Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
765e9ba9
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
765e9ba9
编写于
2月 19, 2014
作者:
B
Ben Laurie
浏览文件
操作
浏览文件
下载
差异文件
Merge branch 'sct-viewer-master' of
https://github.com/robstradling/openssl
into sct-viewer
上级
6ecbc2bb
b263f212
变更
13
显示空白变更内容
内联
并排
Showing
13 changed file
with
233 addition
and
7 deletion
+233
-7
apps/ocsp.c
apps/ocsp.c
+2
-0
apps/s_client.c
apps/s_client.c
+3
-0
apps/x509.c
apps/x509.c
+4
-0
crypto/Makefile
crypto/Makefile
+2
-2
crypto/bio/b_dump.c
crypto/bio/b_dump.c
+22
-0
crypto/bio/bio.h
crypto/bio/bio.h
+3
-0
crypto/objects/obj_dat.h
crypto/objects/obj_dat.h
+29
-5
crypto/objects/obj_mac.h
crypto/objects/obj_mac.h
+20
-0
crypto/objects/obj_mac.num
crypto/objects/obj_mac.num
+4
-0
crypto/objects/objects.txt
crypto/objects/objects.txt
+6
-0
ssl/ssl.h
ssl/ssl.h
+3
-0
ssl/ssl_locl.h
ssl/ssl_locl.h
+9
-0
ssl/t1_lib.c
ssl/t1_lib.c
+126
-0
未找到文件。
apps/ocsp.c
浏览文件 @
765e9ba9
...
@@ -174,6 +174,7 @@ int MAIN(int argc, char **argv)
...
@@ -174,6 +174,7 @@ int MAIN(int argc, char **argv)
goto
end
;
goto
end
;
SSL_load_error_strings
();
SSL_load_error_strings
();
OpenSSL_add_ssl_algorithms
();
OpenSSL_add_ssl_algorithms
();
X509V3_EXT_add_rfc6962
();
args
=
argv
+
1
;
args
=
argv
+
1
;
reqnames
=
sk_OPENSSL_STRING_new_null
();
reqnames
=
sk_OPENSSL_STRING_new_null
();
ids
=
sk_OCSP_CERTID_new_null
();
ids
=
sk_OCSP_CERTID_new_null
();
...
@@ -970,6 +971,7 @@ end:
...
@@ -970,6 +971,7 @@ end:
OPENSSL_free
(
path
);
OPENSSL_free
(
path
);
}
}
X509V3_EXT_cleanup
();
OPENSSL_EXIT
(
ret
);
OPENSSL_EXIT
(
ret
);
}
}
...
...
apps/s_client.c
浏览文件 @
765e9ba9
...
@@ -713,6 +713,8 @@ static char *jpake_secret = NULL;
...
@@ -713,6 +713,8 @@ static char *jpake_secret = NULL;
c_msg
=
0
;
c_msg
=
0
;
c_showcerts
=
0
;
c_showcerts
=
0
;
X509V3_EXT_add_rfc6962
();
if
(
bio_err
==
NULL
)
if
(
bio_err
==
NULL
)
bio_err
=
BIO_new_fp
(
stderr
,
BIO_NOCLOSE
);
bio_err
=
BIO_new_fp
(
stderr
,
BIO_NOCLOSE
);
...
@@ -2193,6 +2195,7 @@ end:
...
@@ -2193,6 +2195,7 @@ end:
BIO_free
(
bio_c_msg
);
BIO_free
(
bio_c_msg
);
bio_c_msg
=
NULL
;
bio_c_msg
=
NULL
;
}
}
X509V3_EXT_cleanup
();
apps_shutdown
();
apps_shutdown
();
OPENSSL_EXIT
(
ret
);
OPENSSL_EXIT
(
ret
);
}
}
...
...
apps/x509.c
浏览文件 @
765e9ba9
...
@@ -73,6 +73,7 @@
...
@@ -73,6 +73,7 @@
#include <openssl/x509v3.h>
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#ifndef OPENSSL_NO_RSA
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#include <openssl/rsa.h>
#endif
#endif
...
@@ -224,6 +225,8 @@ int MAIN(int argc, char **argv)
...
@@ -224,6 +225,8 @@ int MAIN(int argc, char **argv)
apps_startup
();
apps_startup
();
X509V3_EXT_add_rfc6962
();
if
(
bio_err
==
NULL
)
if
(
bio_err
==
NULL
)
bio_err
=
BIO_new_fp
(
stderr
,
BIO_NOCLOSE
);
bio_err
=
BIO_new_fp
(
stderr
,
BIO_NOCLOSE
);
...
@@ -1155,6 +1158,7 @@ end:
...
@@ -1155,6 +1158,7 @@ end:
sk_ASN1_OBJECT_pop_free
(
trust
,
ASN1_OBJECT_free
);
sk_ASN1_OBJECT_pop_free
(
trust
,
ASN1_OBJECT_free
);
sk_ASN1_OBJECT_pop_free
(
reject
,
ASN1_OBJECT_free
);
sk_ASN1_OBJECT_pop_free
(
reject
,
ASN1_OBJECT_free
);
if
(
passin
)
OPENSSL_free
(
passin
);
if
(
passin
)
OPENSSL_free
(
passin
);
X509V3_EXT_cleanup
();
apps_shutdown
();
apps_shutdown
();
OPENSSL_EXIT
(
ret
);
OPENSSL_EXIT
(
ret
);
}
}
...
...
crypto/Makefile
浏览文件 @
765e9ba9
...
@@ -44,8 +44,8 @@ LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o \
...
@@ -44,8 +44,8 @@ LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o \
SRC
=
$(LIBSRC)
SRC
=
$(LIBSRC)
EXHEADER
=
crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h
\
EXHEADER
=
crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h
\
ossl_typ.h
ossl_typ.h
o_time.h
HEADER
=
cryptlib.h buildinf.h md32_common.h o_
time.h o_
str.h o_dir.h
$(EXHEADER)
HEADER
=
cryptlib.h buildinf.h md32_common.h o_str.h o_dir.h
$(EXHEADER)
ALL
=
$(GENERAL)
$(SRC)
$(HEADER)
ALL
=
$(GENERAL)
$(SRC)
$(HEADER)
...
...
crypto/bio/b_dump.c
浏览文件 @
765e9ba9
...
@@ -185,3 +185,25 @@ int BIO_dump_indent(BIO *bp, const char *s, int len, int indent)
...
@@ -185,3 +185,25 @@ int BIO_dump_indent(BIO *bp, const char *s, int len, int indent)
return
BIO_dump_indent_cb
(
write_bio
,
bp
,
s
,
len
,
indent
);
return
BIO_dump_indent_cb
(
write_bio
,
bp
,
s
,
len
,
indent
);
}
}
int
BIO_hex_string
(
BIO
*
out
,
int
indent
,
int
width
,
unsigned
char
*
data
,
int
datalen
)
{
int
i
,
j
=
0
;
if
(
datalen
<
1
)
return
1
;
for
(
i
=
0
;
i
<
datalen
-
1
;
i
++
)
{
if
(
i
&&
!
j
)
BIO_printf
(
out
,
"%*s"
,
indent
,
""
);
BIO_printf
(
out
,
"%02X:"
,
data
[
i
]);
j
=
(
j
+
1
)
%
width
;
if
(
!
j
)
BIO_printf
(
out
,
"
\n
"
);
}
if
(
i
&&
!
j
)
BIO_printf
(
out
,
"%*s"
,
indent
,
""
);
BIO_printf
(
out
,
"%02X"
,
data
[
datalen
-
1
]);
return
1
;
}
crypto/bio/bio.h
浏览文件 @
765e9ba9
...
@@ -707,6 +707,9 @@ int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent);
...
@@ -707,6 +707,9 @@ int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent);
int
BIO_dump_fp
(
FILE
*
fp
,
const
char
*
s
,
int
len
);
int
BIO_dump_fp
(
FILE
*
fp
,
const
char
*
s
,
int
len
);
int
BIO_dump_indent_fp
(
FILE
*
fp
,
const
char
*
s
,
int
len
,
int
indent
);
int
BIO_dump_indent_fp
(
FILE
*
fp
,
const
char
*
s
,
int
len
,
int
indent
);
#endif
#endif
int
BIO_hex_string
(
BIO
*
out
,
int
indent
,
int
width
,
unsigned
char
*
data
,
int
datalen
);
struct
hostent
*
BIO_gethostbyname
(
const
char
*
name
);
struct
hostent
*
BIO_gethostbyname
(
const
char
*
name
);
/* We might want a thread-safe interface too:
/* We might want a thread-safe interface too:
* struct hostent *BIO_gethostbyname_r(const char *name,
* struct hostent *BIO_gethostbyname_r(const char *name,
...
...
crypto/objects/obj_dat.h
浏览文件 @
765e9ba9
...
@@ -62,12 +62,12 @@
...
@@ -62,12 +62,12 @@
* [including the GNU Public Licence.]
* [including the GNU Public Licence.]
*/
*/
#define NUM_NID 95
1
#define NUM_NID 95
5
#define NUM_SN 94
4
#define NUM_SN 94
8
#define NUM_LN 94
4
#define NUM_LN 94
8
#define NUM_OBJ 88
3
#define NUM_OBJ 88
7
static
const
unsigned
char
lvalues
[
6
18
8
]
=
{
static
const
unsigned
char
lvalues
[
6
22
8
]
=
{
0x00
,
/* [ 0] OBJ_undef */
0x00
,
/* [ 0] OBJ_undef */
0x2A
,
0x86
,
0x48
,
0x86
,
0xF7
,
0x0D
,
/* [ 1] OBJ_rsadsi */
0x2A
,
0x86
,
0x48
,
0x86
,
0xF7
,
0x0D
,
/* [ 1] OBJ_rsadsi */
0x2A
,
0x86
,
0x48
,
0x86
,
0xF7
,
0x0D
,
0x01
,
/* [ 7] OBJ_pkcs */
0x2A
,
0x86
,
0x48
,
0x86
,
0xF7
,
0x0D
,
0x01
,
/* [ 7] OBJ_pkcs */
...
@@ -951,6 +951,10 @@ static const unsigned char lvalues[6188]={
...
@@ -951,6 +951,10 @@ static const unsigned char lvalues[6188]={
0x2B
,
0x81
,
0x04
,
0x01
,
0x0E
,
0x01
,
/* [6169] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */
0x2B
,
0x81
,
0x04
,
0x01
,
0x0E
,
0x01
,
/* [6169] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */
0x2B
,
0x81
,
0x04
,
0x01
,
0x0E
,
0x02
,
/* [6175] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */
0x2B
,
0x81
,
0x04
,
0x01
,
0x0E
,
0x02
,
/* [6175] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */
0x2B
,
0x81
,
0x04
,
0x01
,
0x0E
,
0x03
,
/* [6181] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */
0x2B
,
0x81
,
0x04
,
0x01
,
0x0E
,
0x03
,
/* [6181] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */
0x2B
,
0x06
,
0x01
,
0x04
,
0x01
,
0xD6
,
0x79
,
0x02
,
0x04
,
0x02
,
/* [6187] OBJ_ct_precert_scts */
0x2B
,
0x06
,
0x01
,
0x04
,
0x01
,
0xD6
,
0x79
,
0x02
,
0x04
,
0x03
,
/* [6197] OBJ_ct_precert_poison */
0x2B
,
0x06
,
0x01
,
0x04
,
0x01
,
0xD6
,
0x79
,
0x02
,
0x04
,
0x04
,
/* [6207] OBJ_ct_precert_signer */
0x2B
,
0x06
,
0x01
,
0x04
,
0x01
,
0xD6
,
0x79
,
0x02
,
0x04
,
0x05
,
/* [6217] OBJ_ct_cert_scts */
};
};
static
const
ASN1_OBJECT
nid_objs
[
NUM_NID
]
=
{
static
const
ASN1_OBJECT
nid_objs
[
NUM_NID
]
=
{
...
@@ -2500,6 +2504,14 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
...
@@ -2500,6 +2504,14 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
NID_aes_192_cbc_hmac_sha256
,
0
,
NULL
,
0
},
NID_aes_192_cbc_hmac_sha256
,
0
,
NULL
,
0
},
{
"AES-256-CBC-HMAC-SHA256"
,
"aes-256-cbc-hmac-sha256"
,
{
"AES-256-CBC-HMAC-SHA256"
,
"aes-256-cbc-hmac-sha256"
,
NID_aes_256_cbc_hmac_sha256
,
0
,
NULL
,
0
},
NID_aes_256_cbc_hmac_sha256
,
0
,
NULL
,
0
},
{
"ct_precert_scts"
,
"CT Precertificate SCTs"
,
NID_ct_precert_scts
,
10
,
&
(
lvalues
[
6187
]),
0
},
{
"ct_precert_poison"
,
"CT Precertificate Poison"
,
NID_ct_precert_poison
,
10
,
&
(
lvalues
[
6197
]),
0
},
{
"ct_precert_signer"
,
"CT Precertificate Signer"
,
NID_ct_precert_signer
,
10
,
&
(
lvalues
[
6207
]),
0
},
{
"ct_cert_scts"
,
"CT Certificate SCTs"
,
NID_ct_cert_scts
,
10
,
&
(
lvalues
[
6217
]),
0
},
};
};
static
const
unsigned
int
sn_objs
[
NUM_SN
]
=
{
static
const
unsigned
int
sn_objs
[
NUM_SN
]
=
{
...
@@ -2777,6 +2789,10 @@ static const unsigned int sn_objs[NUM_SN]={
...
@@ -2777,6 +2789,10 @@ static const unsigned int sn_objs[NUM_SN]={
884
,
/* "crossCertificatePair" */
884
,
/* "crossCertificatePair" */
806
,
/* "cryptocom" */
806
,
/* "cryptocom" */
805
,
/* "cryptopro" */
805
,
/* "cryptopro" */
954
,
/* "ct_cert_scts" */
952
,
/* "ct_precert_poison" */
951
,
/* "ct_precert_scts" */
953
,
/* "ct_precert_signer" */
500
,
/* "dITRedirect" */
500
,
/* "dITRedirect" */
451
,
/* "dNSDomain" */
451
,
/* "dNSDomain" */
495
,
/* "dSAQuality" */
495
,
/* "dSAQuality" */
...
@@ -3460,6 +3476,10 @@ static const unsigned int ln_objs[NUM_LN]={
...
@@ -3460,6 +3476,10 @@ static const unsigned int ln_objs[NUM_LN]={
285
,
/* "Biometric Info" */
285
,
/* "Biometric Info" */
179
,
/* "CA Issuers" */
179
,
/* "CA Issuers" */
785
,
/* "CA Repository" */
785
,
/* "CA Repository" */
954
,
/* "CT Certificate SCTs" */
952
,
/* "CT Precertificate Poison" */
951
,
/* "CT Precertificate SCTs" */
953
,
/* "CT Precertificate Signer" */
131
,
/* "Code Signing" */
131
,
/* "Code Signing" */
783
,
/* "Diffie-Hellman based MAC" */
783
,
/* "Diffie-Hellman based MAC" */
382
,
/* "Directory" */
382
,
/* "Directory" */
...
@@ -5202,6 +5222,10 @@ static const unsigned int obj_objs[NUM_OBJ]={
...
@@ -5202,6 +5222,10 @@ static const unsigned int obj_objs[NUM_OBJ]={
138
,
/* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */
138
,
/* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */
648
,
/* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */
648
,
/* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */
649
,
/* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */
649
,
/* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */
951
,
/* OBJ_ct_precert_scts 1 3 6 1 4 1 11129 2 4 2 */
952
,
/* OBJ_ct_precert_poison 1 3 6 1 4 1 11129 2 4 3 */
953
,
/* OBJ_ct_precert_signer 1 3 6 1 4 1 11129 2 4 4 */
954
,
/* OBJ_ct_cert_scts 1 3 6 1 4 1 11129 2 4 5 */
751
,
/* OBJ_camellia_128_cbc 1 2 392 200011 61 1 1 1 2 */
751
,
/* OBJ_camellia_128_cbc 1 2 392 200011 61 1 1 1 2 */
752
,
/* OBJ_camellia_192_cbc 1 2 392 200011 61 1 1 1 3 */
752
,
/* OBJ_camellia_192_cbc 1 2 392 200011 61 1 1 1 3 */
753
,
/* OBJ_camellia_256_cbc 1 2 392 200011 61 1 1 1 4 */
753
,
/* OBJ_camellia_256_cbc 1 2 392 200011 61 1 1 1 4 */
...
...
crypto/objects/obj_mac.h
浏览文件 @
765e9ba9
...
@@ -4158,3 +4158,23 @@
...
@@ -4158,3 +4158,23 @@
#define SN_dh_cofactor_kdf "dh-cofactor-kdf"
#define SN_dh_cofactor_kdf "dh-cofactor-kdf"
#define NID_dh_cofactor_kdf 947
#define NID_dh_cofactor_kdf 947
#define SN_ct_precert_scts "ct_precert_scts"
#define LN_ct_precert_scts "CT Precertificate SCTs"
#define NID_ct_precert_scts 951
#define OBJ_ct_precert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L
#define SN_ct_precert_poison "ct_precert_poison"
#define LN_ct_precert_poison "CT Precertificate Poison"
#define NID_ct_precert_poison 952
#define OBJ_ct_precert_poison 1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L
#define SN_ct_precert_signer "ct_precert_signer"
#define LN_ct_precert_signer "CT Precertificate Signer"
#define NID_ct_precert_signer 953
#define OBJ_ct_precert_signer 1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L
#define SN_ct_cert_scts "ct_cert_scts"
#define LN_ct_cert_scts "CT Certificate SCTs"
#define NID_ct_cert_scts 954
#define OBJ_ct_cert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L
crypto/objects/obj_mac.num
浏览文件 @
765e9ba9
...
@@ -948,3 +948,7 @@ dh_cofactor_kdf 947
...
@@ -948,3 +948,7 @@ dh_cofactor_kdf 947
aes_128_cbc_hmac_sha256 948
aes_128_cbc_hmac_sha256 948
aes_192_cbc_hmac_sha256 949
aes_192_cbc_hmac_sha256 949
aes_256_cbc_hmac_sha256 950
aes_256_cbc_hmac_sha256 950
ct_precert_scts 951
ct_precert_poison 952
ct_precert_signer 953
ct_cert_scts 954
crypto/objects/objects.txt
浏览文件 @
765e9ba9
...
@@ -1335,3 +1335,9 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
...
@@ -1335,3 +1335,9 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
# NIDs for use with lookup tables.
# NIDs for use with lookup tables.
: dh-std-kdf
: dh-std-kdf
: dh-cofactor-kdf
: dh-cofactor-kdf
# RFC 6962 Extension OIDs (see http://www.ietf.org/rfc/rfc6962.txt)
1 3 6 1 4 1 11129 2 4 2 : ct_precert_scts : CT Precertificate SCTs
1 3 6 1 4 1 11129 2 4 3 : ct_precert_poison : CT Precertificate Poison
1 3 6 1 4 1 11129 2 4 4 : ct_precert_signer : CT Precertificate Signer
1 3 6 1 4 1 11129 2 4 5 : ct_cert_scts : CT Certificate SCTs
ssl/ssl.h
浏览文件 @
765e9ba9
...
@@ -2557,6 +2557,9 @@ void SSL_trace(int write_p, int version, int content_type,
...
@@ -2557,6 +2557,9 @@ void SSL_trace(int write_p, int version, int content_type,
const
char
*
SSL_CIPHER_standard_name
(
const
SSL_CIPHER
*
c
);
const
char
*
SSL_CIPHER_standard_name
(
const
SSL_CIPHER
*
c
);
#endif
#endif
/* RFC6962 Signed Certificate Timestamp List X.509 extension parser */
int
X509V3_EXT_add_rfc6962
(
void
);
/* BEGIN ERROR CODES */
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
* made after this point may be overwritten when the script is next run.
...
...
ssl/ssl_locl.h
浏览文件 @
765e9ba9
...
@@ -231,6 +231,15 @@
...
@@ -231,6 +231,15 @@
l|=((BN_ULLONG)(*((c)++)))<< 8, \
l|=((BN_ULLONG)(*((c)++)))<< 8, \
l|=((BN_ULLONG)(*((c)++))))
l|=((BN_ULLONG)(*((c)++))))
#define n2l8(c,l) (l =((BN_ULLONG)(*((c)++)))<<56, \
l|=((BN_ULLONG)(*((c)++)))<<48, \
l|=((BN_ULLONG)(*((c)++)))<<40, \
l|=((BN_ULLONG)(*((c)++)))<<32, \
l|=((BN_ULLONG)(*((c)++)))<<24, \
l|=((BN_ULLONG)(*((c)++)))<<16, \
l|=((BN_ULLONG)(*((c)++)))<< 8, \
l|=((BN_ULLONG)(*((c)++))))
/* NOTE - c is not incremented as per l2c */
/* NOTE - c is not incremented as per l2c */
#define l2cn(l1,l2,c,n) { \
#define l2cn(l1,l2,c,n) { \
c+=n; \
c+=n; \
...
...
ssl/t1_lib.c
浏览文件 @
765e9ba9
...
@@ -110,10 +110,13 @@
...
@@ -110,10 +110,13 @@
*/
*/
#include <stdio.h>
#include <stdio.h>
#include <time.h>
#include <openssl/bio.h>
#include <openssl/objects.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/hmac.h>
#include <openssl/ocsp.h>
#include <openssl/ocsp.h>
#include <openssl/o_time.h>
#include <openssl/rand.h>
#include <openssl/rand.h>
#include "ssl_locl.h"
#include "ssl_locl.h"
...
@@ -4432,3 +4435,126 @@ int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
...
@@ -4432,3 +4435,126 @@ int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
}
}
#endif
#endif
/* RFC6962 Signed Certificate Timestamp List X.509 extension parser */
int
i2r_sctlist
(
X509V3_EXT_METHOD
*
method
,
ASN1_OCTET_STRING
*
oct
,
BIO
*
out
,
int
indent
)
{
BN_ULLONG
timestamp
;
struct
tm
tm1
;
time_t
unix_epoch
=
0
;
unsigned
char
*
data
=
oct
->
data
;
char
month
[
4
];
unsigned
short
listlen
,
sctlen
=
0
,
fieldlen
;
int
signhash_nid
;
if
(
oct
->
length
<
2
)
return
0
;
n2s
(
data
,
listlen
);
if
(
listlen
!=
oct
->
length
-
2
)
return
0
;
while
(
listlen
>
0
)
{
if
(
listlen
<
2
)
return
0
;
n2s
(
data
,
sctlen
);
listlen
-=
2
;
if
((
sctlen
<
1
)
||
(
sctlen
>
listlen
))
return
0
;
listlen
-=
sctlen
;
BIO_printf
(
out
,
"%*sSigned Certificate Timestamp:"
,
indent
,
""
);
if
(
*
data
==
0
)
/* SCT v1 */
{
/* Fixed-length header:
* struct {
* (1 byte) Version sct_version;
* (32 bytes) LogID id;
* (8 bytes) uint64 timestamp;
* (2 bytes + ?) CtExtensions extensions;
*/
if
(
sctlen
<
43
)
return
0
;
sctlen
-=
43
;
BIO_printf
(
out
,
"
\n
%*sVersion : v1(0)"
,
indent
+
4
,
""
);
BIO_printf
(
out
,
"
\n
%*sLog ID : "
,
indent
+
4
,
""
);
BIO_hex_string
(
out
,
indent
+
16
,
16
,
data
+
1
,
32
);
data
+=
33
;
n2l8
(
data
,
timestamp
);
OPENSSL_gmtime
(
&
unix_epoch
,
&
tm1
);
OPENSSL_gmtime_adj
(
&
tm1
,
timestamp
/
86400000
,
(
timestamp
%
86400000
)
/
1000
);
strftime
(
month
,
4
,
"%b"
,
&
tm1
);
BIO_printf
(
out
,
"
\n
%*sTimestamp : "
,
indent
+
4
,
""
);
BIO_printf
(
out
,
"%s %2d %02d:%02d:%02d.%03u %d UTC"
,
month
,
tm1
.
tm_mday
,
tm1
.
tm_hour
,
tm1
.
tm_min
,
tm1
.
tm_sec
,
(
unsigned
int
)(
timestamp
%
1000
),
tm1
.
tm_year
+
1900
);
n2s
(
data
,
fieldlen
);
if
(
sctlen
<
fieldlen
)
return
0
;
sctlen
-=
fieldlen
;
BIO_printf
(
out
,
"
\n
%*sExtensions: "
,
indent
+
4
,
""
);
if
(
fieldlen
==
0
)
BIO_printf
(
out
,
"none"
);
else
BIO_hex_string
(
out
,
indent
+
16
,
16
,
data
,
fieldlen
);
data
+=
fieldlen
;
/* digitally-signed struct header:
* (1 byte) Hash algorithm
* (1 byte) Signature algorithm
* (2 bytes + ?) Signature
*/
if
(
sctlen
<
4
)
return
0
;
sctlen
-=
4
;
tls1_lookup_sigalg
(
NULL
,
NULL
,
&
signhash_nid
,
data
);
data
+=
2
;
n2s
(
data
,
fieldlen
);
if
(
sctlen
!=
fieldlen
)
return
0
;
BIO_printf
(
out
,
"
\n
%*sSignature : "
,
indent
+
4
,
""
);
BIO_printf
(
out
,
"%s"
,
OBJ_nid2ln
(
signhash_nid
));
BIO_printf
(
out
,
"
\n
%*s "
,
indent
+
4
,
""
);
BIO_hex_string
(
out
,
indent
+
16
,
16
,
data
,
fieldlen
);
if
(
listlen
>
0
)
BIO_printf
(
out
,
"
\n
"
);
data
+=
fieldlen
;
}
}
return
1
;
}
static
X509V3_EXT_METHOD
ext_method_ct_precert_scts
=
{
NID_ct_precert_scts
,
0
,
ASN1_ITEM_ref
(
ASN1_OCTET_STRING
),
0
,
0
,
0
,
0
,
0
,
0
,
0
,
0
,
(
X509V3_EXT_I2R
)
i2r_sctlist
,
NULL
,
NULL
};
static
X509V3_EXT_METHOD
ext_method_ct_cert_scts
=
{
NID_ct_cert_scts
,
0
,
ASN1_ITEM_ref
(
ASN1_OCTET_STRING
),
0
,
0
,
0
,
0
,
0
,
0
,
0
,
0
,
(
X509V3_EXT_I2R
)
i2r_sctlist
,
NULL
,
NULL
};
int
X509V3_EXT_add_rfc6962
(
void
)
{
if
(
!
X509V3_EXT_add
(
&
ext_method_ct_precert_scts
))
return
0
;
if
(
!
X509V3_EXT_add
(
&
ext_method_ct_cert_scts
))
return
0
;
return
1
;
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录