abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-06 16:36:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update Tools

Browse Source
This commit is contained in:
Zhi Guan
2022-05-29 18:10:41 +08:00
parent 767dae98ab
commit 19ea6fdf92
31 changed files with 825 additions and 381 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
tools/certgen.c
View File

@@ -144,9 +144,11 @@ int certgen_main(int argc, char **argv)
goto end;
}
} else if (!strcmp(*argv, "-key_usage")) {
char *usage;
if (--argc < 1) goto bad;
if (ext_key_usage_set(&key_usage, *(++argv)) != 1) {
fprintf(stderr, "%s: invalid -key_usage value\n", prog);
usage = *(++argv);
if (ext_key_usage_set(&key_usage, usage) != 1) {
fprintf(stderr, "%s: invalid -key_usage value '%s'\n", prog, usage);
goto end;
}
} else if (!strcmp(*argv, "-key")) {
@@ -194,17 +196,28 @@ bad:
fprintf(stderr, "%s: '-pass' option required\n", prog);
goto end;
}
if (!key_usage) {
fprintf(stderr, "%s: '-key_usage' option required\n", prog);
goto end;
}
if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) {
fprintf(stderr, "%s: load private key failed\n", prog);
goto end;
}
if (x509_exts_add_key_usage(exts, &extslen, sizeof(exts), 1, key_usage) != 1
|| x509_exts_add_basic_constraints(exts, &extslen, sizeof(exts), 1, 1, -1) != 1
|| x509_exts_add_default_authority_key_identifier(exts, &extslen, sizeof(exts), &sm2_key) != 1) {
fprintf(stderr, "%s: inner error\n", prog);
goto end;
}
time(&not_before);
if (rand_bytes(serial, sizeof(serial)) != 1
|| x509_name_set(name, &namelen, sizeof(name),
country, state, locality, org, org_unit, common_name) != 1
|| x509_validity_add_days(&not_after, not_before, days) != 1
|| x509_exts_add_key_usage(exts, &extslen, sizeof(exts), 1, key_usage) != 1
|| x509_cert_sign(
cert, &certlen, sizeof(cert),
X509_version_v3,

64
tools/certverify.c
View File

@@ -53,7 +53,30 @@
#include <gmssl/x509.h>
static const char *options = "[-in pem] -cacert pem (-id str)\n";
// 这里面我们想支持证书链的验证
// 首先输入的应该是一个证书链
// 需要兼容TLCP的双证书证书链
// 验证完之后最后一个证书需要由一个ROOTCA证书来验证
/*
首先从证书链中读取第一个证书,如果没有读取到证书就失败了
从证书链中尝试读取一个证书,如果没有读取到,这个就结束了
如果读取到存放在CA证书中
验证证书
将CA证书copy到被验证证书缓冲中
从证书链中读取一个证书,如果没有读取到,就技术了
如果读取到存在在CA证书中
验证证书
将CA证书copy到被验证证书缓冲中
*/
static const char *options = "[-in pem] -cacert pem\n";
int certverify_main(int argc, char **argv)
{
@@ -65,8 +88,8 @@ int certverify_main(int argc, char **argv)
FILE *cacertfp = NULL;
uint8_t cert[1024];
size_t certlen;
const uint8_t *issuer;
size_t issuer_len;
const uint8_t *subject;
size_t subject_len;
uint8_t cacert[1024];
size_t cacertlen;
char *signer_id = SM2_DEFAULT_ID;
@@ -85,7 +108,7 @@ int certverify_main(int argc, char **argv)
printf("usage: %s %s\n", prog, options);
ret = 0;
goto end;
} else if (!strcmp(*argv, "-cert")) {
} else if (!strcmp(*argv, "-in")) {
if (--argc < 1) goto bad;
infile = *(++argv);
if (!(infp = fopen(infile, "r"))) {
@@ -123,15 +146,42 @@ bad:
fprintf(stderr, "%s: read certificate failure\n", prog);
goto end;
}
if (x509_cert_get_subject(cert, certlen, &issuer, &issuer_len) != 1) {
if (x509_cert_get_subject(cert, certlen, &subject, &subject_len) != 1) {
goto end;
}
x509_name_print(stdout, 0, 0, "Certificate", subject, subject_len);
for (;;) {
if ((rv = x509_cert_from_pem(cacert, &cacertlen, sizeof(cacert), infp)) != 1) {
if (rv < 0) goto end;
goto final;
}
if (x509_cert_get_subject(cacert, cacertlen, &subject, &subject_len) != 1) {
goto end;
}
x509_name_print(stdout, 0, 0, "Signed by", subject, subject_len);
if ((rv = x509_cert_verify_by_ca_cert(cert, certlen, cacert, cacertlen, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID))) < 0) {
fprintf(stderr, "%s: inner error\n", prog);
goto end;
}
printf("Verification %s\n", rv ? "success" : "failure");
memcpy(cert, cacert, cacertlen);
certlen = cacertlen;
}
final:
if (x509_cert_get_issuer(cert, certlen, &subject, &subject_len) != 1) {
fprintf(stderr, "%s: parse certificate error\n", prog);
goto end;
}
if (x509_cert_from_pem_by_subject(cacert, &cacertlen, sizeof(cacert), issuer, issuer_len, cacertfp) != 1) {
if (x509_cert_from_pem_by_subject(cacert, &cacertlen, sizeof(cacert), subject, subject_len, cacertfp) != 1) {
fprintf(stderr, "%s: load CA certificate failure\n", prog);
goto end;
}
if ((rv = x509_cert_verify_by_ca_cert(cert, certlen, cacert, cacertlen, signer_id, strlen(signer_id))) < 0) {
x509_name_print(stdout, 0, 0, "Signed by", subject, subject_len);
if ((rv = x509_cert_verify_by_ca_cert(cert, certlen, cacert, cacertlen, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID))) < 0) {
fprintf(stderr, "%s: inner error\n", prog);
goto end;
}

54
tools/crlparse.c
View File

@@ -50,11 +50,12 @@
#include <errno.h>
#include <string.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <gmssl/x509.h>
#include <gmssl/x509_crl.h>
static const char *options = "[-in file] [-out file]";
static const char *options = "-in file [-out file]";
int crlparse_main(int argc, char **argv)
{
@@ -64,12 +65,21 @@ int crlparse_main(int argc, char **argv)
char *outfile = NULL;
FILE *infp = stdin;
FILE *outfp = stdout;
uint8_t crl[64 * 1024];
struct stat st;
uint8_t *in = NULL;
size_t inlen;
const uint8_t *pin;
const uint8_t *crl = NULL;
size_t crllen;
argc--;
argv++;
if (argc < 1) {
fprintf(stderr, "usage: %s %s\n", prog, options);
return 1;
}
while (argc > 0) {
if (!strcmp(*argv, "-help")) {
printf("usage: %s %s\n", prog, options);
@@ -100,23 +110,37 @@ bad:
argv++;
}
for (;;) {
int rv;
if ((rv = x509_crl_from_fp(crl, &crllen, sizeof(crl), infp)) != 1) {
if (rv < 0) fprintf(stderr, "%s: read CRL failure\n", prog);
else ret = 0;
goto end;
}
x509_crl_print(outfp, 0, 0, "CRL", crl, crllen);
if (x509_crl_to_pem(crl, crllen, outfp) != 1) {
fprintf(stderr, "%s: output CRL failure\n", prog);
goto end;
}
if (!infile) {
fprintf(stderr, "%s: '-in' option required\n", prog);
goto end;
}
if (fstat(fileno(infp), &st) < 0) {
fprintf(stderr, "%s: access file error : %s\n", prog, strerror(errno));
goto end;
}
if ((inlen = st.st_size) <= 0) {
fprintf(stderr, "%s: invalid input length\n", prog);
goto end;
}
if (!(in = malloc(inlen))) {
fprintf(stderr, "%s: malloc failure\n", prog);
goto end;
}
if (fread(in, 1, inlen, infp) != inlen) {
fprintf(stderr, "%s: read file error : %s\n", prog, strerror(errno));
goto end;
}
pin = in;
if (x509_crl_from_der(&crl, &crllen, &pin, &inlen) != 1
|| asn1_length_is_zero(inlen) != 1) {
fprintf(stderr, "%s: read CRL failure\n", prog);
goto end;
}
x509_crl_print(outfp, 0, 0, "CRL", crl, crllen);
end:
if (infile && infp) fclose(infp);
if (outfile && outfp) fclose(outfp);
if (in) free(in);
return ret;
}

194
tools/crlverify.c Normal file
View File

@@ -0,0 +1,194 @@
/*
* Copyright (c) 2021 - 2021 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <gmssl/x509.h>
#include <gmssl/x509_crl.h>
static const char *options = "-in file -cacert file\n";
int crlverify_main(int argc, char **argv)
{
int ret = 1;
char *prog = argv[0];
char *infile = NULL;
char *cacertfile = NULL;
FILE *infp = NULL;
FILE *cacertfp = NULL;
uint8_t *in = NULL;
size_t inlen;
struct stat st;
const uint8_t *pin;
const uint8_t *crl = NULL;
size_t crllen;
const uint8_t *subject;
size_t subject_len;
uint8_t cacert[1024];
size_t cacertlen;
int rv;
argc--;
argv++;
if (argc < 1) {
fprintf(stderr, "usage: %s %s\n", prog, options);
return 1;
}
while (argc > 0) {
if (!strcmp(*argv, "-help")) {
printf("usage: %s %s\n", prog, options);
ret = 0;
goto end;
} else if (!strcmp(*argv, "-in")) {
if (--argc < 1) goto bad;
infile = *(++argv);
if (!(infp = fopen(infile, "r"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, infile, strerror(errno));
goto end;
}
} else if (!strcmp(*argv, "-cacert")) {
if (--argc < 1) goto bad;
cacertfile = *(++argv);
if (!(cacertfp = fopen(cacertfile, "r"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, cacertfile, strerror(errno));
goto end;
}
} else {
fprintf(stderr, "%s: illegal option '%s'\n", prog, *argv);
goto end;
bad:
fprintf(stderr, "%s: '%s' option value missing\n", prog, *argv);
goto end;
}
argc--;
argv++;
}
if (!infile) {
fprintf(stderr, "%s: '-in' option required\n", prog);
goto end;
}
if (!cacertfile) {
fprintf(stderr, "%s: '-cacert' option required\n", prog);
goto end;
}
if (fstat(fileno(infp), &st) < 0) {
fprintf(stderr, "%s: access file error : %s\n", prog, strerror(errno));
goto end;
}
if ((inlen = st.st_size) <= 0) {
fprintf(stderr, "%s: invalid input length\n", prog);
goto end;
}
if (!(in = malloc(inlen))) {
fprintf(stderr, "%s: malloc failure\n", prog);
goto end;
}
if (fread(in, 1, inlen, infp) != inlen) {
fprintf(stderr, "%s: read file error : %s\n", prog, strerror(errno));
goto end;
}
pin = in;
if (x509_crl_from_der(&crl, &crllen, &pin, &inlen) != 1
|| asn1_length_is_zero(inlen) != 1) {
fprintf(stderr, "%s: read CRL failure\n", prog);
goto end;
}
if (x509_crl_get_issuer(crl, crllen, &subject, &subject_len) != 1) {
fprintf(stderr, "%s: inner error\n", prog);
goto end;
}
if (x509_cert_from_pem_by_subject(cacert, &cacertlen, sizeof(cacert), subject, subject_len, cacertfp) != 1) {
fprintf(stderr, "%s: read certificate failure\n", prog);
goto end;
}
if ((rv = x509_crl_verify_by_ca_cert(crl, crllen, cacert, cacertlen, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID))) < 0) {
fprintf(stderr, "%s: verification inner error\n", prog);
goto end;
}
printf("Verification %s\n", rv ? "success" : "failure");
if (rv == 1) ret = 0;
end:
if (infile && infp) fclose(infp);
if (cacertfp) fclose(cacertfp);
if (in) free(in);
return ret;
}

6
tools/gmssl.c
View File

@@ -57,6 +57,7 @@ extern int certgen_main(int argc, char **argv);
extern int certparse_main(int argc, char **argv);
extern int certverify_main(int argc, char **argv);
extern int crlparse_main(int argc, char **argv);
extern int crlverify_main(int argc, char **argv);
extern int pbkdf2_main(int argc, char **argv);
extern int reqgen_main(int argc, char **argv);
extern int reqparse_main(int argc, char **argv);
@@ -117,7 +118,8 @@ static const char *options =
" reqgen Generate certificate signing request (CSR)\n"
" reqsign Generate certificate from CSR\n"
" reqparse Parse and print a CSR\n"
" crlparse Parse and print CRL\n"
" crlparse Verify a CRL with certificate\n"
" crlverify Parse and print CRL\n"
" certgen Generate a self-signed certificate\n"
" certparse Parse and print certificates\n"
" certverify Verify certificate chain\n"
@@ -166,6 +168,8 @@ int main(int argc, char **argv)
return certverify_main(argc, argv);
} else if (!strcmp(*argv, "crlparse")) {
return crlparse_main(argc, argv);
} else if (!strcmp(*argv, "crlverify")) {
return crlverify_main(argc, argv);
} else if (!strcmp(*argv, "reqgen")) {
return reqgen_main(argc, argv);
} else if (!strcmp(*argv, "reqparse")) {

35
tools/reqsign.c
View File

@@ -57,7 +57,8 @@
#include <gmssl/x509_req.h>
static const char *options = "[-in pem] -days num -cacert pem -key pem [-pass str] [-out pem]\n";
static const char *options = "[-in pem] -days num -cacert pem -key pem [-pass str] [-out pem] "
"-key_usage oid -path_len_constraint num -crl_url url\n";
static int ext_key_usage_set(int *usages, const char *usage_name)
{
@@ -105,6 +106,7 @@ int reqsign_main(int argc, char **argv)
uint8_t exts[512];
size_t extslen = 0;
int key_usage = 0;
int path_len_constraint = -1;
argc--;
argv++;
@@ -139,6 +141,16 @@ int reqsign_main(int argc, char **argv)
fprintf(stderr, "%s: set KeyUsage extenstion failure\n", prog);
goto end;
}
} else if (!strcmp(*argv, "-path_len_constraint")) {
if (--argc < 1) goto bad;
path_len_constraint = atoi(*(++argv));
if (path_len_constraint < 0) {
fprintf(stderr, "%s: invalid value for '-path_len_constraint'\n", prog);
goto end;
}
} else if (!strcmp(*argv, "-crl_url")) {
if (--argc < 1) goto bad;
//crl_url = *(++argv);
} else if (!strcmp(*argv, "-cacert")) {
if (--argc < 1) goto bad;
cacertfile = *(++argv);
@@ -223,16 +235,31 @@ bad:
}
time(&not_before);
if (x509_exts_add_key_usage(exts, &extslen, sizeof(exts), 1, key_usage) != 1) {
fprintf(stderr, "%s: inner error\n", prog);
goto end;
}
if (path_len_constraint >= 0) {
if (x509_exts_add_basic_constraints(exts, &extslen, sizeof(exts), 1, 1, path_len_constraint) != 1) {
fprintf(stderr, "%s: inner error\n", prog);
goto end;
}
}
if (x509_exts_add_default_authority_key_identifier(exts, &extslen, sizeof(exts), &sm2_key) != 1) {
fprintf(stderr, "%s: inner error\n", prog);
goto end;
}
if (x509_validity_add_days(&not_after, not_before, days) != 1
|| x509_exts_add_key_usage(exts, &extslen, sizeof(exts), 1, key_usage) != 1
|| x509_cert_sign(
cert, &certlen, sizeof(cert),
X509_version_v3,
serial, sizeof(serial),
OID_sm2sign_with_sm3,
subject, subject_len,
not_before, not_after,
issuer, issuer_len,
not_before, not_after,
subject, subject_len,
&subject_public_key,
NULL, 0,
NULL, 0,

142
tools/tlcp_server.c
View File

@@ -47,48 +47,51 @@
*/
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <gmssl/mem.h>
#include <gmssl/sm2.h>
#include <gmssl/tls.h>
#include <gmssl/error.h>
static const char *options = "[-port num] -cert file -key file [-pass str] -ex_key file [-ex_pass str] [-cacert file]";
int tlcp_server_main(int argc , char **argv)
{
int ret = -1;
int ret = 1;
char *prog = argv[0];
int port = 443;
char *file = NULL;
char *certfile = NULL;
char *signkeyfile = NULL;
char *signpass = NULL;
char *enckeyfile = NULL;
char *encpass = NULL;
char *cacertfile = NULL;
FILE *certfp = NULL;
FILE *signkeyfp = NULL;
FILE *enckeyfp = NULL;
FILE *cacertfp = NULL;
SM2_KEY signkey;
SM2_KEY enckey;
char *pass = NULL;
char *ex_pass = NULL;
uint8_t verify_buf[4096];
TLS_CONNECT conn;
char buf[1600] = {0};
size_t len = sizeof(buf);
if (argc < 2) {
argc--;
argv++;
if (argc < 1) {
fprintf(stderr, "usage: %s %s\n", prog, options);
return 1;
}
argc--;
argv++;
while (argc >= 1) {
while (argc > 0) {
if (!strcmp(*argv, "-help")) {
printf("usage: %s %s\n", prog, options);
return 0;
@@ -97,31 +100,38 @@ int tlcp_server_main(int argc , char **argv)
port = atoi(*(++argv));
} else if (!strcmp(*argv, "-cert")) {
if (--argc < 1) goto bad;
file = *(++argv);
if (!(certfp = fopen(file, "r"))) {
error_print();
return -1;
certfile = *(++argv);
if (!(certfp = fopen(certfile, "r"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, certfile, strerror(errno));
goto end;
}
} else if (!strcmp(*argv, "-key")) {
if (--argc < 1) goto bad;
file = *(++argv);
if (!(signkeyfp = fopen(file, "r"))) {
error_print();
return -1;
signkeyfile = *(++argv);
if (!(signkeyfp = fopen(signkeyfile, "r"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, signkeyfile, strerror(errno));
goto end;
}
} else if (!strcmp(*argv, "-pass")) {
if (--argc < 1) goto bad;
pass = *(++argv);
signpass = *(++argv);
} else if (!strcmp(*argv, "-ex_key")) {
if (--argc < 1) goto bad;
file = *(++argv);
if (!(enckeyfp = fopen(file, "r"))) {
error_print();
return -1;
enckeyfile = *(++argv);
if (!(enckeyfp = fopen(enckeyfile, "r"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, enckeyfile, strerror(errno));
goto end;
}
} else if (!strcmp(*argv, "-ex_pass")) {
if (--argc < 1) goto bad;
ex_pass = *(++argv);
encpass = *(++argv);
} else if (!strcmp(*argv, "-cacert")) {
if (--argc < 1) goto bad;
cacertfile = *(++argv);
if (!(cacertfp = fopen(cacertfile, "r"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, cacertfile, strerror(errno));
goto end;
}
} else {
fprintf(stderr, "%s: invalid option '%s'\n", prog, *argv);
return 1;
@@ -132,67 +142,69 @@ bad:
argc--;
argv++;
}
if (!certfp) {
error_print();
return -1;
if (!certfile) {
fprintf(stderr, "%s: '-cert' option required\n", prog);
goto end;
}
if (!signkeyfp) {
error_print();
return -1;
if (!signkeyfile) {
fprintf(stderr, "%s: '-key' option required\n", prog);
goto end;
}
if (!enckeyfp) {
error_print();
return -1;
if (!signpass) {
fprintf(stderr, "%s: '-pass' option required\n", prog);
goto end;
}
if (!enckeyfile) {
fprintf(stderr, "%s: '-ex_key' option required\n", prog);
goto end;
}
if (!encpass) {
fprintf(stderr, "%s: '-ex_pass' option required\n", prog);
goto end;
}
if (!pass) {
pass = getpass("Sign Key Password : ");
if (sm2_private_key_info_decrypt_from_pem(&signkey, signpass, signkeyfp) != 1) {
fprintf(stderr, "%s: load private key failure\n", prog);
goto end;
}
if (sm2_private_key_info_decrypt_from_pem(&signkey, pass, signkeyfp) != 1) {
error_print();
return -1;
if (sm2_private_key_info_decrypt_from_pem(&enckey, encpass, enckeyfp) != 1) {
fprintf(stderr, "%s: load private key failure\n", prog);
goto end;
}
if (!ex_pass) {
ex_pass = getpass("Encryption Key Password : ");
}
if (sm2_private_key_info_decrypt_from_pem(&enckey, ex_pass, enckeyfp) != 1) {
error_print();
return -1;
}
printf("start ...........\n");
memset(&conn, 0, sizeof(conn));
if (tlcp_accept(&conn, port, certfp, &signkey, &enckey,
NULL, verify_buf, 4096) != 1) {
error_print();
return -1;
if (tlcp_accept(&conn, port, certfp, &signkey, &enckey, cacertfp, verify_buf, 4096) != 1) {
fprintf(stderr, "%s: tlcp accept failure\n", prog);
goto end;
}
// 我要做一个反射的服务器,接收到用户的输入之后,再反射回去
for (;;) {
// 接收一个消息
// 按道理说第二次执行的时候是不可能成功的了,因此客户端没有数据发过来
do {
len = sizeof(buf);
if (tls_recv(&conn, (uint8_t *)buf, &len) != 1) {
error_print();
return -1;
fprintf(stderr, "%s: recv failure\n", prog);
goto end;
}
} while (!len);
// 把这个消息再发回去
if (tls_send(&conn, (uint8_t *)buf, len) != 1) {
error_print();
return -1;
fprintf(stderr, "%s: send failure\n", prog);
goto end;
}
fprintf(stderr, "-----------------\n\n\n\n\n\n");
}
return 0;
end:
gmssl_secure_clear(&signkey, sizeof(signkey));
gmssl_secure_clear(&enckey, sizeof(enckey));
if (certfp) fclose(certfp);
if (signkeyfp) fclose(signkeyfp);
if (enckeyfp) fclose(enckeyfp);
if (cacertfp) fclose(cacertfp);
return ret;
}