Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
大约 1 年 前同步成功

通知 9
Star 18
Fork 1
T
Third Party Openssl
提交 1e8b9e7e 编写于 作者: D Dr. Stephen Henson
浏览文件
操作

add -badsig option to ocsp utility too.

上级 d372d365
隐藏空白更改
内联 并排
Showing with 9 addition and 3 deletion
apps/ocsp.c
浏览文件 @ 1e8b9e7e
...@@ -107,7 +107,7 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, ...@@ -107,7 +107,7 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
X509 *ca, X509 *rcert, EVP_PKEY *rkey, X509 *ca, X509 *rcert, EVP_PKEY *rkey,
STACK_OF(X509) *rother, unsigned long flags, STACK_OF(X509) *rother, unsigned long flags,
int nmin, int ndays); int nmin, int ndays, int badsig);
static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
static BIO *init_responder(char *port); static BIO *init_responder(char *port);
...@@ -154,6 +154,7 @@ int MAIN(int argc, char **argv) ...@@ -154,6 +154,7 @@ int MAIN(int argc, char **argv)
int ret = 1; int ret = 1;
int accept_count = -1; int accept_count = -1;
int badarg = 0; int badarg = 0;
int badsig = 0;
int i; int i;
int ignore_err = 0; int ignore_err = 0;
STACK_OF(OPENSSL_STRING) *reqnames = NULL; STACK_OF(OPENSSL_STRING) *reqnames = NULL;
...@@ -271,6 +272,8 @@ int MAIN(int argc, char **argv) ...@@ -271,6 +272,8 @@ int MAIN(int argc, char **argv)
verify_flags |= OCSP_TRUSTOTHER; verify_flags |= OCSP_TRUSTOTHER;
else if (!strcmp(*args, "-no_intern")) else if (!strcmp(*args, "-no_intern"))
verify_flags |= OCSP_NOINTERN; verify_flags |= OCSP_NOINTERN;
else if (!strcmp(*args, "-badsig"))
badsig = 1;
else if (!strcmp(*args, "-text")) else if (!strcmp(*args, "-text"))
{ {
req_text = 1; req_text = 1;
...@@ -761,7 +764,7 @@ int MAIN(int argc, char **argv) ...@@ -761,7 +764,7 @@ int MAIN(int argc, char **argv)
if (rdb) if (rdb)
{ {
i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays); i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays, badsig);
if (cbio) if (cbio)
send_ocsp_response(cbio, resp); send_ocsp_response(cbio, resp);
} }
...@@ -1053,7 +1056,7 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, ...@@ -1053,7 +1056,7 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
X509 *ca, X509 *rcert, EVP_PKEY *rkey, X509 *ca, X509 *rcert, EVP_PKEY *rkey,
STACK_OF(X509) *rother, unsigned long flags, STACK_OF(X509) *rother, unsigned long flags,
int nmin, int ndays) int nmin, int ndays, int badsig)
{ {
ASN1_TIME *thisupd = NULL, *nextupd = NULL; ASN1_TIME *thisupd = NULL, *nextupd = NULL;
OCSP_CERTID *cid, *ca_id = NULL; OCSP_CERTID *cid, *ca_id = NULL;
...@@ -1144,6 +1147,9 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db ...@@ -1144,6 +1147,9 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags); OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags);
if (badsig)
bs->signature->data[bs->signature->length -1] ^= 0x1;
*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs); *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
end: end:
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册