Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
d3e18d7a
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
未验证
提交
d3e18d7a
编写于
3月 30, 2023
作者:
O
openharmony_ci
提交者:
Gitee
3月 30, 2023
浏览文件
操作
浏览文件
下载
差异文件
!98 release1.0.1分支修复CVE漏洞CVE-2021-3711 and CVE-2021-3712
Merge pull request !98 from wanghao-free/OpenHarmony_1.0.1_release
上级
99b6a53a
a67e533d
变更
13
隐藏空白更改
内联
并排
Showing
13 changed file
with
138 addition
and
69 deletion
+138
-69
crypto/asn1/t_spki.c
crypto/asn1/t_spki.c
+1
-1
crypto/ec/ec_asn1.c
crypto/ec/ec_asn1.c
+4
-1
crypto/sm2/sm2_crypt.c
crypto/sm2/sm2_crypt.c
+7
-16
crypto/sm2/sm2_pmeth.c
crypto/sm2/sm2_pmeth.c
+1
-1
crypto/x509v3/v3_alt.c
crypto/x509v3/v3_alt.c
+7
-3
crypto/x509v3/v3_cpols.c
crypto/x509v3/v3_cpols.c
+6
-3
crypto/x509v3/v3_ncons.c
crypto/x509v3/v3_ncons.c
+52
-25
crypto/x509v3/v3_pci.c
crypto/x509v3/v3_pci.c
+2
-1
crypto/x509v3/v3_utl.c
crypto/x509v3/v3_utl.c
+45
-11
include/crypto/sm2.h
include/crypto/sm2.h
+1
-2
include/crypto/x509.h
include/crypto/x509.h
+5
-0
test/sm2_internal_test.c
test/sm2_internal_test.c
+1
-1
test/x509_time_test.c
test/x509_time_test.c
+6
-4
未找到文件。
crypto/asn1/t_spki.c
浏览文件 @
d3e18d7a
...
@@ -38,7 +38,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
...
@@ -38,7 +38,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
}
}
chal
=
spki
->
spkac
->
challenge
;
chal
=
spki
->
spkac
->
challenge
;
if
(
chal
->
length
)
if
(
chal
->
length
)
BIO_printf
(
out
,
" Challenge String: %
s
\n
"
,
chal
->
data
);
BIO_printf
(
out
,
" Challenge String: %
.*s
\n
"
,
chal
->
length
,
chal
->
data
);
i
=
OBJ_obj2nid
(
spki
->
sig_algor
.
algorithm
);
i
=
OBJ_obj2nid
(
spki
->
sig_algor
.
algorithm
);
BIO_printf
(
out
,
" Signature Algorithm: %s"
,
BIO_printf
(
out
,
" Signature Algorithm: %s"
,
(
i
==
NID_undef
)
?
"UNKNOWN"
:
OBJ_nid2ln
(
i
));
(
i
==
NID_undef
)
?
"UNKNOWN"
:
OBJ_nid2ln
(
i
));
...
...
crypto/ec/ec_asn1.c
浏览文件 @
d3e18d7a
...
@@ -747,7 +747,10 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
...
@@ -747,7 +747,10 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
ret
->
seed_len
=
params
->
curve
->
seed
->
length
;
ret
->
seed_len
=
params
->
curve
->
seed
->
length
;
}
}
if
(
!
params
->
order
||
!
params
->
base
||
!
params
->
base
->
data
)
{
if
(
params
->
order
==
NULL
||
params
->
base
==
NULL
||
params
->
base
->
data
==
NULL
||
params
->
base
->
length
==
0
)
{
ECerr
(
EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS
,
EC_R_ASN1_ERROR
);
ECerr
(
EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS
,
EC_R_ASN1_ERROR
);
goto
err
;
goto
err
;
}
}
...
...
crypto/sm2/sm2_crypt.c
浏览文件 @
d3e18d7a
...
@@ -61,29 +61,20 @@ static size_t ec_field_size(const EC_GROUP *group)
...
@@ -61,29 +61,20 @@ static size_t ec_field_size(const EC_GROUP *group)
return
field_size
;
return
field_size
;
}
}
int
sm2_plaintext_size
(
const
EC_KEY
*
key
,
const
EVP_MD
*
digest
,
size_t
msg_len
,
int
sm2_plaintext_size
(
const
unsigned
char
*
ct
,
size_t
ct_size
,
size_t
*
pt_size
)
size_t
*
pt_size
)
{
{
const
size_t
field_size
=
ec_field_size
(
EC_KEY_get0_group
(
key
));
struct
SM2_Ciphertext_st
*
sm2_ctext
=
NULL
;
const
int
md_size
=
EVP_MD_size
(
digest
);
size_t
overhead
;
if
(
md_size
<
0
)
{
sm2_ctext
=
d2i_SM2_Ciphertext
(
NULL
,
&
ct
,
ct_size
);
SM2err
(
SM2_F_SM2_PLAINTEXT_SIZE
,
SM2_R_INVALID_DIGEST
);
return
0
;
}
if
(
field_size
==
0
)
{
SM2err
(
SM2_F_SM2_PLAINTEXT_SIZE
,
SM2_R_INVALID_FIELD
);
return
0
;
}
overhead
=
10
+
2
*
field_size
+
(
size_t
)
md_size
;
if
(
sm2_ctext
==
NULL
)
{
if
(
msg_len
<=
overhead
)
{
SM2err
(
SM2_F_SM2_PLAINTEXT_SIZE
,
SM2_R_INVALID_ENCODING
);
SM2err
(
SM2_F_SM2_PLAINTEXT_SIZE
,
SM2_R_INVALID_ENCODING
);
return
0
;
return
0
;
}
}
*
pt_size
=
msg_len
-
overhead
;
*
pt_size
=
sm2_ctext
->
C2
->
length
;
SM2_Ciphertext_free
(
sm2_ctext
);
return
1
;
return
1
;
}
}
...
...
crypto/sm2/sm2_pmeth.c
浏览文件 @
d3e18d7a
...
@@ -151,7 +151,7 @@ static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx,
...
@@ -151,7 +151,7 @@ static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx,
const
EVP_MD
*
md
=
(
dctx
->
md
==
NULL
)
?
EVP_sm3
()
:
dctx
->
md
;
const
EVP_MD
*
md
=
(
dctx
->
md
==
NULL
)
?
EVP_sm3
()
:
dctx
->
md
;
if
(
out
==
NULL
)
{
if
(
out
==
NULL
)
{
if
(
!
sm2_plaintext_size
(
ec
,
md
,
inlen
,
outlen
))
if
(
!
sm2_plaintext_size
(
in
,
inlen
,
outlen
))
return
-
1
;
return
-
1
;
else
else
return
1
;
return
1
;
...
...
crypto/x509v3/v3_alt.c
浏览文件 @
d3e18d7a
...
@@ -9,6 +9,7 @@
...
@@ -9,6 +9,7 @@
#include <stdio.h>
#include <stdio.h>
#include "internal/cryptlib.h"
#include "internal/cryptlib.h"
#include "crypto/x509.h"
#include <openssl/conf.h>
#include <openssl/conf.h>
#include <openssl/x509v3.h>
#include <openssl/x509v3.h>
#include "ext_dat.h"
#include "ext_dat.h"
...
@@ -99,17 +100,20 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
...
@@ -99,17 +100,20 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
break
;
break
;
case
GEN_EMAIL
:
case
GEN_EMAIL
:
if
(
!
X509V3_add_value_uchar
(
"email"
,
gen
->
d
.
ia5
->
data
,
&
ret
))
if
(
!
x509v3_add_len_value_uchar
(
"email"
,
gen
->
d
.
ia5
->
data
,
gen
->
d
.
ia5
->
length
,
&
ret
))
return
NULL
;
return
NULL
;
break
;
break
;
case
GEN_DNS
:
case
GEN_DNS
:
if
(
!
X509V3_add_value_uchar
(
"DNS"
,
gen
->
d
.
ia5
->
data
,
&
ret
))
if
(
!
x509v3_add_len_value_uchar
(
"DNS"
,
gen
->
d
.
ia5
->
data
,
gen
->
d
.
ia5
->
length
,
&
ret
))
return
NULL
;
return
NULL
;
break
;
break
;
case
GEN_URI
:
case
GEN_URI
:
if
(
!
X509V3_add_value_uchar
(
"URI"
,
gen
->
d
.
ia5
->
data
,
&
ret
))
if
(
!
x509v3_add_len_value_uchar
(
"URI"
,
gen
->
d
.
ia5
->
data
,
gen
->
d
.
ia5
->
length
,
&
ret
))
return
NULL
;
return
NULL
;
break
;
break
;
...
...
crypto/x509v3/v3_cpols.c
浏览文件 @
d3e18d7a
...
@@ -422,7 +422,8 @@ static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
...
@@ -422,7 +422,8 @@ static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
qualinfo
=
sk_POLICYQUALINFO_value
(
quals
,
i
);
qualinfo
=
sk_POLICYQUALINFO_value
(
quals
,
i
);
switch
(
OBJ_obj2nid
(
qualinfo
->
pqualid
))
{
switch
(
OBJ_obj2nid
(
qualinfo
->
pqualid
))
{
case
NID_id_qt_cps
:
case
NID_id_qt_cps
:
BIO_printf
(
out
,
"%*sCPS: %s
\n
"
,
indent
,
""
,
BIO_printf
(
out
,
"%*sCPS: %.*s
\n
"
,
indent
,
""
,
qualinfo
->
d
.
cpsuri
->
length
,
qualinfo
->
d
.
cpsuri
->
data
);
qualinfo
->
d
.
cpsuri
->
data
);
break
;
break
;
...
@@ -447,7 +448,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent)
...
@@ -447,7 +448,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent)
if
(
notice
->
noticeref
)
{
if
(
notice
->
noticeref
)
{
NOTICEREF
*
ref
;
NOTICEREF
*
ref
;
ref
=
notice
->
noticeref
;
ref
=
notice
->
noticeref
;
BIO_printf
(
out
,
"%*sOrganization: %s
\n
"
,
indent
,
""
,
BIO_printf
(
out
,
"%*sOrganization: %.*s
\n
"
,
indent
,
""
,
ref
->
organization
->
length
,
ref
->
organization
->
data
);
ref
->
organization
->
data
);
BIO_printf
(
out
,
"%*sNumber%s: "
,
indent
,
""
,
BIO_printf
(
out
,
"%*sNumber%s: "
,
indent
,
""
,
sk_ASN1_INTEGER_num
(
ref
->
noticenos
)
>
1
?
"s"
:
""
);
sk_ASN1_INTEGER_num
(
ref
->
noticenos
)
>
1
?
"s"
:
""
);
...
@@ -470,7 +472,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent)
...
@@ -470,7 +472,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent)
BIO_puts
(
out
,
"
\n
"
);
BIO_puts
(
out
,
"
\n
"
);
}
}
if
(
notice
->
exptext
)
if
(
notice
->
exptext
)
BIO_printf
(
out
,
"%*sExplicit Text: %s
\n
"
,
indent
,
""
,
BIO_printf
(
out
,
"%*sExplicit Text: %.*s
\n
"
,
indent
,
""
,
notice
->
exptext
->
length
,
notice
->
exptext
->
data
);
notice
->
exptext
->
data
);
}
}
...
...
crypto/x509v3/v3_ncons.c
浏览文件 @
d3e18d7a
...
@@ -63,8 +63,31 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
...
@@ -63,8 +63,31 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
IMPLEMENT_ASN1_ALLOC_FUNCTIONS
(
GENERAL_SUBTREE
)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS
(
GENERAL_SUBTREE
)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS
(
NAME_CONSTRAINTS
)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS
(
NAME_CONSTRAINTS
)
#define IA5_OFFSET_LEN(ia5base, offset) \
((ia5base)->length - ((unsigned char *)(offset) - (ia5base)->data))
/* Like memchr but for ASN1_IA5STRING. Additionally you can specify the
* starting point to search from
*/
# define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start))
/* Like memrrchr but for ASN1_IA5STRING */
static
char
*
ia5memrchr
(
ASN1_IA5STRING
*
str
,
int
c
)
{
int
i
;
for
(
i
=
str
->
length
;
i
>
0
&&
str
->
data
[
i
-
1
]
!=
c
;
i
--
);
if
(
i
==
0
)
return
NULL
;
return
(
char
*
)
&
str
->
data
[
i
-
1
];
}
/*
/*
* We cannot use strncasecmp here because that applies locale specific rules.
* We cannot use strncasecmp here because that applies locale specific rules. It
* also doesn't work with ASN1_STRINGs that may have embedded NUL characters.
* For example in Turkish 'I' is not the uppercase character for 'i'. We need to
* For example in Turkish 'I' is not the uppercase character for 'i'. We need to
* do a simple ASCII case comparison ignoring the locale (that is why we use
* do a simple ASCII case comparison ignoring the locale (that is why we use
* numeric constants below).
* numeric constants below).
...
@@ -89,20 +112,12 @@ static int ia5ncasecmp(const char *s1, const char *s2, size_t n)
...
@@ -89,20 +112,12 @@ static int ia5ncasecmp(const char *s1, const char *s2, size_t n)
/* c1 > c2 */
/* c1 > c2 */
return
1
;
return
1
;
}
else
if
(
*
s1
==
0
)
{
/* If we get here we know that *s2 == 0 too */
return
0
;
}
}
}
}
return
0
;
return
0
;
}
}
static
int
ia5casecmp
(
const
char
*
s1
,
const
char
*
s2
)
{
return
ia5ncasecmp
(
s1
,
s2
,
SIZE_MAX
);
}
static
void
*
v2i_NAME_CONSTRAINTS
(
const
X509V3_EXT_METHOD
*
method
,
static
void
*
v2i_NAME_CONSTRAINTS
(
const
X509V3_EXT_METHOD
*
method
,
X509V3_CTX
*
ctx
,
STACK_OF
(
CONF_VALUE
)
*
nval
)
X509V3_CTX
*
ctx
,
STACK_OF
(
CONF_VALUE
)
*
nval
)
{
{
...
@@ -337,7 +352,7 @@ static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen)
...
@@ -337,7 +352,7 @@ static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen)
--
utf8_length
;
--
utf8_length
;
/* Reject *embedded* NULs */
/* Reject *embedded* NULs */
if
(
(
size_t
)
utf8_length
!=
strlen
((
char
*
)
utf8_value
)
)
{
if
(
memchr
(
utf8_value
,
0
,
utf8_length
)
!=
NULL
)
{
OPENSSL_free
(
utf8_value
);
OPENSSL_free
(
utf8_value
);
return
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
;
return
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
;
}
}
...
@@ -536,9 +551,14 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
...
@@ -536,9 +551,14 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
{
{
char
*
baseptr
=
(
char
*
)
base
->
data
;
char
*
baseptr
=
(
char
*
)
base
->
data
;
char
*
dnsptr
=
(
char
*
)
dns
->
data
;
char
*
dnsptr
=
(
char
*
)
dns
->
data
;
/* Empty matches everything */
/* Empty matches everything */
if
(
!*
baseptr
)
if
(
base
->
length
==
0
)
return
X509_V_OK
;
return
X509_V_OK
;
if
(
dns
->
length
<
base
->
length
)
return
X509_V_ERR_PERMITTED_VIOLATION
;
/*
/*
* Otherwise can add zero or more components on the left so compare RHS
* Otherwise can add zero or more components on the left so compare RHS
* and if dns is longer and expect '.' as preceding character.
* and if dns is longer and expect '.' as preceding character.
...
@@ -549,7 +569,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
...
@@ -549,7 +569,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
return
X509_V_ERR_PERMITTED_VIOLATION
;
return
X509_V_ERR_PERMITTED_VIOLATION
;
}
}
if
(
ia5
casecmp
(
baseptr
,
dnsptr
))
if
(
ia5
ncasecmp
(
baseptr
,
dnsptr
,
base
->
length
))
return
X509_V_ERR_PERMITTED_VIOLATION
;
return
X509_V_ERR_PERMITTED_VIOLATION
;
return
X509_V_OK
;
return
X509_V_OK
;
...
@@ -560,16 +580,17 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
...
@@ -560,16 +580,17 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
{
{
const
char
*
baseptr
=
(
char
*
)
base
->
data
;
const
char
*
baseptr
=
(
char
*
)
base
->
data
;
const
char
*
emlptr
=
(
char
*
)
eml
->
data
;
const
char
*
emlptr
=
(
char
*
)
eml
->
data
;
const
char
*
baseat
=
ia5memrchr
(
base
,
'@'
);
const
char
*
emlat
=
ia5memrchr
(
eml
,
'@'
);
size_t
basehostlen
,
emlhostlen
;
const
char
*
baseat
=
strchr
(
baseptr
,
'@'
);
const
char
*
emlat
=
strchr
(
emlptr
,
'@'
);
if
(
!
emlat
)
if
(
!
emlat
)
return
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
;
return
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
;
/* Special case: initial '.' is RHS match */
/* Special case: initial '.' is RHS match */
if
(
!
baseat
&&
(
*
baseptr
==
'.'
))
{
if
(
!
baseat
&&
base
->
length
>
0
&&
(
*
baseptr
==
'.'
))
{
if
(
eml
->
length
>
base
->
length
)
{
if
(
eml
->
length
>
base
->
length
)
{
emlptr
+=
eml
->
length
-
base
->
length
;
emlptr
+=
eml
->
length
-
base
->
length
;
if
(
ia5
casecmp
(
baseptr
,
emlptr
)
==
0
)
if
(
ia5
ncasecmp
(
baseptr
,
emlptr
,
base
->
length
)
==
0
)
return
X509_V_OK
;
return
X509_V_OK
;
}
}
return
X509_V_ERR_PERMITTED_VIOLATION
;
return
X509_V_ERR_PERMITTED_VIOLATION
;
...
@@ -589,8 +610,10 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
...
@@ -589,8 +610,10 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
baseptr
=
baseat
+
1
;
baseptr
=
baseat
+
1
;
}
}
emlptr
=
emlat
+
1
;
emlptr
=
emlat
+
1
;
basehostlen
=
IA5_OFFSET_LEN
(
base
,
baseptr
);
emlhostlen
=
IA5_OFFSET_LEN
(
eml
,
emlptr
);
/* Just have hostname left to match: case insensitive */
/* Just have hostname left to match: case insensitive */
if
(
ia5casecmp
(
baseptr
,
emlptr
))
if
(
basehostlen
!=
emlhostlen
||
ia5ncasecmp
(
baseptr
,
emlptr
,
emlhostlen
))
return
X509_V_ERR_PERMITTED_VIOLATION
;
return
X509_V_ERR_PERMITTED_VIOLATION
;
return
X509_V_OK
;
return
X509_V_OK
;
...
@@ -601,10 +624,14 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
...
@@ -601,10 +624,14 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
{
{
const
char
*
baseptr
=
(
char
*
)
base
->
data
;
const
char
*
baseptr
=
(
char
*
)
base
->
data
;
const
char
*
hostptr
=
(
char
*
)
uri
->
data
;
const
char
*
hostptr
=
(
char
*
)
uri
->
data
;
const
char
*
p
=
strchr
(
hostptr
,
':'
);
const
char
*
p
=
ia5memchr
(
uri
,
(
char
*
)
uri
->
data
,
':'
);
int
hostlen
;
int
hostlen
;
/* Check for foo:// and skip past it */
/* Check for foo:// and skip past it */
if
(
!
p
||
(
p
[
1
]
!=
'/'
)
||
(
p
[
2
]
!=
'/'
))
if
(
p
==
NULL
||
IA5_OFFSET_LEN
(
uri
,
p
)
<
3
||
p
[
1
]
!=
'/'
||
p
[
2
]
!=
'/'
)
return
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
;
return
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
;
hostptr
=
p
+
3
;
hostptr
=
p
+
3
;
...
@@ -612,13 +639,13 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
...
@@ -612,13 +639,13 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
/* Look for a port indicator as end of hostname first */
/* Look for a port indicator as end of hostname first */
p
=
strchr
(
hostptr
,
':'
);
p
=
ia5memchr
(
uri
,
hostptr
,
':'
);
/* Otherwise look for trailing slash */
/* Otherwise look for trailing slash */
if
(
!
p
)
if
(
p
==
NULL
)
p
=
strchr
(
hostptr
,
'/'
);
p
=
ia5memchr
(
uri
,
hostptr
,
'/'
);
if
(
!
p
)
if
(
p
==
NULL
)
hostlen
=
strlen
(
hostptr
);
hostlen
=
IA5_OFFSET_LEN
(
uri
,
hostptr
);
else
else
hostlen
=
p
-
hostptr
;
hostlen
=
p
-
hostptr
;
...
@@ -626,7 +653,7 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
...
@@ -626,7 +653,7 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
return
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
;
return
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
;
/* Special case: initial '.' is RHS match */
/* Special case: initial '.' is RHS match */
if
(
*
baseptr
==
'.'
)
{
if
(
base
->
length
>
0
&&
*
baseptr
==
'.'
)
{
if
(
hostlen
>
base
->
length
)
{
if
(
hostlen
>
base
->
length
)
{
p
=
hostptr
+
hostlen
-
base
->
length
;
p
=
hostptr
+
hostlen
-
base
->
length
;
if
(
ia5ncasecmp
(
p
,
baseptr
,
base
->
length
)
==
0
)
if
(
ia5ncasecmp
(
p
,
baseptr
,
base
->
length
)
==
0
)
...
...
crypto/x509v3/v3_pci.c
浏览文件 @
d3e18d7a
...
@@ -77,7 +77,8 @@ static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
...
@@ -77,7 +77,8 @@ static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
i2a_ASN1_OBJECT
(
out
,
pci
->
proxyPolicy
->
policyLanguage
);
i2a_ASN1_OBJECT
(
out
,
pci
->
proxyPolicy
->
policyLanguage
);
BIO_puts
(
out
,
"
\n
"
);
BIO_puts
(
out
,
"
\n
"
);
if
(
pci
->
proxyPolicy
->
policy
&&
pci
->
proxyPolicy
->
policy
->
data
)
if
(
pci
->
proxyPolicy
->
policy
&&
pci
->
proxyPolicy
->
policy
->
data
)
BIO_printf
(
out
,
"%*sPolicy Text: %s
\n
"
,
indent
,
""
,
BIO_printf
(
out
,
"%*sPolicy Text: %.*s
\n
"
,
indent
,
""
,
pci
->
proxyPolicy
->
policy
->
length
,
pci
->
proxyPolicy
->
policy
->
data
);
pci
->
proxyPolicy
->
policy
->
data
);
return
1
;
return
1
;
}
}
...
...
crypto/x509v3/v3_utl.c
浏览文件 @
d3e18d7a
...
@@ -12,6 +12,7 @@
...
@@ -12,6 +12,7 @@
#include "e_os.h"
#include "e_os.h"
#include "internal/cryptlib.h"
#include "internal/cryptlib.h"
#include <stdio.h>
#include <stdio.h>
#include <string.h>
#include "crypto/ctype.h"
#include "crypto/ctype.h"
#include <openssl/conf.h>
#include <openssl/conf.h>
#include <openssl/crypto.h>
#include <openssl/crypto.h>
...
@@ -34,17 +35,26 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen);
...
@@ -34,17 +35,26 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen);
/* Add a CONF_VALUE name value pair to stack */
/* Add a CONF_VALUE name value pair to stack */
int
X509V3_add
_value
(
const
char
*
name
,
const
char
*
value
,
static
int
x509v3_add_len
_value
(
const
char
*
name
,
const
char
*
value
,
STACK_OF
(
CONF_VALUE
)
**
extlist
)
size_t
vallen
,
STACK_OF
(
CONF_VALUE
)
**
extlist
)
{
{
CONF_VALUE
*
vtmp
=
NULL
;
CONF_VALUE
*
vtmp
=
NULL
;
char
*
tname
=
NULL
,
*
tvalue
=
NULL
;
char
*
tname
=
NULL
,
*
tvalue
=
NULL
;
int
sk_allocated
=
(
*
extlist
==
NULL
);
int
sk_allocated
=
(
*
extlist
==
NULL
);
if
(
name
&&
(
tname
=
OPENSSL_strdup
(
name
))
==
NULL
)
if
(
name
!=
NULL
&&
(
tname
=
OPENSSL_strdup
(
name
))
==
NULL
)
goto
err
;
if
(
value
&&
(
tvalue
=
OPENSSL_strdup
(
value
))
==
NULL
)
goto
err
;
goto
err
;
if
(
value
!=
NULL
&&
vallen
>
0
)
{
/*
* We tolerate a single trailing NUL character, but otherwise no
* embedded NULs
*/
if
(
memchr
(
value
,
0
,
vallen
-
1
)
!=
NULL
)
goto
err
;
tvalue
=
OPENSSL_strndup
(
value
,
vallen
);
if
(
tvalue
==
NULL
)
goto
err
;
}
if
((
vtmp
=
OPENSSL_malloc
(
sizeof
(
*
vtmp
)))
==
NULL
)
if
((
vtmp
=
OPENSSL_malloc
(
sizeof
(
*
vtmp
)))
==
NULL
)
goto
err
;
goto
err
;
if
(
sk_allocated
&&
(
*
extlist
=
sk_CONF_VALUE_new_null
())
==
NULL
)
if
(
sk_allocated
&&
(
*
extlist
=
sk_CONF_VALUE_new_null
())
==
NULL
)
...
@@ -67,10 +77,26 @@ int X509V3_add_value(const char *name, const char *value,
...
@@ -67,10 +77,26 @@ int X509V3_add_value(const char *name, const char *value,
return
0
;
return
0
;
}
}
int
X509V3_add_value
(
const
char
*
name
,
const
char
*
value
,
STACK_OF
(
CONF_VALUE
)
**
extlist
)
{
return
x509v3_add_len_value
(
name
,
value
,
value
!=
NULL
?
strlen
((
const
char
*
)
value
)
:
0
,
extlist
);
}
int
X509V3_add_value_uchar
(
const
char
*
name
,
const
unsigned
char
*
value
,
int
X509V3_add_value_uchar
(
const
char
*
name
,
const
unsigned
char
*
value
,
STACK_OF
(
CONF_VALUE
)
**
extlist
)
STACK_OF
(
CONF_VALUE
)
**
extlist
)
{
{
return
X509V3_add_value
(
name
,
(
const
char
*
)
value
,
extlist
);
return
x509v3_add_len_value
(
name
,
(
const
char
*
)
value
,
value
!=
NULL
?
strlen
((
const
char
*
)
value
)
:
0
,
extlist
);
}
int
x509v3_add_len_value_uchar
(
const
char
*
name
,
const
unsigned
char
*
value
,
size_t
vallen
,
STACK_OF
(
CONF_VALUE
)
**
extlist
)
{
return
x509v3_add_len_value
(
name
,
(
const
char
*
)
value
,
vallen
,
extlist
);
}
}
/* Free function for STACK_OF(CONF_VALUE) */
/* Free function for STACK_OF(CONF_VALUE) */
...
@@ -502,18 +528,26 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email
...
@@ -502,18 +528,26 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email
/* First some sanity checks */
/* First some sanity checks */
if
(
email
->
type
!=
V_ASN1_IA5STRING
)
if
(
email
->
type
!=
V_ASN1_IA5STRING
)
return
1
;
return
1
;
if
(
!
email
->
data
||
!
email
->
length
)
if
(
email
->
data
==
NULL
||
email
->
length
==
0
)
return
1
;
if
(
memchr
(
email
->
data
,
0
,
email
->
length
)
!=
NULL
)
return
1
;
return
1
;
if
(
*
sk
==
NULL
)
if
(
*
sk
==
NULL
)
*
sk
=
sk_OPENSSL_STRING_new
(
sk_strcmp
);
*
sk
=
sk_OPENSSL_STRING_new
(
sk_strcmp
);
if
(
*
sk
==
NULL
)
if
(
*
sk
==
NULL
)
return
0
;
return
0
;
emtmp
=
OPENSSL_strndup
((
char
*
)
email
->
data
,
email
->
length
);
if
(
emtmp
==
NULL
)
return
0
;
/* Don't add duplicates */
/* Don't add duplicates */
if
(
sk_OPENSSL_STRING_find
(
*
sk
,
(
char
*
)
email
->
data
)
!=
-
1
)
if
(
sk_OPENSSL_STRING_find
(
*
sk
,
emtmp
)
!=
-
1
)
{
OPENSSL_free
(
emtmp
);
return
1
;
return
1
;
emtmp
=
OPENSSL_strdup
((
char
*
)
email
->
data
);
}
if
(
emtmp
==
NULL
||
!
sk_OPENSSL_STRING_push
(
*
sk
,
emtmp
))
{
if
(
!
sk_OPENSSL_STRING_push
(
*
sk
,
emtmp
))
{
OPENSSL_free
(
emtmp
);
/* free on push failure */
OPENSSL_free
(
emtmp
);
/* free on push failure */
X509_email_free
(
*
sk
);
X509_email_free
(
*
sk
);
*
sk
=
NULL
;
*
sk
=
NULL
;
return
0
;
return
0
;
...
...
include/crypto/sm2.h
浏览文件 @
d3e18d7a
...
@@ -60,8 +60,7 @@ int sm2_verify(const unsigned char *dgst, int dgstlen,
...
@@ -60,8 +60,7 @@ int sm2_verify(const unsigned char *dgst, int dgstlen,
int
sm2_ciphertext_size
(
const
EC_KEY
*
key
,
const
EVP_MD
*
digest
,
size_t
msg_len
,
int
sm2_ciphertext_size
(
const
EC_KEY
*
key
,
const
EVP_MD
*
digest
,
size_t
msg_len
,
size_t
*
ct_size
);
size_t
*
ct_size
);
int
sm2_plaintext_size
(
const
EC_KEY
*
key
,
const
EVP_MD
*
digest
,
size_t
msg_len
,
int
sm2_plaintext_size
(
const
unsigned
char
*
ct
,
size_t
ct_size
,
size_t
*
pt_size
);
size_t
*
pt_size
);
int
sm2_encrypt
(
const
EC_KEY
*
key
,
int
sm2_encrypt
(
const
EC_KEY
*
key
,
const
EVP_MD
*
digest
,
const
EVP_MD
*
digest
,
...
...
include/crypto/x509.h
浏览文件 @
d3e18d7a
...
@@ -8,6 +8,8 @@
...
@@ -8,6 +8,8 @@
*/
*/
#include "internal/refcount.h"
#include "internal/refcount.h"
#include <openssl/x509.h>
#include <openssl/conf.h>
/* Internal X509 structures and functions: not for application use */
/* Internal X509 structures and functions: not for application use */
...
@@ -284,3 +286,6 @@ int a2i_ipadd(unsigned char *ipout, const char *ipasc);
...
@@ -284,3 +286,6 @@ int a2i_ipadd(unsigned char *ipout, const char *ipasc);
int
x509_set1_time
(
ASN1_TIME
**
ptm
,
const
ASN1_TIME
*
tm
);
int
x509_set1_time
(
ASN1_TIME
**
ptm
,
const
ASN1_TIME
*
tm
);
void
x509_init_sig_info
(
X509
*
x
);
void
x509_init_sig_info
(
X509
*
x
);
int
x509v3_add_len_value_uchar
(
const
char
*
name
,
const
unsigned
char
*
value
,
size_t
vallen
,
STACK_OF
(
CONF_VALUE
)
**
extlist
);
test/sm2_internal_test.c
浏览文件 @
d3e18d7a
...
@@ -185,7 +185,7 @@ static int test_sm2_crypt(const EC_GROUP *group,
...
@@ -185,7 +185,7 @@ static int test_sm2_crypt(const EC_GROUP *group,
if
(
!
TEST_mem_eq
(
ctext
,
ctext_len
,
expected
,
ctext_len
))
if
(
!
TEST_mem_eq
(
ctext
,
ctext_len
,
expected
,
ctext_len
))
goto
done
;
goto
done
;
if
(
!
TEST_true
(
sm2_plaintext_size
(
key
,
diges
t
,
ctext_len
,
&
ptext_len
))
if
(
!
TEST_true
(
sm2_plaintext_size
(
ctex
t
,
ctext_len
,
&
ptext_len
))
||
!
TEST_int_eq
(
ptext_len
,
msg_len
))
||
!
TEST_int_eq
(
ptext_len
,
msg_len
))
goto
done
;
goto
done
;
...
...
test/x509_time_test.c
浏览文件 @
d3e18d7a
...
@@ -330,10 +330,12 @@ static int test_x509_time(int idx)
...
@@ -330,10 +330,12 @@ static int test_x509_time(int idx)
/* if t is not NULL but expected_string is NULL, it is an 'OK' case too */
/* if t is not NULL but expected_string is NULL, it is an 'OK' case too */
if
(
t
!=
NULL
&&
x509_format_tests
[
idx
].
expected_string
)
{
if
(
t
!=
NULL
&&
x509_format_tests
[
idx
].
expected_string
)
{
if
(
!
TEST_str_eq
((
const
char
*
)
t
->
data
,
if
(
!
TEST_mem_eq
((
const
char
*
)
t
->
data
,
t
->
length
,
x509_format_tests
[
idx
].
expected_string
))
{
x509_format_tests
[
idx
].
expected_string
,
TEST_info
(
"test_x509_time(%d) failed: expected_string %s, got %s
\n
"
,
strlen
(
x509_format_tests
[
idx
].
expected_string
)))
{
idx
,
x509_format_tests
[
idx
].
expected_string
,
t
->
data
);
TEST_info
(
"test_x509_time(%d) failed: expected_string %s, got %.*s
\n
"
,
idx
,
x509_format_tests
[
idx
].
expected_string
,
t
->
length
,
t
->
data
);
goto
out
;
goto
out
;
}
}
}
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录