Add SM2 key management

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12536)

1 files changed, 18 insertions, 3 deletions

diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 75c3588a95..89a28622bb 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -260,10 +260,12 @@ static int ec_generate_key(EC_KEY *eckey, int pairwise_test)
 {
     int ok = 0;
     BIGNUM *priv_key = NULL;
-    const BIGNUM *order = NULL;
+    const BIGNUM *tmp = NULL;
+    BIGNUM *order = NULL;
     EC_POINT *pub_key = NULL;
     const EC_GROUP *group = eckey->group;
     BN_CTX *ctx = BN_CTX_secure_new_ex(eckey->libctx);
+    int sm2 = EC_KEY_get_flags(eckey) & EC_FLAG_SM2_RANGE ? 1 : 0;
 
     if (ctx == NULL)
         goto err;
@@ -281,8 +283,8 @@ static int ec_generate_key(EC_KEY *eckey, int pairwise_test)
      * stated in the security policy.
      */
 
-    order = EC_GROUP_get0_order(group);
-    if (order == NULL)
+    tmp = EC_GROUP_get0_order(group);
+    if (tmp == NULL)
         goto err;
 
     /*
@@ -293,6 +295,18 @@ static int ec_generate_key(EC_KEY *eckey, int pairwise_test)
      * 1 + rand[0..n-2] would effect the way that tests feed dummy entropy into
      * rand so the simpler backward compatible method has been used here.
      */
+
+    /* range of SM2 private key is [1, n-1) */
+    if (sm2) {
+        order = BN_new();
+        if (order == NULL || !BN_sub(order, tmp, BN_value_one()))
+            goto err;
+    } else {
+        order = BN_dup(tmp);
+        if (order == NULL)
+            goto err;
+    }
+
     do
         if (!BN_priv_rand_range_ex(priv_key, order, ctx))
             goto err;
@@ -340,6 +354,7 @@ err:
     EC_POINT_free(pub_key);
     BN_clear_free(priv_key);
     BN_CTX_free(ctx);
+    BN_free(order);
     return ok;
 }