diff options
| author | 杨洋 <yang.yang@baishancloud.com> | 2018-10-26 15:34:08 +0200 |
|---|---|---|
| committer | Paul Yang <yang.yang@baishancloud.com> | 2019-03-13 08:29:39 +0100 |
| commit | 8267becb8b2e3b5ec4d46e3df5656b747930be79 (patch) | |
| tree | 1b871bd0880a5d036c4071c1b6f5a496cea150a2 /apps/verify.c | |
| parent | Replumbing: Add constructor of libcrypto internal method structures (diff) | |
| download | openssl-8267becb8b2e3b5ec4d46e3df5656b747930be79.tar.xz openssl-8267becb8b2e3b5ec4d46e3df5656b747930be79.zip | |
Support SM2 certificate verification
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8321)
Diffstat (limited to 'apps/verify.c')
| -rw-r--r-- | apps/verify.c | 45 |
1 files changed, 40 insertions, 5 deletions
diff --git a/apps/verify.c b/apps/verify.c index 2f66912cdc..fcd10dd9af 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -21,7 +21,8 @@ static int cb(int ok, X509_STORE_CTX *ctx); static int check(X509_STORE *ctx, const char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, - STACK_OF(X509_CRL) *crls, int show_chain); + STACK_OF(X509_CRL) *crls, int show_chain, + unsigned char *sm2id, size_t sm2idlen); static int v_verbose = 0, vflags = 0; typedef enum OPTION_choice { @@ -29,7 +30,7 @@ typedef enum OPTION_choice { OPT_ENGINE, OPT_CAPATH, OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_UNTRUSTED, OPT_TRUSTED, OPT_CRLFILE, OPT_CRL_DOWNLOAD, OPT_SHOW_CHAIN, OPT_V_ENUM, OPT_NAMEOPT, - OPT_VERBOSE + OPT_VERBOSE, OPT_SM2ID, OPT_SM2HEXID } OPTION_CHOICE; const OPTIONS verify_options[] = { @@ -57,6 +58,12 @@ const OPTIONS verify_options[] = { #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif +#ifndef OPENSSL_NO_SM2 + {"sm2-id", OPT_SM2ID, 's', + "Specify an ID string to verify an SM2 certificate"}, + {"sm2-hex-id", OPT_SM2HEXID, 's', + "Specify a hex ID string to verify an SM2 certificate"}, +#endif {NULL} }; @@ -71,6 +78,8 @@ int verify_main(int argc, char **argv) int noCApath = 0, noCAfile = 0; int vpmtouched = 0, crl_download = 0, show_chain = 0, i = 0, ret = 1; OPTION_CHOICE o; + unsigned char *sm2_id = NULL; + size_t sm2_idlen = 0; if ((vpm = X509_VERIFY_PARAM_new()) == NULL) goto end; @@ -158,6 +167,19 @@ int verify_main(int argc, char **argv) case OPT_VERBOSE: v_verbose = 1; break; + case OPT_SM2ID: + /* we assume the input is not a hex string */ + sm2_id = (unsigned char *)opt_arg(); + sm2_idlen = strlen((const char *)sm2_id); + break; + case OPT_SM2HEXID: + /* try to parse the input as hex string first */ + sm2_id = OPENSSL_hexstr2buf(opt_arg(), (long *)&sm2_idlen); + if (sm2_id == NULL) { + BIO_printf(bio_err, "Invalid hex string input\n"); + goto end; + } + break; } } argc = opt_num_rest(); @@ -183,12 +205,13 @@ int verify_main(int argc, char **argv) ret = 0; if (argc < 1) { - if (check(store, NULL, untrusted, trusted, crls, show_chain) != 1) + if (check(store, NULL, untrusted, trusted, crls, show_chain, + sm2_id, sm2_idlen) != 1) ret = -1; } else { for (i = 0; i < argc; i++) if (check(store, argv[i], untrusted, trusted, crls, - show_chain) != 1) + show_chain, sm2_id, sm2_idlen) != 1) ret = -1; } @@ -204,7 +227,8 @@ int verify_main(int argc, char **argv) static int check(X509_STORE *ctx, const char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, - STACK_OF(X509_CRL) *crls, int show_chain) + STACK_OF(X509_CRL) *crls, int show_chain, + unsigned char *sm2id, size_t sm2idlen) { X509 *x = NULL; int i = 0, ret = 0; @@ -216,6 +240,17 @@ static int check(X509_STORE *ctx, const char *file, if (x == NULL) goto end; + if (sm2id != NULL) { +#ifndef OPENSSL_NO_SM2 + ASN1_OCTET_STRING v; + + v.data = sm2id; + v.length = sm2idlen; + + X509_set_sm2_id(x, &v); +#endif + } + csc = X509_STORE_CTX_new(); if (csc == NULL) { printf("error %s: X.509 store context allocation failed\n", |