X509 command support SM2 signing with default sm2id

2022-06-29 18:00:11 +08:00 · 2022-06-29 18:00:11 +08:00 · 202d652e02
commit 202d652e02
parent 8f4a94dcc1
2 changed files with 92 additions and 1 deletions
--- a/Feature-X509-command-supports-SM2-certificate-signing-with-default-sm2id.patch
+++ b/Feature-X509-command-supports-SM2-certificate-signing-with-default-sm2id.patch
@ -0,0 +1,87 @@
+From d3e1106ea296a2ec94d27dd34692c34ad543ad04 Mon Sep 17 00:00:00 2001
+From: s_c_c <shichuchao@huawei.com>
+Date: Wed, 29 Jun 2022 17:54:50 +0800
+Subject: [PATCH] X509 command supports SM2 certificate signing with default
+ sm2id
+
+---
+ apps/x509.c                |  4 ++++
+ include/openssl/sm2.h      |  9 +++++++++
+ test/recipes/25-test_req.t | 13 ++++++++++---
+ 3 files changed, 23 insertions(+), 3 deletions(-)
+
+diff --git a/apps/x509.c b/apps/x509.c
+index 1043eba..2669894 100644
+--- a/apps/x509.c
+++ b/apps/x509.c
+@@ -1078,6 +1078,10 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
+         if (!X509V3_EXT_add_nconf(conf, &ctx, section, x))
+             goto err;
+     }
+#ifndef OPENSSL_NO_SM2
+    if (EVP_PKEY_is_sm2(pkey) && !EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))
+        goto err;
+#endif
+     if (!X509_sign(x, pkey, digest))
+         goto err;
+     return 1;
+diff --git a/include/openssl/sm2.h b/include/openssl/sm2.h
+index 505ebfc..cc517bc 100644
+--- a/include/openssl/sm2.h
+++ b/include/openssl/sm2.h
+@@ -1,3 +1,12 @@
+/*
+ * Copyright 2022 Huawei Technologies Co., Ltd. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+ #ifndef HEADER_SM2_H
+ # define HEADER_SM2_H
+ 
+diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
+index d53e577..2b0c08c 100644
+--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
+@@ -182,10 +182,10 @@ subtest "generating certificate requests" => sub {
+ };
+ 
+ subtest "generating SM2 certificate requests" => sub {
+-    plan tests => 4;
+    plan tests => 5;
+ 
+     SKIP: {
+-        skip "SM2 is not supported by this OpenSSL build", 4
+        skip "SM2 is not supported by this OpenSSL build", 5
+         if disabled("sm2");
+         ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
+@@ -198,6 +198,13 @@ subtest "generating SM2 certificate requests" => sub {
+                     "-sm2-id", "1234567812345678", "-sm3"])),
+            "Verifying signature on SM2 certificate request");
+ 
+        # Use default sm2 id
+        ok(run(app(["openssl", "x509", "-req", "-extfile", srctop_file("test", "CAss.cnf"),
+                    "-extensions", "v3_ca", "-sm3", "-days", "365",
+                    "-in", "testreq.pem", "-signkey", srctop_file("test", "certs", "sm2.key"),
+                    "-out", "testsign.pem"])),
+           "Signing SM2 certificate request");
+
+         ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
+                     "-sigopt", "sm2_hex_id:DEADBEEF",
+@@ -218,7 +225,7 @@ run_conversion('req conversions',
+ run_conversion('req conversions -- testreq2',
+                srctop_file("test", "testreq2.pem"));
+ 
+-unlink "testkey.pem", "testreq.pem", "testreq_withattrs_pem.pem", "testreq_withattrs_der.pem";
+unlink "testkey.pem", "testreq.pem", "testreq_withattrs_pem.pem", "testreq_withattrs_der.pem", "testsign.pem";
+ 
+ sub run_conversion {
+     my $title = shift;
+-- 
+2.20.1 (Apple Git-117)
+
--- a/openssl.spec
+++ b/openssl.spec
@ -2,7 +2,7 @@
 Name:        openssl
 Epoch:       1
 Version:     1.1.1m
-Release:     3
+Release:     4
 Summary:     Cryptography and SSL/TLS Toolkit
 License:     OpenSSL and SSLeay
 URL:         https://www.openssl.org/
@ -29,6 +29,7 @@ Patch18:     Backport-Fix-a-document-description-in-apps-req.patch
 Patch19:     Backport-Update-expired-SCT-certificates.patch
 Patch20:     Backport-ct_test.c-Update-the-epoch-time.patch
 Patch21:     Feature-Support-TLCP-protocol.patch
+Patch22:     Feature-X509-command-supports-SM2-certificate-signing-with-default-sm2id.patch

 BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel
 Requires:    coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
@ -225,6 +226,9 @@ make test || :
 %ldconfig_scriptlets libs

 %changelog
+* Wed Jun 29 2022 shichuchao <shichuchao@huawei.com> - 1:1.1.1m-4
+- x509 command support SM2 signing with default sm2id
+
 * Thu Jun 9 2022 shichuchao <shichuchao@huawei.com> - 1:1.1.1m-3
 - support sm2 certificate sign and verify
 - fix ct test errors