Document EVP routines. Change EVP_SealInit() and EVP_OpenInit() (a91dedca) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+6 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,12 @@

		Changes between 0.9.5a and 0.9.6 [xx XXX 2000]

		*) New X509_get1_email() and X509_REQ_get1_email() functions that return
		a STACK of email addresses from a certificate or request, these look
		in the subject name and the subject alternative name extensions and
		omit any duplicate addresses.
		[Steve Henson]

		*) Re-implement BN_mod_exp2_mont using independent (and larger) windows.
		This makes DSA verification about 2 % faster.
		[Bodo Moeller]

apps/x509.c

+13 −1

Original line number	Diff line number	Diff line
		@@ -97,6 +97,7 @@ static char *x509_usage[]={
		" -hash - print hash value\n",
		" -subject - print subject DN\n",
		" -issuer - print issuer DN\n",
		" -email - print email address(es)\n",
		" -startdate - notBefore field\n",
		" -enddate - notAfter field\n",
		" -purpose - print out certificate purposes\n",
		@@ -161,7 +162,7 @@ int MAIN(int argc, char **argv)
		char CAkeyfile=NULL,CAserial=NULL;
		char *alias=NULL;
		int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
		int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0;
		int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
		int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
		int C=0;
		int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
		@@ -327,6 +328,8 @@ int MAIN(int argc, char **argv)
		}
		else if (strcmp(*argv,"-C") == 0)
		C= ++num;
		else if (strcmp(*argv,"-email") == 0)
		email= ++num;
		else if (strcmp(*argv,"-serial") == 0)
		serial= ++num;
		else if (strcmp(*argv,"-modulus") == 0)
		@@ -617,6 +620,15 @@ bad:
		i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber);
		BIO_printf(STDout,"\n");
		}
		else if (email == i)
		{
		int j;
		STACK *emlst;
		emlst = X509_get1_email(x);
		for(j = 0; j < sk_num(emlst); j++)
		BIO_printf(STDout, "%s\n", sk_value(emlst, j));
		X509_email_free(emlst);
		}
		else if (aliasout == i)
		{
		unsigned char *alstr;

crypto/evp/p_open.c

+8 −6

Original line number	Diff line number	Diff line
		@@ -69,6 +69,13 @@ int EVP_OpenInit(EVP_CIPHER_CTX ctx, EVP_CIPHER type, unsigned char *ek,
		unsigned char *key=NULL;
		int i,size=0,ret=0;

		if(type) {
		EVP_CIPHER_CTX_init(ctx);
		EVP_DecryptInit(ctx,type,NULL,NULL);
		}

		if(!priv) return 1;

		if (priv->type != EVP_PKEY_RSA)
		{
		EVPerr(EVP_F_EVP_OPENINIT,EVP_R_PUBLIC_KEY_NOT_RSA);
		@@ -76,11 +83,6 @@ int EVP_OpenInit(EVP_CIPHER_CTX ctx, EVP_CIPHER type, unsigned char *ek,
		goto err;
		}

		if(type) {
		EVP_CIPHER_CTX_init(ctx);
		EVP_DecryptInit(ctx,type,NULL,NULL);
		}

		size=RSA_size(priv->pkey.rsa);
		key=(unsigned char *)OPENSSL_malloc(size+2);
		if (key == NULL)

crypto/evp/p_seal.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -72,11 +72,11 @@ int EVP_SealInit(EVP_CIPHER_CTX ctx, EVP_CIPHER type, unsigned char **ek,
		unsigned char key[EVP_MAX_KEY_LENGTH];
		int i;

		if (npubk <= 0) return(0);
		if(type) {
		EVP_CIPHER_CTX_init(ctx);
		EVP_EncryptInit(ctx,type,NULL,NULL);
		}
		if (npubk <= 0) return(0);
		if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0)
		return(0);
		if (EVP_CIPHER_CTX_iv_length(ctx))

crypto/x509v3/v3_utl.c

+87 −0

Original line number	Diff line number	Diff line
		@@ -65,6 +65,10 @@
		#include <openssl/x509v3.h>

		static char strip_spaces(char name);
		static int sk_strcmp(const char * const a, const char const *b);
		static STACK get_email(X509_NAME name, STACK_OF(GENERAL_NAME) *gens);
		static void str_free(void *str);
		static int append_ia5(STACK *sk, ASN1_IA5STRING email);

		/* Add a CONF_VALUE name value pair to stack */

		@@ -416,3 +420,86 @@ int name_cmp(const char name, const char cmp)
		if(!c \|\| (c=='.')) return 0;
		return 1;
		}

		static int sk_strcmp(const char * const a, const char const *b)
		{
		return strcmp(a, b);
		}

		STACK X509_get1_email(X509 x)
		{
		STACK_OF(GENERAL_NAME) *gens;
		STACK *ret;
		gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
		ret = get_email(X509_get_subject_name(x), gens);
		sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
		return ret;
		}

		STACK X509_REQ_get1_email(X509_REQ x)
		{
		STACK_OF(GENERAL_NAME) *gens;
		STACK_OF(X509_EXTENSION) *exts;
		STACK *ret;
		exts = X509_REQ_get_extensions(x);
		gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
		ret = get_email(X509_REQ_get_subject_name(x), gens);
		sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
		sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
		return ret;
		}


		static STACK get_email(X509_NAME name, STACK_OF(GENERAL_NAME) *gens)
		{
		STACK *ret = NULL;
		X509_NAME_ENTRY *ne;
		ASN1_IA5STRING *email;
		GENERAL_NAME *gen;
		int i;
		/* Now add any email address(es) to STACK */
		i = -1;
		/* First supplied X509_NAME */
		while((i = X509_NAME_get_index_by_NID(name,
		NID_pkcs9_emailAddress, i)) > 0) {
		ne = X509_NAME_get_entry(name, i);
		email = X509_NAME_ENTRY_get_data(ne);
		if(!append_ia5(&ret, email)) return NULL;
		}
		for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
		{
		gen = sk_GENERAL_NAME_value(gens, i);
		if(gen->type != GEN_EMAIL) continue;
		if(!append_ia5(&ret, gen->d.ia5)) return NULL;
		}
		return ret;
		}

		static void str_free(void *str)
		{
		OPENSSL_free(str);
		}

		static int append_ia5(STACK *sk, ASN1_IA5STRING email)
		{
		char *emtmp;
		/* First some sanity checks */
		if(email->type != V_ASN1_IA5STRING) return 1;
		if(!email->data \|\| !email->length) return 1;
		if(!sk) sk = sk_new(sk_strcmp);
		if(!*sk) return 0;
		/* Don't add duplicates */
		if(sk_find(sk, (char )email->data) != -1) return 1;
		emtmp = BUF_strdup((char *)email->data);
		if(!emtmp \|\| !sk_push(*sk, emtmp)) {
		X509_email_free(*sk);
		*sk = NULL;
		return 0;
		}
		return 1;
		}

		void X509_email_free(STACK *sk)
		{
		sk_pop_free(sk, str_free);
		}