mirror/gmsm
1
0
Fork 0
mirror of https://github.com/emmansun/gmsm.git synced 2025-06-29 00:37:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

sync upstream #25

Browse Source
This commit is contained in:
Emman 2022-02-09 13:03:32 +08:00
parent 26408e6993
commit 2fa225552f
3 changed files with 5 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sm2/sm2.go
View File

@ -169,8 +169,8 @@ func (priv *PrivateKey) Equal(x crypto.PrivateKey) bool {
// Sign signs digest with priv, reading randomness from rand. Compliance with GB/T 32918.2-2016. // Sign signs digest with priv, reading randomness from rand. Compliance with GB/T 32918.2-2016.
// The opts argument is currently used for SM2SignerOption checking only. // The opts argument is currently used for SM2SignerOption checking only.
// If the opts argument is SM2SignerOption and its ForceGMSign is true, then it // If the opts argument is SM2SignerOption and its ForceGMSign is true,
// treats digest as raw data and take UID from opts. // digest argument will be treated as raw data and UID will be taken from opts.
// //
// This method implements crypto.Signer, which is an interface to support keys // This method implements crypto.Signer, which is an interface to support keys
// where the private part is kept in, for example, a hardware module. Common // where the private part is kept in, for example, a hardware module. Common

8
smx509/verify.go
View File

@ -987,14 +987,6 @@ NextCert:
for _, usage := range cert.ExtKeyUsage { for _, usage := range cert.ExtKeyUsage {
if requestedUsage == usage { if requestedUsage == usage {
continue NextRequestedUsage continue NextRequestedUsage
} else if requestedUsage == ExtKeyUsageServerAuth &&
(usage == ExtKeyUsageNetscapeServerGatedCrypto ||
usage == ExtKeyUsageMicrosoftServerGatedCrypto) {
// In order to support COMODO
// certificate chains, we have to
// accept Netscape or Microsoft SGC
// usages as equal to ServerAuth.
continue NextRequestedUsage
} }
} }

21
smx509/x509.go
View File

@ -19,7 +19,7 @@ import (
"net" "net"
"net/url" "net/url"
"time" "time"
"unicode/utf8" "unicode"
"golang.org/x/crypto/cryptobyte" "golang.org/x/crypto/cryptobyte"
cryptobyte_asn1 "golang.org/x/crypto/cryptobyte/asn1" cryptobyte_asn1 "golang.org/x/crypto/cryptobyte/asn1"
@ -611,22 +611,6 @@ func signaturePublicKeyAlgoMismatchError(expectedPubKeyAlgo PublicKeyAlgorithm,
return fmt.Errorf("x509: signature algorithm specifies an %s public key, but have public key of type %T", expectedPubKeyAlgo.String(), pubKey) return fmt.Errorf("x509: signature algorithm specifies an %s public key, but have public key of type %T", expectedPubKeyAlgo.String(), pubKey)
} }
func verifyECDSAASN1(pub *ecdsa.PublicKey, hash, sig []byte) bool {
var (
r, s = &big.Int{}, &big.Int{}
inner cryptobyte.String
)
input := cryptobyte.String(sig)
if !input.ReadASN1(&inner, cryptobyte_asn1.SEQUENCE) ||
!input.Empty() ||
!inner.ReadASN1Integer(r) ||
!inner.ReadASN1Integer(s) ||
!inner.Empty() {
return false
}
return ecdsa.Verify(pub, hash, r, s)
}
// checkSignature verifies that signature is a valid signature over signed from // checkSignature verifies that signature is a valid signature over signed from
// a crypto.PublicKey. // a crypto.PublicKey.
func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey crypto.PublicKey) (err error) { func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey crypto.PublicKey) (err error) {
@ -826,7 +810,8 @@ func marshalSANs(dnsNames, emailAddresses []string, ipAddresses []net.IP, uris [
func isIA5String(s string) error { func isIA5String(s string) error {
for _, r := range s { for _, r := range s {
if r >= utf8.RuneSelf { // Per RFC5280 "IA5String is limited to the set of ASCII characters"
if r >= unicode.MaxASCII {
return fmt.Errorf("x509: %q cannot be encoded as an IA5String", s) return fmt.Errorf("x509: %q cannot be encoded as an IA5String", s)
} }
} }