abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-13 03:46:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update x509_cer.c

Browse Source
This commit is contained in:
Zhi Guan
2023-01-11 14:19:42 +08:00
parent adfa3aaf60
commit 320df276c8
1 changed files with 22 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/x509_cer.c
View File

@@ -859,7 +859,7 @@ int x509_explicit_exts_from_der(int index, const uint8_t **d, size_t *dlen, cons
if (ret < 0) error_print(); if (ret < 0) error_print();
return ret; return ret;
} }
if (asn1_sequence_from_der(d, dlen, &p, &len) != 1 if (asn1_sequence_of_from_der(d, dlen, &p, &len) != 1
|| asn1_length_is_zero(len) != 1) { || asn1_length_is_zero(len) != 1) {
error_print(); error_print();
return -1; return -1;
@@ -1573,6 +1573,7 @@ int x509_certs_get_cert_by_issuer_and_serial_number(
int x509_cert_validate(const uint8_t *cert, size_t certlen, int cert_type, int x509_cert_validate(const uint8_t *cert, size_t certlen, int cert_type,
int *path_len_constraints) int *path_len_constraints)
{ {
int version;
time_t now; time_t now;
time_t not_before; time_t not_before;
time_t not_after; time_t not_after;
@@ -1582,11 +1583,13 @@ int x509_cert_validate(const uint8_t *cert, size_t certlen, int cert_type,
size_t subject_len; size_t subject_len;
const uint8_t *exts; const uint8_t *exts;
size_t extslen; size_t extslen;
int tbs_sig_algor;
int sig_algor;
x509_cert_get_details(cert, certlen, x509_cert_get_details(cert, certlen,
NULL, // version &version, // version
NULL, NULL, // serial NULL, NULL, // serial
NULL, // signature_algor &tbs_sig_algor, // signature_algor
&issuer, &issuer_len, // issuer &issuer, &issuer_len, // issuer
&not_before, &not_after, // validity &not_before, &not_after, // validity
&subject, &subject_len, // subject &subject, &subject_len, // subject
@@ -1594,9 +1597,13 @@ int x509_cert_validate(const uint8_t *cert, size_t certlen, int cert_type,
NULL, NULL, // issuer_unique_id NULL, NULL, // issuer_unique_id
NULL, NULL, // subject_unique_id NULL, NULL, // subject_unique_id
&exts, &extslen, // extensions &exts, &extslen, // extensions
NULL, // signature_algor &sig_algor, // signature_algor
NULL, NULL); // signature NULL, NULL); // signature
if (version != X509_version_v3) {
error_print();
return -1;
}
time(&now); time(&now);
if (x509_validity_validate(not_before, not_after, now, X509_VALIDITY_MAX_SECONDS) != 1) { if (x509_validity_validate(not_before, not_after, now, X509_VALIDITY_MAX_SECONDS) != 1) {
@@ -1614,10 +1621,21 @@ int x509_cert_validate(const uint8_t *cert, size_t certlen, int cert_type,
return -1; return -1;
} }
if (!exts || !extslen) {
error_print();
return -1;
}
if (x509_exts_validate(exts, extslen, cert_type, path_len_constraints) != 1) { if (x509_exts_validate(exts, extslen, cert_type, path_len_constraints) != 1) {
error_print(); error_print();
return -1; return -1;
} }
if (tbs_sig_algor != sig_algor) {
error_print();
return -1;
}
return 1; return 1;
} }