Openssl源码方式添加国密SM2算法

1:源码方式,只需要添加2部分,第一部分是 国密sm2的oid,第二部分是group。

如果不添加,则 EVP_PKEY 无法解析,ec_asn1_pkparameters2group 函数 因为找不到 oid对应的group导致解析私钥失败,或者解析x509的公钥为空。

注:如下修改 不会 让你支持生成SM2国密证书或者支持诸如ECC_SM4_SM3等国密加密套件。

该修改只是让你能够让openssl正常解密 sm2 证书。


1:添加sm2的oid

cd crypto/objects/

编辑  objects.txt ,添加: 1 2 156 10197 1 301: SM2: SM2

随便加在哪里即可,我添加在文件最后。


然后在当前目录下执行:
perl objects.pl objects.txt obj_mac.num obj_mac.h
perl obj_dat.pl obj_mac.h  obj_dat.h



2:添加 group

ec_curve.c 中添加 2 个定义:

static const struct { EC_CURVE_DATA h; unsigned char data[0+32*6]; }
    _EC_X9_62_sm2 = {
{ NID_X9_62_prime_field,0,32,1 },
/* seed */
  0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,/* p */
  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
  0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
  0xFF,0xFF,
      0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
      0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
      0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
      0xFF,0xFc,
  0x28,0xE9,0xFA,0x9E,0x9D,0x9F,0x5E,0x34,0x4D,0x5A,/* b */
  0x9E,0x4B,0xCF,0x65,0x09,0xA7,0xF3,0x97,0x89,0xF5,
      0x15,0xAB,0x8F,0x92,0xDD,0xBC,0xBD,0x41,0x4D,0x94,
      0x0E,0x93,
      0x32,0xC4,0xAE,0x2C,0x1F,0x19,0x81,0x19,0x5F,0x99,    /* x */
      0x04,0x46,0x6A,0x39,0xC9,0x94,0x8F,0xE3,0x0B,0xBF, 
      0xF2,0x66,0x0B,0xE1,0x71,0x5A,0x45,0x89,0x33,0x4C, 
      0x74,0xC7, 
      0xBC,0x37,0x36,0xA2,0xF4,0xF6,0x77,0x9C,0x59,0xBD,    /* y */
      0xCE,0xE3,0x6B,0x69,0x21,0x53,0xD0,0xA9,0x87,0x7C, 
      0xC6,0x2A,0x47,0x40,0x02,0xDF,0x32,0xE5,0x21,0x39, 
      0xF0,0xA0, 
      0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */
      0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x72,0x03,0xDF,0x6B, 
      0x21,0xC6,0x05,0x2B,0x53,0xBB,0xF4,0x09,0x39,0xD5, 
      0x41,0x23}
};

curve_list 中添加:

{ NID_SM2, &_EC_X9_62_sm2.h, 0, "sm2 curve over a 256 bit prime field" },


然后重新make一下。

上述添加完成之后,OpenSSL即支持 SM2国密算法,能够正常解析 SM2国密证书。


你可能感兴趣的:(Openssl源码方式添加国密SM2算法)