mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-05-07 00:46:17 +08:00
602 lines
17 KiB
C
602 lines
17 KiB
C
/*
|
|
* Copyright (c) 2021 - 2021 The GmSSL Project. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
*
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in
|
|
* the documentation and/or other materials provided with the
|
|
* distribution.
|
|
*
|
|
* 3. All advertising materials mentioning features or use of this
|
|
* software must display the following acknowledgment:
|
|
* "This product includes software developed by the GmSSL Project.
|
|
* (http://gmssl.org/)"
|
|
*
|
|
* 4. The name "GmSSL Project" must not be used to endorse or promote
|
|
* products derived from this software without prior written
|
|
* permission. For written permission, please contact
|
|
* guanzhi1980@gmail.com.
|
|
*
|
|
* 5. Products derived from this software may not be called "GmSSL"
|
|
* nor may "GmSSL" appear in their names without prior written
|
|
* permission of the GmSSL Project.
|
|
*
|
|
* 6. Redistributions of any form whatsoever must retain the following
|
|
* acknowledgment:
|
|
* "This product includes software developed by the GmSSL Project
|
|
* (http://gmssl.org/)"
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
|
|
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
|
|
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
#include <gmssl/asn1.h>
|
|
#include <gmssl/oid.h>
|
|
#include <gmssl/x509.h>
|
|
#include <gmssl/x509_crl.h>
|
|
#include <gmssl/x509_alg.h>
|
|
#include <gmssl/x509_ext.h>
|
|
#include <gmssl/error.h>
|
|
|
|
static const char *x509_crl_reason_names[] = {
|
|
"unspecified",
|
|
"keyCompromise",
|
|
"cACompromise",
|
|
"affiliationChanged",
|
|
"superseded",
|
|
"cessationOfOperation",
|
|
"certificateHold",
|
|
"notAssigned",
|
|
"removeFromCRL",
|
|
"privilegeWithdrawn",
|
|
"aACompromise",
|
|
};
|
|
|
|
static const size_t x509_crl_reason_names_count =
|
|
sizeof(x509_crl_reason_names)/sizeof(x509_crl_reason_names[0]);
|
|
|
|
const char *x509_crl_reason_name(int reason)
|
|
{
|
|
if (reason < 0 || reason >= x509_crl_reason_names_count) {
|
|
error_print();
|
|
return NULL;
|
|
}
|
|
return x509_crl_reason_names[reason];
|
|
}
|
|
|
|
int x509_crl_reason_from_name(int *reason, const char *name)
|
|
{
|
|
int i;
|
|
for (i = 0; i < x509_crl_reason_names_count; i++) {
|
|
if (strcmp(name, x509_crl_reason_names[i]) == 0) {
|
|
*reason = i;
|
|
return 1;
|
|
}
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
int x509_crl_reason_to_der(int reason, uint8_t **out, size_t *outlen)
|
|
{
|
|
if (reason >= 0 && !x509_crl_reason_name(reason)) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
return asn1_enumerated_to_der(reason, out, outlen);
|
|
}
|
|
|
|
int x509_crl_reason_from_der(int *reason, const uint8_t **in, size_t *inlen)
|
|
{
|
|
return asn1_enumerated_from_der(reason, in, inlen);
|
|
}
|
|
|
|
|
|
static uint32_t oid_ce_crl_reasons[] = { oid_ce,21 };
|
|
static uint32_t oid_ce_invalidity_date[] = { oid_ce,24 };
|
|
static uint32_t oid_ce_certificate_issuer[] = { oid_ce,29 };
|
|
|
|
static const ASN1_OID_INFO x509_crl_entry_exts[] = {
|
|
{ OID_ce_crl_reasons, "CRLReasons", oid_ce_crl_reasons, sizeof(oid_ce_crl_reasons)/sizeof(int) },
|
|
{ OID_ce_invalidity_date, "InvalidityDate", oid_ce_invalidity_date, sizeof(oid_ce_invalidity_date)/sizeof(int) },
|
|
{ OID_ce_certificate_issuer, "CertificateIssuer", oid_ce_certificate_issuer, sizeof(oid_ce_certificate_issuer)/sizeof(int) },
|
|
};
|
|
|
|
static const int x509_crl_entry_exts_count =
|
|
sizeof(x509_crl_entry_exts)/sizeof(x509_crl_entry_exts[0]);
|
|
|
|
const char *x509_crl_entry_ext_id_name(int oid)
|
|
{
|
|
const ASN1_OID_INFO *info;
|
|
if (!(info = asn1_oid_info_from_oid(x509_crl_entry_exts, x509_crl_entry_exts_count, oid))) {
|
|
error_print();
|
|
return NULL;
|
|
}
|
|
return info->name;
|
|
}
|
|
|
|
int x509_crl_entry_ext_id_from_name(const char *name)
|
|
{
|
|
const ASN1_OID_INFO *info;
|
|
if (!(info = asn1_oid_info_from_name(x509_crl_entry_exts, x509_crl_entry_exts_count, name))) {
|
|
error_print();
|
|
return OID_undef;
|
|
}
|
|
return info->oid;
|
|
}
|
|
|
|
int x509_crl_entry_ext_id_to_der(int oid, uint8_t **out, size_t *outlen)
|
|
{
|
|
const ASN1_OID_INFO *info;
|
|
size_t len = 0;
|
|
if (!(info = asn1_oid_info_from_oid(x509_crl_entry_exts, x509_crl_entry_exts_count, oid))) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, NULL, &len) != 1
|
|
|| asn1_sequence_header_to_der(len, out, outlen) != 1
|
|
|| asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
int x509_crl_entry_ext_id_from_der(int *oid, const uint8_t **in, size_t *inlen)
|
|
{
|
|
int ret;
|
|
const uint8_t *p;
|
|
size_t len;
|
|
const ASN1_OID_INFO *info;
|
|
|
|
*oid = 0;
|
|
if ((ret = asn1_oid_info_from_der(&info, x509_crl_entry_exts, x509_crl_entry_exts_count, in, inlen)) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
*oid = info->oid;
|
|
return ret;
|
|
}
|
|
|
|
int x509_crl_entry_exts_add_reason(uint8_t *exts, size_t *extslen, size_t maxlen,
|
|
int critical, int reason)
|
|
{
|
|
int oid = OID_ce_crl_reasons;
|
|
size_t curlen = *extslen;
|
|
uint8_t val[16];
|
|
uint8_t *p = val;
|
|
size_t vlen = 0;
|
|
|
|
if (x509_crl_reason_to_der(reason, &p, &vlen) != 1
|
|
|| x509_ext_to_der(oid, critical, val, vlen, NULL, &curlen) != 1
|
|
|| asn1_length_le(curlen, maxlen) != 1
|
|
|| x509_ext_to_der(oid, critical, val, vlen, &exts, extslen) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
int x509_crl_entry_exts_add_invalidity_date(uint8_t *exts, size_t *extslen, size_t maxlen,
|
|
int critical, time_t tv)
|
|
{
|
|
int oid = OID_ce_invalidity_date;
|
|
size_t curlen = *extslen;
|
|
uint8_t val[16];
|
|
uint8_t *p = val;
|
|
size_t vlen = 0;
|
|
|
|
if (asn1_generalized_time_to_der(tv, &p, &vlen) != 1
|
|
|| x509_ext_to_der(oid, critical, val, vlen, NULL, &curlen) != 1
|
|
|| asn1_length_le(curlen, maxlen) != 1
|
|
|| x509_ext_to_der(oid, critical, val, vlen, &exts, extslen) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
int x509_crl_entry_exts_add_certificate_issuer(uint8_t *exts, size_t *extslen, size_t maxlen,
|
|
int critical, const uint8_t *d, size_t dlen)
|
|
{
|
|
int oid = OID_ce_certificate_issuer;
|
|
return x509_exts_add_sequence(exts, extslen, maxlen, oid, critical, d, dlen);
|
|
}
|
|
|
|
int x509_crl_entry_exts_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
|
|
{
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
int x509_revoked_cert_to_der(
|
|
const uint8_t *serial, size_t serial_len,
|
|
time_t revoke_date,
|
|
const uint8_t *entry_exts, size_t entry_exts_len,
|
|
uint8_t **out, size_t *outlen)
|
|
{
|
|
size_t len = 0;
|
|
if (asn1_integer_to_der(serial, serial_len, NULL, &len) != 1
|
|
|| asn1_generalized_time_to_der(revoke_date, NULL, &len) != 1
|
|
|| asn1_sequence_to_der(entry_exts, entry_exts_len, NULL, &len) < 0
|
|
|| asn1_sequence_header_to_der(len, out, outlen) != 1
|
|
|| asn1_integer_to_der(serial, serial_len, out, outlen) != 1
|
|
|| asn1_generalized_time_to_der(revoke_date, out, outlen) != 1
|
|
|| asn1_sequence_to_der(entry_exts, entry_exts_len, out, outlen) < 0) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
int x509_revoked_cert_from_der(
|
|
const uint8_t **serial, size_t *serial_len,
|
|
time_t *revoke_date,
|
|
const uint8_t **entry_exts, size_t *entry_exts_len,
|
|
const uint8_t **in, size_t *inlen)
|
|
{
|
|
int ret;
|
|
const uint8_t *d;
|
|
size_t dlen;
|
|
|
|
if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
|
|
if (ret < 0) error_print();
|
|
return ret;
|
|
}
|
|
if (asn1_integer_from_der(serial, serial_len, &d, &dlen) != 1
|
|
|| asn1_generalized_time_from_der(revoke_date, &d, &dlen) != 1
|
|
|| asn1_sequence_from_der(entry_exts, entry_exts_len, &d, &dlen) < 0
|
|
|| asn1_length_is_zero(dlen) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
int x509_revoked_cert_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
|
|
{
|
|
int ret;
|
|
const uint8_t *p;
|
|
size_t len;
|
|
time_t tv;
|
|
|
|
if (asn1_integer_from_der(&p, &len, &d, &dlen) != 1) goto err;
|
|
format_bytes(fp, fmt, ind, "userCertificate", p, len);
|
|
if (asn1_generalized_time_from_der(&tv, &d, &dlen) != 1) goto err;
|
|
format_print(fp, fmt, ind, "revocationDate: %s\n", ctime(&tv));
|
|
if ((ret = asn1_sequence_from_der(&p, &len, &d, &dlen)) < 0) goto err;
|
|
//if (ret) x509_crl_entry_exts_print(fp, fmt, ind, "crlEntryExtensions", p, len); // 这里需要一个函数能够处理
|
|
if (asn1_length_is_zero(dlen) != 1) goto err;
|
|
return 1;
|
|
err:
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
|
|
static uint32_t oid_ce_authority_key_identifier[] = { oid_ce,35 };
|
|
static uint32_t oid_ce_issuer_alt_name[] = { oid_ce,18 };
|
|
static uint32_t oid_ce_crl_number[] = { oid_ce,20 };
|
|
static uint32_t oid_ce_delta_crl_indicator[] = { oid_ce,27 };
|
|
static uint32_t oid_ce_issuing_distribution_point[] = { oid_ce,28 };
|
|
|
|
static const ASN1_OID_INFO x509_crl_exts[] = {
|
|
{ OID_ce_authority_key_identifier, "AuthorityKeyIdentifier", oid_ce_authority_key_identifier, sizeof(oid_ce_authority_key_identifier)/sizeof(int) },
|
|
{ OID_ce_issuer_alt_name, "IssuerAltName", oid_ce_issuer_alt_name, sizeof(oid_ce_issuer_alt_name)/sizeof(int) },
|
|
{ OID_ce_crl_number, "CRLNumber", oid_ce_crl_number, sizeof(oid_ce_crl_number)/sizeof(int) },
|
|
{ OID_ce_delta_crl_indicator, "DeltaCRLIndicator", oid_ce_delta_crl_indicator, sizeof(oid_ce_delta_crl_indicator)/sizeof(int) },
|
|
{ OID_ce_issuing_distribution_point, "IssuingDistributionPoint", oid_ce_issuing_distribution_point, sizeof(oid_ce_issuing_distribution_point)/sizeof(int) }
|
|
};
|
|
|
|
static const int x509_crl_exts_count =
|
|
sizeof(x509_crl_exts)/sizeof(x509_crl_exts[0]);
|
|
|
|
const char *x509_crl_ext_id_name(int oid)
|
|
{
|
|
const ASN1_OID_INFO *info;
|
|
if (!(info = asn1_oid_info_from_oid(x509_crl_exts, x509_crl_exts_count, oid))) {
|
|
error_print();
|
|
return NULL;
|
|
}
|
|
return info->name;
|
|
}
|
|
|
|
int x509_crl_ext_id_from_name(const char *name)
|
|
{
|
|
const ASN1_OID_INFO *info;
|
|
if (!(info = asn1_oid_info_from_name(x509_crl_exts, x509_crl_exts_count, name))) {
|
|
error_print();
|
|
return OID_undef;
|
|
}
|
|
return info->oid;
|
|
}
|
|
|
|
int x509_crl_ext_id_to_der(int oid, uint8_t **out, size_t *outlen)
|
|
{
|
|
const ASN1_OID_INFO *info;
|
|
size_t len = 0;
|
|
if (!(info = asn1_oid_info_from_oid(x509_crl_exts, x509_crl_exts_count, oid))) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, NULL, &len) != 1
|
|
|| asn1_sequence_header_to_der(len, out, outlen) != 1
|
|
|| asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
int x509_crl_ext_id_from_der(int *oid, const uint8_t **in, size_t *inlen)
|
|
{
|
|
int ret;
|
|
const uint8_t *p;
|
|
size_t len;
|
|
const ASN1_OID_INFO *info;
|
|
|
|
*oid = 0;
|
|
if ((ret = asn1_oid_info_from_der(&info, x509_crl_exts, x509_crl_exts_count, in, inlen)) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
*oid = info->oid;
|
|
return ret;
|
|
}
|
|
|
|
int x509_crl_exts_add_authority_key_identifier(
|
|
uint8_t *exts, size_t *extslen, size_t maxlen,
|
|
int critical,
|
|
const uint8_t *keyid, size_t keyid_len,
|
|
const uint8_t *issuer, size_t issuer_len,
|
|
const uint8_t *serial, size_t serial_len)
|
|
{
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
int x509_crl_exts_add_issuer_alt_name(
|
|
uint8_t *exts, size_t *extslen, size_t maxlen,
|
|
int critical,
|
|
const uint8_t *d, size_t dlen)
|
|
{
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
int x509_crl_exts_add_crl_number(
|
|
uint8_t *exts, size_t *extslen, size_t maxlen,
|
|
int critical,
|
|
int num)
|
|
{
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
int x509_crl_exts_add_delta_crl_indicator(
|
|
uint8_t *exts, size_t *extslen, size_t maxlen,
|
|
int critical,
|
|
int num)
|
|
{
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
int x509_crl_exts_add_issuing_distribution_point(
|
|
uint8_t *exts, size_t *extslen, size_t maxlen,
|
|
int critical,
|
|
const uint8_t *dist_point, size_t dist_point_len,
|
|
int only_contains_user_certs,
|
|
int only_contains_ca_certs,
|
|
int only_some_reasons,
|
|
int indirect_crl,
|
|
int only_contains_attr_certs)
|
|
{
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
int x509_crl_exts_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
|
|
{
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
int x509_tbs_crl_to_der(
|
|
int version,
|
|
int signature_algor,
|
|
const uint8_t *issuer, size_t issuer_len,
|
|
time_t this_update, time_t next_update,
|
|
const uint8_t *revoked_certs, size_t revoked_certs_len,
|
|
const uint8_t *exts, size_t exts_len,
|
|
uint8_t **out, size_t *outlen)
|
|
{
|
|
size_t len = 0;
|
|
if (asn1_int_to_der(version, NULL, &len) < 0
|
|
|| x509_signature_algor_to_der(signature_algor, NULL, &len) < 0
|
|
|| asn1_sequence_to_der(issuer, issuer_len, NULL, &len) != 1
|
|
|| x509_time_to_der(this_update, NULL, &len) != 1
|
|
|| x509_time_to_der(next_update, NULL, &len) < 0
|
|
|| asn1_sequence_to_der(revoked_certs, revoked_certs_len, NULL, &len) < 0
|
|
|| asn1_sequence_to_der(exts, exts_len, NULL, &len) < 0
|
|
|| asn1_sequence_header_to_der(len, out, outlen) != 1
|
|
|| asn1_int_to_der(version, out, outlen) < 0
|
|
|| x509_signature_algor_to_der(signature_algor, out, outlen) < 0
|
|
|| asn1_sequence_to_der(issuer, issuer_len, out, outlen) != 1
|
|
|| x509_time_to_der(this_update, out, outlen) != 1
|
|
|| x509_time_to_der(next_update, out, outlen) < 0
|
|
|| asn1_sequence_to_der(revoked_certs, revoked_certs_len, out, outlen) < 0
|
|
|| asn1_sequence_to_der(exts, exts_len, out, outlen) < 0) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
int x509_tbs_crl_from_der(
|
|
int *version,
|
|
int *signature_algor,
|
|
const uint8_t **issuer, size_t *issuer_len,
|
|
time_t *this_update,
|
|
time_t *next_update,
|
|
const uint8_t **revoked_certs, size_t *revoked_certs_len,
|
|
const uint8_t **exts, size_t *exts_len,
|
|
uint8_t **in, size_t *inlen)
|
|
{
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
int x509_tbs_crl_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
|
|
{
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
int x509_cert_list_to_der(const uint8_t *tbs_crl, size_t tbs_crl_len,
|
|
int signature_algor, const uint8_t *sig, size_t siglen,
|
|
uint8_t **out, size_t *outlen)
|
|
{
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
int x509_cert_list_from_der(const uint8_t **tbs_crl, size_t *tbs_crl_len,
|
|
int *signature_algor, const uint8_t **sig, size_t *siglen,
|
|
const uint8_t **in, size_t *inlen)
|
|
{
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
int x509_cert_list_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
|
|
{
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
int x509_crl_to_pem(const uint8_t *a, size_t *alen, FILE *fp)
|
|
{
|
|
return 1;
|
|
}
|
|
|
|
int x509_crl_from_pem(uint8_t *a, size_t *alen, size_t maxlen, FILE *fp)
|
|
{
|
|
return 1;
|
|
}
|
|
|
|
int x509_crl_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
|
|
{
|
|
return 1;
|
|
}
|
|
|
|
int x509_tbs_crl_sign(
|
|
int version,
|
|
int signature_algor,
|
|
const uint8_t *issuer, size_t issuer_len,
|
|
time_t this_update, time_t next_update,
|
|
const uint8_t *revoked_certs, size_t revoked_certs_len,
|
|
const uint8_t *exts, size_t exts_len,
|
|
const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len,
|
|
uint8_t *crl, size_t *crl_len)
|
|
{
|
|
uint8_t tbs[512];
|
|
size_t tbslen;
|
|
SM2_SIGN_CTX sign_ctx;
|
|
uint8_t sig[SM2_MAX_SIGNATURE_SIZE];
|
|
size_t siglen;
|
|
uint8_t *p = tbs;
|
|
size_t len = 0;
|
|
uint8_t *out = crl;
|
|
size_t outlen = 0;
|
|
|
|
if (x509_tbs_crl_to_der(version, signature_algor, issuer, issuer_len,
|
|
this_update, next_update, revoked_certs, revoked_certs_len,
|
|
exts, exts_len, &p, &tbslen) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
if (sm2_sign_init(&sign_ctx, sign_key, signer_id, signer_id_len) != 1
|
|
|| sm2_sign_update(&sign_ctx, tbs, tbslen) != 1
|
|
|| sm2_sign_finish(&sign_ctx, sig, &siglen) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
if (asn1_data_to_der(tbs, tbslen, NULL, &len) != 1
|
|
|| x509_signature_algor_to_der(signature_algor, NULL, &len) != 1
|
|
|| asn1_bit_octets_to_der(sig, siglen, NULL, &len) != 1
|
|
|| asn1_sequence_header_to_der(len, &out, &outlen) != 1
|
|
|| asn1_data_to_der(tbs, tbslen, &out, &outlen) != 1
|
|
|| x509_signature_algor_to_der(signature_algor, &out, &outlen) != 1
|
|
|| asn1_bit_octets_to_der(sig, siglen, &out, &outlen) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
*crl_len = outlen;
|
|
return 1;
|
|
}
|
|
|
|
int x509_crl_verify(const uint8_t *a, size_t alen,
|
|
const SM2_KEY *signer_key, const char *signer_id, size_t signer_id_len)
|
|
{
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
int x509_crl_get_details(const uint8_t *crl, size_t crl_len,
|
|
int *version,
|
|
const uint8_t **issuer, size_t *issuer_len,
|
|
time_t *this_update,
|
|
time_t *next_update,
|
|
const uint8_t **revoked_certs, size_t *revoked_certs_len,
|
|
int *signature_algor,
|
|
const uint8_t *sig, size_t *siglen)
|
|
{
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
int x509_crl_get_revoked_cert_by_serial_number(const uint8_t *a, size_t alen,
|
|
const uint8_t *serial, size_t serial_len,
|
|
time_t *revoke_date,
|
|
const uint8_t **entry_exts, size_t *entry_exts_len)
|
|
{
|
|
return 1;
|
|
}
|
|
|
|
int x509_crls_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
|
|
{
|
|
const uint8_t *p;
|
|
size_t len;
|
|
|
|
format_print(fp, fmt, ind, "%s\n", label);
|
|
ind += 4;
|
|
|
|
while (dlen) {
|
|
if (asn1_sequence_from_der(&p, &len, &d, &dlen) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
x509_cert_list_print(fp, fmt, ind, "CertificateRevocationList", p, len);
|
|
}
|
|
return 1;
|
|
}
|