Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
e29c73c9
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
You need to sign in or sign up before continuing.
提交
e29c73c9
编写于
1月 01, 2016
作者:
V
Viktor Dukhovni
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Fix X509_STORE_CTX_cleanup()
Reviewed-by:
N
Dr. Stephen Henson
<
steve@openssl.org
>
上级
0e7abc90
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
40 addition
and
45 deletion
+40
-45
apps/pkcs12.c
apps/pkcs12.c
+16
-26
crypto/ts/ts_rsp_verify.c
crypto/ts/ts_rsp_verify.c
+2
-1
crypto/x509/x509_vfy.c
crypto/x509/x509_vfy.c
+21
-17
include/openssl/x509_vfy.h
include/openssl/x509_vfy.h
+1
-1
未找到文件。
apps/pkcs12.c
浏览文件 @
e29c73c9
...
...
@@ -74,7 +74,8 @@
# define CLCERTS 0x8
# define CACERTS 0x10
int
get_cert_chain
(
X509
*
cert
,
X509_STORE
*
store
,
STACK_OF
(
X509
)
**
chain
);
static
int
get_cert_chain
(
X509
*
cert
,
X509_STORE
*
store
,
STACK_OF
(
X509
)
**
chain
);
int
dump_certs_keys_p12
(
BIO
*
out
,
PKCS12
*
p12
,
char
*
pass
,
int
passlen
,
int
options
,
char
*
pempass
,
const
EVP_CIPHER
*
enc
);
int
dump_certs_pkeys_bags
(
BIO
*
out
,
STACK_OF
(
PKCS12_SAFEBAG
)
*
bags
,
...
...
@@ -445,7 +446,7 @@ int pkcs12_main(int argc, char **argv)
vret
=
get_cert_chain
(
ucert
,
store
,
&
chain2
);
X509_STORE_free
(
store
);
if
(
!
vret
)
{
if
(
vret
==
X509_V_OK
)
{
/* Exclude verified certificate */
for
(
i
=
1
;
i
<
sk_X509_num
(
chain2
);
i
++
)
sk_X509_push
(
certs
,
sk_X509_value
(
chain2
,
i
));
...
...
@@ -453,7 +454,7 @@ int pkcs12_main(int argc, char **argv)
X509_free
(
sk_X509_value
(
chain2
,
0
));
sk_X509_free
(
chain2
);
}
else
{
if
(
vret
>=
0
)
if
(
vret
!=
X509_V_ERR_UNSPECIFIED
)
BIO_printf
(
bio_err
,
"Error %s getting chain.
\n
"
,
X509_verify_cert_error_string
(
vret
));
else
...
...
@@ -718,36 +719,25 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
/* Given a single certificate return a verified chain or NULL if error */
/* Hope this is OK .... */
int
get_cert_chain
(
X509
*
cert
,
X509_STORE
*
store
,
STACK_OF
(
X509
)
**
chain
)
static
int
get_cert_chain
(
X509
*
cert
,
X509_STORE
*
store
,
STACK_OF
(
X509
)
**
chain
)
{
X509_STORE_CTX
store_ctx
;
STACK_OF
(
X509
)
*
chn
;
STACK_OF
(
X509
)
*
chn
=
NULL
;
int
i
=
0
;
/*
* FIXME: Should really check the return status of X509_STORE_CTX_init
* for an error, but how that fits into the return value of this function
* is less obvious.
*/
X509_STORE_CTX_init
(
&
store_ctx
,
store
,
cert
,
NULL
);
if
(
X509_verify_cert
(
&
store_ctx
)
<=
0
)
{
i
=
X509_STORE_CTX_get_error
(
&
store_ctx
);
if
(
i
==
0
)
/*
* avoid returning 0 if X509_verify_cert() did not set an
* appropriate error value in the context
*/
i
=
-
1
;
chn
=
NULL
;
goto
err
;
}
else
if
(
!
X509_STORE_CTX_init
(
&
store_ctx
,
store
,
cert
,
NULL
))
{
*
chain
=
NULL
;
return
X509_V_ERR_UNSPECIFIED
;
}
if
(
X509_verify_cert
(
&
store_ctx
)
>
0
)
chn
=
X509_STORE_CTX_get1_chain
(
&
store_ctx
);
err:
else
if
((
i
=
X509_STORE_CTX_get_error
(
&
store_ctx
))
==
0
)
i
=
X509_V_ERR_UNSPECIFIED
;
X509_STORE_CTX_cleanup
(
&
store_ctx
);
*
chain
=
chn
;
return
i
;
}
...
...
crypto/ts/ts_rsp_verify.c
浏览文件 @
e29c73c9
...
...
@@ -217,7 +217,8 @@ static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
int
ret
=
1
;
*
chain
=
NULL
;
X509_STORE_CTX_init
(
&
cert_ctx
,
store
,
signer
,
untrusted
);
if
(
!
X509_STORE_CTX_init
(
&
cert_ctx
,
store
,
signer
,
untrusted
))
return
0
;
X509_STORE_CTX_set_purpose
(
&
cert_ctx
,
X509_PURPOSE_TIMESTAMP_SIGN
);
i
=
X509_verify_cert
(
&
cert_ctx
);
if
(
i
<=
0
)
{
...
...
crypto/x509/x509_vfy.c
浏览文件 @
e29c73c9
...
...
@@ -2072,9 +2072,12 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
ctx
->
current_reasons
=
0
;
ctx
->
tree
=
NULL
;
ctx
->
parent
=
NULL
;
/* Zero ex_data to make sure we're cleanup-safe */
memset
(
&
ctx
->
ex_data
,
0
,
sizeof
(
ctx
->
ex_data
));
if
(
store
)
{
ctx
->
verify_cb
=
store
->
verify_cb
;
/* Seems to always be 0 in OpenSSL, else must be idempotent */
ctx
->
cleanup
=
store
->
cleanup
;
}
else
ctx
->
cleanup
=
0
;
...
...
@@ -2106,8 +2109,6 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
if
(
store
&&
store
->
get_crl
)
ctx
->
get_crl
=
store
->
get_crl
;
else
ctx
->
get_crl
=
NULL
;
if
(
store
&&
store
->
check_crl
)
ctx
->
check_crl
=
store
->
check_crl
;
...
...
@@ -2131,10 +2132,6 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
ctx
->
check_policy
=
check_policy
;
/*
* For ctx->cleanup running well in X509_STORE_CTX_cleanup ,
* initial all ctx before exceptional handling.
*/
ctx
->
param
=
X509_VERIFY_PARAM_new
();
if
(
ctx
->
param
==
NULL
)
{
X509err
(
X509_F_X509_STORE_CTX_INIT
,
ERR_R_MALLOC_FAILURE
);
...
...
@@ -2158,18 +2155,16 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
goto
err
;
}
/*
* Since X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we
* put a corresponding "new" here.
*/
if
(
!
CRYPTO_new_ex_data
(
CRYPTO_EX_INDEX_X509_STORE_CTX
,
ctx
,
&
(
ctx
->
ex_data
)))
{
X509err
(
X509_F_X509_STORE_CTX_INIT
,
ERR_R_MALLOC_FAILURE
);
goto
err
;
}
return
1
;
if
(
CRYPTO_new_ex_data
(
CRYPTO_EX_INDEX_X509_STORE_CTX
,
ctx
,
&
ctx
->
ex_data
))
return
1
;
X509err
(
X509_F_X509_STORE_CTX_INIT
,
ERR_R_MALLOC_FAILURE
);
err:
/*
* On error clean up allocated storage, if the store context was not
* allocated with X509_STORE_CTX_new() this is our last chance to do so.
*/
X509_STORE_CTX_cleanup
(
ctx
);
return
0
;
}
...
...
@@ -2187,8 +2182,17 @@ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
void
X509_STORE_CTX_cleanup
(
X509_STORE_CTX
*
ctx
)
{
if
(
ctx
->
cleanup
)
/*
* We need to be idempotent because, unfortunately, free() also calls
* cleanup(), so the natural call sequence new(), init(), cleanup(), free()
* calls cleanup() for the same object twice! Thus we must zero the
* pointers below after they're freed!
*/
/* Seems to always be 0 in OpenSSL, do this at most once. */
if
(
ctx
->
cleanup
!=
NULL
)
{
ctx
->
cleanup
(
ctx
);
ctx
->
cleanup
=
NULL
;
}
if
(
ctx
->
param
!=
NULL
)
{
if
(
ctx
->
parent
==
NULL
)
X509_VERIFY_PARAM_free
(
ctx
->
param
);
...
...
include/openssl/x509_vfy.h
浏览文件 @
e29c73c9
...
...
@@ -282,7 +282,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
# define X509_V_OK 0
/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
# define X509_V_ERR_UNSPECIFIED 1
# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
# define X509_V_ERR_UNABLE_TO_GET_CRL 3
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录