diff options
author | Paul Yang <yang.yang@baishancloud.com> | 2019-06-05 14:46:48 +0800 |
---|---|---|
committer | Paul Yang <yang.yang@baishancloud.com> | 2019-06-28 18:58:19 +0800 |
commit | bc42bd6298702a1abf70aa6383d36886dd5af4b3 (patch) | |
tree | f75b4cdda42ccc9ebeb01cf9d1d4bc5c0c05764e /crypto/asn1 | |
parent | 53a11c6da09988efba93eccfdd10bf7edf1d53b2 (diff) |
Support SM2 certificate signing
SM2 certificate signing request can be created and signed by OpenSSL
now, both in library and apps.
Documentation and test cases are added.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9085)
Diffstat (limited to 'crypto/asn1')
-rw-r--r-- | crypto/asn1/a_sign.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 97e8efcbe8..e2ef60f773 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -145,7 +145,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, unsigned char *buf_in = NULL, *buf_out = NULL; size_t inl = 0, outl = 0, outll = 0; int signid, paramtype, buf_len = 0; - int rv; + int rv, pkey_id; type = EVP_MD_CTX_md(ctx); pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); @@ -184,9 +184,14 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); goto err; } - if (!OBJ_find_sigid_by_algs(&signid, - EVP_MD_nid(type), - pkey->ameth->pkey_id)) { + + pkey_id = +#ifndef OPENSSL_NO_SM2 + EVP_PKEY_id(pkey) == NID_sm2 ? NID_sm2 : +#endif + pkey->ameth->pkey_id; + + if (!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type), pkey_id)) { ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); goto err; |