Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
09b6c2ef
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
09b6c2ef
编写于
9月 30, 2005
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Make OPENSSL_NO_COMP compile again.
上级
cc29c120
变更
15
隐藏空白更改
内联
并排
Showing
15 changed file
with
173 addition
and
3 deletion
+173
-3
FAQ
FAQ
+38
-0
apps/s_client.c
apps/s_client.c
+4
-0
crypto/asn1/x_crl.c
crypto/asn1/x_crl.c
+17
-0
ssl/d1_clnt.c
ssl/d1_clnt.c
+4
-0
ssl/d1_srvr.c
ssl/d1_srvr.c
+4
-0
ssl/s3_clnt.c
ssl/s3_clnt.c
+23
-1
ssl/s3_enc.c
ssl/s3_enc.c
+14
-0
ssl/s3_pkt.c
ssl/s3_pkt.c
+4
-1
ssl/s3_srvr.c
ssl/s3_srvr.c
+12
-0
ssl/ssl3.h
ssl/ssl3.h
+4
-0
ssl/ssl_ciph.c
ssl/ssl_ciph.c
+22
-1
ssl/ssl_lib.c
ssl/ssl_lib.c
+13
-0
ssl/ssl_txt.c
ssl/ssl_txt.c
+2
-0
ssl/ssltest.c
ssl/ssltest.c
+4
-0
ssl/t1_enc.c
ssl/t1_enc.c
+8
-0
未找到文件。
FAQ
浏览文件 @
09b6c2ef
...
...
@@ -31,6 +31,7 @@ OpenSSL - Frequently Asked Questions
* Why does my browser give a warning about a mismatched hostname?
* How do I install a CA certificate into a browser?
* Why is OpenSSL x509 DN output not conformant to RFC2253?
* What is a "128 bit certificate"? Can I create one with OpenSSL?
[BUILD] Questions about building and testing OpenSSL
...
...
@@ -386,6 +387,43 @@ interface, the "-nameopt" option could be introduded. See the manual
page of the "openssl x509" commandline tool for details. The old behaviour
has however been left as default for the sake of compatibility.
* What is a "128 bit certificate"? Can I create one with OpenSSL?
The term "128 bit certificate" is a highly misleading marketing term. It does
*not* refer to the size of the public key in the certificate! A certificate
containing a 128 bit RSA key would have negligible security.
There were various other names such as "magic certificates", "SGC
certificates", "step up certificates" etc.
You can't generally create such a certificate using OpenSSL but there is no
need to any more. Nowadays web browsers using unrestricted strong encryption
are generally available.
When there were tight export restrictions on the export of strong encryption
software from the US only weak encryption algorithms could be freely exported
(initially 40 bit and then 56 bit). It was widely recognised that this was
inadequate. A relaxation the rules allowed the use of strong encryption but
only to an authorised server.
Two slighly different techniques were developed to support this, one used by
Netscape was called "step up", the other used by MSIE was called "Server Gated
Cryptography" (SGC). When a browser initially connected to a server it would
check to see if the certificate contained certain extensions and was issued by
an authorised authority. If these test succeeded it would reconnect using
strong encryption.
Only certain (initially one) certificate authorities could issue the
certificates and they generally cost more than ordinary certificates.
Although OpenSSL can create certificates containing the appropriate extensions
the certificate would not come from a permitted authority and so would not
be recognized.
The export laws were later changed to allow almost unrestricted use of strong
encryption so these certificates are now obsolete.
[BUILD] =======================================================================
* Why does the linker complain about undefined symbols?
...
...
apps/s_client.c
浏览文件 @
09b6c2ef
...
...
@@ -1096,7 +1096,9 @@ static void print_stuff(BIO *bio, SSL *s, int full)
SSL_CIPHER
*
c
;
X509_NAME
*
xn
;
int
j
,
i
;
#ifndef OPENSSL_NO_COMP
const
COMP_METHOD
*
comp
,
*
expansion
;
#endif
if
(
full
)
{
...
...
@@ -1199,12 +1201,14 @@ static void print_stuff(BIO *bio, SSL *s, int full)
EVP_PKEY_bits
(
pktmp
));
EVP_PKEY_free
(
pktmp
);
}
#ifndef OPENSSL_NO_COMP
comp
=
SSL_get_current_compression
(
s
);
expansion
=
SSL_get_current_expansion
(
s
);
BIO_printf
(
bio
,
"Compression: %s
\n
"
,
comp
?
SSL_COMP_get_name
(
comp
)
:
"NONE"
);
BIO_printf
(
bio
,
"Expansion: %s
\n
"
,
expansion
?
SSL_COMP_get_name
(
expansion
)
:
"NONE"
);
#endif
SSL_SESSION_print
(
bio
,
SSL_get_session
(
s
));
BIO_printf
(
bio
,
"---
\n
"
);
if
(
peer
!=
NULL
)
...
...
crypto/asn1/x_crl.c
浏览文件 @
09b6c2ef
...
...
@@ -102,6 +102,23 @@ ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
ASN1_EXP_SEQUENCE_OF_OPT
(
X509_CRL_INFO
,
extensions
,
X509_EXTENSION
,
0
)
}
ASN1_SEQUENCE_END_enc
(
X509_CRL_INFO
,
X509_CRL_INFO
)
static
int
crl_cb
(
int
operation
,
ASN1_VALUE
**
pval
,
const
ASN1_ITEM
*
it
,
void
*
exarg
)
{
X509_CRL
*
a
=
(
X509_CRL_INFO
*
)
*
pval
;
#ifndef OPENSSL_NO_SHA
switch
(
operation
)
{
/* Hash CRL here for rapid comparison in X509_digest_cmp()
*/
case
ASN1_OP_D2I_POST
:
X509_CRL_digest
(
crl
->
digest
,
crl
);
break
;
}
#endif
return
1
;
}
ASN1_SEQUENCE_ref
(
X509_CRL
,
0
,
CRYPTO_LOCK_X509_CRL
)
=
{
ASN1_SIMPLE
(
X509_CRL
,
crl
,
X509_CRL_INFO
),
ASN1_SIMPLE
(
X509_CRL
,
sig_alg
,
X509_ALGOR
),
...
...
ssl/d1_clnt.c
浏览文件 @
09b6c2ef
...
...
@@ -371,11 +371,15 @@ int dtls1_connect(SSL *s)
s
->
init_num
=
0
;
s
->
session
->
cipher
=
s
->
s3
->
tmp
.
new_cipher
;
#ifdef OPENSSL_NO_COMP
s
->
session
->
compress_meth
=
0
;
#else
if
(
s
->
s3
->
tmp
.
new_compression
==
NULL
)
s
->
session
->
compress_meth
=
0
;
else
s
->
session
->
compress_meth
=
s
->
s3
->
tmp
.
new_compression
->
id
;
#endif
if
(
!
s
->
method
->
ssl3_enc
->
setup_key_block
(
s
))
{
ret
=
-
1
;
...
...
ssl/d1_srvr.c
浏览文件 @
09b6c2ef
...
...
@@ -706,10 +706,14 @@ int dtls1_send_server_hello(SSL *s)
p
+=
i
;
/* put the compression method */
#ifdef OPENSSL_NO_COMP
*
(
p
++
)
=
0
;
#else
if
(
s
->
s3
->
tmp
.
new_compression
==
NULL
)
*
(
p
++
)
=
0
;
else
*
(
p
++
)
=
s
->
s3
->
tmp
.
new_compression
->
id
;
#endif
/* do the header */
l
=
(
p
-
d
);
...
...
ssl/s3_clnt.c
浏览文件 @
09b6c2ef
...
...
@@ -369,11 +369,15 @@ int ssl3_connect(SSL *s)
s
->
init_num
=
0
;
s
->
session
->
cipher
=
s
->
s3
->
tmp
.
new_cipher
;
#ifdef OPENSSL_NO_COMP
s
->
session
->
compress_meth
=
0
;
#else
if
(
s
->
s3
->
tmp
.
new_compression
==
NULL
)
s
->
session
->
compress_meth
=
0
;
else
s
->
session
->
compress_meth
=
s
->
s3
->
tmp
.
new_compression
->
id
;
#endif
if
(
!
s
->
method
->
ssl3_enc
->
setup_key_block
(
s
))
{
ret
=
-
1
;
...
...
@@ -517,9 +521,12 @@ int ssl3_client_hello(SSL *s)
{
unsigned
char
*
buf
;
unsigned
char
*
p
,
*
d
;
int
i
,
j
;
int
i
;
unsigned
long
Time
,
l
;
#ifndef OPENSSL_NO_COMP
int
j
;
SSL_COMP
*
comp
;
#endif
buf
=
(
unsigned
char
*
)
s
->
init_buf
->
data
;
if
(
s
->
state
==
SSL3_ST_CW_CLNT_HELLO_A
)
...
...
@@ -578,6 +585,9 @@ int ssl3_client_hello(SSL *s)
p
+=
i
;
/* COMPRESSION */
#ifdef OPENSSL_NO_COMP
*
(
p
++
)
=
1
;
#else
if
(
s
->
ctx
->
comp_methods
==
NULL
)
j
=
0
;
else
...
...
@@ -588,6 +598,7 @@ int ssl3_client_hello(SSL *s)
comp
=
sk_SSL_COMP_value
(
s
->
ctx
->
comp_methods
,
i
);
*
(
p
++
)
=
comp
->
id
;
}
#endif
*
(
p
++
)
=
0
;
/* Add the NULL method */
l
=
(
p
-
d
);
...
...
@@ -615,7 +626,9 @@ int ssl3_get_server_hello(SSL *s)
int
i
,
al
,
ok
;
unsigned
int
j
;
long
n
;
#ifndef OPENSSL_NO_COMP
SSL_COMP
*
comp
;
#endif
n
=
s
->
method
->
ssl_get_message
(
s
,
SSL3_ST_CR_SRVR_HELLO_A
,
...
...
@@ -746,6 +759,14 @@ int ssl3_get_server_hello(SSL *s)
/* lets get the compression algorithm */
/* COMPRESSION */
#ifdef OPENSSL_NO_COMP
if
(
*
(
p
++
)
!=
0
)
{
al
=
SSL_AD_ILLEGAL_PARAMETER
;
SSLerr
(
SSL_F_SSL3_GET_SERVER_HELLO
,
SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM
);
goto
f_err
;
}
#else
j
=
*
(
p
++
);
if
(
j
==
0
)
comp
=
NULL
;
...
...
@@ -762,6 +783,7 @@ int ssl3_get_server_hello(SSL *s)
{
s
->
s3
->
tmp
.
new_compression
=
comp
;
}
#endif
if
(
p
!=
(
d
+
n
))
{
...
...
ssl/s3_enc.c
浏览文件 @
09b6c2ef
...
...
@@ -196,7 +196,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
unsigned
char
*
ms
,
*
key
,
*
iv
,
*
er1
,
*
er2
;
EVP_CIPHER_CTX
*
dd
;
const
EVP_CIPHER
*
c
;
#ifndef OPENSSL_NO_COMP
COMP_METHOD
*
comp
;
#endif
const
EVP_MD
*
m
;
EVP_MD_CTX
md
;
int
is_exp
,
n
,
i
,
j
,
k
,
cl
;
...
...
@@ -205,10 +207,12 @@ int ssl3_change_cipher_state(SSL *s, int which)
is_exp
=
SSL_C_IS_EXPORT
(
s
->
s3
->
tmp
.
new_cipher
);
c
=
s
->
s3
->
tmp
.
new_sym_enc
;
m
=
s
->
s3
->
tmp
.
new_hash
;
#ifndef OPENSSL_NO_COMP
if
(
s
->
s3
->
tmp
.
new_compression
==
NULL
)
comp
=
NULL
;
else
comp
=
s
->
s3
->
tmp
.
new_compression
->
method
;
#endif
key_block
=
s
->
s3
->
tmp
.
key_block
;
if
(
which
&
SSL3_CC_READ
)
...
...
@@ -219,6 +223,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
goto
err
;
dd
=
s
->
enc_read_ctx
;
s
->
read_hash
=
m
;
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
if
(
s
->
expand
!=
NULL
)
{
...
...
@@ -239,6 +244,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
if
(
s
->
s3
->
rrec
.
comp
==
NULL
)
goto
err
;
}
#endif
memset
(
&
(
s
->
s3
->
read_sequence
[
0
]),
0
,
8
);
mac_secret
=
&
(
s
->
s3
->
read_mac_secret
[
0
]);
}
...
...
@@ -250,6 +256,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
goto
err
;
dd
=
s
->
enc_write_ctx
;
s
->
write_hash
=
m
;
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
if
(
s
->
compress
!=
NULL
)
{
...
...
@@ -265,6 +272,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
goto
err2
;
}
}
#endif
memset
(
&
(
s
->
s3
->
write_sequence
[
0
]),
0
,
8
);
mac_secret
=
&
(
s
->
s3
->
write_mac_secret
[
0
]);
}
...
...
@@ -350,7 +358,9 @@ int ssl3_setup_key_block(SSL *s)
const
EVP_MD
*
hash
;
int
num
;
int
ret
=
0
;
#ifdef OPENSSL_NO_COMP
SSL_COMP
*
comp
;
#endif
if
(
s
->
s3
->
tmp
.
key_block_length
!=
0
)
return
(
1
);
...
...
@@ -363,7 +373,11 @@ int ssl3_setup_key_block(SSL *s)
s
->
s3
->
tmp
.
new_sym_enc
=
c
;
s
->
s3
->
tmp
.
new_hash
=
hash
;
#ifdef OPENSSL_NO_COMP
s
->
s3
->
tmp
.
new_compression
=
NULL
;
#else
s
->
s3
->
tmp
.
new_compression
=
comp
;
#endif
num
=
EVP_CIPHER_key_length
(
c
)
+
EVP_MD_size
(
hash
)
+
EVP_CIPHER_iv_length
(
c
);
num
*=
2
;
...
...
ssl/s3_pkt.c
浏览文件 @
09b6c2ef
...
...
@@ -476,6 +476,7 @@ err:
int
ssl3_do_uncompress
(
SSL
*
ssl
)
{
#ifndef OPENSSL_NO_COMP
int
i
;
SSL3_RECORD
*
rr
;
...
...
@@ -487,12 +488,13 @@ int ssl3_do_uncompress(SSL *ssl)
else
rr
->
length
=
i
;
rr
->
data
=
rr
->
comp
;
#endif
return
(
1
);
}
int
ssl3_do_compress
(
SSL
*
ssl
)
{
#ifndef OPENSSL_NO_COMP
int
i
;
SSL3_RECORD
*
wr
;
...
...
@@ -506,6 +508,7 @@ int ssl3_do_compress(SSL *ssl)
wr
->
length
=
i
;
wr
->
input
=
wr
->
data
;
#endif
return
(
1
);
}
...
...
ssl/s3_srvr.c
浏览文件 @
09b6c2ef
...
...
@@ -666,7 +666,9 @@ int ssl3_get_client_hello(SSL *s)
unsigned
long
id
;
unsigned
char
*
p
,
*
d
,
*
q
;
SSL_CIPHER
*
c
;
#ifndef OPENSSL_NO_COMP
SSL_COMP
*
comp
=
NULL
;
#endif
STACK_OF
(
SSL_CIPHER
)
*
ciphers
=
NULL
;
/* We do this so that we will respond with our native type.
...
...
@@ -897,6 +899,7 @@ int ssl3_get_client_hello(SSL *s)
* options, we will now look for them. We have i-1 compression
* algorithms from the client, starting at q. */
s
->
s3
->
tmp
.
new_compression
=
NULL
;
#ifndef OPENSSL_NO_COMP
if
(
s
->
ctx
->
comp_methods
!=
NULL
)
{
/* See if we have a match */
int
m
,
nn
,
o
,
v
,
done
=
0
;
...
...
@@ -921,6 +924,7 @@ int ssl3_get_client_hello(SSL *s)
else
comp
=
NULL
;
}
#endif
/* TLS does not mind if there is extra stuff */
#if 0 /* SSL 3.0 does not mind either, so we should disable this test
...
...
@@ -944,7 +948,11 @@ int ssl3_get_client_hello(SSL *s)
if
(
!
s
->
hit
)
{
#ifdef OPENSSL_NO_COMP
s
->
session
->
compress_meth
=
0
;
#else
s
->
session
->
compress_meth
=
(
comp
==
NULL
)
?
0
:
comp
->
id
;
#endif
if
(
s
->
session
->
ciphers
!=
NULL
)
sk_SSL_CIPHER_free
(
s
->
session
->
ciphers
);
s
->
session
->
ciphers
=
ciphers
;
...
...
@@ -1070,10 +1078,14 @@ int ssl3_send_server_hello(SSL *s)
p
+=
i
;
/* put the compression method */
#ifdef OPENSSL_NO_COMP
*
(
p
++
)
=
0
;
#else
if
(
s
->
s3
->
tmp
.
new_compression
==
NULL
)
*
(
p
++
)
=
0
;
else
*
(
p
++
)
=
s
->
s3
->
tmp
.
new_compression
->
id
;
#endif
/* do the header */
l
=
(
p
-
d
);
...
...
ssl/ssl3.h
浏览文件 @
09b6c2ef
...
...
@@ -253,7 +253,11 @@ extern "C" {
#endif
#define SSL3_RT_MAX_PLAIN_LENGTH 16384
#ifdef OPENSSL_NO_COMP
#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
#else
#define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH)
#endif
#define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
#define SSL3_RT_MAX_DATA_SIZE (1024*1024)
...
...
ssl/ssl_ciph.c
浏览文件 @
09b6c2ef
...
...
@@ -192,6 +192,9 @@ void ssl_load_ciphers(void)
EVP_get_digestbyname
(
SN_sha1
);
}
#ifndef OPENSSL_NO_COMP
static
int
sk_comp_cmp
(
const
SSL_COMP
*
const
*
a
,
const
SSL_COMP
*
const
*
b
)
{
...
...
@@ -231,6 +234,7 @@ static void load_builtin_compressions(void)
}
CRYPTO_w_unlock
(
CRYPTO_LOCK_SSL
);
}
#endif
int
ssl_cipher_get_evp
(
const
SSL_SESSION
*
s
,
const
EVP_CIPHER
**
enc
,
const
EVP_MD
**
md
,
SSL_COMP
**
comp
)
...
...
@@ -243,8 +247,9 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
if
(
comp
!=
NULL
)
{
SSL_COMP
ctmp
;
#ifndef OPENSSL_NO_COMP
load_builtin_compressions
();
#endif
*
comp
=
NULL
;
ctmp
.
id
=
s
->
compress_meth
;
...
...
@@ -1131,6 +1136,21 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
return
(
NULL
);
}
#ifdef OPENSSL_NO_COMP
void
*
SSL_COMP_get_compression_methods
(
void
)
{
return
NULL
;
}
int
SSL_COMP_add_compression_method
(
int
id
,
void
*
cm
)
{
return
1
;
}
const
char
*
SSL_COMP_get_name
(
const
void
*
comp
)
{
return
NULL
;
}
#else
STACK_OF
(
SSL_COMP
)
*
SSL_COMP_get_compression_methods
(
void
)
{
load_builtin_compressions
();
...
...
@@ -1191,3 +1211,4 @@ const char *SSL_COMP_get_name(const COMP_METHOD *comp)
return
NULL
;
}
#endif
ssl/ssl_lib.c
浏览文件 @
09b6c2ef
...
...
@@ -2246,6 +2246,7 @@ void ssl_clear_cipher_ctx(SSL *s)
OPENSSL_free
(
s
->
enc_write_ctx
);
s
->
enc_write_ctx
=
NULL
;
}
#ifndef OPENSSL_NO_COMP
if
(
s
->
expand
!=
NULL
)
{
COMP_CTX_free
(
s
->
expand
);
...
...
@@ -2256,6 +2257,7 @@ void ssl_clear_cipher_ctx(SSL *s)
COMP_CTX_free
(
s
->
compress
);
s
->
compress
=
NULL
;
}
#endif
}
/* Fix this function so that it takes an optional type parameter */
...
...
@@ -2282,6 +2284,16 @@ SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
return
(
s
->
session
->
cipher
);
return
(
NULL
);
}
#ifdef OPENSSL_NO_COMP
const
void
*
SSL_get_current_compression
(
SSL
*
s
)
{
return
NULL
;
}
const
void
*
SSL_get_current_expansion
(
SSL
*
s
)
{
return
NULL
;
}
#else
const
COMP_METHOD
*
SSL_get_current_compression
(
SSL
*
s
)
{
...
...
@@ -2296,6 +2308,7 @@ const COMP_METHOD *SSL_get_current_expansion(SSL *s)
return
(
s
->
expand
->
meth
);
return
(
NULL
);
}
#endif
int
ssl_init_wbio_buffer
(
SSL
*
s
,
int
push
)
{
...
...
ssl/ssl_txt.c
浏览文件 @
09b6c2ef
...
...
@@ -151,6 +151,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
if
(
BIO_printf
(
bp
,
"%02X"
,
x
->
krb5_client_princ
[
i
])
<=
0
)
goto
err
;
}
#endif
/* OPENSSL_NO_KRB5 */
#ifndef OPENSSL_NO_COMP
if
(
x
->
compress_meth
!=
0
)
{
SSL_COMP
*
comp
=
NULL
;
...
...
@@ -165,6 +166,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
if
(
BIO_printf
(
bp
,
"
\n
Compression: %d (%s)"
,
comp
->
id
,
comp
->
method
->
name
)
<=
0
)
goto
err
;
}
}
#endif
if
(
x
->
time
!=
0L
)
{
if
(
BIO_printf
(
bp
,
"
\n
Start Time: %ld"
,
x
->
time
)
<=
0
)
goto
err
;
...
...
ssl/ssltest.c
浏览文件 @
09b6c2ef
...
...
@@ -420,7 +420,9 @@ int main(int argc, char *argv[])
int
print_time
=
0
;
clock_t
s_time
=
0
,
c_time
=
0
;
int
comp
=
0
;
#ifndef OPENSSL_NO_COMP
COMP_METHOD
*
cm
=
NULL
;
#endif
STACK_OF
(
SSL_COMP
)
*
ssl_comp_methods
=
NULL
;
int
test_cipherlist
=
0
;
...
...
@@ -652,6 +654,7 @@ bad:
SSL_library_init
();
SSL_load_error_strings
();
#ifndef OPENSSL_NO_COMP
if
(
comp
==
COMP_ZLIB
)
cm
=
COMP_zlib
();
if
(
comp
==
COMP_RLE
)
cm
=
COMP_rle
();
if
(
cm
!=
NULL
)
...
...
@@ -675,6 +678,7 @@ bad:
ERR_print_errors_fp
(
stderr
);
}
}
#endif
ssl_comp_methods
=
SSL_COMP_get_compression_methods
();
fprintf
(
stderr
,
"Available compression methods:
\n
"
);
{
...
...
ssl/t1_enc.c
浏览文件 @
09b6c2ef
...
...
@@ -231,7 +231,9 @@ int tls1_change_cipher_state(SSL *s, int which)
int
client_write
;
EVP_CIPHER_CTX
*
dd
;
const
EVP_CIPHER
*
c
;
#ifndef OPENSSL_NO_COMP
const
SSL_COMP
*
comp
;
#endif
const
EVP_MD
*
m
;
int
is_export
,
n
,
i
,
j
,
k
,
exp_label_len
,
cl
;
int
reuse_dd
=
0
;
...
...
@@ -239,7 +241,9 @@ int tls1_change_cipher_state(SSL *s, int which)
is_export
=
SSL_C_IS_EXPORT
(
s
->
s3
->
tmp
.
new_cipher
);
c
=
s
->
s3
->
tmp
.
new_sym_enc
;
m
=
s
->
s3
->
tmp
.
new_hash
;
#ifndef OPENSSL_NO_COMP
comp
=
s
->
s3
->
tmp
.
new_compression
;
#endif
key_block
=
s
->
s3
->
tmp
.
key_block
;
#ifdef KSSL_DEBUG
...
...
@@ -265,6 +269,7 @@ int tls1_change_cipher_state(SSL *s, int which)
goto
err
;
dd
=
s
->
enc_read_ctx
;
s
->
read_hash
=
m
;
#ifndef OPENSSL_NO_COMP
if
(
s
->
expand
!=
NULL
)
{
COMP_CTX_free
(
s
->
expand
);
...
...
@@ -284,6 +289,7 @@ int tls1_change_cipher_state(SSL *s, int which)
if
(
s
->
s3
->
rrec
.
comp
==
NULL
)
goto
err
;
}
#endif
/* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
if
(
s
->
version
!=
DTLS1_VERSION
)
memset
(
&
(
s
->
s3
->
read_sequence
[
0
]),
0
,
8
);
...
...
@@ -301,6 +307,7 @@ int tls1_change_cipher_state(SSL *s, int which)
goto
err
;
dd
=
s
->
enc_write_ctx
;
s
->
write_hash
=
m
;
#ifndef OPENSSL_NO_COMP
if
(
s
->
compress
!=
NULL
)
{
COMP_CTX_free
(
s
->
compress
);
...
...
@@ -315,6 +322,7 @@ int tls1_change_cipher_state(SSL *s, int which)
goto
err2
;
}
}
#endif
/* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
if
(
s
->
version
!=
DTLS1_VERSION
)
memset
(
&
(
s
->
s3
->
write_sequence
[
0
]),
0
,
8
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录