From 36d11c39c49b519f8212015dc933f1589924ac34 Mon Sep 17 00:00:00 2001
From: Huaxin Lu <luhuaxin1@huawei.com>
Date: Fri, 1 Sep 2023 20:33:16 +0800
Subject: [PATCH] Support sm2 CMS signature and default sm2 id

---
 Feature-support-SM2-CMS-signature.patch       | 41 +++++++++++++
 ...-use-default-id-if-SM2-id-is-not-set.patch | 59 +++++++++++++++++++
 openssl.spec                                  |  7 ++-
 3 files changed, 106 insertions(+), 1 deletion(-)
 create mode 100644 Feature-support-SM2-CMS-signature.patch
 create mode 100644 Feature-use-default-id-if-SM2-id-is-not-set.patch

diff --git a/Feature-support-SM2-CMS-signature.patch b/Feature-support-SM2-CMS-signature.patch
new file mode 100644
index 0000000..b579537
--- /dev/null
+++ b/Feature-support-SM2-CMS-signature.patch
@@ -0,0 +1,41 @@
+From e7f35b6f10599a574acb3bcca40845eeccfdc63b Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Fri, 1 Sep 2023 20:08:46 +0800
+Subject: [PATCH] Support SM2 CMS signature
+
+Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
+---
+ crypto/cms/cms_sd.c | 2 +-
+ crypto/evp/p_lib.c  | 3 +++
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
+index 34c021b..093b41c 100644
+--- a/crypto/cms/cms_sd.c
++++ b/crypto/cms/cms_sd.c
+@@ -232,7 +232,7 @@ static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
+     EVP_PKEY *pkey = si->pkey;
+     int i;
+ 
+-    if (EVP_PKEY_is_a(pkey, "DSA") || EVP_PKEY_is_a(pkey, "EC"))
++    if (EVP_PKEY_is_a(pkey, "DSA") || EVP_PKEY_is_a(pkey, "EC") || EVP_PKEY_is_a(pkey, "SM2"))
+         return ossl_cms_ecdsa_dsa_sign(si, cmd);
+     else if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS"))
+         return ossl_cms_rsa_sign(si, cmd);
+diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
+index f6acb5b..9567bb0 100644
+--- a/crypto/evp/p_lib.c
++++ b/crypto/evp/p_lib.c
+@@ -982,6 +982,9 @@ int EVP_PKEY_type(int type)
+ 
+ int EVP_PKEY_get_id(const EVP_PKEY *pkey)
+ {
++    if (EVP_PKEY_is_a(pkey, "SM2")) {
++        return EVP_PKEY_SM2;
++    }
+     return pkey->type;
+ }
+ 
+-- 
+2.33.0
+
diff --git a/Feature-use-default-id-if-SM2-id-is-not-set.patch b/Feature-use-default-id-if-SM2-id-is-not-set.patch
new file mode 100644
index 0000000..ee6f2d8
--- /dev/null
+++ b/Feature-use-default-id-if-SM2-id-is-not-set.patch
@@ -0,0 +1,59 @@
+From 12f6ee3806c1f04a682b4c31aeb510a2dca602ef Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Fri, 1 Sep 2023 20:27:45 +0800
+Subject: [PATCH] use default id if SM2 id is not set
+
+Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
+---
+ crypto/sm2/sm2_sign.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c
+index ff5be9b..33d3a73 100644
+--- a/crypto/sm2/sm2_sign.c
++++ b/crypto/sm2/sm2_sign.c
+@@ -42,6 +42,8 @@ int ossl_sm2_compute_z_digest(uint8_t *out,
+     uint8_t *buf = NULL;
+     uint16_t entl = 0;
+     uint8_t e_byte = 0;
++    const uint8_t *f_id = id;
++    size_t f_id_len = id_len;
+ 
+     hash = EVP_MD_CTX_new();
+     ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(key));
+@@ -68,15 +70,21 @@ int ossl_sm2_compute_z_digest(uint8_t *out,
+         goto done;
+     }
+ 
++    /* if id is not set, use default id */
++    if (f_id == NULL || f_id_len == 0) {
++        f_id = (const uint8_t *)SM2_DEFAULT_USERID;
++        f_id_len = strlen(SM2_DEFAULT_USERID);
++    }
++
+     /* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */
+ 
+-    if (id_len >= (UINT16_MAX / 8)) {
++    if (f_id_len >= (UINT16_MAX / 8)) {
+         /* too large */
+         ERR_raise(ERR_LIB_SM2, SM2_R_ID_TOO_LARGE);
+         goto done;
+     }
+ 
+-    entl = (uint16_t)(8 * id_len);
++    entl = (uint16_t)(8 * f_id_len);
+ 
+     e_byte = entl >> 8;
+     if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
+@@ -89,7 +97,7 @@ int ossl_sm2_compute_z_digest(uint8_t *out,
+         goto done;
+     }
+ 
+-    if (id_len > 0 && !EVP_DigestUpdate(hash, id, id_len)) {
++    if (f_id_len > 0 && !EVP_DigestUpdate(hash, f_id, f_id_len)) {
+         ERR_raise(ERR_LIB_SM2, ERR_R_EVP_LIB);
+         goto done;
+     }
+-- 
+2.33.0
+
diff --git a/openssl.spec b/openssl.spec
index e3a1926..5538fee 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -2,7 +2,7 @@
 Name:        openssl
 Epoch:       1
 Version:     3.0.9
-Release:     2
+Release:     3
 Summary:     Cryptography and SSL/TLS Toolkit
 License:     OpenSSL and SSLeay
 URL:         https://www.openssl.org/
@@ -30,6 +30,8 @@ Patch18:     backport-Fix-DH_check-excessive-time-with-over-sized-modulus.patch
 Patch19:     backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch
 Patch20:     backport-DH_check-Do-not-try-checking-q-properties-if-it-is-o.patch
 Patch21:     backport-dhtest.c-Add-test-of-DH_check-with-q-p-1.patch
+Patch22:     Feature-support-SM2-CMS-signature.patch
+Patch23:     Feature-use-default-id-if-SM2-id-is-not-set.patch
 
 BuildRequires: gcc gcc-c++ perl make lksctp-tools-devel coreutils util-linux zlib-devel
 Requires:    coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
@@ -230,6 +232,9 @@ make test || :
 %ldconfig_scriptlets libs
 
 %changelog
+* Wed Sep 13 2023 luhuaxin <luhuaxin1@huawei.com> - 1:3.0.9-3
+- Support SM2 CMS signature and use SM2 default id
+
 * Tue Aug 08 2023 zhujianwei <zhujianwei7@huawei.com> - 1:3.0.9-2
 - fix CVE-2023-2975 CVE-2023-3446 CVE-2023-3816
 
-- 
Gitee