Add demos to CMake

CMakeLists.txt

@@ -47,13 +47,12 @@ set(src
 	src/hex.c
 	src/base64.c
 	src/pem.c
-	src/x509_oid.c
 	src/x509_alg.c
-	src/x509_str.c
 	src/x509_cer.c
 	src/x509_ext.c
 	src/x509_req.c
 	src/x509_crl.c
+	src/x509_new.c
 	src/cms.c
 	src/sdf/sdf.c
 	src/sdf/sdf_lib.c
@@ -159,6 +158,35 @@ set(tests
 	tls13
 )
 
+set(demos
+	demo_sm2_encrypt
+	demo_sm2_keygen
+	demo_sm2_keyparse
+	demo_sm2_private_key
+	demo_sm2_private_key_parse
+	demo_sm2_public_key
+	demo_sm2_sign
+	demo_sm2_sign_ctx
+	demo_sm3
+	demo_sm3_hmac
+	demo_sm3_kdf
+	demo_sm4
+	demo_sm4_cbc
+	demo_sm4_cbc_decrypt_update
+	demo_sm4_cbc_encrypt_update
+	demo_sm4_cbc_padding
+	demo_sm4_ctr
+	demo_sm4_ctr_encrypt_update
+	demo_sm4_gcm
+	demo_sm9_encrypt
+	demo_sm9_keygen
+	demo_sm9_sign
+#	demo_tlcp_get
+#	demo_tlcp_post
+#	demo_wget
+	demo_zuc
+)
+
 
 option(ENABLE_TLS_DEBUG "Enable TLS and TLCP print debug message" OFF)
 if (ENABLE_TLS_DEBUG)
@@ -283,6 +311,10 @@ if (NOT ${CMAKE_SYSTEM_NAME} STREQUAL "iOS")
 		target_link_libraries (${name}test LINK_PUBLIC gmssl)
 	endforeach()
 
+	foreach(name ${demos})
+		add_executable(${name} demos/src/${name}.c)
+		target_link_libraries(${name} LINK_PUBLIC gmssl)
+	endforeach()
 
 	install(TARGETS gmssl-bin RUNTIME DESTINATION bin)
 endif()

demos/scripts/cademo.sh

@@ -6,17 +6,17 @@ gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -
 gmssl certparse -in rootcacert.pem
 
 gmssl sm2keygen -pass 1234 -out cakey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
 gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
 gmssl certparse -in cacert.pem
 
 gmssl sm2keygen -pass 1234 -out signkey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
 gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
 gmssl certparse -in signcert.pem
 
 gmssl sm2keygen -pass 1234 -out enckey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key enckey.pem -pass 1234 -out encreq.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass 1234 -out encreq.pem
 gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
 gmssl certparse -in enccert.pem
 

demos/scripts/reqdemo.sh

@@ -7,13 +7,13 @@ gmssl certparse -in cacert.pem
 
 # generate a req and sign by CA certificate
 gmssl sm2keygen -pass 1234 -out signkey.pem -pubout pubkey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -days 365 -key signkey.pem -pass 1234 -out signreq.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -key signkey.pem -pass 1234 -out signreq.pem
 gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
 gmssl certparse -in signcert.pem
 
 # sign a encryption certificate with the same DN, different KeyUsage extension
 gmssl sm2keygen -pass 1234 -out enckey.pem -pubout pubkey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -days 365 -key enckey.pem -pass 1234 -out encreq.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -key enckey.pem -pass 1234 -out encreq.pem
 gmssl reqsign -in encreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
 gmssl certparse -in enccert.pem
 

demos/sm2/Makefile

@@ -1,18 +0,0 @@
-all:
-	cc sm2_keygen_demo.c -lgmssl -o sm2_keygen_demo
-	cc sm2_private_key_demo.c -lgmssl -o sm2_private_key_demo
-	cc sm2_private_key_parse_demo.c -lgmssl -o sm2_private_key_parse_demo
-	cc sm2_public_key_demo.c -lgmssl -o sm2_public_key_demo
-	cc sm2_sign_demo.c -lgmssl -o sm2_sign_demo
-	cc sm2_sign_ctx_demo.c -lgmssl -o sm2_sign_ctx_demo
-	cc sm2_encrypt_demo.c -lgmssl -o sm2_encrypt_demo
-
-clear:
-	rm -fr sm2_keygen_demo
-	rm -fr sm2_private_key_demo
-	rm -fr sm2_private_key_parse_demo
-	rm -fr sm2_public_key_demo
-	rm -fr sm2_sign_demo
-	rm -fr sm2_sign_ctx_demo
-	rm -fr sm2_encrypt_demo
-

demos/sm3/CMakeLists.txt

@@ -1,12 +0,0 @@
-cmake_minimum_required(VERSION 3.0)
-project(sm3demo)
-
-include_directories(/usr/local/include)
-link_directories(/usr/local/lib)
-
-add_executable(sm3_demo sm3_demo.c)
-add_executable(sm3_hmac_demo sm3_hmac_demo.c)
-add_executable(sm3_kdf_demo sm3_kdf_demo.c)
-target_link_libraries(sm3_demo gmssl)
-target_link_libraries(sm3_hmac_demo gmssl)
-target_link_libraries(sm3_kdf_demo gmssl)

demos/sm3/Makefile

@@ -1,9 +0,0 @@
-all:
-	cc sm3_demo.c -lgmssl -o sm3_demo
-	cc sm3_hmac_demo.c -lgmssl -o sm3_hmac_demo
-	cc sm3_kdf_demo.c -lgmssl -o sm3_kdf_demo
-clean:
-	rm -fr sm3_demo
-	rm -fr sm3_hmac_demo
-	rm -fr sm3_kdf_demo
-

demos/sm4/Makefile

@@ -1,22 +0,0 @@
-all:
-	cc sm4_demo.c -lgmssl -o sm4_demo
-	cc sm4_cbc_demo.c -lgmssl -o sm4_cbc_demo
-	cc sm4_cbc_padding_demo.c -lgmssl -o sm4_cbc_padding_demo
-	cc sm4_ctr_demo.c -lgmssl -o sm4_ctr_demo
-	cc sm4_gcm_demo.c -lgmssl -o sm4_gcm_demo
-	cc sm4_cbc_encrypt_update_demo.c -lgmssl -o sm4_cbc_encrypt_update_demo
-	cc sm4_cbc_decrypt_update_demo.c -lgmssl -o sm4_cbc_decrypt_update_demo
-	cc sm4_ctr_encrypt_update_demo.c -lgmssl -o sm4_ctr_encrypt_update_demo
-	cc sm4_ctr_encrypt_update_demo.c -lgmssl -o sm4_ctr_decrypt_update_demo
-
-clean:
-	rm -fr sm4_demo
-	rm -fr sm4_cbc_demo
-	rm -fr sm4_cbc_padding_demo
-	rm -fr sm4_ctr_demo
-	rm -fr sm4_gcm_demo
-	rm -fr sm4_cbc_encrypt_update_demo
-	rm -fr sm4_cbc_decrypt_update_demo
-	rm -fr sm4_ctr_encrypt_update_demo
-	rm -fr sm4_ctr_decrypt_update_demo
-

demos/sm9/Makefile

@@ -1,10 +0,0 @@
-all:
-	cc sm9_keygen_demo.c -lgmssl -o sm9_keygen_demo
-	cc sm9_sign_demo.c -lgmssl -o sm9_sign_demo
-	cc sm9_encrypt_demo.c -lgmssl -o sm9_encrypt_demo
-
-clean:
-	rm -fr sm9_keygen_demo
-	rm -fr sm9_sign_demo
-	rm -fr sm9_encrypt_demo
-

demos/tlcp/Makefile

@@ -1,8 +0,0 @@
-all:
-	cc tlcp_get.c url_parser.c -lgmssl -o tlcp_get
-	cc tlcp_post.c url_parser.c -lgmssl -o tlcp_post
-
-clean:
-	rm -fr tlcp_get
-	rm -fr tlcp_post
-

demos/zuc/Makefile

@@ -1,8 +0,0 @@
-all:
-	cc zuc_demo.c -lgmssl -o zuc_encrypt_demo
-	cc zuc_demo.c -lgmssl -o zuc_decrypt_demo
-
-clean:
-	rm -fr zuc_encrypt_demo
-	rm -fr zuc_decrypt_demo
-

include/gmssl/x509.h

@@ -24,36 +24,6 @@
 extern "C" {
 #endif
 
-/*
-X509 Public API
-
-	x509_name_add_rdn
-	x509_name_add_country_name
-	x509_name_add_state_or_province_name
-	x509_name_add_locality_name
-	x509_name_add_organization_name
-	x509_name_add_organizational_unit_name
-	x509_name_add_common_name
-	x509_name_add_domain_component
-	x509_name_to_der
-	x509_name_from_der
-	x509_name_print
-	x509_name_get_value_by_type
-	x509_name_get_common_name
-
-	x509_cert_sign
-	x509_cert_verify
-	x509_cert_verify_by_ca_cert
-	x509_cert_get_issuer_and_serial_number
-	x509_cert_get_issuer
-	x509_cert_get_subject
-	x509_cert_get_subject_public_key
-	x509_cert_to_der
-	x509_cert_from_der
-	x509_cert_to_pem
-	x509_cert_from_pem
-	x509_cert_print
-*/
 
 enum X509_Version {
 	X509_version_v1 = 0,
@@ -114,23 +84,28 @@ AttributeTypeAndValue ::= SEQUENCE {
 	value ANY -- DEFINED BY AttributeType }
 
 id-at
-	name			DirectoryName		1..ub-name
-	surname			DirectoryName		1..ub-name
-	givenName		DirectoryName		1..ub-name
-	initials		DirectoryName		1..ub-name
-	generationQualifier	DirectoryName		1..ub-name
-	commonName		DirectoryName		1..ub-common-name
-	localityName		DirectoryName		1..ub-locality-name
-	stateOrProvinceName	DirectoryName		1..ub-state-name
-	organizationName	DirectoryName		1..ub-organization-name
-	organizationalUnitName	DirectoryName		1..ub-organizational-unit-name
-	title			DirectoryName		1..ub-title
-	dnQualifier		PrintableString		N/A
-	countryName		PrintableString		2..2
-	serialNumber		PrintableString		1..ub-serial-number
-	pseudonym		DirectoryName		1..ub-pseudonym
-	domainComponent		IA5String		N/A
+	OID_at_name			name			DirectoryName		1..ub-name
+	OID_at_surname			surname			DirectoryName		1..ub-name
+	OID_at_given_name		givenName		DirectoryName		1..ub-name
+	OID_at_initials			initials		DirectoryName		1..ub-name
+	OID_at_generation_qualifier	generationQualifier	DirectoryName		1..ub-name
+	OID_at_common_name		commonName		DirectoryName		1..ub-common-name
+	OID_at_locality_name		localityName		DirectoryName		1..ub-locality-name
+	OID_at_state_or_province_name	stateOrProvinceName	DirectoryName		1..ub-state-name
+	OID_at_organization_name	organizationName	DirectoryName		1..ub-organization-name
+	OID_at_organizational_unit_name	organizationalUnitName	DirectoryName		1..ub-organizational-unit-name
+	OID_at_title			title			DirectoryName		1..ub-title
+	OID_at_dn_qualifier		dnQualifier		PrintableString		N/A
+	OID_at_country_name		countryName		PrintableString		2..2
+	OID_at_serial_number		serialNumber		PrintableString		1..ub-serial-number
+	OID_at_pseudonym		pseudonym		DirectoryName		1..ub-pseudonym
+	OID_domain_component		domainComponent		IA5String		N/A
 */
+const char *x509_name_type_name(int oid);
+int x509_name_type_from_name(const char *name);
+int x509_name_type_from_der(int *oid, const uint8_t **in, size_t *inlen);
+int x509_name_type_to_der(int oid, uint8_t **out, size_t *outlen);
+
 #define X509_ub_name 32768
 #define X509_ub_common_name 64
 #define X509_ub_locality_name 128
@@ -156,16 +131,6 @@ int x509_rdn_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t
 
 /*
 Name ::= SEQUENCE OF RelativeDistinguishedName
-
-Example:
-    SEQUENCE LEN
-      SET LEN
-          SEQUENCE LEN OID=countryName, String=CN
-      SET LEN
-          SEQUENCE LEN OID=stateName, String=CN
-          SEQUENCE LEN OID=unknown, String=ABC
-      SET LEN
-          SEQUENCE LEN OID=commonNmame, String=ABC
 */
 int x509_name_add_rdn(uint8_t *d, size_t *dlen, size_t maxlen, int oid, int tag, const uint8_t *val, size_t vlen, const uint8_t *more, size_t mlen);
 int x509_name_add_country_name(uint8_t *d, size_t *dlen, size_t maxlen, const char val[2] ); // val: PrintableString SIZE(2)
@@ -208,7 +173,30 @@ Extension  ::=  SEQUENCE  {
 	extnID OBJECT IDENTIFIER,
 	critical BOOLEAN DEFAULT FALSE,
 	extnValue OCTET STRING -- contains the DER encoding of an ASN.1 value
+
+id-ce:
+	OID_ce_authority_key_identifier
+	OID_ce_subject_key_identifier
+	OID_ce_key_usage
+	OID_ce_certificate_policies
+	OID_ce_policy_mappings
+	OID_ce_subject_alt_name
+	OID_ce_issuer_alt_name
+	OID_ce_subject_directory_attributes
+	OID_ce_basic_constraints
+	OID_ce_name_constraints
+	OID_ce_policy_constraints
+	OID_ce_ext_key_usage
+	OID_ce_crl_distribution_points
+	OID_ce_inhibit_any_policy
+	OID_ce_freshest_crl
+	OID_netscape_cert_comment
 */
+const char *x509_ext_id_name(int oid);
+int x509_ext_id_from_name(const char *name);
+int x509_ext_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_count, const uint8_t **in, size_t *inlen);
+int x509_ext_id_to_der(int oid, uint8_t **out, size_t *outlen);
+
 int x509_ext_to_der(int oid, int critical, const uint8_t *val, size_t vlen, uint8_t **out, size_t *outlen);
 int x509_ext_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, int *critical, const uint8_t **val, size_t *vlen, const uint8_t **in, size_t *inlen);
 int x509_ext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
@@ -286,11 +274,6 @@ int x509_certificate_from_der(
 	const uint8_t **sig, size_t *siglen,
 	const uint8_t **in, size_t *inlen);
 
-int x509_signed_to_der(
-	const uint8_t *tbs, size_t tbslen,
-	int signature_algor,
-	const uint8_t *sig, size_t siglen,
-	uint8_t **out, size_t *outlen);
 int x509_signed_from_der(
 	const uint8_t **tbs, size_t *tbslen,
 	int *signature_algor,
@@ -301,8 +284,6 @@ int x509_signed_verify(const uint8_t *a, size_t alen, const SM2_KEY *pub_key,
 int x509_signed_verify_by_ca_cert(const uint8_t *a, size_t alen, const uint8_t *cacert, size_t cacertlen,
 	const char *signer_id, size_t signer_id_len);
 
-//int x509_certificate_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
 // x509_cert functions
 int x509_cert_sign_to_der(
 	int version,
@@ -317,22 +298,6 @@ int x509_cert_sign_to_der(
 	const uint8_t *exts, size_t exts_len,
 	const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len,
 	uint8_t **out, size_t *outlen);
-/*
-int x509_cert_sign(
-	uint8_t *cert, size_t *certlen, size_t maxlen,
-	int version,
-	const uint8_t *serial, size_t serial_len,
-	int signature_algor,
-	const uint8_t *issuer, size_t issuer_len,
-	time_t not_before, time_t not_after,
-	const uint8_t *subject, size_t subject_len,
-	const SM2_KEY *subject_public_key,
-	const uint8_t *issuer_unique_id, size_t issuer_unique_id_len,
-	const uint8_t *subject_unique_id, size_t subject_unique_id_len,
-	const uint8_t *exts, size_t exts_len,
-	const SM2_KEY *sign_key,
-	const char *signer_id, size_t signer_id_len);
-*/
 
 int x509_cert_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen);
 int x509_cert_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen);
@@ -357,9 +322,20 @@ int x509_cert_get_details(const uint8_t *a, size_t alen,
 	const uint8_t **extensions, size_t *extensions_len,
 	int *signature_algor,
 	const uint8_t **signature, size_t *signature_len);
-int x509_cert_check(const uint8_t *cert, size_t certlen, int cert_type, int *path_len_constraints);
 
 
+typedef enum {
+	X509_cert_server_auth,
+	X509_cert_client_auth,
+	X509_cert_server_key_encipher,
+	X509_cert_client_key_encipher,
+	X509_cert_ca,
+	X509_cert_root_ca,
+	X509_cert_crl_sign,
+} X509_CERT_TYPE;
+
+int x509_cert_check(const uint8_t *cert, size_t certlen, int cert_type, int *path_len_constraints);
+
 /*
 IssuerAndSerialNumber ::= SEQUENCE {
 	isser		Name,
@@ -390,20 +366,12 @@ int x509_certs_get_cert_by_issuer_and_serial_number(
 	const uint8_t *serial, size_t serial_len,
 	const uint8_t **cert, size_t *cert_len);
 
-
-typedef enum {
-	X509_verify_err_cert_revoked		= -2,
-	X509_verify_err_cert_not_yet_valid	= -3,
-	X509_verify_err_cert_has_expired	= -4,
-	X509_verify_err_cert_chain_too_long	= -5,
-} X509_VERIFY_ERR;
-
 typedef enum {
 	X509_cert_chain_server,
 	X509_cert_chain_client,
 } X509_CERT_CHAIN_TYPE;
 
-#define X509_MAX_VERIFY_DEPTH	6 // TODO: any requirement from CA/B or OpenSSL?
+#define X509_MAX_VERIFY_DEPTH	6
 int x509_certs_verify(const uint8_t *certs, size_t certslen, int certs_type,
 	const uint8_t *rootcerts, size_t rootcertslen, int depth, int *verify_result);
 int x509_certs_verify_tlcp(const uint8_t *certs, size_t certslen, int certs_type,
@@ -416,18 +384,6 @@ int x509_cert_new_from_file(uint8_t **out, size_t *outlen, const char *file);
 int x509_certs_new_from_file(uint8_t **out, size_t *outlen, const char *file);
 
 
-typedef enum {
-	X509_cert_server_auth,
-	X509_cert_client_auth,
-	X509_cert_server_key_encipher,
-	X509_cert_client_key_encipher,
-	X509_cert_ca,
-	X509_cert_root_ca,
-	X509_cert_crl_sign,
-} X509_CERT_TYPE;
-
-
-
 #ifdef __cplusplus
 }
 #endif

include/gmssl/x509_crl.h

@@ -57,18 +57,17 @@ int x509_crl_entry_ext_id_from_name(const char *name);
 int x509_crl_entry_ext_id_to_der(int oid, uint8_t **out, size_t *outlen);
 int x509_crl_entry_ext_id_from_der(int *oid, const uint8_t **in, size_t *inlen);
 
-int x509_crl_entry_ext_critical_check(int oid, int critical);
-
-
 int x509_crl_entry_ext_to_der(int oid, int critical, const uint8_t *val, size_t vlen, uint8_t **out, size_t *outlen);
+int x509_crl_entry_ext_from_der(int *oid, int *critical, const uint8_t **val, size_t *vlen, const uint8_t **in, size_t *inlen);
+int x509_crl_entry_ext_critical_check(int oid, int critical);
+int x509_crl_entry_ext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
 int x509_crl_reason_ext_to_der(int critical, int reason, uint8_t **out, size_t *outlen);
 int x509_invalidity_date_ext_to_der(int critical, time_t date, uint8_t **out, size_t *outlen);
 int x509_cert_issuer_ext_to_der(int critical, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
-int x509_crl_entry_ext_from_der(int *oid, int *critical, const uint8_t **val, size_t *vlen, const uint8_t **in, size_t *inlen);
 int x509_crl_entry_ext_from_der_ex(int *oid, int *critical,
 	int *reason, time_t *invalid_date, const uint8_t **cert_issuer, size_t *cert_issuer_len,
 	const uint8_t **in, size_t *inlen);
-int x509_crl_entry_ext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 
 int x509_crl_entry_exts_to_der(
 	int reason, time_t invalid_date, const uint8_t *cert_issuer, size_t cert_issuer_len,
@@ -81,7 +80,6 @@ int x509_crl_entry_exts_get(const uint8_t *d, size_t dlen,
 int x509_crl_entry_exts_check(const uint8_t *d, size_t dlen);
 int x509_crl_entry_exts_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 
-
 /*
 RevokedCertificate ::= SEQUENCE {
 	userCertificate		CertificateSerialNumber,
@@ -143,7 +141,6 @@ IssuingDistributionPoint ::= SEQUENCE {
 	indirectCRL			[4] IMPLICIT BOOLEAN DEFAULT FALSE,
 	onlyContainsAttributeCerts	[5] IMPLICIT BOOLEAN DEFAULT FALSE }
 */
-
 int x509_issuing_distribution_point_to_der(
 	const char *dist_point_uri, size_t dist_point_uri_len,
 	int only_contains_user_certs,
@@ -162,11 +159,11 @@ int x509_issuing_distribution_point_from_der(
 	const uint8_t **in, size_t *inlen);
 int x509_issuing_distribution_point_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 
-int x509_crl_ext_critical_check(int oid, int critical);
 int x509_crl_ext_to_der(int oid, int critical, const uint8_t *val, size_t vlen, uint8_t **out, size_t *outlen);
 int x509_crl_ext_from_der_ex(int *oid, uint32_t *nodes, size_t *nodes_cnt,
 	int *critical, const uint8_t **val, size_t *vlen,
 	const uint8_t **in, size_t *inlen);
+int x509_crl_ext_critical_check(int oid, int critical);
 int x509_crl_ext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 
 
@@ -211,12 +208,11 @@ int x509_crl_exts_add_authority_info_acess(
 	const char *ca_issuers_uri, size_t ca_issuers_urilen,
 	const char *ocsp_uri, size_t ocsp_urilen);
 
-int x509_crl_exts_check(const uint8_t *d, size_t dlen);
 #define x509_crl_exts_to_der(d,dlen,out,outlen) x509_explicit_exts_to_der(0,d,dlen,out,outlen)
 #define x509_crl_exts_from_der(d,dlen,in,inlen) x509_explicit_exts_from_der(0,d,dlen,in,inlen)
+int x509_crl_exts_check(const uint8_t *d, size_t dlen);
 int x509_crl_exts_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 
-
 /*
 TBSCertList ::= SEQUENCE {
 	version			INTEGER OPTIONAL, -- if present, MUST be v2
@@ -253,8 +249,6 @@ CertificateList ::= SEQUENCE {
 	signatureAlgorithm	AlgorithmIdentifier,
 	signatureValue		BIT STRING }
 */
-
-// x509_crl_ functions
 int x509_crl_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen);
 int x509_crl_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen);
 int x509_crl_to_pem(const uint8_t *a, size_t alen, FILE *fp);
@@ -300,8 +294,8 @@ int x509_crl_get_revoked_certs(const uint8_t *a, size_t alen, const uint8_t **d,
 int x509_crl_find_revoked_cert_by_serial_number(const uint8_t *a, size_t alen,
 	const uint8_t *serial, size_t serial_len, time_t *revoke_date,
 	const uint8_t **entry_exts, size_t *entry_exts_len);
-int x509_crls_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 
+int x509_crls_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 
 int x509_crl_new_from_uri(uint8_t **crl, size_t *crl_len, const char *uri, size_t urilen);
 int x509_crl_new_from_cert(uint8_t **crl, size_t *crl_len, const uint8_t *cert, size_t certlen);

include/gmssl/x509_ext.h

@@ -116,12 +116,12 @@ int x509_edi_party_name_print(FILE *fp, int fmt, int ind, const char *label, con
 
 /*
 GeneralName ::= CHOICE {
-	otherName			[0] IMPLICIT OtherName,	-- 只在GeneralName中出现
+	otherName			[0] IMPLICIT OtherName,	-- Only in GeneralName
 	rfc822Name			[1] IMPLICIT IA5String,
 	dNSName				[2] IMPLICIT IA5String,
 	x400Address			[3] IMPLICIT ORAddress,
-	directoryName			[4] IMPLICIT Name,	-- SEQENCE OF，因此是d,dlen
-	ediPartyName			[5] IMPLICIT EDIPartyName, -- 只在GeneralName中出现
+	directoryName			[4] IMPLICIT Name,	-- SEQENCE OF
+	ediPartyName			[5] IMPLICIT EDIPartyName, -- Only in GeneralName
 	uniformResourceIdentifier	[6] IMPLICIT IA5String,
 	iPAddress			[7] IMPLICIT OCTET STRING, -- 4 bytes or string?
 	registeredID			[8] IMPLICIT OBJECT IDENTIFIER }
@@ -276,10 +276,19 @@ PolicyQualifierInfo ::= SEQUENCE {
         policyQualifierId  PolicyQualifierId,
         qualifier          ANY DEFINED BY policyQualifierId }
 
+id-qt
+	OID_qt_cps
+	OID_qt_unotice
+
 	switch(policyQualifierId)
 	case id-qt-cps		: qualifier ::= IA5String
 	case id-qt-unotice	: qualifier ::= UserNotice
 */
+const char *x509_qualifier_id_name(int oid);
+int x509_qualifier_id_from_name(const char *name);
+int x509_qualifier_id_from_der(int *oid, const uint8_t **in, size_t *inlen);
+int x509_qualifier_id_to_der(int oid, uint8_t **out, size_t *outlen);
+
 int x509_policy_qualifier_info_to_der(
 	int oid,
 	const uint8_t *qualifier, size_t qualifier_len,
@@ -300,7 +309,13 @@ PolicyInformation ::= SEQUENCE {
         policyQualifiers   SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL }
 
 CertPolicyId ::= OBJECT IDENTIFIER -- undefined
+
+	OID_any_policy
 */
+char *x509_cert_policy_id_name(int oid);
+int x509_cert_policy_id_from_name(const char *name);
+int x509_cert_policy_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen);
+int x509_cert_policy_id_to_der(int oid, const uint32_t *nodes, size_t nodes_cnt, uint8_t **out, size_t *outlen);
 
 int x509_policy_information_to_der(
 	int policy_oid, const uint32_t *policy_nodes, size_t policy_nodes_cnt,
@@ -413,8 +428,7 @@ int x509_general_subtree_print(FILE *fp, int fmt, int ind, const char *label, co
 /*
 GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
 */
-// 应该参考general_names_add_xxx来改写这个函数，只是不知道这个函数用的多不多
-int x509_general_subtrees_add_general_subtree(uint8_t *d, size_t *dlen, size_t maxlen, // 这个功能和general_names很类似，只是多了一点点内容
+int x509_general_subtrees_add_general_subtree(uint8_t *d, size_t *dlen, size_t maxlen,
 	int base_choice, const uint8_t *base, size_t base_len,
 	int minimum, int maximum);
 int x509_general_subtrees_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
@@ -453,6 +467,7 @@ ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
 
 KeyPurposeId:
 	OID_any_extended_key_usage
+  id-kp
 	OID_kp_server_auth
 	OID_kp_client_auth
 	OID_kp_code_signing
@@ -461,6 +476,12 @@ KeyPurposeId:
 	OID_kp_ocsp_signing
 */
 #define X509_MAX_KEY_PURPOSES	7
+const char *x509_key_purpose_name(int oid);
+const char *x509_key_purpose_text(int oid);
+int x509_key_purpose_from_name(const char *name);
+int x509_key_purpose_from_der(int *oid, const uint8_t **in, size_t *inlen);
+int x509_key_purpose_to_der(int oid, uint8_t **out, size_t *outlen);
+
 int x509_ext_key_usage_to_der(const int *oids, size_t oids_cnt, uint8_t **out, size_t *outlen);
 int x509_ext_key_usage_from_der(int *oids, size_t *oids_cnt, size_t max_cnt, const uint8_t **in, size_t *inlen);
 int x509_ext_key_usage_check(const int *oids, size_t oids_cnt, int cert_type);

include/gmssl/x509_oid.h

@@ -1,112 +0,0 @@
-/*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#ifndef GMSSL_X509_OID_H
-#define GMSSL_X509_OID_H
-
-
-#include <time.h>
-#include <string.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-#include <gmssl/oid.h>
-#include <gmssl/asn1.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
-id-at:
-	OID_at_name
-	OID_at_surname
-	OID_at_given_name
-	OID_at_initials
-	OID_at_generation_qualifier
-	OID_at_common_name
-	OID_at_locality_name
-	OID_at_state_or_province_name
-	OID_at_organization_name
-	OID_at_organizational_unit_name
-	OID_at_title
-	OID_at_dn_qualifier
-	OID_at_country_name
-	OID_at_serial_number
-	OID_at_pseudonym
-	OID_domain_component
-*/
-const char *x509_name_type_name(int oid);
-int x509_name_type_from_name(const char *name);
-int x509_name_type_from_der(int *oid, const uint8_t **in, size_t *inlen);
-int x509_name_type_to_der(int oid, uint8_t **out, size_t *outlen);
-
-/*
-id-ce:
-	OID_ce_authority_key_identifier
-	OID_ce_subject_key_identifier
-	OID_ce_key_usage
-	OID_ce_certificate_policies
-	OID_ce_policy_mappings
-	OID_ce_subject_alt_name
-	OID_ce_issuer_alt_name
-	OID_ce_subject_directory_attributes
-	OID_ce_basic_constraints
-	OID_ce_name_constraints
-	OID_ce_policy_constraints
-	OID_ce_ext_key_usage
-	OID_ce_crl_distribution_points
-	OID_ce_inhibit_any_policy
-	OID_ce_freshest_crl
-	OID_netscape_cert_comment
-*/
-const char *x509_ext_id_name(int oid);
-int x509_ext_id_from_name(const char *name);
-int x509_ext_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_count, const uint8_t **in, size_t *inlen);
-int x509_ext_id_to_der(int oid, uint8_t **out, size_t *outlen);
-
-/*
-id-qt
-	OID_qt_cps
-	OID_qt_unotice
-*/
-const char *x509_qualifier_id_name(int oid);
-int x509_qualifier_id_from_name(const char *name);
-int x509_qualifier_id_from_der(int *oid, const uint8_t **in, size_t *inlen);
-int x509_qualifier_id_to_der(int oid, uint8_t **out, size_t *outlen);
-
-/*
-	OID_any_policy
-*/
-char *x509_cert_policy_id_name(int oid);
-int x509_cert_policy_id_from_name(const char *name);
-int x509_cert_policy_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen);
-int x509_cert_policy_id_to_der(int oid, const uint32_t *nodes, size_t nodes_cnt, uint8_t **out, size_t *outlen);
-
-/*
-	OID_any_extended_key_usage
-id-kp
-	OID_kp_server_auth
-	OID_kp_client_auth
-	OID_kp_code_signing
-	OID_kp_email_protection
-	OID_kp_time_stamping
-	OID_kp_ocsp_signing
-*/
-const char *x509_key_purpose_name(int oid);
-const char *x509_key_purpose_text(int oid);
-int x509_key_purpose_from_name(const char *name);
-int x509_key_purpose_from_der(int *oid, const uint8_t **in, size_t *inlen);
-int x509_key_purpose_to_der(int oid, uint8_t **out, size_t *outlen);
-
-#ifdef __cplusplus
-}
-#endif
-#endif

include/gmssl/x509_req.h

@@ -67,9 +67,10 @@ int x509_req_get_details(const uint8_t *req, size_t reqlen,
 	const uint8_t **signature, size_t *signature_len);
 int x509_req_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen);
 int x509_req_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen);
-int x509_req_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *req, size_t reqlen);
 int x509_req_to_pem(const uint8_t *req, size_t reqlen, FILE *fp);
 int x509_req_from_pem(uint8_t *req, size_t *reqlen, size_t maxlen, FILE *fp);
+int x509_req_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *req, size_t reqlen);
+
 int x509_req_new_from_pem(uint8_t **req, size_t *reqlen, FILE *fp);
 int x509_req_new_from_file(uint8_t **req, size_t *reqlen, const char *file);
 

src/x509_cer.c

@@ -20,7 +20,6 @@
 #include <gmssl/asn1.h>
 #include <gmssl/rsa.h>
 #include <gmssl/file.h>
-#include <gmssl/x509_oid.h>
 #include <gmssl/x509_alg.h>
 #include <gmssl/x509_ext.h>
 #include <gmssl/x509.h>
@@ -217,6 +216,98 @@ err:
 	return -1;
 }
 
+
+static uint32_t oid_at_name[] = { oid_at,41 };
+static uint32_t oid_at_surname[] = { oid_at,4 };
+static uint32_t oid_at_given_name[] = { oid_at,42 };
+static uint32_t oid_at_initials[] = { oid_at,43 };
+static uint32_t oid_at_generation_qualifier[] = { oid_at,44 };
+static uint32_t oid_at_common_name[] = { oid_at,3 };
+static uint32_t oid_at_locality_name[] = { oid_at,7 };
+static uint32_t oid_at_state_or_province_name[] = { oid_at,8 };
+static uint32_t oid_at_organization_name[] = { oid_at,10 };
+static uint32_t oid_at_organizational_unit_name[] = { oid_at,11 };
+static uint32_t oid_at_title[] = { oid_at,12 };
+static uint32_t oid_at_dn_qualifier[] = { oid_at,46 };
+static uint32_t oid_at_country_name[] = { oid_at,6 };
+static uint32_t oid_at_serial_number[] = { oid_at,5 };
+static uint32_t oid_at_pseudonym[] = { oid_at,65 };
+static uint32_t oid_domain_component[] = { 0,9,2342,19200300,100,1,25 };
+static uint32_t oid_email_address[] = { 1,2,840,113549,1,9,1 };
+
+#define OID_AT_CNT (sizeof(oid_at_name)/sizeof(int))
+
+static const ASN1_OID_INFO x509_name_types[] = {
+	{ OID_at_name, "name", oid_at_name, OID_AT_CNT },
+	{ OID_at_surname, "surname", oid_at_surname, OID_AT_CNT },
+	{ OID_at_given_name, "givenName", oid_at_given_name, OID_AT_CNT },
+	{ OID_at_initials, "initials", oid_at_initials, OID_AT_CNT },
+	{ OID_at_generation_qualifier, "generationQualifier", oid_at_generation_qualifier, OID_AT_CNT },
+	{ OID_at_common_name, "commonName", oid_at_common_name, OID_AT_CNT },
+	{ OID_at_locality_name, "localityName", oid_at_locality_name, OID_AT_CNT },
+	{ OID_at_state_or_province_name, "stateOrProvinceName", oid_at_state_or_province_name, OID_AT_CNT },
+	{ OID_at_organization_name, "organizationName", oid_at_organization_name, OID_AT_CNT },
+	{ OID_at_organizational_unit_name, "organizationalUnitName", oid_at_organizational_unit_name, OID_AT_CNT },
+	{ OID_at_title, "title", oid_at_title, OID_AT_CNT },
+	{ OID_at_dn_qualifier, "dnQualifier", oid_at_dn_qualifier, OID_AT_CNT },
+	{ OID_at_country_name, "countryName", oid_at_country_name, OID_AT_CNT },
+	{ OID_at_serial_number, "serialNumber", oid_at_serial_number, OID_AT_CNT },
+	{ OID_at_pseudonym, "pseudonym", oid_at_pseudonym, OID_AT_CNT },
+	{ OID_domain_component, "domainComponent", oid_domain_component, sizeof(oid_domain_component)/sizeof(int) },
+	{ OID_email_address, "emailAddress", oid_email_address, sizeof(oid_email_address)/sizeof(int) },
+};
+
+static const int x509_name_types_count
+	= sizeof(x509_name_types)/sizeof(x509_name_types[0]);
+
+const char *x509_name_type_name(int oid)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_oid(x509_name_types, x509_name_types_count, oid))) {
+		error_print();
+		return NULL;
+	}
+	return info->name;
+}
+
+int x509_name_type_from_name(const char *name)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_name(x509_name_types, x509_name_types_count, name))) {
+		error_print();
+		return OID_undef;
+	}
+	return info->oid;
+}
+
+int x509_name_type_to_der(int oid, uint8_t **out, size_t *outlen)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_oid(x509_name_types, x509_name_types_count, oid))) {
+		error_print();
+		return -1;
+	}
+	if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1) {
+		error_print();
+		return -1;
+	}
+	return 1;
+}
+
+int x509_name_type_from_der(int *oid, const uint8_t **in, size_t *inlen)
+{
+	int ret;
+	const ASN1_OID_INFO *info;
+
+	if ((ret = asn1_oid_info_from_der(&info, x509_name_types, x509_name_types_count, in, inlen)) != 1) {
+		if (ret < 0) error_print();
+		else *oid = -1;
+		return ret;
+	}
+	*oid = info->oid;
+	return 1;
+}
+
 int x509_directory_name_check(int tag, const uint8_t *d, size_t dlen)
 {
 	if (dlen == 0) {
@@ -355,7 +446,7 @@ static const struct {
 	int is_printable_string_only;
 	int minlen;
 	int maxlen;
-} x509_name_types[] = {
+} x509_name_types_info[] = {
 	{ OID_at_country_name,             1, 2, 2 },
 	{ OID_at_state_or_province_name,   0, 1, X509_ub_state_name },
 	{ OID_at_locality_name,            0, 1, X509_ub_locality_name },
@@ -372,21 +463,21 @@ static const struct {
 	{ OID_at_pseudonym,                0, 1, X509_ub_pseudonym },
 };
 
-static const int x509_name_types_count
-	= sizeof(x509_name_types)/sizeof(x509_name_types[0]);
+static const int x509_name_types_info_count
+	= sizeof(x509_name_types_info)/sizeof(x509_name_types_info[0]);
 
 int x509_attr_type_and_value_check(int oid, int tag, const uint8_t *val, size_t vlen)
 {
 	int i;
-	for (i = 0; i < x509_name_types_count; i++) {
-		if (oid == x509_name_types[i].oid) {
-			if (x509_name_types[i].is_printable_string_only
+	for (i = 0; i < x509_name_types_info_count; i++) {
+		if (oid == x509_name_types_info[i].oid) {
+			if (x509_name_types_info[i].is_printable_string_only
 				&& tag != ASN1_TAG_PrintableString) {
 				error_print();
 				return -1;
 			}
 			if (x509_directory_name_check_ex(tag, val, vlen,
-				x509_name_types[i].minlen, x509_name_types[i].maxlen) != 1) {
+				x509_name_types_info[i].minlen, x509_name_types_info[i].maxlen) != 1) {
 				error_print();
 				return -1;
 			}

src/x509_ext.c

@@ -18,11 +18,115 @@
 #include <gmssl/oid.h>
 #include <gmssl/asn1.h>
 #include <gmssl/x509.h>
-#include <gmssl/x509_oid.h>
 #include <gmssl/x509_ext.h>
 #include <gmssl/error.h>
 
 
+
+static uint32_t oid_ce_subject_directory_attributes[] = { oid_ce,9 };
+static uint32_t oid_ce_subject_key_identifier[] = { oid_ce,14 };
+static uint32_t oid_ce_key_usage[] = { oid_ce,15 };
+static uint32_t oid_ce_subject_alt_name[] = { oid_ce,17 };
+static uint32_t oid_ce_issuer_alt_name[] = { oid_ce,18 };
+static uint32_t oid_ce_basic_constraints[] = { oid_ce,19 };
+static uint32_t oid_ce_name_constraints[] = { oid_ce,30 };
+static uint32_t oid_ce_crl_distribution_points[] = { oid_ce,31 };
+static uint32_t oid_ce_certificate_policies[] = { oid_ce,32 };
+static uint32_t oid_ce_policy_mappings[] = { oid_ce,33 };
+static uint32_t oid_ce_authority_key_identifier[] = { oid_ce,35 };
+static uint32_t oid_ce_policy_constraints[] = { oid_ce,36 };
+static uint32_t oid_ce_ext_key_usage[] = { oid_ce,37 };
+static uint32_t oid_ce_freshest_crl[] = { oid_ce,46 };
+static uint32_t oid_ce_inhibit_any_policy[] = { oid_ce,54 };
+static uint32_t oid_ce_crl_reasons[] = { oid_ce,21 }; // crl_entry_ext
+static uint32_t oid_ce_invalidity_date[] = { oid_ce,24 }; // crl_entry_ext
+static uint32_t oid_ce_certificate_issuer[] = { oid_ce,29 }; // crl_entry_ext
+#define OID_CE_CNT sizeof(oid_ce_subject_directory_attributes)/sizeof(int)
+static uint32_t oid_netscape_cert_type[] = { 2,16,840,1,113730,1,1 };
+static uint32_t oid_netscape_cert_comment[] = { 2,16,840,1,113730,1,13 };
+static uint32_t oid_pe_authority_info_access[] = { 1,3,6,1,5,5,7,1,1 };
+static uint32_t oid_ct_precertificate_scts[] = { 1,3,6,1,4,1,11129,2,4,2 };
+
+static const ASN1_OID_INFO x509_ext_ids[] = {
+	{ OID_ce_authority_key_identifier, "AuthorityKeyIdentifier", oid_ce_authority_key_identifier, OID_CE_CNT },
+	{ OID_ce_subject_key_identifier, "SubjectKeyIdentifier", oid_ce_subject_key_identifier, OID_CE_CNT },
+	{ OID_ce_key_usage, "KeyUsage", oid_ce_key_usage, OID_CE_CNT },
+	{ OID_ce_certificate_policies, "CertificatePolicies", oid_ce_certificate_policies, OID_CE_CNT },
+	{ OID_ce_policy_mappings, "PolicyMappings", oid_ce_policy_mappings, OID_CE_CNT },
+	{ OID_ce_subject_alt_name, "SubjectAltName", oid_ce_subject_alt_name, OID_CE_CNT },
+	{ OID_ce_issuer_alt_name, "IssuerAltName", oid_ce_issuer_alt_name, OID_CE_CNT },
+	{ OID_ce_subject_directory_attributes, "SubjectDirectoryAttributes", oid_ce_subject_directory_attributes, OID_CE_CNT },
+	{ OID_ce_basic_constraints, "BasicConstraints", oid_ce_basic_constraints, OID_CE_CNT },
+	{ OID_ce_name_constraints, "NameConstraints", oid_ce_name_constraints, OID_CE_CNT },
+	{ OID_ce_policy_constraints, "PolicyConstraints", oid_ce_policy_constraints, OID_CE_CNT },
+	{ OID_ce_ext_key_usage, "ExtKeyUsage", oid_ce_ext_key_usage, OID_CE_CNT },
+	{ OID_ce_crl_distribution_points, "CRLDistributionPoints", oid_ce_crl_distribution_points, OID_CE_CNT },
+	{ OID_ce_inhibit_any_policy, "InhibitAnyPolicy", oid_ce_inhibit_any_policy, OID_CE_CNT },
+	{ OID_ce_freshest_crl, "FreshestCRL", oid_ce_freshest_crl, OID_CE_CNT },
+	{ OID_ce_crl_reasons, "CRLReasons", oid_ce_crl_reasons, OID_CE_CNT },
+	{ OID_ce_invalidity_date, "InvalidityDate", oid_ce_invalidity_date, OID_CE_CNT },
+	{ OID_ce_certificate_issuer, "CertificateIssuer", oid_ce_certificate_issuer, OID_CE_CNT },
+	{ OID_netscape_cert_type, "NetscapeCertType", oid_netscape_cert_type, sizeof(oid_netscape_cert_type)/sizeof(int) },
+	{ OID_netscape_cert_comment, "NetscapeCertComment", oid_netscape_cert_comment, sizeof(oid_netscape_cert_comment)/sizeof(int) },
+	{ OID_pe_authority_info_access, "AuthorityInformationAccess", oid_pe_authority_info_access, sizeof(oid_pe_authority_info_access)/sizeof(int) },
+	{ OID_ct_precertificate_scts, "CT-PrecertificateSCTs", oid_ct_precertificate_scts, sizeof(oid_ct_precertificate_scts)/sizeof(int) },
+};
+
+static const int x509_ext_ids_count =
+	sizeof(x509_ext_ids)/sizeof(x509_ext_ids[0]);
+
+const char *x509_ext_id_name(int oid)
+{
+	const ASN1_OID_INFO *info;
+	if (oid == 0) {
+		return NULL;
+	}
+	if (!(info = asn1_oid_info_from_oid(x509_ext_ids, x509_ext_ids_count, oid))) {
+		error_print();
+		return NULL;
+	}
+	return info->name;
+}
+
+int x509_ext_id_from_name(const char *name)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_name(x509_ext_ids, x509_ext_ids_count, name))) {
+		error_print();
+		return OID_undef;
+	}
+	return info->oid;
+}
+
+int x509_ext_id_to_der(int oid, uint8_t **out, size_t *outlen)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_oid(x509_ext_ids, x509_ext_ids_count, oid))) {
+		error_print();
+		return -1;
+	}
+	if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1) {
+		error_print();
+		return -1;
+	}
+	return 1;
+}
+
+// 如果要支持未知的ext_id，应该提供一个callback
+int x509_ext_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen)
+{
+	int ret;
+	const ASN1_OID_INFO *info;
+
+	if ((ret = asn1_oid_info_from_der_ex(&info, nodes, nodes_cnt, x509_ext_ids, x509_ext_ids_count, in, inlen)) != 1) {
+		if (ret < 0) error_print();
+		else *oid = -1;
+		return ret;
+	}
+	*oid = info ? info->oid : 0;
+	return 1;
+}
+
 int x509_ext_to_der(int oid, int critical, const uint8_t *val, size_t vlen, uint8_t **out, size_t *outlen)
 {
 	size_t len = 0;
@@ -1433,6 +1537,68 @@ err:
 	return -1;
 }
 
+
+
+
+static uint32_t oid_qt_cps[] = { oid_qt,1 };
+static uint32_t oid_qt_unotice[] = {oid_qt,2 };
+
+static const ASN1_OID_INFO x509_qt_ids[] = {
+	{ OID_qt_cps, "CPS", oid_qt_cps, sizeof(oid_qt_cps)/sizeof(int) },
+	{ OID_qt_unotice, "userNotice", oid_qt_unotice, sizeof(oid_qt_unotice)/sizeof(int) }
+};
+
+static const int x509_qt_ids_count =
+	sizeof(x509_qt_ids)/sizeof(x509_qt_ids[0]);
+
+int x509_qualifier_id_from_name(const char *name)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_name(x509_qt_ids, x509_qt_ids_count, name))) {
+		error_print();
+		return OID_undef;
+	}
+	return info->oid;
+}
+
+const char *x509_qualifier_id_name(int oid)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_oid(x509_qt_ids, x509_qt_ids_count, oid))) {
+		error_print();
+		return NULL;
+	}
+	return info->name;
+}
+
+int x509_qualifier_id_to_der(int oid, uint8_t **out, size_t *outlen)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_oid(x509_qt_ids, x509_qt_ids_count, oid))) {
+		error_print();
+		return -1;
+	}
+	if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1) {
+		error_print();
+		return -1;
+	}
+	return 1;
+}
+
+int x509_qualifier_id_from_der(int *oid, const uint8_t **in, size_t *inlen)
+{
+	int ret;
+	const ASN1_OID_INFO *info;
+	if ((ret = asn1_oid_info_from_der(&info, x509_qt_ids, x509_qt_ids_count, in, inlen)) != 1) {
+		if (ret < 0) error_print();
+		else *oid = -1;
+		return ret;
+	}
+	*oid = info->oid;
+	return 1;
+}
+
+
 int x509_policy_qualifier_info_to_der(
 	int oid,
 	const uint8_t *qualifier, size_t qualifier_len,
@@ -1513,6 +1679,61 @@ int x509_policy_qualifier_infos_print(FILE *fp, int fmt, int ind, const char *la
 	return 1;
 }
 
+
+int x509_cert_policy_id_from_name(const char *name)
+{
+	if (strcmp(name, "anyPolicy") == 0) {
+		return OID_any_policy;
+	}
+	return OID_undef;
+}
+
+char *x509_cert_policy_id_name(int oid)
+{
+	switch (oid) {
+	case OID_any_policy: return "anyPolicy";
+	}
+	return NULL;
+}
+
+static uint32_t oid_any_policy[] = { oid_ce,32,0 };
+
+int x509_cert_policy_id_to_der(int oid, const uint32_t *nodes, size_t nodes_cnt, uint8_t **out, size_t *outlen)
+{
+	switch (oid) {
+	case OID_any_policy:
+		if (asn1_object_identifier_to_der(oid_any_policy, sizeof(oid_any_policy)/sizeof(int), out, outlen) != 1) {
+			error_print();
+			return -1;
+		}
+		break;
+	case OID_undef:
+		if (asn1_object_identifier_to_der(nodes, nodes_cnt, out, outlen) != 1) {
+			error_print();
+			return -1;
+		}
+		break;
+	default:
+		error_print();
+		return -1;
+	}
+	return 1;
+}
+
+int x509_cert_policy_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen)
+{
+	int ret;
+	if ((ret = asn1_object_identifier_from_der(nodes, nodes_cnt, in, inlen)) != 1) {
+		if (ret < 0) error_print();
+		else *oid = -1;
+		return ret;
+	}
+	if (asn1_object_identifier_equ(nodes, *nodes_cnt, oid_any_policy, oid_cnt(oid_any_policy)))
+		*oid = OID_any_policy;
+	else	*oid = 0;
+	return 1;
+}
+
 int x509_policy_information_to_der(
 	int oid, const uint32_t *nodes, size_t nodes_cnt,
 	const uint8_t *qualifiers, size_t qualifiers_len,
@@ -2105,6 +2326,90 @@ err:
 	return -1;
 }
 
+
+static uint32_t oid_any_extended_key_usage[] = { oid_ce,37,0 };
+
+#define oid_kp oid_pkix,3
+
+static uint32_t oid_kp_server_auth[] = { oid_kp,1 };
+static uint32_t oid_kp_client_auth[] = { oid_kp,2 };
+static uint32_t oid_kp_code_signing[] = { oid_kp,3 };
+static uint32_t oid_kp_email_protection[] = { oid_kp,4 };
+static uint32_t oid_kp_time_stamping[] = { oid_kp,8 };
+static uint32_t oid_kp_ocsp_signing[] = { oid_kp,9 };
+#define OID_KP_CNT sizeof(oid_kp_server_auth)/sizeof(int)
+
+static const ASN1_OID_INFO x509_key_purposes[] = {
+	{ OID_any_extended_key_usage, "anyExtendedKeyUsage", oid_any_extended_key_usage, sizeof(oid_any_extended_key_usage)/sizeof(uint32_t), 0, "Any Extended Key Usage" },
+	{ OID_kp_server_auth, "serverAuth", oid_kp_server_auth, OID_KP_CNT, 0, "TLS WWW server authentication" },
+	{ OID_kp_client_auth, "clientAuth", oid_kp_client_auth, OID_KP_CNT, 0, "TLS WWW client authentication" },
+	{ OID_kp_code_signing, "codeSigning", oid_kp_code_signing, OID_KP_CNT, 0, "Signing of downloadable executable code" },
+	{ OID_kp_email_protection, "emailProtection", oid_kp_email_protection, OID_KP_CNT, 0, "Email protection" },
+	{ OID_kp_time_stamping, "timeStamping", oid_kp_time_stamping, OID_KP_CNT, 0, "Binding the hash of an object to a time" },
+	{ OID_kp_ocsp_signing, "OCSPSigning", oid_kp_ocsp_signing, OID_KP_CNT, 0, "Signing OCSP responses" },
+};
+
+static const int x509_key_purposes_count =
+	sizeof(x509_key_purposes)/sizeof(x509_key_purposes[0]);
+
+int x509_key_purpose_from_name(const char *name)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_name(x509_key_purposes, x509_key_purposes_count, name))) {
+		error_print();
+		return OID_undef;
+	}
+	return info->oid;
+}
+
+const char *x509_key_purpose_name(int oid)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_oid(x509_key_purposes, x509_key_purposes_count, oid))) {
+		error_print();
+		return NULL;
+	}
+	return info->name;
+}
+
+const char *x509_key_purpose_text(int oid)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_oid(x509_key_purposes, x509_key_purposes_count, oid))) {
+		error_print();
+		return NULL;
+	}
+	return info->description;
+}
+
+int x509_key_purpose_to_der(int oid, uint8_t **out, size_t *outlen)
+{
+	const ASN1_OID_INFO *info;
+	if (!(info = asn1_oid_info_from_oid(x509_key_purposes, x509_key_purposes_count, oid))) {
+		error_print();
+		return -1;
+	}
+	if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1) {
+		error_print();
+		return -1;
+	}
+	return 1;
+}
+
+int x509_key_purpose_from_der(int *oid, const uint8_t **in, size_t *inlen)
+{
+	int ret;
+	const ASN1_OID_INFO *info;
+	if ((ret = asn1_oid_info_from_der(&info, x509_key_purposes, x509_key_purposes_count, in, inlen)) != 1) {
+		if (ret < 0) error_print();
+		else *oid = -1;
+		return ret;
+	}
+	*oid = info->oid;
+	return 1;
+}
+
+
 int x509_ext_key_usage_to_der(const int *oids, size_t oids_cnt, uint8_t **out, size_t *outlen)
 {
 	size_t len = 0;

src/x509_oid.c

@@ -1,415 +0,0 @@
-/*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <assert.h>
-#include <gmssl/sm2.h>
-#include <gmssl/oid.h>
-#include <gmssl/asn1.h>
-#include <gmssl/x509.h>
-#include <gmssl/error.h>
-
-
-static uint32_t oid_at_name[] = { oid_at,41 };
-static uint32_t oid_at_surname[] = { oid_at,4 };
-static uint32_t oid_at_given_name[] = { oid_at,42 };
-static uint32_t oid_at_initials[] = { oid_at,43 };
-static uint32_t oid_at_generation_qualifier[] = { oid_at,44 };
-static uint32_t oid_at_common_name[] = { oid_at,3 };
-static uint32_t oid_at_locality_name[] = { oid_at,7 };
-static uint32_t oid_at_state_or_province_name[] = { oid_at,8 };
-static uint32_t oid_at_organization_name[] = { oid_at,10 };
-static uint32_t oid_at_organizational_unit_name[] = { oid_at,11 };
-static uint32_t oid_at_title[] = { oid_at,12 };
-static uint32_t oid_at_dn_qualifier[] = { oid_at,46 };
-static uint32_t oid_at_country_name[] = { oid_at,6 };
-static uint32_t oid_at_serial_number[] = { oid_at,5 };
-static uint32_t oid_at_pseudonym[] = { oid_at,65 };
-static uint32_t oid_domain_component[] = { 0,9,2342,19200300,100,1,25 };
-static uint32_t oid_email_address[] = { 1,2,840,113549,1,9,1 };
-
-#define OID_AT_CNT (sizeof(oid_at_name)/sizeof(int))
-
-static const ASN1_OID_INFO x509_name_types[] = {
-	{ OID_at_name, "name", oid_at_name, OID_AT_CNT },
-	{ OID_at_surname, "surname", oid_at_surname, OID_AT_CNT },
-	{ OID_at_given_name, "givenName", oid_at_given_name, OID_AT_CNT },
-	{ OID_at_initials, "initials", oid_at_initials, OID_AT_CNT },
-	{ OID_at_generation_qualifier, "generationQualifier", oid_at_generation_qualifier, OID_AT_CNT },
-	{ OID_at_common_name, "commonName", oid_at_common_name, OID_AT_CNT },
-	{ OID_at_locality_name, "localityName", oid_at_locality_name, OID_AT_CNT },
-	{ OID_at_state_or_province_name, "stateOrProvinceName", oid_at_state_or_province_name, OID_AT_CNT },
-	{ OID_at_organization_name, "organizationName", oid_at_organization_name, OID_AT_CNT },
-	{ OID_at_organizational_unit_name, "organizationalUnitName", oid_at_organizational_unit_name, OID_AT_CNT },
-	{ OID_at_title, "title", oid_at_title, OID_AT_CNT },
-	{ OID_at_dn_qualifier, "dnQualifier", oid_at_dn_qualifier, OID_AT_CNT },
-	{ OID_at_country_name, "countryName", oid_at_country_name, OID_AT_CNT },
-	{ OID_at_serial_number, "serialNumber", oid_at_serial_number, OID_AT_CNT },
-	{ OID_at_pseudonym, "pseudonym", oid_at_pseudonym, OID_AT_CNT },
-	{ OID_domain_component, "domainComponent", oid_domain_component, sizeof(oid_domain_component)/sizeof(int) },
-	{ OID_email_address, "emailAddress", oid_email_address, sizeof(oid_email_address)/sizeof(int) },
-};
-
-static const int x509_name_types_count
-	= sizeof(x509_name_types)/sizeof(x509_name_types[0]);
-
-const char *x509_name_type_name(int oid)
-{
-	const ASN1_OID_INFO *info;
-	if (!(info = asn1_oid_info_from_oid(x509_name_types, x509_name_types_count, oid))) {
-		error_print();
-		return NULL;
-	}
-	return info->name;
-}
-
-int x509_name_type_from_name(const char *name)
-{
-	const ASN1_OID_INFO *info;
-	if (!(info = asn1_oid_info_from_name(x509_name_types, x509_name_types_count, name))) {
-		error_print();
-		return OID_undef;
-	}
-	return info->oid;
-}
-
-int x509_name_type_to_der(int oid, uint8_t **out, size_t *outlen)
-{
-	const ASN1_OID_INFO *info;
-	if (!(info = asn1_oid_info_from_oid(x509_name_types, x509_name_types_count, oid))) {
-		error_print();
-		return -1;
-	}
-	if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1) {
-		error_print();
-		return -1;
-	}
-	return 1;
-}
-
-int x509_name_type_from_der(int *oid, const uint8_t **in, size_t *inlen)
-{
-	int ret;
-	const ASN1_OID_INFO *info;
-
-	if ((ret = asn1_oid_info_from_der(&info, x509_name_types, x509_name_types_count, in, inlen)) != 1) {
-		if (ret < 0) error_print();
-		else *oid = -1;
-		return ret;
-	}
-	*oid = info->oid;
-	return 1;
-}
-
-
-static uint32_t oid_ce_subject_directory_attributes[] = { oid_ce,9 };
-static uint32_t oid_ce_subject_key_identifier[] = { oid_ce,14 };
-static uint32_t oid_ce_key_usage[] = { oid_ce,15 };
-static uint32_t oid_ce_subject_alt_name[] = { oid_ce,17 };
-static uint32_t oid_ce_issuer_alt_name[] = { oid_ce,18 };
-static uint32_t oid_ce_basic_constraints[] = { oid_ce,19 };
-static uint32_t oid_ce_name_constraints[] = { oid_ce,30 };
-static uint32_t oid_ce_crl_distribution_points[] = { oid_ce,31 };
-static uint32_t oid_ce_certificate_policies[] = { oid_ce,32 };
-static uint32_t oid_ce_policy_mappings[] = { oid_ce,33 };
-static uint32_t oid_ce_authority_key_identifier[] = { oid_ce,35 };
-static uint32_t oid_ce_policy_constraints[] = { oid_ce,36 };
-static uint32_t oid_ce_ext_key_usage[] = { oid_ce,37 };
-static uint32_t oid_ce_freshest_crl[] = { oid_ce,46 };
-static uint32_t oid_ce_inhibit_any_policy[] = { oid_ce,54 };
-static uint32_t oid_ce_crl_reasons[] = { oid_ce,21 }; // crl_entry_ext
-static uint32_t oid_ce_invalidity_date[] = { oid_ce,24 }; // crl_entry_ext
-static uint32_t oid_ce_certificate_issuer[] = { oid_ce,29 }; // crl_entry_ext
-#define OID_CE_CNT sizeof(oid_ce_subject_directory_attributes)/sizeof(int)
-static uint32_t oid_netscape_cert_type[] = { 2,16,840,1,113730,1,1 };
-static uint32_t oid_netscape_cert_comment[] = { 2,16,840,1,113730,1,13 };
-static uint32_t oid_pe_authority_info_access[] = { 1,3,6,1,5,5,7,1,1 };
-static uint32_t oid_ct_precertificate_scts[] = { 1,3,6,1,4,1,11129,2,4,2 };
-
-static const ASN1_OID_INFO x509_ext_ids[] = {
-	{ OID_ce_authority_key_identifier, "AuthorityKeyIdentifier", oid_ce_authority_key_identifier, OID_CE_CNT },
-	{ OID_ce_subject_key_identifier, "SubjectKeyIdentifier", oid_ce_subject_key_identifier, OID_CE_CNT },
-	{ OID_ce_key_usage, "KeyUsage", oid_ce_key_usage, OID_CE_CNT },
-	{ OID_ce_certificate_policies, "CertificatePolicies", oid_ce_certificate_policies, OID_CE_CNT },
-	{ OID_ce_policy_mappings, "PolicyMappings", oid_ce_policy_mappings, OID_CE_CNT },
-	{ OID_ce_subject_alt_name, "SubjectAltName", oid_ce_subject_alt_name, OID_CE_CNT },
-	{ OID_ce_issuer_alt_name, "IssuerAltName", oid_ce_issuer_alt_name, OID_CE_CNT },
-	{ OID_ce_subject_directory_attributes, "SubjectDirectoryAttributes", oid_ce_subject_directory_attributes, OID_CE_CNT },
-	{ OID_ce_basic_constraints, "BasicConstraints", oid_ce_basic_constraints, OID_CE_CNT },
-	{ OID_ce_name_constraints, "NameConstraints", oid_ce_name_constraints, OID_CE_CNT },
-	{ OID_ce_policy_constraints, "PolicyConstraints", oid_ce_policy_constraints, OID_CE_CNT },
-	{ OID_ce_ext_key_usage, "ExtKeyUsage", oid_ce_ext_key_usage, OID_CE_CNT },
-	{ OID_ce_crl_distribution_points, "CRLDistributionPoints", oid_ce_crl_distribution_points, OID_CE_CNT },
-	{ OID_ce_inhibit_any_policy, "InhibitAnyPolicy", oid_ce_inhibit_any_policy, OID_CE_CNT },
-	{ OID_ce_freshest_crl, "FreshestCRL", oid_ce_freshest_crl, OID_CE_CNT },
-	{ OID_ce_crl_reasons, "CRLReasons", oid_ce_crl_reasons, OID_CE_CNT },
-	{ OID_ce_invalidity_date, "InvalidityDate", oid_ce_invalidity_date, OID_CE_CNT },
-	{ OID_ce_certificate_issuer, "CertificateIssuer", oid_ce_certificate_issuer, OID_CE_CNT },
-	{ OID_netscape_cert_type, "NetscapeCertType", oid_netscape_cert_type, sizeof(oid_netscape_cert_type)/sizeof(int) },
-	{ OID_netscape_cert_comment, "NetscapeCertComment", oid_netscape_cert_comment, sizeof(oid_netscape_cert_comment)/sizeof(int) },
-	{ OID_pe_authority_info_access, "AuthorityInformationAccess", oid_pe_authority_info_access, sizeof(oid_pe_authority_info_access)/sizeof(int) },
-	{ OID_ct_precertificate_scts, "CT-PrecertificateSCTs", oid_ct_precertificate_scts, sizeof(oid_ct_precertificate_scts)/sizeof(int) },
-};
-
-static const int x509_ext_ids_count =
-	sizeof(x509_ext_ids)/sizeof(x509_ext_ids[0]);
-
-const char *x509_ext_id_name(int oid)
-{
-	const ASN1_OID_INFO *info;
-	if (oid == 0) {
-		return NULL;
-	}
-	if (!(info = asn1_oid_info_from_oid(x509_ext_ids, x509_ext_ids_count, oid))) {
-		error_print();
-		return NULL;
-	}
-	return info->name;
-}
-
-int x509_ext_id_from_name(const char *name)
-{
-	const ASN1_OID_INFO *info;
-	if (!(info = asn1_oid_info_from_name(x509_ext_ids, x509_ext_ids_count, name))) {
-		error_print();
-		return OID_undef;
-	}
-	return info->oid;
-}
-
-int x509_ext_id_to_der(int oid, uint8_t **out, size_t *outlen)
-{
-	const ASN1_OID_INFO *info;
-	if (!(info = asn1_oid_info_from_oid(x509_ext_ids, x509_ext_ids_count, oid))) {
-		error_print();
-		return -1;
-	}
-	if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1) {
-		error_print();
-		return -1;
-	}
-	return 1;
-}
-
-// 如果要支持未知的ext_id，应该提供一个callback
-int x509_ext_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen)
-{
-	int ret;
-	const ASN1_OID_INFO *info;
-
-	if ((ret = asn1_oid_info_from_der_ex(&info, nodes, nodes_cnt, x509_ext_ids, x509_ext_ids_count, in, inlen)) != 1) {
-		if (ret < 0) error_print();
-		else *oid = -1;
-		return ret;
-	}
-	*oid = info ? info->oid : 0;
-	return 1;
-}
-
-
-static uint32_t oid_qt_cps[] = { oid_qt,1 };
-static uint32_t oid_qt_unotice[] = {oid_qt,2 };
-
-static const ASN1_OID_INFO x509_qt_ids[] = {
-	{ OID_qt_cps, "CPS", oid_qt_cps, sizeof(oid_qt_cps)/sizeof(int) },
-	{ OID_qt_unotice, "userNotice", oid_qt_unotice, sizeof(oid_qt_unotice)/sizeof(int) }
-};
-
-static const int x509_qt_ids_count =
-	sizeof(x509_qt_ids)/sizeof(x509_qt_ids[0]);
-
-int x509_qualifier_id_from_name(const char *name)
-{
-	const ASN1_OID_INFO *info;
-	if (!(info = asn1_oid_info_from_name(x509_qt_ids, x509_qt_ids_count, name))) {
-		error_print();
-		return OID_undef;
-	}
-	return info->oid;
-}
-
-const char *x509_qualifier_id_name(int oid)
-{
-	const ASN1_OID_INFO *info;
-	if (!(info = asn1_oid_info_from_oid(x509_qt_ids, x509_qt_ids_count, oid))) {
-		error_print();
-		return NULL;
-	}
-	return info->name;
-}
-
-int x509_qualifier_id_to_der(int oid, uint8_t **out, size_t *outlen)
-{
-	const ASN1_OID_INFO *info;
-	if (!(info = asn1_oid_info_from_oid(x509_qt_ids, x509_qt_ids_count, oid))) {
-		error_print();
-		return -1;
-	}
-	if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1) {
-		error_print();
-		return -1;
-	}
-	return 1;
-}
-
-int x509_qualifier_id_from_der(int *oid, const uint8_t **in, size_t *inlen)
-{
-	int ret;
-	const ASN1_OID_INFO *info;
-	if ((ret = asn1_oid_info_from_der(&info, x509_qt_ids, x509_qt_ids_count, in, inlen)) != 1) {
-		if (ret < 0) error_print();
-		else *oid = -1;
-		return ret;
-	}
-	*oid = info->oid;
-	return 1;
-}
-
-
-int x509_cert_policy_id_from_name(const char *name)
-{
-	if (strcmp(name, "anyPolicy") == 0) {
-		return OID_any_policy;
-	}
-	return OID_undef;
-}
-
-char *x509_cert_policy_id_name(int oid)
-{
-	switch (oid) {
-	case OID_any_policy: return "anyPolicy";
-	}
-	return NULL;
-}
-
-static uint32_t oid_any_policy[] = { oid_ce,32,0 };
-
-int x509_cert_policy_id_to_der(int oid, const uint32_t *nodes, size_t nodes_cnt, uint8_t **out, size_t *outlen)
-{
-	switch (oid) {
-	case OID_any_policy:
-		if (asn1_object_identifier_to_der(oid_any_policy, sizeof(oid_any_policy)/sizeof(int), out, outlen) != 1) {
-			error_print();
-			return -1;
-		}
-		break;
-	case OID_undef:
-		if (asn1_object_identifier_to_der(nodes, nodes_cnt, out, outlen) != 1) {
-			error_print();
-			return -1;
-		}
-		break;
-	default:
-		error_print();
-		return -1;
-	}
-	return 1;
-}
-
-int x509_cert_policy_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen)
-{
-	int ret;
-	if ((ret = asn1_object_identifier_from_der(nodes, nodes_cnt, in, inlen)) != 1) {
-		if (ret < 0) error_print();
-		else *oid = -1;
-		return ret;
-	}
-	if (asn1_object_identifier_equ(nodes, *nodes_cnt, oid_any_policy, oid_cnt(oid_any_policy)))
-		*oid = OID_any_policy;
-	else	*oid = 0;
-	return 1;
-}
-
-
-static uint32_t oid_any_extended_key_usage[] = { oid_ce,37,0 };
-
-#define oid_kp oid_pkix,3
-
-static uint32_t oid_kp_server_auth[] = { oid_kp,1 };
-static uint32_t oid_kp_client_auth[] = { oid_kp,2 };
-static uint32_t oid_kp_code_signing[] = { oid_kp,3 };
-static uint32_t oid_kp_email_protection[] = { oid_kp,4 };
-static uint32_t oid_kp_time_stamping[] = { oid_kp,8 };
-static uint32_t oid_kp_ocsp_signing[] = { oid_kp,9 };
-#define OID_KP_CNT sizeof(oid_kp_server_auth)/sizeof(int)
-
-static const ASN1_OID_INFO x509_key_purposes[] = {
-	{ OID_any_extended_key_usage, "anyExtendedKeyUsage", oid_any_extended_key_usage, sizeof(oid_any_extended_key_usage)/sizeof(uint32_t), 0, "Any Extended Key Usage" },
-	{ OID_kp_server_auth, "serverAuth", oid_kp_server_auth, OID_KP_CNT, 0, "TLS WWW server authentication" },
-	{ OID_kp_client_auth, "clientAuth", oid_kp_client_auth, OID_KP_CNT, 0, "TLS WWW client authentication" },
-	{ OID_kp_code_signing, "codeSigning", oid_kp_code_signing, OID_KP_CNT, 0, "Signing of downloadable executable code" },
-	{ OID_kp_email_protection, "emailProtection", oid_kp_email_protection, OID_KP_CNT, 0, "Email protection" },
-	{ OID_kp_time_stamping, "timeStamping", oid_kp_time_stamping, OID_KP_CNT, 0, "Binding the hash of an object to a time" },
-	{ OID_kp_ocsp_signing, "OCSPSigning", oid_kp_ocsp_signing, OID_KP_CNT, 0, "Signing OCSP responses" },
-};
-
-static const int x509_key_purposes_count =
-	sizeof(x509_key_purposes)/sizeof(x509_key_purposes[0]);
-
-int x509_key_purpose_from_name(const char *name)
-{
-	const ASN1_OID_INFO *info;
-	if (!(info = asn1_oid_info_from_name(x509_key_purposes, x509_key_purposes_count, name))) {
-		error_print();
-		return OID_undef;
-	}
-	return info->oid;
-}
-
-const char *x509_key_purpose_name(int oid)
-{
-	const ASN1_OID_INFO *info;
-	if (!(info = asn1_oid_info_from_oid(x509_key_purposes, x509_key_purposes_count, oid))) {
-		error_print();
-		return NULL;
-	}
-	return info->name;
-}
-
-const char *x509_key_purpose_text(int oid)
-{
-	const ASN1_OID_INFO *info;
-	if (!(info = asn1_oid_info_from_oid(x509_key_purposes, x509_key_purposes_count, oid))) {
-		error_print();
-		return NULL;
-	}
-	return info->description;
-}
-
-int x509_key_purpose_to_der(int oid, uint8_t **out, size_t *outlen)
-{
-	const ASN1_OID_INFO *info;
-	if (!(info = asn1_oid_info_from_oid(x509_key_purposes, x509_key_purposes_count, oid))) {
-		error_print();
-		return -1;
-	}
-	if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1) {
-		error_print();
-		return -1;
-	}
-	return 1;
-}
-
-int x509_key_purpose_from_der(int *oid, const uint8_t **in, size_t *inlen)
-{
-	int ret;
-	const ASN1_OID_INFO *info;
-	if ((ret = asn1_oid_info_from_der(&info, x509_key_purposes, x509_key_purposes_count, in, inlen)) != 1) {
-		if (ret < 0) error_print();
-		else *oid = -1;
-		return ret;
-	}
-	*oid = info->oid;
-	return 1;
-}

tests/http_crltest.c

@@ -13,7 +13,6 @@
 #include <stdlib.h>
 #include <gmssl/oid.h>
 #include <gmssl/x509_alg.h>
-#include <gmssl/x509_oid.h>
 #include <gmssl/x509_crl.h>
 #include <gmssl/x509_ext.h>
 #include <gmssl/x509.h>

tests/x509_crltest.c

@@ -13,7 +13,6 @@
 #include <stdlib.h>
 #include <gmssl/oid.h>
 #include <gmssl/x509_alg.h>
-#include <gmssl/x509_oid.h>
 #include <gmssl/x509_crl.h>
 #include <gmssl/x509_ext.h>
 #include <gmssl/x509.h>

tests/x509_exttest.c

@@ -13,7 +13,6 @@
 #include <stdlib.h>
 #include <gmssl/oid.h>
 #include <gmssl/x509_alg.h>
-#include <gmssl/x509_oid.h>
 #include <gmssl/x509_ext.h>
 #include <gmssl/x509.h>
 #include <gmssl/rand.h>

tests/x509_oidtest.c

@@ -12,8 +12,8 @@
 #include <string.h>
 #include <stdlib.h>
 #include <gmssl/oid.h>
-#include <gmssl/x509_oid.h>
 #include <gmssl/x509.h>
+#include <gmssl/x509_ext.h>
 #include <gmssl/rand.h>
 #include <gmssl/error.h>
 

tests/x509_reqtest.c

@@ -13,7 +13,6 @@
 #include <stdlib.h>
 #include <gmssl/oid.h>
 #include <gmssl/x509_alg.h>
-#include <gmssl/x509_oid.h>
 #include <gmssl/x509_req.h>
 #include <gmssl/x509.h>
 #include <gmssl/rand.h>

tests/x509test.c

@@ -13,7 +13,6 @@
 #include <stdlib.h>
 #include <gmssl/oid.h>
 #include <gmssl/x509_alg.h>
-#include <gmssl/x509_oid.h>
 #include <gmssl/x509.h>
 #include <gmssl/rand.h>
 #include <gmssl/error.h>

tools/certgen.c

@@ -18,7 +18,6 @@
 #include <gmssl/error.h>
 #include <gmssl/hex.h>
 #include <gmssl/x509.h>
-#include <gmssl/x509_oid.h>
 #include <gmssl/x509_ext.h>
 
 

tools/reqsign.c

@@ -18,7 +18,6 @@
 #include <gmssl/x509.h>
 #include <gmssl/x509_ext.h>
 #include <gmssl/x509_req.h>
-#include <gmssl/x509_oid.h>
 
 
 static const char *options =