x509: fix test cases, disable sm2withsm3 mixed with others #223

emmansun · May 23, 2024 · 74754d5 · 74754d5
1 parent 8787268
commit 74754d5
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/smx509/x509.go b/smx509/x509.go
@@ -1295,7 +1295,7 @@ func signingParamsForKey(key crypto.Signer, sigAlgo SignatureAlgorithm) (Signatu
 		case elliptic.P521():
 			defaultAlgo = ECDSAWithSHA512
 		case sm2.P256():
-			sigAlgo = SM2WithSM3
+			defaultAlgo = SM2WithSM3
 		default:
 			return 0, ai, errors.New("x509: unsupported elliptic curve")
 		}
@@ -1314,7 +1314,7 @@ func signingParamsForKey(key crypto.Signer, sigAlgo SignatureAlgorithm) (Signatu
 
 	for _, details := range signatureAlgorithmDetails {
 		if details.algo == sigAlgo {
-			if details.pubKeyAlgo != pubType {
+			if details.pubKeyAlgo != pubType || (sigAlgo != defaultAlgo && defaultAlgo == SM2WithSM3) {
 				return 0, ai, errors.New("x509: requested SignatureAlgorithm does not match private key type")
 			}
 			if details.hash == crypto.MD5 {

diff --git a/smx509/x509_test.go b/smx509/x509_test.go
@@ -2208,6 +2208,10 @@ func TestMultipleURLsInCRLDP(t *testing.T) {
 }
 
 func TestCreateRevocationList(t *testing.T) {
+	ec256Priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		t.Fatalf("Failed to generate ECDSA P256 key: %s", err)
+	}
 	sm2Priv, err := sm2.GenerateKey(rand.Reader)
 	if err != nil {
 		t.Fatalf("Failed to generate SM2 key: %s", err)
@@ -2403,7 +2407,7 @@ func TestCreateRevocationList(t *testing.T) {
 		},
 		{
 			name: "valid, non-default signature algorithm",
-			key:  sm2Priv,
+			key:  ec256Priv,
 			issuer: &x509.Certificate{
 				KeyUsage: KeyUsageCRLSign,
 				Subject: pkix.Name{