Update GmSSL v3.2.0 compatibility

guanzhi · guanzhi · commit d70ecb7932d9 · 2026-06-21T11:43:28.000+08:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,55 @@
+name: CI
+
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
+  workflow_dispatch:
+
+jobs:
+  test:
+    name: Go ${{ matrix.go-version }} on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-22.04, macos-14]
+        go-version: ["1.21", "1.22", "1.23"]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ matrix.go-version }}
+
+      - name: Install build dependencies
+        run: |
+          if [ "$RUNNER_OS" = "Linux" ]; then
+            sudo apt-get update
+            sudo apt-get install -y build-essential cmake
+          else
+            brew install cmake
+          fi
+
+      - name: Build and install GmSSL v3.2.0
+        run: |
+          git clone --depth 1 --branch v3.2.0 https://github.com/guanzhi/GmSSL.git "$RUNNER_TEMP/GmSSL"
+          cmake -S "$RUNNER_TEMP/GmSSL" -B "$RUNNER_TEMP/GmSSL/build" \
+            -DCMAKE_BUILD_TYPE=Release
+          cmake --build "$RUNNER_TEMP/GmSSL/build" --parallel 4
+          sudo cmake --install "$RUNNER_TEMP/GmSSL/build"
+          if [ "$RUNNER_OS" = "Linux" ]; then
+            sudo ldconfig
+          fi
+
+      - name: Run tests
+        env:
+          CGO_CFLAGS: -I/usr/local/include
+          CGO_LDFLAGS: -L/usr/local/lib -Wl,-rpath,/usr/local/lib -lgmssl
+          LD_LIBRARY_PATH: /usr/local/lib
+          DYLD_LIBRARY_PATH: /usr/local/lib
+        run: go test ./...
diff --git a/cert.go b/cert.go
@@ -197,10 +197,16 @@ func (cert *Sm2Certificate) GetSubject() ([]byte, map[string]string, error) {
 func (cert *Sm2Certificate) GetSubjectPublicKey() (*Sm2Key, error) {
 
 	ret := new(Sm2Key)
+	var x509_key C.X509_KEY
 
-	if C.x509_cert_get_subject_public_key(cert.cert, cert.certlen, &ret.sm2_key) != 1 {
+	if C.x509_cert_get_subject_public_key(cert.cert, cert.certlen, &x509_key) != 1 {
 		return nil, errors.New("Libgmssl inner error")
 	}
+	defer C.x509_key_cleanup(&x509_key)
+	if x509_key.algor != C.OID_ec_public_key || x509_key.algor_param != C.OID_sm2 {
+		return nil, errors.New("Certificate subject public key is not an SM2 key")
+	}
+	C.memcpy(unsafe.Pointer(&ret.sm2_key), unsafe.Pointer(&x509_key.u), C.sizeof_SM2_KEY)
 	ret.has_private_key = false
 
 	return ret, nil
@@ -218,4 +224,3 @@ func (cert *Sm2Certificate) VerifyByCaCertificate(ca_cert *Sm2Certificate, sm2_i
 	return true
 }
 
-
diff --git a/sm2.go b/sm2.go
@@ -195,6 +195,7 @@ func (sm2 *Sm2Key) Decrypt(in []byte) ([]byte, error) {
 
 type Sm2Signature struct {
 	sm2_sign_ctx C.SM2_SIGN_CTX
+	sm2_verify_ctx C.SM2_VERIFY_CTX
 	sign bool
 }
 
@@ -216,7 +217,7 @@ func NewSm2Signature(sm2 *Sm2Key, id string, sign bool) (*Sm2Signature, error) {
 			return nil, errors.New("Libgmssl inner error")
 		}
 	} else {
-		if C.sm2_verify_init(&ret.sm2_sign_ctx, &sm2.sm2_key, id_str, C.strlen(id_str)) != 1 {
+		if C.sm2_verify_init(&ret.sm2_verify_ctx, &sm2.sm2_key, id_str, C.strlen(id_str)) != 1 {
 			return nil, errors.New("Libgmssl inner error")
 		}
 	}
@@ -234,7 +235,7 @@ func (sig *Sm2Signature) Update(data []byte) error {
 			return errors.New("Libgmssl inner error")
 		}
 	} else {
-		if C.sm2_verify_update(&sig.sm2_sign_ctx, (*C.uchar)(unsafe.Pointer(&data[0])), C.size_t(len(data))) != 1 {
+		if C.sm2_verify_update(&sig.sm2_verify_ctx, (*C.uchar)(unsafe.Pointer(&data[0])), C.size_t(len(data))) != 1 {
 			return errors.New("Libgmssl inner error")
 		}
 	}
@@ -257,11 +258,10 @@ func (sig *Sm2Signature) Verify(signature []byte) bool {
 	if sig.sign != false {
 		return false
 	}
-	if C.sm2_verify_finish(&sig.sm2_sign_ctx, (*C.uchar)(unsafe.Pointer(&signature[0])), C.size_t(len(signature))) != 1 {
+	if C.sm2_verify_finish(&sig.sm2_verify_ctx, (*C.uchar)(unsafe.Pointer(&signature[0])), C.size_t(len(signature))) != 1 {
 		return false
 	}
 	return true
 }
 
 
-
diff --git a/sm3.go b/sm3.go
@@ -120,11 +120,10 @@ func Sm3Pbkdf2(pass string, salt []byte, iter uint, keylen uint) ([]byte, error)
 
 	key := make([]byte, keylen)
 
-	C.pbkdf2_hmac_sm3_genkey(pass_str, C.strlen(pass_str),
+	C.sm3_pbkdf2(pass_str, C.strlen(pass_str),
 		(*C.uchar)(unsafe.Pointer(&salt[0])), C.size_t(len(salt)),
 		C.size_t(iter), C.size_t(keylen),
 		(*C.uchar)(unsafe.Pointer(&key[0])))
 
 	return key, nil
 }
-
diff --git a/sm4.go b/sm4.go
@@ -14,7 +14,6 @@ package gmssl
 #include <string.h>
 #include <gmssl/sm4.h>
 #include <gmssl/mem.h>
-#include <gmssl/aead.h>
 #include <gmssl/error.h>
 */
 import "C"
@@ -351,4 +350,3 @@ func (gcm *Sm4Gcm) Finish() ([]byte, error) {
 	}
 	return outbuf[:outlen], nil
 }
-

Original file line number	Diff line number	Diff line change
`@@ -195,6 +195,7 @@ func (sm2 *Sm2Key) Decrypt(in []byte) ([]byte, error) {`
`195`	`195`
`196`	`196`	`type Sm2Signature struct {`
`197`	`197`	`sm2_sign_ctx C.SM2_SIGN_CTX`
	`198`	`+ sm2_verify_ctx C.SM2_VERIFY_CTX`
`198`	`199`	`sign bool`
`199`	`200`	`}`
`200`	`201`
`@@ -216,7 +217,7 @@ func NewSm2Signature(sm2 Sm2Key, id string, sign bool) (Sm2Signature, error) {`
`216`	`217`	`return nil, errors.New("Libgmssl inner error")`
`217`	`218`	`}`
`218`	`219`	`} else {`
`219`		`- if C.sm2_verify_init(&ret.sm2_sign_ctx, &sm2.sm2_key, id_str, C.strlen(id_str)) != 1 {`
	`220`	`+ if C.sm2_verify_init(&ret.sm2_verify_ctx, &sm2.sm2_key, id_str, C.strlen(id_str)) != 1 {`
`220`	`221`	`return nil, errors.New("Libgmssl inner error")`
`221`	`222`	`}`
`222`	`223`	`}`
`@@ -234,7 +235,7 @@ func (sig *Sm2Signature) Update(data []byte) error {`
`234`	`235`	`return errors.New("Libgmssl inner error")`
`235`	`236`	`}`
`236`	`237`	`} else {`
`237`		`- if C.sm2_verify_update(&sig.sm2_sign_ctx, (*C.uchar)(unsafe.Pointer(&data[0])), C.size_t(len(data))) != 1 {`
	`238`	`+ if C.sm2_verify_update(&sig.sm2_verify_ctx, (*C.uchar)(unsafe.Pointer(&data[0])), C.size_t(len(data))) != 1 {`
`238`	`239`	`return errors.New("Libgmssl inner error")`
`239`	`240`	`}`
`240`	`241`	`}`
`@@ -257,11 +258,10 @@ func (sig *Sm2Signature) Verify(signature []byte) bool {`
`257`	`258`	`if sig.sign != false {`
`258`	`259`	`return false`
`259`	`260`	`}`
`260`		`- if C.sm2_verify_finish(&sig.sm2_sign_ctx, (*C.uchar)(unsafe.Pointer(&signature[0])), C.size_t(len(signature))) != 1 {`
	`261`	`+ if C.sm2_verify_finish(&sig.sm2_verify_ctx, (*C.uchar)(unsafe.Pointer(&signature[0])), C.size_t(len(signature))) != 1 {`
`261`	`262`	`return false`
`262`	`263`	`}`
`263`	`264`	`return true`
`264`	`265`	`}`
`265`	`266`
`266`	`267`
`267`		`-`
Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,6 @@ package gmssl`
`14`	`14`	`#include <string.h>`
`15`	`15`	`#include <gmssl/sm4.h>`
`16`	`16`	`#include <gmssl/mem.h>`
`17`		`-#include <gmssl/aead.h>`
`18`	`17`	`#include <gmssl/error.h>`
`19`	`18`	`*/`
`20`	`19`	`import "C"`
`@@ -351,4 +350,3 @@ func (gcm *Sm4Gcm) Finish() ([]byte, error) {`
`351`	`350`	`}`
`352`	`351`	`return outbuf[:outlen], nil`
`353`	`352`	`}`
`354`		`-`