Fix sm2utl bugs

2026-05-24 17:26:28 +08:00 · 2019-02-02 20:44:51 +08:00
parent 22027d6656
commit d114bed3f8
6 changed files with 5469 additions and 5435 deletions
--- a/apps/sm2.c
+++ b/apps/sm2.c
@@ -69,6 +69,7 @@ NON_EMPTY_TRANSLATION_UNIT
 # include <openssl/pem.h>
 # include <openssl/sm2.h>
 # include <openssl/objects.h>
+# include "../crypto/ec/ec_lcl.h"
 # include "apps.h"

 static OPT_PAIR conv_forms[] = {
@@ -129,7 +130,7 @@ int sm2_main(int argc, char **argv)
    ENGINE *e = NULL;
    EC_KEY *eckey = NULL;
    const EC_GROUP *group;
-    const EVP_CIPHER *enc = NULL;
+    const EVP_CIPHER *enc = EVP_sms4_cbc();
    point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
    char *infile = NULL, *outfile = NULL, *prog;
    char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
@@ -292,6 +293,10 @@ int sm2_main(int argc, char **argv)
            unsigned char buf[256] = {0};
            unsigned char *key = NULL;
            long keylen;
+            if (!(eckey = EC_KEY_new_by_curve_name(NID_sm2p256v1))) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
            if (BIO_read(in, buf, sizeof(buf) - 1) <= 0) {
                ERR_print_errors(bio_err);
                OPENSSL_cleanse(buf, sizeof(buf));
@@ -304,16 +309,25 @@ int sm2_main(int argc, char **argv)
            }
            OPENSSL_cleanse(buf, sizeof(buf));
            if (keylen != 32) {
-                BIO_printf(bio_err, "invalid private key in hex format\n");
+                BIO_printf(bio_err, "Invalid private key in hex format\n");
+		BIO_printf(bio_err, "Key length is %ld, not 32 byte\n", keylen);
                OPENSSL_cleanse(key, keylen);
                goto end;
            }
-            if (!EC_KEY_oct2key(eckey, key, sizeof(key), NULL)) {
+            if (!EC_KEY_oct2priv(eckey, key, keylen)) {
                ERR_print_errors(bio_err);
                OPENSSL_cleanse(key, keylen);
                goto end;
            }
            OPENSSL_cleanse(key, keylen);
+
+            if (eckey->group->meth->keygenpub == NULL
+                || eckey->group->meth->keygenpub(eckey) == 0) {
+                BIO_printf(bio_err, "Generate public key from private key failed\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+
        } else if (informat == FORMAT_ENGINE) {
            EVP_PKEY *pkey;
            if (pubin)
@@ -378,6 +392,24 @@ int sm2_main(int argc, char **argv)
        }
    }

+    if (genzid) {
+        unsigned char z[64];
+        size_t zlen = sizeof(z);
+        if (!id) {
+            id = SM2_DEFAULT_ID;
+            BIO_printf(bio_err, "use default identity '%s'\n", id);
+        }
+        if (!SM2_compute_id_digest(EVP_sm3(), id, strlen(id), z, &zlen, eckey)) {
+            goto end;
+        }
+        BIO_printf(out, "id: %s\n", id);
+        BIO_puts(out, "Z:\n");
+	ASN1_buf_print(out, z, zlen, 4);
+
+
+        BIO_printf(out, "\n");
+    }
+
    if (noout) {
        ret = 0;
        goto end;
@@ -400,26 +432,12 @@ int sm2_main(int argc, char **argv)
            i = PEM_write_bio_EC_PUBKEY(out, eckey);
        else {
            assert(private);
+            //FIXME: use PKCS#8				
            i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
                                           NULL, 0, NULL, passout);
+
        }
    }
-    if (genzid) {
-        unsigned char z[64];
-        size_t zlen = sizeof(z);
-        if (!id) {
-            id = SM2_DEFAULT_ID;
-            BIO_printf(bio_err, "use default identity '%s'\n", id);
-        }
-        if (!SM2_compute_id_digest(EVP_sm3(), id, strlen(id), z, &zlen, eckey)) {
-            goto end;
-        }
-        BIO_printf(out, "Z = ");
-        for (i = 0; i < zlen; i++) {
-            BIO_printf(out, "%02X", z[i]);
-        }
-        BIO_printf(out, "\n");
-    }

    if (!i) {
        BIO_printf(bio_err, "unable to write private key\n");
--- a/apps/sm2utl.c
+++ b/apps/sm2utl.c
@@ -288,6 +288,17 @@ opthelp:
 		goto end;
 	}

+	switch (op) {
+	case OP_DGST:
+	case OP_SIGN:
+	case OP_VERIFY:
+		if (!id) {
+			BIO_printf(bio_err, "Option '-id' required\n");
+			goto end;
+		}
+		break;
+	}
+
 	switch (op) {
 	case OP_DGST:
 		return sm2utl_sign(md, in, out, id, e, ec_key, 0);
@@ -330,7 +341,7 @@ static int sm2utl_sign(const EVP_MD *md, BIO *in, BIO *out, const char *id,
 		ERR_print_errors(bio_err);
 		goto end;
 	}
-	while ((len = BIO_read(in, buf, sizeof(buf))) <= 0) {
+	while ((len = BIO_read(in, buf, sizeof(buf))) > 0) {
 		if (!EVP_DigestUpdate(md_ctx, buf, len)) {
 			ERR_print_errors(bio_err);
 			goto end;
@@ -386,7 +397,7 @@ static int sm2utl_verify(const EVP_MD *md, BIO *in, BIO *out, BIO *sig,
 		ERR_print_errors(bio_err);
 		goto end;
 	}
-	while ((len = BIO_read(in, buf, sizeof(buf))) <= 0) {
+	while ((len = BIO_read(in, buf, sizeof(buf))) > 0) {
 		if (!EVP_DigestUpdate(md_ctx, buf, len)) {
 			ERR_print_errors(bio_err);
 			goto end;
@@ -420,6 +431,9 @@ static int sm2utl_encrypt(const EVP_MD *md, BIO *in, BIO *out, EC_KEY *ec_key)
 	int len;

 	if (!(len = bio_to_mem(&buf, SM2_MAX_PLAINTEXT_LENGTH, in))) {
+		ERR_print_errors(bio_err);
+		BIO_printf(bio_err, "Error reading plaintext\n");
+		goto end;
 	}
 	if (!(cval = SM2_do_encrypt(md, buf, len, ec_key))
 		|| i2d_SM2CiphertextValue_bio(out, cval) <= 0) {