Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
e6526fbf
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
e6526fbf
编写于
21年前
作者:
R
Richard Levitte
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add functionality to help making self-signed certificate.
上级
8152d887
变更
7
隐藏空白更改
内联
并排
Showing
7 changed file
with
116 addition
and
45 deletion
+116
-45
CHANGES
CHANGES
+5
-0
crypto/evp/evp.h
crypto/evp/evp.h
+2
-0
crypto/evp/p_lib.c
crypto/evp/p_lib.c
+46
-0
crypto/x509/x509.h
crypto/x509/x509.h
+3
-0
crypto/x509/x509_cmp.c
crypto/x509/x509_cmp.c
+18
-44
crypto/x509/x509_err.c
crypto/x509/x509_err.c
+2
-1
crypto/x509/x509_req.c
crypto/x509/x509_req.c
+40
-0
未找到文件。
CHANGES
浏览文件 @
e6526fbf
...
...
@@ -4,6 +4,11 @@
Changes between 0.9.7a and 0.9.8 [xx XXX xxxx]
*) Add functionality to check the public key of a certificate request
against a given private. This is useful to check that a certificate
request can be signed by that key (self-signing).
[Richard Levitte]
*) Make it possible to have multiple active certificates with the same
subject in the CA index file. This is done only if the keyword
'unique_subject' is set to 'no' in the main CA section (default
...
...
This diff is collapsed.
Click to expand it.
crypto/evp/evp.h
浏览文件 @
e6526fbf
...
...
@@ -754,6 +754,8 @@ int EVP_PKEY_missing_parameters(EVP_PKEY *pkey);
int
EVP_PKEY_save_parameters
(
EVP_PKEY
*
pkey
,
int
mode
);
int
EVP_PKEY_cmp_parameters
(
EVP_PKEY
*
a
,
EVP_PKEY
*
b
);
int
EVP_PKEY_cmp
(
EVP_PKEY
*
a
,
EVP_PKEY
*
b
);
int
EVP_CIPHER_type
(
const
EVP_CIPHER
*
ctx
);
/* calls methods */
...
...
This diff is collapsed.
Click to expand it.
crypto/evp/p_lib.c
浏览文件 @
e6526fbf
...
...
@@ -237,6 +237,52 @@ int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b)
return
(
-
1
);
}
int
EVP_PKEY_cmp
(
EVP_PKEY
*
a
,
EVP_PKEY
*
b
)
{
if
(
a
->
type
!=
b
->
type
)
return
-
1
;
switch
(
a
->
type
)
{
#ifndef OPENSSL_NO_RSA
case
EVP_PKEY_RSA
:
if
(
BN_cmp
(
b
->
pkey
.
rsa
->
n
,
a
->
pkey
.
rsa
->
n
)
!=
0
||
BN_cmp
(
b
->
pkey
.
rsa
->
e
,
a
->
pkey
.
rsa
->
e
)
!=
0
)
return
0
;
break
;
#endif
#ifndef OPENSSL_NO_DSA
case
EVP_PKEY_DSA
:
if
(
BN_cmp
(
b
->
pkey
.
dsa
->
pub_key
,
a
->
pkey
.
dsa
->
pub_key
)
!=
0
)
return
0
;
break
;
#endif
#ifndef OPENSSL_NO_EC
case
EVP_PKEY_EC
:
{
int
r
=
EC_POINT_cmp
(
b
->
pkey
.
eckey
->
group
,
b
->
pkey
.
eckey
->
pub_key
,
a
->
pkey
.
eckey
->
pub_key
,
NULL
);
if
(
r
!=
0
)
{
if
(
r
==
1
)
return
0
;
else
return
-
2
;
}
}
break
;
#endif
#ifndef OPENSSL_NO_DH
case
EVP_PKEY_DH
:
return
-
2
;
#endif
default:
return
-
2
;
}
return
1
;
}
EVP_PKEY
*
EVP_PKEY_new
(
void
)
{
EVP_PKEY
*
ret
;
...
...
This diff is collapsed.
Click to expand it.
crypto/x509/x509.h
浏览文件 @
e6526fbf
...
...
@@ -1038,6 +1038,8 @@ int X509_CRL_sort(X509_CRL *crl);
int
X509_REVOKED_set_serialNumber
(
X509_REVOKED
*
x
,
ASN1_INTEGER
*
serial
);
int
X509_REVOKED_set_revocationDate
(
X509_REVOKED
*
r
,
ASN1_TIME
*
tm
);
int
X509_REQ_check_private_key
(
X509_REQ
*
x509
,
EVP_PKEY
*
pkey
);
int
X509_check_private_key
(
X509
*
x509
,
EVP_PKEY
*
pkey
);
int
X509_issuer_and_serial_cmp
(
const
X509
*
a
,
const
X509
*
b
);
...
...
@@ -1271,6 +1273,7 @@ void ERR_load_X509_strings(void);
#define X509_F_X509_PRINT_FP 118
#define X509_F_X509_PUBKEY_GET 119
#define X509_F_X509_PUBKEY_SET 120
#define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144
#define X509_F_X509_REQ_PRINT 121
#define X509_F_X509_REQ_PRINT_FP 122
#define X509_F_X509_REQ_TO_X509 123
...
...
This diff is collapsed.
Click to expand it.
crypto/x509/x509_cmp.c
浏览文件 @
e6526fbf
...
...
@@ -374,62 +374,36 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
int
ok
=
0
;
xk
=
X509_get_pubkey
(
x
);
if
(
xk
->
type
!=
k
->
type
)
{
X509err
(
X509_F_X509_CHECK_PRIVATE_KEY
,
X509_R_KEY_TYPE_MISMATCH
);
goto
err
;
}
switch
(
k
->
type
)
switch
(
EVP_PKEY_cmp
(
xk
,
k
))
{
#ifndef OPENSSL_NO_RSA
case
EVP_PKEY_RSA
:
if
(
BN_cmp
(
xk
->
pkey
.
rsa
->
n
,
k
->
pkey
.
rsa
->
n
)
!=
0
||
BN_cmp
(
xk
->
pkey
.
rsa
->
e
,
k
->
pkey
.
rsa
->
e
)
!=
0
)
{
X509err
(
X509_F_X509_CHECK_PRIVATE_KEY
,
X509_R_KEY_VALUES_MISMATCH
);
goto
err
;
}
case
1
:
ok
=
1
;
break
;
#endif
#ifndef OPENSSL_NO_DSA
case
EVP_PKEY_DSA
:
if
(
BN_cmp
(
xk
->
pkey
.
dsa
->
pub_key
,
k
->
pkey
.
dsa
->
pub_key
)
!=
0
)
{
X509err
(
X509_F_X509_CHECK_PRIVATE_KEY
,
X509_R_KEY_VALUES_MISMATCH
);
goto
err
;
}
case
0
:
X509err
(
X509_F_X509_CHECK_PRIVATE_KEY
,
X509_R_KEY_VALUES_MISMATCH
);
break
;
#endif
case
-
1
:
X509err
(
X509_F_X509_CHECK_PRIVATE_KEY
,
X509_R_KEY_TYPE_MISMATCH
);
break
;
case
-
2
:
#ifndef OPENSSL_NO_EC
case
EVP_PKEY_EC
:
{
int
r
=
EC_POINT_cmp
(
xk
->
pkey
.
eckey
->
group
,
xk
->
pkey
.
eckey
->
pub_key
,
k
->
pkey
.
eckey
->
pub_key
,
NULL
);
if
(
r
!=
0
)
if
(
k
->
type
==
EVP_PKEY_EC
)
{
if
(
r
==
1
)
X509err
(
X509_F_X509_CHECK_PRIVATE_KEY
,
X509_R_KEY_VALUES_MISMATCH
);
else
X509err
(
X509_F_X509_CHECK_PRIVATE_KEY
,
ERR_R_EC_LIB
);
goto
err
;
X509err
(
X509_F_X509_CHECK_PRIVATE_KEY
,
ERR_R_EC_LIB
);
break
;
}
}
break
;
#endif
#ifndef OPENSSL_NO_DH
case
EVP_PKEY_DH
:
/* No idea */
X509err
(
X509_F_X509_CHECK_PRIVATE_KEY
,
X509_R_CANT_CHECK_DH_KEY
);
goto
err
;
if
(
k
->
type
==
EVP_PKEY_DH
)
{
/* No idea */
X509err
(
X509_F_X509_CHECK_PRIVATE_KEY
,
X509_R_CANT_CHECK_DH_KEY
);
break
;
}
#endif
default:
X509err
(
X509_F_X509_CHECK_PRIVATE_KEY
,
X509_R_UNKNOWN_KEY_TYPE
);
goto
err
;
}
ok
=
1
;
err:
EVP_PKEY_free
(
xk
);
return
(
ok
);
}
This diff is collapsed.
Click to expand it.
crypto/x509/x509_err.c
浏览文件 @
e6526fbf
/* crypto/x509/x509_err.c */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999
-2003
The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
...
...
@@ -95,6 +95,7 @@ static ERR_STRING_DATA X509_str_functs[]=
{
ERR_PACK
(
0
,
X509_F_X509_PRINT_FP
,
0
),
"X509_print_fp"
},
{
ERR_PACK
(
0
,
X509_F_X509_PUBKEY_GET
,
0
),
"X509_PUBKEY_get"
},
{
ERR_PACK
(
0
,
X509_F_X509_PUBKEY_SET
,
0
),
"X509_PUBKEY_set"
},
{
ERR_PACK
(
0
,
X509_F_X509_REQ_CHECK_PRIVATE_KEY
,
0
),
"X509_REQ_check_private_key"
},
{
ERR_PACK
(
0
,
X509_F_X509_REQ_PRINT
,
0
),
"X509_REQ_print"
},
{
ERR_PACK
(
0
,
X509_F_X509_REQ_PRINT_FP
,
0
),
"X509_REQ_print_fp"
},
{
ERR_PACK
(
0
,
X509_F_X509_REQ_TO_X509
,
0
),
"X509_REQ_to_X509"
},
...
...
This diff is collapsed.
Click to expand it.
crypto/x509/x509_req.c
浏览文件 @
e6526fbf
...
...
@@ -113,6 +113,46 @@ EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
return
(
X509_PUBKEY_get
(
req
->
req_info
->
pubkey
));
}
int
X509_REQ_check_private_key
(
X509_REQ
*
x
,
EVP_PKEY
*
k
)
{
EVP_PKEY
*
xk
=
NULL
;
int
ok
=
0
;
xk
=
X509_REQ_get_pubkey
(
x
);
switch
(
EVP_PKEY_cmp
(
xk
,
k
))
{
case
1
:
ok
=
1
;
break
;
case
0
:
X509err
(
X509_F_X509_REQ_CHECK_PRIVATE_KEY
,
X509_R_KEY_VALUES_MISMATCH
);
break
;
case
-
1
:
X509err
(
X509_F_X509_REQ_CHECK_PRIVATE_KEY
,
X509_R_KEY_TYPE_MISMATCH
);
break
;
case
-
2
:
#ifndef OPENSSL_NO_EC
if
(
k
->
type
==
EVP_PKEY_EC
)
{
X509err
(
X509_F_X509_REQ_CHECK_PRIVATE_KEY
,
ERR_R_EC_LIB
);
break
;
}
#endif
#ifndef OPENSSL_NO_DH
if
(
k
->
type
==
EVP_PKEY_DH
)
{
/* No idea */
X509err
(
X509_F_X509_REQ_CHECK_PRIVATE_KEY
,
X509_R_CANT_CHECK_DH_KEY
);
break
;
}
#endif
X509err
(
X509_F_X509_REQ_CHECK_PRIVATE_KEY
,
X509_R_UNKNOWN_KEY_TYPE
);
}
EVP_PKEY_free
(
xk
);
return
(
ok
);
}
/* It seems several organisations had the same idea of including a list of
* extensions in a certificate request. There are at least two OIDs that are
* used and there may be more: so the list is configurable.
...
...
This diff is collapsed.
Click to expand it.
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录
新手
引导
客服
返回
顶部