From 74754d50d75d64964add9912350529cee00b38ef Mon Sep 17 00:00:00 2001 From: Sun Yimin Date: Thu, 23 May 2024 21:04:30 +0800 Subject: [PATCH] x509: fix test cases, disable sm2withsm3 mixed with others #223 --- smx509/x509.go | 4 ++-- smx509/x509_test.go | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/smx509/x509.go b/smx509/x509.go index adf6185b..658f9050 100644 --- a/smx509/x509.go +++ b/smx509/x509.go @@ -1295,7 +1295,7 @@ func signingParamsForKey(key crypto.Signer, sigAlgo SignatureAlgorithm) (Signatu case elliptic.P521(): defaultAlgo = ECDSAWithSHA512 case sm2.P256(): - sigAlgo = SM2WithSM3 + defaultAlgo = SM2WithSM3 default: return 0, ai, errors.New("x509: unsupported elliptic curve") } @@ -1314,7 +1314,7 @@ func signingParamsForKey(key crypto.Signer, sigAlgo SignatureAlgorithm) (Signatu for _, details := range signatureAlgorithmDetails { if details.algo == sigAlgo { - if details.pubKeyAlgo != pubType { + if details.pubKeyAlgo != pubType || (sigAlgo != defaultAlgo && defaultAlgo == SM2WithSM3) { return 0, ai, errors.New("x509: requested SignatureAlgorithm does not match private key type") } if details.hash == crypto.MD5 { diff --git a/smx509/x509_test.go b/smx509/x509_test.go index 31baf698..c66f9a0e 100644 --- a/smx509/x509_test.go +++ b/smx509/x509_test.go @@ -2208,6 +2208,10 @@ func TestMultipleURLsInCRLDP(t *testing.T) { } func TestCreateRevocationList(t *testing.T) { + ec256Priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + t.Fatalf("Failed to generate ECDSA P256 key: %s", err) + } sm2Priv, err := sm2.GenerateKey(rand.Reader) if err != nil { t.Fatalf("Failed to generate SM2 key: %s", err) @@ -2403,7 +2407,7 @@ func TestCreateRevocationList(t *testing.T) { }, { name: "valid, non-default signature algorithm", - key: sm2Priv, + key: ec256Priv, issuer: &x509.Certificate{ KeyUsage: KeyUsageCRLSign, Subject: pkix.Name{