abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-07 00:46:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix certrevoke bugs

Browse Source
This commit is contained in:
Zhi Guan
2023-02-14 23:19:18 +08:00
parent a8976d6a3e
commit 4466a56ae2
3 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
demos/scripts/cademo.sh
View File

@@ -21,8 +21,9 @@ gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key encke
gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
gmssl certparse -in enccert.pem gmssl certparse -in enccert.pem
gmssl certrevoke -in signcert.pem -reason keyCompromise > revoked_certs.der rm -fr revoked_certs.der
gmssl certrevoke -in enccert.pem -reason keyCompromise >> revoked_certs.der gmssl certrevoke -in signcert.pem -reason keyCompromise -out revoked_certs.der
gmssl certrevoke -in enccert.pem -reason keyCompromise -out revoked_certs.der
gmssl crlgen -in revoked_certs.der -cacert cacert.pem -key cakey.pem -pass 1234 -next_update 20240101000000Z -gen_authority_key_id -crl_num 1 -out crl.der gmssl crlgen -in revoked_certs.der -cacert cacert.pem -key cakey.pem -pass 1234 -next_update 20240101000000Z -gen_authority_key_id -crl_num 1 -out crl.der
gmssl crlparse -in crl.der gmssl crlparse -in crl.der

2
src/file.c
View File

@@ -41,7 +41,7 @@ int file_read_all(const char *file, uint8_t **out, size_t *outlen)
size_t fsize; size_t fsize;
uint8_t *buf = NULL; uint8_t *buf = NULL;
if (!(fp = fopen(file, "r")) if (!(fp = fopen(file, "rb"))
|| file_size(fp, &fsize) != 1 || file_size(fp, &fsize) != 1
|| (buf = malloc(fsize)) == NULL) { || (buf = malloc(fsize)) == NULL) {
error_print(); error_print();

14
tools/certrevoke.c
View File

@@ -21,7 +21,8 @@ static const char *options =
" -in pem" " -in pem"
" [-reason str]" " [-reason str]"
" [-invalid_date time]" " [-invalid_date time]"
" [-out der]"; " -out der"; // on windows, send 0x0a through pipe will be connverted to 0x0d0a
// so stdout and pipe is not supported
static char *usage = static char *usage =
"Options\n" "Options\n"
@@ -42,7 +43,7 @@ static char *usage =
" -invalid_date time The date on which it is known or suspected the certificate became invalid\n" " -invalid_date time The date on which it is known or suspected the certificate became invalid\n"
" Time in `YYYYMMDDHHMMSSZ` format such as 20221231000000Z\n" " Time in `YYYYMMDDHHMMSSZ` format such as 20221231000000Z\n"
" The last 'Z' means it is Zulu (GMT) time\n" " The last 'Z' means it is Zulu (GMT) time\n"
" -out der | stdout Output X.509 RevokedCertificate in DER-encoding\n" " -out der Output X.509 RevokedCertificate in DER-encoding\n"
" This file stores multiple RevokedCertificates, used as input by `crlsign`\n" " This file stores multiple RevokedCertificates, used as input by `crlsign`\n"
"\n" "\n"
"Examples\n" "Examples\n"
@@ -63,10 +64,10 @@ int certrevoke_main(int argc, char **argv)
int reason = -1; int reason = -1;
time_t invalid_date = -1; time_t invalid_date = -1;
char *outfile = NULL; char *outfile = NULL;
FILE *outfp = stdout; FILE *outfp = NULL;
uint8_t *outbuf = NULL; uint8_t *outbuf = NULL;
uint8_t *out; uint8_t *out;
size_t outlen; size_t outlen = 0;
argc--; argc--;
argv++; argv++;
@@ -121,6 +122,11 @@ bad:
printf("usage: gmssl %s %s\n\n", prog, options); printf("usage: gmssl %s %s\n\n", prog, options);
goto end; goto end;
} }
if (!outfile) {
fprintf(stderr, "%s: option `-out` missing\n", prog);
goto end;
}
if (x509_cert_revoke_to_der(cert, certlen, time(NULL), reason, invalid_date, NULL, 0, NULL, &outlen) != 1) { if (x509_cert_revoke_to_der(cert, certlen, time(NULL), reason, invalid_date, NULL, 0, NULL, &outlen) != 1) {
fprintf(stderr, "%s: inner error\n", prog); fprintf(stderr, "%s: inner error\n", prog);
goto end; goto end;