Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
924acc54
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
924acc54
编写于
25年前
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Fix the PKCS#7 stuff: signature verify could fail if attributes reordered, the
detached data encoding was wrong and free up public keys.
上级
d00b7aad
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
28 addition
and
11 deletion
+28
-11
CHANGES
CHANGES
+6
-0
crypto/pkcs7/example.c
crypto/pkcs7/example.c
+1
-1
crypto/pkcs7/pk7_doit.c
crypto/pkcs7/pk7_doit.c
+20
-9
crypto/pkcs7/verify.c
crypto/pkcs7/verify.c
+1
-1
未找到文件。
CHANGES
浏览文件 @
924acc54
...
...
@@ -5,6 +5,12 @@
Changes between 0.9.1c and 0.9.2
*) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder
signed attributes when verifying signatures (this would break them),
the detached data encoding was wrong and public keys obtained using
X509_get_pubkey() weren't freed.
[Steve Henson]
*) Add text documentation for the BUFFER functions. Also added a work around
to a Win95 console bug. This was triggered by the password read stuff: the
last character typed gets carried over to the next fread(). If you were
...
...
This diff is collapsed.
Click to expand it.
crypto/pkcs7/example.c
浏览文件 @
924acc54
...
...
@@ -135,7 +135,7 @@ char **str2;
OBJ_create
(
"1.9.9999"
,
"OID_example"
,
"Our example OID"
);
/* To retrieve */
so
=
PKCS7_get_signed_attribute
(
si
,
signed_seq2string_nid
);
if
(
so
->
type
==
V_ASN1_SEQUENCE
)
if
(
so
&&
(
so
->
type
==
V_ASN1_SEQUENCE
)
)
{
ASN1_CTX
c
;
ASN1_STRING
*
s
;
...
...
This diff is collapsed.
Click to expand it.
crypto/pkcs7/pk7_doit.c
浏览文件 @
924acc54
...
...
@@ -185,6 +185,7 @@ BIO *bio;
}
pkey
=
X509_get_pubkey
(
ri
->
cert
);
jj
=
EVP_PKEY_size
(
pkey
);
EVP_PKEY_free
(
pkey
);
if
(
max
<
jj
)
max
=
jj
;
}
if
((
tmp
=
(
unsigned
char
*
)
Malloc
(
max
))
==
NULL
)
...
...
@@ -197,6 +198,7 @@ BIO *bio;
ri
=
(
PKCS7_RECIP_INFO
*
)
sk_value
(
rsk
,
i
);
pkey
=
X509_get_pubkey
(
ri
->
cert
);
jj
=
EVP_PKEY_encrypt
(
tmp
,
key
,
keylen
,
pkey
);
EVP_PKEY_free
(
pkey
);
if
(
jj
<=
0
)
{
PKCS7err
(
PKCS7_F_PKCS7_DATAINIT
,
ERR_R_EVP_LIB
);
...
...
@@ -503,6 +505,11 @@ BIO *bio;
case
NID_pkcs7_signed
:
si_sk
=
p7
->
d
.
sign
->
signer_info
;
os
=
p7
->
d
.
sign
->
contents
->
d
.
data
;
/* If detached data then the content is excluded */
if
(
p7
->
detached
)
{
ASN1_OCTET_STRING_free
(
os
);
p7
->
d
.
sign
->
contents
->
d
.
data
=
NULL
;
}
break
;
}
...
...
@@ -608,9 +615,7 @@ BIO *bio;
}
}
if
(
p7
->
detached
)
ASN1_OCTET_STRING_set
(
os
,(
unsigned
char
*
)
""
,
0
);
else
if
(
!
p7
->
detached
)
{
btmp
=
BIO_find_type
(
bio
,
BIO_TYPE_MEM
);
if
(
btmp
==
NULL
)
...
...
@@ -648,6 +653,7 @@ PKCS7_SIGNER_INFO *si;
STACK
*
sk
,
*
cert
;
BIO
*
btmp
;
X509
*
x509
;
EVP_PKEY
*
pkey
;
if
(
PKCS7_type_is_signed
(
p7
))
{
...
...
@@ -742,22 +748,27 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
}
EVP_VerifyInit
(
&
mdc_tmp
,
EVP_get_digestbynid
(
md_type
));
/* Note: when forming the encoding of the attributes we
* shouldn't reorder them or this will break the signature.
* This is done by using the IS_SEQUENCE flag.
*/
i
=
i2d_ASN1_SET
(
sk
,
NULL
,
i2d_X509_ATTRIBUTE
,
V_ASN1_SET
,
V_ASN1_UNIVERSAL
,
IS_SE
T
);
V_ASN1_SET
,
V_ASN1_UNIVERSAL
,
IS_SE
QUENCE
);
pp
=
(
unsigned
char
*
)
Malloc
(
i
);
p
=
pp
;
i2d_ASN1_SET
(
sk
,
&
p
,
i2d_X509_ATTRIBUTE
,
V_ASN1_SET
,
V_ASN1_UNIVERSAL
,
IS_SE
T
);
V_ASN1_SET
,
V_ASN1_UNIVERSAL
,
IS_SE
QUENCE
);
EVP_VerifyUpdate
(
&
mdc_tmp
,
pp
,
i
);
Free
(
pp
);
}
os
=
si
->
enc_digest
;
if
(
X509_get_pubkey
(
x509
)
->
type
==
EVP_PKEY_DSA
)
mdc_tmp
.
digest
=
EVP_dss1
();
pkey
=
X509_get_pubkey
(
x509
);
if
(
pkey
->
type
==
EVP_PKEY_DSA
)
mdc_tmp
.
digest
=
EVP_dss1
();
i
=
EVP_VerifyFinal
(
&
mdc_tmp
,
os
->
data
,
os
->
length
,
X509_get_pubkey
(
x509
)
);
i
=
EVP_VerifyFinal
(
&
mdc_tmp
,
os
->
data
,
os
->
length
,
pkey
);
EVP_PKEY_free
(
pkey
);
if
(
i
<=
0
)
{
PKCS7err
(
PKCS7_F_PKCS7_DATAVERIFY
,
PKCS7_R_SIGNATURE_FAILURE
);
...
...
This diff is collapsed.
Click to expand it.
crypto/pkcs7/verify.c
浏览文件 @
924acc54
...
...
@@ -190,7 +190,7 @@ again:
BIO_printf
(
bio_out
,
"String 1 is %s
\n
"
,
str1
);
BIO_printf
(
bio_out
,
"String 2 is %s
\n
"
,
str2
);
}
}
X509_STORE_free
(
cert_store
);
...
...
This diff is collapsed.
Click to expand it.
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录
新手
引导
客服
返回
顶部