#include <openssl/params.h>
#include <openssl/evp.h>
#include <openssl/err.h>
+#include <openssl/prov_ssl.h>
#include <openssl/proverr.h>
#include "internal/nelem.h"
#include "internal/sizes.h"
static int sm2sig_set_ctx_params(void *vpsm2ctx, const OSSL_PARAM params[])
{
+ /*
+ * (https://datatracker.ietf.org/doc/html/rfc8998#section-3.2.1)
+ *
+ * The SM2 signature algorithm requests an identifier value when generating
+ * or verifying a signature. In all uses except when a client of a server
+ * needs to verify a peer's SM2 certificate in the Certificate message, an
+ * implementation of this document MUST use the following ASCII string
+ * value as the SM2 identifier when doing a TLS 1.3 key exchange:
+ *
+ * TLSv1.3+GM+Cipher+Suite
+ */
+ static const uint8_t sm2_tls_id[] = {
+ 0x54, 0x4c, 0x53, 0x76, 0x31, 0x2e, 0x33, 0x2b,
+ 0x47, 0x4d, 0x2b, 0x43, 0x69, 0x70, 0x68, 0x65,
+ 0x72, 0x2b, 0x53, 0x75, 0x69, 0x74, 0x65
+ };
PROV_SM2_CTX *psm2ctx = (PROV_SM2_CTX *)vpsm2ctx;
struct sm2sig_set_ctx_params_st p;
size_t mdsize;
OPENSSL_free(psm2ctx->id);
psm2ctx->id = tmp_id;
psm2ctx->id_len = tmp_idlen;
+ } else if (p.tlsver != NULL) {
+ unsigned int ver = 0;
+
+ if (!psm2ctx->flag_compute_z_digest
+ || !OSSL_PARAM_get_uint(p.tlsver, &ver))
+ return 0;
+ if (ver == TLS1_3_VERSION) {
+ OPENSSL_free(psm2ctx->id);
+ psm2ctx->id_len = sizeof(sm2_tls_id);
+ psm2ctx->id = OPENSSL_memdup(sm2_tls_id, psm2ctx->id_len);
+ }
}
/*
(['OSSL_SIGNATURE_PARAM_DIGEST_SIZE', 'size', 'size_t'],
['OSSL_SIGNATURE_PARAM_DIGEST', 'digest', 'utf8_string'],
['OSSL_PKEY_PARAM_DIST_ID', 'distid', 'octet_string'],
+ ['OSSL_SIGNATURE_PARAM_TLS_VERSION', 'tlsver', 'uint'],
)); -}
'OSSL_SIGNATURE_PARAM_MU' => "mu", # int
'OSSL_SIGNATURE_PARAM_TEST_ENTROPY' => "test-entropy",
'OSSL_SIGNATURE_PARAM_ADD_RANDOM' => "additional-random",
+ 'OSSL_SIGNATURE_PARAM_TLS_VERSION' => "tls-version",
# Asym cipher parameters
'OSSL_ASYM_CIPHER_PARAM_DIGEST' => '*OSSL_PKEY_PARAM_DIGEST',
projects / thirdparty / openssl.git / commitdiff
