github/gmsm
7
0
Fork 0
mirror of https://github.com/emmansun/gmsm.git synced 2025-06-03 01:44:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

smx509: use truncated SHA-256 for SubjectKeyId #328

Browse Source
This commit is contained in:
Sun Yimin 2025-05-26 13:34:12 +08:00 committed by GitHub
parent 7e203652ef
commit fe1d170bdc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
smx509/x509.go
View File

@ -27,7 +27,7 @@ import (
"crypto/ed25519" "crypto/ed25519"
"crypto/elliptic" "crypto/elliptic"
"crypto/rsa" "crypto/rsa"
"crypto/sha1" "crypto/sha256"
"crypto/x509" "crypto/x509"
"crypto/x509/pkix" "crypto/x509/pkix"
"encoding/asn1" "encoding/asn1"
@ -1604,12 +1604,12 @@ func CreateCertificate(rand io.Reader, template, parent, pub, priv any) ([]byte,
subjectKeyId := realTemplate.SubjectKeyId subjectKeyId := realTemplate.SubjectKeyId
if len(subjectKeyId) == 0 && realTemplate.IsCA { if len(subjectKeyId) == 0 && realTemplate.IsCA {
// SubjectKeyId generated using method 1 in RFC 5280, Section 4.2.1.2: // SubjectKeyId generated using method 1 in RFC 7093, Section 2:
// (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the // 1) The keyIdentifier is composed of the leftmost 160-bits of the
// value of the BIT STRING subjectPublicKey (excluding the tag, // SHA-256 hash of the value of the BIT STRING subjectPublicKey
// length, and number of unused bits). // (excluding the tag, length, and number of unused bits).
h := sha1.Sum(publicKeyBytes) h := sha256.Sum256(publicKeyBytes)
subjectKeyId = h[:] subjectKeyId = h[:20]
} }
// Check that the signer's public key matches the private key, if available. // Check that the signer's public key matches the private key, if available.