本文整理汇总了C++中cryptStatusError函数的典型用法代码示例。如果您正苦于以下问题:C++ cryptStatusError函数的具体用法?C++ cryptStatusError怎么用?C++ cryptStatusError使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了cryptStatusError函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: queryAsn1Object
int queryAsn1Object( INOUT void *streamPtr, OUT QUERY_INFO *queryInfo )
{
QUERY_INFO basicQueryInfo;
STREAM *stream = streamPtr;
const long startPos = stell( stream );
int status;
assert( isWritePtr( stream, sizeof( STREAM ) ) );
assert( isWritePtr( queryInfo, sizeof( QUERY_INFO ) ) );
/* Clear return value */
memset( queryInfo, 0, sizeof( QUERY_INFO ) );
/* Determine basic object information. This also verifies that all of
the object data is present in the stream */
status = getObjectInfo( stream, &basicQueryInfo );
if( cryptStatusError( status ) )
return( status );
/* Call the appropriate routine to find out more about the object */
switch( basicQueryInfo.type )
{
case CRYPT_OBJECT_ENCRYPTED_KEY:
{
const READKEK_FUNCTION readKekFunction = \
getReadKekFunction( KEYEX_CMS );
if( readKekFunction == NULL )
return( CRYPT_ERROR_NOTAVAIL );
status = readKekFunction( stream, queryInfo );
break;
}
case CRYPT_OBJECT_PKCENCRYPTED_KEY:
{
const READKEYTRANS_FUNCTION readKeytransFunction = \
getReadKeytransFunction( ( basicQueryInfo.formatType == CRYPT_FORMAT_CMS ) ? \
KEYEX_CMS : KEYEX_CRYPTLIB );
if( readKeytransFunction == NULL )
return( CRYPT_ERROR_NOTAVAIL );
status = readKeytransFunction( stream, queryInfo );
break;
}
case CRYPT_OBJECT_SIGNATURE:
{
const READSIG_FUNCTION readSigFunction = \
getReadSigFunction( ( basicQueryInfo.formatType == CRYPT_FORMAT_CMS ) ? \
SIGNATURE_CMS : SIGNATURE_CRYPTLIB );
if( readSigFunction == NULL )
return( CRYPT_ERROR_NOTAVAIL );
status = readSigFunction( stream, queryInfo );
break;
}
case CRYPT_OBJECT_NONE:
/* New, unrecognised RecipientInfo type */
status = readUniversal( stream );
break;
default:
retIntError();
}
sseek( stream, startPos );
if( cryptStatusError( status ) )
{
zeroise( queryInfo, sizeof( QUERY_INFO ) );
return( status );
}
/* Augment the per-object query information with the basic query
information that we got earlier */
queryInfo->formatType = basicQueryInfo.formatType;
queryInfo->type = basicQueryInfo.type;
queryInfo->size = basicQueryInfo.size;
queryInfo->version = basicQueryInfo.version;
return( CRYPT_OK );
}
开发者ID:TellarHK,项目名称:wwiv,代码行数:81,代码来源:obj_qry.c
示例2: checkPkiUserInfo
static int checkPkiUserInfo( INOUT SESSION_INFO *sessionInfoPtr,
INOUT SCEP_PROTOCOL_INFO *protocolInfo )
{
const ATTRIBUTE_LIST *userNamePtr = \
findSessionInfo( sessionInfoPtr->attributeList,
CRYPT_SESSINFO_USERNAME );
MESSAGE_KEYMGMT_INFO getkeyInfo;
MESSAGE_DATA msgData;
BYTE keyID[ 64 + 8 ];
BYTE requestPassword[ CRYPT_MAX_TEXTSIZE + 8 ];
BYTE userPassword[ CRYPT_MAX_TEXTSIZE + 8 ];
int requestPasswordSize, userPasswordSize = DUMMY_INIT;
int keyIDsize, status;
assert( isWritePtr( sessionInfoPtr, sizeof( SESSION_INFO ) ) );
assert( isWritePtr( protocolInfo, sizeof( SCEP_PROTOCOL_INFO ) ) );
REQUIRES( userNamePtr != NULL );
/* Get the password from the PKCS #10 request */
setMessageData( &msgData, requestPassword, CRYPT_MAX_TEXTSIZE );
status = krnlSendMessage( sessionInfoPtr->iCertRequest,
IMESSAGE_GETATTRIBUTE_S, &msgData,
CRYPT_CERTINFO_CHALLENGEPASSWORD );
if( cryptStatusError( status ) )
{
retExt( status,
( status, SESSION_ERRINFO,
"Couldn't get challenge password from PKCS #10 request" ) );
}
requestPasswordSize = msgData.length;
/* Since it's a cryptlib encoded user ID we need to decode it before we
can look up a PKI user with it */
REQUIRES( userNamePtr->flags & ATTR_FLAG_ENCODEDVALUE );
status = decodePKIUserValue( keyID, 64, &keyIDsize,
userNamePtr->value,
userNamePtr->valueLength );
ENSURES( cryptStatusOK( status ) );
/* Get the user information for the request from the certificate
store */
setMessageKeymgmtInfo( &getkeyInfo, CRYPT_IKEYID_KEYID, keyID,
keyIDsize, NULL, 0, KEYMGMT_FLAG_NONE );
status = krnlSendMessage( sessionInfoPtr->cryptKeyset,
IMESSAGE_KEY_GETKEY, &getkeyInfo,
KEYMGMT_ITEM_PKIUSER );
if( cryptStatusError( status ) )
{
char userID[ CRYPT_MAX_TEXTSIZE + 8 ];
int userIDlen;
zeroise( requestPassword, CRYPT_MAX_TEXTSIZE );
userIDlen = min( userNamePtr->valueLength, CRYPT_MAX_TEXTSIZE );
memcpy( userID, userNamePtr->value, userIDlen );
retExtObj( status,
( status, SESSION_ERRINFO, sessionInfoPtr->cryptKeyset,
"Couldn't find PKI user information for %s",
sanitiseString( userID, CRYPT_MAX_TEXTSIZE,
userIDlen ) ) );
}
/* Get the password from the PKI user object */
setMessageData( &msgData, userPassword, CRYPT_MAX_TEXTSIZE );
status = krnlSendMessage( getkeyInfo.cryptHandle,
IMESSAGE_GETATTRIBUTE_S, &msgData,
CRYPT_CERTINFO_PKIUSER_ISSUEPASSWORD );
if( cryptStatusOK( status ) )
{
userPasswordSize = msgData.length;
status = updateSessionInfo( &sessionInfoPtr->attributeList,
CRYPT_SESSINFO_PASSWORD,
userPassword, userPasswordSize,
CRYPT_MAX_TEXTSIZE,
ATTR_FLAG_ENCODEDVALUE );
}
if( cryptStatusError( status ) )
{
zeroise( requestPassword, CRYPT_MAX_TEXTSIZE );
zeroise( userPassword, CRYPT_MAX_TEXTSIZE );
krnlSendNotifier( getkeyInfo.cryptHandle, IMESSAGE_DECREFCOUNT );
retExt( status,
( status, SESSION_ERRINFO,
"Couldn't copy read PKI user data from PKI user object "
"into session object" ) );
}
/* Make sure that the password matches the one in the request */
if( userPasswordSize != requestPasswordSize || \
!compareDataConstTime( userPassword, requestPassword,
userPasswordSize ) )
{
zeroise( requestPassword, CRYPT_MAX_TEXTSIZE );
zeroise( userPassword, CRYPT_MAX_TEXTSIZE );
krnlSendNotifier( getkeyInfo.cryptHandle, IMESSAGE_DECREFCOUNT );
retExt( status,
( status, SESSION_ERRINFO,
"Password in PKCS #10 request doesn't match PKI user "
"password" ) );
}
//.........这里部分代码省略.........
开发者ID:mckinnley,项目名称:New-College-of-Florida,代码行数:101,代码来源:scep_svr.c
示例3: checkScepRequest
static int checkScepRequest( INOUT SESSION_INFO *sessionInfoPtr,
INOUT SCEP_PROTOCOL_INFO *protocolInfo,
OUT BOOLEAN *requestDataAvailable )
{
CRYPT_CERTIFICATE iCmsAttributes;
MESSAGE_CREATEOBJECT_INFO createInfo;
MESSAGE_DATA msgData;
int dataLength, sigResult, value, status;
assert( isWritePtr( sessionInfoPtr, sizeof( SESSION_INFO ) ) );
assert( isWritePtr( protocolInfo, sizeof( SCEP_PROTOCOL_INFO ) ) );
assert( isWritePtr( requestDataAvailable, sizeof( BOOLEAN ) ) );
/* Clear return value */
*requestDataAvailable = FALSE;
/* Phase 1: Sig-check the self-signed data */
DEBUG_DUMP_FILE( "scep_sreq2", sessionInfoPtr->receiveBuffer,
sessionInfoPtr->receiveBufEnd );
status = envelopeSigCheck( sessionInfoPtr->receiveBuffer,
sessionInfoPtr->receiveBufEnd,
sessionInfoPtr->receiveBuffer,
sessionInfoPtr->receiveBufSize, &dataLength,
CRYPT_UNUSED, &sigResult,
&protocolInfo->iScepCert, &iCmsAttributes );
if( cryptStatusError( status ) )
{
retExt( status,
( status, SESSION_ERRINFO,
"Invalid CMS signed data in client request" ) );
}
DEBUG_DUMP_FILE( "scep_sreq1", sessionInfoPtr->receiveBuffer,
dataLength );
if( cryptStatusError( sigResult ) )
{
/* The signed data was valid but the signature on it wasn't, this is
a different style of error than the previous one */
krnlSendNotifier( iCmsAttributes, IMESSAGE_DECREFCOUNT );
retExt( sigResult,
( sigResult, SESSION_ERRINFO,
"Bad signature on client request data" ) );
}
/* Make sure that the client certificate is valid for signing and
decryption. In effect the signing capability has already been
checked by the fact that the certificate signed the request but we do
an explicit check here just to be thorough */
status = krnlSendMessage( protocolInfo->iScepCert, IMESSAGE_CHECK,
NULL, MESSAGE_CHECK_PKC_SIGCHECK );
if( cryptStatusOK( status ) )
status = krnlSendMessage( protocolInfo->iScepCert, IMESSAGE_CHECK,
NULL, MESSAGE_CHECK_PKC_ENCRYPT );
if( cryptStatusError( status ) )
{
krnlSendNotifier( iCmsAttributes, IMESSAGE_DECREFCOUNT );
retExt( CRYPT_ERROR_INVALID,
( CRYPT_ERROR_INVALID, SESSION_ERRINFO,
"Ephemeral SCEP client certificate isn't valid for "
"signing/encryption" ) );
}
/* Get the nonce and transaction ID and save it for the reply */
setMessageData( &msgData, protocolInfo->nonce, CRYPT_MAX_HASHSIZE );
status = krnlSendMessage( iCmsAttributes, IMESSAGE_GETATTRIBUTE_S,
&msgData, CRYPT_CERTINFO_SCEP_SENDERNONCE );
if( cryptStatusOK( status ) )
{
protocolInfo->nonceSize = msgData.length;
setMessageData( &msgData, protocolInfo->transID, CRYPT_MAX_HASHSIZE );
status = krnlSendMessage( iCmsAttributes, IMESSAGE_GETATTRIBUTE_S,
&msgData,
CRYPT_CERTINFO_SCEP_TRANSACTIONID );
}
if( cryptStatusError( status ) )
{
krnlSendNotifier( iCmsAttributes, IMESSAGE_DECREFCOUNT );
retExt( CRYPT_ERROR_BADDATA,
( CRYPT_ERROR_BADDATA, SESSION_ERRINFO,
"Request is missing a nonce/transaction ID" ) );
}
protocolInfo->transIDsize = msgData.length;
/* We've now got enough request data available to construct a SCEP-level
response to an error instead of an HTTP-level one, let the caller
know. Note that this lets an attacker know that they've made it this
far in the checking, but it's not obvious that this is a security
problem, especially since they can get a good idea of how far they
got from the different error conditions that will be returned */
*requestDataAvailable = TRUE;
/* Since the request is for a cryptlib server it'll have a transaction
ID that's a cryptlib-encoded PKI user ID. If we don't get this then
we reject the request */
if( protocolInfo->transIDsize != 17 || \
!isPKIUserValue( protocolInfo->transID, protocolInfo->transIDsize ) )
{
krnlSendNotifier( iCmsAttributes, IMESSAGE_DECREFCOUNT );
retExt( CRYPT_ERROR_BADDATA,
( CRYPT_ERROR_BADDATA, SESSION_ERRINFO,
"Request has an invalid transaction ID '%s'",
//.........这里部分代码省略.........
开发者ID:mckinnley,项目名称:New-College-of-Florida,代码行数:101,代码来源:scep_svr.c
示例4: selfTest
static int selfTest( void )
{
#if 0
/* ECB */
static const BYTE FAR_BSS mctECBKey[] = \
{ 0x8D, 0x2E, 0x60, 0x36, 0x5F, 0x17, 0xC7, 0xDF, 0x10, 0x40, 0xD7, 0x50, 0x1B, 0x4A, 0x7B, 0x5A };
static const BYTE FAR_BSS mctECBPT[] = \
{ 0x59, 0xB5, 0x08, 0x8E, 0x6D, 0xAD, 0xC3, 0xAD, 0x5F, 0x27, 0xA4, 0x60, 0x87, 0x2D, 0x59, 0x29 };
/* CBC */
static const BYTE FAR_BSS mctCBCKey[] = \
{ 0x9D, 0xC2, 0xC8, 0x4A, 0x37, 0x85, 0x0C, 0x11, 0x69, 0x98, 0x18, 0x60, 0x5F, 0x47, 0x95, 0x8C };
static const BYTE FAR_BSS mctCBCIV[] = \
{ 0x25, 0x69, 0x53, 0xB2, 0xFE, 0xAB, 0x2A, 0x04, 0xAE, 0x01, 0x80, 0xD8, 0x33, 0x5B, 0xBE, 0xD6 };
static const BYTE FAR_BSS mctCBCPT[] = \
{ 0x2E, 0x58, 0x66, 0x92, 0xE6, 0x47, 0xF5, 0x02, 0x8E, 0xC6, 0xFA, 0x47, 0xA5, 0x5A, 0x2A, 0xAB };
/* OFB */
static const BYTE FAR_BSS mctOFBKey[] = \
{ 0xB1, 0x1E, 0x4E, 0xCA, 0xE2, 0xE7, 0x1E, 0x14, 0x14, 0x5D, 0xD7, 0xDB, 0x26, 0x35, 0x65, 0x2F };
static const BYTE FAR_BSS mctOFBIV[] = \
{ 0xAD, 0xD3, 0x2B, 0xF8, 0x20, 0x4C, 0x33, 0x33, 0x9C, 0x54, 0xCD, 0x58, 0x58, 0xEE, 0x0D, 0x13 };
static const BYTE FAR_BSS mctOFBPT[] = \
{ 0x73, 0x20, 0x49, 0xE8, 0x9D, 0x74, 0xFC, 0xE7, 0xC5, 0xA4, 0x96, 0x64, 0x04, 0x86, 0x8F, 0xA6 };
/* CFB-128 */
static const BYTE FAR_BSS mctCFBKey[] = \
{ 0x71, 0x15, 0x11, 0x93, 0x1A, 0x15, 0x62, 0xEA, 0x73, 0x29, 0x0A, 0x8B, 0x0A, 0x37, 0xA3, 0xB4 };
static const BYTE FAR_BSS mctCFBIV[] = \
{ 0x9D, 0xCE, 0x23, 0xFD, 0x2D, 0xF5, 0x36, 0x0F, 0x79, 0x9C, 0xF1, 0x79, 0x84, 0xE4, 0x7C, 0x8D };
static const BYTE FAR_BSS mctCFBPT[] = \
{ 0xF0, 0x66, 0xBE, 0x4B, 0xD6, 0x71, 0xEB, 0xC1, 0xC4, 0xCF, 0x3C, 0x00, 0x8E, 0xF2, 0xCF, 0x18 };
#endif /* 0 */
const CAPABILITY_INFO *capabilityInfo = getAESCapability();
BYTE keyData[ AES_EXPANDED_KEYSIZE + 8 ];
int i, status;
/* The AES code requires 16-byte alignment for data structures, before
we try anything else we make sure that the compiler voodoo required
to handle this has worked */
if( aes_test_alignment_detection( 16 ) != EXIT_SUCCESS )
return( CRYPT_ERROR_FAILED );
for( i = 0; i < sizeof( testAES ) / sizeof( AES_TEST ); i++ )
{
status = testCipher( capabilityInfo, keyData, testAES[ i ].key,
testAES[ i ].keySize, testAES[ i ].plaintext,
testAES[ i ].ciphertext );
if( cryptStatusError( status ) )
return( status );
}
#if 0 /* OK */
staticInitContext( &contextInfo, CONTEXT_CONV, capabilityInfo,
&contextData, sizeof( CONV_INFO ), keyData );
status = mct( &contextInfo, capabilityInfo, mctECBKey, 16,
NULL, mctECBPT );
staticDestroyContext( &contextInfo );
if( cryptStatusError( status ) )
return( CRYPT_ERROR_FAILED );
#endif
#if 0 /* OK */
staticInitContext( &contextInfo, CONTEXT_CONV, capabilityInfo,
&contextData, sizeof( CONV_INFO ), keyData );
status = mct( &contextInfo, capabilityInfo, mctCBCKey, 16,
mctCBCIV, mctCBCPT );
staticDestroyContext( &contextInfo );
if( cryptStatusError( status ) )
return( CRYPT_ERROR_FAILED );
#endif
return( CRYPT_OK );
}
开发者ID:VlaBst6,项目名称:cryptlib-history,代码行数:70,代码来源:ctx_aes.c
示例5: readKeyDerivationInfo
static int readKeyDerivationInfo( INOUT STREAM *stream,
OUT QUERY_INFO *queryInfo )
{
long endPos, value;
int length, status;
assert( isWritePtr( stream, sizeof( STREAM ) ) );
assert( isWritePtr( queryInfo, sizeof( QUERY_INFO ) ) );
/* Clear return value */
memset( queryInfo, 0, sizeof( QUERY_INFO ) );
/* Read the outer wrapper and key derivation algorithm OID */
readConstructed( stream, NULL, CTAG_KK_DA );
status = readFixedOID( stream, OID_PBKDF2, sizeofOID( OID_PBKDF2 ) );
if( cryptStatusError( status ) )
return( status );
/* Read the PBKDF2 parameters, limiting the salt and iteration count to
sane values */
status = readSequence( stream, &length );
if( cryptStatusError( status ) )
return( status );
endPos = stell( stream ) + length;
readOctetString( stream, queryInfo->salt, &queryInfo->saltLength,
2, CRYPT_MAX_HASHSIZE );
status = readShortInteger( stream, &value );
if( cryptStatusError( status ) )
return( status );
if( value < 1 || value > MAX_KEYSETUP_ITERATIONS )
return( CRYPT_ERROR_BADDATA );
queryInfo->keySetupIterations = ( int ) value;
queryInfo->keySetupAlgo = CRYPT_ALGO_HMAC_SHA1;
if( stell( stream ) < endPos && \
sPeek( stream ) == BER_INTEGER )
{
/* There's an optional key length that may override the default
key size present, read it. Note that we compare the upper
bound to MAX_WORKING_KEYSIZE rather than CRYPT_MAX_KEYSIZE,
since this is a key used directly with an encryption algorithm
rather than a generic keying value that may be hashed down to
size */
status = readShortInteger( stream, &value );
if( cryptStatusError( status ) )
return( status );
if( value < MIN_KEYSIZE || value > MAX_WORKING_KEYSIZE )
return( CRYPT_ERROR_BADDATA );
queryInfo->keySize = ( int ) value;
}
if( stell( stream ) < endPos )
{
CRYPT_ALGO_TYPE prfAlgo;
/* There's a non-default hash algorithm ID present, read it */
status = readAlgoID( stream, &prfAlgo, ALGOID_CLASS_HASH );
if( cryptStatusError( status ) )
return( status );
queryInfo->keySetupAlgo = prfAlgo;
}
return( CRYPT_OK );
}
开发者ID:TellarHK,项目名称:wwiv,代码行数:62,代码来源:keyex_rw.c
示例6: addStandardExtensions
static int addStandardExtensions( INOUT CERT_INFO *certInfoPtr )
{
BOOLEAN isCA = FALSE;
int keyUsage, extKeyUsage, value, status;
assert( isWritePtr( certInfoPtr, sizeof( CERT_INFO ) ) );
/* Get the implicit keyUsage flags (based on any extended key usage
extensions present) and explicit key usage flags, which we use to
extend the basic keyUsage flags if required */
status = getKeyUsageFromExtKeyUsage( certInfoPtr, &extKeyUsage,
&certInfoPtr->errorLocus, &certInfoPtr->errorType );
if( cryptStatusError( status ) )
return( status );
status = getAttributeFieldValue( certInfoPtr->attributes,
CRYPT_CERTINFO_KEYUSAGE,
CRYPT_ATTRIBUTE_NONE, &keyUsage );
if( cryptStatusError( status ) )
{
if( status != CRYPT_ERROR_NOTFOUND )
return( status );
/* There's no keyUsage attribute present, mark the value as being
not set so that we explicitly set it later */
keyUsage = CRYPT_ERROR;
}
/* If there's an explicit key usage present, make sure that it's
consistent with the implicit key usage flags derived from the
extended key usage. We mask out the nonRepudiation bit for reasons
given in chk_cert.c.
This check is also performed by checkCert(), however we need to
explicitly perform it here as well since we need to add a key usage
to match the extKeyUsage before calling checkCert() if one wasn't
explicitly set or checkCert() will reject the certificate because of
the inconsistent keyUsage */
if( keyUsage > 0 )
{
const int effectiveKeyUsage = \
extKeyUsage & ~CRYPT_KEYUSAGE_NONREPUDIATION;
if( ( keyUsage & effectiveKeyUsage ) != effectiveKeyUsage )
{
setErrorInfo( certInfoPtr, CRYPT_CERTINFO_KEYUSAGE,
CRYPT_ERRTYPE_CONSTRAINT );
return( CRYPT_ERROR_INVALID );
}
}
/* Check whether this is a CA certificate. If there's no
basicConstraints attribute present, add one and make it a non-CA
certificate */
status = getAttributeFieldValue( certInfoPtr->attributes,
CRYPT_CERTINFO_CA, CRYPT_ATTRIBUTE_NONE,
&value );
if( cryptStatusOK( status ) )
isCA = ( value > 0 ) ? TRUE : FALSE;
else
{
status = addCertComponent( certInfoPtr, CRYPT_CERTINFO_CA, FALSE );
if( cryptStatusError( status ) )
return( status );
}
/* If there's no explicit keyUsage information present add it based on
various implicit information. We also add key feature information
which is used to help automate key management, for example to inhibit
speculative reads of keys held in removable tokens, which can result
in spurious insert-token dialogs being presented to the user outside
the control of cryptlib if the token isn't present */
if( keyUsage <= 0 )
{
/* If there's no implicit key usage present and it's not a CA (for
which we don't want to set things like encryption flags for the
CA certificate), set the key usage flags based on the
capabilities of the associated context. Because no-one can
figure out what the nonRepudiation flag signifies we don't set
this, if the user wants it they have to specify it explicitly.
Similarly we don't try and set the keyAgreement encipher/decipher-
only flags, which were tacked on as variants of keyAgreement long
after the basic keyAgreement flag was defined */
if( extKeyUsage <= 0 && !isCA )
{
keyUsage = 0; /* Reset key usage */
if( certInfoPtr->iPubkeyContext != CRYPT_ERROR )
{
/* There's a context present, check its capabilities. This
has the advantage that it takes into account any ACLs
that may exist for the key */
if( cryptStatusOK( \
krnlSendMessage( certInfoPtr->iPubkeyContext,
IMESSAGE_CHECK, NULL,
MESSAGE_CHECK_PKC_SIGCHECK ) ) )
keyUsage = CRYPT_KEYUSAGE_DIGITALSIGNATURE;
if( cryptStatusOK( \
krnlSendMessage( certInfoPtr->iPubkeyContext,
IMESSAGE_CHECK, NULL,
MESSAGE_CHECK_PKC_ENCRYPT ) ) )
keyUsage |= CRYPT_KEYUSAGE_KEYENCIPHERMENT;
//.........这里部分代码省略.........
开发者ID:mckinnley,项目名称:New-College-of-Florida,代码行数:101,代码来源:write_pre.c
示例7: selfTest
CHECK_RETVAL \
static int selfTest( void )
{
CONTEXT_INFO contextInfo;
PKC_INFO contextData, *pkcInfo = &contextData;
const CAPABILITY_INFO *capabilityInfoPtr;
DLP_PARAMS dlpParams;
BYTE buffer[ ( CRYPT_MAX_PKCSIZE * 2 ) + 32 + 8 ];
int status;
/* Initialise the key components */
status = staticInitContext( &contextInfo, CONTEXT_PKC,
getElgamalCapability(), &contextData,
sizeof( PKC_INFO ), NULL );
if( cryptStatusError( status ) )
return( status );
status = importBignum( &pkcInfo->dlpParam_p, dlpTestKey.p,
dlpTestKey.pLen, DLPPARAM_MIN_P,
DLPPARAM_MAX_P, NULL, KEYSIZE_CHECK_PKC );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->dlpParam_g, dlpTestKey.g,
dlpTestKey.gLen, DLPPARAM_MIN_G,
DLPPARAM_MAX_G, &pkcInfo->dlpParam_p,
KEYSIZE_CHECK_NONE );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->dlpParam_q, dlpTestKey.q,
dlpTestKey.qLen, DLPPARAM_MIN_Q,
DLPPARAM_MAX_Q, &pkcInfo->dlpParam_p,
KEYSIZE_CHECK_NONE );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->dlpParam_y, dlpTestKey.y,
dlpTestKey.yLen, DLPPARAM_MIN_Y,
DLPPARAM_MAX_Y, &pkcInfo->dlpParam_p,
KEYSIZE_CHECK_NONE );
if( cryptStatusOK( status ) )
status = importBignum( &pkcInfo->dlpParam_x, dlpTestKey.x,
dlpTestKey.xLen, DLPPARAM_MIN_X,
DLPPARAM_MAX_X, &pkcInfo->dlpParam_p,
KEYSIZE_CHECK_NONE );
if( cryptStatusError( status ) )
{
staticDestroyContext( &contextInfo );
retIntError();
}
capabilityInfoPtr = contextInfo.capabilityInfo;
ENSURES( sanityCheckPKCInfo( pkcInfo ) );
/* Perform a test a sig generation/check and test en/decryption */
#if 0 /* See comment in sig.code */
memset( buffer, '*', 20 );
status = capabilityInfoPtr->signFunction( &contextInfoPtr, buffer, -1 );
if( !cryptStatusError( status ) )
{
memmove( buffer + 20, buffer, status );
memset( buffer, '*', 20 );
status = capabilityInfoPtr->sigCheckFunction( &contextInfoPtr,
buffer, 20 + status );
}
if( status != CRYPT_OK )
status = CRYPT_ERROR_FAILED;
#endif /* 0 */
status = capabilityInfoPtr->initKeyFunction( &contextInfo, NULL, 0 );
if( cryptStatusError( status ) || \
!pairwiseConsistencyTest( &contextInfo, FALSE ) )
{
staticDestroyContext( &contextInfo );
return( CRYPT_ERROR_FAILED );
}
/* Finally, make sure that the memory fault-detection is working */
pkcInfo->dlpParam_p.d[ 8 ] ^= 0x0011;
memset( buffer, 0, CRYPT_MAX_PKCSIZE );
memcpy( buffer + 1, "abcde", 5 );
setDLPParams( &dlpParams, buffer,
bitsToBytes( contextInfo.ctxPKC->keySizeBits ),
buffer, ( CRYPT_MAX_PKCSIZE * 2 ) + 32 );
status = capabilityInfoPtr->encryptFunction( &contextInfo,
( BYTE * ) &dlpParams, sizeof( DLP_PARAMS ) );
if( cryptStatusOK( status ) )
{
/* The fault-detection couldn't detect a bit-flip, there's a
problem */
staticDestroyContext( &contextInfo );
return( CRYPT_ERROR_FAILED );
}
/* Clean up */
staticDestroyContext( &contextInfo );
return( CRYPT_OK );
}
开发者ID:gitter-badger,项目名称:OpenCKMS,代码行数:92,代码来源:ctx_elg.c
示例8: preEncodeDN
static int preEncodeDN( INOUT DN_COMPONENT *dnComponentPtr,
OUT_LENGTH_SHORT_Z int *length )
{
int size = 0, iterationCount;
assert( isWritePtr( dnComponentPtr, sizeof( DN_COMPONENT ) ) );
assert( isWritePtr( length, sizeof( int ) ) );
/* Clear return value */
*length = 0;
assert( isReadPtr( dnComponentPtr, sizeof( DN_COMPONENT ) ) );
#if 0 /* 18/7/08 Should never happen */
/* If we're being fed an entry in the middle of a DN, move back to the
start */
for( iterationCount = 0;
dnComponentPtr->prev != NULL && \
iterationCount < FAILSAFE_ITERATIONS_MED;
dnComponentPtr = dnComponentPtr->prev, iterationCount++ );
ENSURES( iterationCount < FAILSAFE_ITERATIONS_MED );
#endif /* 0 */
ENSURES( dnComponentPtr->prev == NULL );
/* Walk down the DN pre-encoding each AVA */
for( iterationCount = 0;
dnComponentPtr != NULL && iterationCount < FAILSAFE_ITERATIONS_MED;
dnComponentPtr = dnComponentPtr->next, iterationCount++ )
{
DN_COMPONENT *rdnStartPtr = dnComponentPtr;
int innerIterationCount;
/* Calculate the size of every AVA in this RDN */
for( innerIterationCount = 0;
dnComponentPtr != NULL && \
innerIterationCount < FAILSAFE_ITERATIONS_MED;
dnComponentPtr = dnComponentPtr->next, innerIterationCount++ )
{
const DN_COMPONENT_INFO *dnComponentInfo = dnComponentPtr->typeInfo;
int dnStringLength, status;
status = getAsn1StringInfo( dnComponentPtr->value,
dnComponentPtr->valueLength,
&dnComponentPtr->valueStringType,
&dnComponentPtr->asn1EncodedStringType,
&dnStringLength );
if( cryptStatusError( status ) )
return( status );
dnComponentPtr->encodedAVAdataSize = ( int ) \
sizeofOID( dnComponentInfo->oid ) + \
sizeofObject( dnStringLength );
dnComponentPtr->encodedRDNdataSize = 0;
rdnStartPtr->encodedRDNdataSize += ( int ) \
sizeofObject( dnComponentPtr->encodedAVAdataSize );
if( !( dnComponentPtr->flags & DN_FLAG_CONTINUED ) )
break;
}
ENSURES( innerIterationCount < FAILSAFE_ITERATIONS_MED );
/* Calculate the overall size of the RDN */
size += ( int ) sizeofObject( rdnStartPtr->encodedRDNdataSize );
/* If the inner loop terminated because it reached the end of the DN
then we need to explicitly exit the outer loop as well before it
tries to follow the 'next' link in the dnComponentPtr */
if( dnComponentPtr == NULL )
break;
}
ENSURES( iterationCount < FAILSAFE_ITERATIONS_MED );
*length = size;
return( CRYPT_OK );
}
开发者ID:mckinnley,项目名称:New-College-of-Florida,代码行数:73,代码来源:dn_rw.c
示例9: writeDN
int writeDN( INOUT STREAM *stream,
IN_OPT const DN_PTR *dnComponentList,
IN_TAG const int tag )
{
DN_COMPONENT *dnComponentPtr;
int size, iterationCount, status;
assert( isWritePtr( stream, sizeof( STREAM ) ) );
assert( dnComponentList == NULL || \
isReadPtr( dnComponentList, sizeof( DN_COMPONENT ) ) );
REQUIRES_S( tag == DEFAULT_TAG || ( tag >= 0 && tag < MAX_TAG_VALUE ) );
/* Special case for empty DNs */
if( dnComponentList == NULL )
return( writeConstructed( stream, 0, tag ) );
status = preEncodeDN( ( DN_COMPONENT * ) dnComponentList, &size );
if( cryptStatusError( status ) )
return( status );
/* Write the DN */
writeConstructed( stream, size, tag );
for( dnComponentPtr = ( DN_COMPONENT * ) dnComponentList, \
iterationCount = 0;
dnComponentPtr != NULL && \
iterationCount < FAILSAFE_ITERATIONS_MED;
dnComponentPtr = dnComponentPtr->next, iterationCount++ )
{
const DN_COMPONENT_INFO *dnComponentInfo = dnComponentPtr->typeInfo;
BYTE dnString[ MAX_ATTRIBUTE_SIZE + 8 ];
int dnStringLength;
/* Write the RDN wrapper */
if( dnComponentPtr->encodedRDNdataSize > 0 )
{
/* If it's the start of an RDN, write the RDN header */
writeSet( stream, dnComponentPtr->encodedRDNdataSize );
}
writeSequence( stream, dnComponentPtr->encodedAVAdataSize );
status = swrite( stream, dnComponentInfo->oid,
sizeofOID( dnComponentInfo->oid ) );
if( cryptStatusError( status ) )
return( status );
/* Convert the string to an ASN.1-compatible format and write it
out */
status = copyToAsn1String( dnString, MAX_ATTRIBUTE_SIZE,
&dnStringLength, dnComponentPtr->value,
dnComponentPtr->valueLength,
dnComponentPtr->valueStringType );
if( cryptStatusError( status ) )
return( status );
if( dnComponentPtr->asn1EncodedStringType == BER_STRING_IA5 && \
!dnComponentInfo->ia5OK )
{
/* If an IA5String isn't allowed in this instance, use a
T61String instead */
dnComponentPtr->asn1EncodedStringType = BER_STRING_T61;
}
status = writeCharacterString( stream, dnString, dnStringLength,
dnComponentPtr->asn1EncodedStringType );
if( cryptStatusError( status ) )
return( status );
}
ENSURES( iterationCount < FAILSAFE_ITERATIONS_MED );
return( CRYPT_OK );
}
开发者ID:mckinnley,项目名称:New-College-of-Florida,代码行数:69,代码来源:dn_rw.c
示例10: deviceInitPKCS11
CHECK_RETVAL \
int deviceInitPKCS11( void )
{
int tblIndex = 0, optionIndex, status;
/* If we've previously tried to initialise the drivers, don't try it
again */
if( pkcs11Initialised )
return( CRYPT_OK );
memset( pkcs11InfoTbl, 0, sizeof( pkcs11InfoTbl ) );
/* Try and link in each driver specified in the config options. Since
this is a general systemwide config option, we always query the built-
in default user object */
for( optionIndex = 0; optionIndex < MAX_PKCS11_DRIVERS; optionIndex++ )
{
MESSAGE_DATA msgData;
char deviceDriverName[ MAX_PATH_LENGTH + 1 + 8 ];
setMessageData( &msgData, deviceDriverName, MAX_PATH_LENGTH );
status = krnlSendMessage( DEFAULTUSER_OBJECT_HANDLE,
IMESSAGE_GETATTRIBUTE_S, &msgData,
optionIndex + CRYPT_OPTION_DEVICE_PKCS11_DVR01 );
if( cryptStatusError( status ) )
continue;
deviceDriverName[ msgData.length ] = '\0';
status = loadPKCS11driver( &pkcs11InfoTbl[ tblIndex ],
deviceDriverName );
if( cryptStatusOK( status ) )
{
tblIndex++;
pkcs11Initialised = TRUE;
}
}
/* If it's a Unix system and there were no drivers explicitly specified,
try with the default driver name "libpkcs11.so". Unlike Windows,
where there are large numbers of PKCS #11 vendors and we have to use
vendor-specific names, under Unix there are very few vendors and
there's usually only one device/driver in use which inevitably
co-opts /usr/lib for its own use, so we can always try for a standard
name and location. As a backup measure we also try for the nCipher
PKCS #11 driver, which is by far the most commonly used one on Unix
systems (this may sometimes be found as /usr/lib/libcknfast.so).
An unfortunate side-effect of this handling is that if there's more
than one PKCS #11 driver present and the user forgets to explicitly
specify it then this may load the wrong one, however the chances of
there being multiple drivers present on a Unix system is close to
zero so it's probably better to take the more user-friendly option
of trying to load a default driver */
#ifdef __UNIX__
if( !pkcs11Initialised )
{
status = loadPKCS11driver( &pkcs11InfoTbl[ tblIndex ],
"libpkcs11.so" );
if( cryptStatusOK( status ) )
pkcs11Initialised = TRUE;
}
if( !pkcs11Initialised )
{
status = loadPKCS11driver( &pkcs11InfoTbl[ tblIndex ],
"/opt/nfast/toolkits/pkcs11/libcknfast.so" );
if( cryptStatusOK( status ) )
pkcs11Initialised = TRUE;
}
#endif /* __UNIX__ */
return( pkcs11Initialised ? CRYPT_OK : CRYPT_ERROR );
}
开发者ID:deflomu,项目名称:cryptlib,代码行数:70,代码来源:pkcs11_init.c
示例11: initFunction
//.........这里部分代码省略.........
ULONG_MAX we play it safe and set the limit to 8 bytes, which most
devices should be able to handle */
DEBUG_DIAG(( "Driver reports suspicious maximum PIN size %lu, "
"using 8", tokenInfo.ulMinPinLen ));
pkcs11Info->maxPinSize = 8;
}
labelPtr = ( char * ) tokenInfo.label;
for( labelLength = 32;
labelLength > 0 && \
( labelPtr[ labelLength - 1 ] == ' ' || \
!labelPtr[ labelLength - 1 ] );
labelLength-- ); /* Strip trailing blanks/nulls */
while( labelLength > 0 && *labelPtr == ' ' )
{
/* Strip leading blanks */
labelPtr++;
labelLength--;
}
if( labelLength > 0 )
{
memcpy( pkcs11Info->label, labelPtr, labelLength );
pkcs11Info->labelLen = labelLength;
sanitiseString( pkcs11Info->label, CRYPT_MAX_TEXTSIZE,
labelLength );
}
else
{
/* There's no label for the token, use the device label instead */
if( pkcs11InfoTbl[ pkcs11Info->deviceNo ].name[ 0 ] )
{
labelLength = \
min( strlen( pkcs11InfoTbl[ pkcs11Info->deviceNo ].name ),
CRYPT_MAX_TEXTSIZE );
memcpy( pkcs11Info->label,
pkcs11InfoTbl[ pkcs11Info->deviceNo ].name, labelLength );
}
}
pkcs11Info->hActiveSignObject = CK_OBJECT_NONE;
deviceInfo->label = pkcs11Info->label;
deviceInfo->labelLen = pkcs11Info->labelLen;
/* Open a session with the device. This gets a bit awkward because we
can't tell whether a R/W session is OK without opening a session, but
we can't open a session unless we know whether a R/W session is OK,
so we first try for a RW session and if that fails we go for a read-
only session */
status = C_OpenSession( pkcs11Info->slotID,
CKF_RW_SESSION | CKF_SERIAL_SESSION, NULL_PTR,
NULL_PTR, &hSession );
if( status == CKR_TOKEN_WRITE_PROTECTED )
{
status = C_OpenSession( pkcs11Info->slotID,
CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR,
&hSession );
}
if( status != CKR_OK )
{
cryptStatus = pkcs11MapError( status, CRYPT_ERROR_OPEN );
if( cryptStatus == CRYPT_ERROR_OPEN && \
!( tokenInfo.flags & CKF_USER_PIN_INITIALIZED ) )
{
/* We couldn't do much with the error code, it could be that the
token hasn't been initialised yet but unfortunately PKCS #11
doesn't define an error code for this condition. In addition
many tokens will allow a session to be opened and then fail
with a "PIN not set" error at a later point (which allows for
more accurate error reporting), however a small number won't
allow a session to be opened and return some odd-looking error
because there's nothing useful available. The best way to
report this in a meaningful manner to the caller is to check
whether the user PIN has been initialised, if it hasn't then
it's likely that the token as a whole hasn't been initialised
so we return a not initialised error */
cryptStatus = CRYPT_ERROR_NOTINITED;
}
return( cryptStatus );
}
ENSURES( hSession != CK_OBJECT_NONE );
pkcs11Info->hSession = hSession;
deviceInfo->flags |= DEVICE_ACTIVE;
/* Set up the capability information for this device. Since there can
be devices that have one set of capabilities but not the other (e.g.
a smart card that only performs RSA ops), we allow one of the two
sets of mechanism information setups to fail, but not both */
mechanismInfoPtr = getMechanismInfoPKC( &mechanismInfoSize );
cryptStatus = getCapabilities( deviceInfo, mechanismInfoPtr,
mechanismInfoSize );
mechanismInfoPtr = getMechanismInfoConv( &mechanismInfoSize );
cryptStatus2 = getCapabilities( deviceInfo, mechanismInfoPtr,
mechanismInfoSize );
if( cryptStatusError( cryptStatus ) && cryptStatusError( cryptStatus2 ) )
{
shutdownFunction( deviceInfo );
return( ( cryptStatus == CRYPT_ERROR ) ? \
CRYPT_ERROR_OPEN : ( int ) cryptStatus );
}
return( CRYPT_OK );
}
开发者ID:deflomu,项目名称:cryptlib,代码行数:101,代码来源:pkcs11_init.c
示例12: assert
IN_LENGTH const int objectLength,
IN_HANDLE const CRYPT_CONTEXT iSignContext,
IN_ALGO const CRYPT_ALGO_TYPE hashAlgo,
IN_OPT const X509SIG_FORMATINFO *formatInfo )
{
CRYPT_CONTEXT iHashContext;
MESSAGE_CREATEOBJECT_INFO createInfo;
STREAM stream;
BYTE dataSignature[ CRYPT_MAX_PKCSIZE + 128 + 8 ];
int signatureLength, totalSigLength, status;
assert( signedObject == NULL || \
isWritePtr( signedObject, signedObjectMaxLength ) );
assert( isWritePtr( signedObjectLength, sizeof( int ) ) );
assert( isReadPtr( object, objectLength ) && \
!cryptStatusError( checkObjectEncoding( object, \
objectLength ) ) );
assert( formatInfo == NULL || \
isReadPtr( formatInfo, sizeof( X509SIG_FORMATINFO ) ) );
REQUIRES( ( signedObject == NULL && signedObjectMaxLength == 0 ) || \
( signedObject != NULL && \
signedObjectMaxLength > MIN_CRYPT_OBJECTSIZE && \
signedObjectMaxLength < MAX_INTLENGTH ) );
REQUIRES( objectLength > 0 && objectLength < MAX_INTLENGTH );
REQUIRES( isHandleRangeValid( iSignContext ) );
REQUIRES( isHashAlgo( hashAlgo ) );
REQUIRES( formatInfo == NULL || \
( ( formatInfo->tag >= 0 && \
formatInfo->tag < MAX_CTAG_VALUE ) && \
( formatInfo->extraLength >= 0 && \
formatInfo->extraLength < MAX_INTLENGTH_SHORT ) ) );
开发者ID:TellarHK,项目名称:wwiv,代码行数:32,代码来源:sign_x509.c
示例13: getObjectInfo
static int getObjectInfo( INOUT STREAM *stream,
OUT QUERY_INFO *queryInfo )
{
const long startPos = stell( stream );
long value;
int tag, length, status;
assert( isWritePtr( stream, sizeof( STREAM ) ) );
assert( isWritePtr( queryInfo, sizeof( QUERY_INFO ) ) );
/* Clear return value */
memset( queryInfo, 0, sizeof( QUERY_INFO ) );
/* We always need at least MIN_CRYPT_OBJECTSIZE more bytes to do
anything */
if( sMemDataLeft( stream ) < MIN_CRYPT_OBJECTSIZE )
return( CRYPT_ERROR_UNDERFLOW );
/* Get the type, length, and version information */
status = getStreamObjectLength( stream, &length );
if( cryptStatusError( status ) )
return( status );
queryInfo->formatType = CRYPT_FORMAT_CRYPTLIB;
queryInfo->size = length;
tag = peekTag( stream );
if( cryptStatusError( tag ) )
return( tag );
readGenericHole( stream, NULL, 16, tag );
status = readShortInteger( stream, &value );
if( cryptStatusError( status ) )
return( status );
queryInfo->version = value;
switch( tag )
{
case BER_SEQUENCE:
/* This could be a signature or a PKC-encrypted key, see what
follows */
switch( value )
{
case KEYTRANS_VERSION:
case KEYTRANS_EX_VERSION:
queryInfo->type = CRYPT_OBJECT_PKCENCRYPTED_KEY;
break;
case SIGNATURE_VERSION:
case SIGNATURE_EX_VERSION:
queryInfo->type = CRYPT_OBJECT_SIGNATURE;
break;
default:
return( CRYPT_ERROR_BADDATA );
}
if( value == KEYTRANS_VERSION || value == SIGNATURE_VERSION )
queryInfo->formatType = CRYPT_FORMAT_CMS;
break;
case MAKE_CTAG( CTAG_RI_KEYAGREE ):
/* It's CMS' wierd X9.42-inspired key agreement mechanism, we
can't do much with this (mind you neither can anyone else)
so we should probably really treat it as a
CRYPT_ERROR_BADDATA if we encounter it rather than just
ignoring it */
queryInfo->type = CRYPT_OBJECT_NONE;
DEBUG_DIAG(( "Found keyAgreeRecipientInfo" ));
assert( DEBUG_WARN );
break;
case MAKE_CTAG( CTAG_RI_PWRI ):
queryInfo->type = CRYPT_OBJECT_ENCRYPTED_KEY;
break;
default:
queryInfo->type = CRYPT_OBJECT_NONE;
if( tag > MAKE_CTAG( CTAG_RI_PWRI ) && \
tag <= MAKE_CTAG( CTAG_RI_MAX ) )
{
/* This is probably a new RecipientInfo type, skip it */
DEBUG_DIAG(( "Found unknown RecipientInfo %X", tag ));
assert( DEBUG_WARN );
break;
}
return( CRYPT_ERROR_BADDATA );
}
/* Reset the stream and make sure that all of the data is present */
sseek( stream, startPos );
return( sMemDataLeft( stream ) < queryInfo->size ? \
CRYPT_ERROR_UNDERFLOW : CRYPT_OK );
}
开发者ID:TellarHK,项目名称:wwiv,代码行数:89,代码来源:obj_qry.c
示例14: queryPgpObject
int queryPgpObject( INOUT void *streamPtr, OUT QUERY_INFO *queryInfo )
{
QUERY_INFO basicQueryInfo;
STREAM *stream = streamPtr;
const long startPos = stell( stream );
int status;
assert( isWritePtr( stream, sizeof( STREAM ) ) );
assert( isWritePtr( queryInfo, sizeof( QUERY_INFO ) ) );
/* Clear return value */
memset( queryInfo, 0, sizeof( QUERY_INFO ) );
/* Determine basic object information. This also verifies that all of
the object data is present in the stream */
status = getPgpPacketInfo( stream, &basicQueryInfo );
sseek( stream, startPos );
if( cryptStatusError( status ) )
return( status );
/* Call the appropriate routine to find out more about the object */
switch( basicQueryInfo.type )
{
case CRYPT_OBJECT_ENCRYPTED_KEY:
{
const READKEK_FUNCTION readKekFunction = \
getReadKekFunction( KEYEX_PGP );
if( readKekFunction == NULL )
return( CRYPT_ERROR_NOTAVAIL );
status = readKekFunction( stream, queryInfo );
break;
}
case CRYPT_OBJECT_PKCENCRYPTED_KEY:
{
const READKEYTRANS_FUNCTION readKeytransFunction = \
getReadKeytransFunction( KEYEX_PGP );
if( readKeytransFunction == NULL )
return( CRYPT_ERROR_NOTAVAIL );
status = readKeytransFunction( stream, queryInfo );
break;
}
case CRYPT_OBJECT_SIGNATURE:
{
const READSIG_FUNCTION readSigFunction = \
getReadSigFunction( SIGNATURE_PGP );
if( readSigFunction == NULL )
return( CRYPT_ERROR_NOTAVAIL );
status = readSigFunction( stream, queryInfo );
break;
}
case CRYPT_OBJECT_NONE:
/* First half of a one-pass signature */
status = readPgpOnepassSigPacket( stream, queryInfo );
break;
default:
retIntError();
}
sseek( stream, startPos );
if( cryptStatusError( status ) )
{
zeroise( queryInfo, sizeof( QUERY_INFO ) );
return( status );
}
/* Augment the per-object query information with the basic query
information that we got earlier */
queryInfo->formatType = basicQueryInfo.formatType;
if( queryInfo->type == CRYPT_OBJECT_NONE )
{
/* The non-type CRYPT_OBJECT_NONE denotes the first half of a one-
pass signature packet, in which case the actual type is given in
the packet data */
queryInfo->type = basicQueryInfo.type;
}
queryInfo->size = basicQueryInfo.size;
if( queryInfo->version == 0 )
{
/* PGP has multiple packet version numbers sprayed all over the
place, and just because an outer version is X doesn't mean that
a subsequent inner version can't be Y. The information is really
only used to control the formatting of what gets read, so we
just report the first version that we encounter */
queryInfo->version = basicQueryInfo.version;
}
return( CRYPT_OK );
}
开发者ID:TellarHK,项目名称:wwiv,代码行数:94,代码来源:obj_qry.c
示例15: copyPkiUserAttributes
static int copyPkiUserAttributes( INOUT CERT_INFO *certInfoPtr,
INOUT ATTRIBUTE_PTR *pkiUserAttributes )
{
ATTRIBUTE_PTR *requestAttrPtr, *pkiUserAttrPtr;
int value, status;
assert( isWritePtr( certInfoPtr, sizeof( CERT_INFO ) ) );
assert( isWritePtr( pkiUserAttributes, sizeof( ATTRIBUTE_LIST ) ) );
REQUIRES( certInfoPtr->type == CRYPT_CERTTYPE_CERTREQUEST || \
certInfoPtr->type == CRYPT_CERTTYPE_REQUEST_CERT );
/* If there are altNames present in both the PKI user data and the
request, make sure that they match */
requestAttrPtr = findAttribute( certInfoPtr->attributes,
CRYPT_CERTINFO_SUBJECTALTNAME, FALSE );
pkiUserAttrPtr = findAttribute( pkiUserAttributes,
CRYPT_CERTINFO_SUBJECTALTNAME, FALSE );
if( requestAttrPtr != NULL && pkiUserAttrPtr != NULL )
{
/* Both the certificate request and the PKI user have altNames,
make sure that they're identical */
if( !compareAttribute( requestAttrPtr, pkiUserAttrPtr ) )
{
setErrorInfo( certInfoPtr, CRYPT_CERTINFO_SUBJECTALTNAME,
CRYPT_ERRTYPE_ISSUERCONSTRAINT );
return( CRYPT_ERROR_INVALID );
}
/* The two altNames are identical, delete the one in the request in
order to allow the one from the PKI user data to be copied across
when we call copyAttributes() */
status = deleteAttribute( &certInfoPtr->attributes,
&certInfoPtr->attributeCursor,
requestAttr
|
请发表评论