Make X509_set_sm2_id consistent with other setters (ccf45361) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

apps/verify.c

+26 −14

Original line number	Diff line number	Diff line
		@@ -246,18 +246,27 @@ static int check(X509_STORE ctx, const char file,

		if (sm2id != NULL) {
		#ifndef OPENSSL_NO_SM2
		ASN1_OCTET_STRING v;
		ASN1_OCTET_STRING *v;

		v.data = sm2id;
		v.length = sm2idlen;
		v = ASN1_OCTET_STRING_new();
		if (v == NULL) {
		BIO_printf(bio_err, "error: SM2 ID allocation failed\n");
		goto end;
		}

		if (!ASN1_OCTET_STRING_set(v, sm2id, sm2idlen)) {
		BIO_printf(bio_err, "error: setting SM2 ID failed\n");
		ASN1_OCTET_STRING_free(v);
		goto end;
		}

		X509_set_sm2_id(x, &v);
		X509_set0_sm2_id(x, v);
		#endif
		}

		csc = X509_STORE_CTX_new();
		if (csc == NULL) {
		printf("error %s: X.509 store context allocation failed\n",
		BIO_printf(bio_err, "error %s: X.509 store context allocation failed\n",
		(file == NULL) ? "stdin" : file);
		goto end;
		}
		@@ -265,7 +274,8 @@ static int check(X509_STORE ctx, const char file,
		X509_STORE_set_flags(ctx, vflags);
		if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
		X509_STORE_CTX_free(csc);
		printf("error %s: X.509 store context initialization failed\n",
		BIO_printf(bio_err,
		"error %s: X.509 store context initialization failed\n",
		(file == NULL) ? "stdin" : file);
		goto end;
		}
		@@ -275,28 +285,30 @@ static int check(X509_STORE ctx, const char file,
		X509_STORE_CTX_set0_crls(csc, crls);
		i = X509_verify_cert(csc);
		if (i > 0 && X509_STORE_CTX_get_error(csc) == X509_V_OK) {
		printf("%s: OK\n", (file == NULL) ? "stdin" : file);
		BIO_printf(bio_out, "%s: OK\n", (file == NULL) ? "stdin" : file);
		ret = 1;
		if (show_chain) {
		int j;

		chain = X509_STORE_CTX_get1_chain(csc);
		num_untrusted = X509_STORE_CTX_get_num_untrusted(csc);
		printf("Chain:\n");
		BIO_printf(bio_out, "Chain:\n");
		for (j = 0; j < sk_X509_num(chain); j++) {
		X509 *cert = sk_X509_value(chain, j);
		printf("depth=%d: ", j);
		BIO_printf(bio_out, "depth=%d: ", j);
		X509_NAME_print_ex_fp(stdout,
		X509_get_subject_name(cert),
		0, get_nameopt());
		if (j < num_untrusted)
		printf(" (untrusted)");
		printf("\n");
		BIO_printf(bio_out, " (untrusted)");
		BIO_printf(bio_out, "\n");
		}
		sk_X509_pop_free(chain, X509_free);
		}
		} else {
		printf("error %s: verification failed\n", (file == NULL) ? "stdin" : file);
		BIO_printf(bio_err,
		"error %s: verification failed\n",
		(file == NULL) ? "stdin" : file);
		}
		X509_STORE_CTX_free(csc);

crypto/include/internal/x509_int.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -184,7 +184,7 @@ struct x509_st {
		CRYPTO_RWLOCK *lock;
		volatile int ex_cached;
		# ifndef OPENSSL_NO_SM2
		ASN1_OCTET_STRING sm2_id;
		ASN1_OCTET_STRING *sm2_id;
		# endif
		} /* X509 */ ;

crypto/x509/x_all.c

+4 −1

Original line number	Diff line number	Diff line
		@@ -72,7 +72,10 @@ static int x509_verify_sm2(X509 x, EVP_PKEY pkey, int mdnid, int pknid)
		ret = 0;
		goto err;
		}
		if (EVP_PKEY_CTX_set1_id(pctx, x->sm2_id.data, x->sm2_id.length) != 1) {
		/* NOTE: we tolerate no actual ID, to provide maximum flexibility */
		if (x->sm2_id != NULL
		&& EVP_PKEY_CTX_set1_id(pctx, x->sm2_id->data,
		x->sm2_id->length) != 1) {
		X509err(X509_F_X509_VERIFY_SM2, ERR_R_EVP_LIB);
		ret = 0;
		goto err;

crypto/x509/x_x509.c

+10 −3

Original line number	Diff line number	Diff line
		@@ -72,6 +72,9 @@ static int x509_cb(int operation, ASN1_VALUE *pval, const ASN1_ITEM it,
		#ifndef OPENSSL_NO_RFC3779
		ret->rfc3779_addr = NULL;
		ret->rfc3779_asid = NULL;
		#endif
		#ifndef OPENSSL_NO_SM2
		ret->sm2_id = NULL;
		#endif
		ret->aux = NULL;
		ret->crldp = NULL;
		@@ -91,6 +94,9 @@ static int x509_cb(int operation, ASN1_VALUE *pval, const ASN1_ITEM it,
		#ifndef OPENSSL_NO_RFC3779
		sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
		ASIdentifiers_free(ret->rfc3779_asid);
		#endif
		#ifndef OPENSSL_NO_SM2
		ASN1_OCTET_STRING_free(ret->sm2_id);
		#endif
		break;

		@@ -246,13 +252,14 @@ int X509_get_signature_nid(const X509 *x)
		}

		#ifndef OPENSSL_NO_SM2
		void X509_set_sm2_id(X509 x, ASN1_OCTET_STRING sm2_id)
		void X509_set0_sm2_id(X509 x, ASN1_OCTET_STRING sm2_id)
		{
		x->sm2_id = *sm2_id;
		ASN1_OCTET_STRING_free(x->sm2_id);
		x->sm2_id = sm2_id;
		}

		ASN1_OCTET_STRING X509_get0_sm2_id(X509 x)
		{
		return &x->sm2_id;
		return x->sm2_id;
		}
		#endif

doc/man3/X509_get0_sm2_id.pod

+8 −4

Original line number	Diff line number	Diff line
		@@ -2,20 +2,24 @@

		=head1 NAME

		X509_get0_sm2_id, X509_set_sm2_id - get or set SM2 ID for certificate operations
		X509_get0_sm2_id, X509_set0_sm2_id - get or set SM2 ID for certificate operations

		=head1 SYNOPSIS

		#include <openssl/x509.h>

		ASN1_OCTET_STRING X509_get0_sm2_id(X509 x);
		void X509_set_sm2_id(X509 x, ASN1_OCTET_STRING sm2_id);
		void X509_set0_sm2_id(X509 x, ASN1_OCTET_STRING sm2_id);

		=head1 DESCRIPTION

		X509_get0_sm2_id() gets the ID value of an SM2 certificate B<x> by returning an
		B<ASN1_OCTET_STRING> object which should not be freed by the caller.
		X509_set_sm2_id() sets the B<sm2_id> value to an SM2 certificate B<x>.

		X509_set0_sm2_id() sets the B<sm2_id> value to an SM2 certificate B<x>. Calling
		this function transfers the memory management of the value to the X509 object,
		and therefore the value that has been passed in should not be freed by the
		caller after this function has been called.

		=head1 NOTES

		@@ -25,7 +29,7 @@ ability to set and retrieve the SM2 ID value.

		=head1 RETURN VALUES

		X509_set_sm2_id() does not return a value.
		X509_set0_sm2_id() does not return a value.

		=head1 SEE ALSO

Admin message