Remove x509_key_get_sign_algor

2026-06-27 15:43:42 +08:00 · 2026-06-22 15:02:45 +08:00
parent f0ff81c1a5
commit 84f92c0747
25 changed files with 344 additions and 130 deletions
--- a/tools/certgen.c
+++ b/tools/certgen.c
@@ -27,6 +27,7 @@ static const char *options =
 	" -serial_len num"
 	" -days num"
 	" -key pem [-algor str] [-pass pass]"
+	" [-sig_alg str]"
 	" [-sm2_id str | -sm2_id_hex hex]"
 	" [-gen_authority_key_id]"
 	" [-gen_subject_key_id]"
@@ -48,6 +49,7 @@ static char *usage =
 "    -key file                    Private key file in PEM format\n"
 "    -algor str                   Public key algorithm\n"
 "    -pass pass                   Password for decrypting private key file\n"
+"    -sig_alg str                 Signature algorithm OID name, default sm2sign-with-sm3\n"
 "    -sm2_id str                  Signer's ID in SM2 signature algorithm\n"
 "    -sm2_id_hex hex              Signer's ID in hex format\n"
 "                                 When `-sm2_id` or `-sm2_id_hex` is specified,\n"
@@ -274,6 +276,13 @@ int certgen_main(int argc, char **argv)
 				fprintf(stderr, "%s: invalid algor '%s'\n", prog, str);
 				goto end;
 			}
+		} else if (!strcmp(*argv, "-sig_alg")) {
+			if (--argc < 1) goto bad;
+			str = *(++argv);
+			if ((sign_algor = x509_signature_algor_from_name(str)) == OID_undef) {
+				fprintf(stderr, "%s: invalid sig_alg '%s'\n", prog, str);
+				goto end;
+			}
 		} else if (!strcmp(*argv, "-pass")) {
 			if (--argc < 1) goto bad;
 			pass = *(++argv);
@@ -409,10 +418,6 @@ bad:
 		fprintf(stderr, "%s: load private key failed\n", prog);
 		goto end;
 	}
-	if (x509_key_get_sign_algor(&x509_key, &sign_algor) != 1) {
-		fprintf(stderr, "%s: inner error\n", prog);
-		goto end;
-	}
 	if (!signer_id_len) {
 		strcpy(signer_id, SM2_DEFAULT_ID);
 		signer_id_len = strlen(SM2_DEFAULT_ID);
--- a/tools/crlgen.c
+++ b/tools/crlgen.c
@@ -17,6 +17,7 @@
 #include <gmssl/mem.h>
 #include <gmssl/x509.h>
 #include <gmssl/x509_ext.h>
+#include <gmssl/x509_alg.h>
 #include <gmssl/x509_crl.h>
 #include <gmssl/file.h>
 #include <gmssl/error.h>
@@ -25,6 +26,7 @@
 static const char *usage =
 	" -in revoked_certs"
 	" -cacert pem -key pem [-pass pass] [-sm2_id str | -sm2_id_hex hex]"
+	" [-sig_alg str]"
 	" [-next_update time] "
 	" [-gen_authority_key_id]"
 	" [-crl_num num]"
@@ -42,6 +44,7 @@ static const char *options =
 "    -cacert pem            The issuer certificate\n"
 "    -key pem               The issuer private key\n"
 "    -pass pass             Password for decrypting private key file\n"
+"    -sig_alg str           Signature algorithm OID name, default sm2sign-with-sm3\n"
 "    -sm2_id str            Authority's ID in SM2 signature algorithm\n"
 "    -sm2_id_hex hex        Authority's ID in hex format\n"
 "                           When `-sm2_id` or `-sm2_id_hex` is specified,\n"
@@ -81,7 +84,7 @@ int crlgen_main(int argc, char **argv)
 	char signer_id[SM2_MAX_ID_LENGTH + 1] = {0};
 	size_t signer_id_len = 0;

-	int sign_algor = OID_undef;
+	int sign_algor = OID_sm2sign_with_sm3;

 	const uint8_t *issuer;
 	size_t issuer_len;
@@ -141,6 +144,13 @@ int crlgen_main(int argc, char **argv)
 		} else if (!strcmp(*argv, "-pass")) {
 			if (--argc < 1) goto bad;
 			pass = *(++argv);
+		} else if (!strcmp(*argv, "-sig_alg")) {
+			if (--argc < 1) goto bad;
+			str = *(++argv);
+			if ((sign_algor = x509_signature_algor_from_name(str)) == OID_undef) {
+				fprintf(stderr, "%s: invalid `-sig_alg` value '%s'\n", prog, str);
+				goto end;
+			}
 		} else if (!strcmp(*argv, "-sm2_id")) {
 			if (--argc < 1) goto bad;
 			str = *(++argv);
@@ -257,11 +267,6 @@ bad:
 		fprintf(stderr, "%s: certificate and private key not match\n", prog);
 		goto end;
 	}
-	if (x509_key_get_sign_algor(&x509_key, &sign_algor) != 1) {
-		fprintf(stderr, "%s: inner error\n", prog);
-		goto end;
-	}
-
 	if (!signer_id_len) {
 		strcpy(signer_id, SM2_DEFAULT_ID);
 		signer_id_len = strlen(SM2_DEFAULT_ID);
--- a/tools/ocspsign.c
+++ b/tools/ocspsign.c
@@ -15,6 +15,7 @@
 #include <gmssl/hex.h>
 #include <gmssl/asn1.h>
 #include <gmssl/x509.h>
+#include <gmssl/x509_alg.h>
 #include <gmssl/x509_crl.h>
 #include <gmssl/x509_key.h>
 #include <gmssl/ocsp.h>
@@ -26,6 +27,7 @@
 static const char *options =
 	"-reqin der -cacert pem -signer pem -key pem [-pass pass]"
 	" [-status good|revoked|unknown]"
+	" [-sig_alg str]"
 	" [-revocation_time time] [-revocation_reason reason]"
 	" [-this_update time] [-next_update time] [-produced_at time]"
 	" [-resp_key_id]"
@@ -42,6 +44,7 @@ static const char *help =
 "    -key pem                OCSPResponse signer private key\n"
 "    -pass pass              Password for decrypting private key file\n"
 "    -status status          Certificate status: good, revoked or unknown, default good\n"
+"    -sig_alg str            Signature algorithm OID name, default sm2sign-with-sm3\n"
 "    -revocation_time time   Revocation time, required when status is revoked\n"
 "    -revocation_reason str  Revocation reason, optional when status is revoked\n"
 "    -this_update time       SingleResponse thisUpdate, default current time\n"
@@ -190,6 +193,7 @@ int ocspsign_main(int argc, char **argv)
 	size_t signer_id_len = 0;

 	int cert_status = OCSP_cert_status_good;
+	int sign_algor = OID_sm2sign_with_sm3;
 	time_t revocation_time = (time_t)-1;
 	time_t this_update = time(NULL);
 	time_t next_update = (time_t)-1;
@@ -234,6 +238,13 @@ int ocspsign_main(int argc, char **argv)
 				fprintf(stderr, "%s: invalid `-status` value\n", prog);
 				goto end;
 			}
+		} else if (!strcmp(*argv, "-sig_alg")) {
+			if (--argc < 1) goto bad;
+			str = *(++argv);
+			if ((sign_algor = x509_signature_algor_from_name(str)) == OID_undef) {
+				fprintf(stderr, "%s: invalid `-sig_alg` value '%s'\n", prog, str);
+				goto end;
+			}
 		} else if (!strcmp(*argv, "-revocation_time")) {
 			if (--argc < 1) goto bad;
 			str = *(++argv);
@@ -414,6 +425,10 @@ bad:
 		fprintf(stderr, "%s: set OCSP responderID failure\n", prog);
 		goto end;
 	}
+	if (ocsp_sign_set_signature_algor(&ocsp_ctx, sign_algor) != 1) {
+		fprintf(stderr, "%s: set signature algorithm failure\n", prog);
+		goto end;
+	}
 	if (produced_at != (time_t)-1
 		&& ocsp_sign_set_produced_at(&ocsp_ctx, produced_at) != 1) {
 		fprintf(stderr, "%s: set producedAt failure\n", prog);
--- a/tools/reqgen.c
+++ b/tools/reqgen.c
@@ -24,6 +24,7 @@
 static const char *options =
 	"[-C str] [-ST str] [-L str] [-O str] [-OU str] -CN str"
 	" -key file [-algor str] [-pass pass]"
+	" [-sig_alg str]"
 	" [-sm2_id str | -sm2_id_hex hex]"
 	" [-out pem]";

@@ -39,6 +40,7 @@ static char *usage =
 "                                   * xmssmt-hashsig\n"
 "                                   * shpincs-hashsig\n"
 "    -pass pass                   Password for decrypting private key file\n"
+"    -sig_alg str                 Signature algorithm OID name, default sm2sign-with-sm3\n"
 "    -sm2_id str                  Signer's ID in SM2 signature algorithm\n"
 "    -sm2_id_hex hex              Signer's ID in hex format\n"
 "                                 When `-sm2_id` or `-sm2_id_hex` is specified,\n"
@@ -91,6 +93,7 @@ int reqgen_main(int argc, char **argv)
 	char *pass = NULL;
 	X509_KEY x509_key;
 	int algor = OID_ec_public_key;
+	int sign_algor = OID_sm2sign_with_sm3;
 	char signer_id[SM2_MAX_ID_LENGTH + 1] = {0};
 	size_t signer_id_len = 0;

@@ -151,6 +154,13 @@ int reqgen_main(int argc, char **argv)
 		} else if (!strcmp(*argv, "-pass")) {
 			if (--argc < 1) goto bad;
 			pass = *(++argv);
+		} else if (!strcmp(*argv, "-sig_alg")) {
+			if (--argc < 1) goto bad;
+			str = *(++argv);
+			if ((sign_algor = x509_signature_algor_from_name(str)) == OID_undef) {
+				fprintf(stderr, "%s: invalid `-sig_alg` value '%s'\n", prog, str);
+				goto end;
+			}
 		} else if (!strcmp(*argv, "-sm2_id")) {
 			if (--argc < 1) goto bad;
 			str = *(++argv);
@@ -228,7 +238,7 @@ bad:
 		name, namelen,
 		&x509_key,
 		attrs, attrs_len,
-		OID_sm2sign_with_sm3,
+		sign_algor,
 		&x509_key, signer_id, signer_id_len,
 		&p, &reqlen) != 1) {
 		fprintf(stderr, "%s: inner error\n", prog);
--- a/tools/reqsign.c
+++ b/tools/reqsign.c
@@ -29,6 +29,7 @@ static const char *options =
 	" [-serial_len num]"
 	" -days num"
 	" -cacert pem -key file [-pass pass]"
+	" [-sig_alg str]"
 	" [-sm2_id str | -sm2_id_hex hex]"
 	" [-gen_authority_key_id]"
 	" [-gen_subject_key_id]"
@@ -56,6 +57,7 @@ static char *usage =
 "    -days num                    Validity peroid in days\n"
 "    -cacert pem                  Issuer CA certificate\n"
 "    -key pem                     Issuer private key file in PEM format\n"
+"    -sig_alg str                 Signature algorithm OID name, default sm2sign-with-sm3\n"
 "    -sm2_id str                  Authority's ID in SM2 signature algorithm\n"
 "    -sm2_id_hex hex              Authority's ID in hex format\n"
 "                                 When `-sm2_id` or `-sm2_id_hex` is specified,\n"
@@ -180,7 +182,7 @@ int reqsign_main(int argc, char **argv)
 	size_t signer_id_len = 0;

 	// Algor
-	int sign_algor = OID_undef;
+	int sign_algor = OID_sm2sign_with_sm3;

 	// Issuer from CA certificate
 	const uint8_t *issuer;
@@ -317,6 +319,13 @@ int reqsign_main(int argc, char **argv)
 		} else if (!strcmp(*argv, "-pass")) {
 			if (--argc < 1) goto bad;
 			pass = *(++argv);
+		} else if (!strcmp(*argv, "-sig_alg")) {
+			if (--argc < 1) goto bad;
+			str = *(++argv);
+			if ((sign_algor = x509_signature_algor_from_name(str)) == OID_undef) {
+				fprintf(stderr, "%s: invalid `-sig_alg` value '%s'\n", prog, str);
+				goto end;
+			}
 		} else if (!strcmp(*argv, "-sm2_id")) {
 			if (--argc < 1) goto bad;
 			str = *(++argv);
@@ -473,10 +482,6 @@ bad:
 		fprintf(stderr, "%s: private key and CA certificate not match\n", prog);
 		goto end;
 	}
-	if (x509_key_get_sign_algor(&x509_key, &sign_algor) != 1) {
-		error_print();
-		goto end;
-	}
 	if (!signer_id_len) {
 		strcpy(signer_id, SM2_DEFAULT_ID);
 		signer_id_len = strlen(SM2_DEFAULT_ID);