From cda0fae67576d2b66e3e4894687cb670727b9979 Mon Sep 17 00:00:00 2001
From: Zhi Guan <guanzhi1980@gmail.com>
Date: Wed, 27 Jul 2022 17:50:01 +0800
Subject: [PATCH] Update version to beta

Fix the record_do_recv bug and update version
---
 demos/tlcp_client.sh    |  8 ++++++++
 demos/tlcp_server.sh    | 39 +++++++++++++++++++++++++++++++++++++++
 include/gmssl/asn1.h    |  8 +++-----
 include/gmssl/oid.h     | 32 ++++++++++++++------------------
 include/gmssl/version.h |  2 +-
 src/asn1.c              |  2 ++
 src/tls.c               | 24 ++++++++++++------------
 src/version.c           |  6 ------
 8 files changed, 79 insertions(+), 42 deletions(-)
 create mode 100755 demos/tlcp_client.sh
 create mode 100755 demos/tlcp_server.sh

diff --git a/demos/tlcp_client.sh b/demos/tlcp_client.sh
new file mode 100755
index 00000000..226c037d
--- /dev/null
+++ b/demos/tlcp_client.sh
@@ -0,0 +1,8 @@
+#!/bin/bash -x
+
+
+# https://ebssec.boc.cn
+gmssl tlcp_client -host 123.124.191.183
+
+# https://zffw.jxzwfww.gov.cn
+gmssl tlcp_client -host 218.87.21.62
diff --git a/demos/tlcp_server.sh b/demos/tlcp_server.sh
new file mode 100755
index 00000000..42623698
--- /dev/null
+++ b/demos/tlcp_server.sh
@@ -0,0 +1,39 @@
+#!/bin/bash -x
+
+
+gmssl sm2keygen -pass 1234 -out rootcakey.pem
+gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
+gmssl certparse -in rootcacert.pem
+
+gmssl sm2keygen -pass 1234 -out cakey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem
+gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
+gmssl certparse -in cacert.pem
+
+gmssl sm2keygen -pass 1234 -out signkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem
+gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
+gmssl certparse -in signcert.pem
+
+gmssl sm2keygen -pass 1234 -out enckey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key enckey.pem -pass 1234 -out encreq.pem
+gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
+gmssl certparse -in enccert.pem
+
+cat signcert.pem > double_certs.pem
+cat enccert.pem >> double_certs.pem
+cat cacert.pem >> double_certs.pem
+
+sudo gmssl tlcp_server -port 443 -cert double_certs.pem -key signkey.pem -pass 1234 -ex_key enckey.pem -ex_pass 1234 -cacert cacert.pem  1>/dev/null  2>/dev/null &
+sleep 3
+
+gmssl sm2keygen -pass 1234 -out clientkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -days 365 -key clientkey.pem -pass 1234 -out clientreq.pem
+gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
+gmssl certparse -in clientcert.pem
+
+# build and install BabaSSL 8.3.1
+openssl version
+openssl s_client -enable_ntls -ntls -connect localhost:443 -no_ticket -CAfile rootcacert.pem
+
+
diff --git a/include/gmssl/asn1.h b/include/gmssl/asn1.h
index ad46557e..a0516975 100644
--- a/include/gmssl/asn1.h
+++ b/include/gmssl/asn1.h
@@ -46,8 +46,6 @@
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-// https://www.obj-sys.com/asn1tutorial/node128.html
-
 
 #ifndef GMSSL_ASN1_H
 #define GMSSL_ASN1_H
@@ -111,12 +109,12 @@ const char *asn1_tag_name(int tag);
 int asn1_tag_to_der(int tag, uint8_t **out, size_t *outlen);
 int asn1_tag_from_der(int tag, const uint8_t **in, size_t *inlen);
 int asn1_any_tag_from_der(int *tag, const uint8_t **in, size_t *inlen);
-int asn1_tag_get(int *tag, const uint8_t **in, size_t *inlen); // 这个函数是看看下一个tag是什么，并不修改in,inlen
+int asn1_tag_get(int *tag, const uint8_t **in, size_t *inlen); // 尝试读取下一个tag，但是并不修改in,inlen
 int asn1_tag_is_cstring(int tag);
 int asn1_length_to_der(size_t dlen, uint8_t **out, size_t *outlen);
 int asn1_length_from_der(size_t *dlen, const uint8_t **in, size_t *inlen);
 int asn1_length_is_zero(size_t len);
-int asn1_length_le(size_t len1, size_t len2);
+int asn1_length_le(size_t len1, size_t len2); // less than
 int asn1_data_to_der(const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
 int asn1_data_from_der(const uint8_t **d, size_t dlen, const uint8_t **in, size_t *inlen);
 
@@ -124,7 +122,7 @@ int asn1_type_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size
 int asn1_type_from_der(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
 int asn1_any_type_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
 int asn1_any_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen); // 调用方应保证a,alen为TLV
-int asn1_any_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen); // 检查输入为TLV
+int asn1_any_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen); // 该函数会检查输入是否为TLV
 
 const char *asn1_boolean_name(int val);
 int asn1_boolean_from_name(int *val, const char *name);
diff --git a/include/gmssl/oid.h b/include/gmssl/oid.h
index 29cfd84a..1f69c368 100644
--- a/include/gmssl/oid.h
+++ b/include/gmssl/oid.h
@@ -210,14 +210,22 @@ enum {
 	OID_cms_key_agreement_info,
 };
 
+// {iso(1) org(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7)}
+#define oid_pkix	1,3,6,1,5,5,7
 
+#define oid_pe		oid_pkix,1
+#define oid_qt		oid_pkix,2
+#define oid_kp		oid_pkix,3
+#define oid_ad		oid_pkix,48
 
-#define oid_pkix 1,3,6,1,5,5,7
+// {iso(1) member-body(2) us(840) rsadsi(113549)}
+#define oid_rsadsi	1,2,840,113549
+#define oid_pkcs	oid_rsadsi,1
+#define oid_pkcs5	oid_pkcs,5
+
+// {iso(1) member-body(2) us(840) ansi-x962(10045)}
+#define oid_x9_62	1,2,840,10045
 
-#define oid_pe	oid_pkix,1
-#define oid_qt	oid_pkix,2
-#define oid_kp	oid_pkix,3
-#define oid_ad	oid_pkix,48
 
 
 #define oid_at	2,5,4
@@ -226,27 +234,15 @@ enum {
 
 #define oid_sm		1,2,156,10197
 #define oid_sm_algors	oid_sm,1
+#define oid_sm2_cms	oid_sm,6,1,4,2
 
 
-#define oid_sm2_cms 1,2,156,10197,6,1,4,2
 
-/*
-rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) 113549}
-pkcs OBJECT IDENTIFIER   ::= {rsadsi 1}
-pkcs-5 OBJECT IDENTIFIER ::= {pkcs 5}
-id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
-id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
-*/
-
-#define oid_rsadsi	1,2,840,113549
-#define oid_pkcs	oid_rsadsi,1
-#define oid_pkcs5	oid_pkcs,5
 
 
 #define oid_cnt(nodes)	(sizeof(nodes)/sizeof(int))
 
 
-#define oid_x9_62 1,2,840,10045
 
 
 #ifdef __cplusplus
diff --git a/include/gmssl/version.h b/include/gmssl/version.h
index ccc903af..d561ba67 100644
--- a/include/gmssl/version.h
+++ b/include/gmssl/version.h
@@ -62,7 +62,7 @@ Version Public API
 */
 
 #define GMSSL_VERSION_NUM	30000
-#define GMSSL_VERSION_STR	"GmSSL 3.0.0 Alpha"
+#define GMSSL_VERSION_STR	"GmSSL 3.0.0 Beta"
 
 int gmssl_version_num(void);
 const char *gmssl_version_str(void);
diff --git a/src/asn1.c b/src/asn1.c
index d0a5d99f..ceb25c19 100644
--- a/src/asn1.c
+++ b/src/asn1.c
@@ -46,6 +46,8 @@
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+// https://www.obj-sys.com/asn1tutorial/node128.html
+
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
diff --git a/src/tls.c b/src/tls.c
index 41a0f2c4..6b53f429 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -1519,11 +1519,14 @@ int tls_record_do_recv(uint8_t *record, size_t *recordlen, int sock)
 	int type;
 	size_t len;
 
-	// TODO：支持非租塞socket或针对可能的网络延迟重新recv
-	if ((r = recv(sock, record, 5, 0)) < 0) {
-		perror("");
-		error_print();
-		return -1;
+	len = 5;
+	while (len) {
+		if ((r = recv(sock, record + 5 - len, len, 0)) < 0) {
+			perror("");
+			error_print();
+			return -1;
+		}
+		len -= r;
 	}
 	if (!tls_record_type_name(tls_record_type(record))) {
 		error_print();
@@ -1540,16 +1543,13 @@ int tls_record_do_recv(uint8_t *record, size_t *recordlen, int sock)
 		error_print();
 		return -1;
 	}
-	if (len) {
-		if ((r = recv(sock, record + 5, len, 0)) < 0) {
-			error_print();
-			return -1;
-		} else if (r != len) {
-			// FIXME: 不一定能够一次读取全部数据，需要修正这个bug
-			fprintf(stderr, "%s %d: r = %zu, len = %zu\n", __FILE__, __LINE__, r, len);
+	while (len) {
+		if ((r = recv(sock, record + *recordlen - len, len, 0)) < 0) {
+			perror("");
 			error_print();
 			return -1;
 		}
+		len -= r;
 	}
 	return 1;
 }
diff --git a/src/version.c b/src/version.c
index 7dca9a6b..223c5a56 100644
--- a/src/version.c
+++ b/src/version.c
@@ -46,12 +46,6 @@
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-/*
-## TODO:
- 1. 每次发布时，应该将当前的时间戳添加到版本中
- 2. 将编译信息加入到版本的全部信息中，特别是发布二进制版专有功能时
-
-*/
 
 #include <gmssl/version.h>