1:源码方式,只需要添加2部分,第一部分是 国密sm2的oid,第二部分是group。
如果不添加,则 EVP_PKEY 无法解析,ec_asn1_pkparameters2group 函数 因为找不到 oid对应的group导致解析私钥失败,或者解析x509的公钥为空。
注:如下修改 不会 让你支持生成SM2国密证书或者支持诸如ECC_SM4_SM3等国密加密套件。
该修改只是让你能够让openssl正常解密 sm2 证书。
1:添加sm2的oid
cd crypto/objects/
编辑 objects.txt ,添加: 1 2 156 10197 1 301: SM2: SM2
随便加在哪里即可,我添加在文件最后。
然后在当前目录下执行:
perl objects.pl objects.txt obj_mac.num obj_mac.h
perl obj_dat.pl obj_mac.h obj_dat.h
2:添加 group
ec_curve.c 中添加 2 个定义:
static const struct { EC_CURVE_DATA h; unsigned char data[0+32*6]; }
_EC_X9_62_sm2 = {
{ NID_X9_62_prime_field,0,32,1 },
{ /* seed */
0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,/* p */
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,
0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFc,
0x28,0xE9,0xFA,0x9E,0x9D,0x9F,0x5E,0x34,0x4D,0x5A,/* b */
0x9E,0x4B,0xCF,0x65,0x09,0xA7,0xF3,0x97,0x89,0xF5,
0x15,0xAB,0x8F,0x92,0xDD,0xBC,0xBD,0x41,0x4D,0x94,
0x0E,0x93,
0x32,0xC4,0xAE,0x2C,0x1F,0x19,0x81,0x19,0x5F,0x99, /* x */
0x04,0x46,0x6A,0x39,0xC9,0x94,0x8F,0xE3,0x0B,0xBF,
0xF2,0x66,0x0B,0xE1,0x71,0x5A,0x45,0x89,0x33,0x4C,
0x74,0xC7,
0xBC,0x37,0x36,0xA2,0xF4,0xF6,0x77,0x9C,0x59,0xBD, /* y */
0xCE,0xE3,0x6B,0x69,0x21,0x53,0xD0,0xA9,0x87,0x7C,
0xC6,0x2A,0x47,0x40,0x02,0xDF,0x32,0xE5,0x21,0x39,
0xF0,0xA0,
0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x72,0x03,0xDF,0x6B,
0x21,0xC6,0x05,0x2B,0x53,0xBB,0xF4,0x09,0x39,0xD5,
0x41,0x23}
};
curve_list 中添加:
{ NID_SM2, &_EC_X9_62_sm2.h, 0, "sm2 curve over a 256 bit prime field" },
然后重新make一下。
上述添加完成之后,OpenSSL即支持 SM2国密算法,能够正常解析 SM2国密证书。