1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 #include "hitls_build.h"
17 #ifdef HITLS_PKI_X509
18
19 #include <stdint.h>
20 #include "securec.h"
21 #include "sal_atomic.h"
22 #include "bsl_obj.h"
23 #include "bsl_sal.h"
24 #include "bsl_obj_internal.h"
25 #include "bsl_err_internal.h"
26 #include "crypt_errno.h"
27 #include "crypt_eal_pkey.h"
28 #include "crypt_encode_decode_key.h"
29 #include "hitls_pki_errno.h"
30 #include "hitls_x509_local.h"
31
32 #define HITLS_X509_DNNAME_MAX_NUM 100
33
34 #define SM2_MAX_ID_BITS 65535
35 #define SM2_MAX_ID_LENGTH (SM2_MAX_ID_BITS / 8)
36
HITLS_X509_FreeNameNode(HITLS_X509_NameNode * node)37 void HITLS_X509_FreeNameNode(HITLS_X509_NameNode *node)
38 {
39 if (node == NULL) {
40 return;
41 }
42 BSL_SAL_FREE(node->nameType.buff);
43 node->nameType.len = 0;
44 node->nameType.tag = 0;
45 BSL_SAL_FREE(node->nameValue.buff);
46 node->nameValue.len = 0;
47 node->nameValue.tag = 0;
48 BSL_SAL_Free(node);
49 }
50
HITLS_X509_RefUp(BSL_SAL_RefCount * references,int32_t * val,uint32_t valLen)51 int32_t HITLS_X509_RefUp(BSL_SAL_RefCount *references, int32_t *val, uint32_t valLen)
52 {
53 if (val == NULL || valLen != sizeof(int)) {
54 BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_INVALID_PARAM);
55 return HITLS_X509_ERR_INVALID_PARAM;
56 }
57 return BSL_SAL_AtomicUpReferences(references, val);
58 }
59
HITLS_X509_GetList(BslList * list,void * val,uint32_t valLen)60 int32_t HITLS_X509_GetList(BslList *list, void *val, uint32_t valLen)
61 {
62 if (list == NULL || val == NULL || valLen != sizeof(BslList *)) {
63 BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_INVALID_PARAM);
64 return HITLS_X509_ERR_INVALID_PARAM;
65 }
66 *(BslList **)val = list;
67 return HITLS_PKI_SUCCESS;
68 }
69
HITLS_X509_GetPubKey(void * ealPubKey,void ** val)70 int32_t HITLS_X509_GetPubKey(void *ealPubKey, void **val)
71 {
72 if (val == NULL) {
73 BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_INVALID_PARAM);
74 return HITLS_X509_ERR_INVALID_PARAM;
75 }
76 int32_t ret = CRYPT_EAL_PkeyUpRef((CRYPT_EAL_PkeyCtx *)ealPubKey);
77 if (ret != CRYPT_SUCCESS) {
78 BSL_ERR_PUSH_ERROR(ret);
79 return ret;
80 }
81 *val = ealPubKey;
82 return HITLS_PKI_SUCCESS;
83 }
84
HITLS_X509_GetSignAlg(BslCid signAlgId,int32_t * val,uint32_t valLen)85 int32_t HITLS_X509_GetSignAlg(BslCid signAlgId, int32_t *val, uint32_t valLen)
86 {
87 if (val == NULL || valLen != sizeof(BslCid)) {
88 BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_INVALID_PARAM);
89 return HITLS_X509_ERR_INVALID_PARAM;
90 }
91 *val = signAlgId;
92 return HITLS_PKI_SUCCESS;
93 }
94
HITLS_X509_GetSignMdAlg(const HITLS_X509_Asn1AlgId * signAlgId,int32_t * val,int32_t valLen)95 int32_t HITLS_X509_GetSignMdAlg(const HITLS_X509_Asn1AlgId *signAlgId, int32_t *val, int32_t valLen)
96 {
97 if (val == NULL || valLen != sizeof(BslCid)) {
98 BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_INVALID_PARAM);
99 return HITLS_X509_ERR_INVALID_PARAM;
100 }
101 *val = signAlgId->algId == BSL_CID_RSASSAPSS ?
102 signAlgId->rsaPssParam.mdId : BSL_OBJ_GetHashIdFromSignId(signAlgId->algId);
103 return HITLS_PKI_SUCCESS;
104 }
105
HITLS_X509_GetEncodeLen(uint32_t encodeLen,uint32_t * val,uint32_t valLen)106 int32_t HITLS_X509_GetEncodeLen(uint32_t encodeLen, uint32_t *val, uint32_t valLen)
107 {
108 if (val == NULL || valLen != sizeof(uint32_t)) {
109 BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_INVALID_PARAM);
110 return HITLS_X509_ERR_INVALID_PARAM;
111 }
112 *(uint32_t *)val = encodeLen;
113 return HITLS_PKI_SUCCESS;
114 }
115
HITLS_X509_GetEncodeData(uint8_t * rawData,uint8_t ** val)116 int32_t HITLS_X509_GetEncodeData(uint8_t *rawData, uint8_t **val)
117 {
118 if (val == NULL) {
119 BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_INVALID_PARAM);
120 return HITLS_X509_ERR_INVALID_PARAM;
121 }
122 *val = rawData;
123 return HITLS_PKI_SUCCESS;
124 }
125
X509_IsValidHashAlg(CRYPT_MD_AlgId id)126 bool X509_IsValidHashAlg(CRYPT_MD_AlgId id)
127 {
128 return id == CRYPT_MD_MD5 || id == CRYPT_MD_SHA1 || id == CRYPT_MD_SHA224 || id == CRYPT_MD_SHA256 ||
129 id == CRYPT_MD_SHA384 || id == CRYPT_MD_SHA512 || id == CRYPT_MD_SM3;
130 }
131
132 #if defined(HITLS_PKI_X509_CRT_GEN) || defined(HITLS_PKI_X509_CSR_GEN) || defined(HITLS_PKI_X509_CRL_GEN)
133
HITLS_X509_SetPkey(void ** pkey,void * val)134 int32_t HITLS_X509_SetPkey(void **pkey, void *val)
135 {
136 CRYPT_EAL_PkeyCtx *src = (CRYPT_EAL_PkeyCtx *)val;
137 CRYPT_EAL_PkeyCtx **dest = (CRYPT_EAL_PkeyCtx **)pkey;
138
139 if (*dest != NULL) {
140 CRYPT_EAL_PkeyFreeCtx(*dest);
141 *dest = NULL;
142 }
143
144 *dest = CRYPT_EAL_PkeyDupCtx(src);
145 if (*dest == NULL) {
146 BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_SET_KEY);
147 return HITLS_X509_ERR_SET_KEY;
148 }
149 return HITLS_PKI_SUCCESS;
150 }
151
DupNameNode(const HITLS_X509_NameNode * src)152 static HITLS_X509_NameNode *DupNameNode(const HITLS_X509_NameNode *src)
153 {
154 /* Src is not null. */
155 HITLS_X509_NameNode *dest = BSL_SAL_Malloc(sizeof(HITLS_X509_NameNode));
156 if (dest == NULL) {
157 BSL_ERR_PUSH_ERROR(BSL_MALLOC_FAIL);
158 return NULL;
159 }
160 dest->layer = src->layer;
161
162 // nameType
163 dest->nameType = src->nameType;
164 dest->nameType.len = src->nameType.len;
165 if (dest->nameType.len != 0) {
166 dest->nameType.buff = BSL_SAL_Dump(src->nameType.buff, src->nameType.len);
167 if (dest->nameType.buff == NULL) {
168 BSL_SAL_Free(dest);
169 BSL_ERR_PUSH_ERROR(BSL_DUMP_FAIL);
170 return NULL;
171 }
172 }
173
174 // nameValue
175 dest->nameValue = src->nameValue;
176 dest->nameValue.len = src->nameValue.len;
177 if (dest->nameValue.len != 0) {
178 dest->nameValue.buff = BSL_SAL_Dump(src->nameValue.buff, src->nameValue.len);
179 if (dest->nameValue.buff == NULL) {
180 BSL_SAL_Free(dest->nameType.buff);
181 BSL_SAL_Free(dest);
182 BSL_ERR_PUSH_ERROR(BSL_DUMP_FAIL);
183 return NULL;
184 }
185 }
186 return dest;
187 }
188
189 #define X509_DN_NAME_ELEM_NUMBER 2
190
X509EncodeNameNodeEntry(const HITLS_X509_NameNode * nameNode,BSL_ASN1_Buffer * asn1Buff)191 static int32_t X509EncodeNameNodeEntry(const HITLS_X509_NameNode *nameNode, BSL_ASN1_Buffer *asn1Buff)
192 {
193 BSL_ASN1_Buffer asnArr[X509_DN_NAME_ELEM_NUMBER] = {
194 nameNode->nameType,
195 nameNode->nameValue,
196 };
197 BSL_ASN1_TemplateItem dnTempl[] = {
198 {BSL_ASN1_TAG_OBJECT_ID, 0, 0},
199 {BSL_ASN1_TAG_ANY, 0, 0}
200 };
201
202 BSL_ASN1_Buffer asnDnBuff = {};
203 BSL_ASN1_Template dntTempl = {dnTempl, sizeof(dnTempl) / sizeof(dnTempl[0])};
204 int32_t ret = BSL_ASN1_EncodeTemplate(&dntTempl, asnArr, X509_DN_NAME_ELEM_NUMBER,
205 &asnDnBuff.buff, &asnDnBuff.len);
206 if (ret != HITLS_PKI_SUCCESS) {
207 BSL_ERR_PUSH_ERROR(ret);
208 return ret;
209 }
210 asnDnBuff.tag = BSL_ASN1_TAG_CONSTRUCTED | BSL_ASN1_TAG_SEQUENCE;
211 BSL_ASN1_TemplateItem seqItem = {BSL_ASN1_TAG_CONSTRUCTED | BSL_ASN1_TAG_SEQUENCE, 0, 0};
212 BSL_ASN1_Template seqTempl = {&seqItem, 1};
213 ret = BSL_ASN1_EncodeTemplate(&seqTempl, &asnDnBuff, 1, &asn1Buff->buff, &asn1Buff->len);
214 BSL_SAL_FREE(asnDnBuff.buff);
215 return ret;
216 }
217
218 typedef struct {
219 HITLS_X509_NameNode *node;
220 BSL_ASN1_Buffer *encode;
221 } NameNodePack;
222
223 /**
224 * X.690: 11.6 Set-of components
225 * https://www.itu.int/rec/T-REC-X.690-202102-I/en
226 * The encodings of the component values of a set-of value shall appear in ascending order, the encodings
227 * being compared as octet strings with the shorter components being padded at their trailing end with 0-octets.
228 * NOTE - The padding octets are for comparison purposes only and do not appear in the encodings.
229 */
CmpDnNameByEncode(const void * pDnName1,const void * pDnName2)230 static int32_t CmpDnNameByEncode(const void *pDnName1, const void *pDnName2)
231 {
232 const NameNodePack *node1 = *(const NameNodePack **)(uintptr_t)pDnName1;
233 const NameNodePack *node2 = *(const NameNodePack **)(uintptr_t)pDnName2;
234 int res;
235 BSL_ASN1_Buffer *asn1Buff = node1->encode;
236 BSL_ASN1_Buffer *asn2Buff = node2->encode;
237
238 if (asn1Buff->len == asn2Buff->len) {
239 res = memcmp(asn1Buff->buff, asn2Buff->buff, asn2Buff->len);
240 } else {
241 uint32_t minSize = asn1Buff->len < asn2Buff->len ? asn1Buff->len : asn2Buff->len;
242 res = memcmp(asn1Buff->buff, asn2Buff->buff, minSize);
243 if (res == 0) {
244 res = asn1Buff->len == minSize ? -1 : 1;
245 }
246 }
247 return res;
248 }
249
250 /**
251 * RFC 5280:
252 * section 7.1:
253 * Representation of internationalized names in distinguished names is
254 * covered in Sections 4.1.2.4, Issuer Name, and 4.1.2.6, Subject Name.
255 * Standard naming attributes, such as common name, employ the
256 * DirectoryString type, which supports internationalized names through
257 * a variety of language encodings. Conforming implementations MUST
258 * support UTF8String and PrintableString.
259 * appendix-A.1:
260 * X520SerialNumber ::= PrintableString (SIZE (1..ub-serial-number))
261 * X520countryName ::= PrintableString
262 * X520dnQualifier ::= PrintableString
263 */
GetAsn1TypeByCid(BslCid cid)264 static uint8_t GetAsn1TypeByCid(BslCid cid)
265 {
266 switch (cid) {
267 case BSL_CID_AT_SERIALNUMBER:
268 case BSL_CID_AT_COUNTRYNAME:
269 case BSL_CID_AT_DNQUALIFIER:
270 return BSL_ASN1_TAG_PRINTABLESTRING;
271 case BSL_CID_DOMAINCOMPONENT:
272 return BSL_ASN1_TAG_IA5STRING;
273 default:
274 return BSL_ASN1_TAG_UTF8STRING;
275 }
276 }
277
FreeNodePack(NameNodePack * node)278 static void FreeNodePack(NameNodePack *node)
279 {
280 if (node == NULL) {
281 return;
282 }
283 if (node->encode != NULL) { // the node->node has been pushed in other list.
284 BSL_SAL_FREE(node->encode->buff);
285 BSL_SAL_Free(node->encode);
286 }
287 BSL_SAL_Free(node);
288 return;
289 }
290
HITLS_X509_SetNameList(BslList ** dest,void * val,uint32_t valLen)291 int32_t HITLS_X509_SetNameList(BslList **dest, void *val, uint32_t valLen)
292 {
293 if (dest == NULL || val == NULL || valLen != sizeof(BslList)) {
294 BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_INVALID_PARAM);
295 return HITLS_X509_ERR_INVALID_PARAM;
296 }
297 BslList *src = (BslList *)val;
298
299 BSL_LIST_FREE(*dest, (BSL_LIST_PFUNC_FREE)HITLS_X509_FreeNameNode);
300 *dest = BSL_LIST_Copy(src, (BSL_LIST_PFUNC_DUP)DupNameNode, (BSL_LIST_PFUNC_FREE)HITLS_X509_FreeNameNode);
301 if (*dest == NULL) {
302 BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_SET_NAME_LIST);
303 return HITLS_X509_ERR_SET_NAME_LIST;
304 }
305 return HITLS_PKI_SUCCESS;
306 }
307
FillNameNodes(HITLS_X509_NameNode * layer2,BslCid cid,uint8_t * data,uint32_t dataLen)308 static int32_t FillNameNodes(HITLS_X509_NameNode *layer2, BslCid cid, uint8_t *data, uint32_t dataLen)
309 {
310 BslOidString *oid = BSL_OBJ_GetOID(cid);
311 if (oid == NULL) {
312 BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_SET_DNNAME_UNKNOWN);
313 return HITLS_X509_ERR_SET_DNNAME_UNKNOWN;
314 }
315 layer2->layer = 2; // 2: The layer of sequence
316 layer2->nameType.tag = BSL_ASN1_TAG_OBJECT_ID;
317
318 layer2->nameValue.tag = GetAsn1TypeByCid(cid);
319 layer2->nameType.buff = BSL_SAL_Dump((uint8_t *)oid->octs, oid->octetLen);
320 layer2->nameValue.buff = BSL_SAL_Dump(data, dataLen);
321 if (layer2->nameType.buff == NULL || layer2->nameValue.buff == NULL) {
322 BSL_ERR_PUSH_ERROR(BSL_DUMP_FAIL);
323 return BSL_DUMP_FAIL;
324 }
325
326 layer2->nameType.len = oid->octetLen;
327 layer2->nameValue.len = dataLen;
328 return HITLS_PKI_SUCCESS;
329 }
330
X509AddDnNameItemToList(BslList * dnNameList,BslCid cid,uint8_t * data,uint32_t dataLen)331 static int32_t X509AddDnNameItemToList(BslList *dnNameList, BslCid cid, uint8_t *data, uint32_t dataLen)
332 {
333 if (data == NULL || dataLen == 0) {
334 BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_INVALID_PARAM);
335 return HITLS_X509_ERR_INVALID_PARAM;
336 }
337 const BslAsn1DnInfo *asn1StrInfo = BSL_OBJ_GetDnInfoFromCid(cid);
338 if (asn1StrInfo == NULL) {
339 BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_SET_DNNAME_UNKNOWN);
340 return HITLS_X509_ERR_SET_DNNAME_UNKNOWN;
341 }
342 if (asn1StrInfo->max != -1 && ((int32_t)dataLen < asn1StrInfo->min || (int32_t)dataLen > asn1StrInfo->max)) {
343 BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_SET_DNNAME_INVALID_LEN);
344 return HITLS_X509_ERR_SET_DNNAME_INVALID_LEN;
345 }
346
347 BSL_ASN1_Buffer *encode = BSL_SAL_Calloc(1u, sizeof(HITLS_X509_NameNode));
348 if (encode == NULL) {
349 BSL_ERR_PUSH_ERROR(BSL_MALLOC_FAIL);
350 return BSL_MALLOC_FAIL;
351 }
352 HITLS_X509_NameNode *layer2 = BSL_SAL_Calloc(1, sizeof(HITLS_X509_NameNode));
353 if (layer2 == NULL) {
354 BSL_SAL_FREE(encode);
355 BSL_ERR_PUSH_ERROR(BSL_MALLOC_FAIL);
356 return BSL_MALLOC_FAIL;
357 }
358 int32_t ret = FillNameNodes(layer2, cid, data, dataLen);
359 if (ret != HITLS_PKI_SUCCESS) {
360 BSL_SAL_FREE(encode);
361 HITLS_X509_FreeNameNode(layer2);
362 return ret;
363 }
364 ret = X509EncodeNameNodeEntry(layer2, encode);
365 if (ret != HITLS_PKI_SUCCESS) {
366 BSL_SAL_FREE(encode);
367 HITLS_X509_FreeNameNode(layer2);
368 return ret;
369 }
370 NameNodePack pack = {layer2, encode};
371 ret = HITLS_X509_AddListItemDefault(&pack, sizeof(NameNodePack), dnNameList);
372 if (ret != BSL_SUCCESS) {
373 HITLS_X509_FreeNameNode(layer2);
374 BSL_SAL_FREE(encode->buff);
375 BSL_SAL_Free(encode);
376 }
377 return ret;
378 }
379
X509AddDnNamesToList(BslList * list,BslList * dnNameList)380 static int32_t X509AddDnNamesToList(BslList *list, BslList *dnNameList)
381 {
382 HITLS_X509_NameNode *layer1 = BSL_SAL_Calloc(1, sizeof(HITLS_X509_NameNode));
383 if (layer1 == NULL) {
384 BSL_ERR_PUSH_ERROR(BSL_MALLOC_FAIL);
385 return BSL_MALLOC_FAIL;
386 }
387 layer1->layer = 1;
388
389 int32_t ret = BSL_LIST_AddElement(list, layer1, BSL_LIST_POS_END);
390 if (ret != BSL_SUCCESS) {
391 BSL_ERR_PUSH_ERROR(ret);
392 HITLS_X509_FreeNameNode(layer1);
393 return ret;
394 }
395 NameNodePack *node = BSL_LIST_GET_FIRST(dnNameList);
396 while (node != NULL) {
397 ret = BSL_LIST_AddElement(list, node->node, BSL_LIST_POS_END);
398 if (ret != BSL_SUCCESS) {
399 BSL_ERR_PUSH_ERROR(ret);
400 return ret;
401 }
402 node = BSL_LIST_GET_NEXT(dnNameList);
403 }
404
405 return ret;
406 }
407
HITLS_X509_DnListNew(void)408 BslList *HITLS_X509_DnListNew(void)
409 {
410 return BSL_LIST_New(sizeof(HITLS_X509_NameNode));
411 }
412
HITLS_X509_DnListFree(BslList * dnList)413 void HITLS_X509_DnListFree(BslList *dnList)
414 {
415 BSL_LIST_FREE(dnList, (BSL_LIST_PFUNC_FREE)HITLS_X509_FreeNameNode);
416 }
417
HITLS_X509_AddDnName(BslList * list,HITLS_X509_DN * dnNames,uint32_t size)418 int32_t HITLS_X509_AddDnName(BslList *list, HITLS_X509_DN *dnNames, uint32_t size)
419 {
420 if (list == NULL || dnNames == NULL || size == 0) {
421 BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_INVALID_PARAM);
422 return HITLS_X509_ERR_INVALID_PARAM;
423 }
424 if (BSL_LIST_COUNT(list) == HITLS_X509_DNNAME_MAX_NUM) {
425 BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_SET_DNNAME_TOOMUCH);
426 return HITLS_X509_ERR_SET_DNNAME_TOOMUCH;
427 }
428
429 BslList *dnNameList = BSL_LIST_New(sizeof(NameNodePack));
430 if (dnNameList == NULL) {
431 BSL_ERR_PUSH_ERROR(BSL_MALLOC_FAIL);
432 return BSL_MALLOC_FAIL;
433 }
434 int32_t ret;
435 for (uint32_t i = 0; i < size; i++) {
436 ret = X509AddDnNameItemToList(dnNameList, dnNames[i].cid, dnNames[i].data, dnNames[i].dataLen);
437 if (ret != HITLS_PKI_SUCCESS) {
438 goto EXIT;
439 }
440 }
441 // sort
442 dnNameList = BSL_LIST_Sort(dnNameList, CmpDnNameByEncode);
443 if (dnNameList == NULL) {
444 ret = HITLS_X509_ERR_SORT_NAME_NODE;
445 goto EXIT;
446 }
447 // add dnNameList to list
448 ret = X509AddDnNamesToList(list, dnNameList);
449 EXIT:
450 BSL_LIST_FREE(dnNameList, (BSL_LIST_PFUNC_FREE)FreeNodePack);
451 return ret;
452 }
453 #endif
454
455 #if defined(HITLS_PKI_X509_CRT_GEN) || defined(HITLS_PKI_X509_CRL_GEN)
HITLS_X509_SetSerial(BSL_ASN1_Buffer * serial,const void * val,uint32_t valLen)456 int32_t HITLS_X509_SetSerial(BSL_ASN1_Buffer *serial, const void *val, uint32_t valLen)
457 {
458 if (valLen <= 0) {
459 BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_CERT_INVALID_SERIAL_NUM);
460 return HITLS_X509_ERR_CERT_INVALID_SERIAL_NUM;
461 }
462 const uint8_t *src = (const uint8_t *)val;
463 serial->buff = BSL_SAL_Dump(src, valLen);
464 if (serial->buff == NULL) {
465 BSL_ERR_PUSH_ERROR(BSL_DUMP_FAIL);
466 return BSL_DUMP_FAIL;
467 }
468 serial->len = valLen;
469 serial->tag = BSL_ASN1_TAG_INTEGER;
470 return HITLS_PKI_SUCCESS;
471 }
472 #endif
473
474 #if defined(HITLS_PKI_X509_CRT) || defined(HITLS_PKI_X509_CRL)
HITLS_X509_GetSerial(BSL_ASN1_Buffer * serial,void * val,uint32_t valLen)475 int32_t HITLS_X509_GetSerial(BSL_ASN1_Buffer *serial, void *val, uint32_t valLen)
476 {
477 if (valLen != sizeof(BSL_Buffer)) {
478 BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_INVALID_PARAM);
479 return HITLS_X509_ERR_INVALID_PARAM;
480 }
481 if (serial->buff == NULL || serial->len == 0 || serial->tag != BSL_ASN1_TAG_INTEGER) {
482 BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_INVALID_PARAM);
483 return HITLS_X509_ERR_INVALID_PARAM;
484 }
485 BSL_Buffer *buff = (BSL_Buffer *)val;
486 buff->data = serial->buff;
487 buff->dataLen = serial->len;
488 return HITLS_PKI_SUCCESS;
489 }
490 #endif
491
492 #ifdef HITLS_CRYPTO_SM2
HITLS_X509_SetSm2UserId(BSL_Buffer * sm2UserId,void * val,uint32_t valLen)493 int32_t HITLS_X509_SetSm2UserId(BSL_Buffer *sm2UserId, void *val, uint32_t valLen)
494 {
495 if (valLen == 0 || valLen > SM2_MAX_ID_LENGTH) {
496 BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_INVALID_PARAM);
497 return HITLS_X509_ERR_INVALID_PARAM;
498 }
499
500 BSL_SAL_FREE(sm2UserId->data);
501 sm2UserId->data = BSL_SAL_Calloc(valLen, 1u);
502 if (sm2UserId->data == NULL) {
503 BSL_ERR_PUSH_ERROR(BSL_MALLOC_FAIL);
504 return BSL_MALLOC_FAIL;
505 }
506 (void) memcpy_s(sm2UserId->data, valLen, (uint8_t *)val, valLen);
507 sm2UserId->dataLen = (uint32_t)valLen;
508 return HITLS_PKI_SUCCESS;
509 }
510 #endif // HITLS_CRYPTO_SM2
511 #endif // HITLS_PKI_X509
512