Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
34a42e14
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
34a42e14
编写于
10月 11, 2015
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
embed CRL serial number and signature fields
Reviewed-by:
N
Rich Salz
<
rsalz@openssl.org
>
上级
81e49438
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
18 addition
and
23 deletion
+18
-23
crypto/include/internal/x509_int.h
crypto/include/internal/x509_int.h
+2
-2
crypto/x509/x509_vfy.c
crypto/x509/x509_vfy.c
+1
-1
crypto/x509/x509cset.c
crypto/x509/x509cset.c
+6
-11
crypto/x509/x_all.c
crypto/x509/x_all.c
+2
-2
crypto/x509/x_crl.c
crypto/x509/x_crl.c
+7
-7
未找到文件。
crypto/include/internal/x509_int.h
浏览文件 @
34a42e14
...
...
@@ -121,7 +121,7 @@ struct X509_crl_info_st {
struct
X509_crl_st
{
X509_CRL_INFO
crl
;
/* signed CRL data */
X509_ALGOR
sig_alg
;
/* CRL signature algorithm */
ASN1_BIT_STRING
*
signature
;
/* CRL signature */
ASN1_BIT_STRING
signature
;
/* CRL signature */
int
references
;
int
flags
;
/*
...
...
@@ -145,7 +145,7 @@ struct X509_crl_st {
};
struct
x509_revoked_st
{
ASN1_INTEGER
*
serialNumber
;
/* revoked entry serial number */
ASN1_INTEGER
serialNumber
;
/* revoked entry serial number */
ASN1_TIME
*
revocationDate
;
/* revocation date */
STACK_OF
(
X509_EXTENSION
)
*
extensions
;
/* CRL entry extensions: optional */
/* decoded value of CRLissuer extension: set if indirect CRL */
...
...
crypto/x509/x509_vfy.c
浏览文件 @
34a42e14
...
...
@@ -2088,7 +2088,7 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
* Add only if not also in base. TODO: need something cleverer here
* for some more complex CRLs covering multiple CAs.
*/
if
(
!
X509_CRL_get0_by_serial
(
base
,
&
rvtmp
,
rvn
->
serialNumber
))
{
if
(
!
X509_CRL_get0_by_serial
(
base
,
&
rvtmp
,
&
rvn
->
serialNumber
))
{
rvtmp
=
X509_REVOKED_dup
(
rvn
);
if
(
!
rvtmp
)
goto
memerr
;
...
...
crypto/x509/x509cset.c
浏览文件 @
34a42e14
...
...
@@ -172,7 +172,7 @@ void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
X509_CRL
*
crl
)
{
if
(
psig
!=
NULL
)
*
psig
=
crl
->
signature
;
*
psig
=
&
crl
->
signature
;
if
(
palg
!=
NULL
)
*
palg
=
&
crl
->
sig_alg
;
}
...
...
@@ -206,7 +206,7 @@ int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
ASN1_INTEGER
*
X509_REVOKED_get0_serialNumber
(
X509_REVOKED
*
x
)
{
return
x
->
serialNumber
;
return
&
x
->
serialNumber
;
}
int
X509_REVOKED_set_serialNumber
(
X509_REVOKED
*
x
,
ASN1_INTEGER
*
serial
)
...
...
@@ -215,15 +215,10 @@ int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
if
(
x
==
NULL
)
return
(
0
);
in
=
x
->
serialNumber
;
if
(
in
!=
serial
)
{
in
=
ASN1_INTEGER_dup
(
serial
);
if
(
in
!=
NULL
)
{
ASN1_INTEGER_free
(
x
->
serialNumber
);
x
->
serialNumber
=
in
;
}
}
return
(
in
!=
NULL
);
in
=
&
x
->
serialNumber
;
if
(
in
!=
serial
)
return
ASN1_STRING_copy
(
in
,
serial
);
return
1
;
}
STACK_OF
(
X509_EXTENSION
)
*
X509_REVOKED_get0_extensions
(
X509_REVOKED
*
r
)
...
...
crypto/x509/x_all.c
浏览文件 @
34a42e14
...
...
@@ -131,14 +131,14 @@ int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
{
x
->
crl
.
enc
.
modified
=
1
;
return
(
ASN1_item_sign
(
ASN1_ITEM_rptr
(
X509_CRL_INFO
),
&
x
->
crl
.
sig_alg
,
&
x
->
sig_alg
,
x
->
signature
,
&
x
->
crl
,
pkey
,
md
));
&
x
->
sig_alg
,
&
x
->
signature
,
&
x
->
crl
,
pkey
,
md
));
}
int
X509_CRL_sign_ctx
(
X509_CRL
*
x
,
EVP_MD_CTX
*
ctx
)
{
x
->
crl
.
enc
.
modified
=
1
;
return
ASN1_item_sign_ctx
(
ASN1_ITEM_rptr
(
X509_CRL_INFO
),
&
x
->
crl
.
sig_alg
,
&
x
->
sig_alg
,
x
->
signature
,
&
x
->
crl
.
sig_alg
,
&
x
->
sig_alg
,
&
x
->
signature
,
&
x
->
crl
,
ctx
);
}
...
...
crypto/x509/x_crl.c
浏览文件 @
34a42e14
...
...
@@ -69,7 +69,7 @@ static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
static
void
setup_idp
(
X509_CRL
*
crl
,
ISSUING_DIST_POINT
*
idp
);
ASN1_SEQUENCE
(
X509_REVOKED
)
=
{
ASN1_
SIMPLE
(
X509_REVOKED
,
serialNumber
,
ASN1_INTEGER
),
ASN1_
EMBED
(
X509_REVOKED
,
serialNumber
,
ASN1_INTEGER
),
ASN1_SIMPLE
(
X509_REVOKED
,
revocationDate
,
ASN1_TIME
),
ASN1_SEQUENCE_OF_OPT
(
X509_REVOKED
,
extensions
,
X509_EXTENSION
)
}
ASN1_SEQUENCE_END
(
X509_REVOKED
)
...
...
@@ -333,7 +333,7 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
ASN1_SEQUENCE_ref
(
X509_CRL
,
crl_cb
,
CRYPTO_LOCK_X509_CRL
)
=
{
ASN1_EMBED
(
X509_CRL
,
crl
,
X509_CRL_INFO
),
ASN1_EMBED
(
X509_CRL
,
sig_alg
,
X509_ALGOR
),
ASN1_
SIMPLE
(
X509_CRL
,
signature
,
ASN1_BIT_STRING
)
ASN1_
EMBED
(
X509_CRL
,
signature
,
ASN1_BIT_STRING
)
}
ASN1_SEQUENCE_END_ref
(
X509_CRL
,
X509_CRL
)
IMPLEMENT_ASN1_FUNCTIONS
(
X509_REVOKED
)
...
...
@@ -349,8 +349,8 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
static
int
X509_REVOKED_cmp
(
const
X509_REVOKED
*
const
*
a
,
const
X509_REVOKED
*
const
*
b
)
{
return
(
ASN1_STRING_cmp
((
ASN1_STRING
*
)(
*
a
)
->
serialNumber
,
(
ASN1_STRING
*
)(
*
b
)
->
serialNumber
));
return
(
ASN1_STRING_cmp
((
ASN1_STRING
*
)
&
(
*
a
)
->
serialNumber
,
(
ASN1_STRING
*
)
&
(
*
b
)
->
serialNumber
));
}
int
X509_CRL_add0_revoked
(
X509_CRL
*
crl
,
X509_REVOKED
*
rev
)
...
...
@@ -394,7 +394,7 @@ int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
static
int
def_crl_verify
(
X509_CRL
*
crl
,
EVP_PKEY
*
r
)
{
return
(
ASN1_item_verify
(
ASN1_ITEM_rptr
(
X509_CRL_INFO
),
&
crl
->
sig_alg
,
crl
->
signature
,
&
crl
->
crl
,
r
));
&
crl
->
sig_alg
,
&
crl
->
signature
,
&
crl
->
crl
,
r
));
}
static
int
crl_revoked_issuer_match
(
X509_CRL
*
crl
,
X509_NAME
*
nm
,
...
...
@@ -430,7 +430,7 @@ static int def_crl_lookup(X509_CRL *crl,
{
X509_REVOKED
rtmp
,
*
rev
;
int
idx
;
rtmp
.
serialNumber
=
serial
;
rtmp
.
serialNumber
=
*
serial
;
/*
* Sort revoked into serial number order if not already sorted. Do this
* under a lock to avoid race condition.
...
...
@@ -446,7 +446,7 @@ static int def_crl_lookup(X509_CRL *crl,
/* Need to look for matching name */
for
(;
idx
<
sk_X509_REVOKED_num
(
crl
->
crl
.
revoked
);
idx
++
)
{
rev
=
sk_X509_REVOKED_value
(
crl
->
crl
.
revoked
,
idx
);
if
(
ASN1_INTEGER_cmp
(
rev
->
serialNumber
,
serial
))
if
(
ASN1_INTEGER_cmp
(
&
rev
->
serialNumber
,
serial
))
return
0
;
if
(
crl_revoked_issuer_match
(
crl
,
issuer
,
rev
))
{
if
(
ret
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录