Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
55ec5861
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
55ec5861
编写于
12月 07, 1999
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Modify S/MIME application so the -signer option writes the signer(s)
to a file if we are verifying.
上级
5a9a4b29
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
84 addition
and
31 deletion
+84
-31
apps/smime.c
apps/smime.c
+25
-2
crypto/pkcs7/pk7_smime.c
crypto/pkcs7/pk7_smime.c
+54
-29
crypto/pkcs7/pkcs7.h
crypto/pkcs7/pkcs7.h
+3
-0
crypto/pkcs7/pkcs7err.c
crypto/pkcs7/pkcs7err.c
+2
-0
未找到文件。
apps/smime.c
浏览文件 @
55ec5861
...
...
@@ -70,6 +70,7 @@ static X509 *load_cert(char *file);
static
EVP_PKEY
*
load_key
(
char
*
file
);
static
STACK_OF
(
X509
)
*
load_certs
(
char
*
file
);
static
X509_STORE
*
setup_verify
(
char
*
CAfile
,
char
*
CApath
);
static
int
save_certs
(
char
*
signerfile
,
STACK_OF
(
X509
)
*
signers
);
#define SMIME_OP 0x10
#define SMIME_ENCRYPT (1 | SMIME_OP)
...
...
@@ -261,7 +262,7 @@ int MAIN(int argc, char **argv)
}
}
if
(
signerfile
)
{
if
(
signerfile
&&
(
operation
==
SMIME_SIGN
)
)
{
if
(
!
(
signer
=
load_cert
(
signerfile
)))
{
BIO_printf
(
bio_err
,
"Can't read signer certificate file %s
\n
"
,
signerfile
);
goto
end
;
...
...
@@ -276,7 +277,7 @@ int MAIN(int argc, char **argv)
}
}
if
(
recipfile
)
{
if
(
recipfile
&&
(
operation
==
SMIME_DECRYPT
)
)
{
if
(
!
(
recip
=
load_cert
(
recipfile
)))
{
BIO_printf
(
bio_err
,
"Can't read recipient certificate file %s
\n
"
,
recipfile
);
ERR_print_errors
(
bio_err
);
...
...
@@ -341,6 +342,8 @@ int MAIN(int argc, char **argv)
BIO_printf
(
bio_err
,
"Error decrypting PKCS#7 structure
\n
"
);
else
ret
=
0
;
}
else
if
(
operation
==
SMIME_VERIFY
)
{
STACK_OF
(
X509
)
*
signers
;
signers
=
PKCS7_iget_signers
(
p7
,
other
,
flags
);
if
(
PKCS7_verify
(
p7
,
other
,
store
,
indata
,
out
,
flags
))
{
BIO_printf
(
bio_err
,
"Verification Successful
\n
"
);
ret
=
0
;
...
...
@@ -348,6 +351,12 @@ int MAIN(int argc, char **argv)
BIO_printf
(
bio_err
,
"Verification Failure
\n
"
);
ret
=
5
;
}
if
(
!
save_certs
(
signerfile
,
signers
))
{
BIO_printf
(
bio_err
,
"Error writing signers to %s
\n
"
,
signerfile
);
ret
=
2
;
}
sk_X509_free
(
signers
);
}
else
if
(
operation
==
SMIME_PK7OUT
)
{
PEM_write_bio_PKCS7
(
out
,
p7
);
}
else
{
...
...
@@ -444,3 +453,17 @@ static X509_STORE *setup_verify(char *CAfile, char *CApath)
X509_STORE_free
(
store
);
return
NULL
;
}
int
save_certs
(
char
*
signerfile
,
STACK_OF
(
X509
)
*
signers
)
{
int
i
;
BIO
*
tmp
;
if
(
!
signerfile
)
return
1
;
tmp
=
BIO_new_file
(
signerfile
,
"w"
);
if
(
!
tmp
)
return
0
;
for
(
i
=
0
;
i
<
sk_X509_num
(
signers
);
i
++
)
PEM_write_bio_X509
(
tmp
,
sk_X509_value
(
signers
,
i
));
BIO_free
(
tmp
);
return
1
;
}
crypto/pkcs7/pk7_smime.c
浏览文件 @
55ec5861
...
...
@@ -144,14 +144,13 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
X509
*
signer
;
STACK_OF
(
PKCS7_SIGNER_INFO
)
*
sinfos
;
PKCS7_SIGNER_INFO
*
si
;
PKCS7_ISSUER_AND_SERIAL
*
ias
;
X509_STORE_CTX
cert_ctx
;
char
buf
[
4096
];
int
i
,
j
=
0
;
BIO
*
p7bio
;
BIO
*
tmpout
;
if
(
OBJ_obj2nid
(
p7
->
type
)
!=
NID_pkcs7_signed
)
{
if
(
!
PKCS7_type_is_signed
(
p7
)
)
{
PKCS7err
(
PKCS7_F_PKCS7_VERIFY
,
PKCS7_R_WRONG_CONTENT_TYPE
);
return
0
;
}
...
...
@@ -176,34 +175,9 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
}
if
(
!
(
signers
=
sk_X509_new
(
NULL
)))
{
PKCS7err
(
PKCS7_F_PKCS7_VERIFY
,
ERR_R_MALLOC_FAILURE
);
return
0
;
}
/* Collect all the signers together */
for
(
i
=
0
;
i
<
sk_PKCS7_SIGNER_INFO_num
(
sinfos
);
i
++
)
{
si
=
sk_PKCS7_SIGNER_INFO_value
(
sinfos
,
i
);
ias
=
si
->
issuer_and_serial
;
signer
=
NULL
;
/* If any certificates passed they take priority */
if
(
certs
)
signer
=
X509_find_by_issuer_and_serial
(
certs
,
ias
->
issuer
,
ias
->
serial
);
if
(
!
signer
&&
!
(
flags
&
PKCS7_NOINTERN
)
&&
p7
->
d
.
sign
->
cert
)
signer
=
X509_find_by_issuer_and_serial
(
p7
->
d
.
sign
->
cert
,
ias
->
issuer
,
ias
->
serial
);
if
(
!
signer
)
{
PKCS7err
(
PKCS7_F_PKCS7_VERIFY
,
PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND
);
sk_X509_free
(
signers
);
return
0
;
}
sk_X509_push
(
signers
,
signer
);
}
signers
=
PKCS7_iget_signers
(
p7
,
certs
,
flags
);
if
(
!
signers
)
return
0
;
/* Now verify the certificates */
...
...
@@ -281,6 +255,57 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
return
0
;
}
STACK_OF
(
X509
)
*
PKCS7_iget_signers
(
PKCS7
*
p7
,
STACK_OF
(
X509
)
*
certs
,
int
flags
)
{
STACK_OF
(
X509
)
*
signers
;
STACK_OF
(
PKCS7_SIGNER_INFO
)
*
sinfos
;
PKCS7_SIGNER_INFO
*
si
;
PKCS7_ISSUER_AND_SERIAL
*
ias
;
X509
*
signer
;
int
i
;
if
(
!
PKCS7_type_is_signed
(
p7
))
{
PKCS7err
(
PKCS7_F_PKCS7_IGET_SIGNERS
,
PKCS7_R_WRONG_CONTENT_TYPE
);
return
NULL
;
}
if
(
!
(
signers
=
sk_X509_new
(
NULL
)))
{
PKCS7err
(
PKCS7_F_PKCS7_IGET_SIGNERS
,
ERR_R_MALLOC_FAILURE
);
return
NULL
;
}
/* Collect all the signers together */
sinfos
=
PKCS7_get_signer_info
(
p7
);
if
(
sk_PKCS7_SIGNER_INFO_num
(
sinfos
)
<=
0
)
{
PKCS7err
(
PKCS7_F_PKCS7_IGET_SIGNERS
,
PKCS7_R_NO_SIGNERS
);
return
0
;
}
for
(
i
=
0
;
i
<
sk_PKCS7_SIGNER_INFO_num
(
sinfos
);
i
++
)
{
si
=
sk_PKCS7_SIGNER_INFO_value
(
sinfos
,
i
);
ias
=
si
->
issuer_and_serial
;
signer
=
NULL
;
/* If any certificates passed they take priority */
if
(
certs
)
signer
=
X509_find_by_issuer_and_serial
(
certs
,
ias
->
issuer
,
ias
->
serial
);
if
(
!
signer
&&
!
(
flags
&
PKCS7_NOINTERN
)
&&
p7
->
d
.
sign
->
cert
)
signer
=
X509_find_by_issuer_and_serial
(
p7
->
d
.
sign
->
cert
,
ias
->
issuer
,
ias
->
serial
);
if
(
!
signer
)
{
PKCS7err
(
PKCS7_F_PKCS7_IGET_SIGNERS
,
PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND
);
sk_X509_free
(
signers
);
return
0
;
}
sk_X509_push
(
signers
,
signer
);
}
return
signers
;
}
/* Build a complete PKCS#7 enveloped data */
PKCS7
*
PKCS7_encrypt
(
STACK_OF
(
X509
)
*
certs
,
BIO
*
in
,
EVP_CIPHER
*
cipher
,
...
...
crypto/pkcs7/pkcs7.h
浏览文件 @
55ec5861
...
...
@@ -396,6 +396,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
BIO
*
data
,
int
flags
);
int
PKCS7_verify
(
PKCS7
*
p7
,
STACK_OF
(
X509
)
*
certs
,
X509_STORE
*
store
,
BIO
*
indata
,
BIO
*
out
,
int
flags
);
STACK_OF
(
X509
)
*
PKCS7_iget_signers
(
PKCS7
*
p7
,
STACK_OF
(
X509
)
*
certs
,
int
flags
);
PKCS7
*
PKCS7_encrypt
(
STACK_OF
(
X509
)
*
certs
,
BIO
*
in
,
EVP_CIPHER
*
cipher
,
int
flags
);
int
PKCS7_decrypt
(
PKCS7
*
p7
,
EVP_PKEY
*
pkey
,
X509
*
cert
,
BIO
*
data
,
int
flags
);
...
...
@@ -431,6 +432,7 @@ int SMIME_text(BIO *in, BIO *out);
#define PKCS7_F_PKCS7_DATAVERIFY 107
#define PKCS7_F_PKCS7_DECRYPT 114
#define PKCS7_F_PKCS7_ENCRYPT 115
#define PKCS7_F_PKCS7_IGET_SIGNERS 124
#define PKCS7_F_PKCS7_SET_CIPHER 108
#define PKCS7_F_PKCS7_SET_CONTENT 109
#define PKCS7_F_PKCS7_SET_TYPE 110
...
...
@@ -463,6 +465,7 @@ int SMIME_text(BIO *in, BIO *out);
#define PKCS7_R_NO_MULTIPART_BOUNDARY 137
#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115
#define PKCS7_R_NO_SIGNATURES_ON_DATA 123
#define PKCS7_R_NO_SIGNERS 142
#define PKCS7_R_NO_SIG_CONTENT_TYPE 138
#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104
#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124
...
...
crypto/pkcs7/pkcs7err.c
浏览文件 @
55ec5861
...
...
@@ -79,6 +79,7 @@ static ERR_STRING_DATA PKCS7_str_functs[]=
{
ERR_PACK
(
0
,
PKCS7_F_PKCS7_DATAVERIFY
,
0
),
"PKCS7_dataVerify"
},
{
ERR_PACK
(
0
,
PKCS7_F_PKCS7_DECRYPT
,
0
),
"PKCS7_decrypt"
},
{
ERR_PACK
(
0
,
PKCS7_F_PKCS7_ENCRYPT
,
0
),
"PKCS7_encrypt"
},
{
ERR_PACK
(
0
,
PKCS7_F_PKCS7_IGET_SIGNERS
,
0
),
"PKCS7_iget_signers"
},
{
ERR_PACK
(
0
,
PKCS7_F_PKCS7_SET_CIPHER
,
0
),
"PKCS7_set_cipher"
},
{
ERR_PACK
(
0
,
PKCS7_F_PKCS7_SET_CONTENT
,
0
),
"PKCS7_set_content"
},
{
ERR_PACK
(
0
,
PKCS7_F_PKCS7_SET_TYPE
,
0
),
"PKCS7_set_type"
},
...
...
@@ -114,6 +115,7 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
{
PKCS7_R_NO_MULTIPART_BOUNDARY
,
"no multipart boundary"
},
{
PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE
,
"no recipient matches certificate"
},
{
PKCS7_R_NO_SIGNATURES_ON_DATA
,
"no signatures on data"
},
{
PKCS7_R_NO_SIGNERS
,
"no signers"
},
{
PKCS7_R_NO_SIG_CONTENT_TYPE
,
"no sig content type"
},
{
PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE
,
"operation not supported on this type"
},
{
PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR
,
"pkcs7 add signature error"
},
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录