File _service:tar_scm:Feature-X509-command-supports-... of Package compat-openssl11

File _service:tar_scm:Feature-X509-command-supports-SM2-certificate-signing-with-default-sm2id.patch of Package compat-openssl11

From d3e1106ea296a2ec94d27dd34692c34ad543ad04 Mon Sep 17 00:00:00 2001
From: s_c_c <shichuchao@huawei.com>
Date: Wed, 29 Jun 2022 17:54:50 +0800
Subject: [PATCH] X509 command supports SM2 certificate signing with default
 sm2id

---
 apps/x509.c                |  4 ++++
 include/openssl/sm2.h      |  9 +++++++++
 test/recipes/25-test_req.t | 13 ++++++++++---
 3 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/apps/x509.c b/apps/x509.c
index 1043eba..2669894 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -1078,6 +1078,10 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
         if (!X509V3_EXT_add_nconf(conf, &ctx, section, x))
             goto err;
     }
+#ifndef OPENSSL_NO_SM2
+    if (EVP_PKEY_is_sm2(pkey) && !EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))
+        goto err;
+#endif
     if (!X509_sign(x, pkey, digest))
         goto err;
     return 1;
diff --git a/include/openssl/sm2.h b/include/openssl/sm2.h
index 505ebfc..cc517bc 100644
--- a/include/openssl/sm2.h
+++ b/include/openssl/sm2.h
@@ -1,3 +1,12 @@
+/*
+ * Copyright 2022 Huawei Technologies Co., Ltd. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
 #ifndef HEADER_SM2_H
 # define HEADER_SM2_H
 
diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index d53e577..2b0c08c 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -182,10 +182,10 @@ subtest "generating certificate requests" => sub {
 };
 
 subtest "generating SM2 certificate requests" => sub {
-    plan tests => 4;
+    plan tests => 5;
 
     SKIP: {
-        skip "SM2 is not supported by this OpenSSL build", 4
+        skip "SM2 is not supported by this OpenSSL build", 5
         if disabled("sm2");
         ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
@@ -198,6 +198,13 @@ subtest "generating SM2 certificate requests" => sub {
                     "-sm2-id", "1234567812345678", "-sm3"])),
            "Verifying signature on SM2 certificate request");
 
+        # Use default sm2 id
+        ok(run(app(["openssl", "x509", "-req", "-extfile", srctop_file("test", "CAss.cnf"),
+                    "-extensions", "v3_ca", "-sm3", "-days", "365",
+                    "-in", "testreq.pem", "-signkey", srctop_file("test", "certs", "sm2.key"),
+                    "-out", "testsign.pem"])),
+           "Signing SM2 certificate request");
+
         ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
                     "-sigopt", "sm2_hex_id:DEADBEEF",
@@ -218,7 +225,7 @@ run_conversion('req conversions',
 run_conversion('req conversions -- testreq2',
                srctop_file("test", "testreq2.pem"));
 
-unlink "testkey.pem", "testreq.pem", "testreq_withattrs_pem.pem", "testreq_withattrs_der.pem";
+unlink "testkey.pem", "testreq.pem", "testreq_withattrs_pem.pem", "testreq_withattrs_der.pem", "testsign.pem";
 
 sub run_conversion {
     my $title = shift;
-- 
2.20.1 (Apple Git-117)