Commit Graph

7 Commits

Author SHA1 Message Date
Andrew Hutchings 2e8f9fe595 Fix SM2 certs to have the correct public key OID
OpenSSL 3.5+ handles the OIDs differently.
2026-02-18 18:01:33 +00:00
Andrew Hutchings 43aad1e4d7 Fix SM4 TLS 1.3 decrypt auth tag and SM2 cert verification
- Fix SM4 GCM/CCM TLS 1.3 decrypt to read auth tag from input buffer
  instead of output buffer, consistent with all other AEAD ciphers
  (src/tls13.c)

- Fix SM4_BLOCK_SIZE typo (was SM$_BLOCK_SIZE) in TicketEncDec SM4-GCM
  decrypt path (src/internal.c)

- Fix SM2 certificate signature verification for certs using
  id-ecPublicKey (ECDSAk) with SM2-with-SM3 signature algorithm.
  OpenSSL creates SM2 cert signatures without the standard
  distinguishing identifier in the ZA hash. The SM2k code path already
  handled this correctly (idSz=0), but the ECDSAk + CTC_SM3wSM2 path
  was incorrectly using CERT_SIG_ID_SZ (16), causing ASN_SIG_CONFIRM_E
  (-155) when verifying non-self-signed SM2 certs (wolfcrypt/src/asn.c)

- Regenerate expired SM2 test certificates via certs/sm2/gen-sm2-certs.sh
  They had expired.
2026-02-18 18:01:33 +00:00
gojimmypi a4d0a777bc Generate server-sm2-cert.der 2025-09-23 08:32:21 -07:00
Daniel Pouzzner 1c68da282c portability enhancement: use "#!/usr/bin/env <interpreter>" on all perl scripts and shell scripts that use bash extensions, and use "#!/bin/sh" on the rest. 2024-08-20 13:48:33 -05:00
JacobBarthelmeh 14e8ffcc18 remove locality from self-sm2-cert.pem 2023-11-22 14:30:27 -07:00
JacobBarthelmeh e197d5f8a3 add self-sm2-cert.pem to certificate regen script 2023-11-22 14:14:07 -07:00
Sean Parkinson e2424e6744 SM2/SM3/SM4: Chinese cipher support
Add support for:
 - SM2 elliptic curve and SM2 sign/verify
 - SM3 digest
 - SM4 cipher with modes ECB/CBC/CTR/GCM/CCM

Add APIs for SM3 and SM4.
Add SM2 sign and verify APIs.
Add support for SM3 in wc_Hash and wc_Hmac API.
Add support for SM3 and SM4 through EVP layer.
Add support for SM2-SM3 certificates. Support key ID and name hash being
with SHA-1/256 or SM3.
Add support for TLS 1.3 cipher suites: TLS-SM4-GCM-SM3, TLS-SM4-CCM-SM3
Add support for TLS 1.2 SM cipher suite: ECDHE-ECDSA-SM4-CBC-SM3
Add support for SM3 in wc_PRF_TLS.
Add SM2-SM3 certificates and keys. Generated with GmSSL-3.0.0 and
OpenSSL.
2023-07-04 13:36:28 +10:00