mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-06-30 17:53:39 +08:00
Update demos
This commit is contained in:
Zhi Guan
@@ -733,15 +733,27 @@ int sm2_ciphertext_from_der(SM2_CIPHERTEXT *C, const uint8_t **in, size_t *inlen
|
||||
return ret;
|
||||
}
|
||||
if (asn1_integer_from_der(&x, &xlen, &d, &dlen) != 1
|
||||
|| asn1_integer_from_der(&y, &ylen, &d, &dlen) != 1
|
||||
|| asn1_octet_string_from_der(&hash, &hashlen, &d, &dlen) != 1
|
||||
|| asn1_octet_string_from_der(&c, &clen, &d, &dlen) != 1
|
||||
|| asn1_length_le(xlen, 32) != 1
|
||||
|| asn1_length_le(ylen, 32) != 1
|
||||
|| asn1_check(hashlen == 32) != 1
|
||||
|| asn1_length_le(clen, SM2_MAX_PLAINTEXT_SIZE) != 1
|
||||
|| asn1_length_is_zero(clen) == 1
|
||||
|| asn1_length_is_zero(dlen) != 1) {
|
||||
|| asn1_length_le(xlen, 32) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
if (asn1_integer_from_der(&y, &ylen, &d, &dlen) != 1
|
||||
|| asn1_length_le(ylen, 32) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
if (asn1_octet_string_from_der(&hash, &hashlen, &d, &dlen) != 1
|
||||
|| asn1_check(hashlen == 32) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
if (asn1_octet_string_from_der(&c, &clen, &d, &dlen) != 1
|
||||
// || asn1_length_is_zero(clen) == 1
|
||||
|| asn1_length_le(clen, SM2_MAX_PLAINTEXT_SIZE) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
if (asn1_length_is_zero(dlen) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
@@ -818,7 +830,8 @@ int sm2_decrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, uint8_t *ou
|
||||
return -1;
|
||||
}
|
||||
if (sm2_ciphertext_from_der(&C, &in, &inlen) != 1
|
||||
|| asn1_length_is_zero(inlen) != 1) {
|
||||
|| asn1_length_is_zero(inlen) != 1
|
||||
) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -1796,6 +1796,7 @@ int x509_certs_verify(const uint8_t *certs, size_t certslen, int certs_type,
|
||||
}
|
||||
if (x509_cert_check(cert, certlen, entity_cert_type, &path_len_constraint) != 1) {
|
||||
error_print();
|
||||
x509_cert_print(stderr, 0, 10, "Invalid Entity Certificate", cert, certlen);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -1805,8 +1806,9 @@ int x509_certs_verify(const uint8_t *certs, size_t certslen, int certs_type,
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
if (x509_cert_check(cert, certlen, X509_cert_ca, &path_len_constraint) != 1) {
|
||||
if (x509_cert_check(cacert, cacertlen, X509_cert_ca, &path_len_constraint) != 1) {
|
||||
error_print();
|
||||
x509_cert_print(stderr, 0, 10, "Invalid CA Certificate", cacert, cacertlen);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
@@ -2039,7 +2039,7 @@ int x509_basic_constraints_from_der(int *ca, int *path_len_cons, const uint8_t *
|
||||
return 1;
|
||||
}
|
||||
|
||||
int x509_basic_constraints_check(int ca, int path_len_cons, int cert_type)
|
||||
int x509_basic_constraints_check(int ca, int path_len_constraint, int cert_type)
|
||||
{
|
||||
/*
|
||||
entity_cert:
|
||||
@@ -2055,20 +2055,28 @@ int x509_basic_constraints_check(int ca, int path_len_cons, int cert_type)
|
||||
ca = 1
|
||||
path_len_constraint = -1 or > 0 (=0 might be ok?)
|
||||
*/
|
||||
if (cert_type == X509_cert_ca) {
|
||||
switch (cert_type) {
|
||||
case X509_cert_server_auth:
|
||||
case X509_cert_client_auth:
|
||||
case X509_cert_server_key_encipher:
|
||||
case X509_cert_client_key_encipher:
|
||||
if (ca > 0 || path_len_constraint != -1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
break;
|
||||
// FIXME: add more cert types and check path_len_constraint
|
||||
case X509_cert_ca:
|
||||
case X509_cert_crl_sign:
|
||||
case X509_cert_root_ca:
|
||||
if (ca != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
if (path_len_cons < 0 || path_len_cons > X509_MAX_PATH_LEN_CONSTRAINT) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
} else {
|
||||
if (ca == 1 || path_len_cons >= 0) {
|
||||
error_print();
|
||||
return -1; // comment to only warning
|
||||
}
|
||||
break;
|
||||
default:
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
@@ -2087,7 +2095,6 @@ int x509_basic_constraints_print(FILE *fp, int fmt, int ind, const char *label,
|
||||
|
||||
if ((ret = asn1_boolean_from_der(&val, &d, &dlen)) < 0) goto err;
|
||||
if (ret) format_print(fp, fmt, ind, "cA: %s\n", asn1_boolean_name(val));
|
||||
//else format_print(fp, fmt, ind, "cA: %s\n", asn1_boolean_name(0));
|
||||
if ((ret = asn1_int_from_der(&val, &d, &dlen)) < 0) goto err;
|
||||
if (ret) format_print(fp, fmt, ind, "pathLenConstraint: %d\n", val);
|
||||
if (asn1_length_is_zero(dlen) != 1) goto err;
|
||||
@@ -2921,10 +2928,9 @@ int x509_exts_check(const uint8_t *exts, size_t extslen, int cert_type,
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
*path_len_constraint = path_len;
|
||||
break;
|
||||
|
||||
|
||||
|
||||
case OID_ce_ext_key_usage:
|
||||
if (x509_ext_key_usage_from_der(ext_key_usages, &ext_key_usages_cnt,
|
||||
sizeof(ext_key_usages)/sizeof(ext_key_usages[0]), &val, &vlen) != 1
|
||||
@@ -2949,16 +2955,6 @@ int x509_exts_check(const uint8_t *exts, size_t extslen, int cert_type,
|
||||
}
|
||||
}
|
||||
|
||||
switch (cert_type) {
|
||||
case X509_cert_ca:
|
||||
if (ca != 1 || path_len < 0) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
*path_len_constraint = path_len;
|
||||
break;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user