Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 0a699a07 编写于 作者: D Dr. Stephen Henson
浏览文件
操作

Fix no-ec 

Fix no-ec builds by having separate functions to create keys based on
an existing EVP_PKEY and a curve id.
Reviewed-by: NRich Salz <rsalz@openssl.org>
上级 0818dbad
隐藏空白更改
内联 并排
Showing with 40 addition and 28 deletion
ssl/s3_lib.c
浏览文件 @ 0a699a07
...@@ -3982,41 +3982,51 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, ...@@ -3982,41 +3982,51 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
return s->session->master_key_length >= 0; return s->session->master_key_length >= 0;
} }
/* Generate a private key from parameters or a curve ID */ /* Generate a private key from parameters */
EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm, int id) EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
{ {
EVP_PKEY_CTX *pctx = NULL; EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
int nid;
if (pm != NULL) { if (pm == NULL)
pctx = EVP_PKEY_CTX_new(pm, NULL); return NULL;
pctx = EVP_PKEY_CTX_new(pm, NULL);
if (pctx == NULL)
goto err;
if (EVP_PKEY_keygen_init(pctx) <= 0)
goto err;
if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
EVP_PKEY_free(pkey);
pkey = NULL;
}
err:
EVP_PKEY_CTX_free(pctx);
return pkey;
}
#ifndef OPENSSL_NO_EC
/* Generate a private key a curve ID */
EVP_PKEY *ssl_generate_pkey_curve(int id)
{
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
unsigned int curve_flags;
int nid = tls1_ec_curve_id2nid(id, &curve_flags);
if (nid == 0)
goto err;
if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
pctx = EVP_PKEY_CTX_new_id(nid, NULL);
nid = 0; nid = 0;
} else { } else {
unsigned int curve_flags; pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
nid = tls1_ec_curve_id2nid(id, &curve_flags);
if (nid == 0)
goto err;
/*
* Generate a new key for this curve.
* Should not be called if EC is disabled: if it is it will
* fail with an unknown algorithm error.
*/
if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
pctx = EVP_PKEY_CTX_new_id(nid, NULL);
nid = 0;
} else {
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
}
} }
if (pctx == NULL) if (pctx == NULL)
goto err; goto err;
if (EVP_PKEY_keygen_init(pctx) <= 0) if (EVP_PKEY_keygen_init(pctx) <= 0)
goto err; goto err;
#ifndef OPENSSL_NO_EC
if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0) if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
goto err; goto err;
#endif
if (EVP_PKEY_keygen(pctx, &pkey) <= 0) { if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
pkey = NULL; pkey = NULL;
...@@ -4026,6 +4036,7 @@ EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm, int id) ...@@ -4026,6 +4036,7 @@ EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm, int id)
EVP_PKEY_CTX_free(pctx); EVP_PKEY_CTX_free(pctx);
return pkey; return pkey;
} }
#endif
/* Derive premaster or master secret for ECDH/DH */ /* Derive premaster or master secret for ECDH/DH */
int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey) int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey)
{ {
......
ssl/ssl_locl.h
浏览文件 @ 0a699a07
...@@ -1857,7 +1857,7 @@ void ssl_load_ciphers(void); ...@@ -1857,7 +1857,7 @@ void ssl_load_ciphers(void);
__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len); __owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
__owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, __owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
int free_pms); int free_pms);
__owur EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm, int nid); __owur EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm);
__owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey); __owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey);
__owur EVP_PKEY *ssl_dh_to_pkey(DH *dh); __owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
...@@ -2002,6 +2002,7 @@ __owur int tls1_set_curves(unsigned char **pext, size_t *pextlen, ...@@ -2002,6 +2002,7 @@ __owur int tls1_set_curves(unsigned char **pext, size_t *pextlen,
__owur int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, __owur int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
const char *str); const char *str);
__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id); __owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
__owur EVP_PKEY *ssl_generate_pkey_curve(int id);
# endif /* OPENSSL_NO_EC */ # endif /* OPENSSL_NO_EC */
__owur int tls1_shared_list(SSL *s, __owur int tls1_shared_list(SSL *s,
......
ssl/statem/statem_clnt.c
浏览文件 @ 0a699a07
...@@ -2250,7 +2250,7 @@ static int tls_construct_cke_dhe(SSL *s, unsigned char **p, int *len, int *al) ...@@ -2250,7 +2250,7 @@ static int tls_construct_cke_dhe(SSL *s, unsigned char **p, int *len, int *al)
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR);
return 0; return 0;
} }
ckey = ssl_generate_pkey(skey, NID_undef); ckey = ssl_generate_pkey(skey);
dh_clnt = EVP_PKEY_get0_DH(ckey); dh_clnt = EVP_PKEY_get0_DH(ckey);
if (dh_clnt == NULL || ssl_derive(s, ckey, skey) == 0) { if (dh_clnt == NULL || ssl_derive(s, ckey, skey) == 0) {
...@@ -2288,7 +2288,7 @@ static int tls_construct_cke_ecdhe(SSL *s, unsigned char **p, int *len, int *al) ...@@ -2288,7 +2288,7 @@ static int tls_construct_cke_ecdhe(SSL *s, unsigned char **p, int *len, int *al)
return 0; return 0;
} }
ckey = ssl_generate_pkey(skey, NID_undef); ckey = ssl_generate_pkey(skey);
if (ssl_derive(s, ckey, skey) == 0) { if (ssl_derive(s, ckey, skey) == 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_EVP_LIB); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_EVP_LIB);
......
ssl/statem/statem_srvr.c
浏览文件 @ 0a699a07
...@@ -1703,7 +1703,7 @@ int tls_construct_server_key_exchange(SSL *s) ...@@ -1703,7 +1703,7 @@ int tls_construct_server_key_exchange(SSL *s)
goto err; goto err;
} }
s->s3->tmp.pkey = ssl_generate_pkey(pkdhp, NID_undef); s->s3->tmp.pkey = ssl_generate_pkey(pkdhp);
if (s->s3->tmp.pkey == NULL) { if (s->s3->tmp.pkey == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB); SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB);
...@@ -1737,7 +1737,7 @@ int tls_construct_server_key_exchange(SSL *s) ...@@ -1737,7 +1737,7 @@ int tls_construct_server_key_exchange(SSL *s)
SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
goto err; goto err;
} }
s->s3->tmp.pkey = ssl_generate_pkey(NULL, curve_id); s->s3->tmp.pkey = ssl_generate_pkey_curve(curve_id);
/* Generate a new key for this curve */ /* Generate a new key for this curve */
if (s->s3->tmp.pkey == NULL) { if (s->s3->tmp.pkey == NULL) {
al = SSL_AD_INTERNAL_ERROR; al = SSL_AD_INTERNAL_ERROR;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册