Fix SM4 API bugs and change behavior

2026-06-19 19:33:38 +08:00 · 2026-06-13 22:14:56 +08:00
parent 8fded4abc7
commit c12edeb7b1
29 changed files with 1281 additions and 212 deletions
--- a/tools/sm4.c
+++ b/tools/sm4.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
 *
 *  Licensed under the Apache License, Version 2.0 (the License); you may
 *  not use this file except in compliance with the License.
@@ -686,7 +686,7 @@ bad:
 			case SM4_MODE_OFB: rv = sm4_ofb_encrypt_update(&sm4_ctx.ofb, inbuf, inlen, outbuf, &outlen); break;
 #endif
 #ifdef ENABLE_SM4_XTS
-			case SM4_MODE_XTS: rv = sm4_xts_encrypt_update(&sm4_ctx.xts, inbuf, inlen, outbuf, &outlen); break;
+			case SM4_MODE_XTS: rv = sm4_xts_decrypt_update(&sm4_ctx.xts, inbuf, inlen, outbuf, &outlen); break;
 #endif
 			case SM4_MODE_GCM: rv = sm4_gcm_decrypt_update(&sm4_ctx.gcm, inbuf, inlen, outbuf, &outlen); break;
 			case SM4_MODE_CBC_SM3_HMAC: rv = sm4_cbc_sm3_hmac_decrypt_update(&sm4_ctx.cbc_sm3_hmac, inbuf, inlen, outbuf, &outlen); break;
--- a/tools/sm4_cbc_mac.c
+++ b/tools/sm4_cbc_mac.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
 *
 *  Licensed under the Apache License, Version 2.0 (the License); you may
 *  not use this file except in compliance with the License.
@@ -84,7 +84,7 @@ int sm4_cbc_mac_main(int argc, char **argv)
 		} else if (!strcmp(*argv, "-key")) {
 			if (--argc < 1) goto bad;
 			keyhex = *(++argv);
-			if (strlen(keyhex) > sizeof(key) * 2) {
+			if (strlen(keyhex) != sizeof(key) * 2) {
 				fprintf(stderr, "gmssl %s: key should be 16 bytes\n", prog);
 				goto end;
 			}
@@ -142,43 +142,31 @@ bad:
 		goto end;
 	}

-	sm4_cbc_mac_init(&ctx, key);
-	/*
 	if (sm4_cbc_mac_init(&ctx, key) != 1) {
 		fprintf(stderr, "gmssl %s: inner error\n", prog);
 		goto end;
 	}
-	*/

 	if (in_str) {
-		sm4_cbc_mac_update(&ctx, (uint8_t *)in_str, strlen(in_str));
-		/*
 		if (sm4_cbc_mac_update(&ctx, (uint8_t *)in_str, strlen(in_str)) != 1) {
 			fprintf(stderr, "gmssl %s: inner error\n", prog);
 			goto end;
 		}
-		*/
 	} else {
 		uint8_t buf[4096];
 		size_t len;
 		while ((len = fread(buf, 1, sizeof(buf), infp)) > 0) {
-			sm4_cbc_mac_update(&ctx, buf, len);
-			/*
 			if (sm4_cbc_mac_update(&ctx, buf, len) != 1) {
 				fprintf(stderr, "gmssl %s: inner error\n", prog);
 				goto end;
 			}
-			*/
 		}
 		memset(buf, 0, sizeof(buf));
 	}
-	sm4_cbc_mac_finish(&ctx, mac);
-	/*
 	if (sm4_cbc_mac_finish(&ctx, mac) != 1) {
 		fprintf(stderr, "gmssl %s: inner error\n", prog);
 		goto end;
 	}
-	*/

 	if (outformat > 1) {
 		if (fwrite(mac, 1, sizeof(mac), outfp) != sizeof(mac)) {
--- a/tools/sm4_cbc_sm3_hmac.c
+++ b/tools/sm4_cbc_sm3_hmac.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
 *
 *  Licensed under the Apache License, Version 2.0 (the License); you may
 *  not use this file except in compliance with the License.
@@ -99,7 +99,7 @@ int sm4_cbc_sm3_hmac_main(int argc, char **argv)
 				goto end;
 			}
 			if (hex_to_bytes(keyhex, strlen(keyhex), key, &keylen) != 1) {
-				fprintf(stderr, "gmssl %s: invalid key hex digits, should be %d bytes\n", prog, SM4_CBC_SM3_HMAC_IV_SIZE);
+				fprintf(stderr, "gmssl %s: invalid key hex digits, should be %d bytes\n", prog, SM4_CBC_SM3_HMAC_KEY_SIZE);
 				goto end;
 			}
 		} else if (!strcmp(*argv, "-iv")) {
--- a/tools/sm4_ctr_sm3_hmac.c
+++ b/tools/sm4_ctr_sm3_hmac.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
 *
 *  Licensed under the Apache License, Version 2.0 (the License); you may
 *  not use this file except in compliance with the License.
@@ -99,7 +99,7 @@ int sm4_ctr_sm3_hmac_main(int argc, char **argv)
 				goto end;
 			}
 			if (hex_to_bytes(keyhex, strlen(keyhex), key, &keylen) != 1) {
-				fprintf(stderr, "gmssl %s: invalid key hex digits, should be %d bytes\n", prog, SM4_CTR_SM3_HMAC_IV_SIZE);
+				fprintf(stderr, "gmssl %s: invalid key hex digits, should be %d bytes\n", prog, SM4_CTR_SM3_HMAC_KEY_SIZE);
 				goto end;
 			}
 		} else if (!strcmp(*argv, "-iv")) {
--- a/tools/sm4_xts.c
+++ b/tools/sm4_xts.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
 *
 *  Licensed under the Apache License, Version 2.0 (the License); you may
 *  not use this file except in compliance with the License.
@@ -56,7 +56,7 @@ int sm4_xts_main(int argc, char **argv)
 	size_t ivlen;
 	FILE *infp = stdin;
 	FILE *outfp = stdout;
-	SM4_XTS_CTX ctx;
+	SM4_XTS_CTX ctx = {0};
 	uint8_t *buf = NULL;
 	size_t buflen;
 	size_t inlen;
@@ -212,6 +212,7 @@ bad:
 	ret = 0;

 end:
+	if (ctx.block) free(ctx.block);
 	gmssl_secure_clear(key, sizeof(key));
 	gmssl_secure_clear(iv, sizeof(iv));
 	gmssl_secure_clear(&ctx, sizeof(ctx));