mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-06-27 15:43:42 +08:00
Clean code
This commit is contained in:
Zhi Guan
@@ -820,7 +820,7 @@ endif()
|
|||||||
#
|
#
|
||||||
set(CPACK_PACKAGE_NAME "GmSSL")
|
set(CPACK_PACKAGE_NAME "GmSSL")
|
||||||
set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
|
set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
|
||||||
set(CPACK_PACKAGE_VERSION "3.2.0-dev.1100")
|
set(CPACK_PACKAGE_VERSION "3.2.0-dev.1101")
|
||||||
set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
|
set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
|
||||||
set(CPACK_NSIS_MODIFY_PATH ON)
|
set(CPACK_NSIS_MODIFY_PATH ON)
|
||||||
include(CPack)
|
include(CPack)
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ extern "C" {
|
|||||||
|
|
||||||
|
|
||||||
#define GMSSL_VERSION_NUM 30200
|
#define GMSSL_VERSION_NUM 30200
|
||||||
#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1100"
|
#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1101"
|
||||||
|
|
||||||
int gmssl_version_num(void);
|
int gmssl_version_num(void);
|
||||||
const char *gmssl_version_str(void);
|
const char *gmssl_version_str(void);
|
||||||
|
|||||||
@@ -331,7 +331,7 @@ typedef enum {
|
|||||||
X509_cert_crl_sign,
|
X509_cert_crl_sign,
|
||||||
} X509_CERT_TYPE;
|
} X509_CERT_TYPE;
|
||||||
|
|
||||||
int x509_cert_check(const uint8_t *cert, size_t certlen, int cert_type, int *path_len_constraint);
|
int x509_cert_check(const uint8_t *cert, size_t certlen, int cert_type);
|
||||||
int x509_cert_check_subject(const uint8_t *cert, size_t certlen, int is_cacert);
|
int x509_cert_check_subject(const uint8_t *cert, size_t certlen, int is_cacert);
|
||||||
int x509_cert_check_name_constraints(const uint8_t *cert, size_t certlen,
|
int x509_cert_check_name_constraints(const uint8_t *cert, size_t certlen,
|
||||||
const uint8_t *name_constraints, size_t name_constraints_len);
|
const uint8_t *name_constraints, size_t name_constraints_len);
|
||||||
|
|||||||
@@ -606,8 +606,7 @@ NetscapeCertComment ::= IA5String
|
|||||||
int x509_netscape_cert_type_print(FILE *fp, int fmt, int ind, const char *label, int bits);
|
int x509_netscape_cert_type_print(FILE *fp, int fmt, int ind, const char *label, int bits);
|
||||||
|
|
||||||
int x509_ext_check_critical(int oid, int is_ca, int critical);
|
int x509_ext_check_critical(int oid, int is_ca, int critical);
|
||||||
int x509_exts_check(const uint8_t *exts, size_t extslen, int cert_type,
|
int x509_exts_check(const uint8_t *exts, size_t extslen, int cert_type);
|
||||||
int *path_len_constraints);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
AuthorityInfoAccessSyntax ::= SEQUENCE OF AccessDescription
|
AuthorityInfoAccessSyntax ::= SEQUENCE OF AccessDescription
|
||||||
|
|||||||
@@ -1815,8 +1815,7 @@ int x509_certs_get_cert_by_issuer_and_serial_number(const uint8_t *d, size_t dle
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int x509_cert_check(const uint8_t *cert, size_t certlen, int cert_type,
|
int x509_cert_check(const uint8_t *cert, size_t certlen, int cert_type)
|
||||||
int *path_len_constraint)
|
|
||||||
{
|
{
|
||||||
int version;
|
int version;
|
||||||
const uint8_t *serial;
|
const uint8_t *serial;
|
||||||
@@ -1880,7 +1879,7 @@ int x509_cert_check(const uint8_t *cert, size_t certlen, int cert_type,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (x509_exts_check(exts, extslen, cert_type, path_len_constraint) != 1) {
|
if (x509_exts_check(exts, extslen, cert_type) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -1907,7 +1906,6 @@ int x509_certs_verify(const uint8_t *certs, size_t certslen, int certs_type,
|
|||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
int path_len = 0;
|
int path_len = 0;
|
||||||
int path_len_constraint;
|
|
||||||
|
|
||||||
switch (certs_type) {
|
switch (certs_type) {
|
||||||
case X509_cert_chain_server:
|
case X509_cert_chain_server:
|
||||||
@@ -1926,7 +1924,7 @@ int x509_certs_verify(const uint8_t *certs, size_t certslen, int certs_type,
|
|||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (x509_cert_check(cert, certlen, entity_cert_type, &path_len_constraint) != 1) {
|
if (x509_cert_check(cert, certlen, entity_cert_type) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
x509_cert_print(stderr, 0, 10, "Invalid Entity Certificate", cert, certlen);
|
x509_cert_print(stderr, 0, 10, "Invalid Entity Certificate", cert, certlen);
|
||||||
return -1;
|
return -1;
|
||||||
@@ -1938,7 +1936,7 @@ int x509_certs_verify(const uint8_t *certs, size_t certslen, int certs_type,
|
|||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (x509_cert_check(cacert, cacertlen, X509_cert_ca, &path_len_constraint) != 1) {
|
if (x509_cert_check(cacert, cacertlen, X509_cert_ca) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
x509_cert_print(stderr, 0, 10, "Invalid CA Certificate", cacert, cacertlen);
|
x509_cert_print(stderr, 0, 10, "Invalid CA Certificate", cacert, cacertlen);
|
||||||
return -1;
|
return -1;
|
||||||
@@ -1971,7 +1969,7 @@ int x509_certs_verify(const uint8_t *certs, size_t certslen, int certs_type,
|
|||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (x509_cert_check(cacert, cacertlen, X509_cert_ca, &path_len_constraint) != 1) {
|
if (x509_cert_check(cacert, cacertlen, X509_cert_ca) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -2014,7 +2012,6 @@ int x509_certs_verify_tlcp(const uint8_t *certs, size_t certslen, int certs_type
|
|||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
int path_len = 0;
|
int path_len = 0;
|
||||||
int path_len_constraint;
|
|
||||||
|
|
||||||
switch (certs_type) {
|
switch (certs_type) {
|
||||||
case X509_cert_chain_server:
|
case X509_cert_chain_server:
|
||||||
@@ -2034,7 +2031,7 @@ int x509_certs_verify_tlcp(const uint8_t *certs, size_t certslen, int certs_type
|
|||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (x509_cert_check(cert, certlen, sign_cert_type, &path_len_constraint) != 1) {
|
if (x509_cert_check(cert, certlen, sign_cert_type) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -2044,7 +2041,7 @@ int x509_certs_verify_tlcp(const uint8_t *certs, size_t certslen, int certs_type
|
|||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (x509_cert_check(kenc_cert, kenc_certlen, kenc_cert_type, &path_len_constraint) != 1) {
|
if (x509_cert_check(kenc_cert, kenc_certlen, kenc_cert_type) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -2064,7 +2061,7 @@ int x509_certs_verify_tlcp(const uint8_t *certs, size_t certslen, int certs_type
|
|||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (x509_cert_check(cacert, cacertlen, X509_cert_ca, &path_len_constraint) != 1) {
|
if (x509_cert_check(cacert, cacertlen, X509_cert_ca) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -2103,7 +2100,7 @@ int x509_certs_verify_tlcp(const uint8_t *certs, size_t certslen, int certs_type
|
|||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (x509_cert_check(cacert, cacertlen, X509_cert_ca, &path_len_constraint) != 1) {
|
if (x509_cert_check(cacert, cacertlen, X509_cert_ca) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -2951,8 +2951,7 @@ int x509_netscape_cert_type_print(FILE *fp, int fmt, int ind, const char *label,
|
|||||||
sizeof(netscape_cert_types)/sizeof(netscape_cert_types[0]), bits);
|
sizeof(netscape_cert_types)/sizeof(netscape_cert_types[0]), bits);
|
||||||
}
|
}
|
||||||
|
|
||||||
int x509_exts_check(const uint8_t *exts, size_t extslen, int cert_type,
|
int x509_exts_check(const uint8_t *exts, size_t extslen, int cert_type)
|
||||||
int *path_len_constraint)
|
|
||||||
{
|
{
|
||||||
int oid;
|
int oid;
|
||||||
uint32_t nodes[32];
|
uint32_t nodes[32];
|
||||||
@@ -2968,8 +2967,6 @@ int x509_exts_check(const uint8_t *exts, size_t extslen, int cert_type,
|
|||||||
size_t ext_key_usages_cnt;
|
size_t ext_key_usages_cnt;
|
||||||
int is_ca = (cert_type == X509_cert_ca || cert_type == X509_cert_root_ca) ? 1 : 0;
|
int is_ca = (cert_type == X509_cert_ca || cert_type == X509_cert_root_ca) ? 1 : 0;
|
||||||
|
|
||||||
*path_len_constraint = -1;
|
|
||||||
|
|
||||||
while (extslen) {
|
while (extslen) {
|
||||||
if (x509_ext_from_der(&oid, nodes, &nodes_cnt, &critical, &val, &vlen, &exts, &extslen) != 1) {
|
if (x509_ext_from_der(&oid, nodes, &nodes_cnt, &critical, &val, &vlen, &exts, &extslen) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
@@ -3022,13 +3019,21 @@ int x509_exts_check(const uint8_t *exts, size_t extslen, int cert_type,
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case OID_ce_certificate_policies:
|
case OID_ce_certificate_policies:
|
||||||
|
if (critical == X509_critical) {
|
||||||
|
error_print();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case OID_ce_policy_mappings:
|
case OID_ce_policy_mappings:
|
||||||
if (critical != X509_critical) {
|
if (critical != X509_critical) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
break;
|
/*
|
||||||
|
已识别但证书路径验证尚未实现的 critical 扩展不能被忽略。
|
||||||
|
*/
|
||||||
|
error_print();
|
||||||
|
return -1;
|
||||||
case OID_ce_subject_alt_name:
|
case OID_ce_subject_alt_name:
|
||||||
break;
|
break;
|
||||||
case OID_ce_issuer_alt_name:
|
case OID_ce_issuer_alt_name:
|
||||||
@@ -3050,7 +3055,6 @@ int x509_exts_check(const uint8_t *exts, size_t extslen, int cert_type,
|
|||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
*path_len_constraint = path_len;
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case OID_ce_ext_key_usage:
|
case OID_ce_ext_key_usage:
|
||||||
@@ -3063,10 +3067,20 @@ int x509_exts_check(const uint8_t *exts, size_t extslen, int cert_type,
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case OID_ce_name_constraints:
|
case OID_ce_name_constraints:
|
||||||
|
break;
|
||||||
case OID_ce_policy_constraints:
|
case OID_ce_policy_constraints:
|
||||||
case OID_ce_crl_distribution_points:
|
|
||||||
case OID_ce_inhibit_any_policy:
|
case OID_ce_inhibit_any_policy:
|
||||||
|
/*
|
||||||
|
已识别但证书路径验证尚未实现的 critical 扩展不能被忽略。
|
||||||
|
*/
|
||||||
|
error_print();
|
||||||
|
return -1;
|
||||||
|
case OID_ce_crl_distribution_points:
|
||||||
case OID_ce_freshest_crl:
|
case OID_ce_freshest_crl:
|
||||||
|
if (critical == X509_critical) {
|
||||||
|
error_print();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
if (critical == X509_critical) {
|
if (critical == X509_critical) {
|
||||||
|
|||||||
@@ -63,7 +63,6 @@ static int test_x509_cert_check_subject(void)
|
|||||||
uint8_t cert[1024];
|
uint8_t cert[1024];
|
||||||
uint8_t *p;
|
uint8_t *p;
|
||||||
size_t certlen;
|
size_t certlen;
|
||||||
int path_len_constraint;
|
|
||||||
|
|
||||||
set_x509_name(issuer, &issuer_len, sizeof(issuer));
|
set_x509_name(issuer, &issuer_len, sizeof(issuer));
|
||||||
time(¬_before);
|
time(¬_before);
|
||||||
@@ -95,7 +94,7 @@ static int test_x509_cert_check_subject(void)
|
|||||||
&x509_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID),
|
&x509_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID),
|
||||||
&p, &certlen) != 1
|
&p, &certlen) != 1
|
||||||
|| x509_cert_check_subject(cert, certlen, 0) != 1
|
|| x509_cert_check_subject(cert, certlen, 0) != 1
|
||||||
|| x509_cert_check(cert, certlen, X509_cert_server_auth, &path_len_constraint) != 1) {
|
|| x509_cert_check(cert, certlen, X509_cert_server_auth) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user