本文整理汇总了C++中OBJ_obj2nid函数的典型用法代码示例。如果您正苦于以下问题:C++ OBJ_obj2nid函数的具体用法?C++ OBJ_obj2nid怎么用?C++ OBJ_obj2nid使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了OBJ_obj2nid函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: GetX509NameInfo
/*
Function:
GetX509NameInfo
Used by System.Security.Cryptography.X509Certificates' OpenSslX509CertificateReader as the entire
implementation of X509Certificate2.GetNameInfo.
Return values:
NULL if the certificate is invalid or no name information could be found, otherwise a pointer to a
memory-backed BIO structure which contains the answer to the GetNameInfo query
*/
BIO*
GetX509NameInfo(
X509* x509,
int nameType,
int forIssuer)
{
static const char szOidUpn[] = "1.3.6.1.4.1.311.20.2.3";
if (!x509 || !x509->cert_info || nameType < NAME_TYPE_SIMPLE || nameType > NAME_TYPE_URL)
{
return NULL;
}
// Algorithm behaviors (pseudocode). When forIssuer is true, replace "Subject" with "Issuer" and
// SAN (Subject Alternative Names) with IAN (Issuer Alternative Names).
//
// SimpleName: Subject[CN] ?? Subject[OU] ?? Subject[O] ?? Subject[E] ?? Subject.Rdns.FirstOrDefault() ?? SAN.Entries.FirstOrDefault(type == GEN_EMAIL);
// EmailName: SAN.Entries.FirstOrDefault(type == GEN_EMAIL) ?? Subject[E];
// UpnName: SAN.Entries.FirsOrDefaultt(type == GEN_OTHER && entry.AsOther().OID == szOidUpn).AsOther().Value;
// DnsName: SAN.Entries.FirstOrDefault(type == GEN_DNS) ?? Subject[CN];
// DnsFromAlternativeName: SAN.Entries.FirstOrDefault(type == GEN_DNS);
// UrlName: SAN.Entries.FirstOrDefault(type == GEN_URI);
if (nameType == NAME_TYPE_SIMPLE)
{
X509_NAME* name = forIssuer ? x509->cert_info->issuer : x509->cert_info->subject;
if (name)
{
ASN1_STRING* cn = NULL;
ASN1_STRING* ou = NULL;
ASN1_STRING* o = NULL;
ASN1_STRING* e = NULL;
ASN1_STRING* firstRdn = NULL;
// Walk the list backwards because it is stored in stack order
for (int i = X509_NAME_entry_count(name) - 1; i >= 0; --i)
{
X509_NAME_ENTRY* entry = X509_NAME_get_entry(name, i);
if (!entry)
{
continue;
}
ASN1_OBJECT* oid = X509_NAME_ENTRY_get_object(entry);
ASN1_STRING* str = X509_NAME_ENTRY_get_data(entry);
if (!oid || !str)
{
continue;
}
int nid = OBJ_obj2nid(oid);
if (nid == NID_commonName)
{
// CN wins, so no need to keep looking.
cn = str;
break;
}
else if (nid == NID_organizationalUnitName)
{
ou = str;
}
else if (nid == NID_organizationName)
{
o = str;
}
else if (nid == NID_pkcs9_emailAddress)
{
e = str;
}
else if (!firstRdn)
{
firstRdn = str;
}
}
ASN1_STRING* answer = cn;
// If there was no CN, but there was something, then perform fallbacks.
if (!answer && firstRdn)
{
answer = ou;
if (!answer)
{
answer = o;
}
//.........这里部分代码省略.........
开发者ID:nblumhardt,项目名称:corefx,代码行数:101,代码来源:openssl.c
示例2: X509_CRL_get_signature_nid
int X509_CRL_get_signature_nid(const X509_CRL *crl)
{
return OBJ_obj2nid(crl->sig_alg.algorithm);
}
开发者ID:1234-,项目名称:openssl,代码行数:4,代码来源:x509cset.c
示例3: rsa_pss_to_ctx
/* From PSS AlgorithmIdentifier set public key parameters. */
static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, X509_ALGOR *sigalg, EVP_PKEY *pkey) {
int ret = 0;
int saltlen;
const EVP_MD *mgf1md = NULL, *md = NULL;
RSA_PSS_PARAMS *pss;
X509_ALGOR *maskHash;
EVP_PKEY_CTX *pkctx;
/* Sanity check: make sure it is PSS */
if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
OPENSSL_PUT_ERROR(EVP, rsa_pss_to_ctx, EVP_R_UNSUPPORTED_SIGNATURE_TYPE);
return 0;
}
/* Decode PSS parameters */
pss = rsa_pss_decode(sigalg, &maskHash);
if (pss == NULL) {
OPENSSL_PUT_ERROR(EVP, rsa_pss_to_ctx, EVP_R_INVALID_PSS_PARAMETERS);
goto err;
}
mgf1md = rsa_mgf1_to_md(pss->maskGenAlgorithm, maskHash);
if (!mgf1md) {
goto err;
}
md = rsa_algor_to_md(pss->hashAlgorithm);
if (!md) {
goto err;
}
saltlen = 20;
if (pss->saltLength) {
saltlen = ASN1_INTEGER_get(pss->saltLength);
/* Could perform more salt length sanity checks but the main
* RSA routines will trap other invalid values anyway. */
if (saltlen < 0) {
OPENSSL_PUT_ERROR(EVP, rsa_pss_to_ctx, EVP_R_INVALID_SALT_LENGTH);
goto err;
}
}
/* low-level routines support only trailer field 0xbc (value 1)
* and PKCS#1 says we should reject any other value anyway. */
if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
OPENSSL_PUT_ERROR(EVP, rsa_pss_to_ctx, EVP_R_INVALID_TRAILER);
goto err;
}
if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey) ||
!EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) ||
!EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) ||
!EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md)) {
goto err;
}
ret = 1;
err:
RSA_PSS_PARAMS_free(pss);
if (maskHash) {
X509_ALGOR_free(maskHash);
}
return ret;
}
开发者ID:krunalsoni01,项目名称:src,代码行数:65,代码来源:p_rsa_asn1.c
示例4: rsa_pss_to_ctx
static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
X509_ALGOR *sigalg, EVP_PKEY *pkey)
{
int rv = -1;
int saltlen;
const EVP_MD *mgf1md = NULL, *md = NULL;
RSA_PSS_PARAMS *pss;
X509_ALGOR *maskHash;
/* Sanity check: make sure it is PSS */
if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
return -1;
}
/* Decode PSS parameters */
pss = rsa_pss_decode(sigalg, &maskHash);
if (pss == NULL) {
RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_PSS_PARAMETERS);
goto err;
}
mgf1md = rsa_mgf1_to_md(pss->maskGenAlgorithm, maskHash);
if (!mgf1md)
goto err;
md = rsa_algor_to_md(pss->hashAlgorithm);
if (!md)
goto err;
if (pss->saltLength) {
saltlen = ASN1_INTEGER_get(pss->saltLength);
/*
* Could perform more salt length sanity checks but the main RSA
* routines will trap other invalid values anyway.
*/
if (saltlen < 0) {
RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_SALT_LENGTH);
goto err;
}
} else
saltlen = 20;
/*
* low-level routines support only trailer field 0xbc (value 1) and
* PKCS#1 says we should reject any other value anyway.
*/
if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_TRAILER);
goto err;
}
/* We have all parameters now set up context */
if (pkey) {
if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
goto err;
} else {
const EVP_MD *checkmd;
if (EVP_PKEY_CTX_get_signature_md(pkctx, &checkmd) <= 0)
goto err;
if (EVP_MD_type(md) != EVP_MD_type(checkmd)) {
RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_DIGEST_DOES_NOT_MATCH);
goto err;
}
}
if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
goto err;
if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
goto err;
if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
goto err;
/* Carry on */
rv = 1;
err:
RSA_PSS_PARAMS_free(pss);
X509_ALGOR_free(maskHash);
return rv;
}
开发者ID:erbridge,项目名称:openssl,代码行数:81,代码来源:rsa_ameth.c
示例5: OBJ_obj2nid
// Convert a ByteString to an OpenSSL NID
int OSSL::byteString2oid(const ByteString& byteString)
{
const unsigned char *p = byteString.const_byte_str();
return OBJ_obj2nid(d2i_ASN1_OBJECT(NULL, &p, byteString.size()));
}
开发者ID:jschlyter,项目名称:SoftHSMv2,代码行数:6,代码来源:OSSLUtil.cpp
示例6: parse_pkcs7_data
static int parse_pkcs7_data(const options_t *options, const CRYPT_DATA_BLOB *blob)
{
int result = 0;
const cert_format_e input_fmt = CERT_FORMAT_DER;
PKCS7 *p7 = NULL;
BIO *in = NULL;
CRYPTO_malloc_init();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
in = BIO_new_mem_buf(blob->pbData, blob->cbData);
if (in == NULL) {
result = -2;
goto error;
}
switch (input_fmt) {
default: EXIT_ERROR("unhandled input format for certificate");
case CERT_FORMAT_DER:
p7 = d2i_PKCS7_bio(in, NULL);
break;
case CERT_FORMAT_PEM:
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
break;
}
if (p7 == NULL) {
ERR_print_errors_fp(stderr);
result = -3;
goto error;
}
STACK_OF(X509) *certs = NULL;
int type = OBJ_obj2nid(p7->type);
switch (type) {
default: break;
case NID_pkcs7_signed: // PKCS7_type_is_signed(p7)
certs = p7->d.sign->cert;
break;
case NID_pkcs7_signedAndEnveloped: // PKCS7_type_is_signedAndEnveloped(p7)
certs = p7->d.signed_and_enveloped->cert;
break;
}
const int numcerts = certs != NULL ? sk_X509_num(certs) : 0;
for (int i = 0; i < numcerts; i++) {
X509 *cert = sk_X509_value(certs, i);
print_certificate(options->certout, options->certoutform, cert);
// NOTE: Calling X509_free(cert) is unnecessary.
}
// Print whether certificate signature is valid
if (numcerts > 0) {
X509 *subject = sk_X509_value(certs, 0);
X509 *issuer = sk_X509_value(certs, numcerts - 1);
int valid_sig = X509_verify(subject, X509_get_pubkey(issuer));
output("Signature", valid_sig == 1 ? "valid" : "invalid");
}
// Print signers
if (numcerts > 0) {
output_open_scope("signers", OUTPUT_SCOPE_TYPE_ARRAY);
for (int i = 0; i < numcerts; i++) {
X509 *cert = sk_X509_value(certs, i);
X509_NAME *name = X509_get_subject_name(cert);
int issuer_name_len = X509_NAME_get_text_by_NID(name, NID_commonName, NULL, 0);
if (issuer_name_len > 0) {
output_open_scope("signer", OUTPUT_SCOPE_TYPE_OBJECT);
char issuer_name[issuer_name_len + 1];
X509_NAME_get_text_by_NID(name, NID_commonName, issuer_name, issuer_name_len + 1);
output("Issuer", issuer_name);
output_close_scope(); // signer
}
}
output_close_scope(); // signers
}
error:
if (p7 != NULL)
PKCS7_free(p7);
if (in != NULL)
BIO_free(in);
// Deallocate everything from OpenSSL_add_all_algorithms
EVP_cleanup();
// Deallocate everything from ERR_load_crypto_strings
ERR_free_strings();
return result;
}
开发者ID:diogoleal,项目名称:pev,代码行数:92,代码来源:pesec.c
示例7: test
int test(char *URL)
{
CURLM* multi;
sslctxparm p;
CURLMcode res;
int running;
char done = FALSE;
int i = 0;
CURLMsg *msg;
struct timeval ml_start;
struct timeval mp_start;
char ml_timedout = FALSE;
char mp_timedout = FALSE;
if(libtest_arg2) {
portnum = atoi(libtest_arg2);
}
if (curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
fprintf(stderr, "curl_global_init() failed\n");
return TEST_ERR_MAJOR_BAD;
}
if ((p.curl = curl_easy_init()) == NULL) {
fprintf(stderr, "curl_easy_init() failed\n");
curl_global_cleanup();
return TEST_ERR_MAJOR_BAD;
}
p.accessinfoURL = (unsigned char *) strdup(URL);
p.accesstype = OBJ_obj2nid(OBJ_txt2obj("AD_DVCS",0)) ;
curl_easy_setopt(p.curl, CURLOPT_URL, p.accessinfoURL);
curl_easy_setopt(p.curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun) ;
curl_easy_setopt(p.curl, CURLOPT_SSL_CTX_DATA, &p);
curl_easy_setopt(p.curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_easy_setopt(p.curl, CURLOPT_SSL_VERIFYHOST, 1);
if ((multi = curl_multi_init()) == NULL) {
fprintf(stderr, "curl_multi_init() failed\n");
curl_easy_cleanup(p.curl);
curl_global_cleanup();
return TEST_ERR_MAJOR_BAD;
}
if ((res = curl_multi_add_handle(multi, p.curl)) != CURLM_OK) {
fprintf(stderr, "curl_multi_add_handle() failed, "
"with code %d\n", res);
curl_multi_cleanup(multi);
curl_easy_cleanup(p.curl);
curl_global_cleanup();
return TEST_ERR_MAJOR_BAD;
}
fprintf(stderr, "Going to perform %s\n", (char *)p.accessinfoURL);
ml_timedout = FALSE;
ml_start = tutil_tvnow();
while (!done) {
fd_set rd, wr, exc;
int max_fd;
struct timeval interval;
interval.tv_sec = 1;
interval.tv_usec = 0;
if (tutil_tvdiff(tutil_tvnow(), ml_start) >
MAIN_LOOP_HANG_TIMEOUT) {
ml_timedout = TRUE;
break;
}
mp_timedout = FALSE;
mp_start = tutil_tvnow();
while (res == CURLM_CALL_MULTI_PERFORM) {
res = curl_multi_perform(multi, &running);
if (tutil_tvdiff(tutil_tvnow(), mp_start) >
MULTI_PERFORM_HANG_TIMEOUT) {
mp_timedout = TRUE;
break;
}
fprintf(stderr, "running=%d res=%d\n",running,res);
if (running <= 0) {
done = TRUE;
break;
}
}
if (mp_timedout || done)
break;
if (res != CURLM_OK) {
fprintf(stderr, "not okay???\n");
i = 80;
break;
}
//.........这里部分代码省略.........
开发者ID:tcdog001,项目名称:apv5sdk-v15,代码行数:101,代码来源:lib509.c
示例8: RSA_verify
int RSA_verify(int dtype, unsigned char *m, unsigned int m_len,
unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
{
int i,ret=0,sigtype;
unsigned char *p,*s;
X509_SIG *sig=NULL;
if (siglen != (unsigned int)RSA_size(rsa))
{
RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
return(0);
}
if(rsa->flags & RSA_FLAG_SIGN_VER)
return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
if (s == NULL)
{
RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
goto err;
}
if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
return(0);
}
i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
if (i <= 0) goto err;
/* Special case: SSL signature */
if(dtype == NID_md5_sha1) {
if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
else ret = 1;
} else {
p=s;
sig=d2i_X509_SIG(NULL,&p,(long)i);
if (sig == NULL) goto err;
sigtype=OBJ_obj2nid(sig->algor->algorithm);
#ifdef RSA_DEBUG
/* put a backward compatibility flag in EAY */
fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
OBJ_nid2ln(dtype));
#endif
if (sigtype != dtype)
{
if (((dtype == NID_md5) &&
(sigtype == NID_md5WithRSAEncryption)) ||
((dtype == NID_md2) &&
(sigtype == NID_md2WithRSAEncryption)))
{
/* ok, we will let it through */
#if !defined(NO_STDIO) && !defined(WIN16)
fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");
#endif
}
else
{
RSAerr(RSA_F_RSA_VERIFY,
RSA_R_ALGORITHM_MISMATCH);
goto err;
}
}
if ( ((unsigned int)sig->digest->length != m_len) ||
(memcmp(m,sig->digest->data,m_len) != 0))
{
RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
}
else
ret=1;
}
err:
if (sig != NULL) X509_SIG_free(sig);
memset(s,0,(unsigned int)siglen);
OPENSSL_free(s);
return(ret);
}
开发者ID:ahenroid,项目名称:ptptl-0.2,代码行数:81,代码来源:rsa_sign.c
示例9: test
int test( char *URL ) {
CURLM* multi;
sslctxparm p;
int i = 0;
CURLMsg *msg;
if ( arg2 ) {
portnum = atoi( arg2 );
}
curl_global_init( CURL_GLOBAL_ALL );
p.curl = curl_easy_init();
p.accessinfoURL = (unsigned char *) strdup( URL );
p.accesstype = OBJ_obj2nid( OBJ_txt2obj( "AD_DVCS",0 ) ) ;
curl_easy_setopt( p.curl, CURLOPT_URL, p.accessinfoURL );
curl_easy_setopt( p.curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun ) ;
curl_easy_setopt( p.curl, CURLOPT_SSL_CTX_DATA, &p );
curl_easy_setopt( p.curl, CURLOPT_SSL_VERIFYPEER, FALSE );
curl_easy_setopt( p.curl, CURLOPT_SSL_VERIFYHOST, 1 );
fprintf( stderr, "Going to perform %s\n", (char *)p.accessinfoURL );
{
CURLMcode res;
int running;
char done = FALSE;
multi = curl_multi_init();
res = curl_multi_add_handle( multi, p.curl );
while ( !done ) {
fd_set rd, wr, exc;
int max_fd;
struct timeval interval;
interval.tv_sec = 1;
interval.tv_usec = 0;
while ( res == CURLM_CALL_MULTI_PERFORM ) {
res = curl_multi_perform( multi, &running );
fprintf( stderr, "running=%d res=%d\n",running,res );
if ( running <= 0 ) {
done = TRUE;
break;
}
}
if ( done ) {
break;
}
if ( res != CURLM_OK ) {
fprintf( stderr, "not okay???\n" );
i = 80;
break;
}
FD_ZERO( &rd );
FD_ZERO( &wr );
FD_ZERO( &exc );
max_fd = 0;
if ( curl_multi_fdset( multi, &rd, &wr, &exc, &max_fd ) != CURLM_OK ) {
fprintf( stderr, "unexpected failured of fdset.\n" );
i = 89;
break;
}
if ( select( max_fd + 1, &rd, &wr, &exc, &interval ) == -1 ) {
fprintf( stderr, "bad select??\n" );
i = 95;
break;
}
res = CURLM_CALL_MULTI_PERFORM;
}
msg = curl_multi_info_read( multi, &running );
/* this should now contain a result code from the easy handle, get it */
if ( msg ) {
i = msg->data.result;
}
}
fprintf( stderr, "all done\n" );
curl_multi_remove_handle( multi, p.curl );
curl_easy_cleanup( p.curl );
curl_multi_cleanup( multi );
curl_global_cleanup();
free( p.accessinfoURL );
return i;
}
开发者ID:AdrienJaguenet,项目名称:Enemy-Territory,代码行数:100,代码来源:lib509.c
示例10: _SSL_get_cert_info
/*
FIXME: Master-Key, Extensions, CA bits
(openssl x509 -text -in servcert.pem)
*/
int
_SSL_get_cert_info (struct cert_info *cert_info, SSL * ssl)
{
X509 *peer_cert;
EVP_PKEY *peer_pkey;
/* EVP_PKEY *ca_pkey; */
/* EVP_PKEY *tmp_pkey; */
char notBefore[64];
char notAfter[64];
int alg;
int sign_alg;
if (!(peer_cert = SSL_get_peer_certificate (ssl)))
return (1); /* FATAL? */
X509_NAME_oneline (X509_get_subject_name (peer_cert), cert_info->subject,
sizeof (cert_info->subject));
X509_NAME_oneline (X509_get_issuer_name (peer_cert), cert_info->issuer,
sizeof (cert_info->issuer));
broke_oneline (cert_info->subject, cert_info->subject_word);
broke_oneline (cert_info->issuer, cert_info->issuer_word);
alg = OBJ_obj2nid (peer_cert->cert_info->key->algor->algorithm);
sign_alg = OBJ_obj2nid (peer_cert->sig_alg->algorithm);
ASN1_TIME_snprintf (notBefore, sizeof (notBefore),
X509_get_notBefore (peer_cert));
ASN1_TIME_snprintf (notAfter, sizeof (notAfter),
X509_get_notAfter (peer_cert));
peer_pkey = X509_get_pubkey (peer_cert);
strncpy (cert_info->algorithm,
(alg == NID_undef) ? "Unknown" : OBJ_nid2ln (alg),
sizeof (cert_info->algorithm));
cert_info->algorithm_bits = EVP_PKEY_bits (peer_pkey);
strncpy (cert_info->sign_algorithm,
(sign_alg == NID_undef) ? "Unknown" : OBJ_nid2ln (sign_alg),
sizeof (cert_info->sign_algorithm));
/* EVP_PKEY_bits(ca_pkey)); */
cert_info->sign_algorithm_bits = 0;
strncpy (cert_info->notbefore, notBefore, sizeof (cert_info->notbefore));
strncpy (cert_info->notafter, notAfter, sizeof (cert_info->notafter));
EVP_PKEY_free (peer_pkey);
/* SSL_SESSION_print_fp(stdout, SSL_get_session(ssl)); */
/*
if (ssl->session->sess_cert->peer_rsa_tmp) {
tmp_pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(tmp_pkey, ssl->session->sess_cert->peer_rsa_tmp);
cert_info->rsa_tmp_bits = EVP_PKEY_bits (tmp_pkey);
EVP_PKEY_free(tmp_pkey);
} else
fprintf(stderr, "REMOTE SIDE DOESN'T PROVIDES ->peer_rsa_tmp\n");
*/
cert_info->rsa_tmp_bits = 0;
X509_free (peer_cert);
return (0);
}
开发者ID:CarlGammaSagan,项目名称:hexchat,代码行数:66,代码来源:ssl.c
示例11: ASN1_item_verify
int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
{
EVP_MD_CTX ctx;
unsigned char *buf_in=NULL;
int ret= -1,inl;
int mdnid, pknid;
if (!pkey)
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
return -1;
}
EVP_MD_CTX_init(&ctx);
/* Convert signature OID into digest and public key OIDs */
if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid))
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
goto err;
}
if (mdnid == NID_undef)
{
if (!pkey->ameth || !pkey->ameth->item_verify)
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
goto err;
}
ret = pkey->ameth->item_verify(&ctx, it, asn, a,
signature, pkey);
/* Return value of 2 means carry on, anything else means we
* exit straight away: either a fatal error of the underlying
* verification routine handles all verification.
*/
if (ret != 2)
goto err;
ret = -1;
}
else
{
const EVP_MD *type;
type=EVP_get_digestbynid(mdnid);
if (type == NULL)
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
goto err;
}
/* Check public key OID matches public key type */
if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id)
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE);
goto err;
}
if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey))
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
ret=0;
goto err;
}
}
inl = ASN1_item_i2d(asn, &buf_in, it);
if (buf_in == NULL)
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE);
goto err;
}
if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl))
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
ret=0;
goto err;
}
OPENSSL_cleanse(buf_in,(unsigned int)inl);
OPENSSL_free(buf_in);
if (EVP_DigestVerifyFinal(&ctx,signature->data,
(size_t)signature->length) <= 0)
{
ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
ret=0;
goto err;
}
/* we don't need to zero the 'ctx' because we just checked
* public information */
/* memset(&ctx,0,sizeof(ctx)); */
ret=1;
err:
EVP_MD_CTX_cleanup(&ctx);
return(ret);
}
开发者ID:RyunosukeOno,项目名称:rayjack,代码行数:99,代码来源:a_verify.c
示例12: CRYPTO_add
EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
{
EVP_PKEY *ret=NULL;
if (key == NULL) goto error;
if (key->pkey != NULL)
{
CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
return key->pkey;
}
if (key->public_key == NULL) goto error;
if ((ret = EVP_PKEY_new()) == NULL)
{
X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
goto error;
}
if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm)))
{
X509err(X509_F_X509_PUBKEY_GET,X509_R_UNSUPPORTED_ALGORITHM);
goto error;
}
if (ret->ameth->pub_decode)
{
if (!ret->ameth->pub_decode(ret, key))
{
X509err(X509_F_X509_PUBKEY_GET,
X509_R_PUBLIC_KEY_DECODE_ERROR);
goto error;
}
}
else
{
X509err(X509_F_X509_PUBKEY_GET, X509_R_METHOD_NOT_SUPPORTED);
goto error;
}
/* Check to see if another thread set key->pkey first */
CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
if (key->pkey)
{
CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
EVP_PKEY_free(ret);
ret = key->pkey;
}
else
{
key->pkey = ret;
CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
}
CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
return ret;
error:
if (ret != NULL)
EVP_PKEY_free(ret);
return(NULL);
}
开发者ID:RyunosukeOno,项目名称:rayjack,代码行数:63,代码来源:x_pubkey.c
示例13: do_name_ex
static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
int indent, unsigned long flags)
{
int i, prev = -1, orflags, cnt;
int fn_opt, fn_nid;
ASN1_OBJECT *fn;
ASN1_STRING *val;
X509_NAME_ENTRY *ent;
char objtmp[80];
const char *objbuf;
int outlen, len;
char *sep_dn, *sep_mv, *sep_eq;
int sep_dn_len, sep_mv_len, sep_eq_len;
if(indent < 0) indent = 0;
outlen = indent;
if(!do_indent(io_ch, arg, indent)) return -1;
switch (flags & XN_FLAG_SEP_MASK)
{
case XN_FLAG_SEP_MULTILINE:
sep_dn = "\n";
sep_dn_len = 1;
sep_mv = " + ";
sep_mv_len = 3;
break;
case XN_FLAG_SEP_COMMA_PLUS:
sep_dn = ",";
sep_dn_len = 1;
sep_mv = "+";
sep_mv_len = 1;
indent = 0;
break;
case XN_FLAG_SEP_CPLUS_SPC:
sep_dn = ", ";
sep_dn_len = 2;
sep_mv = " + ";
sep_mv_len = 3;
indent = 0;
break;
case XN_FLAG_SEP_SPLUS_SPC:
sep_dn = "; ";
sep_dn_len = 2;
sep_mv = " + ";
sep_mv_len = 3;
indent = 0;
break;
default:
return -1;
}
if(flags & XN_FLAG_SPC_EQ) {
sep_eq = " = ";
sep_eq_len = 3;
} else {
sep_eq = "=";
sep_eq_len = 1;
}
fn_opt = flags & XN_FLAG_FN_MASK;
cnt = X509_NAME_entry_count(n);
for(i = 0; i < cnt; i++) {
if(flags & XN_FLAG_DN_REV)
ent = X509_NAME_get_entry(n, cnt - i - 1);
else ent = X509_NAME_get_entry(n, i);
if(prev != -1) {
if(prev == ent->set) {
if(!io_ch(arg, sep_mv, sep_mv_len)) return -1;
outlen += sep_mv_len;
} else {
if(!io_ch(arg, sep_dn, sep_dn_len)) return -1;
outlen += sep_dn_len;
if(!do_indent(io_ch, arg, indent)) return -1;
outlen += indent;
}
}
prev = ent->set;
fn = X509_NAME_ENTRY_get_object(ent);
val = X509_NAME_ENTRY_get_data(ent);
fn_nid = OBJ_obj2nid(fn);
if(fn_opt != XN_FLAG_FN_NONE) {
int objlen, fld_len;
if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) {
OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
fld_len = 0; /* XXX: what should this be? */
objbuf = objtmp;
} else {
if(fn_opt == XN_FLAG_FN_SN) {
fld_len = FN_WIDTH_SN;
objbuf = OBJ_nid2sn(fn_nid);
} else if(fn_opt == XN_FLAG_FN_LN) {
fld_len = FN_WIDTH_LN;
objbuf = OBJ_nid2ln(fn_nid);
} else {
fld_len = 0; /* XXX: what should this be? */
objbuf = "";
}
//.........这里部分代码省略.........
开发者ID:RafaelRMachado,项目名称:MinnowBoard,代码行数:101,代码来源:a_strex.c
示例14: pkcs7_main
int pkcs7_main(int argc, char **argv)
{
PKCS7 *p7 = NULL;
BIO *in = NULL, *out = NULL;
int informat = FORMAT_PEM, outformat = FORMAT_PEM;
char *infile = NULL, *outfile = NULL, *prog;
int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, ret = 1;
OPTION_CHOICE o;
prog = opt_init(argc, argv, pkcs7_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(pkcs7_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_NOOUT:
noout = 1;
break;
case OPT_TEXT:
text = 1;
break;
case OPT_PRINT:
p7_print = 1;
break;
case OPT_PRINT_CERTS:
print_certs = 1;
break;
case OPT_ENGINE:
(void)setup_engine(opt_arg(), 0);
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
if (informat == FORMAT_ASN1)
p7 = d2i_PKCS7_bio(in, NULL);
else
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
if (p7 == NULL) {
BIO_printf(bio_err, "unable to load PKCS7 object\n");
ERR_print_errors(bio_err);
goto end;
}
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (p7_print)
PKCS7_print_ctx(out, p7, 0, NULL);
if (print_certs) {
STACK_OF(X509) *certs = NULL;
STACK_OF(X509_CRL) *crls = NULL;
i = OBJ_obj2nid(p7->type);
switch (i) {
case NID_pkcs7_signed:
if (p7->d.sign != NULL) {
certs = p7->d.sign->cert;
crls = p7->d.sign->crl;
}
break;
case NID_pkcs7_signedAndEnveloped:
if (p7->d.signed_and_enveloped != NULL) {
certs = p7->d.signed_and_enveloped->cert;
crls = p7->d.signed_and_enveloped->crl;
}
break;
default:
break;
}
if (certs != NULL) {
//.........这里部分代码省略.........
开发者ID:1234-,项目名称:openssl,代码行数:101,代码来源:pkcs7.c
示例15: crl_set_issuers
static int
crl_set_issuers(X509_CRL *crl)
{
int i, j;
GENERAL_NAMES *gens, *gtmp;
STACK_OF(X509_REVOKED) *revoked;
revoked = X509_CRL_get_REVOKED(crl);
gens = NULL;
for (i = 0; i < sk_X509_REVOKED_num(revoked); i++) {
X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i);
STACK_OF(X509_EXTENSION) *exts;
ASN1_ENUMERATED *reason;
X509_EXTENSION *ext;
gtmp = X509_REVOKED_get_ext_d2i(rev, NID_certificate_issuer,
&j, NULL);
if (!gtmp && (j != -1)) {
crl->flags |= EXFLAG_INVALID;
return 1;
}
if (gtmp) {
gens = gtmp;
if (!crl->issuers) {
crl->issuers = sk_GENERAL_NAMES_new_null();
if (!crl->issuers)
return 0;
}
if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp))
return 0;
}
rev->issuer = gens;
reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason,
&j, NULL);
if (!reason && (j != -1)) {
crl->flags |= EXFLAG_INVALID;
return 1;
}
if (reason) {
rev->reason = ASN1_ENUMERATED_get(reason);
ASN1_ENUMERATED_free(reason);
} else
rev->reason = CRL_REASON_NONE;
/* Check for critical CRL entry extensions */
exts = rev->extensions;
for (j = 0; j < sk_X509_EXTENSION_num(exts); j++) {
ext = sk_X509_EXTENSION_value(exts, j);
if (ext->critical > 0) {
if (OBJ_obj2nid(ext->object) ==
NID_certificate_issuer)
continue;
crl->flags |= EXFLAG_CRITICAL;
break;
}
}
}
return 1;
}
开发者ID:Heratom,项目名称:Firefly-project,代码行数:65,代码来源:x_crl.c
示例16: if
char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
{
X509_NAME_ENTRY *ne;
size_t i;
int n, lold, l, l1, l2, num, j, type;
const char *s;
char *p;
unsigned char *q;
BUF_MEM *b = NULL;
static const char hex[17] = "0123456789ABCDEF";
int gs_doit[4];
char tmp_buf[80];
if (buf == NULL) {
if ((b = BUF_MEM_new()) == NULL)
goto err;
if (!BUF_MEM_grow(b, 200))
goto err;
b->data[0] = '\0';
len = 200;
} else if (len <= 0) {
return NULL;
}
if (a == NULL) {
if (b) {
buf = b->data;
OPENSSL_free(b);
}
strncpy(buf, "NO X509_NAME", len);
buf[len - 1] = '\0';
return buf;
}
len--; /* space for '\0' */
l = 0;
for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
ne = sk_X509_NAME_ENTRY_value(a->entries, i);
n = OBJ_obj2nid(ne->object);
if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object);
s = tmp_buf;
}
l1 = strlen(s);
type = ne->value->type;
num = ne->value->length;
if (num > NAME_ONELINE_MAX) {
OPENSSL_PUT_ERROR(X509, X509_R_NAME_TOO_LONG);
goto end;
}
q = ne->value->data;
if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) {
gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 0;
for (j = 0; j < num; j++)
if (q[j] != 0)
gs_doit[j & 3] = 1;
if (gs_doit[0] | gs_doit[1] | gs_doit[2])
gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
else {
gs_doit[0] = gs_doit[1] = gs_doit[2] = 0;
gs_doit[3] = 1;
}
} else
gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
for (l2 = j = 0; j < num; j++) {
if (!gs_doit[j & 3])
continue;
l2++;
if ((q[j] < ' ') || (q[j] > '~'))
l2 += 3;
}
lold = l;
l += 1 + l1 + 1 + l2;
if (l > NAME_ONELINE_MAX) {
OPENSSL_PUT_ERROR(X509, X509_R_NAME_TOO_LONG);
goto end;
}
if (b != NULL) {
if (!BUF_MEM_grow(b, l + 1))
goto err;
p = &(b->data[lold]);
} else if (l > len) {
break;
} else
p = &(buf[lold]);
*(p++) = '/';
OPENSSL_memcpy(p, s, (unsigned int)l1);
p += l1;
*(p++) = '=';
q = ne->value->data;
for (j = 0; j < num; j++) {
if (!gs_doit[j & 3])
continue;
n = q[j];
//.........这里部分代码省略.........
开发者ID:ThomasWo,项目名称:proto-quic,代码行数:101,代码来源:x509_obj.c
示例17: crl_cb
/* The X509_CRL structure needs a bit of customisation. Cache some extensions
* and hash of the whole CRL.
*/
static int
crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
X509_CRL *crl = (X509_CRL *)*pval;
STACK_OF(X509_EXTENSION) *exts;
X509_EXTENSION *ext;
int idx;
switch (operation) {
case ASN1_OP_NEW_POST:
crl->idp = NULL;
crl->akid = NULL;
crl->flags = 0;
crl->idp_flags = 0;
crl->idp_reasons = CRLDP_ALL_REASONS;
crl->meth = default_crl_method;
crl->meth_data = NULL;
crl->issuers = NULL;
crl->crl_number = NULL;
crl->base_crl_number = NULL;
break;
case ASN1_OP_D2I_POST:
#ifndef OPENSSL_NO_SHA
X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
#endif
crl->idp = X509_CRL_get_ext_d2i(crl,
NID_issuing_distribution_point, NULL, NULL);
if (crl->idp)
setup_idp(crl, crl->idp);
crl->akid = X509_CRL_get_ext_d2i(crl,
NID_authority_key_identifier, NULL, NULL);
crl->crl_number = X509_CRL_get_ext_d2i(crl,
NID_crl_number, NULL, NULL);
crl->base_crl_number = X509_CRL_get_ext_d2i(crl,
NID_delta_crl, NULL, NULL);
/* Delta CRLs must have CRL number */
if (crl->base_crl_number && !crl->crl_number)
crl->flags |= EXFLAG_INVALID;
/* See if we have any unhandled critical CRL extensions and
* indicate this in a flag. We only currently handle IDP,
* AKID and deltas, so anything else critical sets the flag.
*
* This code accesses the X509_CRL structure directly:
* applications shouldn't do this.
*/
exts = crl->crl->extensions;
for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {
int nid;
ext = sk_X509_EXTENSION_value(exts, idx);
nid = OBJ_obj2nid(ext->object);
if (nid == NID_freshest_crl)
crl->flags |= EXFLAG_FRESHEST;
if (ext->critical > 0) {
/* We handle IDP, AKID and deltas */
if (nid == NID_issuing_distribution_point ||
nid == NID_authority_key_identifier ||
nid == NID_delta_crl)
break;
crl->flags |= EXFLAG_CRITICAL;
break;
}
}
if (!crl_set_issuers(crl))
return 0;
if (crl->meth->crl_init) {
if (crl->meth->crl_init(crl) == 0)
return 0;
}
break;
case ASN1_OP_FREE_POST:
if (crl->meth->crl_free) {
if (!crl->meth->crl_free(crl))
return 0;
}
if (crl->akid)
AUTHORITY_KEYID_free(crl->akid);
if (crl->idp)
ISSUING_DIST_POINT_free(crl->idp);
ASN1_INTEGER_free(crl->crl_number);
ASN1_INTEGER_free(crl->base_crl_number);
sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
break;
}
return 1;
}
开发者ID:Heratom,项目名称:Firefly-project,代码行数:98,代码来源:x_crl.c
示例18: X509_REQ_print_ex
//.........这里部分代码省略.........
BIO_printf(bp,"%12sDSA Public Key:\n","");
DSA_print(bp,pkey->pkey.dsa,16);
}
else
#endif
BIO_printf(bp,"%12sUnknown Public Key:\n","");
EVP_PKEY_free(pkey);
}
if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
{
/* may not be */
if(BIO_printf(bp,"%8sAttributes:\n","") <= 0)
goto err;
sk=x->req_info->attributes;
if (sk_X509_ATTRIBUTE_num(sk) == 0)
{
if(BIO_printf(bp,"%12sa0:00\n","") <= 0)
goto err;
}
else
{
for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
{
ASN1_TYPE *at;
X509_ATTRIBUTE *a;
ASN1_BIT_STRING *bs=NULL;
ASN1_TYPE *t;
int j,type=0,count=1,ii=0;
a=sk_X509_ATTRIBUTE_value(sk,i);
if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
continue;
if(BIO_printf(bp,"%12s","") <= 0)
goto err;
if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
{
if (a->single)
{
t=a->value.single;
type=t->type;
bs=t->value.bit_string;
}
else
{
ii=0;
count=sk_ASN1_TYPE_num(a->value.set);
get_next:
at=sk_ASN1_TYPE_value(a->value.set,ii);
type=at->type;
bs=at->value.asn1_string;
}
}
for (j=25-j; j>0; j--)
if (BIO_write(bp," ",1) != 1) goto err;
if (BIO_puts(bp,":") <= 0) goto err;
if ( (type == V_ASN1_PRINTABLESTRING) ||
(type == V_ASN1_T61STRING) ||
(type == V_ASN1_IA5STRING))
{
if (BIO_write(bp,(char *)bs->data,bs->length)
!= bs->length)
goto err;
BIO_puts(bp,"\n");
开发者ID:FelipeFernandes1988,项目名称:Alice-1121-Modem,代码行数:67,代码来源:t_req.c
示例19: newpass_p12
static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
{
STACK_OF(PKCS7) *asafes, *newsafes;
STACK_OF(PKCS12_SAFEBAG) *bags;
int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
PKCS7 *p7, *p7new;
ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
unsigned char mac[EVP_MAX_MD_SIZE];
unsigned int maclen;
if (!(asafes = PKCS12_unpack_authsafes(p12))) return 0;
if(!(newsafes = sk_PKCS7_new_null())) return 0;
for (i = 0; i < sk_PKCS7_num (asafes); i++) {
p7 = sk_PKCS7_value(asafes, i);
bagnid = OBJ_obj2nid(p7->type);
if (bagnid == NID_pkcs7_data) {
bags = PKCS12_unpack_p7data(p7);
} else if (bagnid == NID
|
客服电话
APP下载
官方微信
请发表评论