static const char sm2_id[] = { 1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r' };
EVP_PKEY_CTX *pctx;
- if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL))
+ if (!TEST_ptr(pctx = EVP_MD_CTX_pkey_ctx(mctx))
|| !TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, sm2_id, sizeof(sm2_id)), 0))
return 0;
- EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
- return 1;
-}
-
-static int clean_sm2_id(EVP_MD_CTX *mctx)
-{
- EVP_PKEY_CTX *pctx;
-
- if (!TEST_ptr(pctx = EVP_MD_CTX_pkey_ctx(mctx)))
- return 0;
- EVP_PKEY_CTX_free(pctx);
return 1;
}
if (!TEST_int_ge(temp, 0)
|| !TEST_ptr(sig = OPENSSL_malloc(sig_len = (size_t)temp))
/* create a signature */
- || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_true(EVP_DigestSignInit(mctx, NULL, NULL, NULL, pkey))
+ || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_true(EVP_DigestSign(mctx, sig, &sig_len, tbs, sizeof(tbs)))
|| !TEST_int_le(sig_len, ECDSA_size(eckey))
- || (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx))
|| !TEST_true(EVP_MD_CTX_reset(mctx))
/* negative test, verify with wrong key, 0 return */
- || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey_neg))
|| !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey_neg))
+ || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey_neg))
|| !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 0)
- || (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx))
|| !TEST_true(EVP_MD_CTX_reset(mctx))
/* negative test, verify with wrong signature length, -1 return */
- || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
+ || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len - 1, tbs, sizeof(tbs)), -1)
- || (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx))
|| !TEST_true(EVP_MD_CTX_reset(mctx))
/* positive test, verify with correct key, 1 return */
- || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
+ || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 1)
- || (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx))
|| !TEST_true(EVP_MD_CTX_reset(mctx)))
goto err;
/* muck with the message, test it fails with 0 return */
tbs[0] ^= 1;
- if ((as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
- || !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
+ if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
+ || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 0)
- || (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx))
|| !TEST_true(EVP_MD_CTX_reset(mctx)))
goto err;
/* un-muck and test it verifies */
tbs[0] ^= 1;
- if ((as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
- || !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
+ if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
+ || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 1)
- || (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx))
|| !TEST_true(EVP_MD_CTX_reset(mctx)))
goto err;
offset = tbs[0] % sig_len;
dirt = tbs[1] ? tbs[1] : 1;
sig[offset] ^= dirt;
- if ((as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
- || !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
+ if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
+ || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_int_ne(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 1)
- || (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx))
|| !TEST_true(EVP_MD_CTX_reset(mctx)))
goto err;
/* un-muck and test it verifies */
sig[offset] ^= dirt;
- if ((as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
- || !TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
+ if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, NULL, NULL, pkey))
+ || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey))
|| !TEST_int_eq(EVP_DigestVerify(mctx, sig, sig_len, tbs, sizeof(tbs)), 1)
- || (as == EVP_PKEY_SM2 && !clean_sm2_id(mctx))
|| !TEST_true(EVP_MD_CTX_reset(mctx)))
goto err;
'-in', srctop_file('test', 'certs', 'sm2.pem'),
'-inkey', srctop_file('test', 'certs', 'sm2.key'),
'-out', 'sm2.sig', '-rawin',
- '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))),
+ '-digest', 'sm3', '-pkeyopt', 'distid:someid']))),
"Sign a piece of data using SM2");
ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin',
'-in', srctop_file('test', 'certs', 'sm2.pem'),
'-inkey', srctop_file('test', 'certs', 'sm2.pem'),
'-sigfile', 'sm2.sig', '-rawin',
- '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))),
+ '-digest', 'sm3', '-pkeyopt', 'distid:someid']))),
"Verify an SM2 signature against a piece of data");
}
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-new", "-key", srctop_file("test", "certs", "sm2.key"),
- "-sigopt", "sm2_id:1234567812345678",
+ "-sigopt", "distid:1234567812345678",
"-out", "testreq-sm2.pem", "-sm3"])),
"Generating SM2 certificate request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq-sm2.pem", "-noout",
- "-sm2-id", "1234567812345678", "-sm3"])),
+ "-vfyopt", "distid:1234567812345678", "-sm3"])),
"Verifying signature on SM2 certificate request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-new", "-key", srctop_file("test", "certs", "sm2.key"),
- "-sigopt", "sm2_hex_id:DEADBEEF",
+ "-sigopt", "hexdistid:DEADBEEF",
"-out", "testreq-sm2.pem", "-sm3"])),
"Generating SM2 certificate request with hex id");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq-sm2.pem", "-noout",
- "-sm2-hex-id", "DEADBEEF", "-sm3"])),
+ "-vfyopt", "hexdistid:DEADBEEF", "-sm3"])),
"Verifying signature on SM2 certificate request");
}
};
skip "SM2 is not supported by this OpenSSL build", 2
if disabled("sm2");
- # Test '-sm2-id' and '-sm2-hex-id' option
- ok_nofips(verify("sm2", "any", ["sm2-ca-cert"], [], "-sm2-id", "1234567812345678"),
+ ok_nofips(verify("sm2", "any", ["sm2-ca-cert"], [], "-vfyopt", "distid:1234567812345678"),
"SM2 ID test");
- ok_nofips(verify("sm2", "any", ["sm2-ca-cert"], [], "-sm2-hex-id",
- "31323334353637383132333435363738"),
+ ok_nofips(verify("sm2", "any", ["sm2-ca-cert"], [], "-vfyopt", "hexdistid:31323334353637383132333435363738"),
"SM2 hex ID test");
}
srctop_file("test", "CAss.cnf"),
"-in", srctop_file("test", "certs", "sm2-csr.pem"),
"-out", "sm2-test.crt",
- "-sigopt", "sm2_id:1234567812345678",
- "-sm2-id", "1234567812345678",
+ "-sigopt", "distid:1234567812345678",
+ "-vfyopt", "distid:1234567812345678",
"-md", "sm3",
"-cert", srctop_file("test", "certs", "sm2-root.crt"),
"-keyfile", srctop_file("test", "certs", "sm2-root.key")]))),
OPT_TEST_DECLARE_USAGE("roots.pem untrusted.pem bad.pem\n")
-#ifndef OPENSSL_NO_SM2
-static int test_sm2_id(void)
+static int test_distinguishing_id(void)
{
- /* we only need an X509 structure, no matter if it's a real SM2 cert */
X509 *x = NULL;
BIO *bio = NULL;
int ret = 0;
ASN1_OCTET_STRING *v = NULL, *v2 = NULL;
- char *sm2id = "this is an ID";
+ char *distid = "this is an ID";
bio = BIO_new_file(bad_f, "r");
if (bio == NULL)
if (v == NULL)
goto err;
- if (!ASN1_OCTET_STRING_set(v, (unsigned char *)sm2id, (int)strlen(sm2id))) {
+ if (!ASN1_OCTET_STRING_set(v, (unsigned char *)distid,
+ (int)strlen(distid))) {
ASN1_OCTET_STRING_free(v);
goto err;
}
- X509_set0_sm2_id(x, v);
+ X509_set0_distinguishing_id(x, v);
- v2 = X509_get0_sm2_id(x);
+ v2 = X509_get0_distinguishing_id(x);
if (!TEST_ptr(v2)
|| !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0))
goto err;
return ret;
}
-static int test_req_sm2_id(void)
+static int test_req_distinguishing_id(void)
{
- /* we only need an X509_REQ structure, no matter if it's a real SM2 cert */
X509_REQ *x = NULL;
BIO *bio = NULL;
int ret = 0;
ASN1_OCTET_STRING *v = NULL, *v2 = NULL;
- char *sm2id = "this is an ID";
+ char *distid = "this is an ID";
bio = BIO_new_file(req_f, "r");
if (bio == NULL)
if (v == NULL)
goto err;
- if (!ASN1_OCTET_STRING_set(v, (unsigned char *)sm2id, (int)strlen(sm2id))) {
+ if (!ASN1_OCTET_STRING_set(v, (unsigned char *)distid,
+ (int)strlen(distid))) {
ASN1_OCTET_STRING_free(v);
goto err;
}
- X509_REQ_set0_sm2_id(x, v);
+ X509_REQ_set0_distinguishing_id(x, v);
- v2 = X509_REQ_get0_sm2_id(x);
+ v2 = X509_REQ_get0_distinguishing_id(x);
if (!TEST_ptr(v2)
|| !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0))
goto err;
BIO_free(bio);
return ret;
}
-#endif
int setup_tests(void)
{
ADD_TEST(test_alt_chains_cert_forgery);
ADD_TEST(test_store_ctx);
-#ifndef OPENSSL_NO_SM2
- ADD_TEST(test_sm2_id);
- ADD_TEST(test_req_sm2_id);
-#endif
+ ADD_TEST(test_distinguishing_id);
+ ADD_TEST(test_req_distinguishing_id);
return 1;
}