From a45eb7e8918f055115e0a1f206f8b74a2ed06dc6 Mon Sep 17 00:00:00 2001
From: Paul Yang <kaishen.yy@antfin.com>
Date: Tue, 30 Jul 2019 23:05:44 +0800
Subject: [PATCH] Support parsing of SM2 ID in hexdecimal

The current EVP_PEKY_ctrl for SM2 has no capability of parsing an ID
input in hexdecimal.

The newly added ctrl string is called: sm2_hex_id

Test cases and documentation are updated.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9584)
---
 crypto/sm2/sm2_pmeth.c     | 19 +++++++++++++++++++
 doc/man1/pkeyutl.pod       |  7 +++++++
 include/openssl/ec.h       |  1 -
 test/recipes/25-test_req.t | 15 +++++++++++++--
 4 files changed, 39 insertions(+), 3 deletions(-)

diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c
index 8c81ca37e2..56e015d94e 100644
--- a/crypto/sm2/sm2_pmeth.c
+++ b/crypto/sm2/sm2_pmeth.c
@@ -232,6 +232,10 @@ static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 static int pkey_sm2_ctrl_str(EVP_PKEY_CTX *ctx,
                              const char *type, const char *value)
 {
+    uint8_t *hex_id;
+    long hex_len = 0;
+    int ret = 0;
+
     if (strcmp(type, "ec_paramgen_curve") == 0) {
         int nid = NID_undef;
 
@@ -255,6 +259,21 @@ static int pkey_sm2_ctrl_str(EVP_PKEY_CTX *ctx,
     } else if (strcmp(type, "sm2_id") == 0) {
         return pkey_sm2_ctrl(ctx, EVP_PKEY_CTRL_SET1_ID,
                              (int)strlen(value), (void *)value);
+    } else if (strcmp(type, "sm2_hex_id") == 0) {
+        /*
+         * TODO(3.0): reconsider the name "sm2_hex_id", OR change
+         * OSSL_PARAM_construct_from_text() / OSSL_PARAM_allocate_from_text()
+         * to handle infix "_hex_"
+         */
+        hex_id = OPENSSL_hexstr2buf((const char *)value, &hex_len);
+        if (hex_id == NULL) {
+            SM2err(SM2_F_PKEY_SM2_CTRL_STR, ERR_R_PASSED_INVALID_ARGUMENT);
+            return 0;
+        }
+        ret = pkey_sm2_ctrl(ctx, EVP_PKEY_CTRL_SET1_ID, (int)hex_len,
+                            (void *)hex_id);
+        OPENSSL_free(hex_id);
+        return ret;
     }
 
     return -2;
diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod
index 3a7f31b894..1829435f5b 100644
--- a/doc/man1/pkeyutl.pod
+++ b/doc/man1/pkeyutl.pod
@@ -341,6 +341,13 @@ This sets the ID string used in SM2 sign or verify operations. While verifying
 an SM2 signature, the ID string must be the same one used when signing the data.
 Otherwise the verification will fail.
 
+=item B<sm2_hex_id:hex_string>
+
+This sets the ID string used in SM2 sign or verify operations. While verifying
+an SM2 signature, the ID string must be the same one used when signing the data.
+Otherwise the verification will fail. The ID string provided with this option
+should be a valid hexadecimal value.
+
 =back
 
 =head1 EXAMPLES
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 3e87fac9b4..807a64b31d 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -1494,7 +1494,6 @@ void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
 # define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \
         EVP_PKEY_CTX_ctrl(ctx, -1, -1, \
                                 EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id))
-
 # define EVP_PKEY_CTX_get1_id(ctx, id) \
         EVP_PKEY_CTX_ctrl(ctx, -1, -1, \
                                 EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id))
diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index 127b338634..7dae692482 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -59,10 +59,10 @@ subtest "generating certificate requests" => sub {
 };
 
 subtest "generating SM2 certificate requests" => sub {
-    plan tests => 2;
+    plan tests => 4;
 
     SKIP: {
-        skip "SM2 is not supported by this OpenSSL build", 2
+        skip "SM2 is not supported by this OpenSSL build", 4
         if disabled("sm2");
         ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
@@ -74,6 +74,17 @@ subtest "generating SM2 certificate requests" => sub {
                     "-verify", "-in", "testreq.pem", "-noout",
                     "-sm2-id", "1234567812345678", "-sm3"])),
            "Verifying signature on SM2 certificate request");
+
+        ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+                    "-new", "-key", srctop_file("test", "certs", "sm2.key"),
+                    "-sigopt", "sm2_hex_id:DEADBEEF",
+                    "-out", "testreq.pem", "-sm3"])),
+           "Generating SM2 certificate request with hex id");
+
+        ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+                    "-verify", "-in", "testreq.pem", "-noout",
+                    "-sm2-hex-id", "DEADBEEF", "-sm3"])),
+           "Verifying signature on SM2 certificate request");
     }
 };
 
-- 
2.25.1