diff options
author | Richard Levitte <levitte@openssl.org> | 2020-01-24 17:51:39 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-02-02 12:04:00 +0100 |
commit | f4e4382cae1fb85fec6e9aa26f65fc729a40a039 (patch) | |
tree | 638ed2fd087c24cf6c960a0e4ef606ea7bc99531 /doc/man7 | |
parent | 658608c471a6e1f9b6d7f88c060a7adb77d7d334 (diff) |
EVP_PKEY_assign_EC_KEY(): detect SM2 curve and set EVP_PKEY type accordingly
This means that when loaded or created, EC EVP_PKEYs with the SM2
curve will be regarded as EVP_PKEY_SM2 type keys by default.
Applications are no longer forced to check and fix this.
It's still possible, for those who want this, to set the key type to
EVP_PKEY_EC and thereby run the normal EC computations with the SM2
curve. This has to be done explicitly.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10942)
Diffstat (limited to 'doc/man7')
-rw-r--r-- | doc/man7/SM2.pod | 22 |
1 files changed, 6 insertions, 16 deletions
diff --git a/doc/man7/SM2.pod b/doc/man7/SM2.pod index c7876a0cc6..93fd12c909 100644 --- a/doc/man7/SM2.pod +++ b/doc/man7/SM2.pod @@ -20,25 +20,17 @@ B<SM2> signatures can be generated by using the 'DigestSign' series of APIs, for instance, EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal(). Ditto for the verification process by calling the 'DigestVerify' series of APIs. -There are several special steps that need to be done before computing an B<SM2> -signature. - -The B<EVP_PKEY> structure will default to using ECDSA for signatures when it is -created. It should be set to B<EVP_PKEY_SM2> by calling: - - EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); - -Then an ID should be set by calling: +Before computing an B<SM2> signature, an B<EVP_PKEY_CTX> needs to be created, +and an B<SM2> ID must be set for it, like this: EVP_PKEY_CTX_set1_id(pctx, id, id_len); -When calling the EVP_DigestSignInit() or EVP_DigestVerifyInit() functions, a -pre-allocated B<EVP_PKEY_CTX> should be assigned to the B<EVP_MD_CTX>. This is -done by calling: +Before calling the EVP_DigestSignInit() or EVP_DigestVerifyInit() functions, +that B<EVP_PKEY_CTX> should be assigned to the B<EVP_MD_CTX>, like this: EVP_MD_CTX_set_pkey_ctx(mctx, pctx); -And normally there is no need to pass a B<pctx> parameter to EVP_DigestSignInit() +There is normally no need to pass a B<pctx> parameter to EVP_DigestSignInit() or EVP_DigestVerifyInit() in such a scenario. SM2 can be tested with the L<openssl-speed(1)> application since version 3.0.0. @@ -52,11 +44,10 @@ a message with the SM2 signature algorithm and the SM3 hash algorithm: #include <openssl/evp.h> /* obtain an EVP_PKEY using whatever methods... */ - EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); mctx = EVP_MD_CTX_new(); pctx = EVP_PKEY_CTX_new(pkey, NULL); EVP_PKEY_CTX_set1_id(pctx, id, id_len); - EVP_MD_CTX_set_pkey_ctx(mctx, pctx);; + EVP_MD_CTX_set_pkey_ctx(mctx, pctx); EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey); EVP_DigestVerifyUpdate(mctx, msg, msg_len); EVP_DigestVerifyFinal(mctx, sig, sig_len) @@ -64,7 +55,6 @@ a message with the SM2 signature algorithm and the SM3 hash algorithm: =head1 SEE ALSO L<EVP_PKEY_CTX_new(3)>, -L<EVP_PKEY_set_alias_type(3)>, L<EVP_DigestSignInit(3)>, L<EVP_DigestVerifyInit(3)>, L<EVP_PKEY_CTX_set1_id(3)>, |