if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature))
return 0;
-#ifndef OPENSSL_NO_SM2
- id = a->sm2_id;
-#endif
-
+ id = a->distinguishing_id;
if ((ctx = make_id_ctx(r, id)) != NULL) {
rv = ASN1_item_verify_ctx(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg,
&a->signature, &a->cert_info, ctx);
EVP_MD_CTX *ctx = NULL;
ASN1_OCTET_STRING *id = NULL;
-#ifndef OPENSSL_NO_SM2
- id = a->sm2_id;
-#endif
-
+ id = a->distinguishing_id;
if ((ctx = make_id_ctx(r, id)) != NULL) {
rv = ASN1_item_verify_ctx(ASN1_ITEM_rptr(X509_REQ_INFO), &a->sig_alg,
a->signature, &a->req_info, ctx);
switch (operation) {
case ASN1_OP_D2I_PRE:
- ASN1_OCTET_STRING_free(ret->sm2_id);
+ ASN1_OCTET_STRING_free(ret->distinguishing_id);
/* fall thru */
case ASN1_OP_NEW_POST:
- ret->sm2_id = NULL;
+ ret->distinguishing_id = NULL;
break;
case ASN1_OP_FREE_POST:
- ASN1_OCTET_STRING_free(ret->sm2_id);
+ ASN1_OCTET_STRING_free(ret->distinguishing_id);
break;
}
#endif
IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ)
-#ifndef OPENSSL_NO_SM2
-void X509_REQ_set0_sm2_id(X509_REQ *x, ASN1_OCTET_STRING *sm2_id)
+void X509_REQ_set0_distinguishing_id(X509_REQ *x, ASN1_OCTET_STRING *d_id)
{
- ASN1_OCTET_STRING_free(x->sm2_id);
- x->sm2_id = sm2_id;
+ ASN1_OCTET_STRING_free(x->distinguishing_id);
+ x->distinguishing_id = d_id;
}
-ASN1_OCTET_STRING *X509_REQ_get0_sm2_id(X509_REQ *x)
+ASN1_OCTET_STRING *X509_REQ_get0_distinguishing_id(X509_REQ *x)
{
- return x->sm2_id;
+ return x->distinguishing_id;
}
-#endif
sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
ASIdentifiers_free(ret->rfc3779_asid);
#endif
-#ifndef OPENSSL_NO_SM2
- ASN1_OCTET_STRING_free(ret->sm2_id);
-#endif
+ ASN1_OCTET_STRING_free(ret->distinguishing_id);
/* fall thru */
ret->rfc3779_addr = NULL;
ret->rfc3779_asid = NULL;
#endif
-#ifndef OPENSSL_NO_SM2
- ret->sm2_id = NULL;
-#endif
+ ret->distinguishing_id = NULL;
ret->aux = NULL;
ret->crldp = NULL;
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data))
sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
ASIdentifiers_free(ret->rfc3779_asid);
#endif
-#ifndef OPENSSL_NO_SM2
- ASN1_OCTET_STRING_free(ret->sm2_id);
-#endif
+ ASN1_OCTET_STRING_free(ret->distinguishing_id);
break;
}
return OBJ_obj2nid(x->sig_alg.algorithm);
}
-#ifndef OPENSSL_NO_SM2
-void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id)
+void X509_set0_distinguishing_id(X509 *x, ASN1_OCTET_STRING *d_id)
{
- ASN1_OCTET_STRING_free(x->sm2_id);
- x->sm2_id = sm2_id;
+ ASN1_OCTET_STRING_free(x->distinguishing_id);
+ x->distinguishing_id = d_id;
}
-ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x)
+ASN1_OCTET_STRING *X509_get0_distinguishing_id(X509 *x)
{
- return x->sm2_id;
+ return x->distinguishing_id;
}
-#endif
--- /dev/null
+=pod
+
+=head1 NAME
+
+X509_get0_distinguishing_id, X509_set0_distinguishing_id,
+X509_REQ_get0_distinguishing_id, X509_REQ_set0_distinguishing_id
+- get or set the Distinguishing ID for certificate operations
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ ASN1_OCTET_STRING *X509_get0_distinguishing_id(X509 *x);
+ void X509_set0_distinguishing_id(X509 *x, ASN1_OCTET_STRING *distid);
+ ASN1_OCTET_STRING *X509_REQ_get0_distinguishing_id(X509_REQ *x);
+ void X509_REQ_set0_distinguishing_id(X509_REQ *x, ASN1_OCTET_STRING *distid);
+
+=head1 DESCRIPTION
+
+The Distinguishing ID is defined in FIPS 196 as follows:
+
+=over 4
+
+I<Distinguishing identifier>: information which unambiguously distinguishes
+an entity in the authentication process.
+
+=back
+
+The SM2 signature algorithm requires a Distinguishing ID value when generating
+and verifying a signature, but the Ddistinguishing ID may also find other uses.
+In the context of SM2, the Distinguishing ID is often referred to as the "SM2
+ID".
+
+For the purpose off verifying a certificate or a certification request, a
+Distinguishing ID may be attached to it, so functions like L<X509_verify(3)>
+or L<X509_REQ_verify(3)> have easy access to that identity for signature
+verification.
+
+X509_get0_distinguishing_id() gets the Distinguishing ID value of a certificate
+B<x> by returning an B<ASN1_OCTET_STRING> object which should not be freed by
+the caller.
+
+X509_set0_distinguishing_id() assigns B<distid> to the certificate B<x>.
+Calling this function transfers the memory management of the value to the X509
+object, and therefore the value that has been passed in should not be freed by
+the caller after this function has been called.
+
+X509_REQ_get0_distinguishing_id() and X509_REQ_set0_distinguishing_id()
+have the same functionality as X509_get0_distinguishing_id() and
+X509_set0_distinguishing_id() except that they deal with B<X509_REQ>
+objects instead of B<X509>.
+
+=head1 RETURN VALUES
+
+X509_set0_distinguishing_id() and X509_REQ_set0_distinguishing_id() do not
+return a value.
+
+=head1 SEE ALSO
+
+L<X509_verify(3)>, L<SM2(7)>
+
+=head1 COPYRIGHT
+
+Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
+++ /dev/null
-=pod
-
-=head1 NAME
-
-X509_get0_sm2_id, X509_set0_sm2_id,
-X509_REQ_get0_sm2_id, X509_REQ_set0_sm2_id
-- get or set SM2 ID for certificate operations
-
-=head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
- ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x);
- void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id);
- ASN1_OCTET_STRING *X509_REQ_get0_sm2_id(X509_REQ *x);
- void X509_REQ_set0_sm2_id(X509_REQ *x, ASN1_OCTET_STRING *sm2_id);
-
-=head1 DESCRIPTION
-
-X509_get0_sm2_id() gets the ID value of an SM2 certificate B<x> by returning an
-B<ASN1_OCTET_STRING> object which should not be freed by the caller.
-
-X509_set0_sm2_id() sets the B<sm2_id> value to an SM2 certificate B<x>. Calling
-this function transfers the memory management of the value to the X509 object,
-and therefore the value that has been passed in should not be freed by the
-caller after this function has been called.
-
-X509_REQ_get0_sm2_id() and X509_REQ_set0_sm2_id() have the same functionality
-as X509_get0_sm2_id() and X509_set0_sm2_id() except that they deal with
-B<X509_REQ> objects instead of B<X509>.
-
-=head1 NOTES
-
-SM2 signature algorithm requires an ID value when generating and verifying a
-signature. The functions described in this manual provide the user with the
-ability to set and retrieve the SM2 ID value.
-
-=head1 RETURN VALUES
-
-X509_set0_sm2_id() and X509_REQ_set0_sm2_id() do not return a value.
-
-=head1 SEE ALSO
-
-L<X509_verify(3)>, L<SM2(7)>
-
-=head1 COPYRIGHT
-
-Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the Apache License 2.0 (the "License"). You may not use
-this file except in compliance with the License. You can obtain a copy
-in the file LICENSE in the source distribution or at
-L<https://www.openssl.org/source/license.html>.
-
-=cut
ASN1_BIT_STRING *signature; /* signature */
CRYPTO_REF_COUNT references;
CRYPTO_RWLOCK *lock;
-# ifndef OPENSSL_NO_SM2
- ASN1_OCTET_STRING *sm2_id;
-# endif
+
+ /* Set on live certificates for authentication purposes */
+ ASN1_OCTET_STRING *distinguishing_id;
};
struct X509_crl_info_st {
X509_CERT_AUX *aux;
CRYPTO_RWLOCK *lock;
volatile int ex_cached;
-# ifndef OPENSSL_NO_SM2
- ASN1_OCTET_STRING *sm2_id;
-# endif
+
+ /* Set on live certificates for authentication purposes */
+ ASN1_OCTET_STRING *distinguishing_id;
} /* X509 */ ;
/*
const X509_ALGOR **palg, const X509 *x);
int X509_get_signature_nid(const X509 *x);
-# ifndef OPENSSL_NO_SM2
-void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id);
-ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x);
-void X509_REQ_set0_sm2_id(X509_REQ *x, ASN1_OCTET_STRING *sm2_id);
-ASN1_OCTET_STRING *X509_REQ_get0_sm2_id(X509_REQ *x);
-# endif
+void X509_set0_distinguishing_id(X509 *x, ASN1_OCTET_STRING *d_id);
+ASN1_OCTET_STRING *X509_get0_distinguishing_id(X509 *x);
+void X509_REQ_set0_distinguishing_id(X509_REQ *x, ASN1_OCTET_STRING *d_id);
+ASN1_OCTET_STRING *X509_REQ_get0_distinguishing_id(X509_REQ *x);
int X509_trusted(const X509 *x);
int X509_alias_set1(X509 *x, const unsigned char *name, int len);
OSSL_PARAM_set_utf8_ptr ? 3_0_0 EXIST::FUNCTION:
OSSL_PARAM_get_octet_ptr ? 3_0_0 EXIST::FUNCTION:
OSSL_PARAM_set_octet_ptr ? 3_0_0 EXIST::FUNCTION:
-X509_set0_sm2_id ? 3_0_0 EXIST::FUNCTION:SM2
-X509_get0_sm2_id ? 3_0_0 EXIST::FUNCTION:SM2
+X509_set0_distinguishing_id ? 3_0_0 EXIST::FUNCTION:
+X509_get0_distinguishing_id ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get0_engine ? 3_0_0 EXIST::FUNCTION:ENGINE
EVP_MD_up_ref ? 3_0_0 EXIST::FUNCTION:
EVP_MD_fetch ? 3_0_0 EXIST::FUNCTION:
BN_CTX_secure_new_ex ? 3_0_0 EXIST::FUNCTION:
OPENSSL_thread_stop_ex ? 3_0_0 EXIST::FUNCTION:
OSSL_PARAM_locate_const ? 3_0_0 EXIST::FUNCTION:
-X509_REQ_set0_sm2_id ? 3_0_0 EXIST::FUNCTION:SM2
-X509_REQ_get0_sm2_id ? 3_0_0 EXIST::FUNCTION:SM2
+X509_REQ_set0_distinguishing_id ? 3_0_0 EXIST::FUNCTION:
+X509_REQ_get0_distinguishing_id ? 3_0_0 EXIST::FUNCTION:
BN_rand_ex ? 3_0_0 EXIST::FUNCTION:
BN_priv_rand_ex ? 3_0_0 EXIST::FUNCTION:
BN_rand_range_ex ? 3_0_0 EXIST::FUNCTION:
projects / oweals / openssl.git / commitdiff