-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openssl-3.0.12 cannot decode beijing CA certificate。 #23259
Comments
when I try this against
I will try against 3.0. |
I've also tried against 3.0.12, 3.1.4, 3.2.0 and
@andylee521 : could you post the output of the error you are seeing? |
is it possible that your build of openssl has support for SM2 disabled? |
Hi jamuir,
|
Hi t8m,
|
okay. So your 3.0.12 sources are modified (i.e. you are not using the released version). For comparison, maybe you could try building 3.0.12 from the unmodified sources and attempt SM2 key operations against it. |
Em... |
I am able to reproduce that failure using 3.0.12:
However, when I try creating my own SM2 private key, it is parsed successfully:
You can use
But, if I parse the octet string starting at offset 30 inside
So the problem is that If you add the wrapper / header to |
This is the header you can prepend to the bytes of
So the new key file looks like |
jamuir,got it, thank you very much. |
testenc.key looks like this:
So, this is a ECPrivateKey (RFC 5915 - 3. Elliptic Curve Private Key Format) without a PrivateKeyInfo wrapping, what OpenSSL sometimes calls "traditional" form. This is OK. However, 3.0 OpenSSL types them in PEM with "BEGIN SM2 PRIVATE KEY" when encoding into PEM, while pre-3.0 OpenSSL types them with "BEGIN EC PRIVATE KEY" as seen above... and it's possible that the decoder pays a bit too much attention to the PEM type in this case (encoding difference non withstanding). |
In #22529, I looked through all SM2 keys we have in the OpenSSL source, and found that they could all be decoded... so it frankly surprised me that we hadn't hit this case. But, looking again, I found that none of them were in "traditional" form, i.e. they were wrapped with a PrivateKeyInfo structure, and had the PEM type "BEGIN PRIVATE KEY", which differs quite a bit from "BEGIN EC PRIVATE KEY", both in form and process. |
While debugging
... but the real surprise is that it never got called again (i.e. not after the DER→key decoders were called, if they were called at all). I not yet sure if this is a fundamental issue that causes the decoding failure, but... |
@levitte : can this be closed? It seems like we have worked through the original problem. |
Hi guys,
I used comand "openssl x509 -in ./bjca.pem -noout -text" to print bjca's certificate content, but the result is that the certificate public key information cannot be decoded。
I analyzed the decoding logic and found that the decoder uses EC and the decoded group is SM2 from this certificate, so an error is returned when judging(function ec_check()), and the decoding cannot be successful.
Openssl version is 3.0.12, and so do the private key file. I think the root cause is OID:1.2.840.10045.2.1.
How to use the existing logic to be compatible with the old version of the certificate and the existing version of the certificate may be the key to solving this problem.
BJCA.zip
The text was updated successfully, but these errors were encountered: