Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
64674bcc
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
64674bcc
编写于
20年前
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Reduce chances of issuer and serial number duplication by use of random
initial serial numbers. PR: 842
上级
1dc2d655
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
49 addition
and
10 deletion
+49
-10
CHANGES
CHANGES
+9
-0
apps/CA.pl.in
apps/CA.pl.in
+2
-4
apps/apps.c
apps/apps.c
+28
-4
apps/apps.h
apps/apps.h
+3
-0
apps/ca.c
apps/ca.c
+4
-1
apps/req.c
apps/req.c
+3
-1
未找到文件。
CHANGES
浏览文件 @
64674bcc
...
...
@@ -4,6 +4,15 @@
Changes between 0.9.7c and 0.9.8 [xx XXX xxxx]
*) Reduce the chances of duplicate issuer name and serial numbers (in
violation of RFC3280) using the OpenSSL certificate creation utilities.
This is done by creating a random 64 bit value for the initial serial
number when a serial number file is created or when a self signed
certificate is created using 'openssl req -x509'. The initial serial
number file is now moved from CA.pl to the 'ca' utility with a new
option -create_serial.
[Steve Henson]
*) Reduced header interdepencies by declaring more opaque objects in
ossl_typ.h. As a consequence, including some headers (eg. engine.h) will
give fewer recursive includes, which could break lazy source code - so
...
...
This diff is collapsed.
Click to expand it.
apps/CA.pl.in
浏览文件 @
64674bcc
...
...
@@ -84,9 +84,6 @@ foreach (@ARGV) {
mkdir
"
${CATOP}
/crl
",
$DIRMODE
;
mkdir
"
${CATOP}
/newcerts
",
$DIRMODE
;
mkdir
"
${CATOP}
/private
",
$DIRMODE
;
open
OUT
,
"
>
${CATOP}
/serial
";
print
OUT
"
01
\n
";
close
OUT
;
open
OUT
,
"
>
${CATOP}
/index.txt
";
close
OUT
;
}
...
...
@@ -105,7 +102,8 @@ foreach (@ARGV) {
print
"
Making CA certificate ...
\n
";
system
("
$REQ
-new -keyout
"
.
"
${CATOP}
/private/
$CAKEY
-out
${CATOP}
/
$CAREQ
");
system
("
$CA
-out
${CATOP}
/
$CACERT
$CADAYS
-batch
"
.
system
("
$CA
-create_serial
"
.
"
-out
${CATOP}
/
$CACERT
$CADAYS
-batch
"
.
"
-keyfile
${CATOP}
/private/
$CAKEY
-selfsign
"
.
"
-infiles
${CATOP}
/
$CAREQ
");
$RET
=
$?
;
...
...
This diff is collapsed.
Click to expand it.
apps/apps.c
浏览文件 @
64674bcc
...
...
@@ -1434,12 +1434,9 @@ BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
}
else
{
ASN1_INTEGER_set
(
ai
,
1
);
ret
=
BN_new
();
if
(
ret
==
NULL
)
if
(
ret
==
NULL
||
!
rand_serial
(
ret
,
ai
)
)
BIO_printf
(
bio_err
,
"Out of memory
\n
"
);
else
BN_one
(
ret
);
}
}
else
...
...
@@ -1601,6 +1598,33 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
return
0
;
}
int
rand_serial
(
BIGNUM
*
b
,
ASN1_INTEGER
*
ai
)
{
BIGNUM
*
btmp
;
int
ret
=
0
;
if
(
b
)
btmp
=
b
;
else
btmp
=
BN_new
();
if
(
!
btmp
)
return
0
;
if
(
!
BN_pseudo_rand
(
btmp
,
SERIAL_RAND_BITS
,
0
,
0
))
goto
error
;
if
(
ai
&&
!
BN_to_ASN1_INTEGER
(
btmp
,
ai
))
goto
error
;
ret
=
1
;
error:
if
(
!
b
)
BN_free
(
btmp
);
return
ret
;
}
CA_DB
*
load_index
(
char
*
dbfile
,
DB_ATTR
*
db_attr
)
{
CA_DB
*
retdb
=
NULL
;
...
...
This diff is collapsed.
Click to expand it.
apps/apps.h
浏览文件 @
64674bcc
...
...
@@ -309,6 +309,7 @@ typedef struct ca_db_st
BIGNUM
*
load_serial
(
char
*
serialfile
,
int
create
,
ASN1_INTEGER
**
retai
);
int
save_serial
(
char
*
serialfile
,
char
*
suffix
,
BIGNUM
*
serial
,
ASN1_INTEGER
**
retai
);
int
rotate_serial
(
char
*
serialfile
,
char
*
new_suffix
,
char
*
old_suffix
);
int
rand_serial
(
BIGNUM
*
b
,
ASN1_INTEGER
*
ai
);
CA_DB
*
load_index
(
char
*
dbfile
,
DB_ATTR
*
dbattr
);
int
index_index
(
CA_DB
*
db
);
int
save_index
(
char
*
dbfile
,
char
*
suffix
,
CA_DB
*
db
);
...
...
@@ -338,4 +339,6 @@ X509_NAME *parse_name(char *str, long chtype, int multirdn);
#define APP_PASS_LEN 1024
#define SERIAL_RAND_BITS 64
#endif
This diff is collapsed.
Click to expand it.
apps/ca.c
浏览文件 @
64674bcc
...
...
@@ -241,6 +241,7 @@ int MAIN(int argc, char **argv)
{
ENGINE
*
e
=
NULL
;
char
*
key
=
NULL
,
*
passargin
=
NULL
;
int
create_ser
=
0
;
int
free_key
=
0
;
int
total
=
0
;
int
total_done
=
0
;
...
...
@@ -354,6 +355,8 @@ EF_ALIGNMENT=0;
subj
=
*
(
++
argv
);
/* preserve=1; */
}
else
if
(
strcmp
(
*
argv
,
"-create_serial"
)
==
0
)
create_ser
=
1
;
else
if
(
strcmp
(
*
argv
,
"-multivalue-rdn"
)
==
0
)
multirdn
=
1
;
else
if
(
strcmp
(
*
argv
,
"-startdate"
)
==
0
)
...
...
@@ -1097,7 +1100,7 @@ bad:
goto
err
;
}
if
((
serial
=
load_serial
(
serialfile
,
0
,
NULL
))
==
NULL
)
if
((
serial
=
load_serial
(
serialfile
,
create_ser
,
NULL
))
==
NULL
)
{
BIO_printf
(
bio_err
,
"error while loading serial number
\n
"
);
goto
err
;
...
...
This diff is collapsed.
Click to expand it.
apps/req.c
浏览文件 @
64674bcc
...
...
@@ -919,7 +919,9 @@ loop:
}
else
{
if
(
!
ASN1_INTEGER_set
(
X509_get_serialNumber
(
x509ss
),
0L
))
goto
end
;
if
(
!
rand_serial
(
NULL
,
X509_get_serialNumber
(
x509ss
)))
goto
end
;
}
if
(
!
X509_set_issuer_name
(
x509ss
,
X509_REQ_get_subject_name
(
req
)))
goto
end
;
...
...
This diff is collapsed.
Click to expand it.
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录
新手
引导
客服
返回
顶部