Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
7a71af86
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
7a71af86
编写于
12年前
作者:
B
Ben Laurie
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Rearrange and test authz extension.
上级
32e62d1c
master
OpenHarmony-2.2-Beta2
OpenHarmony-2.3-Beta
OpenHarmony-3.0-LTS
OpenHarmony-3.1-API8-SDK-Public
OpenHarmony-3.1-API9-SDK-Canary
OpenHarmony-3.1-Beta
OpenHarmony-3.1-Release
OpenHarmony-3.2-Beta1
OpenHarmony-3.2-Beta2
OpenHarmony-3.2-Beta3
OpenHarmony-3.2-Beta4
OpenHarmony-3.2-Beta5
OpenHarmony-3.2-Release
OpenHarmony-4.0-Beta1
OpenHarmony-4.0-Beta2
OpenHarmony-v2.2-Beta
OpenHarmony_1.0.1_release
OpenHarmony_filemanager_develop_20220505
OpenHarmony_filemanager_develop_20220614
add_issus_pr_template_for_master
add_issus_pr_template_for_release
feature_IDL_20220811
master_dy
monthly_20220614
monthly_20220816
monthly_20221018
monthly_20230815
revert-merge-109-master
weekly_20220105
weekly_20220111
weekly_20220118
weekly_20220125
weekly_20220201
weekly_20220208
weekly_20220215
weekly_20220222
weekly_20220301
weekly_20220406
weekly_20220412
weekly_20220419
weekly_20220426
weekly_20220503
weekly_20220510
weekly_20220524
weekly_20220531
weekly_20220607
weekly_20220614
weekly_20220621
weekly_20220628
weekly_20220705
weekly_20220712
weekly_20220719
weekly_20220726
weekly_20220802
weekly_20220809
weekly_20220816
weekly_20220823
weekly_20220830
weekly_20220906
weekly_20220913
weekly_20220920
weekly_20220927
weekly_20221004
weekly_20221011
weekly_20221018
weekly_20221025
weekly_20221101
weekly_20221108
weekly_20221115
weekly_20221122
weekly_20221129
weekly_20221206
weekly_20221213
weekly_20221220
weekly_20221227
weekly_20230103
weekly_20230110
weekly_20230117
weekly_20230124
weekly_20230131
weekly_20230207
weekly_20230214
weekly_20230221
weekly_20230228
weekly_20230307
weekly_20230314
weekly_20230321
weekly_20230328
weekly_20230404
weekly_20230411
weekly_20230418
weekly_20230425
weekly_20230502
weekly_20230509
weekly_20230516
weekly_20230523
weekly_20230530
weekly_20230606
weekly_20230613
weekly_20230619
weekly_20230626
weekly_20230627
weekly_20230704
weekly_20230712
weekly_20230725
weekly_20230801
weekly_20230808
weekly_20230815
weekly_20230822
weekly_20230829
OpenHarmony_v1.1.1-LTS
OpenHarmony_release_v1.1.0
OpenHarmony-v4.0-Beta2
OpenHarmony-v4.0-Beta1
OpenHarmony-v3.2.2-Release
OpenHarmony-v3.2.1-Release
OpenHarmony-v3.2-Release
OpenHarmony-v3.2-Beta5
OpenHarmony-v3.2-Beta4
OpenHarmony-v3.2-Beta3
OpenHarmony-v3.2-Beta2
OpenHarmony-v3.2-Beta1
OpenHarmony-v3.1.7-Release
OpenHarmony-v3.1.6-Release
OpenHarmony-v3.1.5-Release
OpenHarmony-v3.1.4-Release
OpenHarmony-v3.1.3-Release
OpenHarmony-v3.1.2-Release
OpenHarmony-v3.1.1-Release
OpenHarmony-v3.1-Release
OpenHarmony-v3.1-Beta
OpenHarmony-v3.0.8-LTS
OpenHarmony-v3.0.7-LTS
OpenHarmony-v3.0.6-LTS
OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.0.2-LTS
OpenHarmony-v3.0.1-LTS
OpenHarmony-v3.0-LTS
OpenHarmony-v3.0-Beta1
OpenHarmony-v2.2-Beta2
OpenHarmony-v1.1.5-LTS
OpenHarmony-v1.1.4-LTS
OpenHarmony-v1.1.3-LTS
OpenHarmony-v1.1.2-LTS
OpenHarmony-v1.1.1-LTS
OpenHarmony-2.0-Canary
OpenHarmony-1.0
无相关合并请求
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
139 addition
and
32 deletion
+139
-32
apps/s_server.c
apps/s_server.c
+1
-32
ssl/ssl.h
ssl/ssl.h
+10
-0
ssl/ssl_err.c
ssl/ssl_err.c
+2
-0
ssl/ssl_rsa.c
ssl/ssl_rsa.c
+126
-0
未找到文件。
apps/s_server.c
浏览文件 @
7a71af86
...
...
@@ -316,8 +316,6 @@ static int cert_chain = 0;
#ifndef OPENSSL_NO_TLSEXT
static
BIO
*
authz_in
=
NULL
;
static
const
char
*
s_authz_file
=
NULL
;
static
unsigned
char
*
authz
=
NULL
;
static
size_t
authz_length
;
#endif
#ifndef OPENSSL_NO_PSK
...
...
@@ -1501,33 +1499,6 @@ bad:
next_proto
.
data
=
NULL
;
}
# endif
if
(
s_authz_file
!=
NULL
)
{
/* Allow authzs up to 64KB bytes. */
static
const
size_t
authz_limit
=
65536
;
authz_in
=
BIO_new
(
BIO_s_file_internal
());
if
(
authz_in
==
NULL
)
{
ERR_print_errors
(
bio_err
);
goto
end
;
}
if
(
BIO_read_filename
(
authz_in
,
s_authz_file
)
<=
0
)
{
ERR_print_errors
(
bio_err
);
goto
end
;
}
authz
=
OPENSSL_malloc
(
authz_limit
);
authz_length
=
BIO_read
(
authz_in
,
authz
,
authz_limit
);
if
(
authz_length
==
authz_limit
||
authz_length
<=
0
)
{
BIO_printf
(
bio_err
,
"authz too large
\n
"
);
goto
end
;
}
BIO_free
(
authz_in
);
authz_in
=
NULL
;
}
#endif
/* OPENSSL_NO_TLSEXT */
}
...
...
@@ -1828,7 +1799,7 @@ bad:
if
(
!
set_cert_key_stuff
(
ctx
,
s_cert
,
s_key
,
s_chain
))
goto
end
;
#ifndef OPENSSL_NO_TLSEXT
if
(
authz
!=
NULL
&&
!
SSL_CTX_use_authz
(
ctx
,
authz
,
authz_length
))
if
(
s_authz_file
!=
NULL
&&
!
SSL_CTX_use_authz_file
(
ctx
,
s_authz_file
))
goto
end
;
#endif
#ifndef OPENSSL_NO_TLSEXT
...
...
@@ -2025,8 +1996,6 @@ end:
X509_free
(
s_cert2
);
if
(
s_key2
)
EVP_PKEY_free
(
s_key2
);
if
(
authz
!=
NULL
)
OPENSSL_free
(
authz
);
if
(
authz_in
!=
NULL
)
BIO_free
(
authz_in
);
#endif
...
...
This diff is collapsed.
Click to expand it.
ssl/ssl.h
浏览文件 @
7a71af86
...
...
@@ -1782,8 +1782,16 @@ int SSL_use_certificate(SSL *ssl, X509 *x);
int
SSL_use_certificate_ASN1
(
SSL
*
ssl
,
const
unsigned
char
*
d
,
int
len
);
#ifndef OPENSSL_NO_TLSEXT
/* Set authz data for the current active cert. */
int
SSL_CTX_use_authz
(
SSL_CTX
*
ctx
,
unsigned
char
*
authz
,
size_t
authz_length
);
int
SSL_use_authz
(
SSL
*
ssl
,
unsigned
char
*
authz
,
size_t
authz_length
);
/* Get the authz of type 'type' associated with the current active cert. */
const
unsigned
char
*
SSL_CTX_get_authz_data
(
SSL_CTX
*
ctx
,
unsigned
char
type
,
size_t
*
data_length
);
#ifndef OPENSSL_NO_STDIO
int
SSL_CTX_use_authz_file
(
SSL_CTX
*
ctx
,
const
char
*
file
);
int
SSL_use_authz_file
(
SSL
*
ssl
,
const
char
*
file
);
#endif
#endif
#ifndef OPENSSL_NO_STDIO
...
...
@@ -2137,6 +2145,7 @@ void ERR_load_SSL_strings(void);
/* Error codes for the SSL functions. */
/* Function codes. */
#define SSL_F_AUTHZ_FIND_DATA 330
#define SSL_F_AUTHZ_VALIDATE 323
#define SSL_F_CLIENT_CERTIFICATE 100
#define SSL_F_CLIENT_FINISHED 167
...
...
@@ -2180,6 +2189,7 @@ void ERR_load_SSL_strings(void);
#define SSL_F_GET_SERVER_HELLO 109
#define SSL_F_GET_SERVER_VERIFY 110
#define SSL_F_I2D_SSL_SESSION 111
#define SSL_F_READ_AUTHZ 329
#define SSL_F_READ_N 112
#define SSL_F_REQUEST_CERTIFICATE 113
#define SSL_F_SERVER_FINISH 239
...
...
This diff is collapsed.
Click to expand it.
ssl/ssl_err.c
浏览文件 @
7a71af86
...
...
@@ -70,6 +70,7 @@
static
ERR_STRING_DATA
SSL_str_functs
[]
=
{
{
ERR_FUNC
(
SSL_F_AUTHZ_FIND_DATA
),
"AUTHZ_FIND_DATA"
},
{
ERR_FUNC
(
SSL_F_AUTHZ_VALIDATE
),
"AUTHZ_VALIDATE"
},
{
ERR_FUNC
(
SSL_F_CLIENT_CERTIFICATE
),
"CLIENT_CERTIFICATE"
},
{
ERR_FUNC
(
SSL_F_CLIENT_FINISHED
),
"CLIENT_FINISHED"
},
...
...
@@ -113,6 +114,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
{
ERR_FUNC
(
SSL_F_GET_SERVER_HELLO
),
"GET_SERVER_HELLO"
},
{
ERR_FUNC
(
SSL_F_GET_SERVER_VERIFY
),
"GET_SERVER_VERIFY"
},
{
ERR_FUNC
(
SSL_F_I2D_SSL_SESSION
),
"i2d_SSL_SESSION"
},
{
ERR_FUNC
(
SSL_F_READ_AUTHZ
),
"READ_AUTHZ"
},
{
ERR_FUNC
(
SSL_F_READ_N
),
"READ_N"
},
{
ERR_FUNC
(
SSL_F_REQUEST_CERTIFICATE
),
"REQUEST_CERTIFICATE"
},
{
ERR_FUNC
(
SSL_F_SERVER_FINISH
),
"SERVER_FINISH"
},
...
...
This diff is collapsed.
Click to expand it.
ssl/ssl_rsa.c
浏览文件 @
7a71af86
...
...
@@ -855,6 +855,46 @@ static char authz_validate(const unsigned char *authz, size_t length)
}
}
static
const
unsigned
char
*
authz_find_data
(
const
unsigned
char
*
authz
,
size_t
authz_length
,
unsigned
char
data_type
,
size_t
*
data_length
)
{
if
(
authz
==
NULL
)
return
NULL
;
if
(
!
authz_validate
(
authz
,
authz_length
))
{
SSLerr
(
SSL_F_AUTHZ_FIND_DATA
,
SSL_R_INVALID_AUTHZ_DATA
);
return
NULL
;
}
for
(;;)
{
unsigned
char
type
;
unsigned
short
len
;
if
(
!
authz_length
)
return
NULL
;
type
=
*
(
authz
++
);
authz_length
--
;
/* We've validated the authz data, so we don't have to
* check again that we have enough bytes left. */
len
=
((
unsigned
short
)
authz
[
0
])
<<
8
|
((
unsigned
short
)
authz
[
1
]);
authz
+=
2
;
authz_length
-=
2
;
if
(
type
==
data_type
)
{
*
data_length
=
len
;
return
authz
;
}
authz
+=
len
;
authz_length
-=
len
;
}
/* No match */
return
NULL
;
}
static
int
ssl_set_authz
(
CERT
*
c
,
unsigned
char
*
authz
,
size_t
authz_length
)
{
CERT_PKEY
*
current_key
=
c
->
key
;
...
...
@@ -901,4 +941,90 @@ int SSL_use_authz(SSL *ssl, unsigned char *authz, size_t authz_length)
}
return
ssl_set_authz
(
ssl
->
cert
,
authz
,
authz_length
);
}
const
unsigned
char
*
SSL_CTX_get_authz_data
(
SSL_CTX
*
ctx
,
unsigned
char
type
,
size_t
*
data_length
)
{
CERT_PKEY
*
current_key
;
if
(
ctx
->
cert
==
NULL
)
return
NULL
;
current_key
=
ctx
->
cert
->
key
;
if
(
current_key
->
authz
==
NULL
)
return
NULL
;
return
authz_find_data
(
current_key
->
authz
,
current_key
->
authz_length
,
type
,
data_length
);
}
#ifndef OPENSSL_NO_STDIO
/* read_authz returns a newly allocated buffer with authz data */
static
unsigned
char
*
read_authz
(
const
char
*
file
,
size_t
*
authz_length
)
{
BIO
*
authz_in
=
NULL
;
unsigned
char
*
authz
=
NULL
;
/* Allow authzs up to 64KB. */
static
const
size_t
authz_limit
=
65536
;
size_t
read_length
;
unsigned
char
*
ret
=
NULL
;
authz_in
=
BIO_new
(
BIO_s_file_internal
());
if
(
authz_in
==
NULL
)
{
SSLerr
(
SSL_F_READ_AUTHZ
,
ERR_R_BUF_LIB
);
goto
end
;
}
if
(
BIO_read_filename
(
authz_in
,
file
)
<=
0
)
{
SSLerr
(
SSL_F_READ_AUTHZ
,
ERR_R_SYS_LIB
);
goto
end
;
}
authz
=
OPENSSL_malloc
(
authz_limit
);
read_length
=
BIO_read
(
authz_in
,
authz
,
authz_limit
);
if
(
read_length
==
authz_limit
||
read_length
<=
0
)
{
SSLerr
(
SSL_F_READ_AUTHZ
,
SSL_R_AUTHZ_DATA_TOO_LARGE
);
OPENSSL_free
(
authz
);
goto
end
;
}
*
authz_length
=
read_length
;
ret
=
authz
;
end:
if
(
authz_in
!=
NULL
)
BIO_free
(
authz_in
);
return
ret
;
}
int
SSL_CTX_use_authz_file
(
SSL_CTX
*
ctx
,
const
char
*
file
)
{
unsigned
char
*
authz
=
NULL
;
size_t
authz_length
=
0
;
int
ret
;
authz
=
read_authz
(
file
,
&
authz_length
);
if
(
authz
==
NULL
)
return
0
;
ret
=
SSL_CTX_use_authz
(
ctx
,
authz
,
authz_length
);
/* SSL_CTX_use_authz makes a local copy of the authz. */
OPENSSL_free
(
authz
);
return
ret
;
}
int
SSL_use_authz_file
(
SSL
*
ssl
,
const
char
*
file
)
{
unsigned
char
*
authz
=
NULL
;
size_t
authz_length
=
0
;
int
ret
;
authz
=
read_authz
(
file
,
&
authz_length
);
if
(
authz
==
NULL
)
return
0
;
ret
=
SSL_use_authz
(
ssl
,
authz
,
authz_length
);
/* SSL_use_authz makes a local copy of the authz. */
OPENSSL_free
(
authz
);
return
ret
;
}
#endif
/* OPENSSL_NO_STDIO */
#endif
/* OPENSSL_NO_TLSEXT */
This diff is collapsed.
Click to expand it.
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录
反馈
建议
客服
返回
顶部