<___; -+ eor @vtmp[0].16b, @vtmp[0].16b, @tweak[0].16b -+ eor @vtmp[1].16b, @vtmp[1].16b, @tweak[1].16b -+ eor @vtmp[2].16b, @vtmp[2].16b, @tweak[2].16b -+ st1 {@vtmp[0].4s,@vtmp[1].4s,@vtmp[2].4s},[$outp],#48 -+ // save the last tweak -+ mov $lastTweak.16b,@tweak[2].16b -+100: -+ cmp $remain,0 -+ b.eq .return${standard} -+ -+// This brance calculates the last two tweaks, -+// while the encryption/decryption length is larger than 32 -+.last_2blks_tweak${standard}: -+___ -+ &rev32_armeb($lastTweak,$lastTweak); -+ &compute_tweak_vec($lastTweak,@tweak[1]); -+ &compute_tweak_vec(@tweak[1],@tweak[2]); -+$code.=<<___; -+ b .check_dec${standard} -+ -+ -+// This brance calculates the last two tweaks, -+// while the encryption/decryption length is equal to 32, who only need two tweaks -+.only_2blks_tweak${standard}: -+ mov @tweak[1].16b,@tweak[0].16b -+___ -+ &rev32_armeb(@tweak[1],@tweak[1]); -+ &compute_tweak_vec(@tweak[1],@tweak[2]); -+$code.=<<___; -+ b .check_dec${standard} -+ -+ -+// Determine whether encryption or decryption is required. -+// The last two tweaks need to be swapped for decryption. -+.check_dec${standard}: -+ // encryption:1 decryption:0 -+ cmp $enc,1 -+ b.eq .prcess_last_2blks${standard} -+ mov @vtmp[0].16B,@tweak[1].16b -+ mov @tweak[1].16B,@tweak[2].16b -+ mov @tweak[2].16B,@vtmp[0].16b -+ -+.prcess_last_2blks${standard}: -+___ -+ &rev32_armeb(@tweak[1],@tweak[1]); -+ &rev32_armeb(@tweak[2],@tweak[2]); -+$code.=<<___; -+ ld1 {@data[0].4s},[$inp],#16 -+ eor @data[0].16b, @data[0].16b, @tweak[1].16b -+___ -+ &rev32(@data[0],@data[0]); -+ &encrypt_1blk(@data[0],$rks1); -+$code.=<<___; -+ eor @data[0].16b, @data[0].16b, @tweak[1].16b -+ st1 {@data[0].4s},[$outp],#16 -+ -+ sub $lastBlk,$outp,16 -+ .loop${standard}: -+ subs $remain,$remain,1 -+ ldrb $wtmp0,[$lastBlk,$remain] -+ ldrb $wtmp1,[$inp,$remain] -+ strb $wtmp1,[$lastBlk,$remain] -+ strb $wtmp0,[$outp,$remain] -+ b.gt .loop${standard} -+ ld1 {@data[0].4s}, [$lastBlk] -+ eor @data[0].16b, @data[0].16b, @tweak[2].16b -+___ -+ &rev32(@data[0],@data[0]); -+ &encrypt_1blk(@data[0],$rks1); -+$code.=<<___; -+ eor @data[0].16b, @data[0].16b, @tweak[2].16b -+ st1 {@data[0].4s}, [$lastBlk] -+.return${standard}: -+ ldp x29,x30,[sp],#16 -+ ret -+.size ${prefix}_xts_do_cipher${standard},.-${prefix}_xts_do_cipher${standard} -+___ -+} #end of gen_xts_do_cipher -+ -+}}} -+ -+{{{ -+sub gen_xts_cipher() { -+ my $en = shift; -+ -+$code.=<<___; -+.globl ${prefix}_xts_${en}crypt${standard} -+.type ${prefix}_xts_${en}crypt${standard},%function -+.align 5 -+${prefix}_xts_${en}crypt${standard}: -+ stp x15, x16, [sp, #-0x10]! -+ stp x17, x18, [sp, #-0x10]! -+ stp x19, x20, [sp, #-0x10]! -+ stp x21, x22, [sp, #-0x10]! -+ stp x23, x24, [sp, #-0x10]! -+ stp x25, x26, [sp, #-0x10]! -+ stp x27, x28, [sp, #-0x10]! -+ stp x29, x30, [sp, #-0x10]! -+ stp d8, d9, [sp, #-0x10]! -+ stp d10, d11, [sp, #-0x10]! -+ stp d12, d13, [sp, #-0x10]! -+ stp d14, d15, [sp, #-0x10]! -+___ -+ &mov_en_to_enc($en); -+$code.=<<___; -+ bl ${prefix}_xts_do_cipher${standard} -+ ldp d14, d15, [sp], #0x10 -+ ldp d12, d13, [sp], #0x10 -+ ldp d10, d11, [sp], #0x10 -+ ldp d8, d9, [sp], #0x10 -+ ldp x29, x30, [sp], #0x10 -+ ldp x27, x28, [sp], #0x10 -+ ldp x25, x26, [sp], #0x10 -+ ldp x23, x24, [sp], #0x10 -+ ldp x21, x22, [sp], #0x10 -+ ldp x19, x20, [sp], #0x10 -+ ldp x17, x18, [sp], #0x10 -+ ldp x15, x16, [sp], #0x10 -+ ret -+.size ${prefix}_xts_${en}crypt${standard},.-${prefix}_xts_${en}crypt${standard} -+___ -+ -+} # end of gen_xts_cipher -+$standard="_gb"; -+&gen_xts_do_cipher(); -+&gen_xts_cipher("en"); -+&gen_xts_cipher("de"); -+$standard=""; -+&gen_xts_do_cipher(); -+&gen_xts_cipher("en"); -+&gen_xts_cipher("de"); -+}}} -+ -+######################################## -+open SELF,$0; -+while() { -+ next if (/^#!/); -+ last if (!s/^#/\/\// and !/^$/); -+ print; -+} -+close SELF; -+ -+foreach(split("\n",$code)) { -+ s/\`([^\`]*)\`/eval($1)/ge; -+ print $_,"\n"; -+} -+ -+close STDOUT or die "error closing STDOUT: $!"; -diff --git a/crypto/sm4/build.info b/crypto/sm4/build.info -index b65a7d1..bb042c5 100644 ---- a/crypto/sm4/build.info -+++ b/crypto/sm4/build.info -@@ -1,4 +1,7 @@ - LIBS=../../libcrypto - SOURCE[../../libcrypto]=\ -- sm4.c -+ sm4.c {- $target{sm4_asm_src} -} - -+ -+GENERATE[vpsm4_ex-armv8.S]=asm/vpsm4_ex-armv8.pl $(PERLASM_SCHEME) -+INCLUDE[vpsm4_ex-armv8.o]=.. -\ No newline at end of file -diff --git a/doc/man3/EVP_sm4_xts.pod b/doc/man3/EVP_sm4_xts.pod -new file mode 100644 -index 0000000..09ca3fb ---- /dev/null -+++ b/doc/man3/EVP_sm4_xts.pod -@@ -0,0 +1,67 @@ -+=pod -+ -+=head1 NAME -+ -+EVP_sm4_xts, -+- EVP SM4 cipher -+ -+=head1 SYNOPSIS -+ -+ #include -+ -+ const EVP_CIPHER *EVP_sm4_xts(void); -+ -+=head1 DESCRIPTION -+ -+The XTS mode of operation (GB/T 17964-2021) for SM4 block cipher. -+ -+=over 4 -+ -+=item EVP_sm4_xts(), -+ -+The SM4 blockcipher with a 256-bit key in XTS mode. This mode use a key length of 256 bits and acts on blocks of 128 bits. -+ -+The B parameter to L or L is the XTS first "tweak" value. XTS mode has two implementations to calculate the following tweak values, one is standardized in IEEE Std. 1619-2007 and has been widely used (e.g., XTS AES), the other is proposed recently (GB/T 17964-2021 implemented in May 2022) and is currently only used in SM4. -+ -+Assume that the input data (B, B, and B) are consistent, the following tweak values are inconsistent due to different standards. As a result, the first ciphertext block are consistent, but the subsequent ciphertext blocks (if any) are different. -+ -+By default, EVP_sm4_xts is standardized in GB/T 17964-2021, and can be changed by EVP_CIPHER_CTX_ctrl. The following Is is supported in XTS mode for SM4. -+ -+=over 4 -+ -+=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_XTS_STANDARD, std, NULL) -+ -+Sets the standard of EVP_sm4_xts to B. This must be one of 0 or 1, 0 for XTS mode in GB/T 17964-2021, 1 for XTS mode in IEEE Std 1619-2007. -+ -+=back -+ -+The XTS implementation in OpenSSL does not support streaming. That is there must -+only be one L call per L call (and -+similarly with the "Decrypt" functions). -+ -+=back -+ -+=head1 RETURN VALUES -+ -+These functions return a B structure that contains the -+implementation of the symmetric cipher. See L for -+details of the B structure. -+ -+=head1 SEE ALSO -+ -+L, -+L, -+L -+ -+=head1 COPYRIGHT -+ -+Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. -+Copyright 2022 Ribose Inc. All Rights Reserved. -+ -+Licensed under the OpenSSL license (the "License"). You may not use -+this file except in compliance with the License. You can obtain a copy -+in the file LICENSE in the source distribution or at -+L. -+ -+=cut -+ -diff --git a/fuzz/oids.txt b/fuzz/oids.txt -index 8dfdea9..d1f98a8 100644 ---- a/fuzz/oids.txt -+++ b/fuzz/oids.txt -@@ -1064,3 +1064,4 @@ OBJ_id_tc26_gost_3410_2012_256_paramSetD="\x2A\x85\x03\x07\x01\x02\x01\x01\x04" - OBJ_hmacWithSHA512_224="\x2A\x86\x48\x86\xF7\x0D\x02\x0C" - OBJ_hmacWithSHA512_256="\x2A\x86\x48\x86\xF7\x0D\x02\x0D" - OBJ_SM2_with_SM3="\x2A\x81\x1C\xCF\x55\x01\x83\x75" -+OBJ_sm4_xts="\x2A\x81\x1C\xCF\x55\x01\x68\x0A" -diff --git a/include/openssl/evp.h b/include/openssl/evp.h -index 3116c1b..69326bc 100644 ---- a/include/openssl/evp.h -+++ b/include/openssl/evp.h -@@ -353,6 +353,9 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - - # define EVP_CTRL_GET_IVLEN 0x25 - -+/* Set the XTS mode standard, SM4 only */ -+# define EVP_CTRL_XTS_STANDARD 0x26 -+ - /* Padding modes */ - #define EVP_PADDING_PKCS7 1 - #define EVP_PADDING_ISO7816_4 2 -@@ -937,6 +940,7 @@ const EVP_CIPHER *EVP_sm4_cfb128(void); - # define EVP_sm4_cfb EVP_sm4_cfb128 - const EVP_CIPHER *EVP_sm4_ofb(void); - const EVP_CIPHER *EVP_sm4_ctr(void); -+const EVP_CIPHER *EVP_sm4_xts(void); - # endif - - # if OPENSSL_API_COMPAT < 0x10100000L -diff --git a/include/openssl/modes.h b/include/openssl/modes.h -index d544f98..dea324f 100644 ---- a/include/openssl/modes.h -+++ b/include/openssl/modes.h -@@ -22,6 +22,10 @@ typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], int enc); - -+typedef void (*ecb128_f) (const unsigned char *in, unsigned char *out, -+ size_t len, const void *key, -+ int enc); -+ - typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out, - size_t blocks, const void *key, - const unsigned char ivec[16]); -@@ -153,6 +157,11 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, - const unsigned char *inp, unsigned char *out, - size_t len, int enc); - -+int CRYPTO_xts128gb_encrypt(const XTS128_CONTEXT *ctx, -+ const unsigned char iv[16], -+ const unsigned char *inp, unsigned char *out, -+ size_t len, int enc); -+ - size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, - unsigned char *out, - const unsigned char *in, size_t inlen, -diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h -index 9b125c1..edfc87d 100644 ---- a/include/openssl/obj_mac.h -+++ b/include/openssl/obj_mac.h -@@ -4772,6 +4772,11 @@ - #define NID_sm4_ctr 1139 - #define OBJ_sm4_ctr OBJ_sm_scheme,104L,7L - -+#define SN_sm4_xts "SM4-XTS" -+#define LN_sm4_xts "sm4-xts" -+#define NID_sm4_xts 1196 -+#define OBJ_sm4_xts OBJ_sm_scheme,104L,10L -+ - #define SN_hmac "HMAC" - #define LN_hmac "hmac" - #define NID_hmac 855 -diff --git a/test/evp_test.c b/test/evp_test.c -index 62f20ec..3c65ce9 100644 ---- a/test/evp_test.c -+++ b/test/evp_test.c -@@ -485,6 +485,8 @@ typedef struct cipher_data_st { - unsigned char *tag; - size_t tag_len; - int tag_late; -+ /* SM4 XTS only */ -+ int std; - } CIPHER_DATA; - - static int cipher_test_init(EVP_TEST *t, const char *alg) -@@ -568,6 +570,15 @@ static int cipher_test_parse(EVP_TEST *t, const char *keyword, - return -1; - return 1; - } -+ if (strcmp(keyword, "Standard") == 0) { -+ if (strcmp(value, "GB") == 0) -+ cdat->std = 0; -+ else if (strcmp(value, "IEEE") == 0) -+ cdat->std = 1; -+ else -+ return -1; -+ return 1; -+ } - return 0; - } - -@@ -707,7 +718,11 @@ static int cipher_test_enc(EVP_TEST *t, int enc, - goto err; - } - } -- -+ if (expected->std) { -+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_XTS_STANDARD, expected->std, NULL)) { -+ goto err; -+ }; -+ } - EVP_CIPHER_CTX_set_padding(ctx, 0); - t->err = "CIPHERUPDATE_ERROR"; - tmplen = 0; -diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt -index 76c839b..a3687bc 100644 ---- a/test/recipes/30-test_evp_data/evpciph.txt -+++ b/test/recipes/30-test_evp_data/evpciph.txt -@@ -2132,6 +2132,28 @@ IV = 0123456789ABCDEFFEDCBA9876543210 - Plaintext = AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFFEEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA - Ciphertext = C2B4759E78AC3CF43D0852F4E8D5F9FD7256E8A5FCB65A350EE00630912E44492A0B17E1B85B060D0FBA612D8A95831638B361FD5FFACD942F081485A83CA35D - -+Title = SM4 XTS test vectors, the XTS mode is standardized in GB/T 17964-2021 by default -+Cipher = SM4-XTS -+Key = 2B7E151628AED2A6ABF7158809CF4F3C000102030405060708090A0B0C0D0E0F -+IV = F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF -+Plaintext = 6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411E5FBC1191A0A52EFF69F2445DF4F9B17 -+Ciphertext = E9538251C71D7B80BBE4483FEF497BD12C5C581BD6242FC51E08964FB4F60FDB0BA42F63499279213D318D2C11F6886E903BE7F93A1B3479 -+ -+Title = SM4 test vectors for XTS mode in GB/T 17964-2021 and IEEE Std 1619-2007 -+Cipher = SM4-XTS -+Key = 2B7E151628AED2A6ABF7158809CF4F3C000102030405060708090A0B0C0D0E0F -+IV = F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF -+Plaintext = 6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411E5FBC1191A0A52EFF69F2445DF4F9B17 -+Ciphertext = E9538251C71D7B80BBE4483FEF497BD12C5C581BD6242FC51E08964FB4F60FDB0BA42F63499279213D318D2C11F6886E903BE7F93A1B3479 -+Standard = GB -+ -+Cipher = SM4-XTS -+Key = 2B7E151628AED2A6ABF7158809CF4F3C000102030405060708090A0B0C0D0E0F -+IV = F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF -+Plaintext = 6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411E5FBC1191A0A52EFF69F2445DF4F9B17 -+Ciphertext = E9538251C71D7B80BBE4483FEF497BD1B3DB1A3E60408C575D63FF7DB39F83260869F9E2585FEC9F0B863BF8FD784B8627D16C0DB6D2CFC7 -+Standard = IEEE -+ - Title = ARIA test vectors from RFC5794 (and others) - - Cipher = ARIA-128-ECB -diff --git a/util/libcrypto.num b/util/libcrypto.num -index 95bccf9..62e2ea2 100644 ---- a/util/libcrypto.num -+++ b/util/libcrypto.num -@@ -4632,3 +4632,5 @@ X509_REQ_get0_sm2_id 6385 1_1_1m EXIST::FUNCTION:SM2 - X509_REQ_set0_sm2_id 6386 1_1_1m EXIST::FUNCTION:SM2 - EVP_PKEY_is_sm2 6387 1_1_1m EXIST::FUNCTION:SM2 - SM2_compute_key 6388 1_1_1m EXIST::FUNCTION: -+EVP_sm4_xts 6389 1_1_1m EXIST::FUNCTION:SM4 -+CRYPTO_xts128gb_encrypt 6390 1_1_1m EXIST::FUNCTION: -\ No newline at end of file --- -2.36.1 - diff --git a/Fix-SM4-XTS-build-failure-using-clang.patch b/Fix-SM4-XTS-build-failure-using-clang.patch deleted file mode 100644 index 06bf351952d9f46ee2550fd20b32e2fb5e486046..0000000000000000000000000000000000000000 --- a/Fix-SM4-XTS-build-failure-using-clang.patch +++ /dev/null @@ -1,182 +0,0 @@ -From 80835d048cb2a241605beb49d17bf129ab2f5ae5 Mon Sep 17 00:00:00 2001 -From: Xu Yizhou -Date: Mon, 15 May 2023 11:41:59 +0800 -Subject: [PATCH] Fix SM4-XTS build failure using clang - -The OpenSSL community also has similar issues, and the corresponding -solutions can be found in this [PR] -(https://github.com/openssl/openssl/pull/20202). Moreover, the -community has added restrictions in the arm-xlate.pl file to recognize -the 'LDR REG, =VALUE' pseudo instruction on Neon, as shown in this [PR] -(https://github.com/openssl/openssl/pull/20222). - -Signed-off-by: Xu Yizhou ---- - crypto/perlasm/arm-xlate.pl | 10 ++++++++++ - crypto/sm4/asm/sm4-armv8.pl | 12 ++++++----- - crypto/sm4/asm/vpsm4_ex-armv8.pl | 34 ++++++++++++++++++++------------ - 3 files changed, 38 insertions(+), 18 deletions(-) - -diff --git a/crypto/perlasm/arm-xlate.pl b/crypto/perlasm/arm-xlate.pl -index 48819be..a2f3838 100755 ---- a/crypto/perlasm/arm-xlate.pl -+++ b/crypto/perlasm/arm-xlate.pl -@@ -170,6 +170,16 @@ while(my $line=<>) { - } - } - -+ # ldr REG, #VALUE psuedo-instruction - avoid clang issue with Neon registers -+ # -+ if ($line =~ /^\s*ldr\s+([qd]\d\d?)\s*,\s*=(\w+)/i) { -+ # Immediate load via literal pool into qN or DN - clang max is 2^32-1 -+ my ($reg, $value) = ($1, $2); -+ # If $value is hex, 0x + 8 hex chars = 10 chars total will be okay -+ # If $value is decimal, 2^32 - 1 = 4294967295 will be okay (also 10 chars) -+ die("$line: immediate load via literal pool into $reg: value too large for clang - redo manually") if length($value) > 10; -+ } -+ - print $line if ($line); - print "\n"; - } -diff --git a/crypto/sm4/asm/sm4-armv8.pl b/crypto/sm4/asm/sm4-armv8.pl -index 923c1c0..07ba53a 100644 ---- a/crypto/sm4/asm/sm4-armv8.pl -+++ b/crypto/sm4/asm/sm4-armv8.pl -@@ -244,6 +244,8 @@ $code.=<<___; - .long 0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279 - .Lfk: - .long 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc -+.Lxts_magic: -+ .dword 0x0101010101010187,0x0101010101010101 - ___ - }}} - -@@ -604,7 +606,7 @@ $code.=<<___; - .globl ${prefix}_ctr32_encrypt_blocks - .type ${prefix}_ctr32_encrypt_blocks,%function - .align 5 --${prefix}_ctr32_encrypt_blocks: -+${prefix}_ctr32_encrypt_blocks: - stp d8,d9,[sp, #-16]! - - ld1 {$ivec.4s},[$ivp] -@@ -736,7 +738,7 @@ $code.=<<___; - .align 5 - ${prefix}_xts_do_cipher${standard}: - mov w$magic,0x87 -- ldr $qMagic, =0x01010101010101010101010101010187 -+ ldr $qMagic, .Lxts_magic - // used to encrypt the XORed plaintext blocks - ld1 {@rks[0].4s,@rks[1].4s,@rks[2].4s,@rks[3].4s},[$rk2],#64 - ld1 {@rks[4].4s,@rks[5].4s,@rks[6].4s,@rks[7].4s},[$rk2] -@@ -963,7 +965,7 @@ $code.=<<___; - cmp $remain,0 - b.eq 99f - --// This brance calculates the last two tweaks, -+// This brance calculates the last two tweaks, - // while the encryption/decryption length is larger than 32 - .last_2blks_tweak${standard}: - ___ -@@ -974,7 +976,7 @@ $code.=<<___; - b .check_dec${standard} - - --// This brance calculates the last two tweaks, -+// This brance calculates the last two tweaks, - // while the encryption/decryption length is less than 32, who only need two tweaks - .only_2blks_tweak${standard}: - mov @tweak[1].16b,@tweak[0].16b -@@ -1018,7 +1020,7 @@ $code.=<<___; - strb w$tmp1,[$lastBlk,$remain] - strb w$tmp0,[$out,$remain] - b.gt .loop${standard} -- ld1 {@dat[0].4s}, [$lastBlk] -+ ld1 {@dat[0].4s}, [$lastBlk] - eor @dat[0].16b, @dat[0].16b, @tweak[2].16b - ___ - &rev32(@dat[0],@dat[0]); -diff --git a/crypto/sm4/asm/vpsm4_ex-armv8.pl b/crypto/sm4/asm/vpsm4_ex-armv8.pl -index 86a6f89..4fd2975 100644 ---- a/crypto/sm4/asm/vpsm4_ex-armv8.pl -+++ b/crypto/sm4/asm/vpsm4_ex-armv8.pl -@@ -108,12 +108,12 @@ ___ - - sub load_sbox_matrix () { - $code.=<<___; -- ldr $MaskQ, =0x0306090c0f0205080b0e0104070a0d00 -- ldr $TAHMatQ, =0x22581a6002783a4062185a2042387a00 -- ldr $TALMatQ, =0xc10bb67c4a803df715df62a89e54e923 -- ldr $ATAHMatQ, =0x1407c6d56c7fbeadb9aa6b78c1d21300 -- ldr $ATALMatQ, =0xe383c1a1fe9edcbc6404462679195b3b -- ldr $ANDMaskQ, =0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f -+ ldr $MaskQ, .Lsbox_magic -+ ldr $TAHMatQ, .Lsbox_magic+16 -+ ldr $TALMatQ, .Lsbox_magic+32 -+ ldr $ATAHMatQ, .Lsbox_magic+48 -+ ldr $ATALMatQ, .Lsbox_magic+64 -+ ldr $ANDMaskQ, .Lsbox_magic+80 - ___ - } - # matrix multiplication Mat*x = (lowerMat*x) ^ (higherMat*x) -@@ -505,7 +505,7 @@ sub compute_tweak_vec() { - my $des = shift; - &rbit(@vtmp[2],$src); - $code.=<<___; -- ldr @qtmp[0], =0x01010101010101010101010101010187 -+ ldr @qtmp[0], .Lxts_magic - shl $des.16b, @vtmp[2].16b, #1 - ext @vtmp[1].16b, @vtmp[2].16b, @vtmp[2].16b,#15 - ushr @vtmp[1].16b, @vtmp[1].16b, #7 -@@ -569,10 +569,18 @@ ${prefix}_consts: - .long 0xA0A7AEB5, 0xBCC3CAD1, 0xD8DFE6ED, 0xF4FB0209 - .long 0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279 - .Lfk: -- .long 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc -+ .long 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc - .Lshuffles: -- .long 0x07060504, 0x0B0A0908, 0x0F0E0D0C, 0x03020100 -- -+ .long 0x07060504, 0x0B0A0908, 0x0F0E0D0C, 0x03020100 -+.Lxts_magic: -+ .dword 0x0101010101010187,0x0101010101010101 -+.Lsbox_magic: -+ .dword 0x0b0e0104070a0d00,0x0306090c0f020508 -+ .dword 0x62185a2042387a00,0x22581a6002783a40 -+ .dword 0x15df62a89e54e923,0xc10bb67c4a803df7 -+ .dword 0xb9aa6b78c1d21300,0x1407c6d56c7fbead -+ .dword 0x6404462679195b3b,0xe383c1a1fe9edcbc -+ .dword 0x0f0f0f0f0f0f0f0f,0x0f0f0f0f0f0f0f0f - .size ${prefix}_consts,.-${prefix}_consts - ___ - -@@ -1033,7 +1041,7 @@ $code.=<<___; - cmp $remain,0 - b.eq .return${standard} - --// This brance calculates the last two tweaks, -+// This brance calculates the last two tweaks, - // while the encryption/decryption length is larger than 32 - .last_2blks_tweak${standard}: - ___ -@@ -1044,7 +1052,7 @@ $code.=<<___; - b .check_dec${standard} - - --// This brance calculates the last two tweaks, -+// This brance calculates the last two tweaks, - // while the encryption/decryption length is equal to 32, who only need two tweaks - .only_2blks_tweak${standard}: - mov @tweak[1].16b,@tweak[0].16b -@@ -1087,7 +1095,7 @@ $code.=<<___; - strb $wtmp1,[$lastBlk,$remain] - strb $wtmp0,[$outp,$remain] - b.gt .loop${standard} -- ld1 {@data[0].4s}, [$lastBlk] -+ ld1 {@data[0].4s}, [$lastBlk] - eor @data[0].16b, @data[0].16b, @tweak[2].16b - ___ - &rev32(@data[0],@data[0]); --- -2.36.1 - diff --git a/Fix-reported-performance-degradation-on-aarch64.patch b/Fix-reported-performance-degradation-on-aarch64.patch deleted file mode 100644 index 34445aa7e40b7f4ebea47ac07f84e6c9a070b6a7..0000000000000000000000000000000000000000 --- a/Fix-reported-performance-degradation-on-aarch64.patch +++ /dev/null @@ -1,146 +0,0 @@ -From a8f6d73fda64d514171e99a50d1483c0c0b8d968 Mon Sep 17 00:00:00 2001 -From: Bernd Edlinger -Date: Sun, 12 Jun 2022 09:37:26 +0200 -Subject: [PATCH] Fix reported performance degradation on aarch64 - -This restores the implementation prior to -commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") -for 64bit targets only, since it is reportedly 2-17% slower, -and the silicon errata only affects 32bit targets. -Only for 32bit targets the new algorithm is used. - -Fixes #18445 - -Reviewed-by: Tomas Mraz -Reviewed-by: Paul Dale -Reviewed-by: Hugo Landau -(Merged from https://github.com/openssl/openssl/pull/18539) ---- - crypto/aes/asm/aesv8-armx.pl | 62 ++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 62 insertions(+) - -diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl -index 2b0e982..1856d99 100755 ---- a/crypto/aes/asm/aesv8-armx.pl -+++ b/crypto/aes/asm/aesv8-armx.pl -@@ -740,6 +740,21 @@ $code.=<<___; - #ifndef __ARMEB__ - rev $ctr, $ctr - #endif -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ vorr $dat1,$dat0,$dat0 -+ add $tctr1, $ctr, #1 -+ vorr $dat2,$dat0,$dat0 -+ add $ctr, $ctr, #2 -+ vorr $ivec,$dat0,$dat0 -+ rev $tctr1, $tctr1 -+ vmov.32 ${dat1}[3],$tctr1 -+ b.ls .Lctr32_tail -+ rev $tctr2, $ctr -+ sub $len,$len,#3 // bias -+ vmov.32 ${dat2}[3],$tctr2 -+___ -+$code.=<<___ if ($flavour !~ /64/); - add $tctr1, $ctr, #1 - vorr $ivec,$dat0,$dat0 - rev $tctr1, $tctr1 -@@ -751,6 +766,8 @@ $code.=<<___; - vmov.32 ${ivec}[3],$tctr2 - sub $len,$len,#3 // bias - vorr $dat2,$ivec,$ivec -+___ -+$code.=<<___; - b .Loop3x_ctr32 - - .align 4 -@@ -777,11 +794,25 @@ $code.=<<___; - aese $dat1,q8 - aesmc $tmp1,$dat1 - vld1.8 {$in0},[$inp],#16 -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ vorr $dat0,$ivec,$ivec -+___ -+$code.=<<___ if ($flavour !~ /64/); - add $tctr0,$ctr,#1 -+___ -+$code.=<<___; - aese $dat2,q8 - aesmc $dat2,$dat2 - vld1.8 {$in1},[$inp],#16 -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ vorr $dat1,$ivec,$ivec -+___ -+$code.=<<___ if ($flavour !~ /64/); - rev $tctr0,$tctr0 -+___ -+$code.=<<___; - aese $tmp0,q9 - aesmc $tmp0,$tmp0 - aese $tmp1,q9 -@@ -790,6 +821,12 @@ $code.=<<___; - mov $key_,$key - aese $dat2,q9 - aesmc $tmp2,$dat2 -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ vorr $dat2,$ivec,$ivec -+ add $tctr0,$ctr,#1 -+___ -+$code.=<<___; - aese $tmp0,q12 - aesmc $tmp0,$tmp0 - aese $tmp1,q12 -@@ -805,22 +842,47 @@ $code.=<<___; - aese $tmp1,q13 - aesmc $tmp1,$tmp1 - veor $in2,$in2,$rndlast -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ rev $tctr0,$tctr0 -+ aese $tmp2,q13 -+ aesmc $tmp2,$tmp2 -+ vmov.32 ${dat0}[3], $tctr0 -+___ -+$code.=<<___ if ($flavour !~ /64/); - vmov.32 ${ivec}[3], $tctr0 - aese $tmp2,q13 - aesmc $tmp2,$tmp2 - vorr $dat0,$ivec,$ivec -+___ -+$code.=<<___; - rev $tctr1,$tctr1 - aese $tmp0,q14 - aesmc $tmp0,$tmp0 -+___ -+$code.=<<___ if ($flavour !~ /64/); - vmov.32 ${ivec}[3], $tctr1 - rev $tctr2,$ctr -+___ -+$code.=<<___; - aese $tmp1,q14 - aesmc $tmp1,$tmp1 -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ vmov.32 ${dat1}[3], $tctr1 -+ rev $tctr2,$ctr -+ aese $tmp2,q14 -+ aesmc $tmp2,$tmp2 -+ vmov.32 ${dat2}[3], $tctr2 -+___ -+$code.=<<___ if ($flavour !~ /64/); - vorr $dat1,$ivec,$ivec - vmov.32 ${ivec}[3], $tctr2 - aese $tmp2,q14 - aesmc $tmp2,$tmp2 - vorr $dat2,$ivec,$ivec -+___ -+$code.=<<___; - subs $len,$len,#3 - aese $tmp0,q15 - aese $tmp1,q15 --- -1.8.3.1 - diff --git a/Update-expired-SCT-certificates.patch b/Update-expired-SCT-certificates.patch deleted file mode 100644 index 09114bfee200bfd8516fcc9db4d5edf368f2d5f4..0000000000000000000000000000000000000000 --- a/Update-expired-SCT-certificates.patch +++ /dev/null @@ -1,191 +0,0 @@ -From 73db5d82489b3ec09ccc772dfcee14fef0e8e908 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Wed, 1 Jun 2022 12:47:44 +0200 -Subject: [PATCH] Update expired SCT certificates - -Reviewed-by: Matt Caswell -Reviewed-by: Dmitry Belyavskiy -(Merged from https://github.com/openssl/openssl/pull/18446) ---- - test/certs/embeddedSCTs1-key.pem | 38 ++++++++++++++++++++++----------- - test/certs/embeddedSCTs1.pem | 35 +++++++++++++++--------------- - test/certs/embeddedSCTs1.sct | 12 +++++------ - test/certs/embeddedSCTs1_issuer-key.pem | 15 +++++++++++++ - test/certs/embeddedSCTs1_issuer.pem | 30 +++++++++++++------------- - 5 files changed, 79 insertions(+), 51 deletions(-) - create mode 100644 test/certs/embeddedSCTs1_issuer-key.pem - -diff --git a/test/certs/embeddedSCTs1-key.pem b/test/certs/embeddedSCTs1-key.pem -index e3e66d5..28dd206 100644 ---- a/test/certs/embeddedSCTs1-key.pem -+++ b/test/certs/embeddedSCTs1-key.pem -@@ -1,15 +1,27 @@ - -----BEGIN RSA PRIVATE KEY----- --MIICWwIBAAKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/BH634c4VyVui+A7k --WL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWkEM2cW9tdSSdyba8X --EPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWwFAn/Xdh+tQIDAQAB --AoGAK/daG0vt6Fkqy/hdrtSJSKUVRoGRmS2nnba4Qzlwzh1+x2kdbMFuaOu2a37g --PvmeQclheKZ3EG1+Jb4yShwLcBCV6pkRJhOKuhvqGnjngr6uBH4gMCjpZVj7GDMf --flYHhdJCs3Cz/TY0wKN3o1Fldil2DHR/AEOc1nImeSp5/EUCQQDjKS3W957kYtTU --X5BeRjvg03Ug8tJq6IFuhTFvUJ+XQ5bAc0DmxAbQVKqRS7Wje59zTknVvS+MFdeQ --pz4dGuV7AkEA1y0X2yarIls+0A/S1uwkvwRTIkfS+QwFJ1zVya8sApRdKAcidIzA --b70hkKLilU9+LrXg5iZdFp8l752qJiw9jwJAXjItN/7mfH4fExGto+or2kbVQxxt --9LcFNPc2UJp2ExuL37HrL8YJrUnukOF8KJaSwBWuuFsC5GwKP4maUCdfEQJAUwBR --83c3DEmmMRvpeH4erpA8gTyzZN3+HvDwhpvLnjMcvBQEdnDUykVqbSBnxrCjO+Fs --n1qtDczWFVf8Cj2GgQJAQ14Awx32Cn9sF+3M+sEVtlAf6CqiEbkYeYdSCbsplMmZ --1UoaxiwXY3z+B7epsRnnPR3KaceAlAxw2/zQJMFNOQ== -+MIIEpQIBAAKCAQEAuIjpA4/iCpDA2mjywI5zG6IBX6bNcRQYDsB7Cv0VonNXtJBw -+XxMENP4jVpvEmWpJ5iMBknGHV+XWBkngYapczIsY4LGn6aMU6ySABBVQpNOQSRfT -+48xGGPR9mzOBG/yplmpFOVq1j+b65lskvAXKYaLFpFn3oY/pBSdcCNBP8LypVXAJ -+b3IqEXsBL/ErgHG9bgIRP8VxBAaryCz77kLzAXkfHL2LfSGIfNONyEKB3xI94S4L -+eouOSoWL1VkEfJs87vG4G5xoXw3KOHyiueQUUlMnu8p+Bx0xPVKPEsLje3R9k0rG -+a5ca7dXAn9UypKKp25x4NXpnjGX5txVEYfNvqQIDAQABAoIBAE0zqhh9Z5n3+Vbm -+tTht4CZdXqm/xQ9b0rzJNjDgtN5j1vuJuhlsgUQSVoJzZIqydvw7BPtZV8AkPagf -+3Cm/9lb0kpHegVsziRrfCFes+zIZ+LE7sMAKxADIuIvnvkoRKHnvN8rI8lCj16/r -+zbCD06mJSZp6sSj8ZgZr8wsU63zRGt1TeGM67uVW4agphfzuKGlXstPLsSMwknpF -+nxFS2TYbitxa9oH76oCpEk5fywYsYgUP4TdzOzfVAgMzNSu0FobvWl0CECB+G3RQ -+XQ5VWbYkFoj5XbE5kYz6sYHMQWL1NQpglUp+tAQ1T8Nca0CvbSpD77doRGm7UqYw -+ziVQKokCgYEA6BtHwzyD1PHdAYtOcy7djrpnIMaiisSxEtMhctoxg8Vr2ePEvMpZ -+S1ka8A1Pa9GzjaUk+VWKWsTf+VkmMHGtpB1sv8S7HjujlEmeQe7p8EltjstvLDmi -+BhAA7ixvZpXXjQV4GCVdUVu0na6gFGGueZb2FHEXB8j1amVwleJj2lcCgYEAy4f3 -+2wXqJfz15+YdJPpG9BbH9d/plKJm5ID3p2ojAGo5qvVuIJMNJA4elcfHDwzCWVmn -+MtR/WwtxYVVmy1BAnmk6HPSYc3CStvv1800vqN3fyJWtZ1P+8WBVZWZzIQdjdiaU -+JSRevPnjQGc+SAZQQIk1yVclbz5790yuXsdIxf8CgYEApqlABC5lsvfga4Vt1UMn -+j57FAkHe4KmPRCcZ83A88ZNGd/QWhkD9kR7wOsIz7wVqWiDkxavoZnjLIi4jP9HA -+jwEZ3zER8wl70bRy0IEOtZzj8A6fSzAu6Q+Au4RokU6yse3lZ+EcepjQvhBvnXLu -+ZxxAojj6AnsHzVf9WYJvlI0CgYEAoATIw/TEgRV/KNHs/BOiEWqP0Co5dVix2Nnk -+3EVAO6VIrbbE3OuAm2ZWeaBWSujXLHSmVfpoHubCP6prZVI1W9aTkAxmh+xsDV3P -+o3h+DiBTP1seuGx7tr7spQqFXeR3OH9gXktYCO/W0d3aQ7pjAjpehWv0zJ+ty2MI -+fQ/lkXUCgYEAgbP+P5UmY7Fqm/mi6TprEJ/eYktji4Ne11GDKGFQCfjF5RdKhdw1 -+5+elGhZes+cpzu5Ak6zBDu4bviT+tRTWJu5lVLEzlHHv4nAU7Ks5Aj67ApH21AnP -+RtlATdhWOt5Dkdq1WSpDfz5bvWgvyBx9D66dSmQdbKKe2dH327eQll4= - -----END RSA PRIVATE KEY----- -diff --git a/test/certs/embeddedSCTs1.pem b/test/certs/embeddedSCTs1.pem -index d1e8512..d2a111f 100644 ---- a/test/certs/embeddedSCTs1.pem -+++ b/test/certs/embeddedSCTs1.pem -@@ -1,20 +1,21 @@ - -----BEGIN CERTIFICATE----- --MIIDWTCCAsKgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk -+MIIDeDCCAuGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk - MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX --YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw --MDAwMDBaMFIxCzAJBgNVBAYTAkdCMSEwHwYDVQQKExhDZXJ0aWZpY2F0ZSBUcmFu --c3BhcmVuY3kxDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGfMA0G --CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/ --BH634c4VyVui+A7kWL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWk --EM2cW9tdSSdyba8XEPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWw --FAn/Xdh+tQIDAQABo4IBOjCCATYwHQYDVR0OBBYEFCAxVBryXAX/2GWLaEN5T16Q --Nve0MH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQswCQYD --VQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4w --DAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAJBgNVHRMEAjAAMIGK --BgorBgEEAdZ5AgQCBHwEegB4AHYA3xwuwRUAlFJHqWFoMl3cXHlZ6PfG04j8AC4L --vT9012QAAAE92yffkwAABAMARzBFAiBIL2dRrzXbplQ2vh/WZA89v5pBQpSVkkUw --KI+j5eI+BgIhAOTtwNs6xXKx4vXoq2poBlOYfc9BAn3+/6EFUZ2J7b8IMA0GCSqG --SIb3DQEBBQUAA4GBAIoMS+8JnUeSea+goo5on5HhxEIb4tJpoupspOghXd7dyhUE --oR58h8S3foDw6XkDUmjyfKIOFmgErlVvMWmB+Wo5Srer/T4lWsAERRP+dlcMZ5Wr --5HAxM9MD+J86+mu8/FFzGd/ZW5NCQSEfY0A1w9B4MHpoxgdaLiDInza4kQyg -+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMDAxMjUxMTUwMTNaGA8yMTIwMDEy -+NjExNTAxM1owGTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3 -+DQEBAQUAA4IBDwAwggEKAoIBAQC4iOkDj+IKkMDaaPLAjnMbogFfps1xFBgOwHsK -+/RWic1e0kHBfEwQ0/iNWm8SZaknmIwGScYdX5dYGSeBhqlzMixjgsafpoxTrJIAE -+FVCk05BJF9PjzEYY9H2bM4Eb/KmWakU5WrWP5vrmWyS8BcphosWkWfehj+kFJ1wI -+0E/wvKlVcAlvcioRewEv8SuAcb1uAhE/xXEEBqvILPvuQvMBeR8cvYt9IYh8043I -+QoHfEj3hLgt6i45KhYvVWQR8mzzu8bgbnGhfDco4fKK55BRSUye7yn4HHTE9Uo8S -+wuN7dH2TSsZrlxrt1cCf1TKkoqnbnHg1emeMZfm3FURh82+pAgMBAAGjggEMMIIB -+CDAdBgNVHQ4EFgQUtMa8XD5ylrF9AqCdnPEhXa63H2owHwYDVR0jBBgwFoAUX52I -+Dchz5lTU+A3Y5rDBJLRHw1UwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcD -+ATCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN8cLsEVAJRSR6lhaDJd3Fx5Wej3xtOI -+/AAuC70/dNdkAAABb15m6AAAAAQDAEcwRQIgfDPo8RArm/vcSEZ608Q1u+XQ55QB -+u67SZEuZxLpbUM0CIQDRsgcTud4PDy8Cgg+lHeAS7UxgSKBbWAznYOuorwNewzAZ -+BgNVHREEEjAQgg5zZXJ2ZXIuZXhhbXBsZTANBgkqhkiG9w0BAQsFAAOBgQCWFKKR -+RNkDRzB25NK07OLkbzebhnpKtbP4i3blRx1HAvTSamf/3uuHI7kfiPJorJymJpT1 -+IuJvSVKyMu1qONWBimiBfiyGL7+le1izHEJIP5lVTbddfzSIBIvrlHHcWIOL3H+W -+YT6yTEIzJuO07Xp61qnB1CE2TrinUWlyC46Zkw== - -----END CERTIFICATE----- -diff --git a/test/certs/embeddedSCTs1.sct b/test/certs/embeddedSCTs1.sct -index 59362dc..35c9eb9 100644 ---- a/test/certs/embeddedSCTs1.sct -+++ b/test/certs/embeddedSCTs1.sct -@@ -2,11 +2,11 @@ Signed Certificate Timestamp: - Version : v1 (0x0) - Log ID : DF:1C:2E:C1:15:00:94:52:47:A9:61:68:32:5D:DC:5C: - 79:59:E8:F7:C6:D3:88:FC:00:2E:0B:BD:3F:74:D7:64 -- Timestamp : Apr 5 17:04:16.275 2013 GMT -+ Timestamp : Jan 1 00:00:00.000 2020 GMT - Extensions: none - Signature : ecdsa-with-SHA256 -- 30:45:02:20:48:2F:67:51:AF:35:DB:A6:54:36:BE:1F: -- D6:64:0F:3D:BF:9A:41:42:94:95:92:45:30:28:8F:A3: -- E5:E2:3E:06:02:21:00:E4:ED:C0:DB:3A:C5:72:B1:E2: -- F5:E8:AB:6A:68:06:53:98:7D:CF:41:02:7D:FE:FF:A1: -- 05:51:9D:89:ED:BF:08 -\ No newline at end of file -+ 30:45:02:20:7C:33:E8:F1:10:2B:9B:FB:DC:48:46:7A: -+ D3:C4:35:BB:E5:D0:E7:94:01:BB:AE:D2:64:4B:99:C4: -+ BA:5B:50:CD:02:21:00:D1:B2:07:13:B9:DE:0F:0F:2F: -+ 02:82:0F:A5:1D:E0:12:ED:4C:60:48:A0:5B:58:0C:E7: -+ 60:EB:A8:AF:03:5E:C3 -\ No newline at end of file -diff --git a/test/certs/embeddedSCTs1_issuer-key.pem b/test/certs/embeddedSCTs1_issuer-key.pem -new file mode 100644 -index 0000000..9326e38 ---- /dev/null -+++ b/test/certs/embeddedSCTs1_issuer-key.pem -@@ -0,0 +1,15 @@ -+-----BEGIN RSA PRIVATE KEY----- -+MIICXAIBAAKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7jHbrkVfT0PtLO1FuzsvR -+yY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjPKDHM5nugSlojgZ88ujfm -+JNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnLsvfP34b7arnRsQIDAQAB -+AoGAJLR6xEJp+5IXRFlLn7WTkFvO0ddtxJ7bXhiIkTctyruyfqp7LF9Jv1G2m3PK -+QPUtBc73w/GYkfnwIwdfJbOmPHL7XyEGHZYmEXgIgEtw6LXvAv0G5JpUnNwsSBfL -+GfSQqI5Z5ytyzlJXkMcTGA2kTgNAYc73h4EnU+pwUnDPdAECQQD2aj+4LtYk1XPq -+r3gjgI6MoGvgYJfPmAtZhxxVbhXQKciFUCAcBiwlQdHIdLWE9j65ctmZRWidKifr -+4O4nz+TBAkEA3djNW/rTQq5fKZy+mCF1WYnIU/3yhJaptzRqLm7AHqe7+hdrGXJw -++mCtU8T3L/Ms8bH1yFBZhmkp1PbR8gl48QJAQo70YyWThiN5yfxXcQ96cZWrTdIJ -+b3NcLXSHPLQdhDqlBQ1dfvRT3ERpC8IqfZ2d162kBPhwh3MpkVcSPQK0gQJAC/dY -+xGBYKt2a9nSk9zG+0bCT5Kvq++ngh6hFHfINXNnxUsEWns3EeEzkrIMQTj7QqszN -+lBt5aL2dawZRNrv6EQJBAOo4STF9KEwQG0HLC/ryh1FeB0OBA5yIepXze+eJVKei -+T0cCECOQJKfWHEzYJYDJhyEFF/sYp9TXwKSDjOifrsU= -+-----END RSA PRIVATE KEY----- -diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem -index 1fa449d..6aa9455 100644 ---- a/test/certs/embeddedSCTs1_issuer.pem -+++ b/test/certs/embeddedSCTs1_issuer.pem -@@ -1,18 +1,18 @@ - -----BEGIN CERTIFICATE----- --MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk -+MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk - MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX --YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw --MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu --c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf --MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7 --jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP --KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL --svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk --tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG --A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO --MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB --/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt --OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy --f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP --OwqULg== -+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw -+ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy -+YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w -+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG -+0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4 -+SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG -+acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw -+wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw -+CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB -+MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD -+AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq -++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo -+2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c -+Doud4XrO - -----END CERTIFICATE----- --- -1.8.3.1 - diff --git a/backport-A-null-pointer-dereference-occurs-when-memory-alloca.patch b/backport-A-null-pointer-dereference-occurs-when-memory-alloca.patch deleted file mode 100644 index afd87baea87f23507507763391a05655e159f6d8..0000000000000000000000000000000000000000 --- a/backport-A-null-pointer-dereference-occurs-when-memory-alloca.patch +++ /dev/null @@ -1,36 +0,0 @@ -From a8da305fa3dd6e34ba5aab3978281f652fd12883 Mon Sep 17 00:00:00 2001 -From: yangyangtiantianlonglong -Date: Mon, 31 Jul 2023 07:04:41 -0700 -Subject: [PATCH] A null pointer dereference occurs when memory allocation - fails - -Fixes #21605 - -Reviewed-by: Hugo Landau -Reviewed-by: Matthias St. Pierre -Reviewed-by: Paul Dale -(Merged from https://github.com/openssl/openssl/pull/21606) ---- - ssl/ssl_sess.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c -index cda6b7cc5b..2a5d21be79 100644 ---- a/ssl/ssl_sess.c -+++ b/ssl/ssl_sess.c -@@ -139,8 +139,11 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) - dest->references = 1; - - dest->lock = CRYPTO_THREAD_lock_new(); -- if (dest->lock == NULL) -+ if (dest->lock == NULL) { -+ OPENSSL_free(dest); -+ dest = NULL; - goto err; -+ } - - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data)) - goto err; --- -2.27.0 - diff --git a/backport-Add-a-Certificate-Policies-Test.patch b/backport-Add-a-Certificate-Policies-Test.patch deleted file mode 100644 index f447de37b76048abd25c18982110e68cd5c163b3..0000000000000000000000000000000000000000 --- a/backport-Add-a-Certificate-Policies-Test.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 23a4cbeb3ad80da3830f760f624599f24236bc38 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Tue, 7 Mar 2023 17:07:57 +0000 -Subject: [PATCH] Add a Certificate Policies Test - -Test that a valid certificate policy is accepted and that an invalid -certificate policy is rejected. Specifically we are checking that a -leaf certificate with an invalid policy is detected. - -Related-to: CVE-2023-0465 - -Reviewed-by: Hugo Landau -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/20588) ---- - test/recipes/25-test_verify.t | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t -index d254bd8..a8043de 100644 ---- a/test/recipes/25-test_verify.t -+++ b/test/recipes/25-test_verify.t -@@ -27,7 +27,7 @@ sub verify { - run(app([@args])); - } - --plan tests => 148; -+plan tests => 150; - - # Canonical success - ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), -@@ -421,3 +421,14 @@ SKIP: { - "31323334353637383132333435363738"), - "SM2 hex ID test"); - } -+ -+# Certificate Policies -+ok(verify("ee-cert-policies", "sslserver", ["root-cert"], ["ca-pol-cert"], -+ "-policy_check", "-policy", "1.3.6.1.4.1.16604.998855.1", -+ "-explicit_policy"), -+ "Certificate policy"); -+ -+ok(!verify("ee-cert-policies-bad", "sslserver", ["root-cert"], ["ca-pol-cert"], -+ "-policy_check", "-policy", "1.3.6.1.4.1.16604.998855.1", -+ "-explicit_policy"), -+ "Bad certificate policy"); --- -2.36.1 - diff --git a/backport-Add-a-test-for-CVE-2023-3446.patch b/backport-Add-a-test-for-CVE-2023-3446.patch deleted file mode 100644 index 2690fec1fc7f449b0f04aa1ca4ff49e9b3fe4572..0000000000000000000000000000000000000000 --- a/backport-Add-a-test-for-CVE-2023-3446.patch +++ /dev/null @@ -1,61 +0,0 @@ -From e9ddae17e302a7e6a0daf00f25efed7c70f114d4 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 7 Jul 2023 14:39:48 +0100 -Subject: [PATCH] Add a test for CVE-2023-3446 - -Confirm that the only errors DH_check() finds with DH parameters with an -excessively long modulus is that the modulus is too large. We should not -be performing time consuming checks using that modulus. - -Reviewed-by: Paul Dale -Reviewed-by: Tom Cosgrove -Reviewed-by: Bernd Edlinger -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/21452) ---- - test/dhtest.c | 15 +++++++++++++-- - 1 file changed, 13 insertions(+), 2 deletions(-) - -diff --git a/test/dhtest.c b/test/dhtest.c -index 9d5609b943..00b3c47101 100644 ---- a/test/dhtest.c -+++ b/test/dhtest.c -@@ -63,7 +63,7 @@ static int dh_test(void) - || !TEST_true(DH_set0_pqg(dh, p, q, g))) - goto err1; - -- if (!DH_check(dh, &i)) -+ if (!TEST_true(DH_check(dh, &i))) - goto err2; - if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) - || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) -@@ -123,6 +123,17 @@ static int dh_test(void) - /* check whether the public key was calculated correctly */ - TEST_uint_eq(BN_get_word(pub_key2), 3331L); - -+ /* Modulus of size: dh check max modulus bits + 1 */ -+ if (!TEST_true(BN_set_word(p, 1)) -+ || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS))) -+ goto err3; -+ -+ /* -+ * We expect no checks at all for an excessively large modulus -+ */ -+ if (!TEST_false(DH_check(dh, &i))) -+ goto err3; -+ - /* - * II) key generation - */ -@@ -137,7 +148,7 @@ static int dh_test(void) - goto err3; - - /* ... and check whether it is valid */ -- if (!DH_check(a, &i)) -+ if (!TEST_true(DH_check(a, &i))) - goto err3; - if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) - || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) --- -2.36.1 - diff --git a/backport-Add-a-test-for-session-cache-handling.patch b/backport-Add-a-test-for-session-cache-handling.patch index 338d31d50ebacdac2214395927e5bcf6f1cfee73..765f908ec3c4bf0c67f43e8705ea35feb2760854 100644 --- a/backport-Add-a-test-for-session-cache-handling.patch +++ b/backport-Add-a-test-for-session-cache-handling.patch @@ -15,8 +15,8 @@ Reviewed-by: Tomas Mraz (cherry picked from commit 5f5b9e1ca1fad0215f623b8bd4955a2e8101f306) Signed-off-by: Liu-Ermeng --- - test/sslapitest.c | 91 +++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 91 insertions(+) + test/sslapitest.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 92 insertions(+) diff --git a/test/sslapitest.c b/test/sslapitest.c index 5ee982ab06..2992356fdf 100644 @@ -120,6 +120,14 @@ index 5ee982ab06..2992356fdf 100644 int setup_tests(void) { if (!TEST_ptr(certsdir = test_get_argument(0)) +@@ -7422,6 +7513,7 @@ int setup_tests(void) + #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_3) + ADD_ALL_TESTS(test_serverinfo_custom, 4); + #endif ++ ADD_ALL_TESTS(test_multi_resume, 4); + return 1; + } + -- 2.33.0 diff --git a/backport-Add-a-test-for-session-cache-overflow.patch b/backport-Add-a-test-for-session-cache-overflow.patch index 56eaee10ed8ec5e725fb7ae936a04a398c8121e7..6b4d2a1e736425f1dc340710cb707978f7568abb 100644 --- a/backport-Add-a-test-for-session-cache-overflow.patch +++ b/backport-Add-a-test-for-session-cache-overflow.patch @@ -15,8 +15,8 @@ Reviewed-by: Tomas Mraz (cherry picked from commit ddead0935d77ba9b771d632ace61b145d7153f18) Signed-off-by: Liu-Ermeng --- - test/sslapitest.c | 130 ++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 127 insertions(+), 3 deletions(-) + test/sslapitest.c | 133 ++++++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 130 insertions(+), 3 deletions(-) diff --git a/test/sslapitest.c b/test/sslapitest.c index 472b1224ca..395b1e5457 100644 @@ -171,6 +171,16 @@ index 472b1224ca..395b1e5457 100644 #endif if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), +@@ -7593,6 +7717,9 @@ int setup_tests(void) + ADD_TEST(test_inherit_verify_param); + #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_3) + ADD_ALL_TESTS(test_serverinfo_custom, 4); ++#endif ++#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3) ++ ADD_ALL_TESTS(test_session_cache_overflow, 4); + #endif + ADD_ALL_TESTS(test_multi_resume, 5); + return 1; -- 2.33.0 diff --git a/backport-Backport-a-missing-bug-fix-from-master.patch b/backport-Backport-a-missing-bug-fix-from-master.patch deleted file mode 100644 index cb2d259f275cfb78127fe46399bef441d0308ba3..0000000000000000000000000000000000000000 --- a/backport-Backport-a-missing-bug-fix-from-master.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 17519e2595b5ed8211a7763ff6eb2d6cf47c13cb Mon Sep 17 00:00:00 2001 -From: Bernd Edlinger -Date: Thu, 19 May 2022 15:50:28 +0200 -Subject: [PATCH] Backport a missing bug-fix from master - -This is a backport of the following commit from master: - -commit 61b0fead5e6079ca826594df5b9ca00e65883cb0 -Author: Matt Caswell -Date: Thu Nov 19 13:58:21 2020 +0000 - - Don't Overflow when printing Thawte Strong Extranet Version - - When printing human readable info on the Thawte Strong Extranet extension - the version number could overflow if the version number == LONG_MAX. This - is undefined behaviour. - - Issue found by OSSFuzz. - - Reviewed-by: Ben Kaduk - (Merged from https://github.com/openssl/openssl/pull/13452) - -Reviewed-by: Matt Caswell -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/18347) ---- - crypto/x509v3/v3_sxnet.c | 18 +++++++++++++++--- - 1 files changed, 15 insertions(+), 3 deletions(-) - create mode 100644 fuzz/corpora/crl/4d72381f46c50eb9cabd8aa27f456962bf013b28 - -diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c -index 89cda01be2..0648553ae3 100644 ---- a/crypto/x509v3/v3_sxnet.c -+++ b/crypto/x509v3/v3_sxnet.c -@@ -57,12 +57,24 @@ IMPLEMENT_ASN1_FUNCTIONS(SXNET) - static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, - int indent) - { -- long v; -+ int64_t v; - char *tmp; - SXNETID *id; - int i; -- v = ASN1_INTEGER_get(sx->version); -- BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); -+ -+ /* -+ * Since we add 1 to the version number to display it, we don't support -+ * LONG_MAX since that would cause on overflow. -+ */ -+ if (!ASN1_INTEGER_get_int64(&v, sx->version) -+ || v >= LONG_MAX -+ || v < LONG_MIN) { -+ BIO_printf(out, "%*sVersion: ", indent, ""); -+ } else { -+ long vl = (long)v; -+ -+ BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", vl + 1, vl); -+ } - for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { - id = sk_SXNETID_value(sx->ids, i); - tmp = i2s_ASN1_INTEGER(NULL, id->zone); --- -2.38.1.windows.1 - diff --git a/backport-CVE-2022-4304-Fix-Timing-Oracle-in-RSA-decryption.patch b/backport-CVE-2022-4304-Fix-Timing-Oracle-in-RSA-decryption.patch deleted file mode 100644 index 626bc784c46c03f386514557692719dbdec7e32f..0000000000000000000000000000000000000000 --- a/backport-CVE-2022-4304-Fix-Timing-Oracle-in-RSA-decryption.patch +++ /dev/null @@ -1,799 +0,0 @@ -From 43d8f88511991533f53680a751e9326999a6a31f Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 20 Jan 2023 15:26:54 +0000 -Subject: [PATCH] Fix Timing Oracle in RSA decryption - -A timing based side channel exists in the OpenSSL RSA Decryption -implementation which could be sufficient to recover a plaintext across -a network in a Bleichenbacher style attack. To achieve a successful -decryption an attacker would have to be able to send a very large number -of trial messages for decryption. The vulnerability affects all RSA -padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. - -Patch written by Dmitry Belyavsky and Hubert Kario - -CVE-2022-4304 - -Reviewed-by: Dmitry Belyavskiy -Reviewed-by: Tomas Mraz ---- - crypto/bn/bn_blind.c | 14 - - crypto/bn/bn_err.c | 2 + - crypto/bn/bn_local.h | 14 + - crypto/bn/build.info | 3 +- - crypto/bn/rsa_sup_mul.c | 614 ++++++++++++++++++++++++++++++++++++++++ - crypto/err/openssl.txt | 3 +- - crypto/rsa/rsa_ossl.c | 17 +- - include/crypto/bn.h | 5 + - include/openssl/bnerr.h | 1 + - 9 files changed, 653 insertions(+), 20 deletions(-) - create mode 100644 crypto/bn/rsa_sup_mul.c - -diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c -index 76fc7ebcff..6e9d239321 100644 ---- a/crypto/bn/bn_blind.c -+++ b/crypto/bn/bn_blind.c -@@ -13,20 +13,6 @@ - - #define BN_BLINDING_COUNTER 32 - --struct bn_blinding_st { -- BIGNUM *A; -- BIGNUM *Ai; -- BIGNUM *e; -- BIGNUM *mod; /* just a reference */ -- CRYPTO_THREAD_ID tid; -- int counter; -- unsigned long flags; -- BN_MONT_CTX *m_ctx; -- int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -- CRYPTO_RWLOCK *lock; --}; -- - BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) - { - BN_BLINDING *ret = NULL; -diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c -index dd87c152cf..3dd8d9a568 100644 ---- a/crypto/bn/bn_err.c -+++ b/crypto/bn/bn_err.c -@@ -73,6 +73,8 @@ static const ERR_STRING_DATA BN_str_functs[] = { - {ERR_PACK(ERR_LIB_BN, BN_F_BN_SET_WORDS, 0), "bn_set_words"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_STACK_PUSH, 0), "BN_STACK_push"}, - {ERR_PACK(ERR_LIB_BN, BN_F_BN_USUB, 0), "BN_usub"}, -+ {ERR_PACK(ERR_LIB_BN, BN_F_OSSL_BN_RSA_DO_UNBLIND, 0), -+ "ossl_bn_rsa_do_unblind"}, - {0, NULL} - }; - -diff --git a/crypto/bn/bn_local.h b/crypto/bn/bn_local.h -index 62a969b134..4d8cb64675 100644 ---- a/crypto/bn/bn_local.h -+++ b/crypto/bn/bn_local.h -@@ -283,6 +283,20 @@ struct bn_gencb_st { - } cb; - }; - -+struct bn_blinding_st { -+ BIGNUM *A; -+ BIGNUM *Ai; -+ BIGNUM *e; -+ BIGNUM *mod; /* just a reference */ -+ CRYPTO_THREAD_ID tid; -+ int counter; -+ unsigned long flags; -+ BN_MONT_CTX *m_ctx; -+ int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -+ CRYPTO_RWLOCK *lock; -+}; -+ - /*- - * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions - * -diff --git a/crypto/bn/build.info b/crypto/bn/build.info -index b9ed5322fa..c9fe2fdada 100644 ---- a/crypto/bn/build.info -+++ b/crypto/bn/build.info -@@ -5,7 +5,8 @@ SOURCE[../../libcrypto]=\ - bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c \ - {- $target{bn_asm_src} -} \ - bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ -- bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c -+ bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c \ -+ rsa_sup_mul.c - - INCLUDE[bn_exp.o]=.. - -diff --git a/crypto/bn/rsa_sup_mul.c b/crypto/bn/rsa_sup_mul.c -new file mode 100644 -index 0000000000..acafefd5fe ---- /dev/null -+++ b/crypto/bn/rsa_sup_mul.c -@@ -0,0 +1,614 @@ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "internal/numbers.h" -+#include "internal/constant_time.h" -+#include "bn_local.h" -+ -+# if BN_BYTES == 8 -+typedef uint64_t limb_t; -+# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16 -+/* nonstandard; implemented by gcc on 64-bit platforms */ -+typedef __uint128_t limb2_t; -+# define HAVE_LIMB2_T -+# endif -+# define LIMB_BIT_SIZE 64 -+# define LIMB_BYTE_SIZE 8 -+# elif BN_BYTES == 4 -+typedef uint32_t limb_t; -+typedef uint64_t limb2_t; -+# define LIMB_BIT_SIZE 32 -+# define LIMB_BYTE_SIZE 4 -+# define HAVE_LIMB2_T -+# else -+# error "Not supported" -+# endif -+ -+/* -+ * For multiplication we're using schoolbook multiplication, -+ * so if we have two numbers, each with 6 "digits" (words) -+ * the multiplication is calculated as follows: -+ * A B C D E F -+ * x I J K L M N -+ * -------------- -+ * N*F -+ * N*E -+ * N*D -+ * N*C -+ * N*B -+ * N*A -+ * M*F -+ * M*E -+ * M*D -+ * M*C -+ * M*B -+ * M*A -+ * L*F -+ * L*E -+ * L*D -+ * L*C -+ * L*B -+ * L*A -+ * K*F -+ * K*E -+ * K*D -+ * K*C -+ * K*B -+ * K*A -+ * J*F -+ * J*E -+ * J*D -+ * J*C -+ * J*B -+ * J*A -+ * I*F -+ * I*E -+ * I*D -+ * I*C -+ * I*B -+ * + I*A -+ * ========================== -+ * N*B N*D N*F -+ * + N*A N*C N*E -+ * + M*B M*D M*F -+ * + M*A M*C M*E -+ * + L*B L*D L*F -+ * + L*A L*C L*E -+ * + K*B K*D K*F -+ * + K*A K*C K*E -+ * + J*B J*D J*F -+ * + J*A J*C J*E -+ * + I*B I*D I*F -+ * + I*A I*C I*E -+ * -+ * 1+1 1+3 1+5 -+ * 1+0 1+2 1+4 -+ * 0+1 0+3 0+5 -+ * 0+0 0+2 0+4 -+ * -+ * 0 1 2 3 4 5 6 -+ * which requires n^2 multiplications and 2n full length additions -+ * as we can keep every other result of limb multiplication in two separate -+ * limbs -+ */ -+ -+#if defined HAVE_LIMB2_T -+static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b) -+{ -+ limb2_t t; -+ /* -+ * this is idiomatic code to tell compiler to use the native mul -+ * those three lines will actually compile to single instruction -+ */ -+ -+ t = (limb2_t)a * b; -+ *hi = t >> LIMB_BIT_SIZE; -+ *lo = (limb_t)t; -+} -+#elif (BN_BYTES == 8) && (defined _MSC_VER) -+/* https://learn.microsoft.com/en-us/cpp/intrinsics/umul128?view=msvc-170 */ -+#pragma intrinsic(_umul128) -+static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b) -+{ -+ *lo = _umul128(a, b, hi); -+} -+#else -+/* -+ * if the compiler doesn't have either a 128bit data type nor a "return -+ * high 64 bits of multiplication" -+ */ -+static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b) -+{ -+ limb_t a_low = (limb_t)(uint32_t)a; -+ limb_t a_hi = a >> 32; -+ limb_t b_low = (limb_t)(uint32_t)b; -+ limb_t b_hi = b >> 32; -+ -+ limb_t p0 = a_low * b_low; -+ limb_t p1 = a_low * b_hi; -+ limb_t p2 = a_hi * b_low; -+ limb_t p3 = a_hi * b_hi; -+ -+ uint32_t cy = (uint32_t)(((p0 >> 32) + (uint32_t)p1 + (uint32_t)p2) >> 32); -+ -+ *lo = p0 + (p1 << 32) + (p2 << 32); -+ *hi = p3 + (p1 >> 32) + (p2 >> 32) + cy; -+} -+#endif -+ -+/* add two limbs with carry in, return carry out */ -+static ossl_inline limb_t _add_limb(limb_t *ret, limb_t a, limb_t b, limb_t carry) -+{ -+ limb_t carry1, carry2, t; -+ /* -+ * `c = a + b; if (c < a)` is idiomatic code that makes compilers -+ * use add with carry on assembly level -+ */ -+ -+ *ret = a + carry; -+ if (*ret < a) -+ carry1 = 1; -+ else -+ carry1 = 0; -+ -+ t = *ret; -+ *ret = t + b; -+ if (*ret < t) -+ carry2 = 1; -+ else -+ carry2 = 0; -+ -+ return carry1 + carry2; -+} -+ -+/* -+ * add two numbers of the same size, return overflow -+ * -+ * add a to b, place result in ret; all arrays need to be n limbs long -+ * return overflow from addition (0 or 1) -+ */ -+static ossl_inline limb_t add(limb_t *ret, limb_t *a, limb_t *b, size_t n) -+{ -+ limb_t c = 0; -+ ossl_ssize_t i; -+ -+ for(i = n - 1; i > -1; i--) -+ c = _add_limb(&ret[i], a[i], b[i], c); -+ -+ return c; -+} -+ -+/* -+ * return number of limbs necessary for temporary values -+ * when multiplying numbers n limbs large -+ */ -+static ossl_inline size_t mul_limb_numb(size_t n) -+{ -+ return 2 * n * 2; -+} -+ -+/* -+ * multiply two numbers of the same size -+ * -+ * multiply a by b, place result in ret; a and b need to be n limbs long -+ * ret needs to be 2*n limbs long, tmp needs to be mul_limb_numb(n) limbs -+ * long -+ */ -+static void limb_mul(limb_t *ret, limb_t *a, limb_t *b, size_t n, limb_t *tmp) -+{ -+ limb_t *r_odd, *r_even; -+ size_t i, j, k; -+ -+ r_odd = tmp; -+ r_even = &tmp[2 * n]; -+ -+ memset(ret, 0, 2 * n * sizeof(limb_t)); -+ -+ for (i = 0; i < n; i++) { -+ for (k = 0; k < i + n + 1; k++) { -+ r_even[k] = 0; -+ r_odd[k] = 0; -+ } -+ for (j = 0; j < n; j++) { -+ /* -+ * place results from even and odd limbs in separate arrays so that -+ * we don't have to calculate overflow every time we get individual -+ * limb multiplication result -+ */ -+ if (j % 2 == 0) -+ _mul_limb(&r_even[i + j], &r_even[i + j + 1], a[i], b[j]); -+ else -+ _mul_limb(&r_odd[i + j], &r_odd[i + j + 1], a[i], b[j]); -+ } -+ /* -+ * skip the least significant limbs when adding multiples of -+ * more significant limbs (they're zero anyway) -+ */ -+ add(ret, ret, r_even, n + i + 1); -+ add(ret, ret, r_odd, n + i + 1); -+ } -+} -+ -+/* modifies the value in place by performing a right shift by one bit */ -+static ossl_inline void rshift1(limb_t *val, size_t n) -+{ -+ limb_t shift_in = 0, shift_out = 0; -+ size_t i; -+ -+ for (i = 0; i < n; i++) { -+ shift_out = val[i] & 1; -+ val[i] = shift_in << (LIMB_BIT_SIZE - 1) | (val[i] >> 1); -+ shift_in = shift_out; -+ } -+} -+ -+/* extend the LSB of flag to all bits of limb */ -+static ossl_inline limb_t mk_mask(limb_t flag) -+{ -+ flag |= flag << 1; -+ flag |= flag << 2; -+ flag |= flag << 4; -+ flag |= flag << 8; -+ flag |= flag << 16; -+#if (LIMB_BYTE_SIZE == 8) -+ flag |= flag << 32; -+#endif -+ return flag; -+} -+ -+/* -+ * copy from either a or b to ret based on flag -+ * when flag == 0, then copies from b -+ * when flag == 1, then copies from a -+ */ -+static ossl_inline void cselect(limb_t flag, limb_t *ret, limb_t *a, limb_t *b, size_t n) -+{ -+ /* -+ * would be more efficient with non volatile mask, but then gcc -+ * generates code with jumps -+ */ -+ volatile limb_t mask; -+ size_t i; -+ -+ mask = mk_mask(flag); -+ for (i = 0; i < n; i++) { -+#if (LIMB_BYTE_SIZE == 8) -+ ret[i] = constant_time_select_64(mask, a[i], b[i]); -+#else -+ ret[i] = constant_time_select_32(mask, a[i], b[i]); -+#endif -+ } -+} -+ -+static limb_t _sub_limb(limb_t *ret, limb_t a, limb_t b, limb_t borrow) -+{ -+ limb_t borrow1, borrow2, t; -+ /* -+ * while it doesn't look constant-time, this is idiomatic code -+ * to tell compilers to use the carry bit from subtraction -+ */ -+ -+ *ret = a - borrow; -+ if (*ret > a) -+ borrow1 = 1; -+ else -+ borrow1 = 0; -+ -+ t = *ret; -+ *ret = t - b; -+ if (*ret > t) -+ borrow2 = 1; -+ else -+ borrow2 = 0; -+ -+ return borrow1 + borrow2; -+} -+ -+/* -+ * place the result of a - b into ret, return the borrow bit. -+ * All arrays need to be n limbs long -+ */ -+static limb_t sub(limb_t *ret, limb_t *a, limb_t *b, size_t n) -+{ -+ limb_t borrow = 0; -+ ossl_ssize_t i; -+ -+ for (i = n - 1; i > -1; i--) -+ borrow = _sub_limb(&ret[i], a[i], b[i], borrow); -+ -+ return borrow; -+} -+ -+/* return the number of limbs necessary to allocate for the mod() tmp operand */ -+static ossl_inline size_t mod_limb_numb(size_t anum, size_t modnum) -+{ -+ return (anum + modnum) * 3; -+} -+ -+/* -+ * calculate a % mod, place the result in ret -+ * size of a is defined by anum, size of ret and mod is modnum, -+ * size of tmp is returned by mod_limb_numb() -+ */ -+static void mod(limb_t *ret, limb_t *a, size_t anum, limb_t *mod, -+ size_t modnum, limb_t *tmp) -+{ -+ limb_t *atmp, *modtmp, *rettmp; -+ limb_t res; -+ size_t i; -+ -+ memset(tmp, 0, mod_limb_numb(anum, modnum) * LIMB_BYTE_SIZE); -+ -+ atmp = tmp; -+ modtmp = &tmp[anum + modnum]; -+ rettmp = &tmp[(anum + modnum) * 2]; -+ -+ for (i = modnum; i 0; i--, rp--) { -+ v = _mul_add_limb(rp, mod, modnum, rp[modnum - 1] * ni0, tmp2); -+ v = v + carry + rp[-1]; -+ carry |= (v != rp[-1]); -+ carry &= (v <= rp[-1]); -+ rp[-1] = v; -+ } -+ -+ /* perform the final reduction by mod... */ -+ carry -= sub(ret, rp, mod, modnum); -+ -+ /* ...conditionally */ -+ cselect(carry, ret, rp, ret, modnum); -+} -+ -+/* allocated buffer should be freed afterwards */ -+static void BN_to_limb(const BIGNUM *bn, limb_t *buf, size_t limbs) -+{ -+ int i; -+ int real_limbs = (BN_num_bytes(bn) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE; -+ limb_t *ptr = buf + (limbs - real_limbs); -+ -+ for (i = 0; i < real_limbs; i++) -+ ptr[i] = bn->d[real_limbs - i - 1]; -+} -+ -+#if LIMB_BYTE_SIZE == 8 -+static ossl_inline uint64_t be64(uint64_t host) -+{ -+ const union { -+ long one; -+ char little; -+ } is_endian = { 1 }; -+ -+ if (is_endian.little) { -+ uint64_t big = 0; -+ -+ big |= (host & 0xff00000000000000) >> 56; -+ big |= (host & 0x00ff000000000000) >> 40; -+ big |= (host & 0x0000ff0000000000) >> 24; -+ big |= (host & 0x000000ff00000000) >> 8; -+ big |= (host & 0x00000000ff000000) << 8; -+ big |= (host & 0x0000000000ff0000) << 24; -+ big |= (host & 0x000000000000ff00) << 40; -+ big |= (host & 0x00000000000000ff) << 56; -+ return big; -+ } else { -+ return host; -+ } -+} -+ -+#else -+/* Not all platforms have htobe32(). */ -+static ossl_inline uint32_t be32(uint32_t host) -+{ -+ const union { -+ long one; -+ char little; -+ } is_endian = { 1 }; -+ -+ if (is_endian.little) { -+ uint32_t big = 0; -+ -+ big |= (host & 0xff000000) >> 24; -+ big |= (host & 0x00ff0000) >> 8; -+ big |= (host & 0x0000ff00) << 8; -+ big |= (host & 0x000000ff) << 24; -+ return big; -+ } else { -+ return host; -+ } -+} -+#endif -+ -+/* -+ * We assume that intermediate, possible_arg2, blinding, and ctx are used -+ * similar to BN_BLINDING_invert_ex() arguments. -+ * to_mod is RSA modulus. -+ * buf and num is the serialization buffer and its length. -+ * -+ * Here we use classic/Montgomery multiplication and modulo. After the calculation finished -+ * we serialize the new structure instead of BIGNUMs taking endianness into account. -+ */ -+int ossl_bn_rsa_do_unblind(const BIGNUM *intermediate, -+ const BN_BLINDING *blinding, -+ const BIGNUM *possible_arg2, -+ const BIGNUM *to_mod, BN_CTX *ctx, -+ unsigned char *buf, int num) -+{ -+ limb_t *l_im = NULL, *l_mul = NULL, *l_mod = NULL; -+ limb_t *l_ret = NULL, *l_tmp = NULL, l_buf; -+ size_t l_im_count = 0, l_mul_count = 0, l_size = 0, l_mod_count = 0; -+ size_t l_tmp_count = 0; -+ int ret = 0; -+ size_t i; -+ unsigned char *tmp; -+ const BIGNUM *arg1 = intermediate; -+ const BIGNUM *arg2 = (possible_arg2 == NULL) ? blinding->Ai : possible_arg2; -+ -+ l_im_count = (BN_num_bytes(arg1) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE; -+ l_mul_count = (BN_num_bytes(arg2) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE; -+ l_mod_count = (BN_num_bytes(to_mod) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE; -+ -+ l_size = l_im_count > l_mul_count ? l_im_count : l_mul_count; -+ l_im = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE); -+ l_mul = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE); -+ l_mod = OPENSSL_zalloc(l_mod_count * LIMB_BYTE_SIZE); -+ -+ if ((l_im == NULL) || (l_mul == NULL) || (l_mod == NULL)) -+ goto err; -+ -+ BN_to_limb(arg1, l_im, l_size); -+ BN_to_limb(arg2, l_mul, l_size); -+ BN_to_limb(to_mod, l_mod, l_mod_count); -+ -+ l_ret = OPENSSL_malloc(2 * l_size * LIMB_BYTE_SIZE); -+ -+ if (blinding->m_ctx != NULL) { -+ l_tmp_count = mul_limb_numb(l_size) > mod_montgomery_limb_numb(l_mod_count) ? -+ mul_limb_numb(l_size) : mod_montgomery_limb_numb(l_mod_count); -+ l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE); -+ } else { -+ l_tmp_count = mul_limb_numb(l_size) > mod_limb_numb(2 * l_size, l_mod_count) ? -+ mul_limb_numb(l_size) : mod_limb_numb(2 * l_size, l_mod_count); -+ l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE); -+ } -+ -+ if ((l_ret == NULL) || (l_tmp == NULL)) -+ goto err; -+ -+ if (blinding->m_ctx != NULL) { -+ limb_mul(l_ret, l_im, l_mul, l_size, l_tmp); -+ mod_montgomery(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count, -+ blinding->m_ctx->n0[0], l_tmp); -+ } else { -+ limb_mul(l_ret, l_im, l_mul, l_size, l_tmp); -+ mod(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count, l_tmp); -+ } -+ -+ /* modulus size in bytes can be equal to num but after limbs conversion it becomes bigger */ -+ if (num < BN_num_bytes(to_mod)) { -+ BNerr(BN_F_OSSL_BN_RSA_DO_UNBLIND, ERR_R_PASSED_INVALID_ARGUMENT); -+ goto err; -+ } -+ -+ memset(buf, 0, num); -+ tmp = buf + num - BN_num_bytes(to_mod); -+ for (i = 0; i < l_mod_count; i++) { -+#if LIMB_BYTE_SIZE == 8 -+ l_buf = be64(l_ret[i]); -+#else -+ l_buf = be32(l_ret[i]); -+#endif -+ if (i == 0) { -+ int delta = LIMB_BYTE_SIZE - ((l_mod_count * LIMB_BYTE_SIZE) - num); -+ -+ memcpy(tmp, ((char *)&l_buf) + LIMB_BYTE_SIZE - delta, delta); -+ tmp += delta; -+ } else { -+ memcpy(tmp, &l_buf, LIMB_BYTE_SIZE); -+ tmp += LIMB_BYTE_SIZE; -+ } -+ } -+ ret = num; -+ -+ err: -+ OPENSSL_free(l_im); -+ OPENSSL_free(l_mul); -+ OPENSSL_free(l_mod); -+ OPENSSL_free(l_tmp); -+ OPENSSL_free(l_ret); -+ -+ return ret; -+} -diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt -index 9f91a4a811..ba3a46d5b9 100644 ---- a/crypto/err/openssl.txt -+++ b/crypto/err/openssl.txt -@@ -232,6 +232,7 @@ BN_F_BN_RSHIFT:146:BN_rshift - BN_F_BN_SET_WORDS:144:bn_set_words - BN_F_BN_STACK_PUSH:148:BN_STACK_push - BN_F_BN_USUB:115:BN_usub -+BN_F_OSSL_BN_RSA_DO_UNBLIND:151:ossl_bn_rsa_do_unblind - BUF_F_BUF_MEM_GROW:100:BUF_MEM_grow - BUF_F_BUF_MEM_GROW_CLEAN:105:BUF_MEM_grow_clean - BUF_F_BUF_MEM_NEW:101:BUF_MEM_new -diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c -index b52a66f6a6..6c3c0cf78d 100644 ---- a/crypto/rsa/rsa_ossl.c -+++ b/crypto/rsa/rsa_ossl.c -@@ -465,11 +465,20 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, - BN_free(d); - } - -- if (blinding) -- if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) -+ if (blinding) { -+ /* -+ * ossl_bn_rsa_do_unblind() combines blinding inversion and -+ * 0-padded BN BE serialization -+ */ -+ j = ossl_bn_rsa_do_unblind(ret, blinding, unblind, rsa->n, ctx, -+ buf, num); -+ if (j == 0) - goto err; -- -- j = BN_bn2binpad(ret, buf, num); -+ } else { -+ j = BN_bn2binpad(ret, buf, num); -+ if (j < 0) -+ goto err; -+ } - - switch (padding) { - case RSA_PKCS1_PADDING: -diff --git a/include/crypto/bn.h b/include/crypto/bn.h -index 60afda1dad..b5f36fb25a 100644 ---- a/include/crypto/bn.h -+++ b/include/crypto/bn.h -@@ -86,5 +86,10 @@ int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); - int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); - int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, - const BIGNUM *d, BN_CTX *ctx); -+int ossl_bn_rsa_do_unblind(const BIGNUM *intermediate, -+ const BN_BLINDING *blinding, -+ const BIGNUM *possible_arg2, -+ const BIGNUM *to_mod, BN_CTX *ctx, -+ unsigned char *buf, int num); - - #endif -diff --git a/include/openssl/bnerr.h b/include/openssl/bnerr.h -index 9f3c7cfaab..a0752cea52 100644 ---- a/include/openssl/bnerr.h -+++ b/include/openssl/bnerr.h -@@ -72,6 +72,7 @@ int ERR_load_BN_strings(void); - # define BN_F_BN_SET_WORDS 144 - # define BN_F_BN_STACK_PUSH 148 - # define BN_F_BN_USUB 115 -+# define BN_F_OSSL_BN_RSA_DO_UNBLIND 151 - - /* - * BN reason codes. --- -2.17.1 - diff --git a/backport-CVE-2022-4450-Avoid-dangling-ptrs-in-header-and-data-params-for-PE.patch b/backport-CVE-2022-4450-Avoid-dangling-ptrs-in-header-and-data-params-for-PE.patch deleted file mode 100644 index 420dd0a0cd0ed4647c2db6896db05a3623456bc3..0000000000000000000000000000000000000000 --- a/backport-CVE-2022-4450-Avoid-dangling-ptrs-in-header-and-data-params-for-PE.patch +++ /dev/null @@ -1,41 +0,0 @@ -From bbcf509bd046b34cca19c766bbddc31683d0858b Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Tue, 13 Dec 2022 14:54:55 +0000 -Subject: [PATCH] Avoid dangling ptrs in header and data params for - PEM_read_bio_ex - -In the event of a failure in PEM_read_bio_ex() we free the buffers we -allocated for the header and data buffers. However we were not clearing -the ptrs stored in *header and *data. Since, on success, the caller is -responsible for freeing these ptrs this can potentially lead to a double -free if the caller frees them even on failure. - -Thanks to Dawei Wang for reporting this issue. - -Based on a proposed patch by Kurt Roeckx. - -CVE-2022-4450 - -Reviewed-by: Paul Dale -Reviewed-by: Hugo Landau ---- - crypto/pem/pem_lib.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c -index d416d939ea..328c30cdbb 100644 ---- a/crypto/pem/pem_lib.c -+++ b/crypto/pem/pem_lib.c -@@ -957,7 +957,9 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header, - *data = pem_malloc(len, flags); - if (*header == NULL || *data == NULL) { - pem_free(*header, flags, 0); -+ *header = NULL; - pem_free(*data, flags, 0); -+ *data = NULL; - goto end; - } - BIO_read(headerB, *header, headerlen); --- -2.17.1 - diff --git a/backport-CVE-2023-0215-Check-CMS-failure-during-BIO-setup-with-stream-is-ha.patch b/backport-CVE-2023-0215-Check-CMS-failure-during-BIO-setup-with-stream-is-ha.patch deleted file mode 100644 index 100edbea7d74d867b10d7581847f0382a6330548..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-0215-Check-CMS-failure-during-BIO-setup-with-stream-is-ha.patch +++ /dev/null @@ -1,80 +0,0 @@ -From f040f2577891d2bdb7610566c172233844cf673a Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Wed, 14 Dec 2022 17:15:18 +0000 -Subject: [PATCH] Check CMS failure during BIO setup with -stream is handled - correctly - -Test for the issue fixed in the previous commit - -Reviewed-by: Paul Dale -Reviewed-by: Tomas Mraz ---- - test/recipes/80-test_cms.t | 15 +++++++++++++-- - test/smime-certs/badrsa.pem | 18 ++++++++++++++++++ - 2 files changed, 31 insertions(+), 2 deletions(-) - create mode 100644 test/smime-certs/badrsa.pem - -diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t -index 5dc6a3aebe..ec11bfc253 100644 ---- a/test/recipes/80-test_cms.t -+++ b/test/recipes/80-test_cms.t -@@ -13,7 +13,7 @@ use warnings; - use POSIX; - use File::Spec::Functions qw/catfile/; - use File::Compare qw/compare_text/; --use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/; -+use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file with/; - use OpenSSL::Test::Utils; - - setup("test_cms"); -@@ -27,7 +27,7 @@ my $smcont = srctop_file("test", "smcont.txt"); - my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib) - = disabled qw/des dh dsa ec ec2m rc2 zlib/; - --plan tests => 6; -+plan tests => 7; - - my @smime_pkcs7_tests = ( - -@@ -584,3 +584,14 @@ sub check_availability { - - return ""; - } -+ -+# Check that we get the expected failure return code -+with({ exit_checker => sub { return shift == 6; } }, -+ sub { -+ ok(run(app(['openssl', 'cms', '-encrypt', -+ '-in', srctop_file("test", "smcont.txt"), -+ '-stream', '-recip', -+ srctop_file("test/smime-certs", "badrsa.pem"), -+ ])), -+ "Check failure during BIO setup with -stream is handled correctly"); -+ }); -diff --git a/test/smime-certs/badrsa.pem b/test/smime-certs/badrsa.pem -new file mode 100644 -index 0000000000..f824fc2267 ---- /dev/null -+++ b/test/smime-certs/badrsa.pem -@@ -0,0 +1,18 @@ -+-----BEGIN CERTIFICATE----- -+MIIDbTCCAlWgAwIBAgIToTV4Z0iuK08vZP20oTh//hC8BDANBgkqhkiG9w0BAQ0FADAtMSswKQYD -+VfcDEyJTYW1wbGUgTEFNUFMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoY -+DzIwNTIwOTI3MDY1NDE4WjAZMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcN -+AQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOw -+I2juwdRrjFBmXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A -+/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6s -+yTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0 -+zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSxgCAwEAAaOBlzCB -+lDAMBgNVHRMBAf8EAjAAMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAww -+CgYIKwYBBQUHAwQwDwYDVR0PAQH/BAUDAwfAADAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm -+ZnMwHwYDVR0jBBgwFoAUeF8OWnjYa+RUcD2z3ez38fL6wEcwDQYJKoZIhvcNAQENBQADggEBABbW -+eonR6TMTckehDKNOabwaCIcekahAIL6l9tTzUX5ew6ufiAPlC6I/zQlmUaU0iSyFDG1NW14kNbFt -+5CAokyLhMtE4ASHBIHbiOp/ZSbUBTVYJZB61ot7w1/ol5QECSs08b8zrxIncf+t2DHGuVEy/Qq1d -+rBz8d4ay8zpqAE1tUyL5Da6ZiKUfWwZQXSI/JlbjQFzYQqTRDnzHWrg1xPeMTO1P2/cplFaseTiv -+yk4cYwOp/W9UAWymOZXF8WcJYCIUXkdcG/nEZxr057KlScrJmFXOoh7Y+8ON4iWYYcAfiNgpUFo/ -+j8BAwrKKaFvdlZS9k1Ypb2+UQY75mKJE9Bg= -+-----END CERTIFICATE----- --- -2.17.1 - diff --git a/backport-CVE-2023-0215-Fix-a-UAF-resulting-from-a-bug-in-BIO_new_NDEF.patch b/backport-CVE-2023-0215-Fix-a-UAF-resulting-from-a-bug-in-BIO_new_NDEF.patch deleted file mode 100644 index 81b16055d293a8e550e7996d89184cb6d8598780..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-0215-Fix-a-UAF-resulting-from-a-bug-in-BIO_new_NDEF.patch +++ /dev/null @@ -1,106 +0,0 @@ -From c3829dd8825c654652201e16f8a0a0c46ee3f344 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Wed, 14 Dec 2022 16:18:14 +0000 -Subject: [PATCH] Fix a UAF resulting from a bug in BIO_new_NDEF - -If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will -be part of an invalid BIO chain. This causes a "use after free" when the -BIO is eventually freed. - -Based on an original patch by Viktor Dukhovni and an idea from Theo -Buehler. - -Thanks to Octavio Galland for reporting this issue. - -Reviewed-by: Paul Dale -Reviewed-by: Tomas Mraz ---- - crypto/asn1/bio_ndef.c | 39 ++++++++++++++++++++++++++++++++------- - 1 file changed, 32 insertions(+), 7 deletions(-) - -diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c -index 760e4846a4..f8d4b1b9aa 100644 ---- a/crypto/asn1/bio_ndef.c -+++ b/crypto/asn1/bio_ndef.c -@@ -49,12 +49,19 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg); - static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, - void *parg); - -+/* -+ * On success, the returned BIO owns the input BIO as part of its BIO chain. -+ * On failure, NULL is returned and the input BIO is owned by the caller. -+ * -+ * Unfortunately cannot constify this due to CMS_stream() and PKCS7_stream() -+ */ - BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) - { - NDEF_SUPPORT *ndef_aux = NULL; - BIO *asn_bio = NULL; - const ASN1_AUX *aux = it->funcs; - ASN1_STREAM_ARG sarg; -+ BIO *pop_bio = NULL; - - if (!aux || !aux->asn1_cb) { - ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED); -@@ -69,21 +76,39 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) - out = BIO_push(asn_bio, out); - if (out == NULL) - goto err; -+ pop_bio = asn_bio; - -- BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free); -- BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free); -+ if (BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free) <= 0 -+ || BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free) <= 0 -+ || BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux) <= 0) -+ goto err; - - /* -- * Now let callback prepends any digest, cipher etc BIOs ASN1 structure -- * needs. -+ * Now let the callback prepend any digest, cipher, etc., that the BIO's -+ * ASN1 structure needs. - */ - - sarg.out = out; - sarg.ndef_bio = NULL; - sarg.boundary = NULL; - -- if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0) -+ /* -+ * The asn1_cb(), must not have mutated asn_bio on error, leaving it in the -+ * middle of some partially built, but not returned BIO chain. -+ */ -+ if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0) { -+ /* -+ * ndef_aux is now owned by asn_bio so we must not free it in the err -+ * clean up block -+ */ -+ ndef_aux = NULL; - goto err; -+ } -+ -+ /* -+ * We must not fail now because the callback has prepended additional -+ * BIOs to the chain -+ */ - - ndef_aux->val = val; - ndef_aux->it = it; -@@ -91,11 +116,11 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) - ndef_aux->boundary = sarg.boundary; - ndef_aux->out = out; - -- BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux); -- - return sarg.ndef_bio; - - err: -+ /* BIO_pop() is NULL safe */ -+ (void)BIO_pop(pop_bio); - BIO_free(asn_bio); - OPENSSL_free(ndef_aux); - return NULL; --- -2.17.1 - diff --git a/backport-CVE-2023-0286-Fix-GENERAL_NAME_cmp-for-x400Address-1.patch b/backport-CVE-2023-0286-Fix-GENERAL_NAME_cmp-for-x400Address-1.patch deleted file mode 100644 index ab9d53abec0f2ce79ba2f84bac6781945dcf53e3..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-0286-Fix-GENERAL_NAME_cmp-for-x400Address-1.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9 Mon Sep 17 00:00:00 2001 -From: Hugo Landau -Date: Tue, 17 Jan 2023 17:45:42 +0000 -Subject: [PATCH] CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address (1.1.1) - -Reviewed-by: Paul Dale -Reviewed-by: Tomas Mraz ---- - crypto/x509v3/v3_genn.c | 2 +- - include/openssl/x509v3.h | 2 +- - test/v3nametest.c | 8 ++++++++ - 4 files changed, 27 insertions(+), 3 deletions(-) - - -diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c -index 87a5eff47c..e54ddc55c9 100644 ---- a/crypto/x509v3/v3_genn.c -+++ b/crypto/x509v3/v3_genn.c -@@ -98,7 +98,7 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) - return -1; - switch (a->type) { - case GEN_X400: -- result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address); -+ result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address); - break; - - case GEN_EDIPARTY: -diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h -index 90fa3592ce..e61c0f29d4 100644 ---- a/include/openssl/x509v3.h -+++ b/include/openssl/x509v3.h -@@ -136,7 +136,7 @@ typedef struct GENERAL_NAME_st { - OTHERNAME *otherName; /* otherName */ - ASN1_IA5STRING *rfc822Name; - ASN1_IA5STRING *dNSName; -- ASN1_TYPE *x400Address; -+ ASN1_STRING *x400Address; - X509_NAME *directoryName; - EDIPARTYNAME *ediPartyName; - ASN1_IA5STRING *uniformResourceIdentifier; -diff --git a/test/v3nametest.c b/test/v3nametest.c -index d1852190b8..37819da8fd 100644 ---- a/test/v3nametest.c -+++ b/test/v3nametest.c -@@ -646,6 +646,14 @@ static struct gennamedata { - 0xb7, 0x09, 0x02, 0x02 - }, - 15 -+ }, { -+ /* -+ * Regression test for CVE-2023-0286. -+ */ -+ { -+ 0xa3, 0x00 -+ }, -+ 2 - } - }; - --- -2.17.1 - diff --git a/backport-CVE-2023-2650-Restrict-the-size-of-OBJECT-IDENTIFIERs-that-OBJ_obj.patch b/backport-CVE-2023-2650-Restrict-the-size-of-OBJECT-IDENTIFIERs-that-OBJ_obj.patch deleted file mode 100644 index 0e6be32bf677b3c43894f47a9a48dd64d8a191ae..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-2650-Restrict-the-size-of-OBJECT-IDENTIFIERs-that-OBJ_obj.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 423a2bc737a908ad0c77bda470b2b59dc879936b Mon Sep 17 00:00:00 2001 -From: Richard Levitte -Date: Fri, 12 May 2023 10:00:13 +0200 -Subject: [PATCH] Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will - translate - -OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical -numeric text form. For gigantic sub-identifiers, this would take a very -long time, the time complexity being O(n^2) where n is the size of that -sub-identifier. - -To mitigate this, a restriction on the size that OBJ_obj2txt() will -translate to canonical numeric text form is added, based on RFC 2578 -(STD 58), which says this: - -> 3.5. OBJECT IDENTIFIER values -> -> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers. -> For the SMIv2, each number in the list is referred to as a sub-identifier, -> there are at most 128 sub-identifiers in a value, and each sub-identifier -> has a maximum value of 2^32-1 (4294967295 decimal). - -Fixes otc/security#96 -Fixes CVE-2023-2650 - -Reviewed-by: Matt Caswell -Reviewed-by: Tomas Mraz ---- - NEWS.md | 4 ++++ - crypto/objects/obj_dat.c | 19 +++++++++++++++++++ - 3 files changed, 50 insertions(+) - -diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c -index 01cde00e98..c0e55197a0 100644 ---- a/crypto/objects/obj_dat.c -+++ b/crypto/objects/obj_dat.c -@@ -443,6 +443,25 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) - first = 1; - bl = NULL; - -+ /* -+ * RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs: -+ * -+ * > 3.5. OBJECT IDENTIFIER values -+ * > -+ * > An OBJECT IDENTIFIER value is an ordered list of non-negative -+ * > numbers. For the SMIv2, each number in the list is referred to as a -+ * > sub-identifier, there are at most 128 sub-identifiers in a value, -+ * > and each sub-identifier has a maximum value of 2^32-1 (4294967295 -+ * > decimal). -+ * -+ * So a legitimate OID according to this RFC is at most (32 * 128 / 7), -+ * i.e. 586 bytes long. -+ * -+ * Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 -+ */ -+ if (len > 586) -+ goto err; -+ - while (len > 0) { - l = 0; - use_bn = 0; --- -2.27.0 - diff --git a/backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-modulus.patch b/backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-modulus.patch deleted file mode 100644 index c84b70d62004870b7f8250fcdd7d9e878d0ab25c..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-modulus.patch +++ /dev/null @@ -1,130 +0,0 @@ -From 8780a896543a654e757db1b9396383f9d8095528 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Thu, 6 Jul 2023 16:36:35 +0100 -Subject: [PATCH] Fix DH_check() excessive time with over sized modulus - -The DH_check() function checks numerous aspects of the key or parameters -that have been supplied. Some of those checks use the supplied modulus -value even if it is excessively large. - -There is already a maximum DH modulus size (10,000 bits) over which -OpenSSL will not generate or derive keys. DH_check() will however still -perform various tests for validity on such a large modulus. We introduce a -new maximum (32,768) over which DH_check() will just fail. - -An application that calls DH_check() and supplies a key or parameters -obtained from an untrusted source could be vulnerable to a Denial of -Service attack. - -The function DH_check() is itself called by a number of other OpenSSL -functions. An application calling any of those other functions may -similarly be affected. The other functions affected by this are -DH_check_ex() and EVP_PKEY_param_check(). - -CVE-2023-3446 - -Reviewed-by: Paul Dale -Reviewed-by: Tom Cosgrove -Reviewed-by: Bernd Edlinger -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/21452) ---- - crypto/dh/dh_check.c | 6 ++++++ - crypto/dh/dh_err.c | 3 ++- - crypto/err/openssl.txt | 3 ++- - include/openssl/dh.h | 3 +++ - include/openssl/dherr.h | 3 ++- - 5 files changed, 15 insertions(+), 3 deletions(-) - -diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c -index 4ac169e75c..e5f9dd5030 100644 ---- a/crypto/dh/dh_check.c -+++ b/crypto/dh/dh_check.c -@@ -101,6 +101,12 @@ int DH_check(const DH *dh, int *ret) - BN_CTX *ctx = NULL; - BIGNUM *t1 = NULL, *t2 = NULL; - -+ /* Don't do any checks at all with an excessively large modulus */ -+ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) { -+ DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE); -+ return 0; -+ } -+ - if (!DH_check_params(dh, ret)) - return 0; - -diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c -index 7285587b4a..92800d3fcc 100644 ---- a/crypto/dh/dh_err.c -+++ b/crypto/dh/dh_err.c -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -18,6 +18,7 @@ static const ERR_STRING_DATA DH_str_functs[] = { - {ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0), - "dh_builtin_genparams"}, -+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK, 0), "DH_check"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"}, -diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt -index 9f91a4a811..c0a3cd720b 100644 ---- a/crypto/err/openssl.txt -+++ b/crypto/err/openssl.txt -@@ -1,4 +1,4 @@ --# Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. -+# Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. - # - # Licensed under the OpenSSL license (the "License"). You may not use - # this file except in compliance with the License. You can obtain a copy -@@ -401,6 +401,7 @@ CT_F_SCT_SET_VERSION:104:SCT_set_version - DH_F_COMPUTE_KEY:102:compute_key - DH_F_DHPARAMS_PRINT_FP:101:DHparams_print_fp - DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin_genparams -+DH_F_DH_CHECK:126:DH_check - DH_F_DH_CHECK_EX:121:DH_check_ex - DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex - DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex -diff --git a/include/openssl/dh.h b/include/openssl/dh.h -index 3527540cdd..892e31559d 100644 ---- a/include/openssl/dh.h -+++ b/include/openssl/dh.h -@@ -29,6 +29,9 @@ extern "C" { - # ifndef OPENSSL_DH_MAX_MODULUS_BITS - # define OPENSSL_DH_MAX_MODULUS_BITS 10000 - # endif -+# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS -+# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768 -+# endif - - # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 - # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048 -diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h -index 916b3bed0b..528c819856 100644 ---- a/include/openssl/dherr.h -+++ b/include/openssl/dherr.h -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -30,6 +30,7 @@ int ERR_load_DH_strings(void); - # define DH_F_COMPUTE_KEY 102 - # define DH_F_DHPARAMS_PRINT_FP 101 - # define DH_F_DH_BUILTIN_GENPARAMS 106 -+# define DH_F_DH_CHECK 126 - # define DH_F_DH_CHECK_EX 121 - # define DH_F_DH_CHECK_PARAMS_EX 122 - # define DH_F_DH_CHECK_PUB_KEY_EX 123 --- -2.36.1 - diff --git a/backport-CVE-2023-3817-DH_check-Do-not-try-checking-q-properties-if-it-is-o.patch b/backport-CVE-2023-3817-DH_check-Do-not-try-checking-q-properties-if-it-is-o.patch deleted file mode 100644 index 244a0d8d2358ee04c47c122d5926572f820ae7ed..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-3817-DH_check-Do-not-try-checking-q-properties-if-it-is-o.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 91ddeba0f2269b017dc06c46c993a788974b1aa5 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Fri, 21 Jul 2023 11:39:41 +0200 -Subject: [PATCH] DH_check(): Do not try checking q properties if it is - obviously invalid - -If |q| >= |p| then the q value is obviously wrong as q -is supposed to be a prime divisor of p-1. - -We check if p is overly large so this added test implies that -q is not large either when performing subsequent tests using that -q value. - -Otherwise if it is too large these additional checks of the q value -such as the primality test can then trigger DoS by doing overly long -computations. - -Fixes CVE-2023-3817 - -Reviewed-by: Paul Dale -Reviewed-by: Matt Caswell -(Merged from https://github.com/openssl/openssl/pull/21551) - ---- - crypto/dh/dh_check.c | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c -index 2001d2e7cb..9ae96991eb 100644 ---- a/crypto/dh/dh_check.c -+++ b/crypto/dh/dh_check.c -@@ -97,7 +97,7 @@ int DH_check_ex(const DH *dh) - - int DH_check(const DH *dh, int *ret) - { -- int ok = 0, r; -+ int ok = 0, r, q_good = 0; - BN_CTX *ctx = NULL; - BIGNUM *t1 = NULL, *t2 = NULL; - -@@ -120,7 +120,14 @@ int DH_check(const DH *dh, int *ret) - if (t2 == NULL) - goto err; - -- if (dh->q) { -+ if (dh->q != NULL) { -+ if (BN_ucmp(dh->p, dh->q) > 0) -+ q_good = 1; -+ else -+ *ret |= DH_CHECK_INVALID_Q_VALUE; -+ } -+ -+ if (q_good) { - if (BN_cmp(dh->g, BN_value_one()) <= 0) - *ret |= DH_NOT_SUITABLE_GENERATOR; - else if (BN_cmp(dh->g, dh->p) >= 0) --- -2.27.0 - diff --git a/backport-CVE-2023-3817-dhtest.c-Add-test-of-DH_check-with-q-p-1.patch b/backport-CVE-2023-3817-dhtest.c-Add-test-of-DH_check-with-q-p-1.patch deleted file mode 100644 index 694b63a5d82a4b074ba2cb5b7b2bf901abc64a32..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-3817-dhtest.c-Add-test-of-DH_check-with-q-p-1.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 34d0f5cb93680a5286d1eb59125631ec8fd6dc81 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Tue, 25 Jul 2023 15:56:53 +0200 -Subject: [PATCH] dhtest.c: Add test of DH_check() with q = p + 1 - -This must fail with DH_CHECK_INVALID_Q_VALUE and -with DH_CHECK_Q_NOT_PRIME unset. - -Reviewed-by: Paul Dale -Reviewed-by: Matt Caswell -(Merged from https://github.com/openssl/openssl/pull/21551) - ---- - test/dhtest.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/test/dhtest.c b/test/dhtest.c -index 00b3c47101..d7e10ebda9 100644 ---- a/test/dhtest.c -+++ b/test/dhtest.c -@@ -123,6 +123,15 @@ static int dh_test(void) - /* check whether the public key was calculated correctly */ - TEST_uint_eq(BN_get_word(pub_key2), 3331L); - -+ if (!TEST_ptr(BN_copy(q, p)) || !TEST_true(BN_add(q, q, BN_value_one()))) -+ goto err3; -+ -+ if (!TEST_true(DH_check(dh, &i))) -+ goto err3; -+ if (!TEST_true(i & DH_CHECK_INVALID_Q_VALUE) -+ || !TEST_false(i & DH_CHECK_Q_NOT_PRIME)) -+ goto err3; -+ - /* Modulus of size: dh check max modulus bits + 1 */ - if (!TEST_true(BN_set_word(p, 1)) - || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS))) -@@ -134,6 +143,9 @@ static int dh_test(void) - if (!TEST_false(DH_check(dh, &i))) - goto err3; - -+ /* We'll have a stale error on the queue from the above test so clear it */ -+ ERR_clear_error(); -+ - /* - * II) key generation - */ --- -2.27.0 - diff --git a/backport-CVE-2023-5678-Make-DH_check_pub_key-and-DH_generate_key-safer-yet.patch b/backport-CVE-2023-5678-Make-DH_check_pub_key-and-DH_generate_key-safer-yet.patch deleted file mode 100644 index b349d643403c637c4d0e6ecbacd4f833f9d26172..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-5678-Make-DH_check_pub_key-and-DH_generate_key-safer-yet.patch +++ /dev/null @@ -1,130 +0,0 @@ -From 58589a46204c0dfca58906d6e66cf610caa11d88 Mon Sep 17 00:00:00 2001 -From: lanming1120 -Date: Tue, 7 Nov 2023 14:42:28 +0800 -Subject: [PATCH] Make DH_check_pub_key() and DH_generate_key() safer yet - -Signed-off-by: lanming1120 ---- - crypto/dh/dh_check.c | 13 +++++++++++++ - crypto/dh/dh_err.c | 1 + - crypto/dh/dh_key.c | 12 ++++++++++++ - crypto/err/openssl.txt | 1 + - include/openssl/dh.h | 5 +++-- - include/openssl/dherr.h | 1 + - 6 files changed, 31 insertions(+), 2 deletions(-) - -diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c -index ae1b03bc92..779cfbcd91 100644 ---- a/crypto/dh/dh_check.c -+++ b/crypto/dh/dh_check.c -@@ -198,6 +198,19 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) - BN_CTX *ctx = NULL; - - *ret = 0; -+ -+ /* Don't do any checks at all with an excessively large modulus */ -+ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) { -+ DHerr(DH_F_DH_CHECK_EX, DH_R_MODULUS_TOO_LARGE); -+ *ret = DH_MODULUS_TOO_LARGE | DH_CHECK_PUBKEY_INVALID; -+ return 0; -+ } -+ -+ if (dh->q != NULL && BN_ucmp(dh->p, dh->q) < 0) { -+ *ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID; -+ return 1; -+ } -+ - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; -diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c -index 92800d3fcc..b3b1e7a706 100644 ---- a/crypto/dh/dh_err.c -+++ b/crypto/dh/dh_err.c -@@ -82,6 +82,7 @@ static const ERR_STRING_DATA DH_str_reasons[] = { - {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), - "parameter encoding error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"}, -+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR), - "unable to check generator"}, -diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c -index 117f2fa883..4c4c4b9874 100644 ---- a/crypto/dh/dh_key.c -+++ b/crypto/dh/dh_key.c -@@ -109,6 +109,12 @@ static int generate_key(DH *dh) - } - #endif - -+ if (dh->q != NULL -+ && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) { -+ DHerr(DH_F_GENERATE_KEY, DH_R_Q_TOO_LARGE); -+ return 0; -+ } -+ - if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { - DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); - return 0; -@@ -202,6 +208,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - int ret = -1; - int check_result; - -+ if (dh->q != NULL -+ && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) { -+ DHerr(DH_F_COMPUTE_KEY, DH_R_Q_TOO_LARGE); -+ goto err; -+ } -+ - if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { - DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE); - goto err; -diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt -index c111822eac..56d4093ada 100644 ---- a/crypto/err/openssl.txt -+++ b/crypto/err/openssl.txt -@@ -2139,6 +2139,7 @@ DH_R_NO_PARAMETERS_SET:107:no parameters set - DH_R_NO_PRIVATE_VALUE:100:no private value - DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error - DH_R_PEER_KEY_ERROR:111:peer key error -+DH_R_Q_TOO_LARGE:130:q too large - DH_R_SHARED_INFO_ERROR:113:shared info error - DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator - DSA_R_BAD_Q_VALUE:102:bad q value -diff --git a/include/openssl/dh.h b/include/openssl/dh.h -index 6c6ff3636a..7509f4fc3e 100644 ---- a/include/openssl/dh.h -+++ b/include/openssl/dh.h -@@ -71,14 +71,15 @@ DECLARE_ASN1_ITEM(DHparams) - /* #define DH_GENERATOR_3 3 */ - # define DH_GENERATOR_5 5 - --/* DH_check error codes */ -+/* DH_check error codes, some of them shared with DH_check_pub_key */ - # define DH_CHECK_P_NOT_PRIME 0x01 - # define DH_CHECK_P_NOT_SAFE_PRIME 0x02 - # define DH_UNABLE_TO_CHECK_GENERATOR 0x04 - # define DH_NOT_SUITABLE_GENERATOR 0x08 - # define DH_CHECK_Q_NOT_PRIME 0x10 --# define DH_CHECK_INVALID_Q_VALUE 0x20 -+# define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */ - # define DH_CHECK_INVALID_J_VALUE 0x40 -+# define DH_MODULUS_TOO_LARGE 0x100 - - /* DH_check_pub_key error codes */ - # define DH_CHECK_PUBKEY_TOO_SMALL 0x01 -diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h -index 528c819856..d66c35aa8e 100644 ---- a/include/openssl/dherr.h -+++ b/include/openssl/dherr.h -@@ -82,6 +82,7 @@ int ERR_load_DH_strings(void); - # define DH_R_NO_PRIVATE_VALUE 100 - # define DH_R_PARAMETER_ENCODING_ERROR 105 - # define DH_R_PEER_KEY_ERROR 111 -+# define DH_R_Q_TOO_LARGE 130 - # define DH_R_SHARED_INFO_ERROR 113 - # define DH_R_UNABLE_TO_CHECK_GENERATOR 121 - --- -2.33.0 - diff --git a/backport-CVE-2024-4741-Set-rlayer.packet-to-NULL-after-we-ve-.patch b/backport-CVE-2024-4741-Set-rlayer.packet-to-NULL-after-we-ve-.patch index b04c74af586f02719d527c61d55ac9e47ea74540..034b2d319501219cfdbd54fd95c94c52e2c90ef4 100644 --- a/backport-CVE-2024-4741-Set-rlayer.packet-to-NULL-after-we-ve-.patch +++ b/backport-CVE-2024-4741-Set-rlayer.packet-to-NULL-after-we-ve-.patch @@ -21,19 +21,10 @@ Conflict:Context Adaptation ssl/record/ssl3_buffer.c | 2 ++ 2 files changed, 8 insertions(+) - diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 81d20ad..71b0413 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c -@@ -16,6 +16,7 @@ - #include - #include "record_local.h" - #include "../packet_local.h" -+#include "internal/cryptlib.h" - - #if defined(OPENSSL_SMALL_FOOTPRINT) || \ - !( defined(AESNI_ASM) && ( \ @@ -248,6 +248,12 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, /* ... now we can act as if 'extend' was set */ } diff --git a/backport-Ensure-that-EXFLAG_INVALID_POLICY-is-checked-even-in.patch b/backport-Ensure-that-EXFLAG_INVALID_POLICY-is-checked-even-in.patch deleted file mode 100644 index 5e4bce2dcb318d90c4daea4bdf04bc5d1c1b4ac2..0000000000000000000000000000000000000000 --- a/backport-Ensure-that-EXFLAG_INVALID_POLICY-is-checked-even-in.patch +++ /dev/null @@ -1,54 +0,0 @@ -From b013765abfa80036dc779dd0e50602c57bb3bf95 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Tue, 7 Mar 2023 16:52:55 +0000 -Subject: [PATCH] Ensure that EXFLAG_INVALID_POLICY is checked even in leaf - certs - -Even though we check the leaf cert to confirm it is valid, we -later ignored the invalid flag and did not notice that the leaf -cert was bad. - -Fixes: CVE-2023-0465 - -Reviewed-by: Hugo Landau -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/20588) ---- - crypto/x509/x509_vfy.c | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index 925fbb5412..1dfe4f9f31 100644 ---- a/crypto/x509/x509_vfy.c -+++ b/crypto/x509/x509_vfy.c -@@ -1649,18 +1649,25 @@ static int check_policy(X509_STORE_CTX *ctx) - } - /* Invalid or inconsistent extensions */ - if (ret == X509_PCY_TREE_INVALID) { -- int i; -+ int i, cbcalled = 0; - - /* Locate certificates with bad extensions and notify callback. */ -- for (i = 1; i < sk_X509_num(ctx->chain); i++) { -+ for (i = 0; i < sk_X509_num(ctx->chain); i++) { - X509 *x = sk_X509_value(ctx->chain, i); - - if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) - continue; -+ cbcalled = 1; - if (!verify_cb_cert(ctx, x, i, - X509_V_ERR_INVALID_POLICY_EXTENSION)) - return 0; - } -+ if (!cbcalled) { -+ /* Should not be able to get here */ -+ X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ /* The callback ignored the error so we return success */ - return 1; - } - if (ret == X509_PCY_TREE_FAILURE) { --- -2.36.1 - diff --git a/backport-Extend-the-multi_resume-test-for-simultaneous-resump.patch b/backport-Extend-the-multi_resume-test-for-simultaneous-resump.patch index c74edcafcaeb3b7e459f2e854c3938003fe03bf7..ce5b20398c09cfbb2dded90a0675404f18ae7967 100644 --- a/backport-Extend-the-multi_resume-test-for-simultaneous-resump.patch +++ b/backport-Extend-the-multi_resume-test-for-simultaneous-resump.patch @@ -15,8 +15,8 @@ Reviewed-by: Tomas Mraz (cherry picked from commit 031b11a4054c972a5e2f07dfa81ce1842453253e) Signed-off-by: Liu-Ermeng --- - test/sslapitest.c | 87 ++++++++++++++++++++++++++++++++++++++++++++--- - 1 file changed, 84 insertions(+), 3 deletions(-) + test/sslapitest.c | 89 ++++++++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 85 insertions(+), 4 deletions(-) diff --git a/test/sslapitest.c b/test/sslapitest.c index 2992356fdf..472b1224ca 100644 @@ -147,6 +147,15 @@ index 2992356fdf..472b1224ca 100644 /* * Recreate a bug where dynamically changing the max_early_data value * can cause sessions in the session cache which cannot be deleted. +@@ -7513,7 +7594,7 @@ int setup_tests(void) + #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_3) + ADD_ALL_TESTS(test_serverinfo_custom, 4); + #endif +- ADD_ALL_TESTS(test_multi_resume, 4); ++ ADD_ALL_TESTS(test_multi_resume, 5); + return 1; + } + -- 2.33.0 diff --git a/backport-Fix-OPENSSL_VERSION_NUMBER-number-problem.patch b/backport-Fix-OPENSSL_VERSION_NUMBER-number-problem.patch new file mode 100644 index 0000000000000000000000000000000000000000..58a31debc1c4c4e906a6a7894c31472ef4abb6c3 --- /dev/null +++ b/backport-Fix-OPENSSL_VERSION_NUMBER-number-problem.patch @@ -0,0 +1,25 @@ +From 03f077d6deb749def0bc8d679bed6ffa79aea84f Mon Sep 17 00:00:00 2001 +From: hzero1996 +Date: Fri, 22 Dec 2023 14:18:50 +0800 +Subject: [PATCH] Fix OPENSSL_VERSION_NUMBER number problem + +--- + include/openssl/opensslv.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h +index a0cac30..9a5855f 100644 +--- a/include/openssl/opensslv.h ++++ b/include/openssl/opensslv.h +@@ -39,7 +39,7 @@ extern "C" { + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-# define OPENSSL_VERSION_NUMBER 0x10101810L ++# define OPENSSL_VERSION_NUMBER 0x1010180fL + # define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1wa 16 Nov 2023" + + /*- +-- +2.33.0 + diff --git a/backport-Fix-a-DTLS-server-hangup-due-to-TLS13_AD_MISSING_EXT.patch b/backport-Fix-a-DTLS-server-hangup-due-to-TLS13_AD_MISSING_EXT.patch deleted file mode 100644 index 1229cba6123a6acf9e6c13e338641bfd95d352a8..0000000000000000000000000000000000000000 --- a/backport-Fix-a-DTLS-server-hangup-due-to-TLS13_AD_MISSING_EXT.patch +++ /dev/null @@ -1,440 +0,0 @@ -From 6e73a0a0bd608daecb8e2c1e46de9d1014194c84 Mon Sep 17 00:00:00 2001 -From: Bernd Edlinger -Date: Tue, 12 Apr 2022 08:27:21 +0200 -Subject: [PATCH] Fix a DTLS server hangup due to TLS13_AD_MISSING_EXTENSION - -This causes the DTLS server to enter an error state: - -./openssl s_server -dtls -./openssl s_client -dtls -maxfraglen 512 -sess_out s1.txt -[...] -Q -./openssl s_client -dtls -sess_in s1.txt -CONNECTED(00000003) -^C -./openssl s_client -dtls -CONNECTED(00000003) -140335537067840:error:14102410:SSL routines:dtls1_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_d1.c:614:SSL alert number 40 - -At this point the dtls server needs to be restarted, -because verify_cookie_callback always fails, because -the previous cookie is checked against the current one. -The reason for this is not fully understood. - -In wireshark we see the following each time: -c->s Client Hello (without cookie) -s->c Hello Verify Request (with new cookie) -s->c Alert (Level: Fatal, Description: Handshake Failure) -c->s Client Hello (echoes new cookie) - -The client gives up when the Alert arrives. -The Alert is triggered because the server calls -verify_cookie_callback with the previous cookie, -although it just sent the current cookie in the -Hello Verify Request. - -However this does only happen because no Alert message -is sent when the client re-connects the session with -the missing -maxfraglen option. - -Reviewed-by: Tomas Mraz -Reviewed-by: Matt Caswell -(Merged from https://github.com/openssl/openssl/pull/18094) ---- - ssl/s3_enc.c | 2 + - ssl/t1_enc.c | 2 + - test/ssl-tests/10-resumption.conf | 121 +++++++++++++++++++++++- - test/ssl-tests/11-dtls_resumption.conf | 124 ++++++++++++++++++++++++- - test/ssl-tests/protocol_version.pm | 63 +++++++++++++ - 5 files changed, 310 insertions(+), 2 deletions(-) - -diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c -index 8a89f512fe..eb1f36ac7e 100644 ---- a/ssl/s3_enc.c -+++ b/ssl/s3_enc.c -@@ -589,6 +589,8 @@ int ssl3_alert_code(int code) - return TLS1_AD_NO_APPLICATION_PROTOCOL; - case SSL_AD_CERTIFICATE_REQUIRED: - return SSL_AD_HANDSHAKE_FAILURE; -+ case SSL_AD_MISSING_EXTENSION: -+ return SSL_AD_HANDSHAKE_FAILURE; - default: - return -1; - } -diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c -index c85c0b0310..2087b274d1 100644 ---- a/ssl/t1_enc.c -+++ b/ssl/t1_enc.c -@@ -672,6 +672,8 @@ int tls1_alert_code(int code) - return TLS1_AD_NO_APPLICATION_PROTOCOL; - case SSL_AD_CERTIFICATE_REQUIRED: - return SSL_AD_HANDSHAKE_FAILURE; -+ case SSL_AD_MISSING_EXTENSION: -+ return SSL_AD_HANDSHAKE_FAILURE; - default: - return -1; - } -diff --git a/test/ssl-tests/10-resumption.conf b/test/ssl-tests/10-resumption.conf -index 73de974ab0..a33a1d80e4 100644 ---- a/test/ssl-tests/10-resumption.conf -+++ b/test/ssl-tests/10-resumption.conf -@@ -1,6 +1,6 @@ - # Generated with generate_ssl_tests.pl - --num_tests = 65 -+num_tests = 68 - - test-0 = 0-resumption - test-1 = 1-resumption -@@ -67,6 +67,9 @@ test-61 = 61-resumption - test-62 = 62-resumption - test-63 = 63-resumption - test-64 = 64-resumption-with-hrr -+test-65 = 65-resumption-when-mfl-ext-is-missing -+test-66 = 66-resumption-when-mfl-ext-is-different -+test-67 = 67-resumption-when-mfl-ext-is-correct - # =========================================================== - - [0-resumption] -@@ -2437,3 +2440,119 @@ Method = TLS - ResumptionExpected = Yes - - -+# =========================================================== -+ -+[65-resumption-when-mfl-ext-is-missing] -+ssl_conf = 65-resumption-when-mfl-ext-is-missing-ssl -+ -+[65-resumption-when-mfl-ext-is-missing-ssl] -+server = 65-resumption-when-mfl-ext-is-missing-server -+client = 65-resumption-when-mfl-ext-is-missing-client -+resume-server = 65-resumption-when-mfl-ext-is-missing-server -+resume-client = 65-resumption-when-mfl-ext-is-missing-resume-client -+ -+[65-resumption-when-mfl-ext-is-missing-server] -+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -+CipherString = DEFAULT -+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -+ -+[65-resumption-when-mfl-ext-is-missing-client] -+CipherString = DEFAULT -+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -+VerifyMode = Peer -+ -+[65-resumption-when-mfl-ext-is-missing-resume-client] -+CipherString = DEFAULT -+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -+VerifyMode = Peer -+ -+[test-65] -+ExpectedResult = ServerFail -+HandshakeMode = Resume -+ResumptionExpected = No -+client = 65-resumption-when-mfl-ext-is-missing-client-extra -+ -+[65-resumption-when-mfl-ext-is-missing-client-extra] -+MaxFragmentLenExt = 512 -+ -+ -+# =========================================================== -+ -+[66-resumption-when-mfl-ext-is-different] -+ssl_conf = 66-resumption-when-mfl-ext-is-different-ssl -+ -+[66-resumption-when-mfl-ext-is-different-ssl] -+server = 66-resumption-when-mfl-ext-is-different-server -+client = 66-resumption-when-mfl-ext-is-different-client -+resume-server = 66-resumption-when-mfl-ext-is-different-server -+resume-client = 66-resumption-when-mfl-ext-is-different-resume-client -+ -+[66-resumption-when-mfl-ext-is-different-server] -+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -+CipherString = DEFAULT -+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -+ -+[66-resumption-when-mfl-ext-is-different-client] -+CipherString = DEFAULT -+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -+VerifyMode = Peer -+ -+[66-resumption-when-mfl-ext-is-different-resume-client] -+CipherString = DEFAULT -+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -+VerifyMode = Peer -+ -+[test-66] -+ExpectedResult = ServerFail -+HandshakeMode = Resume -+ResumptionExpected = No -+client = 66-resumption-when-mfl-ext-is-different-client-extra -+resume-client = 66-resumption-when-mfl-ext-is-different-resume-client-extra -+ -+[66-resumption-when-mfl-ext-is-different-client-extra] -+MaxFragmentLenExt = 512 -+ -+[66-resumption-when-mfl-ext-is-different-resume-client-extra] -+MaxFragmentLenExt = 1024 -+ -+ -+# =========================================================== -+ -+[67-resumption-when-mfl-ext-is-correct] -+ssl_conf = 67-resumption-when-mfl-ext-is-correct-ssl -+ -+[67-resumption-when-mfl-ext-is-correct-ssl] -+server = 67-resumption-when-mfl-ext-is-correct-server -+client = 67-resumption-when-mfl-ext-is-correct-client -+resume-server = 67-resumption-when-mfl-ext-is-correct-server -+resume-client = 67-resumption-when-mfl-ext-is-correct-resume-client -+ -+[67-resumption-when-mfl-ext-is-correct-server] -+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -+CipherString = DEFAULT -+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -+ -+[67-resumption-when-mfl-ext-is-correct-client] -+CipherString = DEFAULT -+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -+VerifyMode = Peer -+ -+[67-resumption-when-mfl-ext-is-correct-resume-client] -+CipherString = DEFAULT -+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -+VerifyMode = Peer -+ -+[test-67] -+ExpectedResult = Success -+HandshakeMode = Resume -+ResumptionExpected = Yes -+client = 67-resumption-when-mfl-ext-is-correct-client-extra -+resume-client = 67-resumption-when-mfl-ext-is-correct-resume-client-extra -+ -+[67-resumption-when-mfl-ext-is-correct-client-extra] -+MaxFragmentLenExt = 512 -+ -+[67-resumption-when-mfl-ext-is-correct-resume-client-extra] -+MaxFragmentLenExt = 512 -+ -+ -diff --git a/test/ssl-tests/11-dtls_resumption.conf b/test/ssl-tests/11-dtls_resumption.conf -index a981fa51df..635279a30f 100644 ---- a/test/ssl-tests/11-dtls_resumption.conf -+++ b/test/ssl-tests/11-dtls_resumption.conf -@@ -1,6 +1,6 @@ - # Generated with generate_ssl_tests.pl - --num_tests = 16 -+num_tests = 19 - - test-0 = 0-resumption - test-1 = 1-resumption -@@ -18,6 +18,9 @@ test-12 = 12-resumption - test-13 = 13-resumption - test-14 = 14-resumption - test-15 = 15-resumption -+test-16 = 16-resumption-when-mfl-ext-is-missing -+test-17 = 17-resumption-when-mfl-ext-is-different -+test-18 = 18-resumption-when-mfl-ext-is-correct - # =========================================================== - - [0-resumption] -@@ -618,3 +621,122 @@ Method = DTLS - ResumptionExpected = Yes - - -+# =========================================================== -+ -+[16-resumption-when-mfl-ext-is-missing] -+ssl_conf = 16-resumption-when-mfl-ext-is-missing-ssl -+ -+[16-resumption-when-mfl-ext-is-missing-ssl] -+server = 16-resumption-when-mfl-ext-is-missing-server -+client = 16-resumption-when-mfl-ext-is-missing-client -+resume-server = 16-resumption-when-mfl-ext-is-missing-server -+resume-client = 16-resumption-when-mfl-ext-is-missing-resume-client -+ -+[16-resumption-when-mfl-ext-is-missing-server] -+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -+CipherString = DEFAULT -+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -+ -+[16-resumption-when-mfl-ext-is-missing-client] -+CipherString = DEFAULT -+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -+VerifyMode = Peer -+ -+[16-resumption-when-mfl-ext-is-missing-resume-client] -+CipherString = DEFAULT -+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -+VerifyMode = Peer -+ -+[test-16] -+ExpectedResult = ServerFail -+HandshakeMode = Resume -+Method = DTLS -+ResumptionExpected = No -+client = 16-resumption-when-mfl-ext-is-missing-client-extra -+ -+[16-resumption-when-mfl-ext-is-missing-client-extra] -+MaxFragmentLenExt = 512 -+ -+ -+# =========================================================== -+ -+[17-resumption-when-mfl-ext-is-different] -+ssl_conf = 17-resumption-when-mfl-ext-is-different-ssl -+ -+[17-resumption-when-mfl-ext-is-different-ssl] -+server = 17-resumption-when-mfl-ext-is-different-server -+client = 17-resumption-when-mfl-ext-is-different-client -+resume-server = 17-resumption-when-mfl-ext-is-different-server -+resume-client = 17-resumption-when-mfl-ext-is-different-resume-client -+ -+[17-resumption-when-mfl-ext-is-different-server] -+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -+CipherString = DEFAULT -+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -+ -+[17-resumption-when-mfl-ext-is-different-client] -+CipherString = DEFAULT -+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -+VerifyMode = Peer -+ -+[17-resumption-when-mfl-ext-is-different-resume-client] -+CipherString = DEFAULT -+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -+VerifyMode = Peer -+ -+[test-17] -+ExpectedResult = ServerFail -+HandshakeMode = Resume -+Method = DTLS -+ResumptionExpected = No -+client = 17-resumption-when-mfl-ext-is-different-client-extra -+resume-client = 17-resumption-when-mfl-ext-is-different-resume-client-extra -+ -+[17-resumption-when-mfl-ext-is-different-client-extra] -+MaxFragmentLenExt = 512 -+ -+[17-resumption-when-mfl-ext-is-different-resume-client-extra] -+MaxFragmentLenExt = 1024 -+ -+ -+# =========================================================== -+ -+[18-resumption-when-mfl-ext-is-correct] -+ssl_conf = 18-resumption-when-mfl-ext-is-correct-ssl -+ -+[18-resumption-when-mfl-ext-is-correct-ssl] -+server = 18-resumption-when-mfl-ext-is-correct-server -+client = 18-resumption-when-mfl-ext-is-correct-client -+resume-server = 18-resumption-when-mfl-ext-is-correct-server -+resume-client = 18-resumption-when-mfl-ext-is-correct-resume-client -+ -+[18-resumption-when-mfl-ext-is-correct-server] -+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -+CipherString = DEFAULT -+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -+ -+[18-resumption-when-mfl-ext-is-correct-client] -+CipherString = DEFAULT -+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -+VerifyMode = Peer -+ -+[18-resumption-when-mfl-ext-is-correct-resume-client] -+CipherString = DEFAULT -+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -+VerifyMode = Peer -+ -+[test-18] -+ExpectedResult = Success -+HandshakeMode = Resume -+Method = DTLS -+ResumptionExpected = Yes -+client = 18-resumption-when-mfl-ext-is-correct-client-extra -+resume-client = 18-resumption-when-mfl-ext-is-correct-resume-client-extra -+ -+[18-resumption-when-mfl-ext-is-correct-client-extra] -+MaxFragmentLenExt = 512 -+ -+[18-resumption-when-mfl-ext-is-correct-resume-client-extra] -+MaxFragmentLenExt = 512 -+ -+ -diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm -index 943719e84a..039d782b73 100644 ---- a/test/ssl-tests/protocol_version.pm -+++ b/test/ssl-tests/protocol_version.pm -@@ -265,6 +265,69 @@ sub generate_resumption_tests { - }; - } - -+ push @client_tests, { -+ "name" => "resumption-when-mfl-ext-is-missing", -+ "server" => { -+ }, -+ "client" => { -+ "extra" => { -+ "MaxFragmentLenExt" => 512, -+ }, -+ }, -+ "resume_client" => { -+ }, -+ "test" => { -+ "Method" => $method, -+ "HandshakeMode" => "Resume", -+ "ResumptionExpected" => "No", -+ "ExpectedResult" => "ServerFail", -+ } -+ }; -+ -+ push @client_tests, { -+ "name" => "resumption-when-mfl-ext-is-different", -+ "server" => { -+ }, -+ "client" => { -+ "extra" => { -+ "MaxFragmentLenExt" => 512, -+ }, -+ }, -+ "resume_client" => { -+ "extra" => { -+ "MaxFragmentLenExt" => 1024, -+ }, -+ }, -+ "test" => { -+ "Method" => $method, -+ "HandshakeMode" => "Resume", -+ "ResumptionExpected" => "No", -+ "ExpectedResult" => "ServerFail", -+ } -+ }; -+ -+ push @client_tests, { -+ "name" => "resumption-when-mfl-ext-is-correct", -+ "server" => { -+ }, -+ "client" => { -+ "extra" => { -+ "MaxFragmentLenExt" => 512, -+ }, -+ }, -+ "resume_client" => { -+ "extra" => { -+ "MaxFragmentLenExt" => 512, -+ }, -+ }, -+ "test" => { -+ "Method" => $method, -+ "HandshakeMode" => "Resume", -+ "ResumptionExpected" => "Yes", -+ "ExpectedResult" => "Success", -+ } -+ }; -+ - return (@server_tests, @client_tests); - } - --- -2.17.1 - diff --git a/backport-Fix-a-memory-leak-in-X509_issuer_and_serial_hash.patch b/backport-Fix-a-memory-leak-in-X509_issuer_and_serial_hash.patch deleted file mode 100644 index 397b8c6c440569c98312efb5c2a6a33f198e3679..0000000000000000000000000000000000000000 --- a/backport-Fix-a-memory-leak-in-X509_issuer_and_serial_hash.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 59b8eca400d9ea7b77dc98fe08a91bbfe35d025a Mon Sep 17 00:00:00 2001 -From: Bernd Edlinger -Date: Sat, 21 May 2022 15:41:46 +0200 -Subject: [PATCH] Fix a memory leak in X509_issuer_and_serial_hash - -This is reproducible with my error injection patch: - -$ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d -ERROR_INJECT=1653267699 - #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 - #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114 - #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230 - #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139 - #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44 - #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 - #6 0x55c12d268239 in testfile fuzz/test-corpus.c:182 - #7 0x55c12d267c7f in main fuzz/test-corpus.c:226 - #8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 - #9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d) - -================================================================= -==1058475==ERROR: LeakSanitizer: detected memory leaks - -Direct leak of 268 byte(s) in 1 object(s) allocated from: - #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163 - #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97 - #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43 - #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41 - #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 - #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182 - #6 0x55c12d267c7f in main fuzz/test-corpus.c:226 - #7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 - -SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s). - -Reviewed-by: Tomas Mraz -Reviewed-by: Matt Caswell -(Merged from https://github.com/openssl/openssl/pull/18370) ---- - crypto/x509/x509_cmp.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c -index 1d8d2d7b28..1661cac634 100644 ---- a/crypto/x509/x509_cmp.c -+++ b/crypto/x509/x509_cmp.c -@@ -34,7 +34,7 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) - unsigned long ret = 0; - EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - unsigned char md[16]; -- char *f; -+ char *f = NULL; - - if (ctx == NULL) - goto err; -@@ -45,7 +45,6 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) - goto err; - if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f))) - goto err; -- OPENSSL_free(f); - if (!EVP_DigestUpdate - (ctx, (unsigned char *)a->cert_info.serialNumber.data, - (unsigned long)a->cert_info.serialNumber.length)) -@@ -56,6 +55,7 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) - ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) - ) & 0xffffffffL; - err: -+ OPENSSL_free(f); - EVP_MD_CTX_free(ctx); - return ret; - } --- -2.17.1 - diff --git a/backport-Fix-an-assertion-in-the-DTLS-server-code.patch b/backport-Fix-an-assertion-in-the-DTLS-server-code.patch deleted file mode 100644 index 0f75a9f665c7a80eaca02839970b4af27288a389..0000000000000000000000000000000000000000 --- a/backport-Fix-an-assertion-in-the-DTLS-server-code.patch +++ /dev/null @@ -1,145 +0,0 @@ -From 564a8d442cbd8ce68d452ff2e8a58c0aea6b0632 Mon Sep 17 00:00:00 2001 -From: Bernd Edlinger -Date: Mon, 11 Apr 2022 10:12:48 +0200 -Subject: [PATCH] Fix an assertion in the DTLS server code - -This fixes an internal error alert from the server and -an unexpected connection failure in the release version, -but a failed assertion and a server crash in the -debug version. - -Reproduce this issue with a DTLS server/client like that: - -./openssl s_server -dtls -mtu 1500 -./openssl s_client -dtls -maxfraglen 512 - -In the debug version a crash happens in the Server now: - -./openssl s_server -dtls -mtu 1500 -Using default temp DH parameters -ACCEPT -ssl/statem/statem_dtls.c:269: OpenSSL internal error: Assertion failed: len == written -Aborted (core dumped) - -While in the release version the handshake exceeds the -negotiated max fragment size, and fails because of this: - -$ ./openssl s_server -dtls -mtu 1500 -Using default temp DH parameters -ACCEPT -ERROR -4057152ADA7F0000:error:0A0000C2:SSL routines:do_dtls1_write:exceeds max fragment size:ssl/record/rec_layer_d1.c:826: -shutting down SSL -CONNECTION CLOSED - -From the client's point of view the connection fails -with an Internal Error Alert: - -$ ./openssl s_client -dtls -maxfraglen 512 -Connecting to ::1 -CONNECTED(00000003) -40B76343377F0000:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_d1.c:613:SSL alert number 80 - -and now the connection attempt fails unexpectedly. - -Reviewed-by: Tomas Mraz -Reviewed-by: Matt Caswell -(Merged from https://github.com/openssl/openssl/pull/18093) - -(cherry picked from commit e915c3f5381cd38ebdc1824c3ba9896ea7160103) ---- - ssl/statem/statem_dtls.c | 6 ++--- - test/dtls_mtu_test.c | 48 +++++++++++++++++++++++++++++++++++++++- - 2 files changed, 50 insertions(+), 4 deletions(-) - -diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c -index 8e3fb686ee..620367ace4 100644 ---- a/ssl/statem/statem_dtls.c -+++ b/ssl/statem/statem_dtls.c -@@ -218,8 +218,8 @@ int dtls1_do_write(SSL *s, int type) - else - len = s->init_num; - -- if (len > s->max_send_fragment) -- len = s->max_send_fragment; -+ if (len > ssl_get_max_send_fragment(s)) -+ len = ssl_get_max_send_fragment(s); - - /* - * XDTLS: this function is too long. split out the CCS part -@@ -241,7 +241,7 @@ int dtls1_do_write(SSL *s, int type) - - ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len, - &written); -- if (ret < 0) { -+ if (ret <= 0) { - /* - * might need to update MTU here, but we don't know which - * previous packet caused the failure -- so can't really -diff --git a/test/dtls_mtu_test.c b/test/dtls_mtu_test.c -index f20edf02d2..9b69e80a62 100644 ---- a/test/dtls_mtu_test.c -+++ b/test/dtls_mtu_test.c -@@ -185,12 +185,58 @@ static int run_mtu_tests(void) - - end: - SSL_CTX_free(ctx); -- bio_s_mempacket_test_free(); - return ret; - } - -+static int test_server_mtu_larger_than_max_fragment_length(void) -+{ -+ SSL_CTX *ctx = NULL; -+ SSL *srvr_ssl = NULL, *clnt_ssl = NULL; -+ int rv = 0; -+ -+ if (!TEST_ptr(ctx = SSL_CTX_new(DTLS_method()))) -+ goto end; -+ -+ SSL_CTX_set_psk_server_callback(ctx, srvr_psk_callback); -+ SSL_CTX_set_psk_client_callback(ctx, clnt_psk_callback); -+ -+#ifndef OPENSSL_NO_DH -+ if (!TEST_true(SSL_CTX_set_dh_auto(ctx, 1))) -+ goto end; -+#endif -+ -+ if (!TEST_true(create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl, -+ NULL, NULL))) -+ goto end; -+ -+ SSL_set_options(srvr_ssl, SSL_OP_NO_QUERY_MTU); -+ if (!TEST_true(DTLS_set_link_mtu(srvr_ssl, 1500))) -+ goto end; -+ -+ SSL_set_tlsext_max_fragment_length(clnt_ssl, -+ TLSEXT_max_fragment_length_512); -+ -+ if (!TEST_true(create_ssl_connection(srvr_ssl, clnt_ssl, -+ SSL_ERROR_NONE))) -+ goto end; -+ -+ rv = 1; -+ -+ end: -+ SSL_free(clnt_ssl); -+ SSL_free(srvr_ssl); -+ SSL_CTX_free(ctx); -+ return rv; -+} -+ - int setup_tests(void) - { - ADD_TEST(run_mtu_tests); -+ ADD_TEST(test_server_mtu_larger_than_max_fragment_length); - return 1; - } -+ -+void cleanup_tests(void) -+{ -+ bio_s_mempacket_test_free(); -+} --- -2.17.1 - diff --git a/backport-Fix-documentation-of-X509_VERIFY_PARAM_add0_policy.patch b/backport-Fix-documentation-of-X509_VERIFY_PARAM_add0_policy.patch deleted file mode 100644 index cb3cf2e350eb5853ac72f4ee054578c2f1da71a9..0000000000000000000000000000000000000000 --- a/backport-Fix-documentation-of-X509_VERIFY_PARAM_add0_policy.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 0d16b7e99aafc0b4a6d729eec65a411a7e025f0a Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Tue, 21 Mar 2023 16:15:47 +0100 -Subject: [PATCH] Fix documentation of X509_VERIFY_PARAM_add0_policy() - -The function was incorrectly documented as enabling policy checking. - -Fixes: CVE-2023-0466 - -Reviewed-by: Matt Caswell -Reviewed-by: Paul Dale -(Merged from https://github.com/openssl/openssl/pull/20564) ---- - doc/man3/X509_VERIFY_PARAM_set_flags.pod | 9 +++++++-- - 3 files changed, 13 insertions(+), 2 deletions(-) - -diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod -index f6f304bf7b..aa292f9336 100644 ---- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod -+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod -@@ -92,8 +92,9 @@ B. - X509_VERIFY_PARAM_set_time() sets the verification time in B to - B. Normally the current time is used. - --X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled --by default) and adds B to the acceptable policy set. -+X509_VERIFY_PARAM_add0_policy() adds B to the acceptable policy set. -+Contrary to preexisting documentation of this function it does not enable -+policy checking. - - X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled - by default) and sets the acceptable policy set to B. Any existing -@@ -377,6 +378,10 @@ and has no effect. - - The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. - -+The function X509_VERIFY_PARAM_add0_policy() was historically documented as -+enabling policy checking however the implementation has never done this. -+The documentation was changed to align with the implementation. -+ - =head1 COPYRIGHT - - Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. --- -2.36.1 - diff --git a/backport-Fix-strict-client-chain-check-with-TLS-1.3.patch b/backport-Fix-strict-client-chain-check-with-TLS-1.3.patch deleted file mode 100644 index f13fb2a3f6146ec7e5f78c657e688bb2c27c7c5f..0000000000000000000000000000000000000000 --- a/backport-Fix-strict-client-chain-check-with-TLS-1.3.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 3bd976551e549c030bdbd150c7aa8a1980cb00fe Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Tue, 29 Mar 2022 13:31:34 +0200 -Subject: [PATCH] Fix strict client chain check with TLS-1.3 - -When TLS-1.3 is used and the server does not send any CA names -the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null -argument. - -Reviewed-by: Todd Short -Reviewed-by: Matt Caswell -(Merged from https://github.com/openssl/openssl/pull/17986) - -(cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f) ---- - ssl/t1_lib.c | 14 ++++++-------- - 1 file changed, 6 insertions(+), 8 deletions(-) - -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index 4de4623a49..5fcb40eaff 100644 ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -2369,22 +2369,20 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, - - ca_dn = s->s3->tmp.peer_ca_names; - -- if (!sk_X509_NAME_num(ca_dn)) -+ if (ca_dn == NULL -+ || sk_X509_NAME_num(ca_dn) == 0 -+ || ssl_check_ca_name(ca_dn, x)) - rv |= CERT_PKEY_ISSUER_NAME; -- -- if (!(rv & CERT_PKEY_ISSUER_NAME)) { -- if (ssl_check_ca_name(ca_dn, x)) -- rv |= CERT_PKEY_ISSUER_NAME; -- } -- if (!(rv & CERT_PKEY_ISSUER_NAME)) { -+ else - for (i = 0; i < sk_X509_num(chain); i++) { - X509 *xtmp = sk_X509_value(chain, i); -+ - if (ssl_check_ca_name(ca_dn, xtmp)) { - rv |= CERT_PKEY_ISSUER_NAME; - break; - } - } -- } -+ - if (!check_flags && !(rv & CERT_PKEY_ISSUER_NAME)) - goto end; - } else --- -2.17.1 - diff --git a/backport-Generate-some-certificates-with-the-certificatePolic.patch b/backport-Generate-some-certificates-with-the-certificatePolic.patch deleted file mode 100644 index 77579af28c6a39ded79f0f96330079d34ccbe887..0000000000000000000000000000000000000000 --- a/backport-Generate-some-certificates-with-the-certificatePolic.patch +++ /dev/null @@ -1,146 +0,0 @@ -From a4e726428608e352283d745cb0716248d29ecf26 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Tue, 7 Mar 2023 15:22:40 +0000 -Subject: [PATCH] Generate some certificates with the certificatePolicies - extension - -Related-to: CVE-2023-0465 - -Reviewed-by: Hugo Landau -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/20585) ---- - test/certs/ca-pol-cert.pem | 19 +++++++++++++++++++ - test/certs/ee-cert-policies-bad.pem | 20 ++++++++++++++++++++ - test/certs/ee-cert-policies.pem | 20 ++++++++++++++++++++ - test/certs/mkcert.sh | 9 +++++++-- - test/certs/setup.sh | 6 ++++++ - 5 files changed, 72 insertions(+), 2 deletions(-) - create mode 100644 test/certs/ca-pol-cert.pem - create mode 100644 test/certs/ee-cert-policies-bad.pem - create mode 100644 test/certs/ee-cert-policies.pem - -diff --git a/test/certs/ca-pol-cert.pem b/test/certs/ca-pol-cert.pem -new file mode 100644 -index 0000000000..244af3292b ---- /dev/null -+++ b/test/certs/ca-pol-cert.pem -@@ -0,0 +1,19 @@ -+-----BEGIN CERTIFICATE----- -+MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 -+IENBMCAXDTIzMDMwODEyMjMxNloYDzIxMjMwMzA5MTIyMzE2WjANMQswCQYDVQQD -+DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd -+j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz -+n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W -+l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l -+YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc -+ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 -+CLNNsUcCAwEAAaN7MHkwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYD -+VR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8GA1UdIwQYMBaAFI71Ja8em2uE -+PXyAmslTnE1y96NSMBkGA1UdIAQSMBAwDgYMKwYBBAGBgVy8+0cBMA0GCSqGSIb3 -+DQEBCwUAA4IBAQBbE+MO9mewWIUY2kt85yhl0oZtvVxbn9K2Hty59ItwJGRNfzx7 -+Ge7KgawkvNzMOXmj6qf8TpbJnf41ZLWdRyVZBVyIwrAKIVw1VxfGh8aEifHKN97H -+unZkBPcUkAhUJSiC1BOD/euaMYqOi8QwiI702Q6q1NBY1/UKnV/ZIBLecnqfj9vZ -+7T0wKxrwGYBztP4pNcxCmBoD9Dg+Dx3ZElo0WXyO4SOh/BgrsKJHKyhbuTpjrI/g -+DhcINRp6+lIzuFBtJ67+YXnAEspb3lKMk0YL/LXrCNF2scdmNfOPwHi+OKBqt69C -+9FJyWFEMxx2qm/ENE9sbOswgJRnKkaAqHBHx -+-----END CERTIFICATE----- -diff --git a/test/certs/ee-cert-policies-bad.pem b/test/certs/ee-cert-policies-bad.pem -new file mode 100644 -index 0000000000..0fcd6372b3 ---- /dev/null -+++ b/test/certs/ee-cert-policies-bad.pem -@@ -0,0 +1,20 @@ -+-----BEGIN CERTIFICATE----- -+MIIDTTCCAjWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg -+Fw0yMzAzMDgxMjIzMzJaGA8yMTIzMDMwOTEyMjMzMlowGTEXMBUGA1UEAwwOc2Vy -+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY -+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT -+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l -+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 -+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 -+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn -+iIQPYf55NB9KiR+3AgMBAAGjgakwgaYwHQYDVR0OBBYEFOeb4iqtimw6y3ZR5Y4H -+mCKX4XOiMB8GA1UdIwQYMBaAFLQRM/HX4l73U54gIhBPhga/H8leMAkGA1UdEwQC -+MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4YW1w -+bGUwKQYDVR0gBCIwIDAOBgwrBgEEAYGBXLz7RwEwDgYMKwYBBAGBgVy8+0cBMA0G -+CSqGSIb3DQEBCwUAA4IBAQArwtwNO++7kStcJeMg3ekz2D/m/8UEjTA1rknBjQiQ -+P0FK7tNeRqus9i8PxthNWk+biRayvDzaGIBV7igpDBPfXemDgmW9Adc4MKyiQDfs -+YfkHi3xJKvsK2fQmyCs2InVDaKpVAkNFcgAW8nSOhGliqIxLb0EOLoLNwaktou0N -+XQHmRzY8S7aIr8K9Qo9y/+MLar+PS4h8l6FkLLkTICiFzE4/wje5S3NckAnadRJa -+QpjwM2S6NuA+tYWuOcN//r7BSpW/AZKanYWPzHMrKlqCh+9o7sthPd72+hObG9kx -+wSGdzfStNK1I1zM5LiI08WtXCvR6AfLANTo2x1AYhSxF -+-----END CERTIFICATE----- -diff --git a/test/certs/ee-cert-policies.pem b/test/certs/ee-cert-policies.pem -new file mode 100644 -index 0000000000..2f06d7433f ---- /dev/null -+++ b/test/certs/ee-cert-policies.pem -@@ -0,0 +1,20 @@ -+-----BEGIN CERTIFICATE----- -+MIIDPTCCAiWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg -+Fw0yMzAzMDgxMjIzMjNaGA8yMTIzMDMwOTEyMjMyM1owGTEXMBUGA1UEAwwOc2Vy -+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY -+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT -+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l -+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 -+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 -+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn -+iIQPYf55NB9KiR+3AgMBAAGjgZkwgZYwHQYDVR0OBBYEFOeb4iqtimw6y3ZR5Y4H -+mCKX4XOiMB8GA1UdIwQYMBaAFLQRM/HX4l73U54gIhBPhga/H8leMAkGA1UdEwQC -+MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4YW1w -+bGUwGQYDVR0gBBIwEDAOBgwrBgEEAYGBXLz7RwEwDQYJKoZIhvcNAQELBQADggEB -+AGbWslmAAdMX3+5ChcnFrX+NqDGoyhb3PTgWdtlQB5qtWdIt4rSxN50OcQxFTX0D -+QOBabSzR0DDKrgfBe4waL19WsdEvR9GyO4M7ASze/A3IEZue9C9k0n7Vq8zDaAZl -+CiR/Zqo9nAOuhKHMgmC/NjUlX7STv5pJVgc4SH8VEKmSRZDmNihaOalUtK5X8/Oa -+dawKxsZcaP5IKnOEPPKjtVNJxBu5CXywJHsO0GcoDEnEx1/NLdFoJ6WFw8NuTyDK -+NGLq2MHEdyKaigHQlptEs9bXyu9McJjzbx0uXj3BenRULASreccFej0L1RU6jDlk -+D3brBn24UISaFRZoB7jsjok= -+-----END CERTIFICATE----- -diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh -index 88e8740037..5bba589358 100755 ---- a/test/certs/mkcert.sh -+++ b/test/certs/mkcert.sh -@@ -119,11 +119,12 @@ genca() { - local OPTIND=1 - local purpose= - -- while getopts p: o -+ while getopts p:c: o - do - case $o in - p) purpose="$OPTARG";; -- *) echo "Usage: $0 genca [-p EKU] cn keyname certname cakeyname cacertname" >&2 -+ c) certpol="$OPTARG";; -+ *) echo "Usage: $0 genca [-p EKU][-c policyoid] cn keyname certname cakeyname cacertname" >&2 - return 1;; - esac - done -@@ -146,6 +147,10 @@ genca() { - if [ -n "$NC" ]; then - exts=$(printf "%s\nnameConstraints = %s\n" "$exts" "$NC") - fi -+ if [ -n "$certpol" ]; then -+ exts=$(printf "%s\ncertificatePolicies = %s\n" "$exts" "$certpol") -+ fi -+ - csr=$(req "$key" "CN = $cn") || return 1 - echo "$csr" | - cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \ -diff --git a/test/certs/setup.sh b/test/certs/setup.sh -index 020f6ce..1cbef67 100755 ---- a/test/certs/setup.sh -+++ b/test/certs/setup.sh -@@ -405,3 +405,9 @@ OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed448 ./mkcert.sh genroot "Root Ed448" \ - root-ed448-key root-ed448-cert - OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed448 ./mkcert.sh genee ed448 \ - server-ed448-key server-ed448-cert root-ed448-key root-ed448-cert -+ -+# certificatePolicies extension -+./mkcert.sh genca -c "1.3.6.1.4.1.16604.998855.1" "CA" ca-key ca-pol-cert root-key root-cert -+./mkcert.sh geneeextra server.example ee-key ee-cert-policies ca-key ca-cert "certificatePolicies=1.3.6.1.4.1.16604.998855.1" -+# We can create a cert with a duplicate policy oid - but its actually invalid! -+./mkcert.sh geneeextra server.example ee-key ee-cert-policies-bad ca-key ca-cert "certificatePolicies=1.3.6.1.4.1.16604.998855.1,1.3.6.1.4.1.16604.998855.1" --- -2.36.1 - diff --git a/backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch b/backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch deleted file mode 100644 index 271c4815a36de4208a9f3d79fd5858b102e99f6b..0000000000000000000000000000000000000000 --- a/backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch +++ /dev/null @@ -1,37 +0,0 @@ -From eec805ee71356c06f9a86192fa06507c3bb92b09 Mon Sep 17 00:00:00 2001 -From: Bernd Edlinger -Date: Sun, 23 Jul 2023 14:27:54 +0200 -Subject: [PATCH] Make DH_check set some error bits in recently added error - -The pre-existing error cases where DH_check returned zero -are not related to the dh params in any way, but are only -triggered by out-of-memory errors, therefore having *ret -set to zero feels right, but since the new error case is -triggered by too large p values that is something different. -On the other hand some callers of this function might not -be prepared to handle the return value correctly but only -rely on *ret. Therefore we set some error bits in *ret as -additional safety measure. - -Reviewed-by: Paul Dale -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/21533) ---- - crypto/dh/dh_check.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c -index e5f9dd5030..2001d2e7cb 100644 ---- a/crypto/dh/dh_check.c -+++ b/crypto/dh/dh_check.c -@@ -104,6 +104,7 @@ int DH_check(const DH *dh, int *ret) - /* Don't do any checks at all with an excessively large modulus */ - if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) { - DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE); -+ *ret = DH_CHECK_P_NOT_PRIME; - return 0; - } - --- -2.27.0 - diff --git a/backport-Prevent-crash-with-engine-using-different-openssl-ru.patch b/backport-Prevent-crash-with-engine-using-different-openssl-ru.patch deleted file mode 100644 index 3a14ffb71f7be06c78dbd1d10dc81da78e9121df..0000000000000000000000000000000000000000 --- a/backport-Prevent-crash-with-engine-using-different-openssl-ru.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 38ac4415a9cc4cca307c866e5fc548b889fe2bb6 Mon Sep 17 00:00:00 2001 -From: Bernd Edlinger -Date: Mon, 22 Nov 2021 21:50:04 +0100 -Subject: [PATCH] Prevent crash with engine using different openssl runtime - -This problem happens usually because an application -links libcrypto and/or libssl statically which -installs an atexit handler, but later an engine using -a shared instance of libcrypto is installed. -The problem is in simple words that both instances -of libcrypto have an atexit handler installed, -but both are unable to coordinate with each other, -which causes a crash, typically a use-after-free -in the engine's destroy function. - -Work around that by preventing the engine's -libcrypto to install the atexit handler. -This may result in a small memory leak, but that -memory is still reachable. - -Fixes #15898 - -Reviewed-by: Richard Levitte -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/17541) ---- - include/openssl/engine.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/include/openssl/engine.h b/include/openssl/engine.h -index 0780f0fb5f..756751c6d3 100644 ---- a/include/openssl/engine.h -+++ b/include/openssl/engine.h -@@ -722,6 +722,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, - CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ - fns->mem_fns.realloc_fn, \ - fns->mem_fns.free_fn); \ -+ OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \ - skip_cbs: \ - if (!fn(e, id)) return 0; \ - return 1; } --- -2.38.1.windows.1 - diff --git a/backport-Update-further-expiring-certificates-that-affect-tes.patch b/backport-Update-further-expiring-certificates-that-affect-tes.patch deleted file mode 100644 index 6ceabf80043bf27c071e7c2248a846b98a718358..0000000000000000000000000000000000000000 --- a/backport-Update-further-expiring-certificates-that-affect-tes.patch +++ /dev/null @@ -1,962 +0,0 @@ -From ab7d05617a444cfcf4f930f81caa4cf66495ab9b Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Thu, 2 Jun 2022 18:12:05 +0200 -Subject: [PATCH] Update further expiring certificates that affect tests - -Namely the smime certificates used in test_cms -will expire soon and affect tests. - -Fixes #15179 - -Reviewed-by: Dmitry Belyavskiy -Reviewed-by: Paul Dale -(Merged from https://github.com/openssl/openssl/pull/18481) ---- - test/smime-certs/mksmime-certs.sh | 22 ++++---- - test/smime-certs/smdh.pem | 72 +++++++++++++++---------- - test/smime-certs/smdsa1.pem | 86 ++++++++++++++--------------- - test/smime-certs/smdsa2.pem | 86 ++++++++++++++--------------- - test/smime-certs/smdsa3.pem | 86 ++++++++++++++--------------- - test/smime-certs/smec1.pem | 36 ++++++------- - test/smime-certs/smec2.pem | 38 ++++++------- - test/smime-certs/smroot.pem | 90 +++++++++++++++---------------- - test/smime-certs/smrsa1.pem | 90 +++++++++++++++---------------- - test/smime-certs/smrsa2.pem | 90 +++++++++++++++---------------- - test/smime-certs/smrsa3.pem | 90 +++++++++++++++---------------- - 11 files changed, 400 insertions(+), 386 deletions(-) - -diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh -index c98e164b18..caa191ed77 100644 ---- a/test/smime-certs/mksmime-certs.sh -+++ b/test/smime-certs/mksmime-certs.sh -@@ -15,23 +15,23 @@ export OPENSSL_CONF - - # Root CA: create certificate directly - CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -nodes \ -- -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 3650 -+ -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 36501 - - # EE RSA certificates: create request first - CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -nodes \ - -keyout smrsa1.pem -out req.pem -newkey rsa:2048 - # Sign request: end entity extensions --$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem - - CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -nodes \ - -keyout smrsa2.pem -out req.pem -newkey rsa:2048 --$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem - - CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -nodes \ - -keyout smrsa3.pem -out req.pem -newkey rsa:2048 --$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem - - # Create DSA parameters -@@ -40,15 +40,15 @@ $OPENSSL dsaparam -out dsap.pem 2048 - - CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -nodes \ - -keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem --$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem - CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -nodes \ - -keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem --$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem - CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -nodes \ - -keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem --$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem - - # Create EC parameters -@@ -58,15 +58,15 @@ $OPENSSL ecparam -out ecp2.pem -name K-283 - - CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -nodes \ - -keyout smec1.pem -out req.pem -newkey ec:ecp.pem --$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem - CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -nodes \ - -keyout smec2.pem -out req.pem -newkey ec:ecp2.pem --$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem - CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -nodes \ - -keyout smec3.pem -out req.pem -newkey ec:ecp.pem --$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem - # Create X9.42 DH parameters. - $OPENSSL genpkey -genparam -algorithm DH -pkeyopt dh_paramgen_type:2 \ -@@ -78,7 +78,7 @@ $OPENSSL pkey -pubout -in smdh.pem -out dhpub.pem - CN="Test S/MIME EE DH #1" $OPENSSL req -config ca.cnf -nodes \ - -keyout smtmp.pem -out req.pem -newkey rsa:2048 - # Sign request but force public key to DH --$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -force_pubkey dhpub.pem \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdh.pem - # Remove temp files. -diff --git a/test/smime-certs/smdh.pem b/test/smime-certs/smdh.pem -index f831b0713b..273dfca5e0 100644 ---- a/test/smime-certs/smdh.pem -+++ b/test/smime-certs/smdh.pem -@@ -1,33 +1,47 @@ - -----BEGIN PRIVATE KEY----- --MIIBSgIBADCCASsGByqGSM4+AgEwggEeAoGBANQMSgwEcnEZ31kZxa9Ef8qOK/AJ --9dMlsXMWVYnf/QevGdN/0Aei/j9a8QHG+CvvTm0DOEKhN9QUtABKsYZag865CA7B --mSdHjQuFqILtzA25sDJ+3+jk9vbss+56ETRll/wasJVLGbmmHNkBMvc1fC1d/sGF --cEn4zJnQvvFaeMgDAoGAaQD9ZvL8FYsJuNxN6qp5VfnfRqYvyi2PWSqtRKPGGC+V --thYg49PRjwPOcXzvOsdEOQ7iH9jTiSvnUdwSSEwYTZkSBuQXAgOMJAWOpoXyaRvh --atziBDoBnWS+/kX5RBhxvS0+em9yfRqAQleuGG+R1mEDihyJc8dWQQPT+O1l4oUC --FQCJlKsQZ0VBrWPGcUCNa54ZW6TH9QQWAhRR2NMZrQSfWthXDO8Lj5WZ34zQrA== -+MIICXAIBADCCAjUGByqGSM4+AgEwggIoAoIBAQCB6AUA/1eXRh+iLWHXe+lUl6e+ -++460tAIIpsQ1jw1ZaTmlH9SlrWSBNVRVHwDuBW7vA+lKgBvDpCIjmhRbgrZIGwcZ -+6ruCYy5KF/B3AW5MApC9QCDaVrG6Hb7NfpMgwuUIKvvvOMrrvn4r5Oxtsx9rORTE -+bdS33MuZCOIbodjs5u+e/2hhssOwgUTMASDwXppJTyeMwAAZ+p78ByrSULP6yYdP -+PTh8sK1begDG6YTSKE3VqYNg1yaE5tQvCQ0U2L4qZ8JqexAVHbR8LA8MNhtA1pma -+Zj4q2WNAEevpprIIRXgJEZY278nPlvVeoKfOef9RBHgQ6ZTnZ1Et5iLMCwYHAoIB -+AFVgJaHfnBVJYfaQh1NyoVZJ5xX6UvvL5xEKUwwEMgs8JSOzp2UI+KRDpy9KbNH7 -+93Kwa2d8Q7ynciDiCmd1ygF4CJKb4ZOwjWjpZ4DedHr0XokGhyBCyjaBxOi3i4tP -+EFO8YHs5B/yOZHzcpTfs2VxJqIm3KF8q0Ify9PWDAsgo+d21/+eye60FHjF9o2/D -+l3NRlOhUhHNGykfqFgKEEEof3/3c6r5BS0oRXdsu6dx/y2/v8j9aJoHfyGHkswxr -+ULSBxJENOBB89C+GET6yhbxV1e4SFwzHnXgG8bWXwk7bea6ZqXbHq0pT3kUiQeKe -+assXKqRBAG9NLbQ3mmx8RFkCHQDIVBWPf6VwBa2s1CAcsIziVJ8qr/KAKx9DZ3h5 -+BB4CHAF3VZBAC/TB85J4PzsLJ+VrOWr0c8kQlYUR9rw= - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIID/zCCAuegAwIBAgIJANv1TSKgememMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA4MDIxNDQ5MjlaFw0yMzA2MTExNDQ5MjlaMEQx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU --ZXN0IFMvTUlNRSBFRSBESCAjMTCCAbYwggErBgcqhkjOPgIBMIIBHgKBgQDUDEoM --BHJxGd9ZGcWvRH/KjivwCfXTJbFzFlWJ3/0HrxnTf9AHov4/WvEBxvgr705tAzhC --oTfUFLQASrGGWoPOuQgOwZknR40LhaiC7cwNubAyft/o5Pb27LPuehE0ZZf8GrCV --Sxm5phzZATL3NXwtXf7BhXBJ+MyZ0L7xWnjIAwKBgGkA/Wby/BWLCbjcTeqqeVX5 --30amL8otj1kqrUSjxhgvlbYWIOPT0Y8DznF87zrHRDkO4h/Y04kr51HcEkhMGE2Z --EgbkFwIDjCQFjqaF8mkb4Wrc4gQ6AZ1kvv5F+UQYcb0tPnpvcn0agEJXrhhvkdZh --A4ociXPHVkED0/jtZeKFAhUAiZSrEGdFQa1jxnFAjWueGVukx/UDgYQAAoGAL1ve --cgI2awBeJH8ULBhSQpdL224VUDxFPiXzt8Vu5VLnxPv0pfA5En+8VByTuV7u6RSw --3/78NuTyr/sTyN8YlB1AuXHdTJynA1ICte1xgD4j2ijlq+dv8goOAFt9xkvXx7LD --umJ/cCignXETcNGfMi8+0s0bpMZyoHRdce8DQ26jYDBeMAwGA1UdEwEB/wQCMAAw --DgYDVR0PAQH/BAQDAgXgMB0GA1UdDgQWBBQLWk1ffSXH8p3Bqrdjgi/6jzLnwDAf --BgNVHSMEGDAWgBTffl6IBSQzCN0igQKXzJq3sTMnMDANBgkqhkiG9w0BAQUFAAOC --AQEAWvJj79MW1/Wq3RIANgAhonsI1jufYqxTH+1M0RU0ZXHulgem77Le2Ls1bizi --0SbvfpTiiFGkbKonKtO2wvfqwwuptSg3omMI5IjAGxYbyv2KBzIpp1O1LTDk9RbD --48JMMF01gByi2+NLUQ1MYF+5RqyoRqcyp5x2+Om1GeIM4Q/GRuI4p4dybWy8iC+d --LeXQfR7HXfh+tAum+WzjfLJwbnWbHmPhTbKB01U4lBp6+r8BGHAtNdPjEHqap4/z --vVZVXti9ThZ20EhM+VFU3y2wyapeQjhQvw/A2YRES0Ik7BSj3hHfWH/CTbLVQnhu --Uj6tw18ExOYxqoEGixNLPA5qsQ== -+MIIFmDCCBICgAwIBAgIUWlJkHZZ2eZgkGCHFtcMAjlLdDH8wDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw -+NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 -+cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgREggIzEwggNCMIICNQYHKoZIzj4C -+ATCCAigCggEBAIHoBQD/V5dGH6ItYdd76VSXp777jrS0AgimxDWPDVlpOaUf1KWt -+ZIE1VFUfAO4Fbu8D6UqAG8OkIiOaFFuCtkgbBxnqu4JjLkoX8HcBbkwCkL1AINpW -+sbodvs1+kyDC5Qgq++84yuu+fivk7G2zH2s5FMRt1Lfcy5kI4huh2Ozm757/aGGy -+w7CBRMwBIPBemklPJ4zAABn6nvwHKtJQs/rJh089OHywrVt6AMbphNIoTdWpg2DX -+JoTm1C8JDRTYvipnwmp7EBUdtHwsDww2G0DWmZpmPirZY0AR6+mmsghFeAkRljbv -+yc+W9V6gp855/1EEeBDplOdnUS3mIswLBgcCggEAVWAlod+cFUlh9pCHU3KhVknn -+FfpS+8vnEQpTDAQyCzwlI7OnZQj4pEOnL0ps0fv3crBrZ3xDvKdyIOIKZ3XKAXgI -+kpvhk7CNaOlngN50evReiQaHIELKNoHE6LeLi08QU7xgezkH/I5kfNylN+zZXEmo -+ibcoXyrQh/L09YMCyCj53bX/57J7rQUeMX2jb8OXc1GU6FSEc0bKR+oWAoQQSh/f -+/dzqvkFLShFd2y7p3H/Lb+/yP1omgd/IYeSzDGtQtIHEkQ04EHz0L4YRPrKFvFXV -+7hIXDMedeAbxtZfCTtt5rpmpdserSlPeRSJB4p5qyxcqpEEAb00ttDeabHxEWQId -+AMhUFY9/pXAFrazUIBywjOJUnyqv8oArH0NneHkDggEFAAKCAQBigH0Mp4jUMSfK -+yOhKlEfyZ/hj/EImsUYW4+u8xjBN+ruOJUTJ06Mtgw3g2iLkhQoO9NROqvC9rdLj -++j3e+1QWm9EDNKQAa4nUp8/W+XZ5KkQWudmtaojEXD1+kd44ieNLtPGuVnPtDGO4 -+zPf04IUq7tDGbMDMMn6YXvW6f28lR3gF5vvVIsnjsd/Lau6orzmNSrymXegsEsFR -+Q7hT+/tPoAtro6Hx9rBrYb/0OCiRe4YuYrFKkC0aaJfUQepVyuVMSTxxKTzq8T06 -+M8SBITlmkPFZJHyGzV/+a72hpJsAa0BaDnpxH3cFpEMzeYG1XQK461zexoIYN3ub -+i3xNPUzPo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4E -+FgQULayIqKcWHtUH4pFolI6dKxycIG8wHwYDVR0jBBgwFoAUFcETIWviVV+nah1X -+INbP86lzZFkwDQYJKoZIhvcNAQELBQADggEBAKjKvvJ6Vc9HiQXACqqRZnekz2gO -+ue71nsXXDr2+y4PPpgcDzgtO3vhQc7Akv6Uyca9LY7w/X+temP63yxdLpKXTV19w -+Or0p4VEvTZ8AttMjFh4Hl8caVYk/J4TIudSXLIfKROP6sFu5GOw7W3xpBkL5Zio6 -+3dqe6xAYK0woNQPDfj5yOAlqj1Ohth81JywW5h2g8GfLtNe62coAqwjMJT+ExHfU -+EkF/beSqRGOvXwyhSxFpe7HVjUMgrgdfoZnNsoPmpH3eTiF4BjamGWI1+Z0o+RHa -+oPwN+cCzbDsi9uTQJO1D5S697heX00zzzU/KSW7djNzKv55vm24znuFkXTM= - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smdsa1.pem b/test/smime-certs/smdsa1.pem -index b424f6704e..0104e207cb 100644 ---- a/test/smime-certs/smdsa1.pem -+++ b/test/smime-certs/smdsa1.pem -@@ -1,47 +1,47 @@ - -----BEGIN PRIVATE KEY----- --MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 --k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou --zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO --wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK --v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC --0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA --rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM --zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx --DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy --xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 --ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h --Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ --TQMsxQQjAiEAkolGvb/76X3vm5Ov09ezqyBYt9cdj/FLH7DyMkxO7X0= -+MIICXQIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1 -+i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t -+4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa -+kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg -+c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S -+8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A -+mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw -+V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7 -+ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR -+CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL -+5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL -+QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX -+ygQeAhwE9yuqObvNXzUTN+PY2rg00PzdyJw3XJAUrmlY - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIFkDCCBHigAwIBAgIJANk5lu6mSyBDMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU --ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 --uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS --7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS --wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 --+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 --Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D --AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb --0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu --g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 --0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv --yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf --7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P --aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAGXSQADbuRIZBjiQ6NikwZl+x --EDEffIE0RWbvwf1tfWxw4ZvanO/djyz5FePO0AIJDBCLUjr9D32nkmIG1Hu3dWgV --86knQsM6uFiMSzY9nkJGZOlH3w4NHLE78pk75xR1sg1MEZr4x/t+a/ea9Y4AXklE --DCcaHtpMGeAx3ZAqSKec+zQOOA73JWP1/gYHGdYyTQpQtwRTsh0Gi5mOOdpoJ0vp --O83xYbFCZ+ZZKX1RWOjJe2OQBRtw739q1nRga1VMLAT/LFSQsSE3IOp8hiWbjnit --1SE6q3II2a/aHZH/x4OzszfmtQfmerty3eQSq3bgajfxCsccnRjSbLeNiazRSKNg --MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFNHQYTOO --xaZ/N68OpxqjHKuatw6sMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs --MA0GCSqGSIb3DQEBBQUAA4IBAQAAiLociMMXcLkO/uKjAjCIQMrsghrOrxn4ZGBx --d/mCTeqPxhcrX2UorwxVCKI2+Dmz5dTC2xKprtvkiIadJamJmxYYzeF1pgRriFN3 --MkmMMkTbe/ekSvSeMtHQ2nHDCAJIaA/k9akWfA0+26Ec25/JKMrl3LttllsJMK1z --Xj7TcQpAIWORKWSNxY/ezM34+9ABHDZB2waubFqS+irlZsn38aZRuUI0K67fuuIt --17vMUBqQpe2hfNAjpZ8dIpEdAGjQ6izV2uwP1lXbiaK9U4dvUqmwyCIPniX7Hpaf --0VnX0mEViXMT6vWZTjLBUv0oKmO7xBkWHIaaX6oyF32pK5AO -+MIIFmjCCBIKgAwIBAgIUUoOmJmXAY29/2rWY0wJphQ5/pzUwDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw -+NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 -+cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMxMIIDQzCCAjYGByqGSM44 -+BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL -+J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5 -+LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd -+62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt -+MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l -+aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK -+3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b -+bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ -+9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2 -+DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B -+E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV -+hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBACGS7hCpTL0g -+lx9C1Bwz5xfVd0mwCqx9UGiH8Bf4lRsSagL0Irwvnjz++WH1vecZa2bWsYsPhQ+D -+KDzaCo20CYln4IFEPgY0fSE+KTF1icFj/mD+MgxWgsgKoTI120ENPGHqHpKkv0Uv -+OlwTImU4BxxkctZ5273XEv3VPQE8COGnXgqt7NBazU/O7vibFm0iaEsVjHFHYcoo -++sMcm3F2E/gvR9IJGaGPeCk0sMW8qloPzErWIugx/OGqM7fni2cIcZwGdju52O+l -+cLV0tZdgC7eTbVDMLspyuiYME+zvEzRwCQF/GqcCDSn68zxJv/zSNZ9XxOgZaBfs -+Na7e8YGATiujYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud -+DgQWBBSFVrWPZrHzhHUg0MMEAAKwQIfsazAfBgNVHSMEGDAWgBQVwRMha+JVX6dq -+HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAbm49FB+eyeX7OBUC/akhnkFw -+cDXqw7Fl2OibRK+g/08zp4CruwJdb72j5+pTmG+9SF7tGyQBfHFf1+epa3ZiIc+0 -+UzFf2xQBMyHjesL19cTe4i176dHz8pCxx9OEow0GlZVV85+Anev101NskKVNNVA7 -+YnB2xKQWgf8HORh66XVCk54xMcd99ng8xQ8vhZC6KckVbheQgdPp7gUAcDgxH2Yo -+JF8jHQlsWNcCGURDldP6FQ49TGWHj24IGjnjGapWxMUjvCz+kV6sGW/OIYu+MM9w -+FMIOyEdUUtKowWT6eXwrITup3T6pspPTicbK61ZCPuxMvP2JBFGZsqat+F5g+w== - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smdsa2.pem b/test/smime-certs/smdsa2.pem -index 648447fc89..7d5b969dc3 100644 ---- a/test/smime-certs/smdsa2.pem -+++ b/test/smime-certs/smdsa2.pem -@@ -1,47 +1,47 @@ - -----BEGIN PRIVATE KEY----- --MIICZAIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 --k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou --zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO --wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK --v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC --0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA --rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM --zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx --DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy --xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 --ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h --Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ --TQMsxQQiAiAdCUJ5n2Q9hIynN8BMpnRcdfH696BKejGx+2Mr2kfnnA== -+MIICXQIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1 -+i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t -+4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa -+kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg -+c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S -+8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A -+mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw -+V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7 -+ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR -+CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL -+5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL -+QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX -+ygQeAhwmRauZi+nQ3kQ+GSKD7JCwv8XkD9NObMGlW018 - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIFkDCCBHigAwIBAgIJANk5lu6mSyBEMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU --ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 --uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS --7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS --wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 --+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 --Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D --AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb --0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu --g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 --0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv --yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf --7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P --aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAItQlFu0t7Mw1HHROuuwKLS+E --h2WNNZP96MLQTygOVlqgaJY+1mJLzvl/51LLH6YezX0t89Z2Dm/3SOJEdNrdbIEt --tbu5rzymXxFhc8uaIYZFhST38oQwJOjM8wFitAQESe6/9HZjkexMqSqx/r5aEKTa --LBinqA1BJRI72So1/1dv8P99FavPADdj8V7fAccReKEQKnfnwA7mrnD+OlIqFKFn --3wCGk8Sw7tSJ9g6jgCI+zFwrKn2w+w+iot/Ogxl9yMAtKmAd689IAZr5GPPvV2y0 --KOogCiUYgSTSawZhr+rjyFavfI5dBWzMq4tKx/zAi6MJ+6hGJjJ8jHoT9JAPmaNg --MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFGaxw04k --qpufeGZC+TTBq8oMnXyrMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs --MA0GCSqGSIb3DQEBBQUAA4IBAQCk2Xob1ICsdHYx/YsBzY6E1eEwcI4RZbZ3hEXp --VA72/Mbz60gjv1OwE5Ay4j+xG7IpTio6y2A9ZNepGpzidYcsL/Lx9Sv1LlN0Ukzb --uk6Czd2sZJp+PFMTTrgCd5rXKnZs/0D84Vci611vGMA1hnUnbAnBBmgLXe9pDNRV --6mhmCLLjJ4GOr5Wxt/hhknr7V2e1VMx3Q47GZhc0o/gExfhxXA8+gicM0nEYNakD --2A1F0qDhQGakjuofANHhjdUDqKJ1sxurAy80fqb0ddzJt2el89iXKN+aXx/zEX96 --GI5ON7z/bkVwIi549lUOpWb2Mved61NBzCLKVP7HSuEIsC/I -+MIIFmjCCBIKgAwIBAgIUHGKu2FMhT1wCiJTK3uAnklo55uowDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw -+NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 -+cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMyMIIDQzCCAjYGByqGSM44 -+BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL -+J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5 -+LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd -+62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt -+MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l -+aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK -+3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b -+bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ -+9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2 -+DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B -+E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV -+hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBAE0+OYS0s8/o -+HwuuiPsBZTlRynqdwF6FHdE0Ei2uVTxnJouPYB2HvaMioG2inbISzPtEcnLF9Pyx -+4hsXz7D49yqyMFjE3G8ObBOs/Vdno6E9ZZshWiRDwPf8JmoYp551UuJDoVaOTnhx -+pEs30nuidtqd54PMdWUQPfp58kTu6bXvcRxdUj5CK/PyjavJCnGfppq/6j8jtrji -+mOjIIeLZIbWp7hTVS/ffmfqZ8Lx/ShOcUzDa0VS3lfO28XqXpeqbyHdojsYlG2oA -+shKJL7/scq3ab8cI5QuHEIGSbxinKfjCX4OEQ04CNsgUwMY9emPSaNdYDZOPqq/K -+3bGk2PLcRsyjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud -+DgQWBBTQAQyUCqYWGo5RuwGCtHNgXgzEQzAfBgNVHSMEGDAWgBQVwRMha+JVX6dq -+HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAc3rayE2FGgG1RhLXAHYAs1Ky -+4fcVcrzaPaz5jjWbpBCStkx+gNcUiBf+aSxNrRvUoPOSwMDLpMhbNBj2cjJqQ0W1 -+oq4RUQth11qH89uPtBqiOqRTdlWAGZJbUTtVfrlc58DsDxFCwdcktSDYZwlO2lGO -+vMCOn9N7oqEEuwRa++xVnYc8ZbY8lGwJD3bGR6iC7NkYk+2LSqPS52m8e0GO8dpf -+RUrndbhmtsYa925dj2LlI218F3XwVcAUPW67dbpeEVw5OG8OCHRHqrwBEJj2PMV3 -+tHeNXDEhjTzI3wiFia4kDBAKIsrC/XQ4tEiFzq0V00BiVY0ykhy+v/qNPskTsg== - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smdsa3.pem b/test/smime-certs/smdsa3.pem -index 77acc5e46f..6df4699450 100644 ---- a/test/smime-certs/smdsa3.pem -+++ b/test/smime-certs/smdsa3.pem -@@ -1,47 +1,47 @@ - -----BEGIN PRIVATE KEY----- --MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 --k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou --zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO --wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK --v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC --0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA --rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM --zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx --DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy --xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 --ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h --Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ --TQMsxQQjAiEArJr6p2zTbhRppQurHGTdmdYHqrDdZH4MCsD9tQCw1xY= -+MIICXgIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1 -+i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t -+4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa -+kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg -+c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S -+8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A -+mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw -+V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7 -+ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR -+CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL -+5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL -+QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX -+ygQfAh0AkfI6533W5nBIVrDPcp2DCXC8u2SIwBob6OoK5A== - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIFkDCCBHigAwIBAgIJANk5lu6mSyBFMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU --ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 --uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS --7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS --wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 --+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 --Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D --AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb --0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu --g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 --0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv --yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf --7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P --aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAcXvtfiJfIZ0wgGpN72ZeGrJ9 --msUXOxow7w3fDbP8r8nfVkBNbfha8rx0eY6fURFVZzIOd8EHGKypcH1gS6eZNucf --zgsH1g5r5cRahMZmgGXBEBsWrh2IaDG7VSKt+9ghz27EKgjAQCzyHQL5FCJgR2p7 --cv0V4SRqgiAGYlJ191k2WtLOsVd8kX//jj1l8TUgE7TqpuSEpaSyQ4nzJROpZWZp --N1RwFmCURReykABU/Nzin/+rZnvZrp8WoXSXEqxeB4mShRSaH57xFnJCpRwKJ4qS --2uhATzJaKH7vu63k3DjftbSBVh+32YXwtHc+BGjs8S2aDtCW3FtDA7Z6J8BIxaNg --MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFMJxatDE --FCEFGl4uoiQQ1050Ju9RMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs --MA0GCSqGSIb3DQEBBQUAA4IBAQBGZD1JnMep39KMOhD0iBTmyjhtcnRemckvRask --pS/CqPwo+M+lPNdxpLU2w9b0QhPnj0yAS/BS1yBjsLGY4DP156k4Q3QOhwsrTmrK --YOxg0w7DOpkv5g11YLJpHsjSOwg5uIMoefL8mjQK6XOFOmQXHJrUtGulu+fs6FlM --khGJcW4xYVPK0x/mHvTT8tQaTTkgTdVHObHF5Dyx/F9NMpB3RFguQPk2kT4lJc4i --Up8T9mLzaxz6xc4wwh8h70Zw81lkGYhX+LRk3sfd/REq9x4QXQNP9t9qU1CgrBzv --4orzt9cda4r+rleSg2XjWnXzMydE6DuwPVPZlqnLbSYUy660 -+MIIFmjCCBIKgAwIBAgIUO2QHMd9V/S6KlrFDIPd7asRP4FAwDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw -+NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 -+cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMzMIIDQzCCAjYGByqGSM44 -+BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL -+J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5 -+LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd -+62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt -+MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l -+aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK -+3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b -+bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ -+9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2 -+DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B -+E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV -+hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBAEj25Os9f57G -+TaxsP8NzdCRBThCLqZWqLADh6S/aFOQQFpRRk3vGkvrOK/5La8KGKIDyzCEQo7Kg -+sPwI1o4N5GKx15Cer2ekDWLtP4hA2CChs4tWJzEa8VxIDTg4EUnASFCbfDUY/Yt0 -+5NM4nxtBhnr6PT7XmRehEFaTAgmsQFJ29jKx4tJkr+Gmj9J4i10CPd9DvIgIEnNt -+rYMAlfbGovaZVCgKp5INVA4IkDfCcbzDeNiOGaACeV+4QuEbgIbUhMq9vbw3Vvqe -+jwozPdrTYjd7oNxx/tY7gqxFRFxdDPXPno230afsAJsHmNF7lpj9Q4vBhy8w/EI1 -+jGzuiXjei9qjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud -+DgQWBBTwbCT+wSR9cvTg70jA2yIWgQSDZjAfBgNVHSMEGDAWgBQVwRMha+JVX6dq -+HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAe5t9oi8K76y+wnV6I21vKgEh -+M6DEe3+XTq10kAgYbcbMm+a6n86beaID7FANGET+3bsShxFeAX9g4Qsdw+Z3PF3P -+wvqiBD8MaXczj28zP6j9TxsjGzpAsV3xo1n7aQ+hHzpopJUxAyx4hLBqSSwdj/xe -+azELeVKoXY/nlokXnONWC5AvtfR7m7mKFPOmUghbeGCJH7+FXnC58eiF7BEpSbQl -+SniAdQFis+Dne6/kwZnQQaSDg55ELfaZOLhaLcRtqqgU+kv24mXGGEBhs9bBKMz5 -+ZNiKLafE3tCGRA5iMRwzdeSgrdnkQDHFiYXh3JHk5oKwGOdxusgt3DTHAFej1A== - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smec1.pem b/test/smime-certs/smec1.pem -index 75a862666b..a94f65c600 100644 ---- a/test/smime-certs/smec1.pem -+++ b/test/smime-certs/smec1.pem -@@ -1,22 +1,22 @@ - -----BEGIN PRIVATE KEY----- --MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgXzBRX9Z5Ib4LAVAS --DMlYvkj0SmLmYvWULe2LfyXRmpWhRANCAAS+SIj2FY2DouPRuNDp9WVpsqef58tV --3gIwV0EOV/xyYTzZhufZi/aBcXugWR1x758x4nHus2uEuEFi3Mr3K3+x -+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgdOomk0EB/oWMnTZB -+Qm5XMjlKnZNF4PMpwgov0Tj3u8OhRANCAATbG6XprSqHiD9AxWJiXRFgS+y38DGZ -+7hpSjs4bd95L+Lli+O91/lUy7Tb8aJ6VU2CoyWQjV4sQjbdVqeD+y4Ky - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIICoDCCAYigAwIBAgIJANk5lu6mSyBGMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEQx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU --ZXN0IFMvTUlNRSBFRSBFQyAjMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABL5I --iPYVjYOi49G40On1ZWmyp5/ny1XeAjBXQQ5X/HJhPNmG59mL9oFxe6BZHXHvnzHi --ce6za4S4QWLcyvcrf7GjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg --MB0GA1UdDgQWBBR/ybxC2DI+Jydhx1FMgPbMTmLzRzAfBgNVHSMEGDAWgBTJkVMK --Y3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEAdk9si83JjtgHHHGy --WcgWDfM0jzlWBsgFNQ9DwAuB7gJd/LG+5Ocajg5XdA5FXAdKkfwI6be3PdcVs3Bt --7f/fdKfBxfr9/SvFHnK7PVAX2x1wwS4HglX1lfoyq1boSvsiJOnAX3jsqXJ9TJiV --FlgRVnhnrw6zz3Xs/9ZDMTENUrqDHPNsDkKEi+9SqIsqDXpMCrGHP4ic+S8Rov1y --S+0XioMxVyXDp6XcL4PQ/NgHbw5/+UcS0me0atZ6pW68C0vi6xeU5vxojyuZxMI1 --DXXwMhOXWaKff7KNhXDUN0g58iWlnyaCz4XQwFsbbFs88TQ1+e/aj3bbwTxUeyN7 --qtcHJA== -+MIICrTCCAZWgAwIBAgIUdLT4B443vbxt0B8Mzy0sR4+6AyowDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw -+NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 -+cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgRUMgIzEwWTATBgcqhkjOPQIBBggq -+hkjOPQMBBwNCAATbG6XprSqHiD9AxWJiXRFgS+y38DGZ7hpSjs4bd95L+Lli+O91 -+/lUy7Tb8aJ6VU2CoyWQjV4sQjbdVqeD+y4Kyo2AwXjAMBgNVHRMBAf8EAjAAMA4G -+A1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUOia9H7l0qw3ftsDgEEeSBrHwQrwwHwYD -+VR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZIhvcNAQELBQADggEB -+AC7h/QkMocYANPqMQAO2okygG+OaE4qpKnlzHPUFMYedJGCvAWrwxu4hWL9T+hZo -+qilM7Fwaxw/P4Zaaa15SOOhXkIdn9Fu2ROmBQtEiklmWGMjiZ6F+9NCZPk0cTAXK -+2WQZOy41YNuvts+20osD4X/8x3fiARlokufj/TVyE73wG8pSSDh4KxWDfKv5Pi1F -+PC5IJh8XVELnFkeY3xjtoux5AYT+1xIQHO4eBua02Y1oPiWG7l/sK3grVlxrupd9 -+pXowwFlezWZP9q12VlWkcqwNb9hF9PkZge9bpiOJipSYgyobtAnms/CRHu3e6izl -+LJRua7p4Wt/8GQENDrVkHqU= - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smec2.pem b/test/smime-certs/smec2.pem -index 457297a760..3fe14b3a11 100644 ---- a/test/smime-certs/smec2.pem -+++ b/test/smime-certs/smec2.pem -@@ -1,23 +1,23 @@ - -----BEGIN PRIVATE KEY----- --MIGPAgEAMBAGByqGSM49AgEGBSuBBAAQBHgwdgIBAQQjhHaq507MOBznelrLG/pl --brnnJi/iEJUUp+Pm3PEiteXqckmhTANKAAQF2zs6vobmoT+M+P2+9LZ7asvFBNi7 --uCzLYF/8j1Scn/spczoC9vNzVhNw+Lg7dnjNL4EDIyYZLl7E0v69luzbvy+q44/8 --6bQ= -+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAEkuzLBwx5bIw3Q2PMNQ -+HzaY8yL3QLjzaJ8tCHrI/JTb9Q7VoUwDSgAEAu8b2HvLzKd0qhPtIw65Lh3OgF3X -+IN5874qHwt9zPSvokijSAH3v9tcBJPdRLD3Lweh2ZPn5hMwVwVorHqSgASk5vnjp -+HqER - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIICpTCCAY2gAwIBAgIJANk5lu6mSyBHMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEQx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU --ZXN0IFMvTUlNRSBFRSBFQyAjMjBeMBAGByqGSM49AgEGBSuBBAAQA0oABAXbOzq+ --huahP4z4/b70tntqy8UE2Lu4LMtgX/yPVJyf+ylzOgL283NWE3D4uDt2eM0vgQMj --JhkuXsTS/r2W7Nu/L6rjj/zptKNgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8E --BAMCBeAwHQYDVR0OBBYEFGf+QSQlkN20PsNN7x+jmQIJBDcXMB8GA1UdIwQYMBaA --FMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBBQUAA4IBAQBaBBryl2Ez --ftBrGENXMKQP3bBEw4n9ely6HvYQi9IC7HyK0ktz7B2FcJ4z96q38JN3cLxV0DhK --xT/72pFmQwZVJngvRaol0k1B+bdmM03llxCw/uNNZejixDjHUI9gEfbigehd7QY0 --uYDu4k4O35/z/XPQ6O5Kzw+J2vdzU8GXlMBbWeZWAmEfLGbk3Ux0ouITnSz0ty5P --rkHTo0uprlFcZAsrsNY5v5iuomYT7ZXAR3sqGZL1zPOKBnyfXeNFUfnKsZW7Fnlq --IlYBQIjqR1HGxxgCSy66f1oplhxSch4PUpk5tqrs6LeOqc2+xROy1T5YrB3yjVs0 --4ZdCllHZkhop -+MIICsjCCAZqgAwIBAgIUFMjrNKt+D8tzvn7jtjZ5HrLcUlswDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw -+NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 -+cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgRUMgIzIwXjAQBgcqhkjOPQIBBgUr -+gQQAEANKAAQC7xvYe8vMp3SqE+0jDrkuHc6AXdcg3nzviofC33M9K+iSKNIAfe/2 -+1wEk91EsPcvB6HZk+fmEzBXBWisepKABKTm+eOkeoRGjYDBeMAwGA1UdEwEB/wQC -+MAAwDgYDVR0PAQH/BAQDAgXgMB0GA1UdDgQWBBSqWRYUy2syIUwfSR31e19LeNXK -+9TAfBgNVHSMEGDAWgBQVwRMha+JVX6dqHVcg1s/zqXNkWTANBgkqhkiG9w0BAQsF -+AAOCAQEASbh+sI03xUMMzPT8bRbWNF5gG3ab8IUzqm05rTa54NCPRSn+ZdMXcCFz -+5fSU0T1dgEjeD+cCRVAZxskTZF7FWmRLc2weJMf7x+nPE5KaWyRAoD7FIKGP2m6m -+IMCVOmiafuzmHASBYOz6RwjgWS0AWES48DJX6o0KpuT4bsknz+H7Xo+4+NYGCRao -+enqIMZmWesGVXJ63pl32jUlXeAg59W6PpV2L9XRWLzDW1t1q2Uji7coCWtNjkojZ -+rv0yRMc1czkT+mAJRAJ8D9MoTnRXm1dH4bOxte4BGUHNQ2P1HeV01vkd1RTL0g0R -+lPyDAlBASvMn7RZ9nX8G3UOOL6gtVA== - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smroot.pem b/test/smime-certs/smroot.pem -index d1a253f409..9af38d310b 100644 ---- a/test/smime-certs/smroot.pem -+++ b/test/smime-certs/smroot.pem -@@ -1,49 +1,49 @@ - -----BEGIN PRIVATE KEY----- --MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyyQXED5HyVWwq --nXyzmY317yMUJrIfsKvREG2C691dJNHgNg+oq5sjt/fzkyS84AvdOiicAsao4cYL --DulthaLpbC7msEBhvwAil0FNb5g3ERupe1KuTdUV1UuD/i6S2VoaNXUBBn1rD9Wc --BBc0lnx/4Wt92eQTI6925pt7ZHPQw2Olp7TQDElyi5qPxCem4uT0g3zbZsWqmmsI --MXbu+K3dEprzqA1ucKXbxUmZNkMwVs2XCmlLxrRUj8C3/zENtH17HWCznhR/IVcV --kgIuklkeiDsEhbWvUQumVXR7oPh/CPZAbjGqq5mVueHSHrp7brBVZKHZvoUka28Q --LWitq1W5AgMBAAECggEASkRnOMKfBeOmQy2Yl6K57eeg0sYgSDnDpd0FINWJ5x9c --b58FcjOXBodtYKlHIY6QXx3BsM0WaSEge4d+QBi7S+u8r+eXVwNYswXSArDQsk9R --Bl5MQkvisGciL3pvLmFLpIeASyS/BLJXMbAhU58PqK+jT2wr6idwxBuXivJ3ichu --ISdT1s2aMmnD86ulCD2DruZ4g0mmk5ffV+Cdj+WWkyvEaJW2GRYov2qdaqwSOxV4 --Yve9qStvEIWAf2cISQjbnw2Ww6Z5ebrqlOz9etkmwIly6DTbrIneBnoqJlFFWGlF --ghuzc5RE2w1GbcKSOt0qXH44MTf/j0r86dlu7UIxgQKBgQDq0pEaiZuXHi9OQAOp --PsDEIznCU1bcTDJewANHag5DPEnMKLltTNyLaBRulMypI+CrDbou0nDr29VOzfXx --mNvi/c7RttOBOx7kXKvu0JUFKe2oIWRsg0KsyMX7UFMVaHFgrW+8DhQc7HK7URiw --nitOnA7YwIHRF9BMmcWcLFEYBQKBgQDC6LPbXV8COKO0YCfGXPnE7EZGD/p0Q92Z --8CoSefphEScSdO1IpxFXG7fOZ4x2GQb9q7D3IvaeKAqNjUjkuyxdB30lIWDBwSWw --fFgsa2SZwD5P60G/ar50YJr6LiF333aUMDVmC9swFfZERAEmGUz2NTrPWQdIx/lu --PyDtUR75JQKBgHaoCCJ8vl5SJl1IA5GV4Bo8IoeLTSzsY9d09zMy6BoZcMD1Ix2T --5S2cXhayoegl9PT6bsYSGHVWFCdJ86ktMI826TcXRzDaCvYhzc9THroJQcnfdbtP --aHWezkv7fsAmkoPjn75K7ubeo+r7Q5qbkg6a1PW58N8TRXIvkackzaVxAoGBALAq --qh3U+AHG9dgbrPeyo6KkuCOtX39ks8/mbfCDRZYkbb9V5f5r2tVz3R93IlK/7jyr --yWimtmde46Lrl33922w+T5OW5qBZllo9GWkUrDn3s5qClcuQjJIdmxYTSfbSCJiK --NkmE39lHkG5FVRB9f71tgTlWS6ox7TYDYxx83NTtAoGAUJPAkGt4yGAN4Pdebv53 --bSEpAAULBHntiqDEOu3lVColHuZIucml/gbTpQDruE4ww4wE7dOhY8Q4wEBVYbRI --vHkSiWpJUvZCuKG8Foh5pm9hU0qb+rbQV7NhLJ02qn1AMGO3F/WKrHPPY8/b9YhQ --KfvPCYimQwBjVrEnSntLPR0= -+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDZLSl8LdU54OUA -+T8ctFuKLShJul2IMzaEDkFLoL4agccajgvsRxW+8vbc2Re0y1mVMvfNz7Cg5a7Ke -+iSuFJOrQtvDt+HkU5c706YDmw15mBpDSHapkXr80G/ABFbstWafOfagVW45wv65K -+H4cnpcqwrLhagmC8QG0KfWbf+Z2efOxaGu/dTNA3Cnq/BQGTdlkQ28xbrvd+Ubzg -+cY4Y/hJ7Fw1/IeEhgr/iVJhQIUAklp9B+xqDfWuxIt5mNwWWh/Lfk+UxqE99EhQR -+0YZWyIKfKzbeJLBzDqY2hQzVL6kAvY9cR1WbBItTA0G2F5qZ9B/3EHEFWZMBvobt -++UTEkuBdAgMBAAECggEAF3Eagz7nPyIZVdlGpIVN2r8aEjng6YTglmPjrxBCNdtS -+F6AxvY9UKklIF2Gg4tXlhU0TlDWvedM4Koif2/VKK1Ez3FvvpePQXPs/YKlB7T1U -+MHnnRII9nUBOva88zv5YcJ97nyKM03q9M18H1a29nShnlc1w56EEpBc5HX/yFYMv -+kMYydvB5j0DQkJlkQNFn4yRag0wIIPeyXwwh5l98SMlr40hO10OYTOQPrrgP/ham -+AOZ//DvGo5gF8hGJYoqG4vcYbxRfTqbc2lQ4XRknOT182l9gRum52ahkBY6LKb4r -+IZXPStS6fCAR5S0lcdBb3uN/ap9SUfb9w/Dhj5DZAQKBgQDr06DcsBpoGV2dK9ib -+YL5MxC5JL7G79IBPi3ThRiOSttKXv3oDAFB0AlJvFKwYmVz8SxXqQ2JUA4BfvMGF -+TNrbhukzo0ou5boExnQW/RjLN3fWVq1JM7iLbNU9YYpPCIG5LXrt4ZDOwITeGe8f -+bmZK9zxWxc6BBJtc3mTFS5tm4QKBgQDrwRyEn6oZ9TPbR69fPgWvDqQwKs+6TtYn -+0otMG9UejbSMcyU4sI+bZouoca2CzoNi2qZVIvI9aOygUHQAP7Dyq1KhsvYtzJub -+KEua379WnzBMMjJ56Q/e4aKTq229QvOk+ZEYl6aklZX7xnYetYNZQrp4QzUyOQTG -+gfxgxKi0/QKBgQCy1esAUJ/F366JOS3rLqNBjehX4c5T7ae8KtJ433qskO4E29TI -+H93jC7u9txyHDw5f2QUGgRE5Cuq4L2lGEDFMFvQUD7l69QVrB6ATqt25hhffuB1z -+DMDfIqpXAPgk1Rui9SVq7gqlb4OS9nHLESqLoQ/l8d2XI4o6FACxSZPQoQKBgQCR -+8AvwSUoqIXDFaB22jpVEJYMb0hSfFxhYtGvIZF5MOJowa0L6UcnD//mp/xzSoXYR -+pppaj3R28VGxd7wnP0YRIl7XfAoKleMpbAtJRwKR458pO9WlQ9GwPeq/ENqw0xYx -+5M+d8pqUvYiHv/X00pYJllYKBkiS21sKawLJAFQTHQKBgQCJCwVHxvxkdQ8G0sU2 -+Vtv2W38hWOSg5+cxa+g1W6My2LhX34RkgKzuaUpYMlWGHzILpxIxhPrVLk1ZIjil -+GIP969XJ1BjB/kFtLWdxXG8tH1If3JgzfSHUofPHF3CENoJYEZ1ugEfIPzWPZJDI -+DL5zP8gmBL9ZAOO/J9YacxWYMQ== - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIDbjCCAlagAwIBAgIJAMc+8VKBJ/S9MA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MjlaFw0yMzA3MTUxNzI4MjlaMEQx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU --ZXN0IFMvTUlNRSBSU0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC --ggEBALLJBcQPkfJVbCqdfLOZjfXvIxQmsh+wq9EQbYLr3V0k0eA2D6irmyO39/OT --JLzgC906KJwCxqjhxgsO6W2FoulsLuawQGG/ACKXQU1vmDcRG6l7Uq5N1RXVS4P+ --LpLZWho1dQEGfWsP1ZwEFzSWfH/ha33Z5BMjr3bmm3tkc9DDY6WntNAMSXKLmo/E --J6bi5PSDfNtmxaqaawgxdu74rd0SmvOoDW5wpdvFSZk2QzBWzZcKaUvGtFSPwLf/ --MQ20fXsdYLOeFH8hVxWSAi6SWR6IOwSFta9RC6ZVdHug+H8I9kBuMaqrmZW54dIe --untusFVkodm+hSRrbxAtaK2rVbkCAwEAAaNjMGEwHQYDVR0OBBYEFMmRUwpjexZb --i71E8HaIqSTm5bZsMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA8G --A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IB --AQAwpIVWQey2u/XoQSMSu0jd0EZvU+lhLaFrDy/AHQeG3yX1+SAOM6f6w+efPvyb --Op1NPI9UkMPb4PCg9YC7jgYokBkvAcI7J4FcuDKMVhyCD3cljp0ouuKruvEf4FBl --zyQ9pLqA97TuG8g1hLTl8G90NzTRcmKpmhs18BmCxiqHcTfoIpb3QvPkDX8R7LVt --9BUGgPY+8ELCgw868TuHh/Cnc67gBtRjBp0sCYVzGZmKsO5f1XdHrAZKYN5mEp0C --7/OqcDoFqORTquLeycg1At/9GqhDEgxNrqA+YEsPbLGAfsNuXUsXs2ubpGsOZxKt --Emsny2ah6fU2z7PztrUy/A80 -+MIIDezCCAmOgAwIBAgIUBxh2L3ItsVPuBogDI0WfUX1lFnMwDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw -+NTEwMTUzMzEzWjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 -+cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgUlNBIFJvb3QwggEiMA0GCSqGSIb3DQEB -+AQUAA4IBDwAwggEKAoIBAQDZLSl8LdU54OUAT8ctFuKLShJul2IMzaEDkFLoL4ag -+ccajgvsRxW+8vbc2Re0y1mVMvfNz7Cg5a7KeiSuFJOrQtvDt+HkU5c706YDmw15m -+BpDSHapkXr80G/ABFbstWafOfagVW45wv65KH4cnpcqwrLhagmC8QG0KfWbf+Z2e -+fOxaGu/dTNA3Cnq/BQGTdlkQ28xbrvd+UbzgcY4Y/hJ7Fw1/IeEhgr/iVJhQIUAk -+lp9B+xqDfWuxIt5mNwWWh/Lfk+UxqE99EhQR0YZWyIKfKzbeJLBzDqY2hQzVL6kA -+vY9cR1WbBItTA0G2F5qZ9B/3EHEFWZMBvobt+UTEkuBdAgMBAAGjYzBhMB0GA1Ud -+DgQWBBQVwRMha+JVX6dqHVcg1s/zqXNkWTAfBgNVHSMEGDAWgBQVwRMha+JVX6dq -+HVcg1s/zqXNkWTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkq -+hkiG9w0BAQsFAAOCAQEAvdAmpDPi1Wt7Hk30dXKF7Ug6MUKETi+uoO1Suo9JhNko -+/cpvoi8fbo/dnWVDfHVoItEn644Svver5UJdKJY62DvhilpCtAywYfCpgxkpKoKE -+dnpjnRBSMcbVDImsqvf1YjzFKiOiD7kcVvz4V0NZY91ZWwu3vgaSvcTJQkpWN0a+ -+LWanpVKqigl8nskttnBeiHDHGebxj3hawlIdtVlkbQwLLwlVkX99x1F73uS33IzB -+Y6+ZJ2is7mD839B8fOVd9pvPvBBgahIrw5tzJ/Q+gITuVQd9E6RVXh10/Aw+i/8S -+7tHpEUgP3hBk1P+wRQBWDxbHB28lE+41jvh3JObQWQ== - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smrsa1.pem b/test/smime-certs/smrsa1.pem -index d0d0b9e66b..d32d889047 100644 ---- a/test/smime-certs/smrsa1.pem -+++ b/test/smime-certs/smrsa1.pem -@@ -1,49 +1,49 @@ - -----BEGIN PRIVATE KEY----- --MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDXr9uzB/20QXKC --xhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK2bcj54XB26i1kXuOrxID --3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt+W6lSd6Hmfrk4GmE9LTU --/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JFYg4c7qt5RCk/w8kwrQ0D --orQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSebvt0APeqgRxSpCxqYnHs --CoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxMkjpJSv3/ekDG2CHYxXSH --XxpJstxZAgMBAAECggEASY4xsJaTEPwY3zxLqPdag2/yibBBW7ivz/9p80HQTlXp --KnbxXj8nNXLjCytAZ8A3P2t316PrrTdLP4ML5lGwkM4MNPhek00GY79syhozTa0i --cPHVJt+5Kwee/aVI9JmCiGAczh0yHyOM3+6ttIZvvXMVaSl4BUHvJ0ikQBc5YdzL --s6VM2gCOR6K6n+39QHDI/T7WwO9FFSNnpWFOCHwAWtyBMlleVj+xeZX8OZ/aT+35 --27yjsGNBftWKku29VDineiQC+o+fZGJs6w4JZHoBSP8TfxP8fRCFVNA281G78Xak --cEnKXwZ54bpoSa3ThKl+56J6NHkkfRGb8Rgt/ipJYQKBgQD5DKb82mLw85iReqsT --8bkp408nPOBGz7KYnQsZqAVNGfehM02+dcN5z+w0jOj6GMPLPg5whlEo/O+rt9ze --j6c2+8/+B4Bt5oqCKoOCIndH68jl65+oUxFkcHYxa3zYKGC9Uvb+x2BtBmYgvDRG --ew6I2Q3Zyd2ThZhJygUZpsjsbQKBgQDdtNiGTkgWOm+WuqBI1LT5cQfoPfgI7/da --ZA+37NBUQRe0cM7ddEcNqx7E3uUa1JJOoOYv65VyGI33Ul+evI8h5WE5bupcCEFk --LolzbMc4YQUlsySY9eUXM8jQtfVtaWhuQaABt97l+9oADkrhA+YNdEu2yiz3T6W+ --msI5AnvkHQKBgDEjuPMdF/aY6dqSjJzjzfgg3KZOUaZHJuML4XvPdjRPUlfhKo7Q --55/qUZ3Qy8tFBaTderXjGrJurc+A+LiFOaYUq2ZhDosguOWUA9yydjyfnkUXZ6or --sbvSoM+BeOGhnezdKNT+e90nLRF6cQoTD7war6vwM6L+8hxlGvqDuRNFAoGAD4K8 --d0D4yB1Uez4ZQp8m/iCLRhM3zCBFtNw1QU/fD1Xye5w8zL96zRkAsRNLAgKHLdsR --355iuTXAkOIBcJCOjveGQsdgvAmT0Zdz5FBi663V91o+IDlryqDD1t40CnCKbtRG --hng/ruVczg4x7OYh7SUKuwIP/UlkNh6LogNreX0CgYBQF9troLex6X94VTi1V5hu --iCwzDT6AJj63cS3VRO2ait3ZiLdpKdSNNW2WrlZs8FZr/mVutGEcWho8BugGMWST --1iZkYwly9Xfjnpd0I00ZIlr2/B3+ZsK8w5cOW5Lpb7frol6+BkDnBjbNZI5kQndn --zQpuMJliRlrq/5JkIbH6SA== -+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDax3T7alefZcbm -+CcdN0kEoBLwV8H25vre43RYjuPo64TBjeKUy27ayC1TXydF1eYm3HPrFYfkS0fZ6 -+YK0xvwyxiQnesvcfnVe2fpXFPsl5RQvu1JKM7rJAuLC+YTRLez07IHhQnHQ25ZkR -++B4SL5mIhuOSJ9yyFJYJQ3Kdw/aX/jtnWVR8p3FyghJptWIm90ufW4xWFY0yNSW1 -+KmkZuOWF7VPh5RC1C7woB/RHhyD2gOP7tF+eDJ/QbX4iki4gPRFHuNrSV8ZpvDkI -+qqyF5BW8tyJneDkoWW8IuEpmNIzfbOCHvI6y7roeAmRrwH4/o5WxaEIsnQ/3pNvj -+n6+vA+nfAgMBAAECggEAFR5MHQQYCYjDXoDoI7YdgwA+AFIoGLjKYZu5yjX4tZv3 -+gJ/si7sTaMlY5cGTU1HUPirxIVeCjv4Eha31BJ3KsGJ9jj6Gm0nOuzd/O+ctKeRv -+2/HaDvpFlk4dsCrlkjmxteuS9u5l9hygniWYutcBwjY0cRnMScZcm0VO+DVVMDj0 -+9yNrFzhlmqV+ckawjK/J91r0uvnCVIsGA6akhlc5K0gwvFb/CC1WuceEeGx/38k3 -+4OuiHtLyJfIlgyGD8C3QfJlMOBHeQ/DCo6GMqrOAad/chtcO7JklcJ+k2qylP2gu -+e25NJCQVh+L32b9WrH3quH6fbLIg8a8MmUWl6te3FQKBgQDddu0Dp8R8fe2WnAE5 -+oXdASAf2BpthRNqUdYpkkO7gOV0MXCKIEiGZ+WuWEYmNlsXZCJRABprqLw9O/5Td -+2q+rCbdG9mSW2x82t/Ia4zd3r0RSHZyKbtOLtgmWfQkwVHy+rED8Juie5bNzHbjS -+1mYtFP2KDQ5yZA95yFg8ZtXOawKBgQD85VOPnfXGOJ783JHepAn4J2x1Edi+ZDQ+ -+Ml9g2LwetI46dQ0bF6V8RtcyWp0+6+ydX5U4JKhERFDivolD7Z1KFmlNLPs0cqSX -+5g5kzTD+R+zpr9FRragYKyLdHsLP0ur75Rh5FQkUl2DmeKCMvMKAkio0cduVpVXT -+SvWUBtkHXQKBgBy4VoZZ1GZcolocwx/pK6DfdoDWXIIhvsLv91GRZhkX91QqAqRo -+zYi9StF8Vr1Q5zl9HlSrRp3GGpMhG/olaRCiQu1l+KeDpSmgczo/aysPRKntgyaE -+ttRweA/XCUEGQ+MqTYcluJcarMnp+dUFztxb04F6rfvxs/wUGjVDFMkfAoGBAK+F -+wx9UtPZk6gP6Wsu58qlnQ2Flh5dtGM1qTMR86OQu0OBFyVjaaqL8z/NE7Qp02H7J -+jlmvJ5JqD/Gv6Llau+Zl86P66kcWoqJCrA7OU4jJBueSfadA7gAIQGRUK0Xuz+UQ -+tpGjRfAiuMB9TIEhqaVuzRglRhBw9kZ2KkgZEJyJAoGBANrEpEwOhCv8Vt1Yiw6o -+co96wYj+0LARJXw6rIfEuLkthBRRoHqQMKqwIGMrwjHlHXPnQmajONzIJd+u+OS4 -+psCGetAIGegd3xNVpK2uZv9QBWBpQbuofOh/c2Ctmm2phL2sVwCZ0qwIeXuBwJEc -+NOlOojKDO+dELErpShJgFIaU - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBAMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU --ZXN0IFMvTUlNRSBFRSBSU0EgIzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK --AoIBAQDXr9uzB/20QXKCxhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK --2bcj54XB26i1kXuOrxID3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt --+W6lSd6Hmfrk4GmE9LTU/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JF --Yg4c7qt5RCk/w8kwrQ0DorQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSe --bvt0APeqgRxSpCxqYnHsCoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxM --kjpJSv3/ekDG2CHYxXSHXxpJstxZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD --VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBTmjc+lrTQuYx/VBOBGjMvufajvhDAfBgNV --HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA --dr2IRXcFtlF16kKWs1VTaFIHHNQrfSVHBkhKblPX3f/0s/i3eXgwKUu7Hnb6T3/o --E8L+e4ioQNhahTLt9ruJNHWA/QDwOfkqM3tshCs2xOD1Cpy7Bd3Dn0YBrHKyNXRK --WelGp+HetSXJGW4IZJP7iES7Um0DGktLabhZbe25EnthRDBjNnaAmcofHECWESZp --lEHczGZfS9tRbzOCofxvgLbF64H7wYSyjAe6R8aain0VRbIusiD4tCHX/lOMh9xT --GNBW8zTL+tV9H1unjPMORLnT0YQ3oAyEND0jCu0ACA1qGl+rzxhF6bQcTUNEbRMu --9Hjq6s316fk4Ne0EUF3PbA== -+MIIDeTCCAmGgAwIBAgIUM6U1Peo3wzfAJIrzINejJJfmRzkwDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw -+NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 -+cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMxMIIBIjANBgkqhkiG9w0B -+AQEFAAOCAQ8AMIIBCgKCAQEA2sd0+2pXn2XG5gnHTdJBKAS8FfB9ub63uN0WI7j6 -+OuEwY3ilMtu2sgtU18nRdXmJtxz6xWH5EtH2emCtMb8MsYkJ3rL3H51Xtn6VxT7J -+eUUL7tSSjO6yQLiwvmE0S3s9OyB4UJx0NuWZEfgeEi+ZiIbjkifcshSWCUNyncP2 -+l/47Z1lUfKdxcoISabViJvdLn1uMVhWNMjUltSppGbjlhe1T4eUQtQu8KAf0R4cg -+9oDj+7Rfngyf0G1+IpIuID0RR7ja0lfGabw5CKqsheQVvLciZ3g5KFlvCLhKZjSM -+32zgh7yOsu66HgJka8B+P6OVsWhCLJ0P96Tb45+vrwPp3wIDAQABo2AwXjAMBgNV -+HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUHw4Us7FXwgLtZ1JB -+MOAHSkNYfEkwHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI -+hvcNAQELBQADggEBAAMAXEjTNo7evn6BvfEaG2q21q9xfFear/M0zxc5xcTj+WP+ -+BKrlxXg5RlVFyvmzGhwZBERsDMJYa54aw8scDJsy/0zPdWST39dNev7xH13pP8nF -+QF4MGPKIqBzX8iDCqhz70p1w2ndLjz1dvsAqn6z9/Sh3T2kj6DfZY3jA49pMEim1 -+vYd4lWa5AezU3+cLtBbo2c2iyG2W7SFpnNTjLX823f9rbVPnUb93ZI/tDXDIf5hL -+0hocZs+MWdC7Ly1Ru4PXa6+DeOM0z673me/Q27e24OBbG2eq5g7eW5euxJinGkpI -+XGGKTKrBCPxSdTtwSNHU9HsggT8a0wXL2QocZ3w= - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smrsa2.pem b/test/smime-certs/smrsa2.pem -index 2f17cb2978..a7a21fc80f 100644 ---- a/test/smime-certs/smrsa2.pem -+++ b/test/smime-certs/smrsa2.pem -@@ -1,49 +1,49 @@ - -----BEGIN PRIVATE KEY----- --MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDcYC4tS2Uvn1Z2 --iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iFAzAnwqR/UB1R67ETrsWq --V8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFpcXepPWQacpuBq2VvcKRD --lDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS0PZ9EZB63T1gmwaK1Rd5 --U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1NcojhptIWyI0r7dgn5J3 --NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0EFWyQf7iDxGaA93Y9ePB --Jv5iFZVZAgMBAAECggEBAILIPX856EHb0KclbhlpfY4grFcdg9LS04grrcTISQW1 --J3p9nBpZ+snKe6I8Yx6lf5PiipPsSLlCliHiWpIzJZVQCkAQiSPiHttpEYgP2IYI --dH8dtznkdVbLRthZs0bnnPmpHCpW+iqpcYJ9eqkz0cvUNUGOjjWmwWmoRqwp/8CW --3S1qbkQiCh0Mk2fQeGar76R06kXQ9MKDEj14zyS3rJX+cokjEoMSlH8Sbmdh2mJz --XlNZcvqmeGJZwQWgbVVHOMUuZaKJiFa+lqvOdppbqSx0AsCRq6vjmjEYQEoOefYK --3IJM9IvqW5UNx0Cy4kQdjhZFFwMO/ALD3QyF21iP4gECgYEA+isQiaWdaY4UYxwK --Dg+pnSCKD7UGZUaCUIv9ds3CbntMOONFe0FxPsgcc4jRYQYj1rpQiFB8F11+qXGa --P/IHcnjr2+mTrNY4I9Bt1Lg+pHSS8QCgzeueFybYMLaSsXUo7tGwpvw6UUb6/YWI --LNCzZbrCLg1KZjGODhhxtvN45ZkCgYEA4YNSe+GMZlxgsvxbLs86WOm6DzJUPvxN --bWmni0+Oe0cbevgGEUjDVc895uMFnpvlgO49/C0AYJ+VVbStjIMgAeMnWj6OZoSX --q49rI8KmKUxKgORZiiaMqGWQ7Rxv68+4S8WANsjFxoUrE6dNV3uYDIUsiSLbZeI8 --38KVTcLohcECgYEAiOdyWHGq0G4xl/9rPUCzCMsa4velNV09yYiiwBZgVgfhsawm --hQpOSBZJA60XMGqkyEkT81VgY4UF4QLLcD0qeCnWoXWVHFvrQyY4RNZDacpl87/t --QGO2E2NtolL3umesa+2TJ/8Whw46Iu2llSjtVDm9NGiPk5eA7xPPf1iEi9kCgYAb --0EmVE91wJoaarLtGS7LDkpgrFacEWbPnAbfzW62UENIX2Y1OBm5pH/Vfi7J+vHWS --8E9e0eIRCL2vY2hgQy/oa67H151SkZnvQ/IP6Ar8Xvd1bDSK8HQ6tMQqKm63Y9g0 --KDjHCP4znOsSMnk8h/bZ3HcAtvbeWwftBR/LBnYNQQKBgA1leIXLLHRoX0VtS/7e --y7Xmn7gepj+gDbSuCs5wGtgw0RB/1z/S3QoS2TCbZzKPBo20+ivoRP7gcuFhduFR --hT8V87esr/QzLVpjLedQDW8Xb7GiO3BsU/gVC9VcngenbL7JObl3NgvdreIYo6+n --yrLyf+8hjm6H6zkjqiOkHAl+ -+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDkoMi4sqj2mN8j -+SaFAibXEfeYYrzBHIdCm/uaXWit81fXOSFVw1rbeAppxz7bOcSEN50lpdP2UX3/b -+FYFD3exHXjvch9NPNgQaNkCqTNTuYa2L9wrpltXnon7tH3W/zZfF+/qpUSu1f6rk -+GyxjVXxLwjIawCX0rbLcdFCVVy+EyvQkvSxXjafrDMzshWzPDbtjUv3SH6avqrPn -+4NX0fv3BdBwTfDLAw/m8nN+9B9Mg0V7UNM1IJY/Vo5pLhv+MrEf8SnAS+1Wt43rT -+3PY9iMZMMWUswdgmPY0yCN95ggwNrSMGV60yvEDxINWuJoR8s0lybDdFa+AB5v4T -+hqKpspFNAgMBAAECggEAZmWu0K5QJ7Y7Rlo9ayLicsFyk36vUESQZ6MF0ybzEEPi -+BkR2ZAX+vDuNQckm1pprlAcRZbactl35bT3Z+fQE1cgaZoC8/x6xwq2m0796pNPB -+v0zjqdBBOLAaSgjLm56wyd88GqZ8vZsTBnw3KrxIYcP13e5OcaJ0V/GOf/yfD0lg -+Tq9i7V5Iq++Fpo2KvJA8FMgqcfhvhdo40rRykoBfzEZpBk4Ia/Yijsbx5sE15pFZ -+DfmsMbD+vViuM8IavHo61mBNyYeydwlgIMqUgP/6xbYUov/XSUojrLG+IQuvDx9D -+xzTHGM+IBJxQZMza/mDVcjUAcDEjWt/Mve8ibTQCbwKBgQDyaiGsURtlf/8xmmvT -+RQQFFFsJ8SXHNYmnceNULIjfDxpLk1yC4kBNUD+liAJscoVlOcByHmXQRtnY1PHq -+AwyrwplGd82773mtriDVFSjhD+GB7I0Hv2j+uiFZury0jR/6/AsWKCtTqd0opyuB -+8rGZjguiwZIjeyxd8mL1dncUHwKBgQDxcNxHUvIeDBvAmtK65xWUuLcqtK9BblBH -+YVA7p93RqX4E+w3J0OCvQRQ3r1GCMMzFEO0oOvNfMucU4rbQmx1pbzF8aQU+8iEW -+kYpaWUbPUQ2hmBblhjGYHsigt/BrzaW0QveVIWcGiyVVX9wiCzJH5moJlCRK2oHR -+B36hdlmNEwKBgQCSlWSpOx4y4RQiHXtn9Eq6+5UVTPGIJTKIwxAwnQFiyFIhMwl0 -+x3UUixsBcF3uz80j6akaGJF+QOmH+TQTSibGUdS3TMhmBSfxwuJtlu7yMNUu6Chb -+b/4AUfLKvGVRVCjrbq8Rhda1L3jhFTz0xhlofgFBOIWy2M96O5BlV24oBwKBgQDs -+cf93ZfawkGEZVUXsPeQ3mlHe48YCCPtbfCSr13B3JErCq+5L52AyoUQgaHQlUI8o -+qrPmQx0V7O662G/6iP3bxEYtNVgq1cqrpGpeorGi1BjKWPyLWMj21abbJmev21xc -+1XxLMsQHd3tfSZp2SIq8OR09NjP4jla1k2Ziz1lRuwKBgQCUJXjhW4dPoOzC7DJK -+u4PsxcKkJDwwtfNudVDaHcbvvaHELTAkE2639vawH0TRwP6TDwmlbTQJP4EW+/0q -+13VcNXVAZSruA9dvxlh4vNUH3PzTDdFIJzGVbYbV9p5t++EQ7gRLuLZqs99BOzM9 -+k6W9F60mEFz1Owh+lQv7WfSIVA== - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBBMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU --ZXN0IFMvTUlNRSBFRSBSU0EgIzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK --AoIBAQDcYC4tS2Uvn1Z2iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iF --AzAnwqR/UB1R67ETrsWqV8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFp --cXepPWQacpuBq2VvcKRDlDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS --0PZ9EZB63T1gmwaK1Rd5U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1 --NcojhptIWyI0r7dgn5J3NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0 --EFWyQf7iDxGaA93Y9ePBJv5iFZVZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD --VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBT0arpyYMHXDPVL7MvzE+lx71L7sjAfBgNV --HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA --I8nM42am3aImkZyrw8iGkaGhKyi/dfajSWx6B9izBUh+3FleBnUxxOA+mn7M8C47 --Ne18iaaWK8vEux9KYTIY8BzXQZL1AuZ896cXEc6bGKsME37JSsocfuB5BIGWlYLv --/ON5/SJ0iVFj4fAp8z7Vn5qxRJj9BhZDxaO1Raa6cz6pm0imJy9v8y01TI6HsK8c --XJQLs7/U4Qb91K+IDNX/lgW3hzWjifNpIpT5JyY3DUgbkD595LFV5DDMZd0UOqcv --6cyN42zkX8a0TWr3i5wu7pw4k1oD19RbUyljyleEp0DBauIct4GARdBGgi5y1H2i --NzYzLAPBkHCMY0Is3KKIBw== -+MIIDeTCCAmGgAwIBAgIUTMQXiTcI/rpzqO91NyFWpjLE3KkwDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw -+NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 -+cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMyMIIBIjANBgkqhkiG9w0B -+AQEFAAOCAQ8AMIIBCgKCAQEA5KDIuLKo9pjfI0mhQIm1xH3mGK8wRyHQpv7ml1or -+fNX1zkhVcNa23gKacc+2znEhDedJaXT9lF9/2xWBQ93sR1473IfTTzYEGjZAqkzU -+7mGti/cK6ZbV56J+7R91v82Xxfv6qVErtX+q5BssY1V8S8IyGsAl9K2y3HRQlVcv -+hMr0JL0sV42n6wzM7IVszw27Y1L90h+mr6qz5+DV9H79wXQcE3wywMP5vJzfvQfT -+INFe1DTNSCWP1aOaS4b/jKxH/EpwEvtVreN609z2PYjGTDFlLMHYJj2NMgjfeYIM -+Da0jBletMrxA8SDVriaEfLNJcmw3RWvgAeb+E4aiqbKRTQIDAQABo2AwXjAMBgNV -+HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUSJ0v3SKahe6eKssR -+rBvYLBprFTgwHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI -+hvcNAQELBQADggEBAKoyszyZ3DfCOIVzeJrnScXuMvRkVqO5aGmgZxtY9r6gPk8v -+gXaEFXDKqRbGqEnuwEjpew+SVZO8nrVpdIP7fydpufy7Cu91Ev4YL1ui5Vc66+IK -+7dXV7eZYcH/dDJBPZddHx9vGhcr0w8B1W9nldM3aQE/RQjOmMRDc7/Hnk0f0RzJp -+LA0adW3ry27z2s4qeCwkV9DNSh1KoGfcLwydBiXmJ1XINMFH/scD4pk9UeJpUL+5 -+zvTaDzUmzLsI1gH3j/rlzJuNJ7EMfggKlfQdit9Qn6+6Gjk6T5jkZfzcq3LszuEA -+EFtkxWyBmmEgh4EmvZGAyrUvne1hIIksKe3iJ+E= - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smrsa3.pem b/test/smime-certs/smrsa3.pem -index 14c27f64aa..980d3af3b4 100644 ---- a/test/smime-certs/smrsa3.pem -+++ b/test/smime-certs/smrsa3.pem -@@ -1,49 +1,49 @@ - -----BEGIN PRIVATE KEY----- --MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCyK+BTAOJKJjji --OhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVCFoVBz5doMf3M6QIS2jL3 --Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsFSTxytUVpfcByrubWiLKX --63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuWm/gavozkK103gQ+dUq4H --XamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enhav2sXDfOmZp/DYf9IqS7l --vFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p1diWRpaSn62bbkRN49j6 --L2dVb+DfAgMBAAECggEAciwDl6zdVT6g/PbT/+SMA+7qgYHSN+1koEQaJpgjzGEP --lUUfj8TewCtzXaIoyj9IepBuXryBg6snNXpT/w3bqgYon/7zFBvxkUpDj4A5tvKf --BuY2fZFlpBvUu1Ju1eKrFCptBBBoA9mc+BUB/ze4ktrAdJFcxZoMlVScjqGB3GdR --OHw2x9BdWGCJBhiu9VHhAAb/LVWi6xgDumYSWZwN2yovg+7J91t5bsENeBRHycK+ --i5dNFh1umIK9N0SH6bpHPnLHrCRchrQ6ZRRxL4ZBKA9jFRDeI7OOsJuCvhGyJ1se --snsLjr/Ahg00aiHCcC1SPQ6pmXAVBCG7hf4AX82V4QKBgQDaFDE+Fcpv84mFo4s9 --wn4CZ8ymoNIaf5zPl/gpH7MGots4NT5+Ns+6zzJQ6TEpDjTPx+vDaabP7QGXwVZn --8NAHYvCQK37b+u9HrOt256YYRDOmnJFSbsJdmqzMEzpTNmQ8GuI37cZCS9CmSMv+ --ab/plcwuv0cJRSC83NN2AFyu1QKBgQDRJzKIBQlpprF9rA0D5ZjLVW4OH18A0Mmm --oanw7qVutBaM4taFN4M851WnNIROyYIlkk2fNgW57Y4M8LER4zLrjU5HY4lB0BMX --LQWDbyz4Y7L4lVnnEKfQxWFt9avNZwiCxCxEKy/n/icmVCzc91j9uwKcupdzrN6E --yzPd1s5y4wKBgQCkJvzmAdsOp9/Fg1RFWcgmIWHvrzBXl+U+ceLveZf1j9K5nYJ7 --2OBGer4iH1XM1I+2M4No5XcWHg3L4FEdDixY0wXHT6Y/CcThS+015Kqmq3fBmyrc --RNjzQoF9X5/QkSmkAIx1kvpgXtcgw70htRIrToGSUpKzDKDW6NYXhbA+PQKBgDJK --KH5IJ8E9kYPUMLT1Kc4KVpISvPcnPLVSPdhuqVx69MkfadFSTb4BKbkwiXegQCjk --isFzbeEM25EE9q6EYKP+sAm+RyyJ6W0zKBY4TynSXyAiWSGUAaXTL+AOqCaVVZiL --rtEdSUGQ/LzclIT0/HLV2oTw4KWxtTdc3LXEhpNdAoGBAM3LckiHENqtoeK2gVNw --IPeEuruEqoN4n+XltbEEv6Ymhxrs6T6HSKsEsLhqsUiIvIzH43KMm45SNYTn5eZh --yzYMXLmervN7c1jJe2Y2MYv6hE+Ypj1xGW4w7s8WNKmVzLv97beisD9AZrS7sXfF --RvOAi5wVkYylDxV4238MAZIq -+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQD5A/t3norj/167 -+toKG1Ygtg3G+pZ4Nwl5a9flnm8JdSMW5TEEP1TSvDVIEuAVi7xqoAn6heypoaMkB -+GJ+AoSo9R7umdhhq2vnmWFNsdH6oDzynVXixyURo81YrN3sn9Xd55ivTiSpZXldi -+ECr2T0BYvOw0h497bPs6gY9LqgrBHNYVF3lFhdOmYWv+2qSdti+1gV3t24pv1CrK -+2AdX5Epdd5jR+eNnt+suZqoPC0hTcNjszJLcfDYFXHva9BcE0DfrgcYSmoSBU53M -+jt63TClK6ZoVcPJ7vXjFRHncvs1/d+nc9BdL9FsGI1ezspSwcJHqex2wgo76yDrq -+DE4s23rPAgMBAAECggEAEDi+VWD5VUpjD5zWOoPQiRDGBJBhtMAKkl6okxEmXvWb -+Xz3STFnjHgA1JFHW3bRU9BHI9k8vSHmnlnkfKb3V/ZX5IHNcKCHb/x9NBak+QLVQ -+0zLtfE9vxiTC0B/oac+MPaiD4hYFQ81pFwK6VS0Poi8ZCBJtOkRqfUvsyV8zZrgh -+/6cs4mwOVyZPFRgF9eWXYv7PJz8pNRizhII0iv9H/r2I3DzsZLPCg7c29mP+I/SG -+A7Pl82UXjtOc0KurGY2M5VheZjxJT/k/FLMkWY2GS5n6dfcyzsVSKb25HoeuvQsI -+vs1mKs+Onbobdc17hCcKVJzbi3DwXs5XDhrEzfHccQKBgQD88uBxVCRV31PsCN6I -+pKxQDGgz+1BqPqe7KMRiZI7HgDUK0eCM3/oG089/jsBtJcSxnScLSVNBjQ+xGiFi -+YCD4icQoJSzpqJyR6gDq5lTHASAe+9LWRW771MrtyACQWNXowYEyu8AjekrZkCUS -+wIKVpw57oWykzIoS7ixZsJ8gxwKBgQD8BPWqJEsLiQvOlS5E/g88eV1KTpxm9Xs+ -+BbwsDXZ7m4Iw5lYaUu5CwBB/2jkGGRl8Q/EfAdUT7gXv3t6x5b1qMXaIczmRGYto -+NuI3AH2MPxAa7lg5TgBgie1r7PKwyPMfG3CtDx6n8W5sexgJpbIy5u7E+U6d8s1o -+c7EcsefduQKBgCkHJAx9v18GWFBip+W2ABUDzisQSlzRSNd8p03mTZpiWzgkDq4K -+7j0JQhDIkMGjbKH6gYi9Hfn17WOmf1+7g92MSvrP/NbxeGPadsejEIEu14zu/6Wt -+oXDLdRbYZ+8B2cBlEpWuCl42yck8Lic6fnPTou++oSah3otvglYR5d2lAoGACd8L -+3FE1m0sP6lSPjmZBJIZAcDOqDqJY5HIHD9arKGZL8CxlfPx4lqa9PrTGfQWoqORk -+YmmI9hHhq6aYJHGyPKGZWfjhbVyJyFg1/h+Hy2GA+P0S+ZOjkiR050BNtTz5wOMr -+Q6wO8FcVkywzIdWaqEHBYne9a5RiFVBKxKv3QAkCgYBxmCBKajFkMVb4Uc55WqJs -+Add0mctGgmZ1l5vq81eWe3wjM8wgfJgaD3Q3gwx2ABUX/R+OsVWSh4o5ZR86sYoz -+TviknBHF8GeDLjpT49+04fEaz336J2JOptF9zIpz7ZK1nrOEjzaZGtumReVjUP7X -+fNcb5iDYqZRzD8ixBbLxUw== - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBCMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU --ZXN0IFMvTUlNRSBFRSBSU0EgIzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK --AoIBAQCyK+BTAOJKJjjiOhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVC --FoVBz5doMf3M6QIS2jL3Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsF --STxytUVpfcByrubWiLKX63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuW --m/gavozkK103gQ+dUq4HXamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enha --v2sXDfOmZp/DYf9IqS7lvFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p --1diWRpaSn62bbkRN49j6L2dVb+DfAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD --VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBQ6CkW5sa6HrBsWvuPOvMjyL5AnsDAfBgNV --HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA --JhcrD7AKafVzlncA3cZ6epAruj1xwcfiE+EbuAaeWEGjoSltmevcjgoIxvijRVcp --sCbNmHJZ/siQlqzWjjf3yoERvLDqngJZZpQeocMIbLRQf4wgLAuiBcvT52wTE+sa --VexeETDy5J1OW3wE4A3rkdBp6hLaymlijFNnd5z/bP6w3AcIMWm45yPm0skM8RVr --O3UstEFYD/iy+p+Y/YZDoxYQSW5Vl+NkpGmc5bzet8gQz4JeXtH3z5zUGoDM4XK7 --tXP3yUi2eecCbyjh/wgaQiVdylr1Kv3mxXcTl+cFO22asDkh0R/y72nTCu5fSILY --CscFo2Z2pYROGtZDmYqhRw== -+MIIDeTCCAmGgAwIBAgIUIDyc//j/LoNDesZTGbPBoVarv4EwDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw -+NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 -+cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMzMIIBIjANBgkqhkiG9w0B -+AQEFAAOCAQ8AMIIBCgKCAQEA+QP7d56K4/9eu7aChtWILYNxvqWeDcJeWvX5Z5vC -+XUjFuUxBD9U0rw1SBLgFYu8aqAJ+oXsqaGjJARifgKEqPUe7pnYYatr55lhTbHR+ -+qA88p1V4sclEaPNWKzd7J/V3eeYr04kqWV5XYhAq9k9AWLzsNIePe2z7OoGPS6oK -+wRzWFRd5RYXTpmFr/tqknbYvtYFd7duKb9QqytgHV+RKXXeY0fnjZ7frLmaqDwtI -+U3DY7MyS3Hw2BVx72vQXBNA364HGEpqEgVOdzI7et0wpSumaFXDye714xUR53L7N -+f3fp3PQXS/RbBiNXs7KUsHCR6nsdsIKO+sg66gxOLNt6zwIDAQABo2AwXjAMBgNV -+HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUN9pGq/UFS3o50rTi -+V+AYgAk+3R4wHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI -+hvcNAQELBQADggEBAGcOh380/6aJqMpYBssuf2CB3DX/hGKdvEF7fF8iNSfl5HHq -+112kHl3MhbL9Th/safJq9sLDJqjXRNdVCUJJbU4YI2P2gsi04paC0qxWxMLtzQLd -+CE7ki2xH94Fuu/dThbpzZBABROO1RrdI24GDGt9t4Gf0WVkobmT/zNlwGppKTIB2 -+iV/Ug30iKr/C49UzwUIa+XXXujkjPTmGSnrKwVQNxQh81rb+iTL7GEnNuqDsatHW -+ZyLS2SaVdG5tMqDkITPMDGjehUzJcAbVc8Bv4m8Ukuov3uDj2Doc6MxlvrVkV0AE -+BcSCb/bWQJJ/X4LQZlx9cMk4NINxV9UeFPZOefg= - -----END CERTIFICATE----- --- -2.38.1.windows.1 diff --git a/backport-apps-passwd.c-free-before-error-exiting.patch b/backport-apps-passwd.c-free-before-error-exiting.patch deleted file mode 100644 index 7c9e7cdbf9760890124342fb1f861171ac03bb64..0000000000000000000000000000000000000000 --- a/backport-apps-passwd.c-free-before-error-exiting.patch +++ /dev/null @@ -1,61 +0,0 @@ -From dd05385e36582f34e691b1350dd7daf74df5cc90 Mon Sep 17 00:00:00 2001 -From: Peiwei Hu -Date: Tue, 4 Jan 2022 09:10:32 +0800 -Subject: [PATCH] apps/passwd.c: free before error exiting - -use goto instead of returning directly while error handling - -Signed-off-by: Peiwei Hu - -Reviewed-by: Ben Kaduk -Reviewed-by: Paul Dale -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/17404) - -(cherry picked from commit ea4d16bc60dee53feb71997c1e78379eeb69b7ac) ---- - apps/passwd.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/apps/passwd.c b/apps/passwd.c -index d741d05335..2a4199d080 100644 ---- a/apps/passwd.c -+++ b/apps/passwd.c -@@ -407,7 +407,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) - n >>= 1; - } - if (!EVP_DigestFinal_ex(md, buf, NULL)) -- return NULL; -+ goto err; - - for (i = 0; i < 1000; i++) { - if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL)) -@@ -633,7 +633,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt) - n >>= 1; - } - if (!EVP_DigestFinal_ex(md, buf, NULL)) -- return NULL; -+ goto err; - - /* P sequence */ - if (!EVP_DigestInit_ex(md2, sha, NULL)) -@@ -644,7 +644,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt) - goto err; - - if (!EVP_DigestFinal_ex(md2, temp_buf, NULL)) -- return NULL; -+ goto err; - - if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL) - goto err; -@@ -661,7 +661,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt) - goto err; - - if (!EVP_DigestFinal_ex(md2, temp_buf, NULL)) -- return NULL; -+ goto err; - - if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL) - goto err; --- -2.33.0 diff --git a/backport-test-add-test-cases-for-the-policy-resource-overuse.patch b/backport-test-add-test-cases-for-the-policy-resource-overuse.patch deleted file mode 100644 index 763a0992d490bc3fc9aa908badcc189c11ca3de0..0000000000000000000000000000000000000000 --- a/backport-test-add-test-cases-for-the-policy-resource-overuse.patch +++ /dev/null @@ -1,626 +0,0 @@ -From b44a67c6132754adc256290d0267c1e82994ac94 Mon Sep 17 00:00:00 2001 -From: Pauli -Date: Wed, 8 Mar 2023 14:39:25 +1100 -Subject: [PATCH] test: add test cases for the policy resource overuse - -These trees have pathological properties with respect to building. The small -tree stays within the imposed limit, the large tree doesn't. - -The large tree would consume over 150Gb of RAM to process. - -Reviewed-by: Tomas Mraz -Reviewed-by: Shane Lontis -(Merged from https://github.com/openssl/openssl/pull/20569) ---- - test/recipes/80-test_policy_tree.t | 41 ++ - .../80-test_policy_tree_data/large_leaf.pem | 11 + - .../large_policy_tree.pem | 434 ++++++++++++++++++ - .../80-test_policy_tree_data/small_leaf.pem | 11 + - .../small_policy_tree.pem | 70 +++ - 5 files changed, 567 insertions(+) - create mode 100644 test/recipes/80-test_policy_tree.t - create mode 100644 test/recipes/80-test_policy_tree_data/large_leaf.pem - create mode 100644 test/recipes/80-test_policy_tree_data/large_policy_tree.pem - create mode 100644 test/recipes/80-test_policy_tree_data/small_leaf.pem - create mode 100644 test/recipes/80-test_policy_tree_data/small_policy_tree.pem - -diff --git a/test/recipes/80-test_policy_tree.t b/test/recipes/80-test_policy_tree.t -new file mode 100644 -index 0000000000..606ad05e9c ---- /dev/null -+++ b/test/recipes/80-test_policy_tree.t -@@ -0,0 +1,41 @@ -+#! /usr/bin/env perl -+# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+ -+ -+use strict; -+use warnings; -+ -+use POSIX; -+use OpenSSL::Test qw/:DEFAULT srctop_file with data_file/; -+ -+use OpenSSL::Test::Utils; -+use OpenSSL::Glob; -+ -+setup("test_policy_tree"); -+ -+plan tests => 2; -+ -+# The small pathological tree is expected to work -+my $small_chain = srctop_file("test", "recipes", "80-test_policy_tree_data", -+ "small_policy_tree.pem"); -+my $small_leaf = srctop_file("test", "recipes", "80-test_policy_tree_data", -+ "small_leaf.pem"); -+ -+ok(run(app(["openssl", "verify", "-CAfile", $small_chain, -+ "-policy_check", $small_leaf])), -+ "test small policy tree"); -+ -+# The large pathological tree is expected to fail -+my $large_chain = srctop_file("test", "recipes", "80-test_policy_tree_data", -+ "large_policy_tree.pem"); -+my $large_leaf = srctop_file("test", "recipes", "80-test_policy_tree_data", -+ "large_leaf.pem"); -+ -+ok(!run(app(["openssl", "verify", "-CAfile", $large_chain, -+ "-policy_check", $large_leaf])), -+ "test large policy tree"); -diff --git a/test/recipes/80-test_policy_tree_data/large_leaf.pem b/test/recipes/80-test_policy_tree_data/large_leaf.pem -new file mode 100644 -index 0000000000..39ed6a7fa6 ---- /dev/null -+++ b/test/recipes/80-test_policy_tree_data/large_leaf.pem -@@ -0,0 +1,11 @@ -+-----BEGIN CERTIFICATE----- -+MIIBmTCCAT+gAwIBAgIBADAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg -+Q0EgMTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowGjEYMBYGA1UE -+AxMPd3d3LmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEp6Qe -+jrN6A0ZjqaFbX/zO01aVYXH5kthBDTEO/fU4H0CdwqrfyMsFrObwssrTJcsmSFKP -+x1FYr8wT2wCACs19lqN4MHYwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3LmV4YW1wbGUuY29t -+MCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMAoGCCqGSM49 -+BAMCA0gAMEUCIDGT8SVBkWJEZ2EzXm8M895NrNRmfc8uoheP0KKv+ndHAiEA2Onr -+20J+zTaR7vONY/1DleMm7fGY3UxTobSHSvOKbfY= -+-----END CERTIFICATE----- -diff --git a/test/recipes/80-test_policy_tree_data/large_policy_tree.pem b/test/recipes/80-test_policy_tree_data/large_policy_tree.pem -new file mode 100644 -index 0000000000..5cd31c355b ---- /dev/null -+++ b/test/recipes/80-test_policy_tree_data/large_policy_tree.pem -@@ -0,0 +1,434 @@ -+-----BEGIN CERTIFICATE----- -+MIICEDCCAbagAwIBAgIBATAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg -+Q0EgMjAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE -+AxMLUG9saWN5IENBIDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATgyLz1C0dD -+ib5J/QmoE4d+Nf5yvvlzjVZHWIu7iCMEqK67cnA1RtMp1d0xdiNQS6si3ExNPBF+ -+ELdkP0E6x26Jo4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF -+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSs+ml5upH1h25oUB0Ep4vd -+SUdZ/DAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV -+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK -+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB -+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAOME8j1/cMogNnuNCb0O -+RIOE9pLP4je78KJiP8CZm0iOAiALr8NI67orD/VpfRptkjCmOd7rTWMVOOJfBr6N -+VJFLjw== -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICDzCCAbagAwIBAgIBAjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg -+Q0EgMzAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE -+AxMLUG9saWN5IENBIDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASIdzU/FF3Y -+rTsTX04fRIN2yrZwxvOAfZ6DuEgKRxEimJx1nCyETuMmfDowm52mx/Cyk08xorp8 -+PhGEbacMd9kio4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF -+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSwok/8RfJbVGTzyF5jhWLc -+hO7pcDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV -+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK -+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB -+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDRwAwRAIgYVF7bXxUuOzAZF6SmeIJ -+s+iL15bLSQ2rW7QDc6QYp9MCIAup6YokIcr8JaGttHmLaKbASQLxYDGHhfFIVZuI -+BDvT -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEDCCAbagAwIBAgIBAzAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg -+Q0EgNDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE -+AxMLUG9saWN5IENBIDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ38Llxxj32 -+H3NN4Z1V8IuRKXLNhdU4z+NbT1rahusEyAHF+z9VTjim+HHfqFKV1QyNOJZ4rMA9 -+J/gODWsNCT4po4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF -+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS11YgFNKTx3a6kssIijnA9 -+DiOhoTAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV -+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK -+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB -+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAJXNZHMpvlnMfxhcG6EF -+Vw1pEXJ+iZnWT+Yu02a2zhamAiAiOKNhALBw/iKhQrwLo0cdx6UEfUKbaqTSGiax -+tHUylA== -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEDCCAbagAwIBAgIBBDAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg -+Q0EgNTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE -+AxMLUG9saWN5IENBIDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATo81HWQ/we -+egmoO/LMntQK1VQ9YzU627nblv/XWoOjEd/tBeE8+Un4jUnhZqNrP2TAzy48jEaT -+1DShCQNQGek7o4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF -+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS6/F38QgbZSHib0W1XtMfs -+4O5DTDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV -+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK -+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB -+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIgXMYCQWi5/6iQw+zqyEav -+CE7kOfTpm9GN4bZX5Eau5AACIQD0rDZwsjWf6hI2Hn8IlpwYVVC9bpxrAM/JmYuu -+79V/uw== -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEDCCAbagAwIBAgIBBTAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg -+Q0EgNjAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE -+AxMLUG9saWN5IENBIDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARsPMjOkmzJ -+2jwT30mKUvAFYVgOlgcoXxYr61p54mbQMmmH49ABmJQMu5rjwjwYlYA3UzbEN9ki -+hMsJz/4JIrJGo4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF -+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQeflZRWUze+7jne9MkYYy5 -+iWFgJDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV -+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK -+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB -+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAIN6BjMnPlixl3i6Z1Xa -+pZQt52MOCHPm0XzXDn2XlC9+AiAn146u8rbppdEGMFr21vfFZaktwEb0cZkC9fBp -+S1uKwQ== -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEDCCAbagAwIBAgIBBjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg -+Q0EgNzAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE -+AxMLUG9saWN5IENBIDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASVmpozZzxX -+f6rFinkqS0y8sfbOwcM0gNuR0x83mmZH5+a8W4ug5W80QiBaS3rHtwTsFHpCeQKq -+eJvfb/esgJu8o4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF -+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQPuF2sXR0vOHJynh57qefK -++h7RGDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV -+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK -+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB -+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIgDX0jHPq1alZoMbPDmbZp -+QYuM9UQagQ5KJgVU1B0Mh2ECIQCtdyfT2h5jZvz3lLKkQ9a6LddIuqsyNKDAxbpb -+PlBOOA== -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEDCCAbagAwIBAgIBBzAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg -+Q0EgODAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE -+AxMLUG9saWN5IENBIDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASb+9fN9RLe -+SHGynsKXhLWGhIS/kZ6Yl97+h23xpjLaZUOzhn5VafXdmLrQ4BmqSMHqIKzcc8IB -+STV3NwO4NxPBo4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF -+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTBF9x+MrsyqoCaTQ2kB7Bn -+tpK2qDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV -+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK -+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB -+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAI37Di/5MrSj2clr+2pX -+iXzeDIvlaxzVetyH3ibUZZBSAiA41aPIssHi9evv2mZonEvXY8g+DKbh/3L2mSub -+/AyLoA== -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICETCCAbagAwIBAgIBCDAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg -+Q0EgOTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE -+AxMLUG9saWN5IENBIDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASrRS12/zEP -+RUNye9SLadN4xK+xfTwyXfxeC+jam+J98lOMcHz6abnLpk5tJ7wab4Pkygsbj1V2 -+STxeW+YH23dto4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF -+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQYpYFLhosbir7KoyYdehsQ -+6DdLfzAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV -+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK -+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB -+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSQAwRgIhAPTCN+zWFG2cFzJ+nlfg -+JMY4U2e3vqTQmFeBXYlBASb9AiEA0KvsyNwloF1YeeaYcP5iHoRGRo8UMD3QWKEE -+vWI14Uk= -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEDCCAbegAwIBAgIBCTAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMTAwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBYxFDASBgNV -+BAMTC1BvbGljeSBDQSA5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoR4udEgt -+usb9f946+Xznm7Q3OaW4DTZjO7wqX1I+27zDp0JrUbCZwtm0Cw+pYkG5kPpNcFTK -+7yG3YgqM1sT+6aOB8jCB7zAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0lBAwwCgYIKwYB -+BQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUjgtOHvFBcUQ03AKUbvuJ -+IWO5lzUwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwcQYD -+VR0hBGowaDAYBgpghkgBZQMCATABBgpghkgBZQMCATABMBgGCmCGSAFlAwIBMAEG -+CmCGSAFlAwIBMAIwGAYKYIZIAWUDAgEwAgYKYIZIAWUDAgEwATAYBgpghkgBZQMC -+ATACBgpghkgBZQMCATACMAoGCCqGSM49BAMCA0cAMEQCICIboTAzG1DvCY/0tA/o -+l18zrW9qKVnt4mxih5JQe4fOAiBOF2ZeUT2/ZtdFhZmg+zl/fGrQ1xEx09/S956k -+Ig4S9Q== -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEjCCAbigAwIBAgIBCjAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMTEwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAxMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLxetqJp -+VR6apJytboxFCCooQ7jVcc7yoHhjlH8HsaJS3GrWpyMgiqOfyWt4KFMynKkgCU1K -+1QcU9aC5BfRQpyWjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFD6etMtD6Qpa7TjVQBgV -+/4PhZP4DMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEA+5uiOjJoq5nU7lKN -+rZtBdYNqUKvHuYB+jiNEfWvxx2cCIFZEJCGw8fzqkAyGWkLe10w8PUzPM64nh757 -+pEtxCzZh -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEjCCAbigAwIBAgIBCzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMTIwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAxMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPQuXEeo -+BrbyENdz9HqAoWMSQx1BErsUcQaneq3L0/VHHJBPKihb8s4nB/2yZaEarr8LFAvi -+ofx+4egydkP0mJ+jgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIoC4qL79Uy3+m26Y+ch -++sE6gCOMMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEAx/vMDhaH4EYTM2v9 -+GeM1xTP9pNRgak69JQLKLu1VM1YCIF1RYC8Fma5Bc0cZAYY+Gj7dEf9qHj1TODA5 -+C9es2CPY -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICETCCAbigAwIBAgIBDDAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMTMwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAxMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDlEv73o -+ej8Xvc3UodhSHkech80DbuBKdeldOTrRp6ZaVUP3vMgjNUJkh4WkvP3UVTe5SV4D -+zQXDIiwAEJu+zdmjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFCAn0wYXyRdliJOBFvvJ -+eZoGTiyOMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNHADBEAiAo2PPmLBZpcT0bst/C -+SXvnl3gztIZu89O1MKsNwFcM9QIgIzqZx/o9MF/fP7zbLWErVcUQViOGiCRBLVh7 -+ppb7CoA= -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEzCCAbigAwIBAgIBDTAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMTQwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAxMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABB8mgAoN -+rmFo937IBKXKuxHedUjOL7y3cpDYD1H3C4HRDBQDVOL31lC5kJUhS4HBLvJQwebR -+2kW35E3AnhbY/oKjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBGbO20Xp/q0fPChjLHL -+WuJwSNc1MCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEA3qGzdevdYfmiSBj9 -+t9oE8hfEP+APqGiStlOLKD6xVK0CIQDq9cVa2KXMEz7YwmMO3lxoQFDPEXftbRaC -+edFB7q/YXg== -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEzCCAbigAwIBAgIBDjAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMTUwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAxNDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHDiOMtx -+5sfJs/WDnw0xS5NYlkbgy2eOZHAmC/jhRp6cjShZrr2/S4IJsH8B2VMcYAHgum6a -+eMjqWFIMxIjN5xyjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOWtYUeAPk66m0o6Z7ax -+1RN42wmkMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEA+AcazVKKPfqkpcJw -+rkXWIyZrTe+1PNETQzaJCooGNGkCIQDdfHf1I78e+ogaDcjkDe0s3R9VhkvjCty6 -+uKKFtNGHMQ== -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEjCCAbigAwIBAgIBDzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMTYwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAxNTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKCkdSYz -++zyHItG2rQSyCh018b4bu9Zrw8nzkCBgkT2IyycNtpabYkWhxcEL29ZFqBnB+l7N -+5fYmHl5CmflJPh+jgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNanrmjMEN3PndPGeucm -+mST9ucNWMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiAFt48yhTTv0rP29N8H -+yRhAQGfnV4t1b8JucixLSfe32QIhAOef6iiwLxbBOMUn5ZN/WAK5TERem6DLSzWN -+/PTXHAAt -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICETCCAbigAwIBAgIBEDAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMTcwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAxNjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH5txyDp -+DfRsIyYPTAQ+fuxk08E3/tpChVWoog4XQvod61wcUO1/nhoTGNKZZOhN5uhKWJWb -+1futz+XxV2QxTCyjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHSlcxgh3gxgVag1JvAk -+zbHlgMbEMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNHADBEAiA9Ee47PnxqW0QmELB+ -+dd90Fz8wcQFZlNmkPW4Oq2xr/wIgGlxfutQq7l3TU5hyyO0Lh01AHn2DC5KPFPwE -+l8S9VeY= -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEzCCAbigAwIBAgIBETAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMTgwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAxNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAJvlQKB -+gJZ+Tysa6iwhllPXCeJrkan6WUm+oqOIY02/SpI5Mba1Kwg73Fsswx3Eywt8sxA2 -+4fiaqwg+xZoil06jgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFM/udZ1ib8qDfShdfdfX -+8gL6w7VMMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEA6kK7vAYF2TPXzywn -++SDLsiGbU6Sj8aTtsJZf9DmhKr4CIQCt4FfI7IWinqNlURXe4HSBPsekcQkOpwjK -+PuJRx3fuFw== -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEzCCAbigAwIBAgIBEjAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMTkwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAxODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEerejCw -+gAy7GecLVbQw6eL8k1cGWwLt+wl3sn8he8fA0I+KoFfcOCgtvOF59RMXnjZ1+7OC -+kz3mNDVSbKY6KO2jgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFM0OUOtOKTcTMRXGQwbw -+GOoLCOEYMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEAziPsm2dArB/3ILqm -+04mZl8/DX6dB4EmU+FPF2UpAeLwCIQCofc27tisg3L1mPNeiwZ26+rDe5SdixiUc -+S3KWOJ1cTg== -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEjCCAbigAwIBAgIBEzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMjAwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAxOTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPmB5spr -+C64/21ssufcbshGnQtAWbk2o2l+ej6pMMPIZhmNyvM450L3dFX12UBNcaERCABmr -+BEJL7IubGWE9CVOjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJCh/1mh0Hl2+LE0osUv -+OJCmV3IYMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEAtxMIkO4xCRSQCU6d -+0jt+Go4xj/R4bQFWbZrlS9+fYUECICuWAgT3evhoo34o04pU84UaYOvO5V0GJsTt -+hrS1v3hT -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEzCCAbigAwIBAgIBFDAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMjEwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAyMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHdvTDYo -+M/padIV3LdTnrzwMy1HSTeJ2aTUalkVV17uL2i3C51rWM2pl+qlRordq6W2GboMz -+/+78HhKMcCrMWKCjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAbZN0eSPw3MyvWIEix6 -+GnYRIiFkMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEAlaapLXHwGNkeEwc0 -+jsY2XhuR3RlVhD4T2k/QyJRQ0s0CIQD5E+e+5QTe5s+534Lwcxe2iFb3oFm+8g81 -+OBVtfmSMGg== -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEjCCAbigAwIBAgIBFTAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMjIwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAyMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLTu8R5Y -+7Po4W05hWperfod6mXezwWgAVk2RW2EG2vy4NeZeML2EFhg2geNc6N5Goep9t7pn -+d+BtORRvR75oCDijgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNs0d2vXsRj3YYsBrWDo -+jrvcEA+eMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiBB603Ui+L60FcUWPrB -+Ch06hmgle2u0P07Go/XjTk00ZQIhALGhNArJFEY0gu+XUtyKEZt7BZ0/sh5dtLDP -+xkRgR6Wh -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEzCCAbigAwIBAgIBFjAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMjMwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAyMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPXpzC9/ -+KGblQyjhdcS0a8KBPAiS7c0n+V0i9JItbyze38Ncrctp0wIGHZLjRoB4DZYX1I8e -+K5C7KVeUPEE9eOGjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFISsw9orkX/cBVWcK5KA -+//kldz8HMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEA1gazdApLS91ql8Am -+4gb4Ku7Lgll4jV+BrLkbABE2cI0CIQCEH1GUJ6ARJB1GdcHrPyaLgeZ5jV2p63UW -+UV2QL6aETA== -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEjCCAbigAwIBAgIBFzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMjQwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAyMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKdweprb -+RZmuUk4og1Xa9Skb1vu7jsLozlm9CtDhKLbJ+cDX/VeKj/b8FuvakBO3L1QV5XU0 -+iFswsIVBVZ3m+TyjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFPgcEbHfKHt0o/PCS0kD -+XWW9XkqMMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEA9XDj0w5qMS/tLlr9 -+Z2j8JtVR4M7pF/Wx2U43vmPFJEACIBAlAiUnCm1Nfj16t2cojrW+m2t1cU80ihmj -+Ld1U+dRD -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICETCCAbigAwIBAgIBGDAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMjUwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAyNDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAq2PphK -+4oVsc+ml3zskBLiMa+dz64k+PrrfKIGSG2Ri5Du/orj0dO9639LeCkkMwWpXAfSx -+wxHHQX0I1KwsudGjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEqcfkso+ynKq2eFaJy8 -+mzNBdN2PMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNHADBEAiBZ71jDD33HFFqMkLAW -+gTAGMmzh9b/vZ8jAclPDKHRghQIgf2GBOF1eEF8Ino9F1n1ia5c3EryvXnvVoklw -+cjMIQ5g= -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEjCCAbigAwIBAgIBGTAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMjYwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAyNTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJRoDkj7 -+iDlIygt4YmMgw4pizu2sx4436MGtw5fFHhjy7T+pPMGjYFg3dixxUOu1NHORpdJq -+8Y7SN8p8Y0XsDpijgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOutMoKSOv5lEGZaqYZM -+zNFwpX3KMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEAks62lsAHmN6xkZsF -+6ocGONpH/XmHLpoO6RfMoRCnWkICIFNFD+W6pSSvdDB96sn8jnZ7W/Y0hyLzscBO -+WtkzqqJJ -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEzCCAbigAwIBAgIBGjAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMjcwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAyNjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE3seRj5 -+LVNKi9sZk7qv5cBVUG8BLXXfDRUhCUzT10YAU1J0yd2wmLTbwPyYm65GaecvAHSR -+SExOzX6bC35nNt6jgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNx5XhDdoflDgPrW/HyU -+tCokuJ0AMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEApAQVb0KQedyAw1SJ -+J8At4uxxm2b8W13s6ENapxw+lwwCIQC7326NFPsDjbfBKhFDQhCIMkAkYq2wzRJ7 -+ubTwkdT19g== -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEzCCAbigAwIBAgIBGzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMjgwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAyNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABC+FQF2E -+TrZ4YGNyxFxzpTQBjlu9QUrwgHzabAn47toqRkWUGAS68jBfSdR+j2c7/oehQHhO -+relHcbQilhZnh4ijgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIOlwsa4FjZWhzQYTAY3 -+c2TSYhsEMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEAwxNBi+8baAU76yng -++XvMpY62aqPO4bAe/uedaxBb2jMCIQDJHXqibgIAm1T4/YHimllVlLQudQL5OkbF -+Krj3uVHtBg== -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEjCCAbigAwIBAgIBHDAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMjkwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAyODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBmhjGvk -+C3QfSVdY5zuHEY4Rf3eKVro6vcKymgdBPFjjDggZNktR3OMnayCabJB51g2VL7Fg -+MegdwzJWzPvQreyjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEvevGIfitXek0IStYIR -+5ne2SkJwMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiBzlv0TggDJWUWx0UHl -+cqxuMpoNdy+ifizQIlcjWcrzvgIhAJdQfkPaZdc4/j/HfGaVNN9InJuBWGrPYU6A -+iwsSB0jY -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEzCCAbigAwIBAgIBHTAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMzAwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAyOTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCrC5p+Z -+ywMukm1LRuXeJ5V1M6V+8A8PjqB3tgHVeEn973HOfia8lt2/7EoKaLKzP8A7D3eC -+aBJUmTgHauaolYOjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGG5D5h1FRA+aZMbSXfZ -+Mp8pjYUEMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNJADBGAiEAnI2IhyXtBCRiv+Xs -+EzsO497oVf1U8SJiVR8SaEx0gzgCIQC0+un/Hcb0OWvpvoeHKcRi7e8SZkX+vn2i -+u+KsPqlfzA== -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEjCCAbigAwIBAgIBHjAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMzEwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAzMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHg1qbhT -+bpV0agLQkk6di7EdwrrqIn7yCiBCfPwoDI7czY1bHwkR2E8EdrG4ZLBHHFXYNHau -+kEo9nueljxbA6MGjgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGXSqDk/Zov8a62kkXDr -+8YhtqdkTMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEA1D2Fm3D8REQtj8o4 -+ZrnDyWam0Rx6cEMsvmeoafOBUeUCIBW0IoUYmF46faRQWKN7R8wnvbjUw0bxztzy -+okUR5Pma -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEjCCAbigAwIBAgIBHzAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxQb2xpY3kg -+Q0EgMzEwIBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMBcxFTATBgNV -+BAMTDFBvbGljeSBDQSAzMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIwGMmHl -+/QJSpu6KHakSe4gkf3L+NpsrtQpxu6sNfmSjO++dGv6sj2v3+DZNeyagVUJRVHaD -+IZzpoyVVrBBO6vijgfIwge8wDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFA+f9g1sP2kM5sOT/8Ge -+IDKq5FcUMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMHEG -+A1UdIQRqMGgwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwATAYBgpghkgBZQMCATAB -+BgpghkgBZQMCATACMBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAEwGAYKYIZIAWUD -+AgEwAgYKYIZIAWUDAgEwAjAKBggqhkjOPQQDAgNIADBFAiEAvQlbAmF3pS041Zo2 -+eHrxMO3j8thB+XqHU8RatCZ60WACIG1vUFPH7UwzTTann7Sgp4s+Gd/jLOkrJnEk -+W3De9dSX -+-----END CERTIFICATE----- -diff --git a/test/recipes/80-test_policy_tree_data/small_leaf.pem b/test/recipes/80-test_policy_tree_data/small_leaf.pem -new file mode 100644 -index 0000000000..c40ddff9e0 ---- /dev/null -+++ b/test/recipes/80-test_policy_tree_data/small_leaf.pem -@@ -0,0 +1,11 @@ -+-----BEGIN CERTIFICATE----- -+MIIBmjCCAT+gAwIBAgIBADAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg -+Q0EgMTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowGjEYMBYGA1UE -+AxMPd3d3LmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAER7oh -+z+MnwilNhyEB2bZTuYBpeiwW4QlpYZU6b/8uWOldyMXCaPmaXwY60nrMznfFJX6F -+h8dC6XIzvQmjUMdSoqN4MHYwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG -+AQUFBwMBMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3LmV4YW1wbGUuY29t -+MCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMAoGCCqGSM49 -+BAMCA0kAMEYCIQC2km5juUULIRYsRgHuLFEiABBR0pDAyTbl9LRjlkSeEQIhAO9b -+ye60dMNbhY1OOzrr4mDRv0tuNmbGBErcFs61YZkC -+-----END CERTIFICATE----- -diff --git a/test/recipes/80-test_policy_tree_data/small_policy_tree.pem b/test/recipes/80-test_policy_tree_data/small_policy_tree.pem -new file mode 100644 -index 0000000000..040542d16a ---- /dev/null -+++ b/test/recipes/80-test_policy_tree_data/small_policy_tree.pem -@@ -0,0 +1,70 @@ -+-----BEGIN CERTIFICATE----- -+MIICETCCAbagAwIBAgIBATAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg -+Q0EgMjAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE -+AxMLUG9saWN5IENBIDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQu7GyNFjN6 -+Sqwk1CZAt+lzTC/Us6ZkO5nsmb8yAuPb6RJ0A2LvUbsmZea+UyBFq3VuEbbuCoeE -+KRbKkS6wefAzo4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF -+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSQkJvfn8gFHIXVTBJ4hrtP -+ypA9QTAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV -+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK -+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB -+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSQAwRgIhALn6/b3H+jLusJE5QiaS -+PiwrLcl+NDguWCnxo0c6AfduAiEApkXUN+7vRfXeFFd9CfA1BnTW3eUzBOsukZoN -+zaj+utk= -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICDzCCAbagAwIBAgIBAjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg -+Q0EgMzAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE -+AxMLUG9saWN5IENBIDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+p+A+K6MI -+R3eVP/+2O7lam32HU10frEKpyQslZAabYJwkc9iq5WatMbTMPQibuOIWHFl02uJ8 -+cxGKy/Hke8P5o4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF -+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSSOt6HCXw+L/4uzJsInqqA -+XrWt8DAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV -+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK -+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB -+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDRwAwRAIgS/vh3osFy+q1MLuVnAdg -+gMINfiIJw1+3zbYsJYlNhWgCICu6Qgzee4NwIrJagcdVA0RAfnCOo6wfvikpl0ts -+EepA -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEDCCAbagAwIBAgIBAzAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg -+Q0EgNDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE -+AxMLUG9saWN5IENBIDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQONHKgpAJ6 -+vE41FYBekpLzybpBQp/gUmgRPKrcL0z4lLTDjCG3j6yIbZma8u2bPM1MBXw5otZ7 -+xVFhQ1AkZIOco4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF -+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ69465BL89BXORf4sSnneU -+exkm0jAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV -+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK -+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB -+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAPK9PqPxgme9x6TPFh2z -+vv+qVEM2WxOTdRKOPgUYzCp9AiBl8qO3szv5jNDzb0fRIqVp37v9yBjWcgO9Wl02 -+QDCpGw== -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICETCCAbagAwIBAgIBBDAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg -+Q0EgNTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE -+AxMLUG9saWN5IENBIDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASLrUP7BFi7 -++LE2uDVCZ2Z2HK6BpL/kjBbwKkLxlJe+LqNolzu53b8+WtHwrvPPVkD9t3KMdWXU -+K7NtHYgXUz07o4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF -+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS0kaY2oJVEBLtjkqI8pXsv -+eqm3VDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV -+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK -+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB -+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSQAwRgIhAJuTMvMUda4Y29V1Tm5O -+jCqBThR2NwdQfnET1sjch3Q7AiEA7nEudfXKMljjz608aWtafTkw5V5I2/SbuUKr -+vjprfIo= -+-----END CERTIFICATE----- -+-----BEGIN CERTIFICATE----- -+MIICEDCCAbagAwIBAgIBBTAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg -+Q0EgNTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE -+AxMLUG9saWN5IENBIDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ9RuYVzUGB -+FkAEM9kHe9xynDo/NcsiaAO3+E2u7jJQQN50d6hVEDHf9961omldhKhP4HTNfhqj -+VMIHKGMhXCgKo4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF -+BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTVrjWaVjkfMpilq5tGZ4zZ -+iJtaSDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV -+HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK -+YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB -+MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAPVgPpACX2ylQMEMSntw -+izxKHTSPhXuF6IHhNHRz7KFnAiB8y/QcF7N2iXNZEqffWSkVted/XOw3Xrck0sJ6 -+4eXNcw== -+-----END CERTIFICATE----- --- -2.36.1 - diff --git a/backport-update-expired-certificates-for-sm2.patch b/backport-update-expired-certificates-for-sm2.patch deleted file mode 100644 index 6454171d90452e1fd5f05166e08e2f5d0410a07d..0000000000000000000000000000000000000000 --- a/backport-update-expired-certificates-for-sm2.patch +++ /dev/null @@ -1,110 +0,0 @@ -From 0f4738ab5ef8085b27e89dba91677f892b5b3689 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Thu, 2 Jun 2022 18:12:05 +0200 -Subject: [PATCH] Update further expiring certificates that affect tests - -Namely the smime certificates used in test_cms and the -SM2 certificates will expire soon and affect tests. - -Fixes #15179 - -Reviewed-by: Dmitry Belyavskiy -Reviewed-by: Paul Dale -(Merged from https://github.com/openssl/openssl/pull/18467) - -(cherry picked from commit 5d219937d067a761fb871483369a6020c60a3cb8) ---- - test/certs/sm2-ca-cert.pem | 22 ++++---- - test/certs/sm2-root.crt | 22 ++++---- - test/certs/sm2.pem | 23 ++++---- - -diff --git a/test/certs/sm2-ca-cert.pem b/test/certs/sm2-ca-cert.pem -index 5677ac6c9f6a..70ce71e43091 100644 ---- a/test/certs/sm2-ca-cert.pem -+++ b/test/certs/sm2-ca-cert.pem -@@ -1,14 +1,14 @@ - -----BEGIN CERTIFICATE----- --MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT -+MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT - AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl --c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe --Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw --CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn --MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG --SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU --5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW --BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU --5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI --ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X --YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3 -+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg -+Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x -+CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP -+cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH -+KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+ -+ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O -+BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp -+SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1 -+A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC -+WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu - -----END CERTIFICATE----- -diff --git a/test/certs/sm2-root.crt b/test/certs/sm2-root.crt -index 5677ac6c9f6a..70ce71e43091 100644 ---- a/test/certs/sm2-root.crt -+++ b/test/certs/sm2-root.crt -@@ -1,14 +1,14 @@ - -----BEGIN CERTIFICATE----- --MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT -+MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT - AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl --c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe --Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw --CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn --MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG --SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU --5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW --BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU --5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI --ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X --YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3 -+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg -+Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x -+CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP -+cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH -+KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+ -+ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O -+BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp -+SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1 -+A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC -+WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu - -----END CERTIFICATE----- -diff --git a/test/certs/sm2.pem b/test/certs/sm2.pem -index 189abb137625..daf12926aff9 100644 ---- a/test/certs/sm2.pem -+++ b/test/certs/sm2.pem -@@ -1,13 +1,14 @@ - -----BEGIN CERTIFICATE----- --MIIB6DCCAY6gAwIBAgIJAKH2BR6ITHZeMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT --AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl --c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe --Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMG8xCzAJBgNVBAYTAkNOMQsw --CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn --MRAwDgYDVQQLDAdUZXN0IE9VMRswGQYDVQQDDBJUZXN0IFNNMiBTaWduIENlcnQw --WTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAQwqeNkWp7fiu1KZnuDkAucpM8piEzE --TL1ymrcrOBvv8mhNNkeb20asbWgFQI2zOrSM99/sXGn9rM2/usM/MlcaoxowGDAJ --BgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNIADBFAiEA9edBnAqT --TNuGIUIvXsj6/nP+AzXA9HGtAIY4nrqW8LkCIHyZzhRTlxYtgfqkDl0OK5QQRCZH --OZOfmtx613VyzXwc -+MIICNDCCAdugAwIBAgIUOMbsiFLCy2BCPtfHQSdG4R1+3BowCgYIKoEcz1UBg3Uw -+aDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzER -+MA8GA1UECgwIVGVzdCBPcmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rl -+c3QgU00yIENBMCAXDTIyMDYwMjE1NTU0OFoYDzIxMjIwNTA5MTU1NTQ4WjBvMQsw -+CQYDVQQGEwJDTjELMAkGA1UECAwCTE4xETAPBgNVBAcMCFNoZW55YW5nMREwDwYD -+VQQKDAhUZXN0IE9yZzEQMA4GA1UECwwHVGVzdCBPVTEbMBkGA1UEAwwSVGVzdCBT -+TTIgU2lnbiBDZXJ0MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEMKnjZFqe34rt -+SmZ7g5ALnKTPKYhMxEy9cpq3Kzgb7/JoTTZHm9tGrG1oBUCNszq0jPff7Fxp/azN -+v7rDPzJXGqNaMFgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFNPl -+u8JjXkhQPiJ5bYrrq+voqBUlMB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIpSVTlXHj/ -+Rbl0MAoGCCqBHM9VAYN1A0cAMEQCIG3gG1D7T7ltn6Gz1UksBZahgBE6jmkQ9Sp9 -+/3aY5trlAiB5adxiK0avV0LEKfbzTdff9skoZpd7vje1QTW0l0HaGg== - -----END CERTIFICATE----- diff --git a/backport-x509-Fix-possible-use-after-free-when-OOM.patch b/backport-x509-Fix-possible-use-after-free-when-OOM.patch deleted file mode 100644 index 7fd92a2cb95886a39f60e23996e18c9df314212a..0000000000000000000000000000000000000000 --- a/backport-x509-Fix-possible-use-after-free-when-OOM.patch +++ /dev/null @@ -1,65 +0,0 @@ -From b1cc84e82d41ab669bf804ea519f5332c48a3d77 Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Wed, 24 May 2023 12:22:25 +0200 -Subject: [PATCH] x509: Fix possible use-after-free when OOM - -ossl_policy_level_add_node() first adds the new node to the level->nodes -stack, and then attempts to add extra data if extra_data is true. If -memory allocation or adding the extra data to tree->extra_data fails, -the allocated node (that has already been added to the level->nodes -stack) is freed using ossl_policy_node_free(), which leads to -a potential use after free. - -Additionally, the tree's node count and the parent's child count would -not be updated, despite the new node being added. - -Fix this by either performing the function's purpose completely, or not -at all by reverting the changes on error. - -Signed-off-by: Clemens Lang - -Reviewed-by: Dmitry Belyavskiy -Reviewed-by: Matt Caswell -Reviewed-by: Bernd Edlinger -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/21066) ---- - crypto/x509v3/pcy_node.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c -index d574fb9d66..c6c01cbb39 100644 ---- a/crypto/x509v3/pcy_node.c -+++ b/crypto/x509v3/pcy_node.c -@@ -100,11 +100,11 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - tree->extra_data = sk_X509_POLICY_DATA_new_null(); - if (tree->extra_data == NULL){ - X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE); -- goto node_error; -+ goto extra_data_error; - } - if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) { - X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE); -- goto node_error; -+ goto extra_data_error; - } - } - -@@ -114,6 +114,14 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - - return node; - -+ extra_data_error: -+ if (level != NULL) { -+ if (level->anyPolicy == node) -+ level->anyPolicy = NULL; -+ else -+ (void) sk_X509_POLICY_NODE_pop(level->nodes); -+ } -+ - node_error: - policy_node_free(node); - return NULL; --- -2.27.0 - diff --git a/backport-x509-Handle-ossl_policy_level_add_node-errors.patch b/backport-x509-Handle-ossl_policy_level_add_node-errors.patch deleted file mode 100644 index 9d976cb56f94a5e5fec9753ecf1449f424252fd8..0000000000000000000000000000000000000000 --- a/backport-x509-Handle-ossl_policy_level_add_node-errors.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 3cc6933555a0c66328ec659b5bb86c57b6402e1e Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Wed, 24 May 2023 13:12:54 +0200 -Subject: [PATCH] x509: Handle ossl_policy_level_add_node errors - -The invocation of ossl_policy_level_add_node in tree_calculate_user_set -did not have any error handling. Add it to prevent a memory leak for the -allocated extra policy data. - -Also add error handling to sk_X509_POLICY_NODE_push to ensure that if -a new node was allocated, but could not be added to the stack, it is -freed correctly. - -Fix error handling if tree->user_policies cannot be allocated by -returning 0, indicating failure, rather than 1. - -Signed-off-by: Clemens Lang - -Reviewed-by: Dmitry Belyavskiy -Reviewed-by: Matt Caswell -Reviewed-by: Bernd Edlinger -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/21066) ---- - crypto/x509v3/pcy_tree.c | 19 +++++++++++++++---- - 1 file changed, 15 insertions(+), 4 deletions(-) - -diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c -index 6c7fd35405..3c504e82c6 100644 ---- a/crypto/x509v3/pcy_tree.c -+++ b/crypto/x509v3/pcy_tree.c -@@ -25,6 +25,8 @@ - # define OPENSSL_POLICY_TREE_NODES_MAX 1000 - #endif - -+static void exnode_free(X509_POLICY_NODE *node); -+ - /* - * Enable this to print out the complete policy tree at various point during - * evaluation. -@@ -572,15 +574,24 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, - extra->qualifier_set = anyPolicy->data->qualifier_set; - extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS - | POLICY_DATA_FLAG_EXTRA_NODE; -- node = level_add_node(NULL, extra, anyPolicy->parent, tree, 1); -+ node = level_add_node(NULL, extra, anyPolicy->parent, -+ tree, 1); -+ if (node == NULL) { -+ policy_data_free(extra); -+ return 0; -+ } - } - if (!tree->user_policies) { - tree->user_policies = sk_X509_POLICY_NODE_new_null(); -- if (!tree->user_policies) -- return 1; -+ if (!tree->user_policies) { -+ exnode_free(node); -+ return 0; -+ } - } -- if (!sk_X509_POLICY_NODE_push(tree->user_policies, node)) -+ if (!sk_X509_POLICY_NODE_push(tree->user_policies, node)) { -+ exnode_free(node); - return 0; -+ } - } - return 1; - } --- -2.27.0 - diff --git a/backport-x509-excessive-resource-use-verifying-policy-constra.patch b/backport-x509-excessive-resource-use-verifying-policy-constra.patch deleted file mode 100644 index 0665f55d4b080c38642ed9db19025e65c11231b8..0000000000000000000000000000000000000000 --- a/backport-x509-excessive-resource-use-verifying-policy-constra.patch +++ /dev/null @@ -1,222 +0,0 @@ -From 879f7080d7e141f415c79eaa3a8ac4a3dad0348b Mon Sep 17 00:00:00 2001 -From: Pauli -Date: Wed, 8 Mar 2023 15:28:20 +1100 -Subject: [PATCH] x509: excessive resource use verifying policy constraints - -A security vulnerability has been identified in all supported versions -of OpenSSL related to the verification of X.509 certificate chains -that include policy constraints. Attackers may be able to exploit this -vulnerability by creating a malicious certificate chain that triggers -exponential use of computational resources, leading to a denial-of-service -(DoS) attack on affected systems. - -Fixes CVE-2023-0464 - -Reviewed-by: Tomas Mraz -Reviewed-by: Shane Lontis -(Merged from https://github.com/openssl/openssl/pull/20569) ---- - crypto/x509v3/pcy_local.h | 8 +++++++- - crypto/x509v3/pcy_node.c | 12 +++++++++--- - crypto/x509v3/pcy_tree.c | 37 +++++++++++++++++++++++++++---------- - 3 files changed, 43 insertions(+), 14 deletions(-) - -diff --git a/crypto/x509v3/pcy_local.h b/crypto/x509v3/pcy_local.h -index 5daf78de45..344aa06765 100644 ---- a/crypto/x509v3/pcy_local.h -+++ b/crypto/x509v3/pcy_local.h -@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st { - }; - - struct X509_POLICY_TREE_st { -+ /* The number of nodes in the tree */ -+ size_t node_count; -+ /* The maximum number of nodes in the tree */ -+ size_t node_maximum; -+ - /* This is the tree 'level' data */ - X509_POLICY_LEVEL *levels; - int nlevel; -@@ -159,7 +164,8 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, - X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, - X509_POLICY_NODE *parent, -- X509_POLICY_TREE *tree); -+ X509_POLICY_TREE *tree, -+ int extra_data); - void policy_node_free(X509_POLICY_NODE *node); - int policy_node_match(const X509_POLICY_LEVEL *lvl, - const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); -diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c -index e2d7b15322..d574fb9d66 100644 ---- a/crypto/x509v3/pcy_node.c -+++ b/crypto/x509v3/pcy_node.c -@@ -59,10 +59,15 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, - X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, - X509_POLICY_NODE *parent, -- X509_POLICY_TREE *tree) -+ X509_POLICY_TREE *tree, -+ int extra_data) - { - X509_POLICY_NODE *node; - -+ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */ -+ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum) -+ return NULL; -+ - node = OPENSSL_zalloc(sizeof(*node)); - if (node == NULL) { - X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE); -@@ -70,7 +75,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - } - node->data = data; - node->parent = parent; -- if (level) { -+ if (level != NULL) { - if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { - if (level->anyPolicy) - goto node_error; -@@ -90,7 +95,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - } - } - -- if (tree) { -+ if (extra_data) { - if (tree->extra_data == NULL) - tree->extra_data = sk_X509_POLICY_DATA_new_null(); - if (tree->extra_data == NULL){ -@@ -103,6 +108,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - } - } - -+ tree->node_count++; - if (parent) - parent->nchild++; - -diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c -index 6e8322cbc5..6c7fd35405 100644 ---- a/crypto/x509v3/pcy_tree.c -+++ b/crypto/x509v3/pcy_tree.c -@@ -13,6 +13,18 @@ - - #include "pcy_local.h" - -+/* -+ * If the maximum number of nodes in the policy tree isn't defined, set it to -+ * a generous default of 1000 nodes. -+ * -+ * Defining this to be zero means unlimited policy tree growth which opens the -+ * door on CVE-2023-0464. -+ */ -+ -+#ifndef OPENSSL_POLICY_TREE_NODES_MAX -+# define OPENSSL_POLICY_TREE_NODES_MAX 1000 -+#endif -+ - /* - * Enable this to print out the complete policy tree at various point during - * evaluation. -@@ -168,6 +180,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, - return X509_PCY_TREE_INTERNAL; - } - -+ /* Limit the growth of the tree to mitigate CVE-2023-0464 */ -+ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX; -+ - /* - * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3. - * -@@ -184,7 +199,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, - level = tree->levels; - if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL) - goto bad_tree; -- if (level_add_node(level, data, NULL, tree) == NULL) { -+ if (level_add_node(level, data, NULL, tree, 1) == NULL) { - policy_data_free(data); - goto bad_tree; - } -@@ -243,7 +258,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, - * Return value: 1 on success, 0 otherwise - */ - static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, -- X509_POLICY_DATA *data) -+ X509_POLICY_DATA *data, -+ X509_POLICY_TREE *tree) - { - X509_POLICY_LEVEL *last = curr - 1; - int i, matched = 0; -@@ -253,13 +269,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, - X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i); - - if (policy_node_match(last, node, data->valid_policy)) { -- if (level_add_node(curr, data, node, NULL) == NULL) -+ if (level_add_node(curr, data, node, tree, 0) == NULL) - return 0; - matched = 1; - } - } - if (!matched && last->anyPolicy) { -- if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL) -+ if (level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL) - return 0; - } - return 1; -@@ -272,7 +288,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, - * Return value: 1 on success, 0 otherwise. - */ - static int tree_link_nodes(X509_POLICY_LEVEL *curr, -- const X509_POLICY_CACHE *cache) -+ const X509_POLICY_CACHE *cache, -+ X509_POLICY_TREE *tree) - { - int i; - -@@ -280,7 +297,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, - X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i); - - /* Look for matching nodes in previous level */ -- if (!tree_link_matching_nodes(curr, data)) -+ if (!tree_link_matching_nodes(curr, data, tree)) - return 0; - } - return 1; -@@ -311,7 +328,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr, - /* Curr may not have anyPolicy */ - data->qualifier_set = cache->anyPolicy->qualifier_set; - data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; -- if (level_add_node(curr, data, node, tree) == NULL) { -+ if (level_add_node(curr, data, node, tree, 1) == NULL) { - policy_data_free(data); - return 0; - } -@@ -373,7 +390,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, - } - /* Finally add link to anyPolicy */ - if (last->anyPolicy && -- level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL) -+ level_add_node(curr, cache->anyPolicy, last->anyPolicy, tree, 0) == NULL) - return 0; - return 1; - } -@@ -555,7 +572,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, - extra->qualifier_set = anyPolicy->data->qualifier_set; - extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS - | POLICY_DATA_FLAG_EXTRA_NODE; -- node = level_add_node(NULL, extra, anyPolicy->parent, tree); -+ node = level_add_node(NULL, extra, anyPolicy->parent, tree, 1); - } - if (!tree->user_policies) { - tree->user_policies = sk_X509_POLICY_NODE_new_null(); -@@ -582,7 +599,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree) - - for (i = 1; i < tree->nlevel; i++, curr++) { - cache = policy_cache_set(curr->cert); -- if (!tree_link_nodes(curr, cache)) -+ if (!tree_link_nodes(curr, cache, tree)) - return X509_PCY_TREE_INTERNAL; - - if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) --- -2.36.1 - diff --git a/ct_test.c-Update-the-epoch-time.patch b/ct_test.c-Update-the-epoch-time.patch deleted file mode 100644 index 01f0a64548b46e02d916a2c1e28bb150e8fcc664..0000000000000000000000000000000000000000 --- a/ct_test.c-Update-the-epoch-time.patch +++ /dev/null @@ -1,28 +0,0 @@ -From b7ce611887cfac633aacc052b2e71a7f195418b8 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Wed, 1 Jun 2022 13:06:46 +0200 -Subject: [PATCH] ct_test.c: Update the epoch time - -Reviewed-by: Matt Caswell -Reviewed-by: Dmitry Belyavskiy -(Merged from https://github.com/openssl/openssl/pull/18446) ---- - test/ct_test.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/ct_test.c b/test/ct_test.c -index 78d11ca..535897d 100644 ---- a/test/ct_test.c -+++ b/test/ct_test.c -@@ -63,7 +63,7 @@ static CT_TEST_FIXTURE *set_up(const char *const test_case_name) - if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) - goto end; - fixture->test_case_name = test_case_name; -- fixture->epoch_time_in_ms = 1473269626000ULL; /* Sep 7 17:33:46 2016 GMT */ -+ fixture->epoch_time_in_ms = 1580335307000ULL; /* Wed 29 Jan 2020 10:01:47 PM UTC */ - if (!TEST_ptr(fixture->ctlog_store = CTLOG_STORE_new()) - || !TEST_int_eq( - CTLOG_STORE_load_default_file(fixture->ctlog_store), 1)) --- -1.8.3.1 - diff --git a/openssl-1.1.1-fips.patch b/openssl-1.1.1-fips.patch index aa3d33d16d79d0b26531e55b8a744b1317df1f93..c2929a47b8caed8f8c31c8b3c01b8ce42b1002fb 100644 --- a/openssl-1.1.1-fips.patch +++ b/openssl-1.1.1-fips.patch @@ -288,9 +288,9 @@ diff -up openssl-1.1.1j/crypto/dh/dh_key.c.fips openssl-1.1.1j/crypto/dh/dh_key. /* compute the key; ret is constant unless compute_key is external */ if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0) return ret; -@@ -109,6 +119,14 @@ static int generate_key(DH *dh) - BN_MONT_CTX *mont = NULL; - BIGNUM *pub_key = NULL, *priv_key = NULL; +@@ -115,6 +125,14 @@ static int generate_key(DH *dh) + return 0; + } +#ifdef OPENSSL_FIPS + if (FIPS_mode() @@ -870,8 +870,8 @@ diff -up openssl-1.1.1j/crypto/evp/digest.c.fips openssl-1.1.1j/crypto/evp/diges +# include +#endif - /* This call frees resources associated with the context */ - int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) + + static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force) @@ -66,6 +69,12 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { @@ -885,7 +885,7 @@ diff -up openssl-1.1.1j/crypto/evp/digest.c.fips openssl-1.1.1j/crypto/evp/diges #ifndef OPENSSL_NO_ENGINE /* * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so -@@ -119,6 +128,15 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c +@@ -131,6 +140,15 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) } #endif if (ctx->digest != type) { @@ -898,9 +898,9 @@ diff -up openssl-1.1.1j/crypto/evp/digest.c.fips openssl-1.1.1j/crypto/evp/diges + } + } +#endif - if (ctx->digest && ctx->digest->ctx_size) { - OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); - ctx->md_data = NULL; + cleanup_old_md_data(ctx, 1); + + ctx->digest = type; @@ -150,6 +168,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) @@ -10662,7 +10662,7 @@ diff -up openssl-1.1.1j/include/openssl/dherr.h.fips openssl-1.1.1j/include/open # define DH_F_DH_METH_DUP 117 # define DH_F_DH_METH_NEW 118 # define DH_F_DH_METH_SET1_NAME 119 -@@ -73,12 +76,14 @@ int ERR_load_DH_strings(void); +@@ -74,12 +77,14 @@ int ERR_load_DH_strings(void); # define DH_R_INVALID_PARAMETER_NID 114 # define DH_R_INVALID_PUBKEY 102 # define DH_R_KDF_PARAMETER_ERROR 112 @@ -10676,7 +10676,7 @@ diff -up openssl-1.1.1j/include/openssl/dherr.h.fips openssl-1.1.1j/include/open +# define DH_R_NON_FIPS_METHOD 202 # define DH_R_PARAMETER_ENCODING_ERROR 105 # define DH_R_PEER_KEY_ERROR 111 - # define DH_R_SHARED_INFO_ERROR 113 + # define DH_R_Q_TOO_LARGE 130 diff -up openssl-1.1.1j/include/openssl/dh.h.fips openssl-1.1.1j/include/openssl/dh.h --- openssl-1.1.1j/include/openssl/dh.h.fips 2021-02-16 16:24:01.000000000 +0100 +++ openssl-1.1.1j/include/openssl/dh.h 2021-03-03 12:57:42.204734567 +0100 @@ -11486,10 +11486,10 @@ diff -up openssl-1.1.1j/ssl/t1_lib.c.fips openssl-1.1.1j/ssl/t1_lib.c {NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */ {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */ {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */ -@@ -258,6 +258,8 @@ int tls_curve_allowed(SSL *s, uint16_t c - if (cinfo->flags & TLS_CURVE_CHAR2) +@@ -289,6 +289,8 @@ int tls_curve_allowed(SSL *s, uint16_t curve, int op) return 0; - # endif + } + #endif + if (FIPS_mode() && !(cinfo->flags & TLS_CURVE_FIPS)) + return 0; ctmp[0] = curve >> 8; @@ -11594,10 +11594,10 @@ diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1 diff -up openssl-1.1.1j/util/libcrypto.num.fips openssl-1.1.1j/util/libcrypto.num --- openssl-1.1.1j/util/libcrypto.num.fips 2021-02-16 16:24:01.000000000 +0100 +++ openssl-1.1.1j/util/libcrypto.num 2021-03-03 12:57:42.208734600 +0100 -@@ -4591,3 +4591,38 @@ X509_ALGOR_copy - X509_REQ_set0_signature 4545 1_1_1h EXIST::FUNCTION: - X509_REQ_set1_signature_algo 4546 1_1_1h EXIST::FUNCTION: - EC_KEY_decoded_from_explicit_params 4547 1_1_1h EXIST::FUNCTION:EC +@@ -4599,3 +4599,38 @@ X509_REQ_get0_sm2_id 4552 1_1_1wa EXIST::FUNCTION:SM2 + X509_REQ_set0_sm2_id 4553 1_1_1wa EXIST::FUNCTION:SM2 + EVP_PKEY_is_sm2 4554 1_1_1wa EXIST::FUNCTION:SM2 + SM2_compute_key 4555 1_1_1wa EXIST::FUNCTION:SM2 +FIPS_drbg_reseed 6348 1_1_0g EXIST::FUNCTION: +FIPS_selftest_check 6349 1_1_0g EXIST::FUNCTION: +FIPS_rand_set_method 6350 1_1_0g EXIST::FUNCTION: diff --git a/openssl-1.1.1m.tar.gz b/openssl-1.1.1wa.tar.gz similarity index 54% rename from openssl-1.1.1m.tar.gz rename to openssl-1.1.1wa.tar.gz index 2db4ee8e8886de8356fa9fdea6d4d99ec5c410e0..1190dfb2a2f3afe2d846db002bb181bdfd308e23 100644 Binary files a/openssl-1.1.1m.tar.gz and b/openssl-1.1.1wa.tar.gz differ diff --git a/openssl.spec b/openssl.spec index 79a350fd23f277be5abe4f8ed209cadee4115d0d..fa371a49eb9c84cfd5ac89549f28e7bd4b585c1d 100644 --- a/openssl.spec +++ b/openssl.spec @@ -1,87 +1,28 @@ %define soversion 1.1 Name: openssl Epoch: 1 -Version: 1.1.1m -Release: 32 +Version: 1.1.1wa +Release: 7 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay -URL: https://www.openssl.org/ -Source0: https://www.openssl.org/source/%{name}-%{version}.tar.gz +URL: https://gitee.com/openeuler/openssl +Source0: https://gitee.com/openeuler/openssl/archive/refs/tags/%{name}-%{version}.tar.gz Source1: Makefile.certificate Patch1: openssl-1.1.1-build.patch Patch2: openssl-1.1.1-fips.patch -Patch3: CVE-2022-0778-Add-a-negative-testcase-for-BN_mod_sqrt.patch -Patch4: CVE-2022-0778-Fix-possible-infinite-loop-in-BN_mod_sqrt.patch -Patch5: CVE-2022-1292.patch -Patch6: CVE-2022-2068-Fix-file-operations-in-c_rehash.patch -Patch7: CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch -Patch8: Update-expired-SCT-certificates.patch -Patch9: ct_test.c-Update-the-epoch-time.patch -Patch10: Fix-reported-performance-degradation-on-aarch64.patch - -# SM and TLCP feature -Patch11: Backport-Support-raw-input-data-in-apps-pkeyutl.patch -Patch12: Backport-Fix-no-ec-no-sm2-and-no-sm3.patch -Patch13: Backport-Support-SM2-certificate-verification.patch -Patch14: Backport-Guard-some-SM2-functions-with-OPENSSL_NO_SM2.patch -Patch15: Backport-Add-test-cases-for-SM2-cert-verification.patch -Patch16: Backport-Add-documents-for-SM2-cert-verification.patch -Patch17: Backport-Fix-a-memleak-in-apps-verify.patch -Patch18: Backport-Skip-the-correct-number-of-tests-if-SM2-is-disabled.patch -Patch19: Backport-Make-X509_set_sm2_id-consistent-with-other-setters.patch -Patch20: Backport-Support-SM2-certificate-signing.patch -Patch21: Backport-Support-parsing-of-SM2-ID-in-hexdecimal.patch -Patch22: Backport-Fix-a-double-free-issue-when-signing-SM2-cert.patch -Patch23: Backport-Fix-a-document-description-in-apps-req.patch -Patch26: Feature-Support-TLCP-protocol.patch -Patch27: Feature-X509-command-supports-SM2-certificate-signing-with-default-sm2id.patch -Patch28: Feature-PKCS7-sign-and-verify-support-SM2-algorithm.patch -Patch29: backport-Update-further-expiring-certificates-that-affect-tes.patch -Patch30: backport-Backport-a-missing-bug-fix-from-master.patch -Patch31: backport-Prevent-crash-with-engine-using-different-openssl-ru.patch -Patch32: Feature-add-ARMv8-implementations-of-SM4-in-ECB-and-XTS.patch -Patch33: Backport-SM3-acceleration-with-SM3-hardware-instruction-on-aa.patch -Patch34: Backport-SM4-optimization-for-ARM-by-HW-instruction.patch -Patch35: Feature-SM4-XTS-optimization-for-ARM-by-HW-instruction.patch -Patch36: backport-Fix-a-DTLS-server-hangup-due-to-TLS13_AD_MISSING_EXT.patch -Patch37: backport-Fix-an-assertion-in-the-DTLS-server-code.patch -Patch38: backport-Fix-a-memory-leak-in-X509_issuer_and_serial_hash.patch -Patch39: backport-Fix-strict-client-chain-check-with-TLS-1.3.patch -Patch40: backport-CVE-2022-4304-Fix-Timing-Oracle-in-RSA-decryption.patch -Patch41: backport-CVE-2022-4450-Avoid-dangling-ptrs-in-header-and-data-params-for-PE.patch -Patch42: backport-CVE-2023-0215-Check-CMS-failure-during-BIO-setup-with-stream-is-ha.patch -Patch43: backport-CVE-2023-0215-Fix-a-UAF-resulting-from-a-bug-in-BIO_new_NDEF.patch -Patch44: backport-CVE-2023-0286-Fix-GENERAL_NAME_cmp-for-x400Address-1.patch -Patch45: backport-test-add-test-cases-for-the-policy-resource-overuse.patch -Patch46: backport-x509-excessive-resource-use-verifying-policy-constra.patch -Patch47: backport-Ensure-that-EXFLAG_INVALID_POLICY-is-checked-even-in.patch -Patch48: backport-Fix-documentation-of-X509_VERIFY_PARAM_add0_policy.patch -Patch49: backport-Add-a-Certificate-Policies-Test.patch -Patch50: backport-Generate-some-certificates-with-the-certificatePolic.patch -Patch51: Fix-SM4-XTS-build-failure-using-clang.patch -Patch52: backport-CVE-2023-2650-Restrict-the-size-of-OBJECT-IDENTIFIERs-that-OBJ_obj.patch -Patch53: backport-Add-a-test-for-CVE-2023-3446.patch -Patch54: backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-modulus.patch -Patch55: backport-update-expired-certificates-for-sm2.patch -Patch56: backport-CVE-2023-3817-DH_check-Do-not-try-checking-q-properties-if-it-is-o.patch -Patch57: backport-CVE-2023-3817-dhtest.c-Add-test-of-DH_check-with-q-p-1.patch -Patch58: backport-x509-Handle-ossl_policy_level_add_node-errors.patch -Patch59: backport-x509-Fix-possible-use-after-free-when-OOM.patch -Patch60: Fix-FIPS-getenv-build-failure.patch -Patch61: backport-A-null-pointer-dereference-occurs-when-memory-alloca.patch -Patch62: backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch -Patch63: backport-CVE-2023-5678-Make-DH_check_pub_key-and-DH_generate_key-safer-yet.patch -Patch64: backport-CVE-2024-0727-fix-pkcs12-decoding-crashes.patch -Patch65: backport-apps-passwd.c-free-before-error-exiting.patch -Patch66: backport-Fix-mem-leaks-on-PKCS-12-read-error-in-PKCS12_key_ge.patch -Patch67: backport-CVE-2024-2511-Fix-unconstrained-session-cache-growth-in-TLSv1.3.patch -Patch68: backport-Add-a-test-for-session-cache-handling.patch -Patch69: backport-Extend-the-multi_resume-test-for-simultaneous-resump.patch -Patch70: backport-Hardening-around-not_resumable-sessions.patch -Patch71: backport-Add-a-test-for-session-cache-overflow.patch -Patch72: backport-CVE-2024-4741-Only-free-the-read-buffer.patch -Patch73: backport-CVE-2024-4741-Set-rlayer.packet-to-NULL-after-we-ve-.patch -Patch74: backport-CVE-2024-4741-test-Fix-possible-use-after-free.patch +Patch3: Fix-FIPS-getenv-build-failure.patch +Patch4: skip-some-test-cases.patch +Patch5: backport-Fix-OPENSSL_VERSION_NUMBER-number-problem.patch +Patch6: backport-CVE-2024-0727-fix-pkcs12-decoding-crashes.patch +Patch7: backport-Fix-mem-leaks-on-PKCS-12-read-error-in-PKCS12_key_ge.patch +Patch8: backport-CVE-2024-2511-Fix-unconstrained-session-cache-growth-in-TLSv1.3.patch +Patch9: backport-Add-a-test-for-session-cache-handling.patch +Patch10: backport-Extend-the-multi_resume-test-for-simultaneous-resump.patch +Patch11: backport-Hardening-around-not_resumable-sessions.patch +Patch12: backport-Add-a-test-for-session-cache-overflow.patch +Patch13: backport-CVE-2024-4741-Only-free-the-read-buffer.patch +Patch14: backport-CVE-2024-4741-Set-rlayer.packet-to-NULL-after-we-ve-.patch +Patch15: backport-CVE-2024-4741-test-Fix-possible-use-after-free.patch BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} @@ -290,21 +231,27 @@ make test || : %ldconfig_scriptlets libs %changelog -* Mon Jun 3 2024 wangcheng - 1:1.1.1m-32 +* Mon Jun 3 2024 wangcheng - 1:1.1.1wa-7 - fix CVE-2024-4741 -* Wed Apr 17 2024 fuanan - 1:1.1.1m-31 +* Wed Apr 17 2024 fuanan - 1:1.1.1wa-6 - fix CVE-2024-2511 -* Tue Mar 26 2024 wangjiang - 1:1.1.1m-30 +* Tue Mar 26 2024 wangjiang - 1:1.1.1wa-5 - fix some bugs -* Mon Feb 5 2024 lixiao - 1:1.1.1m-29 +* Mon Feb 5 2024 lixiao - 1:1.1.1wa-4 - add openssl-SMx-perl rpm provides -* Tue Jan 30 2024 lixiao - 1:1.1.1m-28 +* Tue Jan 30 2024 lixiao - 1:1.1.1wa-3 - Fix CVE-2024-0727 PKCS12 Decoding crashes +* Fri Dec 22 2023 wangcheng - 1:1.1.1wa-2 +- Fix OPENSSL_VERSION_NUMBER number problem + +* Wed Nov 15 2023 wangcheng - 1:1.1.1wa-1 +- upgrade to 1.1.1wa + * Tue Nov 14 2023 zhujianwei - 1:1.1.1m-27 - fix CVE-2023-5678 @@ -457,3 +404,4 @@ make test || : * Mon Sep 16 2019 openEuler Buildteam - 1:1.1.1c-1 - Package init + diff --git a/skip-some-test-cases.patch b/skip-some-test-cases.patch new file mode 100644 index 0000000000000000000000000000000000000000..27eacbf243b3de2ead16bddea1970fce1155dd89 --- /dev/null +++ b/skip-some-test-cases.patch @@ -0,0 +1,54 @@ +From 5124746fa816d955be121adef92b4ff349db34b2 Mon Sep 17 00:00:00 2001 +From: hzero1996 +Date: Tue, 15 Feb 2022 16:23:29 +0800 +Subject: [PATCH] skip some test cases + +--- + test/recipes/80-test_ssl_new.t | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t +index 81d8f59..0a45d80 100644 +--- a/test/recipes/80-test_ssl_new.t ++++ b/test/recipes/80-test_ssl_new.t +@@ -76,12 +76,13 @@ my %conf_dependent_tests = ( + # configurations. Default is $no_tls but some tests have different skip + # conditions. + my %skip = ( ++ "04-client_auth.conf" => 1, + "06-sni-ticket.conf" => $no_tls_below1_3, +- "07-dtls-protocol-version.conf" => $no_dtls, ++ "07-dtls-protocol-version.conf" => $no_dtls || 1, + "08-npn.conf" => (disabled("tls1") && disabled("tls1_1") + && disabled("tls1_2")) || $no_npn, + "10-resumption.conf" => disabled("tls1_1") || disabled("tls1_2"), +- "11-dtls_resumption.conf" => disabled("dtls1") || disabled("dtls1_2"), ++ "11-dtls_resumption.conf" => disabled("dtls1") || disabled("dtls1_2") || 1, + "12-ct.conf" => $no_tls || $no_ct || $no_ec, + # We could run some of these tests without TLS 1.2 if we had a per-test + # disable instruction but that's a bizarre configuration not worth +@@ -90,9 +91,9 @@ my %skip = ( + "13-fragmentation.conf" => disabled("tls1_2"), + "14-curves.conf" => disabled("tls1_2") || $no_ec || $no_ec2m, + "15-certstatus.conf" => $no_tls || $no_ocsp, +- "16-dtls-certstatus.conf" => $no_dtls || $no_ocsp, ++ "16-dtls-certstatus.conf" => $no_dtls || $no_ocsp || 1, + "17-renegotiate.conf" => $no_tls_below1_3, +- "18-dtls-renegotiate.conf" => $no_dtls, ++ "18-dtls-renegotiate.conf" => $no_dtls || 1, + "19-mac-then-encrypt.conf" => $no_pre_tls1_3, + "20-cert-select.conf" => disabled("tls1_2") || $no_ec, + "21-key-update.conf" => disabled("tls1_3"), +@@ -102,7 +103,7 @@ my %skip = ( + "24-padding.conf" => disabled("tls1_3"), + "25-cipher.conf" => disabled("ec") || disabled("tls1_2"), + "26-tls13_client_auth.conf" => disabled("tls1_3"), +- "29-dtls-sctp-label-bug.conf" => disabled("sctp") || disabled("sock"), ++ "29-dtls-sctp-label-bug.conf" => disabled("sctp") || disabled("sock") || 1, + ); + + foreach my $conf (@conf_files) { +-- +2.27.0 + +