Update v3 API

2026-05-07 00:46:17 +08:00 · 2022-02-27 18:41:04 +08:00
parent f8310bcd72
commit 7af9f951a2
10 changed files with 188 additions and 141 deletions
--- a/include/gmssl/asn1.h
+++ b/include/gmssl/asn1.h
@@ -110,182 +110,186 @@ int asn1_tag_from_der(int tag, const uint8_t **in, size_t *inlen);
 int asn1_any_tag_from_der(int *tag, const uint8_t **in, size_t *inlen);
 int asn1_tag_get(int *tag, const uint8_t **in, size_t *inlen); // 这个函数是看看下一个tag是什么，并不修改in,inlen
 int asn1_tag_is_cstring(int tag);
-int asn1_length_to_der(size_t len, uint8_t **in, size_t *inlen);
-int asn1_length_from_der(size_t *len, const uint8_t **in, size_t *inlen);
+int asn1_length_to_der(size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_length_from_der(size_t *dlen, const uint8_t **in, size_t *inlen);
 int asn1_length_is_zero(size_t len);
+int asn1_length_le(size_t len1, size_t len2);
 int asn1_data_to_der(const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
 int asn1_data_from_der(const uint8_t **d, size_t dlen, const uint8_t **in, size_t *inlen);

 int asn1_type_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
 int asn1_type_from_der(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
 int asn1_any_type_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
-int asn1_any_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen);
-int asn1_any_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen);
+int asn1_any_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen); // 调用方应保证a,alen为TLV
+int asn1_any_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen); // 检查输入为TLV

 int asn1_boolean_to_der_ex(int tag, int val, uint8_t **out, size_t *outlen);
 int asn1_boolean_from_der_ex(int tag, int *val, const uint8_t **in, size_t *inlen);
-#define asn1_boolean_to_der(val,out,outlen)			asn1_boolean_to_der_ex(ASN1_TAG_BOOLEAN,val,out,outlen)
-#define asn1_boolean_from_der(val,in,inlen)			asn1_boolean_from_der_ex(ASN1_TAG_BOOLEAN,val,in,inlen)
-#define asn1_implicit_boolean_to_der(idx,val,out,outlen)	asn1_boolean_to_der_ex(ASN1_TAG_IMPLICIT(idx),val,out,outlen)
-#define asn1_implicit_boolean_from_der(idx,val,in,inlen)	asn1_boolean_from_der_ex(ASN1_TAG_IMPLICIT(idx),val,in,inlen)
+#define asn1_boolean_to_der(val,out,outlen) asn1_boolean_to_der_ex(ASN1_TAG_BOOLEAN,val,out,outlen)
+#define asn1_boolean_from_der(val,in,inlen) asn1_boolean_from_der_ex(ASN1_TAG_BOOLEAN,val,in,inlen)
+#define asn1_implicit_boolean_to_der(i,val,out,outlen) asn1_boolean_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
+#define asn1_implicit_boolean_from_der(i,val,in,inlen) asn1_boolean_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen)

+// asn1_integer_ 不支持负数编解码
 int asn1_integer_to_der_ex(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
 int asn1_integer_from_der_ex(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
-#define asn1_integer_to_der(d,dlen,out,outlen)			asn1_integer_to_der_ex(ASN1_TAG_INTEGER,d,dlen,out,outlen)
-#define asn1_integer_from_der(d,dlen,in,inlen)			asn1_integer_from_der_ex(ASN1_TAG_INTEGER,d,dlen,in,inlen)
-#define asn1_implicit_integer_to_der(idx,d,dlen,out,outlen)	asn1_integer_to_der_ex(ASN1_TAG_IMPLICIT(idx),d,dlen,out,outlen)
-#define asn1_implicit_integer_from_der(idx,d,dlen,in,inlen)	asn1_integer_from_der_ex(ASN1_TAG_IMPLICIT(idx),d,dlen,in,inlen)
+#define asn1_integer_to_der(d,dlen,out,outlen) asn1_integer_to_der_ex(ASN1_TAG_INTEGER,d,dlen,out,outlen)
+#define asn1_integer_from_der(d,dlen,in,inlen) asn1_integer_from_der_ex(ASN1_TAG_INTEGER,d,dlen,in,inlen)
+#define asn1_implicit_integer_to_der(i,d,dlen,out,outlen) asn1_integer_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_integer_from_der(i,d,dlen,in,inlen) asn1_integer_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)

-int asn1_int_to_der_ex(int tag, int a, uint8_t **out, size_t *outlen);
-int asn1_int_from_der_ex(int tag, int *a, const uint8_t **in, size_t *inlen);
-#define asn1_int_to_der(val,out,outlen)				asn1_int_to_der_ex(ASN1_TAG_INTEGER,val,out,outlen)
-#define asn1_int_from_der(val,in,inlen)				asn1_int_from_der_ex(ASN1_TAG_INTEGER,val,in,inlen)
-#define asn1_implicit_int_to_der(idx,val,out,outlen)		asn1_int_to_der_ex(ASN1_TAG_IMPLICIT(idx),val,out,outlen)
-#define asn1_implicit_int_from_der(idx,val,in,inlen)		asn1_int_from_der_ex(ASN1_TAG_IMPLICIT(idx),val,in,inlen)
+// asn1_int_ 只支持小的无符号整数的编解码，不支持负数
+int asn1_int_to_der_ex(int tag, int val, uint8_t **out, size_t *outlen); // 当 val == -1 时，不输出，返回 0
+int asn1_int_from_der_ex(int tag, int *val, const uint8_t **in, size_t *inlen); // 不支持负数，返回0时 *val 设置为 -1
+#define asn1_int_to_der(val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_INTEGER,val,out,outlen)
+#define asn1_int_from_der(val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_INTEGER,val,in,inlen)
+#define asn1_implicit_int_to_der(i,val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
+#define asn1_implicit_int_from_der(i,val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen)

+// 比特长度不必须为8的整数倍
 int asn1_bit_string_to_der_ex(int tag, const uint8_t *d, size_t nbits, uint8_t **out, size_t *outlen);
 int asn1_bit_string_from_der_ex(int tag, const uint8_t **d, size_t *nbits, const uint8_t **in, size_t *inlen);
-#define asn1_bit_string_to_der(d,nbits,out,outlen)		asn1_bit_string_to_der_ex(ASN1_TAG_BIT_STRING,d,nbits,out,outlen)
-#define asn1_bit_string_from_der(d,nbits,in,inlen)		asn1_bit_string_from_der_ex(ASN1_TAG_BIT_STRING,d,nbits,in,inlen)
-#define asn1_implicit_bit_string_to_der(idx,d,nbits,out,outlen)	asn1_bit_string_to_der_ex(ASN1_TAG_IMPLICIT(idx),d,nbits,out,outlen)
-#define asn1_implicit_bit_string_from_der(idx,d,nbits,in,inlen)	asn1_bit_string_from_der_ex(ASN1_TAG_IMPLICIT(idx),d,nbits,in,inlen)
+#define asn1_bit_string_to_der(d,nbits,out,outlen) asn1_bit_string_to_der_ex(ASN1_TAG_BIT_STRING,d,nbits,out,outlen)
+#define asn1_bit_string_from_der(d,nbits,in,inlen) asn1_bit_string_from_der_ex(ASN1_TAG_BIT_STRING,d,nbits,in,inlen)
+#define asn1_implicit_bit_string_to_der(i,d,nbits,out,outlen) asn1_bit_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,nbits,out,outlen)
+#define asn1_implicit_bit_string_from_der(i,d,nbits,in,inlen) asn1_bit_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,nbits,in,inlen)

+// 比特长度必须为8的整数倍，因此使用字节长度
 int asn1_bit_octets_to_der_ex(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
 int asn1_bit_octets_from_der_ex(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
-#define asn1_bit_octets_to_der(d,dlen,out,outlen)		asn1_bit_octets_to_der_ex(ASN1_TAG_BIT_STRING,d,dlen,out,outlen)
-#define asn1_bit_octets_from_der(d,dlen,in,inlen)		asn1_bit_octets_from_der_ex(ASN1_TAG_BIT_STRING,d,dlen,out,outlen)
-#define asn1_implicit_bit_octets_to_der(idx,d,dlen,out,outlen)	asn1_bit_octets_to_der_ex(ASN1_TAG_IMPLICIT(idx),d,dlen,out,outlen)
-#define asn1_implicit_bit_octets_from_der(idx,d,dlen,in,inlen)	asn1_bit_octets_from_der_ex(ASN1_TAG_IMPLICIT(idx),d,dlen,out,outlen)
+#define asn1_bit_octets_to_der(d,dlen,out,outlen) asn1_bit_octets_to_der_ex(ASN1_TAG_BIT_STRING,d,dlen,out,outlen)
+#define asn1_bit_octets_from_der(d,dlen,in,inlen) asn1_bit_octets_from_der_ex(ASN1_TAG_BIT_STRING,d,dlen,in,inlen)
+#define asn1_implicit_bit_octets_to_der(i,d,dlen,out,outlen) asn1_bit_octets_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_bit_octets_from_der(i,d,dlen,in,inlen) asn1_bit_octets_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)

+// bits == -1 不编码，只支持较少的比特数量
 int asn1_bits_to_der_ex(int tag, int bits, uint8_t **out, size_t *outlen);
 int asn1_bits_from_der_ex(int tag, int *bits, const uint8_t **in, size_t *inlen);
-#define asn1_bits_to_der(val,out,outlen)			asn1_bits_to_der_ex(ASN1_TAG_BIT_STRING,val,out,outlen)
-#define asn1_bits_from_der(val,out,outlen)			asn1_bits_from_der_ex(ASN1_TAG_BIT_STRING,val,out,outlen)
-#define asn1_implicit_bits_to_der(idx,val,out,outlen)		asn1_bits_to_der_ex(ASN1_TAG_IMPLICIT(idx),val,out,outlen)
-#define asn1_implicit_bits_from_der(idx,val,out,outlen)		asn1_bits_from_der_ex(ASN1_TAG_IMPLICIT(idx),val,out,outlen)
+#define asn1_bits_to_der(bits,out,outlen) asn1_bits_to_der_ex(ASN1_TAG_BIT_STRING,bits,out,outlen)
+#define asn1_bits_from_der(bits,in,inlen) asn1_bits_from_der_ex(ASN1_TAG_BIT_STRING,bits,in,inlen)
+#define asn1_implicit_bits_to_der(i,bits,out,outlen) asn1_bits_to_der_ex(ASN1_TAG_IMPLICIT(i),bits,out,outlen)
+#define asn1_implicit_bits_from_der(i,bits,in,inlen) asn1_bits_from_der_ex(ASN1_TAG_IMPLICIT(i),bits,in,inlen)
+// names[i]对应第i个比特
 int asn1_bits_print(FILE *fp, int fmt, int ind, const char *label, const char **names, size_t names_cnt, int bits);

-#define asn1_octet_string_to_der_ex(tag,a,alen,d,dlen)	asn1_type_to_der(tag,a,alen,d,dlen)
-#define asn1_octet_string_from_der_ex(tag,a,alen,d,dlen)	asn1_type_from_der(tag,a,alen,d,dlen)
-#define asn1_octet_string_to_der(val,d,dlen,out,outlen)		asn1_type_to_der(ASN1_TAG_OCTET_STRING,val,d,dlen,out,outlen)
-#define asn1_octet_string_from_der(val,d,dlen,out,outlen)		asn1_type_from_der(ASN1_TAG_OCTET_STRING,val,d,dlen,out,outlen)
-#define asn1_implicit_octet_string_to_der(idx,val,d,dlen,out,outlen)	asn1_type_to_der(ASN1_TAG_IMPLICIT(idx),val,d,dlen,out,outlen)
-#define asn1_implicit_octet_string_from_der(idx,val,d,dlen,out,outlen)	asn1_type_from_der(ASN1_TAG_IMPLICIT(idx),val,d,dlen,out,outlen)
+#define asn1_octet_string_to_der_ex(tag,d,dlen,out,outlen) asn1_type_to_der(tag,d,dlen,out,outlen)
+#define asn1_octet_string_from_der_ex(tag,d,dlen,in,inlen) asn1_type_from_der(tag,d,dlen,in,inlen)
+#define asn1_octet_string_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_OCTET_STRING,d,dlen,out,outlen)
+#define asn1_octet_string_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_OCTET_STRING,d,dlen,in,inlen)
+#define asn1_implicit_octet_string_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_octet_string_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)

 int asn1_null_to_der(uint8_t **out, size_t *outlen);
 int asn1_null_from_der(const uint8_t **in, size_t *inlen);

 #define ASN1_OID_MAX_NODES 32
-int asn1_object_identifier_to_octets(const uint32_t *nodes, size_t nodes_count, uint8_t *out, size_t *outlen);
-int asn1_object_identifier_from_octets(uint32_t *nodes, size_t *nodes_count, const uint8_t *in, size_t inlen);
+int asn1_object_identifier_to_octets(const uint32_t *nodes, size_t nodes_cnt, uint8_t *out, size_t *outlen);
+int asn1_object_identifier_from_octets(uint32_t *nodes, size_t *nodes_cnt, const uint8_t *in, size_t inlen);

-int asn1_object_identifier_equ(const uint32_t *a, size_t a_count, const uint32_t *b, size_t b_count);
-int asn1_object_identifier_to_der_ex(int tag, const uint32_t *nodes, size_t nodes_count, uint8_t **out, size_t *outlen);
-int asn1_object_identifier_from_der_ex(int tag, uint32_t *nodes, size_t *nodes_count, const uint8_t **in, size_t *inlen);
-#define asn1_object_identifier_to_der(val,d,dlen,out,outlen)		asn1_object_identifier_to_der_ex(ASN1_TAG_OBJECT_IDENTIFIER,val,d,dlen,out,outlen)
-#define asn1_object_identifier_from_der(val,d,dlen,out,outlen)		asn1_object_identifier_from_der_ex(ASN1_TAG_OBJECT_IDENTIFIER,val,d,dlen,out,outlen)
-#define asn1_implicit_object_identifier_to_der(idx,val,d,dlen,out,outlen)	asn1_object_identifier_to_der_ex(ASN1_TAG_IMPLICIT(idx),val,d,dlen,out,outlen)
-#define asn1_implicit_object_identifier_from_der(idx,val,d,dlen,out,outlen)	asn1_object_identifier_from_der_ex(ASN1_TAG_IMPLICIT(idx),val,d,dlen,out,outlen)
+int asn1_object_identifier_equ(const uint32_t *a, size_t a_cnt, const uint32_t *b, size_t b_cnt);
+int asn1_object_identifier_to_der_ex(int tag, const uint32_t *nodes, size_t nodes_cnt, uint8_t **out, size_t *outlen);
+int asn1_object_identifier_from_der_ex(int tag, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen);
+#define asn1_object_identifier_to_der(nodes,nodes_cnt,out,outlen) asn1_object_identifier_to_der_ex(ASN1_TAG_OBJECT_IDENTIFIER,nodes,nodes_cnt,out,outlen)
+#define asn1_object_identifier_from_der(nodes,nodes_cnt,in,inlen) asn1_object_identifier_from_der_ex(ASN1_TAG_OBJECT_IDENTIFIER,nodes,nodes_cnt,in,inlen)
+#define asn1_implicit_object_identifier_to_der(i,nodes,nodes_cnt,out,outlen) asn1_object_identifier_to_der_ex(ASN1_TAG_IMPLICIT(i),nodes,nodes_cnt,out,outlen)
+#define asn1_implicit_object_identifier_from_der(i,nodes,nodes_cnt,in,inlen) asn1_object_identifier_from_der_ex(ASN1_TAG_IMPLICIT(i),nodes,nodes_cnt,in,inlen)
 int asn1_object_identifier_print(FILE *fp, int fmt, int ind, const char *label, const char *name,
-	const uint32_t *nodes, size_t nodes_count);
+	const uint32_t *nodes, size_t nodes_cnt);

-#define asn1_enumerated_to_der_ex(tag,val,out,outlen)		asn1_int_to_der_ex(tag,val,out,outlen)
-#define asn1_enumerated_from_der_ex(tag,val,out,outlen)		asn1_int_from_der_ex(tag,val,out,outlen)
-#define asn1_enumerated_to_der(val,out,outlen)			asn1_int_to_der_ex(ASN1_TAG_ENUMERATED,val,out,outlen)
-#define asn1_enumerated_from_der(val,out,outlen)		asn1_int_from_der_ex(ASN1_TAG_ENUMERATED,val,out,outlen)
-#define asn1_implicit_enumerated_to_der(idx,val,out,outlen)	asn1_int_to_der_ex(ASN1_TAG_IMPLICIT(idx),val,out,outlen)
-#define asn1_implicit_enumerated_from_der(idx,val,out,outlen)	asn1_int_from_der_ex(ASN1_TAG_IMPLICIT(idx),val,out,outlen)
+#define asn1_enumerated_to_der_ex(tag,val,out,outlen) asn1_int_to_der_ex(tag,val,out,outlen)
+#define asn1_enumerated_from_der_ex(tag,val,in,inlen) asn1_int_from_der_ex(tag,val,in,inlen)
+#define asn1_enumerated_to_der(val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_ENUMERATED,val,out,outlen)
+#define asn1_enumerated_from_der(val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_ENUMERATED,val,in,inlen)
+#define asn1_implicit_enumerated_to_der(i,val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
+#define asn1_implicit_enumerated_from_der(i,val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen)

 int asn1_utf8_string_check(const char *d, size_t dlen);
-int asn1_utf8_string_to_der_ex(int tag, const char *a, uint8_t **out, size_t *outlen);
-int asn1_utf8_string_from_der_ex(int tag, const char **a, size_t *alen, const uint8_t **in, size_t *inlen);
-#define asn1_utf8_string_to_der(val,out,outlen)			asn1_utf8_string_to_der_ex(ASN1_TAG_UTF8String,val,out,outlen)
-#define asn1_utf8_string_from_der(val,d,dlen,out,outlen)		asn1_utf8_string_from_der_ex(ASN1_TAG_UTF8String,val,d,dlen,out,outlen)
-#define asn1_implicit_utf8_string_to_der(i,val,out,outlen)	asn1_utf8_string_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
-#define asn1_implicit_utf8_string_from_der(i,val,out,outlen)	asn1_utf8_string_from_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
+int asn1_utf8_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_utf8_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+#define asn1_utf8_string_to_der(d,dlen,out,outlen) asn1_utf8_string_to_der_ex(ASN1_TAG_UTF8String,d,dlen,out,outlen)
+#define asn1_utf8_string_from_der(d,dlen,in,inlen) asn1_utf8_string_from_der_ex(ASN1_TAG_UTF8String,d,dlen,in,inlen)
+#define asn1_implicit_utf8_string_to_der(i,d,dlen,out,outlen) asn1_utf8_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_utf8_string_from_der(i,d,dlen,in,inlen) asn1_utf8_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)

 int asn1_printable_string_check(const char *d, size_t dlen);
-int asn1_printable_string_to_der_ex(int tag, const char *a, uint8_t **out, size_t *outlen);
-int asn1_printable_string_from_der_ex(int tag, const char **a, size_t *alen, const uint8_t **in, size_t *inlen);
-#define asn1_printable_string_to_der(val,out,outlen)		asn1_printable_string_to_der_ex(ASN1_TAG_PrintableString,val,out,outlen)
-#define asn1_printable_string_from_der(val,d,dlen,out,outlen)	asn1_printable_string_from_der_ex(ASN1_TAG_PrintableString,val,d,dlen,out,outlen)
-#define asn1_implicit_printable_string_to_der(i,val,out,outlen)		asn1_printable_string_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
-#define asn1_implicit_printable_string_from_der(i,val,out,outlen)	asn1_printable_string_from_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
+int asn1_printable_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_printable_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+#define asn1_printable_string_to_der(d,dlen,out,outlen)	asn1_printable_string_to_der_ex(ASN1_TAG_PrintableString,d,dlen,out,outlen)
+#define asn1_printable_string_from_der(d,dlen,in,inlen)	asn1_printable_string_from_der_ex(ASN1_TAG_PrintableString,d,dlen,in,inlen)
+#define asn1_implicit_printable_string_to_der(i,d,dlen,out,outlen) asn1_printable_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_printable_string_from_der(i,d,dlen,in,inlen) asn1_printable_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)

 int asn1_ia5_string_check(const char *d, size_t dlen);
-int asn1_ia5_string_to_der_ex(int tag, const char *a, uint8_t **out, size_t *outlen);
-int asn1_ia5_string_from_der_ex(int tag, const char **a, size_t *alen, const uint8_t **in, size_t *inlen);
-#define asn1_ia5_string_to_der(val,out,outlen)			asn1_ia5_string_to_der_ex(ASN1_TAG_IA5String,val,out,outlen)
-#define asn1_ia5_string_from_der(val,d,dlen,out,outlen)		asn1_ia5_string_from_der_ex(ASN1_TAG_IA5String,val,d,dlen,out,outlen)
-#define asn1_implicit_ia5_string_to_der(i,val,out,outlen)	asn1_ia5_string_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
-#define asn1_implicit_ia5_string_from_der(i,val,out,outlen)	asn1_ia5_string_from_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
+int asn1_ia5_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_ia5_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+#define asn1_ia5_string_to_der(d,dlen,out,outlen) asn1_ia5_string_to_der_ex(ASN1_TAG_IA5String,d,dlen,out,outlen)
+#define asn1_ia5_string_from_der(d,dlen,in,inlen) asn1_ia5_string_from_der_ex(ASN1_TAG_IA5String,d,dlen,in,inlen)
+#define asn1_implicit_ia5_string_to_der(i,d,dlen,out,outlen) asn1_ia5_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_ia5_string_from_der(i,d,dlen,in,inlen) asn1_ia5_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)

 int asn1_string_print(FILE *fp, int fmt, int ind, const char *label, int tag, const uint8_t *d, size_t dlen);

+int asn1_utc_time_to_der_ex(int tag, time_t tv, uint8_t **out, size_t *outlen);
+int asn1_utc_time_from_der_ex(int tag, time_t *tv, const uint8_t **in, size_t *inlen);
+#define asn1_utc_time_to_der(tv,out,outlen) asn1_utc_time_to_der_ex(ASN1_TAG_UTCTime,tv,out,outlen)
+#define asn1_utc_time_from_der(tv,in,inlen) asn1_utc_time_from_der_ex(ASN1_TAG_UTCTime,tv,in,inlen)
+#define asn1_implicit_utc_time_to_der(i,tv,out,outlen) asn1_utc_time_to_der_ex(ASN1_TAG_IMPLICIT(i),tv,out,outlen)
+#define asn1_implicit_utc_time_from_der(i,tv,in,inlen) asn1_utc_time_from_der_ex(ASN1_TAG_IMPLICIT(i),tv,in,inlen)

-int asn1_utc_time_to_der_ex(int tag, time_t a, uint8_t **out, size_t *outlen);
-int asn1_utc_time_from_der_ex(int tag, time_t *t, const uint8_t **in, size_t *inlen);
-#define asn1_utc_time_to_der(val,out,outlen)			asn1_utc_time_to_der_ex(ASN1_TAG_UTCTime,val,out,outlen)
-#define asn1_utc_time_from_der(val,out,outlen)			asn1_utc_time_from_der_ex(ASN1_TAG_UTCTime,val,out,outlen)
-#define asn1_implicit_utc_time_to_der(i,val,out,outlen)		asn1_utc_time_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
-#define asn1_implicit_utc_time_from_der(i,val,out,outlen)	asn1_utc_time_from_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
+int asn1_generalized_time_to_der_ex(int tag, time_t tv, uint8_t **out, size_t *outlen);
+int asn1_generalized_time_from_der_ex(int tag, time_t *tv, const uint8_t **in, size_t *inlen);
+#define asn1_generalized_time_to_der(tv,out,outlen) asn1_generalized_time_to_der_ex(ASN1_TAG_GeneralizedTime,tv,out,outlen)
+#define asn1_generalized_time_from_der(tv,in,inlen) asn1_generalized_time_from_der_ex(ASN1_TAG_GeneralizedTime,tv,in,inlen)
+#define asn1_implicit_generalized_time_to_der(i,tv,out,outlen) asn1_generalized_time_to_der_ex(ASN1_TAG_IMPLICIT(i),tv,out,outlen)
+#define asn1_implicit_generalized_time_from_der(i,tv,in,inlen) asn1_generalized_time_from_der_ex(ASN1_TAG_IMPLICIT(i),tv,in,inlen)

-int asn1_generalized_time_to_der_ex(int tag, time_t a, uint8_t **out, size_t *outlen);
-int asn1_generalized_time_from_der_ex(int tag, time_t *t, const uint8_t **in, size_t *inlen);
-#define asn1_generalized_time_to_der(val,out,outlen)		asn1_generalized_time_to_der_ex(ASN1_TAG_GeneralizedTime,val,out,outlen)
-#define asn1_generalized_time_from_der(val,out,outlen)		asn1_generalized_time_from_der_ex(ASN1_TAG_GeneralizedTime,val,out,outlen)
-#define asn1_implicit_generalized_time_to_der(i,val,out,outlen)		asn1_generalized_time_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
-#define asn1_implicit_generalized_time_from_der(i,val,out,outlen)	asn1_generalized_time_from_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
+#define asn1_sequence_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_SEQUENCE,d,dlen,out,outlen)
+#define asn1_sequence_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_SEQUENCE,d,dlen,in,inlen)
+#define asn1_implicit_sequence_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_sequence_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)

+#define asn1_set_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_SET,d,dlen,out,outlen)
+#define asn1_set_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_SET,d,dlen,in,inlen)
+#define asn1_implicit_set_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_set_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)

-#define asn1_sequence_to_der(val,d,dlen,out,outlen)			asn1_type_to_der(ASN1_TAG_SEQUENCE,val,d,dlen,out,outlen)
-#define asn1_sequence_from_der(val,d,dlen,out,outlen)		asn1_type_from_der(ASN1_TAG_SEQUENCE,val,d,dlen,out,outlen)
-#define asn1_implicit_sequence_to_der(i,val,d,dlen,out,outlen)	asn1_type_to_der(ASN1_TAG_EXPLICIT(i),val,d,dlen,out,outlen)
-#define asn1_implicit_sequence_from_der(i,val,d,dlen,out,outlen)	asn1_type_from_der(ASN1_TAG_EXPLICIT(i),val,d,dlen,out,outlen)
+#define asn1_implicit_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)

+int asn1_header_to_der(int tag, size_t dlen, uint8_t **out, size_t *outlen);
+#define asn1_sequence_header_to_der(dlen,out,outlen) asn1_header_to_der(ASN1_TAG_SEQUENCE,dlen,out,outlen)
+#define asn1_implicit_sequence_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)

-#define asn1_set_to_der(val,d,dlen,out,outlen)			asn1_type_to_der(ASN1_TAG_SET,val,d,dlen,out,outlen)
-#define asn1_set_from_der(val,d,dlen,out,outlen)			asn1_type_from_der(ASN1_TAG_SET,val,d,dlen,out,outlen)
-#define asn1_implicit_set_to_der(i,val,d,dlen,out,outlen)		asn1_type_to_der(ASN1_TAG_EXPLICIT(i),val,d,dlen,out,outlen)
-#define asn1_implicit_set_from_der(i,val,d,dlen,out,outlen)		asn1_type_from_der(ASN1_TAG_EXPLICIT(i),val,d,dlen,out,outlen)
+#define asn1_set_header_to_der(dlen,out,outlen) asn1_header_to_der(ASN1_TAG_SET,dlen,out,outlen)
+#define asn1_implicit_set_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)

-#define asn1_implicit_to_der(i,val,d,dlen,out,outlen)		asn1_type_to_der(ASN1_TAG_EXPLICIT(i),val,d,dlen,out,outlen)
-#define asn1_implicit_from_der(i,val,d,dlen,out,outlen)		asn1_type_from_der(ASN1_TAG_EXPLICIT(i),val,d,dlen,out,outlen)
+#define asn1_explicit_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)

+#define asn1_explicit_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
+#define asn1_explicit_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)

-int asn1_header_to_der(int tag, size_t len, uint8_t **out, size_t *outlen);
-#define asn1_sequence_header_to_der(al,d,dl)		asn1_header_to_der(ASN1_TAG_SEQUENCE,al,d,dl)
-#define asn1_implicit_sequence_header_to_der(i,al,d,dl)	asn1_header_to_der(ASN1_TAG_EXPLICIT(i),al,d,dl)
+// d,dlen 是 SEQUENCE OF, SET OF 中的值
+int asn1_types_get_count(const uint8_t *d, size_t dlen, int tag, size_t *cnt);
+int asn1_types_get_item_by_index(const uint8_t *d, size_t *dlen, int tag,
+	int index, const uint8_t **item_d, size_t *item_dlen);

-#define asn1_set_header_to_der(al,d,dl)			asn1_header_to_der(ASN1_TAG_SET,al,d,dl)
-#define asn1_implicit_set_header_to_der(i,al,d,dl)	asn1_header_to_der(ASN1_TAG_EXPLICIT(i),al,d,dl)
-
-#define asn1_explicit_header_to_der(i,al,d,dl)		asn1_header_to_der(ASN1_TAG_EXPLICIT(i),al,d,dl)
-
-#define asn1_explicit_to_der(i,val,d,dlen,out,outlen)		asn1_type_to_der(ASN1_TAG_EXPLICIT(i),val,d,dlen,out,outlen)
-#define asn1_explicit_from_der(i,val,d,dlen,out,outlen)		asn1_type_from_der(ASN1_TAG_EXPLICIT(i),val,d,dlen,out,outlen)
-
-
-int asn1_types_get_count(const uint8_t *d, size_t dlen, int tag, int *count);
-int asn1_types_get_type_by_index(const uint8_t *d, size_t *dlen, int tag, const uint8_t **val, size_t *vlen);
-
-int asn1_sequence_of_integer_to_der(const int *nums, size_t nums_cnt, uint8_t **out, size_t *outlen);
-int asn1_sequence_of_integer_from_der(int *nums, size_t *nums_cnt, const uint8_t **in, size_t *inlen);
-int asn1_sequence_of_integer_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+int asn1_sequence_of_int_to_der(const int *nums, size_t nums_cnt, uint8_t **out, size_t *outlen);
+int asn1_sequence_of_int_from_der(int *nums, size_t *nums_cnt, const uint8_t **in, size_t *inlen);
+int asn1_sequence_of_int_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);


 typedef struct {
 	int oid;
 	char *name;
 	uint32_t *nodes;
-	size_t nodes_count;
+	size_t nodes_cnt;
 	int flags;
 	char *description;
 } ASN1_OID_INFO;

 const ASN1_OID_INFO *asn1_oid_info_from_name(const ASN1_OID_INFO *infos, size_t count, const char *name);
 const ASN1_OID_INFO *asn1_oid_info_from_oid(const ASN1_OID_INFO *infos, size_t count, int oid);
-int asn1_oid_info_from_der_ex(const ASN1_OID_INFO **info, uint32_t *nodes, size_t *nodes_count,
+int asn1_oid_info_from_der_ex(const ASN1_OID_INFO **info, uint32_t *nodes, size_t *nodes_cnt,
 	const ASN1_OID_INFO *infos, size_t count, const uint8_t **in, size_t *inlen);
 int asn1_oid_info_from_der(const ASN1_OID_INFO **info,
 	const ASN1_OID_INFO *infos, size_t count, const uint8_t **in, size_t *inlen);
--- a/include/gmssl/cms.h
+++ b/include/gmssl/cms.h
@@ -316,7 +316,7 @@ int cms_signed_data_from_der(
 	int *content_type, const uint8_t **content, size_t *content_len,
 	const uint8_t **certs, size_t *certs_len,
 	const uint8_t **crls, size_t *crls_len,
-cms_set_key_agreement_info	const uint8_t **signer_infos, size_t *signer_infos_len,
+	const uint8_t **signer_infos, size_t *signer_infos_len,
 	const uint8_t **in, size_t *inlen);
 int cms_signed_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);

--- a/include/gmssl/oid.h
+++ b/include/gmssl/oid.h
@@ -168,6 +168,8 @@ enum {
 	OID_aes192_cbc,
 	OID_aes256_cbc,

+	OID_aes128, // 没有OID
+
 	OID_ecdsa_with_sha1,
 	OID_ecdsa_with_sha224,
 	OID_ecdsa_with_sha256,
--- a/include/gmssl/sm2.h
+++ b/include/gmssl/sm2.h
@@ -154,7 +154,7 @@ typedef struct {

 int sm2_signature_to_der(const SM2_SIGNATURE *sig, uint8_t **out, size_t *outlen);
 int sm2_signature_from_der(SM2_SIGNATURE *sig, const uint8_t **in, size_t *inlen);
-int sm2_signature_print(FILE *fp, int fmt, int ind, const SM2_SIGNATURE *sig);
+int sm2_signature_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *sig, size_t siglen);
 int sm2_do_sign(const SM2_KEY *key, const uint8_t dgst[32], SM2_SIGNATURE *sig);
 int sm2_do_verify(const SM2_KEY *key, const uint8_t dgst[32], const SM2_SIGNATURE *sig);

@@ -207,19 +207,22 @@ typedef struct {
 #define SM2_MAX_PLAINTEXT_SIZE	256
 #define SM2_MAX_CIPHERTEXT_SIZE	512

+#define SM2_CIPHERTEXT_SIZE(inlen) (sizeof(SM2_CIPHERTEXT)-1+(inlen))
 int sm2_ciphertext_size(size_t inlen, size_t *outlen);
 int sm2_ciphertext_to_der(const SM2_CIPHERTEXT *c, uint8_t **out, size_t *outlen);
 int sm2_ciphertext_from_der(SM2_CIPHERTEXT *c, const uint8_t **in, size_t *inlen);
-int sm2_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const SM2_CIPHERTEXT *c);
+int sm2_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen);
 int sm2_do_encrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, SM2_CIPHERTEXT *out);
 int sm2_do_decrypt(const SM2_KEY *key, const SM2_CIPHERTEXT *in, uint8_t *out, size_t *outlen);

 int sm2_encrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
 int sm2_decrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-int sm2_print_ciphertext(FILE *fp, const uint8_t *c, size_t clen, int format, int indent);
+
+

 int sm2_ecdh(const SM2_KEY *key, const SM2_POINT *peer_public, SM2_POINT *out);

+int sm2_selftest(void);

 #ifdef __cplusplus
 extern "C" {
--- a/include/gmssl/x509.h
+++ b/include/gmssl/x509.h
@@ -70,8 +70,8 @@ enum X509_Version {
 };

 const char *x509_version_name(int version);
-int x509_explicit_version_to_der(int index, int version);
-int x509_explicit_version_from_der(int index, int *version);
+int x509_explicit_version_to_der(int index, int version, uint8_t **out, size_t *outlen);
+int x509_explicit_version_from_der(int index, int *version, const uint8_t **in, size_t *inlen);

 /*
 Time ::= CHOICE {
@@ -86,6 +86,8 @@ Validity ::= SEQUENCE {
 	notBefore	Time,
 	notAfter	Time }
 */
+#define X509_VALIDITY_MIN_DAYS 1
+#define X509_VALIDITY_MAX_DAYS (365 * 3)
 int x509_validity_add_days(time_t *not_after, time_t not_before, int days);
 int x509_validity_to_der(time_t not_before, time_t not_after, uint8_t **out, size_t *outlen);
 int x509_validity_from_der(time_t *not_before, time_t *not_after, const uint8_t **in, size_t *inlen);
@@ -142,8 +144,8 @@ Name ::= SEQUENCE OF RelativeDistinguishedName
 int x509_name_add_rdn(uint8_t *d, size_t *dlen, size_t maxlen, int oid, int tag, const uint8_t *val, size_t vlen, const uint8_t *more, size_t mlen);
 int x509_name_add_country_name(uint8_t *d, size_t *dlen, int maxlen, const char val[2] ); // val: PrintableString SIZE(2)
 int x509_name_add_state_or_province_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
-int x509_name_add_locality_name(uint8_t *d, size_t *dlen, int maxlen, cint tag, onst uint8_t *val, size_t vlen);
-int x509_name_add_organization_name(uint8_t *d, size_t *dlen, int maxlen, cint tag, onst uint8_t *val, size_t vlen);
+int x509_name_add_locality_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
+int x509_name_add_organization_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
 int x509_name_add_organizational_unit_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
 int x509_name_add_common_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
 int x509_name_add_domain_component(uint8_t *d, size_t *dlen, int maxlen, const char *val, size_t vlen); // val: IA5String
@@ -184,7 +186,7 @@ int x509_explicit_exts_from_der(int index, const uint8_t **d, size_t *dlen, cons
 #define x509_exts_to_der(d,dlen,out,outlen) x509_explicit_exts_to_der(3,d,dlen,out,outlen)
 #define x509_exts_from_der(d,dlen,in,inlen) x509_explicit_exts_from_der(3,d,dlen,in,inlen)

-int x509_exts_get_count(const uint8_t *d, size_t dlen, int *count);
+int x509_exts_get_count(const uint8_t *d, size_t dlen, size_t *cnt);
 int x509_exts_get_ext_by_index(const uint8_t *d, size_t dlen, int index,
 	int *oid, uint32_t *nodes, size_t *nodes_cnt, int *critical,
 	const uint8_t **val, size_t *vlen);
@@ -267,15 +269,15 @@ int x509_cert_sign(
 	const uint8_t *issuer_unique_id, size_t issuer_unique_id_len,
 	const uint8_t *subject_unique_id, size_t subject_unique_id_len,
 	const uint8_t *exts, size_t exts_len,
-	const SM2_KEY *sign_key, const char *signer_id);
-int x509_cert_verify(const uint8_t *a, size_t alen, const SM2_KEY *pub_key, const char *signer_id);
+	const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len);
+int x509_cert_verify(const uint8_t *a, size_t alen, const SM2_KEY *pub_key, const char *signer_id, size_t signer_id_len);
 int x509_cert_verify_by_ca_cert(const uint8_t *a, size_t alen, const uint8_t *cacert, size_t cacertlen);

 int x509_cert_to_pem(const uint8_t *a, size_t alen, FILE *fp);
 int x509_cert_from_pem(uint8_t *a, size_t *alen, size_t maxlen, FILE *fp);
-int x509_cert_from_pem_by_index(uint8_t *a, size_t *alen, size_t maxlen, FILE *fp, int index);
-int x509_cert_from_pem_by_subject(uint8_t *a, size_t *alen, size_t maxlen, FILE *fp, const uint8_t *name, size_t namelen);
-int x509_cert_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen);
+int x509_cert_from_pem_by_index(uint8_t *a, size_t *alen, size_t maxlen, int index, FILE *fp);
+int x509_cert_from_pem_by_subject(uint8_t *a, size_t *alen, size_t maxlen, const uint8_t *name, size_t namelen, FILE *fp);
+int x509_cert_print(FILE *fp, int fmt, int ind, const uint8_t *a, size_t alen);

 int x509_cert_get_details(const uint8_t *a, size_t alen,
 	int *version,
@@ -283,7 +285,7 @@ int x509_cert_get_details(const uint8_t *a, size_t alen,
 	int *inner_signature_algor,
 	const uint8_t **issuer, size_t *issuer_len,
 	time_t *not_before, time_t *not_after,
-	const uint8_t *subject, size_t *subject_len,
+	const uint8_t **subject, size_t *subject_len,
 	SM2_KEY *subject_public_key,
 	const uint8_t **issuer_unique_id, size_t *issuer_unique_id_len,
 	const uint8_t **subject_unique_id, size_t *subject_unique_id_len,
@@ -296,13 +298,15 @@ IssuerAndSerialNumber ::= SEQUENCE {
 	isser		Name,
 	serialNumber	INTEGER }
 */
-int x509_cert_get_issuer_and_serial_number(const uint8_t *cert, size_t certlen,
+int x509_cert_get_issuer_and_serial_number(const uint8_t *a, size_t alen,
 	const uint8_t **issuer, size_t *issuer_len,
 	const uint8_t **serial_number, size_t *serial_number_len);
+int x509_cert_get_subject(const uint8_t *a, size_t alen, const uint8_t **subj, size_t *subj_len);
+int x509_cert_get_subject_public_key(const uint8_t *a, size_t alen, SM2_KEY *public_key);

 int x509_certs_to_pem(const uint8_t *d, size_t dlen, FILE *fp);
 int x509_certs_from_pem(const uint8_t *d, size_t *dlen, size_t maxlen, FILE *fp);
-int x509_certs_get_count(const uint8_t *d, size_t dlen, int count);
+int x509_certs_get_count(const uint8_t *d, size_t dlen, size_t *cnt);
 int x509_certs_get_cert_by_index(const uint8_t *d, size_t dlen, int index, const uint8_t **cert, size_t *certlen);
 int x509_certs_get_cert_by_subject(const uint8_t *d, size_t dlen, const uint8_t *subject, size_t subject_len, const uint8_t **cert, size_t *certlen);

--- a/include/gmssl/x509_crl.h
+++ b/include/gmssl/x509_crl.h
@@ -1,4 +1,4 @@
-/*
+/*
 * Copyright (c) 2020 - 2021 The GmSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
@@ -101,6 +101,10 @@ int x509_crl_entry_exts_add_certificate_issuer(
 	int critical,
 	const uint8_t *d, size_t dlen);

+#define x509_crl_entry_exts_to_der(d,dlen,out,outlen) asn1_sequence_to_der(d,dlen,out,outlen)
+#define x509_crl_entry_exts_from_der(d,dlen,in,inlen) asn1_sequence_from_der(d,dlen,in,inlen)
+int x509_crl_entry_exts_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
 /*
 RevokedCertificate ::= SEQUENCE {
 	userCertificate		CertificateSerialNumber,
@@ -238,8 +242,9 @@ int x509_crl_sign(uint8_t *crl, size_t *crl_len,
 	time_t next_update,
 	const uint8_t *revoked_certs, size_t revoked_certs_len,
 	const uint8_t *exts, size_t exts_len,
-	const SM2_KEY *sign_key, const char *signer_id);
-int x509_crl_verify(const uint8_t *a, size_t alen, const SM2_KEY *pub_key, const char *key_id);
+	const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len);
+int x509_crl_verify(const uint8_t *a, size_t alen,
+	const SM2_KEY *sign_pub_key, const char *signer_id, size_t signer_id_len);

 int x509_crl_get_details(const uint8_t *crl, size_t crl_len,
 	int *version,
--- a/include/gmssl/x509_ext.h
+++ b/include/gmssl/x509_ext.h
@@ -104,6 +104,8 @@ int x509_exts_add_crl_distribution_points(uint8_t *exts, size_t *extslen, size_t
 int x509_exts_add_inhibit_any_policy(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, int skip_certs);
 int x509_exts_add_freshest_crl(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, const uint8_t *d, size_t dlen);

+int x509_exts_add_sequence(uint8_t *exts, size_t *extslen, size_t maxlen,
+	int oid, int critical, const uint8_t *d, size_t dlen);

 /*
 OtherName ::= SEQUENCE {
@@ -190,6 +192,12 @@ int x509_authority_key_identifier_from_der(
 	const uint8_t **in, size_t *inlen);
 int x509_authority_key_identifier_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);

+/*
+SubjectKeyIdentifier ::= OCTET STRING
+*/
+#define X509_SUBJECT_KEY_IDENTIFIER_MIN_LEN 16
+#define X509_SUBJECT_KEY_IDENTIFIER_MAX_LEN 64
+
 /*
 KeyUsage ::= BIT STRING {
 	digitalSignature	(0),
@@ -265,6 +273,9 @@ int x509_policy_qualifier_info_from_der(int *oid,
 	const uint8_t **qualifier, size_t *qualifier_len,
 	const uint8_t **in, size_t *inlen);
 int x509_policy_qualifier_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+#define x509_policy_qualifier_infos_to_der(d,dlen,out,outlen) asn1_sequence_to_der(d,dlen,out,outlen)
+#define x509_policy_qualifier_infos_from_der(d,dlen,in,ineln) asn1_sequence_from_der(d,dlen,in,inlen)
 int x509_policy_qualifier_infos_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);

 /*
@@ -489,8 +500,26 @@ int x509_distribution_points_print(FILE *fp, int fmt, int ind, const char *label

 /*
 CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
-FreshestCRL ::= CRLDistributionPoints
 */
+#define x509_crl_distribution_points_to_der(d,dlen,out,outlen) x509_distribution_points_to_der(d,dlen,out,outlen)
+#define x509_crl_distribution_points_from_der(d,dlen,in,inlen) x509_distribution_points_from_der(d,dlen,in,inlen)
+#define x509_crl_distribution_points_print(fp,fmt,ind,label,d,dlen) x509_distribution_points_print(fp,fmt,ind,label,d,dlen)
+
+
+/*
+InhibitAnyPolicy ::= SkipCerts
+SkipCerts ::= INTEGER (0..MAX)
+*/
+#define x509_inhibit_any_policy_to_der(val,out,outlen) asn1_int_to_der(val,out,outlen)
+#define x509_inhibit_any_policy_from_der(val,in,inlen) asn1_int_from_der(val,in,inlen)
+
+/*
+FreshestCRL ::= CRLDistributionPoints
+ */
+#define x509_freshest_crl_to_der(d,dlen,out,outlen) x509_crl_distribution_points_to_der(d,dlen,out,outlen)
+#define x509_freshest_crl_from_der(d,dlen,in,inlen) x509_crl_distribution_points_from_der(d,dlen,in,inlen)
+#define x509_freshest_crl_print(fp,fmt,ind,label,d,dlen) x509_crl_distribution_points_print(fp,fmt,ind,label,d,dlen)
+

 #ifdef __cplusplus
 }
--- a/include/gmssl/x509_oid.h
+++ b/include/gmssl/x509_oid.h
@@ -104,10 +104,10 @@ id-ce:
 	OID_ce_inhibit_any_policy
 	OID_ce_freshest_crl
 */
-const char *x509_ext_type_name(int oid);
-int x509_ext_type_from_name(const char *name);
-int x509_ext_type_from_der(int *oid, uint32_t *nodes, size_t *nodes_count, const uint8_t **in, size_t *inlen);
-int x509_ext_type_to_der(int oid, uint8_t **out, size_t *outlen);
+const char *x509_ext_id_name(int oid);
+int x509_ext_id_from_name(const char *name);
+int x509_ext_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_count, const uint8_t **in, size_t *inlen);
+int x509_ext_id_to_der(int oid, uint8_t **out, size_t *outlen);

 /*
 id-qt
--- a/include/gmssl/x509_req.h
+++ b/include/gmssl/x509_req.h
@@ -111,9 +111,9 @@ int x509_req_sign(uint8_t *req, size_t *reqlen, size_t maxlen,
 	const SM2_KEY *subject_public_key,
 	const uint8_t *attrs, size_t attrs_len,
 	int signature_algor,
-	const SM2_KEY *sign_key, const char *signer_id);
+	const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len);
 int x509_req_verify(const uint8_t *req, size_t reqlen,
-	const SM2_KEY *sign_pubkey, const char *signer_id)
+	const SM2_KEY *sign_pubkey, const char *signer_id, size_t signer_id_len);
 int x509_req_get_details(const uint8_t *req, size_t reqlen,
 	int *verison,
 	const uint8_t **subject, size_t *subject_len,
@@ -121,7 +121,7 @@ int x509_req_get_details(const uint8_t *req, size_t reqlen,
 	const uint8_t **attributes, size_t *attributes_len,
 	int *signature_algor,
 	const uint8_t **signature, size_t *signature_len);
-int x509_req_print(FILE *fp, int fmt, int ind, const uint8_t *req, size_t reqlen)
+int x509_req_print(FILE *fp, int fmt, int ind, const uint8_t *req, size_t reqlen);
 int x509_req_to_pem(const uint8_t *req, size_t reqlen, FILE *fp);
 int x509_req_from_pem(uint8_t *req, size_t *reqlen, size_t maxlen, FILE *fp);

--- a/include/gmssl/zuc.h
+++ b/include/gmssl/zuc.h
@@ -113,7 +113,7 @@ ZUC_UINT32 zuc_eia_generate_mac(const ZUC_UINT32 *data, size_t nbits,

 typedef ZUC_STATE ZUC256_STATE;

-void zuc256_set_state(ZUC256_STATE *state, const uint8_t key[ZUC256_KEY_SIZE], const uint8_t iv[ZUC256_IV_SIZE]);
+void zuc256_init(ZUC256_STATE *state, const uint8_t key[ZUC256_KEY_SIZE], const uint8_t iv[ZUC256_IV_SIZE]);
 #define zuc256_generate_keystream(state,nwords,words) zuc_generate_keystream(state,nwords,words)
 #define zuc256_generate_keyword(state) zuc_generate_keyword(state)