update curve wapip192v1 OID

2026-06-13 08:23:50 +08:00 · 2017-11-27 12:36:32 +08:00
parent ed7bf9302f
commit aa97769318
7 changed files with 151 additions and 183 deletions
--- a/README.md
+++ b/README.md
@@ -4,6 +4,12 @@
 GmSSL is an open source cryptographic toolbox that supports SM2 / SM3 / SM4 / SM9 and other national secret (national commercial password) algorithm, SM2 digital certificate and SM2 certificate based on SSL / TLS secure communication protocol to support the national security hardware password device , To provide in line with the national standard programming interface and command line tools, can be used to build PKI / CA, secure communication, data encryption and other standards in line with national security applications. The GmSSL project is a branch of the [OpenSSL](https://www.openssl.org)project and is compatible with OpenSSL. So GmSSL can replace the application of OpenSSL components, and make the application automatically with national security capabilities. The GmSSL project utilizes a business-friendly BSD open source license, open source and can be used for closed source commercial applications. GmSSL project by the Peking University [Guan Zhi](http://infosec.pku.edu.cn/~guanzhi/)deputy researcher of the cryptography research group development and maintenance, the project source code hosted in [GitHub](https://github.com /guanzhi/GmSSL). Since its release in 2014, GmSSL has been deployed and applied in multiple projects and products, and has won the second prize of the "One Cup" China Linux Software Contest in 2015 (the highest award) and [Open Source China](https://www.oschina.net/p/GmSSL) password class recommended items. The core goal of the GmSSL project is to promote the construction of cyberspace security through open source cryptography.
 In 2014, the GmSSL (http://gmssl.org) project is released to provide open source implementations of Chinese GM cryptography standards.
 Now, GmSSL is the most popular open source GM cryptography toolkit in China.
 GmSSL team are helping big companies to transfer from International standards to national standards
 ## Latest News
 - February 15, 2017  rename master to gmssl-v1，current master branch migrate to OpenSSL-1.1.0。
@@ -11,154 +17,100 @@ GmSSL is an open source cryptographic toolbox that supports SM2 / SM3 / SM4 / SM
 - January 18, 2017 Updated the project home page
 - [More ...](http://gmssl.org/docs/changelog.html)
-## SM Crypto Algorithm
+## Algorithm
 - ZUC stream cipher, defined in GM/T 0001-2012
 - SM4 block cipher with 128-bit key length and 128-bit block size, defined in GM/T 0002-2012
 - SM3 Digest Algorithm with 256-bit digest length and 512-bit block size, defined in GM/T 0004-2012
 - SM2 ellptic curve cryptography and 256-bit prime field recommended domain parameters, defined in GM/T 0003-2012
 - SM9 pairing-based cryptography and recommended BN-curve, defined in GM/T 0046-2016
 - SM1 block cipher with 128-bit key length and 128-bit block size, only provided with chip
 - SSF33 block cipher with 128-bit key length and 128-bit block size, only provided by chip
 ## Programming Interfaces
 - SKF C API (GM/T 0016-2012) Smart token cryptography application interface specification.
 - SDF C API (GM/T 0018-2012) Interface specifications of cryptography device application.
 - SAF C API (GM/T 0019-2012) Universal cryptography service interface specification.
 - SOF C/Java API (GM/T 0020-2012) Certificate application integrated service interface specification.
 ## Protocols
 - One-time password scheme based on SM3 and SM4
 - SSL VPN protocol with RSA/SM2/SM9-SM4-SM3 cipher suites
 - IPSec VPN protocol
 ## Features
 - Support Chinese
 - Full support of Chinese GM Cryptography Standards
 - Support Chinese cryptographic hardwares (HSMs).
 - Commercial friendly BSD-style open source license.
 - Support SSL protocols
 - Compatible with OpenSSL, all OpenSSL functionalities preserved.
 The secret algorithm is the abbreviation of the national commercial cryptographic algorithm. Since 2012, the National Password Authority to the "People's Republic of China password industry standard" approach, have announced the SM2 / SM3 / SM4 and other cryptographic algorithm standards and application specifications. Which "SM" on behalf of "business secret", that is used for commercial, not involving state secrets of the password technology. SM2 is a public key cryptography algorithm based on elliptic curve cryptography, including digital signature, key exchange and public key encryption. It is used to replace international algorithms such as RSA / Diffie-Hellman / ECDSA / ECDH. SM3 is password hash algorithm, SM4 is a block cipher used to replace DES / AES and other international algorithms. SM9 is an identity-based cryptographic algorithm that can replace PKI / CA based on digital certificate. By deploying the secret algorithm, you can reduce the security risks caused by weak passwords and bug implementations and the overhead of deploying PKI / CA.
 ## 2.0 New Features
 * Based on OpenSSL 1.1.x
 * SM2 signature generation with Z values
 * Frameworks and engines to support SKF/SDF HSMs
 * TLS with SM2/SM3/SMS4 cipher suites
 ## Quick Start
-Quick Start Guide describes the basic instructions for compiling, installing, and `gmssl` command line tools for GmSSL.
+This short guide describes the build, install and typical usage of the `gmssl` command line tool. Visit http://gmssl.org for more documents.
-1. Download the source code ([zip](https://github.com/guanzhi/GmSSL/archive/master.zip))，unzip it to current directory.
+1. Download the source code ([GmSSL-master.zip](https://github.com/guanzhi/GmSSL/archive/master.zip)) and uncompress the ZIP file.
-
+2. Compile and install on Linux and Mac OS X
   ```sh
   $ tar xzvf gmssl-<version>.tar.gz
   ```
 2. Compile and install
   Linux (Other platform see [Compile and instal](http://gmssl.org))
 ```sh
 $ ./config
 $ make
 $ sudo make install
 ```
   Compile and install on Windows
-   After installation, you can execute the `gmssl` command line tool to check for success
+```bash
-
+> perl Configure VC-WIN32
-   ```sh
+> nmake
-   $ gmssl version
+> nmake install
   GmSSL 1.3.0 - OpenSSL 1.0.2d
 ```
-3. SM4 encrypt file
+	After installation, you can run `gmssl version -a` to print the detailed information of gmssl.
 3. Encrypt and decrypt with SM4 and password
 ```sh
-   $ gmssl sms4 -e -in <yourfile> -out <yourfile>.sms4
+$ echo -n abc | gmssl sms4 -out ciphertext.bin
-   enter sms4-cbc encryption password: <your-password>
+$ gmssl sms4 -d -in ciphertext.sms4
   Verifying - enter sms4-cbc encryption password: <your-password>
   ```
   decrypt
   ```sh
   $ gmssl sms4 -d -in <yourfile>.sms4
   enter sms4-cbc decryption password: <your-password>
 ```
 4. Generate SM3 digest
 ```
-   $ gmssl sm3 <yourfile>
+$ echo -n abc | gmssl sm3
-   SM3(yourfile)= 66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8f4ba8e0
+(stdin)= 66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8f4ba8e0
 ```
-5. Generate SM2 key and sign
+5. Generate SM2 keypair
 ```sh
-   $ gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 \
+$ gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 -pkeyopt ec_param_enc:named_curve -out skey.pem
-                   -pkeyopt ec_param_enc:named_curve  -out signkey.pem
+$ gmssl pkey -pubout -in skey.pem -out pkey.pem
   $ gmssl pkeyutl -sign -pkeyopt ec_sign_algor:sm2 -inkey signkey.pem \
                   -in <yourfile> -out <yourfile>.sig
 ```
-   You can export the public key from `signkey.pem` to the party that issued the signature
+6. Generate SM2 signature (in DER format) and verify
 ```sh
-   $ gmssl pkey -pubout -in signkey.pem -out vrfykey.pem
+$ gmssl pkeyutl -sign -pkeyopt ec_scheme:sm_scheme -inkey skey.pem -in msg.txt -out msg.sig
-   $ gmssl pkeyutl -verify -pkeyopt ec_sign_algor:sm2 -pubin -inkey vrfykey.pem \
+$ gmssl pkeyutl -verify -pkeyopt ec_scheme:sm_scheme -pubin -inkey vrfykey.pem -in <yourfile> -sigfile <yourfile>.sig
                   -in <yourfile> -sigfile <yourfile>.sig
 ```
-6. Generate self-signed certificate 
+7. Do public key encryption and decryption
 ```sh
-   $ gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 \
+$ gmssl pkeyutl -sign -pkeyopt ec_scheme:sm_scheme -inkey skey.pem -in msg.txt -out msg.sig
-                   -pkeyopt ec_param_enc:named_curve -out ca.key
+$ gmssl pkeyutl -verify -pkeyopt ec_scheme:sm_scheme -pubin -inkey vrfykey.pem -in <yourfile> -sigfile <yourfile>.sig
   $ gmssl req -sm3 -new -x509 -days 365 -key ca.key -out ca.crt
 ```
-## Project documentation
+8. Generate a self-signed certificate from private key
-   - User manual
+```sh
 $ gmssl req -new -x509 -key skey.pem -out cert.pem
 ```
      * [Compile and install](http://gmssl.org/docs/install.html)
      * [Command line tool manual](http://gmssl.org/docs/commands.html)
      * [GmSSL EVP API](http://gmssl.org/docs/evp-api.html)
      * [GmSSL Java API](http://gmssl.org/docs/java-api.html)
   - Password algorithm
      * [SM1 group password](http://gmssl.org/docs/sm1.html)
      * [SSF33 group password](http://gmssl.org/docs/ssf33.html)
      * [SM2 elliptic curve public key password](http://gmssl.org/docs/sm2.html)
      * [SM3 password hash algorithm](http://gmssl.org/docs/sm3.html)
      * [SM4 / SMS4 group password](http://gmssl.org/docs/sm4.html)
      * [SM9 identity-based password](http://gmssl.org/docs/sm9.html)
      * [ZUC sequence password](http://gmssl.org/docs/zuc.html)
      * [CPK combination public key password](http://gmssl.org/docs/cpk.html)
      * [BF-IBE (Boneh-Franklin Identity-Based Encryption)](http://gmssl.org/docs/bfibe.html)
      * [BB-IBE (Boneh-Boyen Identity-Based Encryption)](http://gmssl.org/docs/bb1ibe.html)
   - password hardware
      * [Password hardware support](http://gmssl.org/docs/crypto-devices.html)
      * [Country density SKF password hardware](http://gmssl.org/docs/skf.html)
      * [National secret SDF password hardware](http://gmssl.org/docs/sdf.html)
      * [Key management service](http://gmssl.org/docs/keyservice.html)
   - Security protocol
      * [SSL / TLS protocol](http://gmssl.org/docs/ssl.html)
      * [National secret SSL VPN protocol](http://gmssl.org/docs/sslvpn.html)
      * [National secret IPSec VPN protocol](http://gmssl.org/docs/ipsecvpn.html)
   - Developer
      * [GmSSL Coding Style](http://gmssl.org/docs/gmssl-coding-style.html)
      * [Roadmap](http://gmssl.org/docs/roadmap.html)
      * [Open source license (GmSSL Licenses)](http://gmssl.org/docs/licenses.html)
   - Standards and norms
      * [People's Republic of China password industry standard](http://gmssl.org/docs/standards.html)
      * [National secret algorithm identification OID](http://gmssl.org/docs/oid.html)
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -347,42 +347,3 @@ tsa_name		= yes	# Must the TSA name be included in the reply?
 				# (optional, default: no)
 ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
 				# (optional, default: no)
 [openssl_init]
 engines = engine_section
 [engine_section]
 skf = skf_section
 [pkcs11_section]
 engine_id = pkcs11
 dynamic_path = /usr/lib/engines/engine_pkcs11.so
 MODULE_PATH = /usr/local/lib/opensc-pkcs11.so
 PIN = 123456
 init = 0
 [sdf_section]
 engine_id = sdf
 SO_PATH = /Users/guanzhi/code/github/GmSSL-Private/engines/sdf_dummy.dylib
 VENDOR = sansec
 OPEN_DEV =
 init = 1
 [skf_section]
 engine_id = skf
 VERBOSE = 2
 SO_PATH = /home/guanzhi/code/github/GmSSL-Private/engines/libSKF_final.so
 SET_AUTHKEY = 31323334353637383132333435363738
 OPEN_DEV = /media/guanzhi/Factory
 OPEN_APP = myApp1
 init = 1
 #[req]
 #distinguished_name = req_distinguished_name
 #
 #[req_distinguished_name]
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -399,7 +399,7 @@ static int found(const char *name, const OPT_PAIR *pairs, int *result)
 typedef enum OPTION_choice {
    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
    OPT_ELAPSED, OPT_EVP, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
-    OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS
+    OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_NOPRE
 } OPTION_CHOICE;
 OPTIONS speed_options[] = {
@@ -409,6 +409,7 @@ OPTIONS speed_options[] = {
    {"evp", OPT_EVP, 's', "Use specified EVP cipher"},
    {"decrypt", OPT_DECRYPT, '-',
     "Time decryption instead of encryption (only EVP)"},
    {"nopre", OPT_NOPRE, '-', "Disable pre-compute"},
    {"mr", OPT_MR, '-', "Produce machine readable output"},
    {"mb", OPT_MB, '-',
     "Enable (tls1.1) multi-block mode on evp_cipher requested with -evp"},
@@ -1408,6 +1409,7 @@ int speed_main(int argc, char **argv)
    double d = 0.0;
    OPTION_CHOICE o;
    int multiblock = 0, pr_header = 0;
    int nopre = 0;
    int doit[ALGOR_NUM] = { 0 };
    int ret = 1, i, k, misalign = 0;
    long count = 0;
@@ -1634,6 +1636,9 @@ int speed_main(int argc, char **argv)
            goto end;
 #endif
            break;
        case OPT_NOPRE:
            nopre = 1;
            break;
        }
    }
    argc = opt_num_rest();
@@ -2771,6 +2776,7 @@ int speed_main(int argc, char **argv)
            rsa_count = 1;
        } else {
            for (i = 0; i < loopargs_len; i++) {
                if (!nopre)
                    EC_KEY_precompute_mult(loopargs[i].ecdsa[testnum], NULL);
                /* Perform ECDSA signature test */
                EC_KEY_generate_key(loopargs[i].ecdsa[testnum]);
@@ -2953,6 +2959,7 @@ int speed_main(int argc, char **argv)
            rsa_count = 1;
        } else {
            for (i = 0; i < loopargs_len; i++) {
                if (!nopre)
                    EC_KEY_precompute_mult(loopargs[i].sm2[testnum], NULL);
                /* Perform SM2 signature test */
                EC_KEY_generate_key(loopargs[i].sm2[testnum]);
@@ -3039,6 +3046,7 @@ int speed_main(int argc, char **argv)
            rsa_count = 1;
        } else {
            for (i = 0; i < loopargs_len; i++) {
                if (!nopre)
                    EC_KEY_precompute_mult(loopargs[i].sm2[testnum], NULL);
                /* Perform SM2 encryption test */
                EC_KEY_generate_key(loopargs[i].sm2[testnum]);
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -10,7 +10,7 @@
 */
 /* Serialized OID's */
-static const unsigned char so[7761] = {
+static const unsigned char so[7787] = {
    0x2A,0x86,0x48,0x86,0xF7,0x0D,                 /* [    0] OBJ_rsadsi */
    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,            /* [    6] OBJ_pkcs */
    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,       /* [   13] OBJ_md2 */
@@ -1033,7 +1033,7 @@ static const unsigned char so[7761] = {
    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x79,       /* [ 7266] OBJ_sm2sign_with_sha224 */
    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x7A,       /* [ 7274] OBJ_sm2sign_with_sha384 */
    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x7B,       /* [ 7282] OBJ_sm2sign_with_rmd160 */
-    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x65,  /* [ 7290] OBJ_wapip192v1 */
+    0x2A,0x81,0x1C,0xD7,0x63,0x01,0x01,0x02,0x01,  /* [ 7290] OBJ_wapip192v1 */
    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x86,0x20,       /* [ 7299] OBJ_zuc */
    0x2A,0x86,0x48,0x01,0x86,0xFD,0x1E,0x01,0x02,0x01,  /* [ 7307] OBJ_bfibe */
    0x2A,0x86,0x48,0x01,0x86,0xFD,0x1E,0x01,0x02,0x02,  /* [ 7317] OBJ_bb1 */
@@ -1087,9 +1087,13 @@ static const unsigned char so[7761] = {
    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x86,0x20,0x01,  /* [ 7732] OBJ_zuc_128eea3 */
    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x86,0x20,0x02,  /* [ 7741] OBJ_zuc_128eia3 */
    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x64,  /* [ 7750] OBJ_pbe_WithSM3AndSMS4_CBC */
    0x2A,0x81,0x1C,0xD7,0x63,                      /* [ 7760] OBJ_bwips */
    0x2A,0x81,0x1C,0xD7,0x63,0x01,                 /* [ 7765] OBJ_wapi_crypto */
    0x2A,0x81,0x1C,0xD7,0x63,0x01,0x01,            /* [ 7771] OBJ_wapi_ec */
    0x2A,0x81,0x1C,0xD7,0x63,0x01,0x01,0x01,       /* [ 7778] OBJ_wapi_ecdsa192_sha256 */
 };
-#define NUM_NID 1196
+#define NUM_NID 1200
 static const ASN1_OBJECT nid_objs[NUM_NID] = {
    {"UNDEF", "undefined", NID_undef},
    {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2287,9 +2291,13 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
    {"zuc-128eea3", "zuc-128eea3", NID_zuc_128eea3, 9, &so[7732]},
    {"zuc-128eia3", "zuc-128eia3", NID_zuc_128eia3, 9, &so[7741]},
    {"PBE-SM3-SMS4", "pbeWithSM3AndSMS4-CBC", NID_pbe_WithSM3AndSMS4_CBC, 10, &so[7750]},
    {"bwips", "bwips", NID_bwips, 5, &so[7760]},
    {"wapi-crypto", "wapi-crypto", NID_wapi_crypto, 6, &so[7765]},
    {"wapi-ec", "wapi-ec", NID_wapi_ec, 7, &so[7771]},
    {"wapi-ecdsa192-sha256", "wapi-ecdsa192-sha256", NID_wapi_ecdsa192_sha256, 8, &so[7778]},
 };
-#define NUM_SN 1185
+#define NUM_SN 1189
 static const unsigned int sn_objs[NUM_SN] = {
     364,    /* "AD_DVCS" */
     419,    /* "AES-128-CBC" */
@@ -2626,6 +2634,7 @@ static const unsigned int sn_objs[NUM_SN] = {
     934,    /* "brainpoolP512t1" */
     494,    /* "buildingName" */
     860,    /* "businessCategory" */
    1196,    /* "bwips" */
     691,    /* "c2onb191v4" */
     692,    /* "c2onb191v5" */
     697,    /* "c2onb239v4" */
@@ -3465,6 +3474,9 @@ static const unsigned int sn_objs[NUM_SN] = {
     740,    /* "wap-wsg-idm-ecid-wtls7" */
     741,    /* "wap-wsg-idm-ecid-wtls8" */
     742,    /* "wap-wsg-idm-ecid-wtls9" */
    1197,    /* "wapi-crypto" */
    1198,    /* "wapi-ec" */
    1199,    /* "wapi-ecdsa192-sha256" */
    1135,    /* "wapip192v1" */
    1144,    /* "weil-pairing" */
     804,    /* "whirlpool" */
@@ -3478,7 +3490,7 @@ static const unsigned int sn_objs[NUM_SN] = {
    1194,    /* "zuc-128eia3" */
 };
-#define NUM_LN 1185
+#define NUM_LN 1189
 static const unsigned int ln_objs[NUM_LN] = {
     363,    /* "AD Time Stamping" */
     405,    /* "ANSI X9.62" */
@@ -3744,6 +3756,7 @@ static const unsigned int ln_objs[NUM_LN] = {
     934,    /* "brainpoolP512t1" */
     494,    /* "buildingName" */
     860,    /* "businessCategory" */
    1196,    /* "bwips" */
     691,    /* "c2onb191v4" */
     692,    /* "c2onb191v5" */
     697,    /* "c2onb239v4" */
@@ -4652,6 +4665,9 @@ static const unsigned int ln_objs[NUM_LN] = {
     740,    /* "wap-wsg-idm-ecid-wtls7" */
     741,    /* "wap-wsg-idm-ecid-wtls8" */
     742,    /* "wap-wsg-idm-ecid-wtls9" */
    1197,    /* "wapi-crypto" */
    1198,    /* "wapi-ec" */
    1199,    /* "wapi-ecdsa192-sha256" */
    1135,    /* "wapip192v1" */
    1144,    /* "weil-pairing" */
     804,    /* "whirlpool" */
@@ -4667,7 +4683,7 @@ static const unsigned int ln_objs[NUM_LN] = {
    1194,    /* "zuc-128eia3" */
 };
-#define NUM_OBJ 1082
+#define NUM_OBJ 1086
 static const unsigned int obj_objs[NUM_OBJ] = {
       0,    /* OBJ_undef                        0 */
     181,    /* OBJ_iso                          1 */
@@ -4908,6 +4924,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
     638,    /* OBJ_set_brand_AmericanExpress    2 23 42 8 34 */
     639,    /* OBJ_set_brand_JCB                2 23 42 8 35 */
    1084,    /* OBJ_oscca                        1 2 156 10197 */
    1196,    /* OBJ_bwips                        1 2 156 11235 */
     805,    /* OBJ_cryptopro                    1 2 643 2 2 */
     806,    /* OBJ_cryptocom                    1 2 643 2 9 */
     974,    /* OBJ_id_tc26                      1 2 643 7 1 */
@@ -4993,6 +5010,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
     745,    /* OBJ_wap_wsg_idm_ecid_wtls12      2 23 43 1 4 12 */
     804,    /* OBJ_whirlpool                    1 0 10118 3 0 55 */
    1085,    /* OBJ_sm_scheme                    1 2 156 10197 1 */
    1197,    /* OBJ_wapi_crypto                  1 2 156 11235 1 */
     773,    /* OBJ_kisa                         1 2 410 200004 */
     807,    /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */
     808,    /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */
@@ -5059,6 +5077,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
     634,    /* OBJ_setAttr_TokICCsig            2 23 42 3 3 5 1 */
     635,    /* OBJ_setAttr_SecDevSig            2 23 42 3 3 5 2 */
     436,    /* OBJ_ucl                          0 9 2342 19200300 */
    1198,    /* OBJ_wapi_ec                      1 2 156 11235 1 1 */
     820,    /* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */
     819,    /* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */
     845,    /* OBJ_id_GostR3410_94_a            1 2 643 2 2 20 1 */
@@ -5197,6 +5216,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
    1167,    /* OBJ_sm2sign_with_blake2b512      1 2 156 10197 1 521 */
    1168,    /* OBJ_sm2sign_with_blake2s256      1 2 156 10197 1 522 */
    1136,    /* OBJ_zuc                          1 2 156 10197 1 800 */
    1199,    /* OBJ_wapi_ecdsa192_sha256         1 2 156 11235 1 1 1 */
     776,    /* OBJ_seed_ecb                     1 2 410 200004 1 3 */
     777,    /* OBJ_seed_cbc                     1 2 410 200004 1 4 */
     779,    /* OBJ_seed_cfb128                  1 2 410 200004 1 5 */
@@ -5401,13 +5421,13 @@ static const unsigned int obj_objs[NUM_OBJ] = {
    1117,    /* OBJ_sm2sign                      1 2 156 10197 1 301 1 */
    1149,    /* OBJ_sm2exchange                  1 2 156 10197 1 301 2 */
    1119,    /* OBJ_sm2encrypt                   1 2 156 10197 1 301 3 */
    1135,    /* OBJ_wapip192v1                   1 2 156 10197 1 301 101 */
    1123,    /* OBJ_sm9sign                      1 2 156 10197 1 302 1 */
    1124,    /* OBJ_sm9keyagreement              1 2 156 10197 1 302 2 */
    1125,    /* OBJ_sm9encrypt                   1 2 156 10197 1 302 3 */
    1127,    /* OBJ_hmac_sm3                     1 2 156 10197 1 401 2 */
    1193,    /* OBJ_zuc_128eea3                  1 2 156 10197 1 800 1 */
    1194,    /* OBJ_zuc_128eia3                  1 2 156 10197 1 800 2 */
    1135,    /* OBJ_wapip192v1                   1 2 156 11235 1 1 2 1 */
     997,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetTest 1 2 643 7 1 2 1 2 0 */
     998,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetA 1 2 643 7 1 2 1 2 1 */
     999,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetB 1 2 643 7 1 2 1 2 2 */
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1193,3 +1193,7 @@ kx_sm9dhe		1192
 zuc_128eea3		1193
 zuc_128eia3		1194
 pbe_WithSM3AndSMS4_CBC		1195
 bwips		1196
 wapi_crypto		1197
 wapi_ec		1198
 wapi_ecdsa192_sha256		1199
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -1595,7 +1595,7 @@ sm-scheme 301		: sm2p256v1
 sm-scheme 301 1		: sm2sign
 sm-scheme 301 2		: sm2exchange
 sm-scheme 301 3		: sm2encrypt
-sm-scheme 301 101	: wapip192v1
+#sm-scheme 301 101	: wapip192v1
 sm2encrypt 1		: sm2encrypt-recommendedParameters
 sm2encrypt 2		: sm2encrypt-specifiedParameters
@@ -1663,3 +1663,10 @@ cpk-map 3		: cpk-sm3-map
 GmSSL 21		: paillier
 # WAPI (GB 15629.11-2003-XG1-2006)
 ISO-CN 11235		: bwips
 bwips 1			: wapi-crypto
 wapi-crypto 1		: wapi-ec
 wapi-ec 1		: wapi-ecdsa192-sha256
 wapi-ec 2 1		: wapip192v1
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -4940,10 +4940,6 @@
 #define NID_sm2encrypt          1119
 #define OBJ_sm2encrypt          OBJ_sm_scheme,301L,3L
 #define SN_wapip192v1           "wapip192v1"
 #define NID_wapip192v1          1135
 #define OBJ_wapip192v1          OBJ_sm_scheme,301L,101L
 #define SN_sm2encrypt_recommendedParameters             "sm2encrypt-recommendedParameters"
 #define NID_sm2encrypt_recommendedParameters            1120
 #define OBJ_sm2encrypt_recommendedParameters            OBJ_sm2encrypt,1L
@@ -5156,3 +5152,23 @@
 #define SN_paillier             "paillier"
 #define NID_paillier            1148
 #define OBJ_paillier            OBJ_GmSSL,21L
 #define SN_bwips                "bwips"
 #define NID_bwips               1196
 #define OBJ_bwips               OBJ_ISO_CN,11235L
 #define SN_wapi_crypto          "wapi-crypto"
 #define NID_wapi_crypto         1197
 #define OBJ_wapi_crypto         OBJ_bwips,1L
 #define SN_wapi_ec              "wapi-ec"
 #define NID_wapi_ec             1198
 #define OBJ_wapi_ec             OBJ_wapi_crypto,1L
 #define SN_wapi_ecdsa192_sha256         "wapi-ecdsa192-sha256"
 #define NID_wapi_ecdsa192_sha256                1199
 #define OBJ_wapi_ecdsa192_sha256                OBJ_wapi_ec,1L
 #define SN_wapip192v1           "wapip192v1"
 #define NID_wapip192v1          1135
 #define OBJ_wapip192v1          OBJ_wapi_ec,2L,1L