Bug 13644 - [Anolis8.10][RC1][海光] 密码TKM功能测试在海光C86-4G机器上测试报错
Summary: [Anolis8.10][RC1][海光] 密码TKM功能测试在海光C86-4G机器上测试报错
Status: RESOLVED FIXED
Alias: None
Product: Anolis OS 8
Classification: Anolis OS
Component: BaseOS Packages (show other bugs) BaseOS Packages
Version: 8.10
Hardware: All Linux
: P3-Medium S3-normal
Target Milestone: rc1
Assignee: Guanjun
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-01-23 10:57 UTC by tongsir
Modified: 2025-02-14 16:17 UTC (History)
1 user (show)

See Also:

Attachments
anolis openssl result (22.73 KB, image/png)
2025-01-23 10:57 UTC, tongsir 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description tongsir hygon_group 2025-01-23 10:57:55 UTC 
Created attachment 1293 [details]
anolis openssl result

Description of problem:

1. 龙蜥系统测试TKM时,使用openssl报错
龙蜥openssl:
openssl ecparam -genkey -name SM2 -out sm2.priv
openssl ec -in sm2.priv -pubout -out sm2.pub
openssl ec -pubin -in sm2.pub -text -noout
执行这三条命令生成一对SM2密钥对,然后解析sm2公钥的数据。在龙蜥的系统输出报错如图anolis_openssl,重新编译了一个开源的openssl 1.1.1k和龙蜥版本一样,输出就是正常的


2. 龙蜥系统测试TKM启动虚拟机报错,定位原因是qemu相关PR未合入:
BUG:https://gitee.com/src-anolis-os/qemu-kvm/pulls/66
Feature:https://gitee.com/src-anolis-os/qemu-kvm/pulls/65
Comment 1 wangzhe 2025-02-14 16:17:37 UTC 
(In reply to tongsir from comment #0)
> Created attachment 1293 [details]
> anolis openssl result
> 
> Description of problem:
> 
> 1. 龙蜥系统测试TKM时,使用openssl报错
> 龙蜥openssl:
> openssl ecparam -genkey -name SM2 -out sm2.priv
> openssl ec -in sm2.priv -pubout -out sm2.pub
> openssl ec -pubin -in sm2.pub -text -noout
> 执行这三条命令生成一对SM2密钥对,然后解析sm2公钥的数据。在龙蜥的系统输出报错如图anolis_openssl,重新编译了一个开源的openssl
> 1.1.1k和龙蜥版本一样,输出就是正常的
> 
> 
> 2. 龙蜥系统测试TKM启动虚拟机报错,定位原因是qemu相关PR未合入:
> BUG:https://gitee.com/src-anolis-os/qemu-kvm/pulls/66
> Feature:https://gitee.com/src-anolis-os/qemu-kvm/pulls/65


这里要用 openssl pkey 代替 openssl ec 命令,
经测试使用 openssl pkey 命令正常
[root@test ~]# rpm -qa |grep openssl |grep 1.1.1k
openssl-devel-1.1.1k-14.0.1.an8.x86_64
openssl-libs-1.1.1k-14.0.1.an8.x86_64
openssl-1.1.1k-14.0.1.an8.x86_64
[root@test ~]# 
[root@test ~]# openssl ecparam -genkey -name SM2 -out sm2.priv 
[root@test ~]# openssl pkey -in sm2.priv -pubout -out sm2.pub
[root@test ~]# openssl pkey -pubin -in sm2.pub -text -noout
Public-Key: (256 bit)
pub:
    04:60:cf:52:69:84:c2:24:41:32:4d:ad:c5:32:4c:
    03:42:27:89:75:28:1e:a7:f6:94:9d:d9:5d:0c:97:
    45:4c:2e:4f:97:12:db:44:93:11:63:af:0e:46:38:
    52:55:6e:64:47:e9:31:c5:fb:aa:62:16:53:92:33:
    a9:58:87:98:a7
ASN1 OID: SM2
[root@test ~]# 

anolis 8 上使用国密可参考如下文档:
https://openanolis.github.io/whitebook-shangmi/anolisos_guide.html