Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
8f2e4fdf
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
8f2e4fdf
编写于
8月 04, 2005
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Allow PKCS7_decrypt() to work if no cert supplied.
上级
11de71b0
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
66 addition
and
21 deletion
+66
-21
CHANGES
CHANGES
+4
-1
apps/smime.c
apps/smime.c
+2
-2
crypto/pkcs7/pk7_doit.c
crypto/pkcs7/pk7_doit.c
+57
-17
crypto/pkcs7/pk7_smime.c
crypto/pkcs7/pk7_smime.c
+1
-1
crypto/pkcs7/pkcs7.h
crypto/pkcs7/pkcs7.h
+1
-0
crypto/pkcs7/pkcs7err.c
crypto/pkcs7/pkcs7err.c
+1
-0
未找到文件。
CHANGES
浏览文件 @
8f2e4fdf
...
...
@@ -14,7 +14,10 @@
Changes between 0.9.8 and 0.9.8a [XX xxx XXXX]
*)
*) Make PKCS7_decrypt() work even if no certificate is supplied by
attempting to decrypt each encrypted key in turn. Add support to
smime utility.
[Steve Henson]
Changes between 0.9.7h and 0.9.8 [05 Jul 2005]
...
...
apps/smime.c
浏览文件 @
8f2e4fdf
...
...
@@ -384,9 +384,9 @@ int MAIN(int argc, char **argv)
}
else
if
(
operation
==
SMIME_DECRYPT
)
{
if
(
!
recipfile
)
if
(
!
recipfile
&&
!
keyfile
)
{
BIO_printf
(
bio_err
,
"No recipient certificate
and
key specified
\n
"
);
BIO_printf
(
bio_err
,
"No recipient certificate
or
key specified
\n
"
);
badarg
=
1
;
}
}
...
...
crypto/pkcs7/pk7_doit.c
浏览文件 @
8f2e4fdf
...
...
@@ -62,6 +62,7 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
static
int
add_attribute
(
STACK_OF
(
X509_ATTRIBUTE
)
**
sk
,
int
nid
,
int
atrtype
,
void
*
value
);
...
...
@@ -307,6 +308,17 @@ err:
return
(
out
);
}
static
int
pkcs7_cmp_ri
(
PKCS7_RECIP_INFO
*
ri
,
X509
*
pcert
)
{
int
ret
;
ret
=
X509_NAME_cmp
(
ri
->
issuer_and_serial
->
issuer
,
pcert
->
cert_info
->
issuer
);
if
(
ret
)
return
ret
;
return
M_ASN1_INTEGER_cmp
(
pcert
->
cert_info
->
serialNumber
,
ri
->
issuer_and_serial
->
serial
);
}
/* int */
BIO
*
PKCS7_dataDecode
(
PKCS7
*
p7
,
EVP_PKEY
*
pkey
,
BIO
*
in_bio
,
X509
*
pcert
)
{
...
...
@@ -417,18 +429,18 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
* (if any)
*/
for
(
i
=
0
;
i
<
sk_PKCS7_RECIP_INFO_num
(
rsk
);
i
++
)
{
ri
=
sk_PKCS7_RECIP_INFO_value
(
rsk
,
i
);
if
(
!
X509_NAME_cmp
(
ri
->
issuer_and_serial
->
issuer
,
pcert
->
cert_info
->
issuer
)
&&
!
M_ASN1_INTEGER_cmp
(
pcert
->
cert_info
->
serialNumber
,
ri
->
issuer_and_serial
->
serial
))
break
;
ri
=
NULL
;
}
if
(
ri
==
NULL
)
{
PKCS7err
(
PKCS7_F_PKCS7_DATADECODE
,
PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE
)
;
goto
err
;
if
(
pcert
)
{
for
(
i
=
0
;
i
<
sk_PKCS7_RECIP_INFO_num
(
rsk
);
i
++
)
{
ri
=
sk_PKCS7_RECIP_INFO_value
(
rsk
,
i
);
if
(
!
pkcs7_cmp_ri
(
ri
,
pcert
))
break
;
ri
=
NULL
;
}
if
(
ri
==
NULL
)
{
PKCS7err
(
PKCS7_F_PKCS7_DATADECODE
,
PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE
);
goto
err
;
}
}
jj
=
EVP_PKEY_size
(
pkey
);
...
...
@@ -439,12 +451,40 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
goto
err
;
}
jj
=
EVP_PKEY_decrypt
(
tmp
,
M_ASN1_STRING_data
(
ri
->
enc_key
),
M_ASN1_STRING_length
(
ri
->
enc_key
),
pkey
);
if
(
jj
<=
0
)
/* If we haven't got a certificate try each ri in turn */
if
(
pcert
==
NULL
)
{
PKCS7err
(
PKCS7_F_PKCS7_DATADECODE
,
ERR_R_EVP_LIB
);
goto
err
;
for
(
i
=
0
;
i
<
sk_PKCS7_RECIP_INFO_num
(
rsk
);
i
++
)
{
ri
=
sk_PKCS7_RECIP_INFO_value
(
rsk
,
i
);
jj
=
EVP_PKEY_decrypt
(
tmp
,
M_ASN1_STRING_data
(
ri
->
enc_key
),
M_ASN1_STRING_length
(
ri
->
enc_key
),
pkey
);
if
(
jj
>
0
)
break
;
ERR_clear_error
();
ri
=
NULL
;
}
if
(
ri
==
NULL
)
{
PKCS7err
(
PKCS7_F_PKCS7_DATADECODE
,
PKCS7_R_NO_RECIPIENT_MATCHES_KEY
);
goto
err
;
}
}
else
{
jj
=
EVP_PKEY_decrypt
(
tmp
,
M_ASN1_STRING_data
(
ri
->
enc_key
),
M_ASN1_STRING_length
(
ri
->
enc_key
),
pkey
);
if
(
jj
<=
0
)
{
PKCS7err
(
PKCS7_F_PKCS7_DATADECODE
,
ERR_R_EVP_LIB
);
goto
err
;
}
}
evp_ctx
=
NULL
;
...
...
crypto/pkcs7/pk7_smime.c
浏览文件 @
8f2e4fdf
...
...
@@ -441,7 +441,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
return
0
;
}
if
(
!
X509_check_private_key
(
cert
,
pkey
))
{
if
(
cert
&&
!
X509_check_private_key
(
cert
,
pkey
))
{
PKCS7err
(
PKCS7_F_PKCS7_DECRYPT
,
PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE
);
return
0
;
...
...
crypto/pkcs7/pkcs7.h
浏览文件 @
8f2e4fdf
...
...
@@ -432,6 +432,7 @@ void ERR_load_PKCS7_strings(void);
#define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136
#define PKCS7_R_NO_MULTIPART_BOUNDARY 137
#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115
#define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146
#define PKCS7_R_NO_SIGNATURES_ON_DATA 123
#define PKCS7_R_NO_SIGNERS 142
#define PKCS7_R_NO_SIG_CONTENT_TYPE 138
...
...
crypto/pkcs7/pkcs7err.c
浏览文件 @
8f2e4fdf
...
...
@@ -124,6 +124,7 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
{
ERR_REASON
(
PKCS7_R_NO_MULTIPART_BODY_FAILURE
),
"no multipart body failure"
},
{
ERR_REASON
(
PKCS7_R_NO_MULTIPART_BOUNDARY
),
"no multipart boundary"
},
{
ERR_REASON
(
PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE
),
"no recipient matches certificate"
},
{
ERR_REASON
(
PKCS7_R_NO_RECIPIENT_MATCHES_KEY
),
"no recipient matches key"
},
{
ERR_REASON
(
PKCS7_R_NO_SIGNATURES_ON_DATA
),
"no signatures on data"
},
{
ERR_REASON
(
PKCS7_R_NO_SIGNERS
)
,
"no signers"
},
{
ERR_REASON
(
PKCS7_R_NO_SIG_CONTENT_TYPE
)
,
"no sig content type"
},
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录