diff options
author | Paul Yang <kaishen.yy@antfin.com> | 2020-09-13 20:47:00 +0800 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-09-22 08:18:09 +0100 |
commit | 1d03db90850b18adb63b62afd800a08300cf8228 (patch) | |
tree | 09fa5d87153924f911b011c57b5b094dc48dced4 /providers | |
parent | b3d267caac21dd0a7d7a8cfcc304b253df5e82f4 (diff) |
support PARAM_SECURITY_BITS for SM2
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12536)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/keymgmt/ec_kmgmt.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index b57151a084..e4b7f80f4f 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -783,10 +783,20 @@ int sm2_get_params(void *key, OSSL_PARAM params[]) return 0; /* XXX: - * I dropped the support of OSSL_PKEY_PARAM_SECURITY_BITS since + * We assume SM2 security bits the same as in normal EC case since * I didn't find definition of SM2 security bits so far. This could - * be supported if the definition is clear in the future. + * be updated if the definition is clear in the future. */ + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL) { + int ecbits, sec_bits; + + ecbits = EC_GROUP_order_bits(ecg); + /* SM2 has only one curve so the sec_bits should always be a constant */ + sec_bits = ecbits / 2; + + if (!OSSL_PARAM_set_int(p, sec_bits)) + return 0; + } if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL && !OSSL_PARAM_set_utf8_string(p, SM2_DEFAULT_MD)) @@ -814,6 +824,7 @@ int sm2_get_params(void *key, OSSL_PARAM params[]) static const OSSL_PARAM sm2_known_gettable_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), + OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0), EC_IMEXPORTABLE_DOM_PARAMETERS, |