Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
14023fe3
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
14023fe3
编写于
4月 03, 2009
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Merge from 1.0.0-stable branch.
上级
b6b0b0d7
变更
17
隐藏空白更改
内联
并排
Showing
17 changed file
with
116 addition
and
117 deletion
+116
-117
CHANGES
CHANGES
+7
-0
NEWS
NEWS
+1
-0
STATUS
STATUS
+2
-2
TABLE
TABLE
+1
-1
apps/ocsp.c
apps/ocsp.c
+2
-0
crypto/asn1/asn1.h
crypto/asn1/asn1.h
+2
-2
crypto/asn1/asn1_err.c
crypto/asn1/asn1_err.c
+2
-2
crypto/des/enc_read.c
crypto/des/enc_read.c
+1
-1
crypto/objects/obj_xref.h
crypto/objects/obj_xref.h
+1
-1
crypto/pkcs12/p12_kiss.c
crypto/pkcs12/p12_kiss.c
+84
-79
crypto/stack/safestack.h
crypto/stack/safestack.h
+0
-23
crypto/x509v3/pcy_tree.c
crypto/x509v3/pcy_tree.c
+1
-1
demos/pkcs12/pkread.c
demos/pkcs12/pkread.c
+1
-1
doc/apps/x509.pod
doc/apps/x509.pod
+5
-0
engines/ccgost/Makefile
engines/ccgost/Makefile
+1
-1
ssl/d1_clnt.c
ssl/d1_clnt.c
+0
-2
test/Makefile
test/Makefile
+5
-1
未找到文件。
CHANGES
浏览文件 @
14023fe3
...
@@ -4,6 +4,13 @@
...
@@ -4,6 +4,13 @@
Changes between 0.9.8k and 1.0 [xx XXX xxxx]
Changes between 0.9.8k and 1.0 [xx XXX xxxx]
*) Alter match criteria in PKCS12_parse(). It used to try to use local
key ids to find matching certificates and keys but some PKCS#12 files
don't follow the (somewhat unwritten) rules and this strategy fails.
Now just gather all certificates together and the first private key
then look for the first certificate that matches the key.
[Steve Henson]
*) Support use of registered digest and cipher names for dgst and cipher
*) Support use of registered digest and cipher names for dgst and cipher
commands instead of having to add each one as a special case. So now
commands instead of having to add each one as a special case. So now
you can do:
you can do:
...
...
NEWS
浏览文件 @
14023fe3
...
@@ -27,6 +27,7 @@
...
@@ -27,6 +27,7 @@
o ecdsa-with-SHA224/256/384/512 signature types.
o ecdsa-with-SHA224/256/384/512 signature types.
o dsa-with-SHA224 and dsa-with-SHA256 signature types.
o dsa-with-SHA224 and dsa-with-SHA256 signature types.
o Opaque PRF Input TLS extension support.
o Opaque PRF Input TLS extension support.
o Updated time routines to avoid OS limitations.
Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k:
Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k:
...
...
STATUS
浏览文件 @
14023fe3
OpenSSL STATUS Last modified at
OpenSSL STATUS Last modified at
______________ $Date: 2009/0
3/30 11:33:03
$
______________ $Date: 2009/0
4/03 11:45:14
$
DEVELOPMENT STATE
DEVELOPMENT STATE
o OpenSSL 1.0
: Under development...
o OpenSSL 1.0
.0-beta1: Released on April 1st, 2009
o OpenSSL 0.9.8h: Released on May 28th, 2008
o OpenSSL 0.9.8h: Released on May 28th, 2008
o OpenSSL 0.9.8g: Released on October 19th, 2007
o OpenSSL 0.9.8g: Released on October 19th, 2007
o OpenSSL 0.9.8f: Released on October 11th, 2007
o OpenSSL 0.9.8f: Released on October 11th, 2007
...
...
TABLE
浏览文件 @
14023fe3
...
@@ -1366,7 +1366,7 @@ $multilib =
...
@@ -1366,7 +1366,7 @@ $multilib =
*** debug-ben-debug
*** debug-ben-debug
$cc = gcc
$cc = gcc
$cflags = -
DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror
-pipe
$cflags = -
Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -DBN_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -g3 -O2
-pipe
$unistd =
$unistd =
$thread_cflag = (unknown)
$thread_cflag = (unknown)
$sys_id =
$sys_id =
...
...
apps/ocsp.c
浏览文件 @
14023fe3
...
@@ -62,6 +62,8 @@
...
@@ -62,6 +62,8 @@
on OpenVMS */
on OpenVMS */
#endif
#endif
#define USE_SOCKETS
#include <stdio.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdlib.h>
#include <string.h>
#include <string.h>
...
...
crypto/asn1/asn1.h
浏览文件 @
14023fe3
...
@@ -1278,7 +1278,7 @@ void ERR_load_ASN1_strings(void);
...
@@ -1278,7 +1278,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_BAD_OBJECT_HEADER 102
#define ASN1_R_BAD_OBJECT_HEADER 102
#define ASN1_R_BAD_PASSWORD_READ 103
#define ASN1_R_BAD_PASSWORD_READ 103
#define ASN1_R_BAD_TAG 104
#define ASN1_R_BAD_TAG 104
#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 21
0
#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 21
4
#define ASN1_R_BN_LIB 105
#define ASN1_R_BN_LIB 105
#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
#define ASN1_R_BUFFER_TOO_SMALL 107
#define ASN1_R_BUFFER_TOO_SMALL 107
...
@@ -1370,7 +1370,7 @@ void ERR_load_ASN1_strings(void);
...
@@ -1370,7 +1370,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
#define ASN1_R_UNEXPECTED_EOC 159
#define ASN1_R_UNEXPECTED_EOC 159
#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 21
1
#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 21
5
#define ASN1_R_UNKNOWN_FORMAT 160
#define ASN1_R_UNKNOWN_FORMAT 160
#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161
#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161
#define ASN1_R_UNKNOWN_OBJECT_TYPE 162
#define ASN1_R_UNKNOWN_OBJECT_TYPE 162
...
...
crypto/asn1/asn1_err.c
浏览文件 @
14023fe3
/* crypto/asn1/asn1_err.c */
/* crypto/asn1/asn1_err.c */
/* ====================================================================
/* ====================================================================
* Copyright (c) 1999-200
7
The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-200
8
The OpenSSL Project. All rights reserved.
*
*
* Redistribution and use in source and binary forms, with or without
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* modification, are permitted provided that the following conditions
...
@@ -176,7 +176,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
...
@@ -176,7 +176,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{
ERR_FUNC
(
ASN1_F_PKCS5_PBE2_SET_IV
),
"PKCS5_pbe2_set_iv"
},
{
ERR_FUNC
(
ASN1_F_PKCS5_PBE2_SET_IV
),
"PKCS5_pbe2_set_iv"
},
{
ERR_FUNC
(
ASN1_F_PKCS5_PBE_SET
),
"PKCS5_pbe_set"
},
{
ERR_FUNC
(
ASN1_F_PKCS5_PBE_SET
),
"PKCS5_pbe_set"
},
{
ERR_FUNC
(
ASN1_F_PKCS5_PBE_SET0_ALGOR
),
"PKCS5_pbe_set0_algor"
},
{
ERR_FUNC
(
ASN1_F_PKCS5_PBE_SET0_ALGOR
),
"PKCS5_pbe_set0_algor"
},
{
ERR_FUNC
(
ASN1_F_SMIME_READ_ASN1
),
"SMIME_read_
asn
1"
},
{
ERR_FUNC
(
ASN1_F_SMIME_READ_ASN1
),
"SMIME_read_
ASN
1"
},
{
ERR_FUNC
(
ASN1_F_SMIME_TEXT
),
"SMIME_text"
},
{
ERR_FUNC
(
ASN1_F_SMIME_TEXT
),
"SMIME_text"
},
{
ERR_FUNC
(
ASN1_F_X509_CINF_NEW
),
"X509_CINF_NEW"
},
{
ERR_FUNC
(
ASN1_F_X509_CINF_NEW
),
"X509_CINF_NEW"
},
{
ERR_FUNC
(
ASN1_F_X509_CRL_ADD0_REVOKED
),
"X509_CRL_add0_revoked"
},
{
ERR_FUNC
(
ASN1_F_X509_CRL_ADD0_REVOKED
),
"X509_CRL_add0_revoked"
},
...
...
crypto/des/enc_read.c
浏览文件 @
14023fe3
...
@@ -150,7 +150,7 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
...
@@ -150,7 +150,7 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
/* first - get the length */
/* first - get the length */
while
(
net_num
<
HDRSIZE
)
while
(
net_num
<
HDRSIZE
)
{
{
#ifndef _WIN32
#ifndef
OPENSSL_SYS
_WIN32
i
=
read
(
fd
,(
void
*
)
&
(
net
[
net_num
]),
HDRSIZE
-
net_num
);
i
=
read
(
fd
,(
void
*
)
&
(
net
[
net_num
]),
HDRSIZE
-
net_num
);
#else
#else
i
=
_read
(
fd
,(
void
*
)
&
(
net
[
net_num
]),
HDRSIZE
-
net_num
);
i
=
_read
(
fd
,(
void
*
)
&
(
net
[
net_num
]),
HDRSIZE
-
net_num
);
...
...
crypto/objects/obj_xref.h
浏览文件 @
14023fe3
/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */
/* AUTOGENERATED BY
crypto/objects/
objxref.pl, DO NOT EDIT */
typedef
struct
typedef
struct
{
{
...
...
crypto/pkcs12/p12_kiss.c
浏览文件 @
14023fe3
...
@@ -63,16 +63,13 @@
...
@@ -63,16 +63,13 @@
/* Simplified PKCS#12 routines */
/* Simplified PKCS#12 routines */
static
int
parse_pk12
(
PKCS12
*
p12
,
const
char
*
pass
,
int
passlen
,
static
int
parse_pk12
(
PKCS12
*
p12
,
const
char
*
pass
,
int
passlen
,
EVP_PKEY
**
pkey
,
X509
**
cert
,
STACK_OF
(
X509
)
**
ca
);
EVP_PKEY
**
pkey
,
STACK_OF
(
X509
)
*
ocerts
);
static
int
parse_bags
(
STACK_OF
(
PKCS12_SAFEBAG
)
*
bags
,
const
char
*
pass
,
static
int
parse_bags
(
STACK_OF
(
PKCS12_SAFEBAG
)
*
bags
,
const
char
*
pass
,
int
passlen
,
EVP_PKEY
**
pkey
,
X509
**
cert
,
int
passlen
,
EVP_PKEY
**
pkey
,
STACK_OF
(
X509
)
*
ocerts
);
STACK_OF
(
X509
)
**
ca
,
ASN1_OCTET_STRING
**
keyid
,
char
*
keymatch
);
static
int
parse_bag
(
PKCS12_SAFEBAG
*
bag
,
const
char
*
pass
,
int
passlen
,
static
int
parse_bag
(
PKCS12_SAFEBAG
*
bag
,
const
char
*
pass
,
int
passlen
,
EVP_PKEY
**
pkey
,
X509
**
cert
,
STACK_OF
(
X509
)
**
ca
,
EVP_PKEY
**
pkey
,
STACK_OF
(
X509
)
*
ocerts
);
ASN1_OCTET_STRING
**
keyid
,
char
*
keymatch
);
/* Parse and decrypt a PKCS#12 structure returning user key, user cert
/* Parse and decrypt a PKCS#12 structure returning user key, user cert
* and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
* and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
...
@@ -83,24 +80,20 @@ static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
...
@@ -83,24 +80,20 @@ static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
int
PKCS12_parse
(
PKCS12
*
p12
,
const
char
*
pass
,
EVP_PKEY
**
pkey
,
X509
**
cert
,
int
PKCS12_parse
(
PKCS12
*
p12
,
const
char
*
pass
,
EVP_PKEY
**
pkey
,
X509
**
cert
,
STACK_OF
(
X509
)
**
ca
)
STACK_OF
(
X509
)
**
ca
)
{
{
STACK_OF
(
X509
)
*
ocerts
=
NULL
;
X509
*
x
;
/* Check for NULL PKCS12 structure */
/* Check for NULL PKCS12 structure */
if
(
!
p12
)
{
if
(
!
p12
)
{
PKCS12err
(
PKCS12_F_PKCS12_PARSE
,
PKCS12_R_INVALID_NULL_PKCS12_POINTER
);
PKCS12err
(
PKCS12_F_PKCS12_PARSE
,
PKCS12_R_INVALID_NULL_PKCS12_POINTER
);
return
0
;
return
0
;
}
/* Allocate stack for ca certificates if needed */
if
((
ca
!=
NULL
)
&&
(
*
ca
==
NULL
))
{
if
(
!
(
*
ca
=
sk_X509_new_null
()))
{
PKCS12err
(
PKCS12_F_PKCS12_PARSE
,
ERR_R_MALLOC_FAILURE
);
return
0
;
}
}
}
if
(
pkey
)
*
pkey
=
NULL
;
if
(
pkey
)
if
(
cert
)
*
cert
=
NULL
;
*
pkey
=
NULL
;
if
(
cert
)
*
cert
=
NULL
;
/* Check the mac */
/* Check the mac */
...
@@ -122,19 +115,61 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
...
@@ -122,19 +115,61 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
goto
err
;
goto
err
;
}
}
if
(
!
parse_pk12
(
p12
,
pass
,
-
1
,
pkey
,
cert
,
ca
))
/* Allocate stack for other certificates */
ocerts
=
sk_X509_new_null
();
if
(
!
ocerts
)
{
PKCS12err
(
PKCS12_F_PKCS12_PARSE
,
ERR_R_MALLOC_FAILURE
);
return
0
;
}
if
(
!
parse_pk12
(
p12
,
pass
,
-
1
,
pkey
,
ocerts
))
{
{
PKCS12err
(
PKCS12_F_PKCS12_PARSE
,
PKCS12_R_PARSE_ERROR
);
PKCS12err
(
PKCS12_F_PKCS12_PARSE
,
PKCS12_R_PARSE_ERROR
);
goto
err
;
goto
err
;
}
}
while
((
x
=
sk_X509_pop
(
ocerts
)))
{
if
(
pkey
&&
*
pkey
&&
cert
&&
!*
cert
)
{
if
(
X509_check_private_key
(
x
,
*
pkey
))
{
*
cert
=
x
;
x
=
NULL
;
}
}
if
(
ca
&&
x
)
{
if
(
!*
ca
)
*
ca
=
sk_X509_new_null
();
if
(
!*
ca
)
goto
err
;
if
(
!
sk_X509_push
(
*
ca
,
x
))
goto
err
;
x
=
NULL
;
}
if
(
x
)
X509_free
(
x
);
}
if
(
ocerts
)
sk_X509_pop_free
(
ocerts
,
X509_free
);
return
1
;
return
1
;
err:
err:
if
(
pkey
&&
*
pkey
)
EVP_PKEY_free
(
*
pkey
);
if
(
pkey
&&
*
pkey
)
if
(
cert
&&
*
cert
)
X509_free
(
*
cert
);
EVP_PKEY_free
(
*
pkey
);
if
(
ca
)
sk_X509_pop_free
(
*
ca
,
X509_free
);
if
(
cert
&&
*
cert
)
X509_free
(
*
cert
);
if
(
x
)
X509_free
(
*
cert
);
if
(
ocerts
)
sk_X509_pop_free
(
ocerts
,
X509_free
);
return
0
;
return
0
;
}
}
...
@@ -142,15 +177,13 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
...
@@ -142,15 +177,13 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
/* Parse the outer PKCS#12 structure */
/* Parse the outer PKCS#12 structure */
static
int
parse_pk12
(
PKCS12
*
p12
,
const
char
*
pass
,
int
passlen
,
static
int
parse_pk12
(
PKCS12
*
p12
,
const
char
*
pass
,
int
passlen
,
EVP_PKEY
**
pkey
,
X509
**
cert
,
STACK_OF
(
X509
)
**
ca
)
EVP_PKEY
**
pkey
,
STACK_OF
(
X509
)
*
ocerts
)
{
{
STACK_OF
(
PKCS7
)
*
asafes
;
STACK_OF
(
PKCS7
)
*
asafes
;
STACK_OF
(
PKCS12_SAFEBAG
)
*
bags
;
STACK_OF
(
PKCS12_SAFEBAG
)
*
bags
;
int
i
,
bagnid
;
int
i
,
bagnid
;
PKCS7
*
p7
;
PKCS7
*
p7
;
ASN1_OCTET_STRING
*
keyid
=
NULL
;
char
keymatch
=
0
;
if
(
!
(
asafes
=
PKCS12_unpack_authsafes
(
p12
)))
return
0
;
if
(
!
(
asafes
=
PKCS12_unpack_authsafes
(
p12
)))
return
0
;
for
(
i
=
0
;
i
<
sk_PKCS7_num
(
asafes
);
i
++
)
{
for
(
i
=
0
;
i
<
sk_PKCS7_num
(
asafes
);
i
++
)
{
p7
=
sk_PKCS7_value
(
asafes
,
i
);
p7
=
sk_PKCS7_value
(
asafes
,
i
);
...
@@ -164,8 +197,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
...
@@ -164,8 +197,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
sk_PKCS7_pop_free
(
asafes
,
PKCS7_free
);
sk_PKCS7_pop_free
(
asafes
,
PKCS7_free
);
return
0
;
return
0
;
}
}
if
(
!
parse_bags
(
bags
,
pass
,
passlen
,
pkey
,
cert
,
ca
,
if
(
!
parse_bags
(
bags
,
pass
,
passlen
,
pkey
,
ocerts
))
{
&
keyid
,
&
keymatch
))
{
sk_PKCS12_SAFEBAG_pop_free
(
bags
,
PKCS12_SAFEBAG_free
);
sk_PKCS12_SAFEBAG_pop_free
(
bags
,
PKCS12_SAFEBAG_free
);
sk_PKCS7_pop_free
(
asafes
,
PKCS7_free
);
sk_PKCS7_pop_free
(
asafes
,
PKCS7_free
);
return
0
;
return
0
;
...
@@ -173,89 +205,65 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
...
@@ -173,89 +205,65 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
sk_PKCS12_SAFEBAG_pop_free
(
bags
,
PKCS12_SAFEBAG_free
);
sk_PKCS12_SAFEBAG_pop_free
(
bags
,
PKCS12_SAFEBAG_free
);
}
}
sk_PKCS7_pop_free
(
asafes
,
PKCS7_free
);
sk_PKCS7_pop_free
(
asafes
,
PKCS7_free
);
if
(
keyid
)
M_ASN1_OCTET_STRING_free
(
keyid
);
return
1
;
return
1
;
}
}
static
int
parse_bags
(
STACK_OF
(
PKCS12_SAFEBAG
)
*
bags
,
const
char
*
pass
,
static
int
parse_bags
(
STACK_OF
(
PKCS12_SAFEBAG
)
*
bags
,
const
char
*
pass
,
int
passlen
,
EVP_PKEY
**
pkey
,
X509
**
cert
,
int
passlen
,
EVP_PKEY
**
pkey
,
STACK_OF
(
X509
)
*
ocerts
)
STACK_OF
(
X509
)
**
ca
,
ASN1_OCTET_STRING
**
keyid
,
char
*
keymatch
)
{
{
int
i
;
int
i
;
for
(
i
=
0
;
i
<
sk_PKCS12_SAFEBAG_num
(
bags
);
i
++
)
{
for
(
i
=
0
;
i
<
sk_PKCS12_SAFEBAG_num
(
bags
);
i
++
)
{
if
(
!
parse_bag
(
sk_PKCS12_SAFEBAG_value
(
bags
,
i
),
if
(
!
parse_bag
(
sk_PKCS12_SAFEBAG_value
(
bags
,
i
),
pass
,
passlen
,
pkey
,
cert
,
ca
,
keyid
,
pass
,
passlen
,
pkey
,
ocerts
))
keymatch
))
return
0
;
return
0
;
}
}
return
1
;
return
1
;
}
}
#define MATCH_KEY 0x1
#define MATCH_CERT 0x2
#define MATCH_ALL 0x3
static
int
parse_bag
(
PKCS12_SAFEBAG
*
bag
,
const
char
*
pass
,
int
passlen
,
static
int
parse_bag
(
PKCS12_SAFEBAG
*
bag
,
const
char
*
pass
,
int
passlen
,
EVP_PKEY
**
pkey
,
X509
**
cert
,
STACK_OF
(
X509
)
**
ca
,
EVP_PKEY
**
pkey
,
STACK_OF
(
X509
)
*
ocerts
)
ASN1_OCTET_STRING
**
keyid
,
char
*
keymatch
)
{
{
PKCS8_PRIV_KEY_INFO
*
p8
;
PKCS8_PRIV_KEY_INFO
*
p8
;
X509
*
x509
;
X509
*
x509
;
ASN1_OCTET_STRING
*
lkey
=
NULL
,
*
ckid
=
NULL
;
ASN1_TYPE
*
attrib
;
ASN1_TYPE
*
attrib
;
ASN1_BMPSTRING
*
fname
=
NULL
;
ASN1_BMPSTRING
*
fname
=
NULL
;
ASN1_OCTET_STRING
*
lkid
=
NULL
;
if
((
attrib
=
PKCS12_get_attr
(
bag
,
NID_friendlyName
)))
if
((
attrib
=
PKCS12_get_attr
(
bag
,
NID_friendlyName
)))
fname
=
attrib
->
value
.
bmpstring
;
fname
=
attrib
->
value
.
bmpstring
;
if
((
attrib
=
PKCS12_get_attr
(
bag
,
NID_localKeyID
)))
{
if
((
attrib
=
PKCS12_get_attr
(
bag
,
NID_localKeyID
)))
lkey
=
attrib
->
value
.
octet_string
;
lkid
=
attrib
->
value
.
octet_string
;
ckid
=
lkey
;
}
/* Check for any local key id matching (if needed) */
if
(
lkey
&&
((
*
keymatch
&
MATCH_ALL
)
!=
MATCH_ALL
))
{
if
(
*
keyid
)
{
if
(
M_ASN1_OCTET_STRING_cmp
(
*
keyid
,
lkey
))
lkey
=
NULL
;
}
else
{
if
(
!
(
*
keyid
=
M_ASN1_OCTET_STRING_dup
(
lkey
)))
{
PKCS12err
(
PKCS12_F_PARSE_BAG
,
ERR_R_MALLOC_FAILURE
);
return
0
;
}
}
}
switch
(
M_PKCS12_bag_type
(
bag
))
switch
(
M_PKCS12_bag_type
(
bag
))
{
{
case
NID_keyBag
:
case
NID_keyBag
:
if
(
!
lkey
||
!
pkey
)
return
1
;
if
(
!
pkey
||
*
pkey
)
if
(
!
(
*
pkey
=
EVP_PKCS82PKEY
(
bag
->
value
.
keybag
)))
return
0
;
return
1
;
*
keymatch
|=
MATCH_KEY
;
if
(
!
(
*
pkey
=
EVP_PKCS82PKEY
(
bag
->
value
.
keybag
)))
return
0
;
break
;
break
;
case
NID_pkcs8ShroudedKeyBag
:
case
NID_pkcs8ShroudedKeyBag
:
if
(
!
lkey
||
!
pkey
)
return
1
;
if
(
!
pkey
||
*
pkey
)
return
1
;
if
(
!
(
p8
=
PKCS12_decrypt_skey
(
bag
,
pass
,
passlen
)))
if
(
!
(
p8
=
PKCS12_decrypt_skey
(
bag
,
pass
,
passlen
)))
return
0
;
return
0
;
*
pkey
=
EVP_PKCS82PKEY
(
p8
);
*
pkey
=
EVP_PKCS82PKEY
(
p8
);
PKCS8_PRIV_KEY_INFO_free
(
p8
);
PKCS8_PRIV_KEY_INFO_free
(
p8
);
if
(
!
(
*
pkey
))
return
0
;
if
(
!
(
*
pkey
))
return
0
;
*
keymatch
|=
MATCH_KEY
;
break
;
break
;
case
NID_certBag
:
case
NID_certBag
:
if
(
M_PKCS12_cert_bag_type
(
bag
)
!=
NID_x509Certificate
)
if
(
M_PKCS12_cert_bag_type
(
bag
)
!=
NID_x509Certificate
)
return
1
;
return
1
;
if
(
!
(
x509
=
PKCS12_certbag2x509
(
bag
)))
return
0
;
if
(
!
(
x509
=
PKCS12_certbag2x509
(
bag
)))
if
(
ckid
)
return
0
;
if
(
lkid
&&
!
X509_keyid_set1
(
x509
,
lkid
->
data
,
lkid
->
length
))
{
{
if
(
!
X509_keyid_set1
(
x509
,
ckid
->
data
,
ckid
->
length
))
X509_free
(
x509
);
{
return
0
;
X509_free
(
x509
);
return
0
;
}
}
}
if
(
fname
)
{
if
(
fname
)
{
int
len
,
r
;
int
len
,
r
;
...
@@ -272,20 +280,17 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
...
@@ -272,20 +280,17 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
}
}
}
}
if
(
!
sk_X509_push
(
ocerts
,
x509
))
{
X509_free
(
x509
);
return
0
;
}
if
(
lkey
)
{
*
keymatch
|=
MATCH_CERT
;
if
(
cert
)
*
cert
=
x509
;
else
X509_free
(
x509
);
}
else
{
if
(
ca
)
sk_X509_push
(
*
ca
,
x509
);
else
X509_free
(
x509
);
}
break
;
break
;
case
NID_safeContentsBag
:
case
NID_safeContentsBag
:
return
parse_bags
(
bag
->
value
.
safes
,
pass
,
passlen
,
return
parse_bags
(
bag
->
value
.
safes
,
pass
,
passlen
,
pkey
,
cert
,
ca
,
keyid
,
keymatch
);
pkey
,
ocerts
);
break
;
break
;
default:
default:
...
...
crypto/stack/safestack.h
浏览文件 @
14023fe3
...
@@ -1967,29 +1967,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
...
@@ -1967,29 +1967,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
#define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st))
#define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st))
#define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st))
#define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st))
#define sk_X509_POLICY_REF_new(cmp) SKM_sk_new(X509_POLICY_REF, (cmp))
#define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF)
#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st))
#define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st))
#define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i))
#define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val))
#define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st))
#define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val))
#define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val))
#define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val))
#define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val))
#define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i))
#define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr))
#define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i))
#define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp))
#define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st)
#define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func))
#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st))
#define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st))
#define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st))
#define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st))
#define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st))
#define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp))
#define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp))
#define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE)
#define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE)
#define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st))
#define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st))
...
...
crypto/x509v3/pcy_tree.c
浏览文件 @
14023fe3
...
@@ -231,7 +231,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
...
@@ -231,7 +231,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
tree
->
auth_policies
=
NULL
;
tree
->
auth_policies
=
NULL
;
tree
->
user_policies
=
NULL
;
tree
->
user_policies
=
NULL
;
if
(
!
tree
)
if
(
!
tree
->
levels
)
{
{
OPENSSL_free
(
tree
);
OPENSSL_free
(
tree
);
return
0
;
return
0
;
...
...
demos/pkcs12/pkread.c
浏览文件 @
14023fe3
...
@@ -51,7 +51,7 @@ int main(int argc, char **argv)
...
@@ -51,7 +51,7 @@ int main(int argc, char **argv)
fprintf
(
fp
,
"***User Certificate***
\n
"
);
fprintf
(
fp
,
"***User Certificate***
\n
"
);
PEM_write_X509_AUX
(
fp
,
cert
);
PEM_write_X509_AUX
(
fp
,
cert
);
}
}
if
(
ca
&&
sk_num
(
ca
))
{
if
(
ca
&&
sk_
X509_
num
(
ca
))
{
fprintf
(
fp
,
"***Other Certificates***
\n
"
);
fprintf
(
fp
,
"***Other Certificates***
\n
"
);
for
(
i
=
0
;
i
<
sk_X509_num
(
ca
);
i
++
)
for
(
i
=
0
;
i
<
sk_X509_num
(
ca
);
i
++
)
PEM_write_X509_AUX
(
fp
,
sk_X509_value
(
ca
,
i
));
PEM_write_X509_AUX
(
fp
,
sk_X509_value
(
ca
,
i
));
...
...
doc/apps/x509.pod
浏览文件 @
14023fe3
...
@@ -23,6 +23,7 @@ B<openssl> B<x509>
...
@@ -23,6 +23,7 @@ B<openssl> B<x509>
[B<-issuer>]
[B<-issuer>]
[B<-nameopt option>]
[B<-nameopt option>]
[B<-email>]
[B<-email>]
[B<-ocsp_uri>]
[B<-startdate>]
[B<-startdate>]
[B<-enddate>]
[B<-enddate>]
[B<-purpose>]
[B<-purpose>]
...
@@ -176,6 +177,10 @@ set multiple options. See the B<NAME OPTIONS> section for more information.
...
@@ -176,6 +177,10 @@ set multiple options. See the B<NAME OPTIONS> section for more information.
outputs the email address(es) if any.
outputs the email address(es) if any.
=item B<-ocsp_uri>
outputs the OCSP responder address(es) if any.
=item B<-startdate>
=item B<-startdate>
prints out the start date of the certificate, that is the notBefore date.
prints out the start date of the certificate, that is the notBefore date.
...
...
engines/ccgost/Makefile
浏览文件 @
14023fe3
...
@@ -55,7 +55,7 @@ install:
...
@@ -55,7 +55,7 @@ install:
esac
;
\
esac
;
\
cp
$
${pfx}$(LIBNAME)$$
sfx
$(INSTALL_PREFIX)$(INSTALLTOP)
/lib/engines/
$
${pfx}$(LIBNAME)$$
sfx.new
;
\
cp
$
${pfx}$(LIBNAME)$$
sfx
$(INSTALL_PREFIX)$(INSTALLTOP)
/lib/engines/
$
${pfx}$(LIBNAME)$$
sfx.new
;
\
else
\
else
\
sfx
=
"so"
;
\
sfx
=
"
.
so"
;
\
cp
cyg
$(LIBNAME)
.dll
$(INSTALL_PREFIX)$(INSTALLTOP)
/lib/engines/
$
${pfx}$(LIBNAME)$$
sfx.new
;
\
cp
cyg
$(LIBNAME)
.dll
$(INSTALL_PREFIX)$(INSTALLTOP)
/lib/engines/
$
${pfx}$(LIBNAME)$$
sfx.new
;
\
fi
;
\
fi
;
\
chmod
555
$(INSTALL_PREFIX)$(INSTALLTOP)
/lib/engines/
$
${pfx}$(LIBNAME)$$
sfx.new
;
\
chmod
555
$(INSTALL_PREFIX)$(INSTALLTOP)
/lib/engines/
$
${pfx}$(LIBNAME)$$
sfx.new
;
\
...
...
ssl/d1_clnt.c
浏览文件 @
14023fe3
...
@@ -425,8 +425,6 @@ int dtls1_connect(SSL *s)
...
@@ -425,8 +425,6 @@ int dtls1_connect(SSL *s)
s
->
s3
->
tmp
.
next_state
=
SSL3_ST_CR_FINISHED_A
;
s
->
s3
->
tmp
.
next_state
=
SSL3_ST_CR_FINISHED_A
;
}
}
s
->
init_num
=
0
;
s
->
init_num
=
0
;
/* mark client_random uninitialized */
memset
(
s
->
s3
->
client_random
,
0
,
sizeof
(
s
->
s3
->
client_random
));
break
;
break
;
case
SSL3_ST_CR_FINISHED_A
:
case
SSL3_ST_CR_FINISHED_A
:
...
...
test/Makefile
浏览文件 @
14023fe3
...
@@ -573,7 +573,11 @@ ideatest.o: ../include/openssl/opensslconf.h ideatest.c
...
@@ -573,7 +573,11 @@ ideatest.o: ../include/openssl/opensslconf.h ideatest.c
igetest.o
:
../include/openssl/aes.h ../include/openssl/e_os2.h
igetest.o
:
../include/openssl/aes.h ../include/openssl/e_os2.h
igetest.o
:
../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h
igetest.o
:
../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h
igetest.o
:
../include/openssl/rand.h igetest.c
igetest.o
:
../include/openssl/rand.h igetest.c
jpaketest.o
:
../include/openssl/opensslconf.h jpaketest.c
jpaketest.o
:
../include/openssl/buffer.h ../include/openssl/crypto.h
jpaketest.o
:
../include/openssl/e_os2.h ../include/openssl/opensslconf.h
jpaketest.o
:
../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
jpaketest.o
:
../include/openssl/safestack.h ../include/openssl/stack.h
jpaketest.o
:
../include/openssl/symhacks.h jpaketest.c
md2test.o
:
../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
md2test.o
:
../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
md2test.o
:
../include/openssl/crypto.h ../include/openssl/e_os2.h
md2test.o
:
../include/openssl/crypto.h ../include/openssl/e_os2.h
md2test.o
:
../include/openssl/evp.h ../include/openssl/md2.h
md2test.o
:
../include/openssl/evp.h ../include/openssl/md2.h
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录