abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-19 11:23:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update Tools

Browse Source
This commit is contained in:
Zhi Guan
2022-05-29 18:10:41 +08:00
parent 767dae98ab
commit 19ea6fdf92
31 changed files with 825 additions and 381 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/asn1.c
View File

@@ -448,11 +448,21 @@ int asn1_boolean_to_der_ex(int tag, int val, uint8_t **out, size_t *outlen)
int asn1_integer_to_der_ex(int tag, const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen)
{
if (!a || alen <= 0 || alen > INT_MAX || (out && !(*out)) || !outlen) {
if (!a) {
return 0;
}
if (alen <= 0 || alen > INT_MAX || (out && !(*out)) || !outlen) {
error_print();
return -1;
}
if (out)
*(*out)++ = tag;
(*outlen)++;

82
src/sm2_lib.c
View File

@@ -306,40 +306,18 @@ extern void sm3_compress_blocks(uint32_t digest[8], const uint8_t *data, size_t
int sm2_compute_z(uint8_t z[32], const SM2_POINT *pub, const char *id, size_t idlen)
{
uint8_t zin[] = {
SM3_CTX ctx;
uint8_t zin[18 + 32 * 6] = {
0x00, 0x80,
0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E, 0x34,
0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65, 0x09, 0xA7,
0xF3, 0x97, 0x89, 0xF5, 0x15, 0xAB, 0x8F, 0x92,
0xDD, 0xBC, 0xBD, 0x41, 0x4D, 0x94, 0x0E, 0x93,
0x32, 0xC4, 0xAE, 0x2C, 0x1F, 0x19, 0x81, 0x19,
0x5F, 0x99, 0x04, 0x46, 0x6A, 0x39, 0xC9, 0x94,
0x8F, 0xE3, 0x0B, 0xBF, 0xF2, 0x66, 0x0B, 0xE1,
0x71, 0x5A, 0x45, 0x89, 0x33, 0x4C, 0x74, 0xC7,
0xBC, 0x37, 0x36, 0xA2, 0xF4, 0xF6, 0x77, 0x9C,
0x59, 0xBD, 0xCE, 0xE3, 0x6B, 0x69, 0x21, 0x53,
0xD0, 0xA9, 0x87, 0x7C, 0xC6, 0x2A, 0x47, 0x40,
0x02, 0xDF, 0x32, 0xE5, 0x21, 0x39, 0xF0, 0xA0,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x06, 0x90,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFC,
0x28,0xE9,0xFA,0x9E,0x9D,0x9F,0x5E,0x34,0x4D,0x5A,0x9E,0x4B,0xCF,0x65,0x09,0xA7,
0xF3,0x97,0x89,0xF5,0x15,0xAB,0x8F,0x92,0xDD,0xBC,0xBD,0x41,0x4D,0x94,0x0E,0x93,
0x32,0xC4,0xAE,0x2C,0x1F,0x19,0x81,0x19,0x5F,0x99,0x04,0x46,0x6A,0x39,0xC9,0x94,
0x8F,0xE3,0x0B,0xBF,0xF2,0x66,0x0B,0xE1,0x71,0x5A,0x45,0x89,0x33,0x4C,0x74,0xC7,
0xBC,0x37,0x36,0xA2,0xF4,0xF6,0x77,0x9C,0x59,0xBD,0xCE,0xE3,0x6B,0x69,0x21,0x53,
0xD0,0xA9,0x87,0x7C,0xC6,0x2A,0x47,0x40,0x02,0xDF,0x32,0xE5,0x21,0x39,0xF0,0xA0,
};
if (!z || !pub || !id) {
@@ -347,40 +325,21 @@ int sm2_compute_z(uint8_t z[32], const SM2_POINT *pub, const char *id, size_t id
return -1;
}
memcpy(&zin[18 + 32 * 4], pub->x, 32);
memcpy(&zin[18 + 32 * 5], pub->y, 32);
if (strcmp(id, "1234567812345678") == 0) {
uint32_t digest[8] = {
0xadadedb5U, 0x0446043fU, 0x08a87aceU, 0xe86d2243U,
0x8e232383U, 0xbfc81fe2U, 0xcf9117c8U, 0x4707011dU,
};
memcpy(&zin[128], pub->x, 32);
memcpy(&zin[160], pub->y, 32);
sm3_compress_blocks(digest, zin, 2);
PUTU32(z , digest[0]);
PUTU32(z + 4, digest[1]);
PUTU32(z + 8, digest[2]);
PUTU32(z + 12, digest[3]);
PUTU32(z + 16, digest[4]);
PUTU32(z + 20, digest[5]);
PUTU32(z + 24, digest[6]);
PUTU32(z + 28, digest[7]);
sm3_init(&ctx);
if (strcmp(id, SM2_DEFAULT_ID) == 0) {
sm3_update(&ctx, zin, sizeof(zin));
} else {
SM3_CTX ctx;
uint8_t idbits[2];
idbits[0] = (uint8_t)(idlen >> 5);
idbits[1] = (uint8_t)(idlen << 3);
sm3_init(&ctx);
sm3_update(&ctx, idbits, 2);
sm3_update(&ctx, (uint8_t *)id, idlen);
sm3_update(&ctx, zin + 18, 128);
sm3_update(&ctx, pub->x, 32);
sm3_update(&ctx, pub->y, 32);
sm3_finish(&ctx, z);
sm3_update(&ctx, zin + 18, 32 * 6);
}
sm3_finish(&ctx, z);
return 1;
}
@@ -492,11 +451,6 @@ int sm2_kdf(const uint8_t *in, size_t inlen, size_t outlen, uint8_t *out)
uint32_t counter = 1;
size_t len;
/*
size_t i; fprintf(stderr, "kdf input : ");
for (i = 0; i < inlen; i++) fprintf(stderr, "%02x", in[i]); fprintf(stderr, "\n");
*/
while (outlen) {
PUTU32(counter_be, counter);
counter++;

95
src/sm3.c
View File

@@ -49,6 +49,7 @@
#include <string.h>
#include <gmssl/sm3.h>
#include <gmssl/endian.h>
#include <gmssl/error.h>
#ifdef SM3_SSE3
@@ -345,103 +346,11 @@ void sm3_init(SM3_CTX *ctx)
ctx->digest[7] = 0xB0FB0E4E;
}
#if 0
void sm3_compute_id_digest(uint8_t z[32], const char *id,
const uint8_t x[32], const uint8_t y[32])
{
uint8_t zin[] = {
0x00, 0x80,
0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E, 0x34,
0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65, 0x09, 0xA7,
0xF3, 0x97, 0x89, 0xF5, 0x15, 0xAB, 0x8F, 0x92,
0xDD, 0xBC, 0xBD, 0x41, 0x4D, 0x94, 0x0E, 0x93,
0x32, 0xC4, 0xAE, 0x2C, 0x1F, 0x19, 0x81, 0x19,
0x5F, 0x99, 0x04, 0x46, 0x6A, 0x39, 0xC9, 0x94,
0x8F, 0xE3, 0x0B, 0xBF, 0xF2, 0x66, 0x0B, 0xE1,
0x71, 0x5A, 0x45, 0x89, 0x33, 0x4C, 0x74, 0xC7,
0xBC, 0x37, 0x36, 0xA2, 0xF4, 0xF6, 0x77, 0x9C,
0x59, 0xBD, 0xCE, 0xE3, 0x6B, 0x69, 0x21, 0x53,
0xD0, 0xA9, 0x87, 0x7C, 0xC6, 0x2A, 0x47, 0x40,
0x02, 0xDF, 0x32, 0xE5, 0x21, 0x39, 0xF0, 0xA0,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x06, 0x90,
};
if (!id || strcmp(id, "1234567812345678")) {
unsigned int digest[8] = {
0xadadedb5U, 0x0446043fU, 0x08a87aceU, 0xe86d2243U,
0x8e232383U, 0xbfc81fe2U, 0xcf9117c8U, 0x4707011dU,
};
memcpy(&zin[128], x, 32);
memcpy(&zin[160], y, 32);
sm3_compress_blocks(digest, zin, 2);
PUTU32(z , digest[0]);
PUTU32(z + 4, digest[1]);
PUTU32(z + 8, digest[2]);
PUTU32(z + 12, digest[3]);
PUTU32(z + 16, digest[4]);
PUTU32(z + 20, digest[5]);
PUTU32(z + 24, digest[6]);
PUTU32(z + 28, digest[7]);
} else {
SM3_CTX ctx;
uint8_t idbits[2];
size_t len;
len = strlen(id);
idbits[0] = (uint8_t)(len >> 5);
idbits[1] = (uint8_t)(len << 3);
sm3_init(&ctx);
sm3_update(&ctx, idbits, 2);
sm3_update(&ctx, (uint8_t *)id, len);
sm3_update(&ctx, zin + 18, 128);
sm3_update(&ctx, x, 32);
sm3_update(&ctx, y, 32);
sm3_finish(&ctx, z);
}
}
int sm3_sm2_init(SM3_CTX *ctx, const char *id,
const uint8_t *x, const uint8_t *y)
{
uint8_t z[32];
if ((id && strlen(id) > 65535/8) || !x || !y) {
return 0;
}
sm3_compute_id_digest(z, id, x, y);
sm3_init(ctx);
sm3_update(ctx, z, 32);
return 1;
}
#endif
void sm3_update(SM3_CTX *ctx, const uint8_t *data, size_t data_len)
{
size_t blocks;
ctx->num &= 0x3f;
if (ctx->num) {
unsigned int left = SM3_BLOCK_SIZE - ctx->num;

97
src/tlcp.c
View File

@@ -86,6 +86,7 @@ int tlcp_record_set_handshake_server_key_exchange_pke(uint8_t *record, size_t *r
error_print();
return -1;
}
tls_uint16_to_bytes(siglen, &p, &hslen);
tls_array_to_bytes(sig, siglen, &p, &hslen);
tls_record_set_handshake(record, recordlen, type, NULL, hslen);
return 1;
@@ -115,16 +116,11 @@ int tlcp_record_get_handshake_server_key_exchange_pke(const uint8_t *record,
error_print();
return -1;
}
/*
if (tls_uint16array_copy_from_bytes(sig, siglen, *siglen, &p, &len) != 1
|| len > 0) {
error_print();
return -1;
}
*/
// FIXME: check *siglen >= len
memcpy(sig, p, len);
*siglen = len;
return 1;
}
@@ -250,7 +246,7 @@ int tlcp_connect(TLS_CONNECT *conn, const char *hostname, int port,
tls_record_set_version(record, TLS_version_tlcp);
tls_record_set_version(finished, TLS_version_tlcp);
tls_trace(">>>> ClientHello\n");
tls_trace("send ClientHello\n");
tls_random_generate(client_random);
if (tls_record_set_handshake_client_hello(record, &recordlen,
TLS_version_tlcp, client_random, NULL, 0,
@@ -267,7 +263,7 @@ int tlcp_connect(TLS_CONNECT *conn, const char *hostname, int port,
if (client_sign_key)
sm2_sign_update(&sign_ctx, record + 5, recordlen - 5);
tls_trace("<<<< ServerHello\n");
tls_trace("recv ServerHello\n");
if (tls_record_recv(record, &recordlen, conn->sock) != 1
|| tls_record_version(record) != TLS_version_tlcp) {
error_print();
@@ -292,7 +288,7 @@ int tlcp_connect(TLS_CONNECT *conn, const char *hostname, int port,
if (client_sign_key)
sm2_sign_update(&sign_ctx, record + 5, recordlen - 5);
tls_trace("<<<< ServerCertificate\n");
tls_trace("recv ServerCertificate\n");
if (tls_record_recv(record, &recordlen, conn->sock) != 1
|| tls_record_version(record) != TLS_version_tlcp) {
error_print();
@@ -317,7 +313,7 @@ int tlcp_connect(TLS_CONNECT *conn, const char *hostname, int port,
if (client_sign_key)
sm2_sign_update(&sign_ctx, record + 5, recordlen - 5);
tls_trace("<<<< ServerKeyExchange\n");
tls_trace("recv ServerKeyExchange\n");
if (tls_record_recv(record, &recordlen, conn->sock) != 1
|| tls_record_version(record) != TLS_version_tlcp) {
error_print();
@@ -332,7 +328,7 @@ int tlcp_connect(TLS_CONNECT *conn, const char *hostname, int port,
if (client_sign_key)
sm2_sign_update(&sign_ctx, record + 5, recordlen - 5);
tls_trace("++++ process ServerKeyExchange\n");
tls_trace("process ServerKeyExchange\n");
if (tls_certificate_get_second(conn->server_certs, conn->server_certs_len,
&server_enc_cert, &server_enc_cert_len) != 1) {
error_print();
@@ -357,7 +353,7 @@ int tlcp_connect(TLS_CONNECT *conn, const char *hostname, int port,
return -1;
}
if (type == TLS_handshake_certificate_request) {
tls_trace("<<<< CertificateRequest\n");
tls_trace("recv CertificateRequest\n");
int cert_types[TLS_MAX_CERTIFICATE_TYPES];
size_t cert_types_count;;
uint8_t ca_names[TLS_MAX_CA_NAMES_SIZE];
@@ -382,7 +378,7 @@ int tlcp_connect(TLS_CONNECT *conn, const char *hostname, int port,
memset(&sign_ctx, 0, sizeof(SM2_SIGN_CTX));
client_sign_key = NULL;
}
tls_trace("<<<< ServerHelloDone\n");
tls_trace("recv ServerHelloDone\n");
tls_record_print(stderr, record, recordlen, 0, 0);
if (tls_record_get_handshake_server_hello_done(record) != 1) {
error_print();
@@ -392,7 +388,7 @@ int tlcp_connect(TLS_CONNECT *conn, const char *hostname, int port,
if (client_sign_key) {
sm2_sign_update(&sign_ctx, record + 5, recordlen - 5);
tls_trace(">>>> ClientCertificate\n");
tls_trace("send ClientCertificate\n");
if (tls_record_set_handshake_certificate_from_pem(record, &recordlen, client_certs_fp) != 1) {
error_print();
return -1;
@@ -406,7 +402,7 @@ int tlcp_connect(TLS_CONNECT *conn, const char *hostname, int port,
sm2_sign_update(&sign_ctx, record + 5, recordlen - 5);
}
tls_trace("++++ generate secrets\n");
tls_trace("generate secrets\n");
if (tls_pre_master_secret_generate(pre_master_secret, TLS_version_tlcp) != 1
|| tls_prf(pre_master_secret, 48, "master secret",
client_random, 32, server_random, 32,
@@ -421,15 +417,15 @@ int tlcp_connect(TLS_CONNECT *conn, const char *hostname, int port,
sm3_hmac_init(&conn->server_write_mac_ctx, conn->key_block + 32, 32);
sm4_set_encrypt_key(&conn->client_write_enc_key, conn->key_block + 64);
sm4_set_decrypt_key(&conn->server_write_enc_key, conn->key_block + 80);
format_bytes(stderr, 0, 0, "pre_master_secret : ", pre_master_secret, 48);
format_bytes(stderr, 0, 0, "master_secret : ", conn->master_secret, 48);
format_bytes(stderr, 0, 0, "client_write_mac_key : ", conn->key_block, 32);
format_bytes(stderr, 0, 0, "server_write_mac_key : ", conn->key_block + 32, 32);
format_bytes(stderr, 0, 0, "client_write_enc_key : ", conn->key_block + 64, 16);
format_bytes(stderr, 0, 0, "server_write_enc_key : ", conn->key_block + 80, 16);
format_bytes(stderr, 0, 4, "PRE_MASTER_SECRET", pre_master_secret, 48);
format_bytes(stderr, 0, 4, "MASTER_SECRET", conn->master_secret, 48);
format_bytes(stderr, 0, 4, "CLIENT_WRITE_MAC_KEY", conn->key_block, 32);
format_bytes(stderr, 0, 4, "SERVER_WRITE_MAC_KEY", conn->key_block + 32, 32);
format_bytes(stderr, 0, 4, "CLIENT_WRITE_ENC_KEY", conn->key_block + 64, 16);
format_bytes(stderr, 0, 4, "SERVER_WRITE_ENC_KEY", conn->key_block + 80, 16);
format_print(stderr, 0, 0, "\n");
tls_trace(">>>> ClientKeyExchange\n");
tls_trace("send ClientKeyExchange\n");
if (sm2_encrypt(&server_enc_key, pre_master_secret, 48,
enced_pre_master_secret, &enced_pre_master_secret_len) != 1) {
error_print();
@@ -450,7 +446,7 @@ int tlcp_connect(TLS_CONNECT *conn, const char *hostname, int port,
sm2_sign_update(&sign_ctx, record + 5, recordlen - 5);
if (client_sign_key) {
tls_trace(">>>> CertificateVerify\n");
tls_trace("send CertificateVerify\n");
sm2_sign_finish(&sign_ctx, sig, &siglen);
if (tls_record_set_handshake_certificate_verify(record, &recordlen, sig, siglen) != 1) {
error_print();
@@ -464,7 +460,7 @@ int tlcp_connect(TLS_CONNECT *conn, const char *hostname, int port,
sm3_update(&sm3_ctx, record + 5, recordlen - 5);
}
tls_trace(">>>> [ChangeCipherSpec]\n");
tls_trace("send [ChangeCipherSpec]\n");
if (tls_record_set_change_cipher_spec(record, &recordlen) !=1) {
error_print();
return -1;
@@ -475,7 +471,7 @@ int tlcp_connect(TLS_CONNECT *conn, const char *hostname, int port,
}
tls_record_print(stderr, record, recordlen, 0, 0);
tls_trace(">>>> Finished\n");
tls_trace("send Finished\n");
memcpy(&tmp_sm3_ctx, &sm3_ctx, sizeof(sm3_ctx));
sm3_finish(&tmp_sm3_ctx, sm3_hash);
@@ -503,7 +499,7 @@ int tlcp_connect(TLS_CONNECT *conn, const char *hostname, int port,
return -1;
}
tls_trace("<<<< [ChangeCipherSpec]\n");
tls_trace("recv [ChangeCipherSpec]\n");
if (tls_record_recv(record, &recordlen, conn->sock) != 1
|| tls_record_version(record) != TLS_version_tlcp) {
error_print();
@@ -515,7 +511,7 @@ int tlcp_connect(TLS_CONNECT *conn, const char *hostname, int port,
}
tls_record_print(stderr, record, recordlen, 0, 0);
tls_trace("<<<< Finished\n");
tls_trace("recv Finished\n");
if (tls_record_recv(record, &recordlen, conn->sock) != 1
|| tls_record_version(record) != TLS_version_tlcp) {
error_print();
@@ -600,7 +596,7 @@ int tlcp_accept(TLS_CONNECT *conn, int port,
return -1;
}
error_puts("start listen ...");
error_puts("start listen ...\n");
listen(sock, 5);
memset(conn, 0, sizeof(*conn));
@@ -619,7 +615,7 @@ int tlcp_accept(TLS_CONNECT *conn, int port,
sm3_init(&sm3_ctx);
tls_trace("<<<< ClientHello\n");
tls_trace("recv ClientHello\n");
if (tls_record_recv(record, &recordlen, conn->sock) != 1
|| tls_record_version(record) != TLS_version_tlcp) {
error_print();
@@ -653,7 +649,7 @@ int tlcp_accept(TLS_CONNECT *conn, int port,
handshakeslen += recordlen - 5;
}
tls_trace(">>>> ServerHello\n");
tls_trace("send ServerHello\n");
tls_random_generate(server_random);
if (tls_record_set_handshake_server_hello(record, &recordlen,
TLS_version_tlcp, server_random, NULL, 0,
@@ -673,7 +669,7 @@ int tlcp_accept(TLS_CONNECT *conn, int port,
handshakeslen += recordlen - 5;
}
tls_trace(">>>> ServerCertificate\n");
tls_trace("send ServerCertificate\n");
if (tls_record_set_handshake_certificate_from_pem(record, &recordlen, certs_fp) != 1) {
error_print();
return -1;
@@ -696,7 +692,8 @@ int tlcp_accept(TLS_CONNECT *conn, int port,
handshakeslen += recordlen - 5;
}
tls_trace(">>>> ServerKeyExchange\n");
tls_trace("send ServerKeyExchange\n");
if (sm2_sign_init(&sign_ctx, server_sign_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH) != 1
|| sm2_sign_update(&sign_ctx, client_random, 32) != 1
|| sm2_sign_update(&sign_ctx, server_random, 32) != 1
@@ -705,6 +702,7 @@ int tlcp_accept(TLS_CONNECT *conn, int port,
error_print();
return -1;
}
if (tlcp_record_set_handshake_server_key_exchange_pke(record, &recordlen, sig, siglen) != 1) {
error_print();
return -1;
@@ -722,11 +720,16 @@ int tlcp_accept(TLS_CONNECT *conn, int port,
}
if (client_cacerts_fp) {
tls_trace(">>>> CertificateRequest\n");
tls_trace("send CertificateRequest\n");
const int cert_types[] = { TLS_cert_type_ecdsa_sign, };
uint8_t ca_names[TLS_MAX_CA_NAMES_SIZE] = {0};
size_t cert_types_count = sizeof(cert_types)/sizeof(cert_types[0]);
size_t ca_names_len = 0;
//TODO : read CAnames
if (tls_record_set_handshake_certificate_request(record, &recordlen,
cert_types, cert_types_count,
ca_names, ca_names_len) != 1) {
@@ -747,7 +750,7 @@ int tlcp_accept(TLS_CONNECT *conn, int port,
}
}
tls_trace(">>>> ServerHelloDone\n");
tls_trace("send ServerHelloDone\n");
if (tls_record_set_handshake_server_hello_done(record, &recordlen) != 1) {
error_print();
return -1;
@@ -765,7 +768,7 @@ int tlcp_accept(TLS_CONNECT *conn, int port,
}
if (client_cacerts_fp) {
tls_trace("<<<< ClientCertificate\n");
tls_trace("recv ClientCertificate\n");
if (tls_record_recv(record, &recordlen, conn->sock) != 1
|| tls_record_version(record) != TLS_version_tlcp) {
error_print();
@@ -789,7 +792,7 @@ int tlcp_accept(TLS_CONNECT *conn, int port,
handshakeslen += recordlen - 5;
}
tls_trace("<<<< ClientKeyExchange\n");
tls_trace("recv ClientKeyExchange\n");
if (tls_record_recv(record, &recordlen, conn->sock) != 1
|| tls_record_version(record) != TLS_version_tlcp) {
error_print();
@@ -813,7 +816,7 @@ int tlcp_accept(TLS_CONNECT *conn, int port,
}
if (client_cacerts_fp) {
tls_trace("<<<< CertificateVerify\n");
tls_trace("recv CertificateVerify\n");
if (tls_record_recv(record, &recordlen, conn->sock) != 1
|| tls_record_version(record) != TLS_version_tlcp) {
error_print();
@@ -833,7 +836,7 @@ int tlcp_accept(TLS_CONNECT *conn, int port,
}
}
tls_trace("++++ generate secrets\n");
tls_trace("generate secrets\n");
if (tls_prf(pre_master_secret, 48, "master secret",
client_random, 32, server_random, 32,
48, conn->master_secret) != 1) {
@@ -850,16 +853,16 @@ int tlcp_accept(TLS_CONNECT *conn, int port,
sm3_hmac_init(&conn->server_write_mac_ctx, conn->key_block + 32, 32);
sm4_set_decrypt_key(&conn->client_write_enc_key, conn->key_block + 64);
sm4_set_encrypt_key(&conn->server_write_enc_key, conn->key_block + 80);
format_bytes(stderr, 0, 0, "pre_master_secret : ", pre_master_secret, 48);
format_bytes(stderr, 0, 0, "master_secret : ", conn->master_secret, 48);
format_bytes(stderr, 0, 0, "client_write_mac_key : ", conn->key_block, 32);
format_bytes(stderr, 0, 0, "server_write_mac_key : ", conn->key_block + 32, 32);
format_bytes(stderr, 0, 0, "client_write_enc_key : ", conn->key_block + 64, 16);
format_bytes(stderr, 0, 0, "server_write_enc_key : ", conn->key_block + 80, 16);
format_bytes(stderr, 0, 4, "PRE_MASTER_SECRET", pre_master_secret, 48);
format_bytes(stderr, 0, 4, "MASTER_SECRET", conn->master_secret, 48);
format_bytes(stderr, 0, 4, "CLIENT_WRITE_MAC_KEY", conn->key_block, 32);
format_bytes(stderr, 0, 4, "SERVER_WRITE_MAC_KEY", conn->key_block + 32, 32);
format_bytes(stderr, 0, 4, "CLIENT_WRITE_ENC_KEY", conn->key_block + 64, 16);
format_bytes(stderr, 0, 4, "SERVER_WRITE_ENC_KEY", conn->key_block + 80, 16);
format_print(stderr, 0, 0, "\n");
tls_trace("<<<< [ChangeCipherSpec]\n");
tls_trace("recv [ChangeCipherSpec]\n");
if (tls_record_recv(record, &recordlen, conn->sock) != 1
|| tls_record_version(record) != TLS_version_tlcp) {
error_print();
@@ -871,7 +874,7 @@ int tlcp_accept(TLS_CONNECT *conn, int port,
return -1;
}
tls_trace("<<<< ClientFinished\n");
tls_trace("recv ClientFinished\n");
if (tls_record_recv(record, &recordlen, conn->sock) != 1
|| tls_record_version(record) != TLS_version_tlcp) {
error_print();
@@ -902,7 +905,7 @@ int tlcp_accept(TLS_CONNECT *conn, int port,
return -1;
}
tls_trace(">>>> [ChangeCipherSpec]\n");
tls_trace("send [ChangeCipherSpec]\n");
if (tls_record_set_change_cipher_spec(record, &recordlen) != 1) {
error_print();
return -1;
@@ -913,7 +916,7 @@ int tlcp_accept(TLS_CONNECT *conn, int port,
return -1;
}
tls_trace(">>>> ServerFinished\n");
tls_trace("send ServerFinished\n");
sm3_finish(&sm3_ctx, sm3_hash);
if (tls_prf(conn->master_secret, 48, "server finished", sm3_hash, 32, NULL, 0,
12, verify_data) != 1) {

23
src/tls.c
View File

@@ -783,18 +783,19 @@ int tls_record_get_handshake_client_hello(const uint8_t *record,
(*cipher_suites_count)++;
}
if (len > 0) {
/*
// OpenSSL 即使在TLCP时仍然会发出扩展
if (*version < TLS_version_tls12) {
error_print();
return -1;
}
if (!exts) {
error_print();
return -1;
}
if (tls_uint16array_copy_from_bytes(exts, exts_len, TLS_MAX_EXTENSIONS_SIZE, &p, &len) != 1
|| len > 0) {
error_print();
return -1;
*/
if (exts) {
if (tls_uint16array_copy_from_bytes(exts, exts_len, TLS_MAX_EXTENSIONS_SIZE, &p, &len) != 1
|| len > 0) {
error_print();
return -1;
}
}
}
return 1;
@@ -1482,10 +1483,16 @@ int tls_record_recv(uint8_t *record, size_t *recordlen, int sock)
int type;
size_t len;
retry:
if ((r = recv(sock, record, 5, 0)) < 0) {
error_print();
return -1;
} else if (r != 5) {
sleep(1);
goto retry;
format_bytes(stderr, 0, 0, "record", record, r);
// FIXME: 如果对方已经中断连接,那么我们要判断这个错误吗?
error_print();
perror(""); // 否则打印ioctl错误

2
src/x509_alg.c
View File

@@ -264,6 +264,7 @@ static uint32_t oid_ecdsa_with_sha224[] = { 1,2,840,10045,4,3,1 };
static uint32_t oid_ecdsa_with_sha256[] = { 1,2,840,10045,4,3,2 };
static uint32_t oid_ecdsa_with_sha384[] = { 1,2,840,10045,4,3,3 };
static uint32_t oid_ecdsa_with_sha512[] = { 1,2,840,10045,4,3,4 };
static uint32_t oid_rsasign_with_md5[] = { 1,2,840,113549,1,1,4 };
static uint32_t oid_rsasign_with_sha1[] = { 1,2,840,113549,1,1,5 };
static uint32_t oid_rsasign_with_sha224[] = { 1,2,840,113549,1,1,14 };
static uint32_t oid_rsasign_with_sha256[] = { 1,2,840,113549,1,1,11 };
@@ -279,6 +280,7 @@ static const ASN1_OID_INFO x509_sign_algors[] = {
{ OID_ecdsa_with_sha256, "ecdsa-with-sha256", oid_ecdsa_with_sha256, sizeof(oid_ecdsa_with_sha256)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM },
{ OID_ecdsa_with_sha384, "ecdsa-with-sha384", oid_ecdsa_with_sha384, sizeof(oid_ecdsa_with_sha384)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM },
{ OID_ecdsa_with_sha512, "ecdsa-with-sha512", oid_ecdsa_with_sha512, sizeof(oid_ecdsa_with_sha512)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM },
{ OID_rsasign_with_md5, "md5WithRSAEncryption", oid_rsasign_with_md5, sizeof(oid_rsasign_with_md5)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM },
{ OID_rsasign_with_sha1, "sha1WithRSAEncryption", oid_rsasign_with_sha1, sizeof(oid_rsasign_with_sha1)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM },
{ OID_rsasign_with_sha224, "sha224WithRSAEncryption", oid_rsasign_with_sha224, sizeof(oid_rsasign_with_sha224)/sizeof(int), 1 },
{ OID_rsasign_with_sha256, "sha256WithRSAEncryption", oid_rsasign_with_sha256, sizeof(oid_rsasign_with_sha256)/sizeof(int), 1 },

11
src/x509_cer.c
View File

@@ -628,7 +628,7 @@ int x509_ext_to_der(int oid, int critical, const uint8_t *val, size_t vlen, uint
|| asn1_octet_string_to_der(val, vlen, NULL, &len) != 1
|| asn1_sequence_header_to_der(len, out, outlen) != 1
|| x509_ext_id_to_der(oid, out, outlen) != 1
|| asn1_boolean_to_der(critical, out, outlen) != 1
|| asn1_boolean_to_der(critical, out, outlen) < 0
|| asn1_octet_string_to_der(val, vlen, out, outlen) != 1) {
error_print();
return -1;
@@ -1150,20 +1150,23 @@ int x509_cert_from_pem_by_index(uint8_t *a, size_t *alen, size_t maxlen, int ind
int x509_cert_from_pem_by_subject(uint8_t *a, size_t *alen, size_t maxlen, const uint8_t *name, size_t namelen, FILE *fp)
{
int ret;
const uint8_t *d;
size_t dlen;
for (;;) {
if (x509_cert_from_pem(a, alen, maxlen, fp) != 1) {
if ((ret = x509_cert_from_pem(a, alen, maxlen, fp)) != 1) {
if (ret < 0) error_print();
return ret;
}
if (x509_cert_get_subject(a, *alen, &d, &dlen) != 1) {
error_print();
return -1;
}
x509_cert_get_subject(a, *alen, &d, &dlen);
if (dlen == namelen && memcmp(name, d, dlen) == 0) {
return 1;
}
}
return 0;
}

160
src/x509_crl.c
View File

@@ -110,6 +110,11 @@ int x509_crl_reason_from_der(int *reason, const uint8_t **in, size_t *inlen)
return asn1_enumerated_from_der(reason, in, inlen);
}
int x509_implicit_crl_reason_from_der(int index, int *reason, const uint8_t **in, size_t *inlen)
{
return asn1_implicit_enumerated_from_der(index, reason, in, inlen);
}
static uint32_t oid_ce_crl_reasons[] = { oid_ce,21 };
static uint32_t oid_ce_invalidity_date[] = { oid_ce,24 };
@@ -612,12 +617,32 @@ int x509_issuing_distribution_point_from_der(
int x509_issuing_distribution_point_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
{
int ret, val;
const uint8_t *p;
size_t len;
format_print(fp, fmt, ind, "%s\n", label);
ind += 4;
if ((ret = asn1_explicit_from_der(0, &p, &len, &d, &dlen)) < 0) goto end;
if (ret) x509_distribution_point_name_print(fp, fmt, ind, "distributionPoint", p, len);
if ((ret = asn1_implicit_boolean_from_der(1, &val, &d, &dlen)) < 0) goto end;
if (!ret) val = 0;
format_print(fp, fmt, ind, "onlyContainsUserCerts: %s\n", asn1_boolean_name(val));
if ((ret = asn1_implicit_boolean_from_der(2, &val, &d, &dlen)) < 0) goto end;
if (!ret) val = 0;
format_print(fp, fmt, ind, "onlyContainsCACerts: %s\n", asn1_boolean_name(val));
if ((ret = x509_implicit_crl_reason_from_der(3, &val, &d, &dlen)) < 0) goto end;
if (ret) format_print(fp, fmt, ind, "onlySomeReasons: %s\n", x509_crl_reason_name(val));
if ((ret = asn1_implicit_boolean_from_der(4, &val, &d, &dlen)) < 0) goto end;
if (!ret) val = 0;
format_print(fp, fmt, ind, "indirectCRL: %s\n", asn1_boolean_name(val));
if ((ret = asn1_implicit_boolean_from_der(5, &val, &d, &dlen)) < 0) goto end;
if (!ret) val = 0;
format_print(fp, fmt, ind, "onlyContainsAttributeCerts: %s\n", asn1_boolean_name(val));
if (asn1_length_is_zero(dlen) != 1) goto end;
return 1;
end:
error_print();
return -1;
}
@@ -758,6 +783,7 @@ int x509_tbs_crl_from_der(
if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
if (ret < 0) error_print();
else error_print();
return ret;
}
if (asn1_int_from_der(version, &d, &dlen) < 0
@@ -1024,6 +1050,8 @@ int x509_crl_verify(const uint8_t *a, size_t alen,
const SM2_KEY *pub_key, const char *signer_id, size_t signer_id_len)
{
int ret;
const uint8_t *d;
size_t dlen;
const uint8_t *tbs;
size_t tbslen;
int sig_alg;
@@ -1031,8 +1059,15 @@ int x509_crl_verify(const uint8_t *a, size_t alen,
size_t siglen;
SM2_SIGN_CTX verify_ctx;
if (x509_cert_list_from_der(&tbs, &tbslen, &sig_alg, &sig, &siglen, &a, &alen) != 1
|| asn1_length_is_zero(alen) != 1) {
if ((ret = asn1_sequence_from_der(&d, &dlen, &a, &alen)) != 1) {
if (ret < 0) error_print();
else error_print();
return -1;
}
if (asn1_any_from_der(&tbs, &tbslen, &d, &dlen) != 1
|| x509_signature_algor_from_der(&sig_alg, &d, &dlen) != 1
|| asn1_bit_octets_from_der(&sig, &siglen, &d, &dlen) != 1
|| asn1_length_is_zero(dlen) != 1) {
error_print();
return -1;
}
@@ -1041,8 +1076,26 @@ int x509_crl_verify(const uint8_t *a, size_t alen,
return -1;
}
if (sm2_verify_init(&verify_ctx, pub_key, signer_id, signer_id_len) != 1
|| sm2_verify_update(&verify_ctx, tbs, tbslen) != 1
|| (ret = sm2_verify_finish(&verify_ctx, sig, siglen)) < 0) {
|| sm2_verify_update(&verify_ctx, tbs, tbslen) != 1) {
error_print();
return -1;
}
if ((ret = sm2_verify_finish(&verify_ctx, sig, siglen)) != 1) {
if (ret < 0) error_print();
else error_print();
return -1;
}
return 1;
}
int x509_crl_verify_by_ca_cert(const uint8_t *a, size_t alen, const uint8_t *cacert, size_t cacertlen,
const char *signer_id, size_t signer_id_len)
{
int ret;
SM2_KEY public_key;
if (x509_cert_get_subject_public_key(cacert, cacertlen, &public_key) != 1
|| (ret = x509_crl_verify(a, alen, &public_key, signer_id, signer_id_len)) < 0) {
error_print();
return -1;
}
@@ -1050,7 +1103,7 @@ int x509_crl_verify(const uint8_t *a, size_t alen,
return ret;
}
int x509_crl_get_details(const uint8_t *crl, size_t crl_len,
int x509_crl_get_details(const uint8_t *a, size_t alen,
int *opt_version,
const uint8_t **opt_issuer, size_t *opt_issuer_len,
time_t *opt_this_update,
@@ -1060,15 +1113,35 @@ int x509_crl_get_details(const uint8_t *crl, size_t crl_len,
int *opt_signature_algor,
const uint8_t **opt_sig, size_t *opt_siglen)
{
int ret;
const uint8_t *d;
size_t dlen;
const uint8_t *tbs;
size_t tbs_len;
int signature_algor;
const uint8_t *sig;
size_t siglen;
int version;
int sig_alg;
const uint8_t *issuer;
size_t issuer_len;
time_t this_update;
time_t next_update;
const uint8_t *revoked_certs;
size_t revoked_certs_len;
const uint8_t *exts;
size_t exts_len;
if (x509_cert_list_from_der(&tbs, &tbs_len, &signature_algor, &sig, &siglen, &crl, &crl_len) != 1
|| asn1_length_is_zero(crl_len) != 1) {
if ((ret = asn1_sequence_from_der(&d, &dlen, &a, &alen)) != 1) {
if (ret < 0) error_print();
else error_print();
return -1;
}
if (asn1_any_from_der(&tbs, &tbs_len, &d, &dlen) != 1
|| x509_signature_algor_from_der(&sig_alg, &d, &dlen) != 1
|| asn1_bit_octets_from_der(&sig, &siglen, &d, &dlen) != 1
|| asn1_length_is_zero(dlen) != 1) {
error_print();
return -1;
}
@@ -1076,49 +1149,40 @@ int x509_crl_get_details(const uint8_t *crl, size_t crl_len,
if (opt_sig) *opt_sig = sig;
if (opt_siglen) *opt_siglen = siglen;
if (opt_version
|| opt_issuer || opt_issuer_len
|| opt_this_update
|| opt_next_update
|| opt_revoked_certs || opt_revoked_certs_len) {
if (x509_tbs_crl_from_der(&version, &sig_alg, &issuer, &issuer_len,
&this_update, &next_update, &revoked_certs, &revoked_certs_len,
&exts, &exts_len, &tbs, &tbs_len) != 1
|| asn1_length_is_zero(tbs_len) != 1) {
error_print();
return -1;
}
int version;
int sig_alg;
const uint8_t *issuer;
size_t issuer_len;
time_t this_update;
time_t next_update;
const uint8_t *revoked_certs;
size_t revoked_certs_len;
const uint8_t *exts;
size_t exts_len;
if (opt_version) *opt_version = version;
if (opt_issuer) *opt_issuer = issuer;
if (opt_issuer_len) *opt_issuer_len = issuer_len;
if (opt_this_update) *opt_this_update = this_update;
if (opt_next_update) *opt_next_update = next_update;
if (opt_revoked_certs) *opt_revoked_certs = revoked_certs;
if (opt_revoked_certs_len) *opt_revoked_certs_len = revoked_certs_len;
if (opt_exts) *opt_exts = exts;
if (opt_exts_len) *opt_exts_len = exts_len;
return 1;
}
if (x509_tbs_crl_from_der(
&version,
&sig_alg,
&issuer, &issuer_len,
&this_update,
&next_update,
&revoked_certs, &revoked_certs_len,
&exts, &exts_len,
&tbs, &tbs_len) != 1
|| asn1_length_is_zero(tbs_len) != 1) {
error_print();
return -1;
}
if (sig_alg != signature_algor) {
error_print();
return -1;
}
if (opt_version) *opt_version = version;
if (opt_issuer) *opt_issuer = issuer;
if (opt_issuer_len) *opt_issuer_len = issuer_len;
if (opt_this_update) *opt_this_update = this_update;
if (opt_next_update) *opt_next_update = next_update;
if (opt_revoked_certs) *opt_revoked_certs = revoked_certs;
if (opt_revoked_certs_len) *opt_revoked_certs_len = revoked_certs_len;
if (opt_exts) *opt_exts = exts;
if (opt_exts_len) *opt_exts_len = exts_len;
int x509_crl_get_issuer(const uint8_t *crl, size_t crl_len,
const uint8_t **issuer, size_t *issuer_len)
{
if (x509_crl_get_details(crl, crl_len,
NULL, // version
issuer, issuer_len,
NULL, NULL, // this_udpate, next_update
NULL, NULL, // revoked_certs, revoked_certs_len
NULL, NULL, // exts, exts_len,
NULL, // signature_algor
NULL, NULL // sig, siglen
) != 1) {
error_print();
return -1;
}
return 1;
}

76
src/x509_ext.c
View File

@@ -116,6 +116,24 @@ int x509_exts_add_authority_key_identifier(uint8_t *exts, size_t *extslen, size_
return 1;
}
int x509_exts_add_default_authority_key_identifier(uint8_t *exts, size_t *extslen, size_t maxlen,
const SM2_KEY *public_key)
{
uint8_t buf[65];
uint8_t id[32];
int critical = -1;
sm2_point_to_uncompressed_octets(&public_key->public_key, buf);
sm3_digest(buf, sizeof(buf), id);
if (x509_exts_add_authority_key_identifier(exts, extslen, maxlen, critical,
id, sizeof(id), NULL, 0, NULL, 0) != 1) {
error_print();
return -1;
}
return 1;
}
int x509_exts_add_subject_key_identifier(uint8_t *exts, size_t *extslen, size_t maxlen,
int critical, const uint8_t *d, size_t dlen)
{
@@ -150,6 +168,12 @@ int x509_exts_add_key_usage(uint8_t *exts, size_t *extslen, size_t maxlen, int c
uint8_t *p = val;
size_t vlen = 0;
if (!bits) {
// TODO: 检查是否在合法范围内
error_print();
return -1;
}
exts += *extslen;
if (asn1_bits_to_der(bits, &p, &vlen) != 1
|| x509_ext_to_der(oid, critical, val, vlen, NULL, &curlen) != 1
@@ -1646,18 +1670,27 @@ int x509_explicit_distribution_point_name_from_der(int index, int *choice, const
return -1;
}
int x509_distribution_point_name_print(FILE *fp, int fmt, int ind, const char *label, int choice, const uint8_t *d, size_t dlen)
int x509_distribution_point_name_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen)
{
int tag;
const uint8_t *d;
size_t dlen;
format_print(fp, fmt, ind, "%s\n", label);
ind += 4;
switch (choice) {
case 0: return x509_general_names_print(fp, fmt, ind, "fullName", d, dlen);
case 1: return x509_rdn_print(fp, fmt, ind, "nameRelativeToCRLIssuer", d, dlen);
if (asn1_any_type_from_der(&tag, &d, &dlen, &a, &alen) != 1) {
error_print();
return -1;
}
switch (tag) {
case ASN1_TAG_EXPLICIT(0): return x509_general_names_print(fp, fmt, ind, "fullName", d, dlen);
case ASN1_TAG_IMPLICIT(1): return x509_rdn_print(fp, fmt, ind, "nameRelativeToCRLIssuer", d, dlen);
default:
error_print();
return -1;
}
return 1;
}
int x509_distribution_point_to_der(
@@ -1712,32 +1745,41 @@ int x509_distribution_point_print(FILE *fp, int fmt, int ind, const char *label,
format_print(fp, fmt, ind, "%s\n", label);
ind += 4;
format_bytes(stderr, 0, 0, "1697", d, dlen);
if ((ret = asn1_explicit_from_der(0, &p, &len, &d, &dlen)) < 0) goto err;
/*
if (ret) {
int choice;
const uint8_t *name;
size_t namelen;
if (x509_distribution_point_name_from_der(&choice, &name, &namelen, &p, &len) != 1) goto err;
x509_distribution_point_name_print(fp, fmt, ind, "DistributionPointName", choice, name, namelen);
if (asn1_length_is_zero(len) != 1) goto err;
}
if (ret) x509_distribution_point_name_print(fp, fmt, ind, "distributionPoint", p, len);
if ((ret = asn1_implicit_bits_from_der(1, &bits, &d, &dlen)) < 0) goto err;
if (ret) x509_revoke_reasons_print(fp, fmt, ind, "reasons", bits);
if ((ret = asn1_implicit_sequence_from_der(2, &p, &len, &d, &dlen)) < 0) goto err;
if (ret) x509_general_names_print(fp, fmt, ind, "cRLIssuer", p, len);
if (asn1_length_is_zero(dlen) != 1) goto err;
*/
return 1;
err:
error_print();
return -1;
}
/*
extnID: CRLDistributionPoints (2.5.29.31)
DistributionPoint
distributionPoint
fullName
GeneralName
URI: http://www.rootca.gov.cn/Civil_Servant_arl/Civil_Servant_ARL.crl
DistributionPoint
distributionPoint
fullName
GeneralName
URI: ldap://ldap.rootca.gov.cn:390/CN=Civil_Servant_ARL,OU=ARL,O=NRCAC,C=CN
*/
int x509_distribution_points_add_url(uint8_t *d, size_t *dlen, size_t maxlen, const char *url)
{
return 0;
}
int x509_distribution_points_add_distribution_point(uint8_t *d, size_t *dlen, size_t maxlen,
int dist_point_choice, const uint8_t *dist_point, size_t dist_point_len,
int reasons, const uint8_t *crl_issuer, size_t crl_issuer_len)