diff options
author | Paul Yang <kaishen.yy@antfin.com> | 2020-07-26 23:25:49 +0800 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-09-22 08:17:57 +0100 |
commit | 7ee511d093758360ed421e420cc29d9aaf11f143 (patch) | |
tree | b5a7bc5b27c9db3a6e23d73ceb7864b4553bc426 /crypto/ec | |
parent | 6b1428ac12749f7ff0e49be363e9f7097f0e58b0 (diff) |
Add SM2 key management
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12536)
Diffstat (limited to 'crypto/ec')
-rw-r--r-- | crypto/ec/ec_key.c | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 75c3588a95..89a28622bb 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -260,10 +260,12 @@ static int ec_generate_key(EC_KEY *eckey, int pairwise_test) { int ok = 0; BIGNUM *priv_key = NULL; - const BIGNUM *order = NULL; + const BIGNUM *tmp = NULL; + BIGNUM *order = NULL; EC_POINT *pub_key = NULL; const EC_GROUP *group = eckey->group; BN_CTX *ctx = BN_CTX_secure_new_ex(eckey->libctx); + int sm2 = EC_KEY_get_flags(eckey) & EC_FLAG_SM2_RANGE ? 1 : 0; if (ctx == NULL) goto err; @@ -281,8 +283,8 @@ static int ec_generate_key(EC_KEY *eckey, int pairwise_test) * stated in the security policy. */ - order = EC_GROUP_get0_order(group); - if (order == NULL) + tmp = EC_GROUP_get0_order(group); + if (tmp == NULL) goto err; /* @@ -293,6 +295,18 @@ static int ec_generate_key(EC_KEY *eckey, int pairwise_test) * 1 + rand[0..n-2] would effect the way that tests feed dummy entropy into * rand so the simpler backward compatible method has been used here. */ + + /* range of SM2 private key is [1, n-1) */ + if (sm2) { + order = BN_new(); + if (order == NULL || !BN_sub(order, tmp, BN_value_one())) + goto err; + } else { + order = BN_dup(tmp); + if (order == NULL) + goto err; + } + do if (!BN_priv_rand_range_ex(priv_key, order, ctx)) goto err; @@ -340,6 +354,7 @@ err: EC_POINT_free(pub_key); BN_clear_free(priv_key); BN_CTX_free(ctx); + BN_free(order); return ok; } |