packages/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openssl/Feature-X509-command-supports-SM2-certificate-signing-with-default-sm2id.patch

88 lines
3.3 KiB
Diff
Raw Blame History

From d3e1106ea296a2ec94d27dd34692c34ad543ad04 Mon Sep 17 00:00:00 2001
From: s_c_c <shichuchao@huawei.com>
Date: Wed, 29 Jun 2022 17:54:50 +0800
Subject: [PATCH] X509 command supports SM2 certificate signing with default
sm2id
---
apps/x509.c | 4 ++++
include/openssl/sm2.h | 9 +++++++++
test/recipes/25-test_req.t | 13 ++++++++++---
3 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/apps/x509.c b/apps/x509.c
index 1043eba..2669894 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -1078,6 +1078,10 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
if (!X509V3_EXT_add_nconf(conf, &ctx, section, x))
goto err;
}
+#ifndef OPENSSL_NO_SM2
+ if (EVP_PKEY_is_sm2(pkey) && !EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))
+ goto err;
+#endif
if (!X509_sign(x, pkey, digest))
goto err;
return 1;
diff --git a/include/openssl/sm2.h b/include/openssl/sm2.h
index 505ebfc..cc517bc 100644
--- a/include/openssl/sm2.h
+++ b/include/openssl/sm2.h
@@ -1,3 +1,12 @@
+/*
+ * Copyright 2022 Huawei Technologies Co., Ltd. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
#ifndef HEADER_SM2_H
# define HEADER_SM2_H
diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index d53e577..2b0c08c 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -182,10 +182,10 @@ subtest "generating certificate requests" => sub {
};
subtest "generating SM2 certificate requests" => sub {
- plan tests => 4;
+ plan tests => 5;
SKIP: {
- skip "SM2 is not supported by this OpenSSL build", 4
+ skip "SM2 is not supported by this OpenSSL build", 5
if disabled("sm2");
ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
"-new", "-key", srctop_file("test", "certs", "sm2.key"),
@@ -198,6 +198,13 @@ subtest "generating SM2 certificate requests" => sub {
"-sm2-id", "1234567812345678", "-sm3"])),
"Verifying signature on SM2 certificate request");
+ # Use default sm2 id
+ ok(run(app(["openssl", "x509", "-req", "-extfile", srctop_file("test", "CAss.cnf"),
+ "-extensions", "v3_ca", "-sm3", "-days", "365",
+ "-in", "testreq.pem", "-signkey", srctop_file("test", "certs", "sm2.key"),
+ "-out", "testsign.pem"])),
+ "Signing SM2 certificate request");
+
ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
"-new", "-key", srctop_file("test", "certs", "sm2.key"),
"-sigopt", "sm2_hex_id:DEADBEEF",
@@ -218,7 +225,7 @@ run_conversion('req conversions',
run_conversion('req conversions -- testreq2',
srctop_file("test", "testreq2.pem"));
-unlink "testkey.pem", "testreq.pem", "testreq_withattrs_pem.pem", "testreq_withattrs_der.pem";
+unlink "testkey.pem", "testreq.pem", "testreq_withattrs_pem.pem", "testreq_withattrs_der.pem", "testsign.pem";
sub run_conversion {
my $title = shift;
--
2.20.1 (Apple Git-117)
Reference in New Issue View Git Blame Copy Permalink