Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
a6eb1ce6
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
a6eb1ce6
编写于
3月 10, 2016
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Make X509_SIG opaque.
Reviewed-by:
N
Rich Salz
<
rsalz@openssl.org
>
上级
bb26842d
变更
10
隐藏空白更改
内联
并排
Showing
10 changed file
with
66 addition
and
33 deletion
+66
-33
apps/pkcs12.c
apps/pkcs12.c
+3
-1
crypto/asn1/x_sig.c
crypto/asn1/x_sig.c
+10
-0
crypto/include/internal/x509_int.h
crypto/include/internal/x509_int.h
+5
-0
crypto/pkcs12/p12_mutl.c
crypto/pkcs12/p12_mutl.c
+19
-12
crypto/pkcs12/p12_npas.c
crypto/pkcs12/p12_npas.c
+6
-8
crypto/pkcs12/p12_p8d.c
crypto/pkcs12/p12_p8d.c
+5
-2
crypto/pkcs12/p12_p8e.c
crypto/pkcs12/p12_p8e.c
+4
-3
crypto/rsa/rsa_sign.c
crypto/rsa/rsa_sign.c
+1
-0
doc/crypto/d2i_X509_SIG.pod
doc/crypto/d2i_X509_SIG.pod
+9
-3
include/openssl/x509.h
include/openssl/x509.h
+4
-4
未找到文件。
apps/pkcs12.c
浏览文件 @
a6eb1ce6
...
...
@@ -668,10 +668,12 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
case
NID_pkcs8ShroudedKeyBag
:
if
(
options
&
INFO
)
{
X509_SIG
*
tp8
;
X509_ALGOR
*
tp8alg
;
BIO_printf
(
bio_err
,
"Shrouded Keybag: "
);
tp8
=
PKCS12_SAFEBAG_get0_pkcs8
(
bag
);
alg_print
(
tp8
->
algor
);
X509_SIG_get0
(
&
tp8alg
,
NULL
,
tp8
);
alg_print
(
tp8alg
);
}
if
(
options
&
NOKEYS
)
return
1
;
...
...
crypto/asn1/x_sig.c
浏览文件 @
a6eb1ce6
...
...
@@ -59,6 +59,7 @@
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include "internal/x509_int.h"
ASN1_SEQUENCE
(
X509_SIG
)
=
{
ASN1_SIMPLE
(
X509_SIG
,
algor
,
X509_ALGOR
),
...
...
@@ -66,3 +67,12 @@ ASN1_SEQUENCE(X509_SIG) = {
}
ASN1_SEQUENCE_END
(
X509_SIG
)
IMPLEMENT_ASN1_FUNCTIONS
(
X509_SIG
)
void
X509_SIG_get0
(
X509_ALGOR
**
palg
,
ASN1_OCTET_STRING
**
pdigest
,
X509_SIG
*
sig
)
{
if
(
palg
)
*
palg
=
sig
->
algor
;
if
(
pdigest
)
*
pdigest
=
sig
->
digest
;
}
crypto/include/internal/x509_int.h
浏览文件 @
a6eb1ce6
...
...
@@ -225,3 +225,8 @@ struct pkcs8_priv_key_info_st {
ASN1_OCTET_STRING
*
pkey
;
STACK_OF
(
X509_ATTRIBUTE
)
*
attributes
;
};
struct
X509_sig_st
{
X509_ALGOR
*
algor
;
ASN1_OCTET_STRING
*
digest
;
};
crypto/pkcs12/p12_mutl.c
浏览文件 @
a6eb1ce6
...
...
@@ -74,10 +74,7 @@ void PKCS12_get0_mac(ASN1_OCTET_STRING **pmac, X509_ALGOR **pmacalg,
PKCS12
*
p12
)
{
if
(
p12
->
mac
)
{
if
(
pmac
)
*
pmac
=
p12
->
mac
->
dinfo
->
digest
;
if
(
pmacalg
)
*
pmacalg
=
p12
->
mac
->
dinfo
->
algor
;
X509_SIG_get0
(
pmacalg
,
pmac
,
p12
->
mac
->
dinfo
);
if
(
psalt
)
*
psalt
=
p12
->
mac
->
salt
;
if
(
piter
)
...
...
@@ -126,6 +123,8 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
int
saltlen
,
iter
;
int
md_size
=
0
;
int
md_type_nid
;
X509_ALGOR
*
macalg
;
ASN1_OBJECT
*
macoid
;
if
(
!
PKCS7_type_is_data
(
p12
->
authsafes
))
{
PKCS12err
(
PKCS12_F_PKCS12_GEN_MAC
,
PKCS12_R_CONTENT_TYPE_NOT_DATA
);
...
...
@@ -138,8 +137,9 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
iter
=
1
;
else
iter
=
ASN1_INTEGER_get
(
p12
->
mac
->
iter
);
if
((
md_type
=
EVP_get_digestbyobj
(
p12
->
mac
->
dinfo
->
algor
->
algorithm
))
==
NULL
)
{
X509_SIG_get0
(
&
macalg
,
NULL
,
p12
->
mac
->
dinfo
);
X509_ALGOR_get0
(
&
macoid
,
NULL
,
NULL
,
macalg
);
if
((
md_type
=
EVP_get_digestbyobj
(
macoid
))
==
NULL
)
{
PKCS12err
(
PKCS12_F_PKCS12_GEN_MAC
,
PKCS12_R_UNKNOWN_DIGEST_ALGORITHM
);
return
0
;
}
...
...
@@ -180,6 +180,8 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
{
unsigned
char
mac
[
EVP_MAX_MD_SIZE
];
unsigned
int
maclen
;
ASN1_OCTET_STRING
*
macoct
;
if
(
p12
->
mac
==
NULL
)
{
PKCS12err
(
PKCS12_F_PKCS12_VERIFY_MAC
,
PKCS12_R_MAC_ABSENT
);
return
0
;
...
...
@@ -188,8 +190,9 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
PKCS12err
(
PKCS12_F_PKCS12_VERIFY_MAC
,
PKCS12_R_MAC_GENERATION_ERROR
);
return
0
;
}
if
((
maclen
!=
(
unsigned
int
)
p12
->
mac
->
dinfo
->
digest
->
length
)
||
CRYPTO_memcmp
(
mac
,
p12
->
mac
->
dinfo
->
digest
->
data
,
maclen
))
X509_SIG_get0
(
NULL
,
&
macoct
,
p12
->
mac
->
dinfo
);
if
((
maclen
!=
(
unsigned
int
)
ASN1_STRING_length
(
macoct
))
||
CRYPTO_memcmp
(
mac
,
ASN1_STRING_data
(
macoct
),
maclen
))
return
0
;
return
1
;
}
...
...
@@ -202,6 +205,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
{
unsigned
char
mac
[
EVP_MAX_MD_SIZE
];
unsigned
int
maclen
;
ASN1_OCTET_STRING
*
macoct
;
if
(
!
md_type
)
md_type
=
EVP_sha1
();
...
...
@@ -213,7 +217,8 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
PKCS12err
(
PKCS12_F_PKCS12_SET_MAC
,
PKCS12_R_MAC_GENERATION_ERROR
);
return
0
;
}
if
(
!
(
ASN1_OCTET_STRING_set
(
p12
->
mac
->
dinfo
->
digest
,
mac
,
maclen
)))
{
X509_SIG_get0
(
NULL
,
&
macoct
,
p12
->
mac
->
dinfo
);
if
(
!
ASN1_OCTET_STRING_set
(
macoct
,
mac
,
maclen
))
{
PKCS12err
(
PKCS12_F_PKCS12_SET_MAC
,
PKCS12_R_MAC_STRING_SET_ERROR
);
return
0
;
}
...
...
@@ -224,6 +229,8 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
int
PKCS12_setup_mac
(
PKCS12
*
p12
,
int
iter
,
unsigned
char
*
salt
,
int
saltlen
,
const
EVP_MD
*
md_type
)
{
X509_ALGOR
*
macalg
;
if
((
p12
->
mac
=
PKCS12_MAC_DATA_new
())
==
NULL
)
return
PKCS12_ERROR
;
if
(
iter
>
1
)
{
...
...
@@ -248,12 +255,12 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
return
0
;
}
else
memcpy
(
p12
->
mac
->
salt
->
data
,
salt
,
saltlen
);
p12
->
mac
->
dinfo
->
algor
->
algorithm
=
OBJ_nid2obj
(
EVP_MD_type
(
md_type
));
if
((
p12
->
mac
->
dinfo
->
algor
->
parameter
=
ASN1_TYPE_new
())
==
NULL
)
{
X509_SIG_get0
(
&
macalg
,
NULL
,
p12
->
mac
->
dinfo
);
if
(
!
X509_ALGOR_set0
(
macalg
,
OBJ_nid2obj
(
EVP_MD_type
(
md_type
)),
V_ASN1_NULL
,
NULL
))
{
PKCS12err
(
PKCS12_F_PKCS12_SETUP_MAC
,
ERR_R_MALLOC_FAILURE
);
return
0
;
}
p12
->
mac
->
dinfo
->
algor
->
parameter
->
type
=
V_ASN1_NULL
;
return
1
;
}
crypto/pkcs12/p12_npas.c
浏览文件 @
a6eb1ce6
...
...
@@ -109,7 +109,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
STACK_OF
(
PKCS12_SAFEBAG
)
*
bags
;
int
i
,
bagnid
,
pbe_nid
=
0
,
pbe_iter
=
0
,
pbe_saltlen
=
0
;
PKCS7
*
p7
,
*
p7new
;
ASN1_OCTET_STRING
*
p12_data_tmp
=
NULL
,
*
mac
new
=
NULL
;
ASN1_OCTET_STRING
*
p12_data_tmp
=
NULL
,
*
mac
oct
=
NULL
;
unsigned
char
mac
[
EVP_MAX_MD_SIZE
];
unsigned
int
maclen
;
...
...
@@ -165,12 +165,9 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
if
(
!
PKCS12_gen_mac
(
p12
,
newpass
,
-
1
,
mac
,
&
maclen
))
goto
saferr
;
if
((
macnew
=
ASN1_OCTET_STRING_new
())
==
NULL
)
X509_SIG_get0
(
NULL
,
&
macoct
,
p12
->
mac
->
dinfo
);
if
(
!
ASN1_OCTET_STRING_set
(
macoct
,
mac
,
maclen
))
goto
saferr
;
if
(
!
ASN1_OCTET_STRING_set
(
macnew
,
mac
,
maclen
))
goto
saferr
;
ASN1_OCTET_STRING_free
(
p12
->
mac
->
dinfo
->
digest
);
p12
->
mac
->
dinfo
->
digest
=
macnew
;
ASN1_OCTET_STRING_free
(
p12_data_tmp
);
return
1
;
...
...
@@ -178,7 +175,6 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
saferr:
/* Restore old safe */
ASN1_OCTET_STRING_free
(
p12
->
authsafes
->
d
.
data
);
ASN1_OCTET_STRING_free
(
macnew
);
p12
->
authsafes
->
d
.
data
=
p12_data_tmp
;
return
0
;
...
...
@@ -202,13 +198,15 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
PKCS8_PRIV_KEY_INFO
*
p8
;
X509_SIG
*
p8new
;
int
p8_nid
,
p8_saltlen
,
p8_iter
;
X509_ALGOR
*
shalg
;
if
(
PKCS12_SAFEBAG_get_nid
(
bag
)
!=
NID_pkcs8ShroudedKeyBag
)
return
1
;
if
((
p8
=
PKCS8_decrypt
(
bag
->
value
.
shkeybag
,
oldpass
,
-
1
))
==
NULL
)
return
0
;
if
(
!
alg_get
(
bag
->
value
.
shkeybag
->
algor
,
&
p8_nid
,
&
p8_iter
,
&
p8_saltlen
))
X509_SIG_get0
(
&
shalg
,
NULL
,
bag
->
value
.
shkeybag
);
if
(
!
alg_get
(
shalg
,
&
p8_nid
,
&
p8_iter
,
&
p8_saltlen
))
return
0
;
if
((
p8new
=
PKCS8_encrypt
(
p8_nid
,
NULL
,
newpass
,
-
1
,
NULL
,
p8_saltlen
,
p8_iter
,
p8
))
==
NULL
)
...
...
crypto/pkcs12/p12_p8d.c
浏览文件 @
a6eb1ce6
...
...
@@ -63,7 +63,10 @@
PKCS8_PRIV_KEY_INFO
*
PKCS8_decrypt
(
X509_SIG
*
p8
,
const
char
*
pass
,
int
passlen
)
{
return
PKCS12_item_decrypt_d2i
(
p8
->
algor
,
X509_ALGOR
*
dalg
;
ASN1_OCTET_STRING
*
doct
;
X509_SIG_get0
(
&
dalg
,
&
doct
,
p8
);
return
PKCS12_item_decrypt_d2i
(
dalg
,
ASN1_ITEM_rptr
(
PKCS8_PRIV_KEY_INFO
),
pass
,
passlen
,
p8
->
diges
t
,
1
);
passlen
,
doc
t
,
1
);
}
crypto/pkcs12/p12_p8e.c
浏览文件 @
a6eb1ce6
...
...
@@ -59,6 +59,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/pkcs12.h>
#include "internal/x509_int.h"
X509_SIG
*
PKCS8_encrypt
(
int
pbe_nid
,
const
EVP_CIPHER
*
cipher
,
const
char
*
pass
,
int
passlen
,
...
...
@@ -103,13 +104,13 @@ X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen,
return
NULL
;
}
if
((
p8
=
X509_SIG_new
())
==
NULL
)
{
p8
=
OPENSSL_zalloc
(
sizeof
(
*
p8
));
if
(
p8
==
NULL
)
{
PKCS12err
(
PKCS12_F_PKCS8_SET0_PBE
,
ERR_R_MALLOC_FAILURE
);
ASN1_OCTET_STRING_free
(
enckey
);
return
NULL
;
}
X509_ALGOR_free
(
p8
->
algor
);
ASN1_OCTET_STRING_free
(
p8
->
digest
);
p8
->
algor
=
pbe
;
p8
->
digest
=
enckey
;
...
...
crypto/rsa/rsa_sign.c
浏览文件 @
a6eb1ce6
...
...
@@ -61,6 +61,7 @@
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include "internal/x509_int.h"
#include "rsa_locl.h"
/* Size of an SSL signature: MD5+SHA1 */
...
...
doc/crypto/d2i_X509_SIG.pod
浏览文件 @
a6eb1ce6
...
...
@@ -10,15 +10,21 @@ d2i_X509_SIG, i2d_X509_SIG - DigestInfo functions.
X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length);
int i2d_X509_SIG(X509_SIG *a, unsigned char **pp);
void X509_SIG_get0(X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest,
X509_SIG *sig);
=head1 DESCRIPTION
These functions decode and encode an X509_SIG structure which is
equivalent to the B<DigestInfo> structure defined in PKCS#1 and PKCS#7.
The functions d2i_X509_SIG() and i2d_X509_SIG() decode and encode an
X509_SIG structure which is equivalent to the B<DigestInfo> structure
defined in PKCS#1 and PKCS#7.
Otherwise the
se
behave in a similar way to d2i_X509() and i2d_X509()
Otherwise the
y
behave in a similar way to d2i_X509() and i2d_X509()
described in the L<d2i_X509(3)> manual page.
X509_SIG_get0() returns pointers to the algorithm identifier and digest
value in B<sig>. These values can then be examined or initialised.
=head1 SEE ALSO
L<d2i_X509(3)>
...
...
include/openssl/x509.h
浏览文件 @
a6eb1ce6
...
...
@@ -136,10 +136,7 @@ struct X509_pubkey_st {
CRYPTO_RWLOCK
*
lock
;
};
typedef
struct
X509_sig_st
{
X509_ALGOR
*
algor
;
ASN1_OCTET_STRING
*
digest
;
}
X509_SIG
;
typedef
struct
X509_sig_st
X509_SIG
;
typedef
struct
X509_name_entry_st
X509_NAME_ENTRY
;
...
...
@@ -586,6 +583,9 @@ EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length);
# endif
DECLARE_ASN1_FUNCTIONS
(
X509_SIG
)
void
X509_SIG_get0
(
X509_ALGOR
**
palg
,
ASN1_OCTET_STRING
**
pdigest
,
X509_SIG
*
sig
);
DECLARE_ASN1_FUNCTIONS
(
X509_REQ_INFO
)
DECLARE_ASN1_FUNCTIONS
(
X509_REQ
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录