Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
cdb182b5
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
cdb182b5
编写于
3月 12, 2010
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
new sigopt and PSS support for req and x509 utilities
上级
00947cea
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
96 addition
and
11 deletion
+96
-11
apps/apps.h
apps/apps.h
+4
-0
apps/req.c
apps/req.c
+67
-4
apps/x509.c
apps/x509.c
+25
-7
未找到文件。
apps/apps.h
浏览文件 @
cdb182b5
...
...
@@ -317,6 +317,10 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
int
pkey_ctrl_string
(
EVP_PKEY_CTX
*
ctx
,
char
*
value
);
int
init_gen_str
(
BIO
*
err
,
EVP_PKEY_CTX
**
pctx
,
const
char
*
algname
,
ENGINE
*
e
,
int
do_param
);
int
do_X509_sign
(
BIO
*
err
,
X509
*
x
,
EVP_PKEY
*
pkey
,
const
EVP_MD
*
md
,
STACK_OF
(
OPENSSL_STRING
)
*
sigopts
);
int
do_X509_REQ_sign
(
BIO
*
err
,
X509_REQ
*
x
,
EVP_PKEY
*
pkey
,
const
EVP_MD
*
md
,
STACK_OF
(
OPENSSL_STRING
)
*
sigopts
);
#ifndef OPENSSL_NO_PSK
extern
char
*
psk_key
;
#endif
...
...
apps/req.c
浏览文件 @
cdb182b5
...
...
@@ -165,7 +165,7 @@ int MAIN(int argc, char **argv)
EVP_PKEY_CTX
*
genctx
=
NULL
;
const
char
*
keyalg
=
NULL
;
char
*
keyalgstr
=
NULL
;
STACK_OF
(
OPENSSL_STRING
)
*
pkeyopts
=
NULL
;
STACK_OF
(
OPENSSL_STRING
)
*
pkeyopts
=
NULL
,
*
sigopts
=
NULL
;
EVP_PKEY
*
pkey
=
NULL
;
int
i
=
0
,
badops
=
0
,
newreq
=
0
,
verbose
=
0
,
pkey_type
=-
1
;
long
newkey
=
-
1
;
...
...
@@ -310,6 +310,15 @@ int MAIN(int argc, char **argv)
if
(
!
pkeyopts
||
!
sk_OPENSSL_STRING_push
(
pkeyopts
,
*
(
++
argv
)))
goto
bad
;
}
else
if
(
strcmp
(
*
argv
,
"-sigopt"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
if
(
!
sigopts
)
sigopts
=
sk_OPENSSL_STRING_new_null
();
if
(
!
sigopts
||
!
sk_OPENSSL_STRING_push
(
sigopts
,
*
(
++
argv
)))
goto
bad
;
}
else
if
(
strcmp
(
*
argv
,
"-batch"
)
==
0
)
batch
=
1
;
else
if
(
strcmp
(
*
argv
,
"-newhdr"
)
==
0
)
...
...
@@ -858,8 +867,9 @@ loop:
extensions
);
goto
end
;
}
if
(
!
(
i
=
X509_sign
(
x509ss
,
pkey
,
digest
)))
i
=
do_X509_sign
(
bio_err
,
x509ss
,
pkey
,
digest
,
sigopts
);
if
(
!
i
)
{
ERR_print_errors
(
bio_err
);
goto
end
;
...
...
@@ -883,7 +893,8 @@ loop:
req_exts
);
goto
end
;
}
if
(
!
(
i
=
X509_REQ_sign
(
req
,
pkey
,
digest
)))
i
=
do_X509_REQ_sign
(
bio_err
,
req
,
pkey
,
digest
,
sigopts
);
if
(
!
i
)
{
ERR_print_errors
(
bio_err
);
goto
end
;
...
...
@@ -1084,6 +1095,8 @@ end:
EVP_PKEY_CTX_free
(
genctx
);
if
(
pkeyopts
)
sk_OPENSSL_STRING_free
(
pkeyopts
);
if
(
sigopts
)
sk_OPENSSL_STRING_free
(
sigopts
);
#ifndef OPENSSL_NO_ENGINE
if
(
gen_eng
)
ENGINE_free
(
gen_eng
);
...
...
@@ -1756,3 +1769,53 @@ static int genpkey_cb(EVP_PKEY_CTX *ctx)
#endif
return
1
;
}
static
int
do_sign_init
(
BIO
*
err
,
EVP_MD_CTX
*
ctx
,
EVP_PKEY
*
pkey
,
const
EVP_MD
*
md
,
STACK_OF
(
OPENSSL_STRING
)
*
sigopts
)
{
EVP_PKEY_CTX
*
pkctx
=
NULL
;
int
i
;
EVP_MD_CTX_init
(
ctx
);
if
(
!
EVP_DigestSignInit
(
ctx
,
&
pkctx
,
md
,
NULL
,
pkey
))
return
0
;
for
(
i
=
0
;
i
<
sk_OPENSSL_STRING_num
(
sigopts
);
i
++
)
{
char
*
sigopt
=
sk_OPENSSL_STRING_value
(
sigopts
,
i
);
if
(
pkey_ctrl_string
(
pkctx
,
sigopt
)
<=
0
)
{
BIO_printf
(
err
,
"parameter error
\"
%s
\"\n
"
,
sigopt
);
ERR_print_errors
(
bio_err
);
return
0
;
}
}
return
1
;
}
int
do_X509_sign
(
BIO
*
err
,
X509
*
x
,
EVP_PKEY
*
pkey
,
const
EVP_MD
*
md
,
STACK_OF
(
OPENSSL_STRING
)
*
sigopts
)
{
int
rv
;
EVP_MD_CTX
mctx
;
EVP_MD_CTX_init
(
&
mctx
);
rv
=
do_sign_init
(
err
,
&
mctx
,
pkey
,
md
,
sigopts
);
if
(
rv
>
0
)
rv
=
X509_sign_ctx
(
x
,
&
mctx
);
EVP_MD_CTX_cleanup
(
&
mctx
);
return
rv
>
0
?
1
:
0
;
}
int
do_X509_REQ_sign
(
BIO
*
err
,
X509_REQ
*
x
,
EVP_PKEY
*
pkey
,
const
EVP_MD
*
md
,
STACK_OF
(
OPENSSL_STRING
)
*
sigopts
)
{
int
rv
;
EVP_MD_CTX
mctx
;
EVP_MD_CTX_init
(
&
mctx
);
rv
=
do_sign_init
(
err
,
&
mctx
,
pkey
,
md
,
sigopts
);
if
(
rv
>
0
)
rv
=
X509_REQ_sign_ctx
(
x
,
&
mctx
);
EVP_MD_CTX_cleanup
(
&
mctx
);
return
rv
>
0
?
1
:
0
;
}
apps/x509.c
浏览文件 @
cdb182b5
...
...
@@ -157,9 +157,10 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
static
int
sign
(
X509
*
x
,
EVP_PKEY
*
pkey
,
int
days
,
int
clrext
,
const
EVP_MD
*
digest
,
CONF
*
conf
,
char
*
section
);
static
int
x509_certify
(
X509_STORE
*
ctx
,
char
*
CAfile
,
const
EVP_MD
*
digest
,
X509
*
x
,
X509
*
xca
,
EVP_PKEY
*
pkey
,
char
*
serial
,
int
create
,
int
days
,
int
clrext
,
CONF
*
conf
,
char
*
section
,
ASN1_INTEGER
*
sno
);
X509
*
x
,
X509
*
xca
,
EVP_PKEY
*
pkey
,
STACK_OF
(
OPENSSL_STRING
)
*
sigopts
,
char
*
serial
,
int
create
,
int
days
,
int
clrext
,
CONF
*
conf
,
char
*
section
,
ASN1_INTEGER
*
sno
);
static
int
purpose_print
(
BIO
*
bio
,
X509
*
cert
,
X509_PURPOSE
*
pt
);
static
int
reqfile
=
0
;
...
...
@@ -172,6 +173,7 @@ int MAIN(int argc, char **argv)
X509_REQ
*
req
=
NULL
;
X509
*
x
=
NULL
,
*
xca
=
NULL
;
ASN1_OBJECT
*
objtmp
;
STACK_OF
(
OPENSSL_STRING
)
*
sigopts
=
NULL
;
EVP_PKEY
*
Upkey
=
NULL
,
*
CApkey
=
NULL
;
ASN1_INTEGER
*
sno
=
NULL
;
int
i
,
num
,
badops
=
0
;
...
...
@@ -271,6 +273,15 @@ int MAIN(int argc, char **argv)
if
(
--
argc
<
1
)
goto
bad
;
CAkeyformat
=
str2fmt
(
*
(
++
argv
));
}
else
if
(
strcmp
(
*
argv
,
"-sigopt"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
if
(
!
sigopts
)
sigopts
=
sk_OPENSSL_STRING_new_null
();
if
(
!
sigopts
||
!
sk_OPENSSL_STRING_push
(
sigopts
,
*
(
++
argv
)))
goto
bad
;
}
else
if
(
strcmp
(
*
argv
,
"-days"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
...
...
@@ -972,7 +983,8 @@ bad:
assert
(
need_rand
);
if
(
!
x509_certify
(
ctx
,
CAfile
,
digest
,
x
,
xca
,
CApkey
,
CAserial
,
CA_createserial
,
days
,
clrext
,
CApkey
,
sigopts
,
CAserial
,
CA_createserial
,
days
,
clrext
,
extconf
,
extsect
,
sno
))
goto
end
;
}
...
...
@@ -1083,6 +1095,8 @@ end:
X509_free
(
xca
);
EVP_PKEY_free
(
Upkey
);
EVP_PKEY_free
(
CApkey
);
if
(
sigopts
)
sk_OPENSSL_STRING_free
(
sigopts
);
X509_REQ_free
(
rq
);
ASN1_INTEGER_free
(
sno
);
sk_ASN1_OBJECT_pop_free
(
trust
,
ASN1_OBJECT_free
);
...
...
@@ -1133,8 +1147,11 @@ static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create
}
static
int
x509_certify
(
X509_STORE
*
ctx
,
char
*
CAfile
,
const
EVP_MD
*
digest
,
X509
*
x
,
X509
*
xca
,
EVP_PKEY
*
pkey
,
char
*
serialfile
,
int
create
,
int
days
,
int
clrext
,
CONF
*
conf
,
char
*
section
,
ASN1_INTEGER
*
sno
)
X509
*
x
,
X509
*
xca
,
EVP_PKEY
*
pkey
,
STACK_OF
(
OPENSSL_STRING
)
*
sigopts
,
char
*
serialfile
,
int
create
,
int
days
,
int
clrext
,
CONF
*
conf
,
char
*
section
,
ASN1_INTEGER
*
sno
)
{
int
ret
=
0
;
ASN1_INTEGER
*
bs
=
NULL
;
...
...
@@ -1193,7 +1210,8 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
if
(
!
X509V3_EXT_add_nconf
(
conf
,
&
ctx2
,
section
,
x
))
goto
end
;
}
if
(
!
X509_sign
(
x
,
pkey
,
digest
))
goto
end
;
if
(
!
do_X509_sign
(
bio_err
,
x
,
pkey
,
digest
,
sigopts
))
goto
end
;
ret
=
1
;
end:
X509_STORE_CTX_cleanup
(
&
xsc
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录