Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
ec5add87
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
9 个月 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
ec5add87
编写于
12月 31, 2000
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Fix the S/MIME code so it now works again and
uses the new ASN1 code.
上级
856d456a
变更
4
显示空白变更内容
内联
并排
Showing
4 changed file
with
55 addition
and
37 deletion
+55
-37
CHANGES
CHANGES
+13
-0
crypto/pkcs7/pk7_asn1.c
crypto/pkcs7/pk7_asn1.c
+23
-2
crypto/pkcs7/pk7_doit.c
crypto/pkcs7/pk7_doit.c
+16
-35
crypto/pkcs7/pkcs7.h
crypto/pkcs7/pkcs7.h
+3
-0
未找到文件。
CHANGES
浏览文件 @
ec5add87
...
@@ -3,6 +3,19 @@
...
@@ -3,6 +3,19 @@
Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
*) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new
ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN
uses the special reorder version of SET OF to sort the attributes
and reorder them to match the encoded order. This resolves a long
standing problem: a verify on a PKCS7 structure just after signing
it used to fail because the attribute order did not match the
encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes:
it uses the received order. This is necessary to tolerate some broken
software that does not order SET OF. This is handled by encoding
as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class)
to produce the required SET OF.
[Steve Henson]
*) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and
*) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and
OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header
OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header
files to get correct declarations of the ASN.1 item variables.
files to get correct declarations of the ASN.1 item variables.
...
...
crypto/pkcs7/pk7_asn1.c
浏览文件 @
ec5add87
...
@@ -108,8 +108,10 @@ ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = {
...
@@ -108,8 +108,10 @@ ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = {
ASN1_SIMPLE
(
PKCS7_SIGNER_INFO
,
version
,
ASN1_INTEGER
),
ASN1_SIMPLE
(
PKCS7_SIGNER_INFO
,
version
,
ASN1_INTEGER
),
ASN1_SIMPLE
(
PKCS7_SIGNER_INFO
,
issuer_and_serial
,
PKCS7_ISSUER_AND_SERIAL
),
ASN1_SIMPLE
(
PKCS7_SIGNER_INFO
,
issuer_and_serial
,
PKCS7_ISSUER_AND_SERIAL
),
ASN1_SIMPLE
(
PKCS7_SIGNER_INFO
,
digest_alg
,
X509_ALGOR
),
ASN1_SIMPLE
(
PKCS7_SIGNER_INFO
,
digest_alg
,
X509_ALGOR
),
/* NB this should be a SET OF but we use a SEQUENCE OF so the original order
/* NB this should be a SET OF but we use a SEQUENCE OF so the
* is retained when the structure is reencoded.
* original order * is retained when the structure is reencoded.
* Since the attributes are implicitly tagged this will not affect
* the encoding.
*/
*/
ASN1_IMP_SEQUENCE_OF_OPT
(
PKCS7_SIGNER_INFO
,
auth_attr
,
X509_ATTRIBUTE
,
0
),
ASN1_IMP_SEQUENCE_OF_OPT
(
PKCS7_SIGNER_INFO
,
auth_attr
,
X509_ATTRIBUTE
,
0
),
ASN1_SIMPLE
(
PKCS7_SIGNER_INFO
,
digest_enc_alg
,
X509_ALGOR
),
ASN1_SIMPLE
(
PKCS7_SIGNER_INFO
,
digest_enc_alg
,
X509_ALGOR
),
...
@@ -178,3 +180,22 @@ ASN1_SEQUENCE(PKCS7_DIGEST) = {
...
@@ -178,3 +180,22 @@ ASN1_SEQUENCE(PKCS7_DIGEST) = {
}
ASN1_SEQUENCE_END
(
PKCS7_DIGEST
);
}
ASN1_SEQUENCE_END
(
PKCS7_DIGEST
);
IMPLEMENT_ASN1_FUNCTIONS
(
PKCS7_DIGEST
)
IMPLEMENT_ASN1_FUNCTIONS
(
PKCS7_DIGEST
)
/* Specials for authenticated attributes */
/* When signing attributes we want to reorder them to match the sorted
* encoding.
*/
ASN1_ITEM_TEMPLATE
(
PKCS7_ATTR_SIGN
)
=
ASN1_EX_TEMPLATE_TYPE
(
ASN1_TFLG_SET_ORDER
,
0
,
PKCS7_ATTRIBUTES
,
X509_ATTRIBUTE
)
ASN1_ITEM_TEMPLATE_END
(
PKCS7_ATTR_SIGN
);
/* When verifying attributes we need to use the received order. So
* we use SEQUENCE OF and tag it to SET OF
*/
ASN1_ITEM_TEMPLATE
(
PKCS7_ATTR_VERIFY
)
=
ASN1_EX_TEMPLATE_TYPE
(
ASN1_TFLG_SEQUENCE_OF
|
ASN1_TFLG_IMPTAG
|
ASN1_TFLG_UNIVERSAL
,
V_ASN1_SET
,
PKCS7_ATTRIBUTES
,
X509_ATTRIBUTE
)
ASN1_ITEM_TEMPLATE_END
(
PKCS7_ATTR_VERIFY
);
crypto/pkcs7/pk7_doit.c
浏览文件 @
ec5add87
...
@@ -471,8 +471,6 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
...
@@ -471,8 +471,6 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
EVP_MD_CTX
*
mdc
,
ctx_tmp
;
EVP_MD_CTX
*
mdc
,
ctx_tmp
;
STACK_OF
(
X509_ATTRIBUTE
)
*
sk
;
STACK_OF
(
X509_ATTRIBUTE
)
*
sk
;
STACK_OF
(
PKCS7_SIGNER_INFO
)
*
si_sk
=
NULL
;
STACK_OF
(
PKCS7_SIGNER_INFO
)
*
si_sk
=
NULL
;
unsigned
char
*
p
,
*
pp
=
NULL
;
int
x
;
ASN1_OCTET_STRING
*
os
=
NULL
;
ASN1_OCTET_STRING
*
os
=
NULL
;
i
=
OBJ_obj2nid
(
p7
->
type
);
i
=
OBJ_obj2nid
(
p7
->
type
);
...
@@ -552,8 +550,8 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
...
@@ -552,8 +550,8 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
* attribute and only sign the attributes */
* attribute and only sign the attributes */
if
((
sk
!=
NULL
)
&&
(
sk_X509_ATTRIBUTE_num
(
sk
)
!=
0
))
if
((
sk
!=
NULL
)
&&
(
sk_X509_ATTRIBUTE_num
(
sk
)
!=
0
))
{
{
unsigned
char
md_data
[
EVP_MAX_MD_SIZE
];
unsigned
char
md_data
[
EVP_MAX_MD_SIZE
]
,
*
abuf
=
NULL
;
unsigned
int
md_len
;
unsigned
int
md_len
,
alen
;
ASN1_OCTET_STRING
*
digest
;
ASN1_OCTET_STRING
*
digest
;
ASN1_UTCTIME
*
sign_time
;
ASN1_UTCTIME
*
sign_time
;
const
EVP_MD
*
md_tmp
;
const
EVP_MD
*
md_tmp
;
...
@@ -573,19 +571,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
...
@@ -573,19 +571,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
NID_pkcs9_messageDigest
,
NID_pkcs9_messageDigest
,
V_ASN1_OCTET_STRING
,
digest
);
V_ASN1_OCTET_STRING
,
digest
);
/* Now sign the
mes
s */
/* Now sign the
attribute
s */
EVP_SignInit
(
&
ctx_tmp
,
md_tmp
);
EVP_SignInit
(
&
ctx_tmp
,
md_tmp
);
x
=
i2d_ASN1_SET_OF_X509_ATTRIBUTE
(
sk
,
NULL
,
alen
=
ASN1_item_i2d
((
ASN1_VALUE
*
)
sk
,
&
abuf
,
i2d_X509_ATTRIBUTE
,
&
PKCS7_ATTR_SIGN_it
);
V_ASN1_SET
,
V_ASN1_UNIVERSAL
,
IS_SET
);
if
(
!
abuf
)
goto
err
;
pp
=
(
unsigned
char
*
)
OPENSSL_malloc
(
x
);
EVP_SignUpdate
(
&
ctx_tmp
,
abuf
,
alen
);
p
=
pp
;
OPENSSL_free
(
abuf
);
i2d_ASN1_SET_OF_X509_ATTRIBUTE
(
sk
,
&
p
,
i2d_X509_ATTRIBUTE
,
V_ASN1_SET
,
V_ASN1_UNIVERSAL
,
IS_SET
);
EVP_SignUpdate
(
&
ctx_tmp
,
pp
,
x
);
OPENSSL_free
(
pp
);
pp
=
NULL
;
}
}
if
(
si
->
pkey
->
type
==
EVP_PKEY_DSA
)
if
(
si
->
pkey
->
type
==
EVP_PKEY_DSA
)
...
@@ -627,9 +619,6 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
...
@@ -627,9 +619,6 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
(unsigned char *)buf_mem->data,buf_mem->length);
(unsigned char *)buf_mem->data,buf_mem->length);
#endif
#endif
}
}
if
(
pp
!=
NULL
)
OPENSSL_free
(
pp
);
pp
=
NULL
;
ret
=
1
;
ret
=
1
;
err:
err:
if
(
buf
!=
NULL
)
BUF_MEM_free
(
buf
);
if
(
buf
!=
NULL
)
BUF_MEM_free
(
buf
);
...
@@ -691,7 +680,6 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
...
@@ -691,7 +680,6 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
{
{
ASN1_OCTET_STRING
*
os
;
ASN1_OCTET_STRING
*
os
;
EVP_MD_CTX
mdc_tmp
,
*
mdc
;
EVP_MD_CTX
mdc_tmp
,
*
mdc
;
unsigned
char
*
pp
,
*
p
;
int
ret
=
0
,
i
;
int
ret
=
0
,
i
;
int
md_type
;
int
md_type
;
STACK_OF
(
X509_ATTRIBUTE
)
*
sk
;
STACK_OF
(
X509_ATTRIBUTE
)
*
sk
;
...
@@ -736,8 +724,8 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
...
@@ -736,8 +724,8 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
sk
=
si
->
auth_attr
;
sk
=
si
->
auth_attr
;
if
((
sk
!=
NULL
)
&&
(
sk_X509_ATTRIBUTE_num
(
sk
)
!=
0
))
if
((
sk
!=
NULL
)
&&
(
sk_X509_ATTRIBUTE_num
(
sk
)
!=
0
))
{
{
unsigned
char
md_dat
[
EVP_MAX_MD_SIZE
];
unsigned
char
md_dat
[
EVP_MAX_MD_SIZE
]
,
*
abuf
=
NULL
;
unsigned
int
md_len
;
unsigned
int
md_len
,
alen
;
ASN1_OCTET_STRING
*
message_digest
;
ASN1_OCTET_STRING
*
message_digest
;
EVP_DigestFinal
(
&
mdc_tmp
,
md_dat
,
&
md_len
);
EVP_DigestFinal
(
&
mdc_tmp
,
md_dat
,
&
md_len
);
...
@@ -766,19 +754,12 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
...
@@ -766,19 +754,12 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
}
}
EVP_VerifyInit
(
&
mdc_tmp
,
EVP_get_digestbynid
(
md_type
));
EVP_VerifyInit
(
&
mdc_tmp
,
EVP_get_digestbynid
(
md_type
));
/* Note: when forming the encoding of the attributes we
* shouldn't reorder them or this will break the signature.
alen
=
ASN1_item_i2d
((
ASN1_VALUE
*
)
sk
,
&
abuf
,
* This is done by using the IS_SEQUENCE flag.
&
PKCS7_ATTR_VERIFY_it
);
*/
EVP_VerifyUpdate
(
&
mdc_tmp
,
abuf
,
alen
);
i
=
i2d_ASN1_SET_OF_X509_ATTRIBUTE
(
sk
,
NULL
,
i2d_X509_ATTRIBUTE
,
V_ASN1_SET
,
V_ASN1_UNIVERSAL
,
IS_SEQUENCE
);
OPENSSL_free
(
abuf
);
pp
=
OPENSSL_malloc
(
i
);
p
=
pp
;
i2d_ASN1_SET_OF_X509_ATTRIBUTE
(
sk
,
&
p
,
i2d_X509_ATTRIBUTE
,
V_ASN1_SET
,
V_ASN1_UNIVERSAL
,
IS_SEQUENCE
);
EVP_VerifyUpdate
(
&
mdc_tmp
,
pp
,
i
);
OPENSSL_free
(
pp
);
}
}
os
=
si
->
enc_digest
;
os
=
si
->
enc_digest
;
...
...
crypto/pkcs7/pkcs7.h
浏览文件 @
ec5add87
...
@@ -295,6 +295,9 @@ DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST)
...
@@ -295,6 +295,9 @@ DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST)
DECLARE_ASN1_FUNCTIONS
(
PKCS7_ENCRYPT
)
DECLARE_ASN1_FUNCTIONS
(
PKCS7_ENCRYPT
)
DECLARE_ASN1_FUNCTIONS
(
PKCS7
)
DECLARE_ASN1_FUNCTIONS
(
PKCS7
)
DECLARE_ASN1_ITEM
(
PKCS7_ATTR_SIGN
)
DECLARE_ASN1_ITEM
(
PKCS7_ATTR_VERIFY
)
void
ERR_load_PKCS7_strings
(
void
);
void
ERR_load_PKCS7_strings
(
void
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录