Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
566dda07
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
566dda07
编写于
10月 08, 2005
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
New option SSL_OP_NO_COMP to disable compression. New ctrls to set
maximum send fragment size. Allocate I/O buffers accordingly.
上级
7a2f4cbf
变更
11
隐藏空白更改
内联
并排
Showing
11 changed file
with
122 addition
and
21 deletion
+122
-21
CHANGES
CHANGES
+6
-0
apps/s_client.c
apps/s_client.c
+2
-0
apps/s_server.c
apps/s_server.c
+2
-0
ssl/s23_clnt.c
ssl/s23_clnt.c
+2
-1
ssl/s3_both.c
ssl/s3_both.c
+21
-7
ssl/s3_clnt.c
ssl/s3_clnt.c
+4
-2
ssl/s3_pkt.c
ssl/s3_pkt.c
+14
-6
ssl/s3_srvr.c
ssl/s3_srvr.c
+1
-1
ssl/ssl.h
ssl/ssl.h
+16
-0
ssl/ssl3.h
ssl/ssl3.h
+41
-4
ssl/ssl_lib.c
ssl/ssl_lib.c
+13
-0
未找到文件。
CHANGES
浏览文件 @
566dda07
...
@@ -4,6 +4,12 @@
...
@@ -4,6 +4,12 @@
Changes between 0.9.8a and 0.9.9 [xx XXX xxxx]
Changes between 0.9.8a and 0.9.9 [xx XXX xxxx]
*) New option SSL_OP_NO_COMP to disable use of compression selectively
in SSL structures. New SSL ctrl to set maximum send fragment size.
Save memory by seeting the I/O buffer sizes dynamically instead of
using the maximum available value.
[Steve Henson]
*) New option -V for 'openssl ciphers'. This prints the ciphersuite code
*) New option -V for 'openssl ciphers'. This prints the ciphersuite code
in addition to the text details.
in addition to the text details.
[Bodo Moeller]
[Bodo Moeller]
...
...
apps/s_client.c
浏览文件 @
566dda07
...
@@ -450,6 +450,8 @@ int MAIN(int argc, char **argv)
...
@@ -450,6 +450,8 @@ int MAIN(int argc, char **argv)
off
|=
SSL_OP_NO_SSLv3
;
off
|=
SSL_OP_NO_SSLv3
;
else
if
(
strcmp
(
*
argv
,
"-no_ssl2"
)
==
0
)
else
if
(
strcmp
(
*
argv
,
"-no_ssl2"
)
==
0
)
off
|=
SSL_OP_NO_SSLv2
;
off
|=
SSL_OP_NO_SSLv2
;
else
if
(
strcmp
(
*
argv
,
"-no_comp"
)
==
0
)
{
off
|=
SSL_OP_NO_COMPRESSION
;
}
else
if
(
strcmp
(
*
argv
,
"-serverpref"
)
==
0
)
else
if
(
strcmp
(
*
argv
,
"-serverpref"
)
==
0
)
off
|=
SSL_OP_CIPHER_SERVER_PREFERENCE
;
off
|=
SSL_OP_CIPHER_SERVER_PREFERENCE
;
else
if
(
strcmp
(
*
argv
,
"-cipher"
)
==
0
)
else
if
(
strcmp
(
*
argv
,
"-cipher"
)
==
0
)
...
...
apps/s_server.c
浏览文件 @
566dda07
...
@@ -754,6 +754,8 @@ int MAIN(int argc, char *argv[])
...
@@ -754,6 +754,8 @@ int MAIN(int argc, char *argv[])
{
off
|=
SSL_OP_NO_SSLv3
;
}
{
off
|=
SSL_OP_NO_SSLv3
;
}
else
if
(
strcmp
(
*
argv
,
"-no_tls1"
)
==
0
)
else
if
(
strcmp
(
*
argv
,
"-no_tls1"
)
==
0
)
{
off
|=
SSL_OP_NO_TLSv1
;
}
{
off
|=
SSL_OP_NO_TLSv1
;
}
else
if
(
strcmp
(
*
argv
,
"-no_comp"
)
==
0
)
{
off
|=
SSL_OP_NO_COMPRESSION
;
}
#ifndef OPENSSL_NO_SSL2
#ifndef OPENSSL_NO_SSL2
else
if
(
strcmp
(
*
argv
,
"-ssl2"
)
==
0
)
else
if
(
strcmp
(
*
argv
,
"-ssl2"
)
==
0
)
{
meth
=
SSLv2_server_method
();
}
{
meth
=
SSLv2_server_method
();
}
...
...
ssl/s23_clnt.c
浏览文件 @
566dda07
...
@@ -349,7 +349,8 @@ static int ssl23_client_hello(SSL *s)
...
@@ -349,7 +349,8 @@ static int ssl23_client_hello(SSL *s)
p
+=
i
;
p
+=
i
;
/* COMPRESSION */
/* COMPRESSION */
if
(
s
->
ctx
->
comp_methods
==
NULL
)
if
((
s
->
options
&
SSL_OP_NO_COMPRESSION
)
||
!
s
->
ctx
->
comp_methods
)
j
=
0
;
j
=
0
;
else
else
j
=
sk_SSL_COMP_num
(
s
->
ctx
->
comp_methods
);
j
=
sk_SSL_COMP_num
(
s
->
ctx
->
comp_methods
);
...
...
ssl/s3_both.c
浏览文件 @
566dda07
...
@@ -589,16 +589,22 @@ int ssl_verify_alarm_type(long type)
...
@@ -589,16 +589,22 @@ int ssl_verify_alarm_type(long type)
int
ssl3_setup_buffers
(
SSL
*
s
)
int
ssl3_setup_buffers
(
SSL
*
s
)
{
{
unsigned
char
*
p
;
unsigned
char
*
p
;
unsigned
int
extra
;
size_t
len
;
size_t
len
;
if
(
s
->
s3
->
rbuf
.
buf
==
NULL
)
if
(
s
->
s3
->
rbuf
.
buf
==
NULL
)
{
{
len
=
SSL3_RT_MAX_PLAIN_LENGTH
+
SSL3_RT_MAX_ENCRYPTED_OVERHEAD
+
SSL3_RT_HEADER_LENGTH
;
if
(
s
->
options
&
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
)
if
(
s
->
options
&
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
)
extra
=
SSL3_RT_MAX_EXTRA
;
{
else
s
->
s3
->
init_extra
=
1
;
extra
=
0
;
len
+=
SSL3_RT_MAX_EXTRA
;
len
=
SSL3_RT_MAX_PACKET_SIZE
+
extra
;
}
#ifndef OPENSSL_NO_COMP
if
(
!
(
s
->
options
&
SSL_OP_NO_COMPRESSION
))
len
+=
SSL3_RT_MAX_COMPRESSED_OVERHEAD
;
#endif
if
((
p
=
OPENSSL_malloc
(
len
))
==
NULL
)
if
((
p
=
OPENSSL_malloc
(
len
))
==
NULL
)
goto
err
;
goto
err
;
s
->
s3
->
rbuf
.
buf
=
p
;
s
->
s3
->
rbuf
.
buf
=
p
;
...
@@ -607,8 +613,16 @@ int ssl3_setup_buffers(SSL *s)
...
@@ -607,8 +613,16 @@ int ssl3_setup_buffers(SSL *s)
if
(
s
->
s3
->
wbuf
.
buf
==
NULL
)
if
(
s
->
s3
->
wbuf
.
buf
==
NULL
)
{
{
len
=
SSL3_RT_MAX_PACKET_SIZE
;
len
=
s
->
max_send_fragment
len
+=
SSL3_RT_HEADER_LENGTH
+
256
;
/* extra space for empty fragment */
+
SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
+
SSL3_RT_HEADER_LENGTH
;
#ifndef OPENSSL_NO_COMP
if
(
!
(
s
->
options
&
SSL_OP_NO_COMPRESSION
))
len
+=
SSL3_RT_MAX_COMPRESSED_OVERHEAD
;
#endif
if
(
!
(
s
->
options
&
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
))
len
+=
SSL3_RT_HEADER_LENGTH
+
SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
;
if
((
p
=
OPENSSL_malloc
(
len
))
==
NULL
)
if
((
p
=
OPENSSL_malloc
(
len
))
==
NULL
)
goto
err
;
goto
err
;
s
->
s3
->
wbuf
.
buf
=
p
;
s
->
s3
->
wbuf
.
buf
=
p
;
...
...
ssl/s3_clnt.c
浏览文件 @
566dda07
...
@@ -588,7 +588,9 @@ int ssl3_client_hello(SSL *s)
...
@@ -588,7 +588,9 @@ int ssl3_client_hello(SSL *s)
#ifdef OPENSSL_NO_COMP
#ifdef OPENSSL_NO_COMP
*
(
p
++
)
=
1
;
*
(
p
++
)
=
1
;
#else
#else
if
(
s
->
ctx
->
comp_methods
==
NULL
)
if
((
s
->
options
&
SSL_OP_NO_COMPRESSION
)
||
!
s
->
ctx
->
comp_methods
)
j
=
0
;
j
=
0
;
else
else
j
=
sk_SSL_COMP_num
(
s
->
ctx
->
comp_methods
);
j
=
sk_SSL_COMP_num
(
s
->
ctx
->
comp_methods
);
...
@@ -768,7 +770,7 @@ int ssl3_get_server_hello(SSL *s)
...
@@ -768,7 +770,7 @@ int ssl3_get_server_hello(SSL *s)
}
}
#else
#else
j
=
*
(
p
++
);
j
=
*
(
p
++
);
if
(
j
==
0
)
if
(
(
j
==
0
)
||
(
s
->
options
&
SSL_OP_NO_COMPRESSION
)
)
comp
=
NULL
;
comp
=
NULL
;
else
else
comp
=
ssl3_comp_find
(
s
->
ctx
->
comp_methods
,
j
);
comp
=
ssl3_comp_find
(
s
->
ctx
->
comp_methods
,
j
);
...
...
ssl/s3_pkt.c
浏览文件 @
566dda07
...
@@ -250,9 +250,9 @@ static int ssl3_get_record(SSL *s)
...
@@ -250,9 +250,9 @@ static int ssl3_get_record(SSL *s)
extra
=
SSL3_RT_MAX_EXTRA
;
extra
=
SSL3_RT_MAX_EXTRA
;
else
else
extra
=
0
;
extra
=
0
;
if
(
extra
!=
s
->
s3
->
rbuf
.
len
-
SSL3_RT_MAX_PACKET_SIZE
)
if
(
extra
&&
!
s
->
s3
->
init_extra
)
{
{
/*
actually likely a
n application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
/*
A
n application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
* set after ssl3_setup_buffers() was done */
* set after ssl3_setup_buffers() was done */
SSLerr
(
SSL_F_SSL3_GET_RECORD
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_SSL3_GET_RECORD
,
ERR_R_INTERNAL_ERROR
);
return
-
1
;
return
-
1
;
...
@@ -275,6 +275,9 @@ again:
...
@@ -275,6 +275,9 @@ again:
ssl_minor
=
*
(
p
++
);
ssl_minor
=
*
(
p
++
);
version
=
(
ssl_major
<<
8
)
|
ssl_minor
;
version
=
(
ssl_major
<<
8
)
|
ssl_minor
;
n2s
(
p
,
rr
->
length
);
n2s
(
p
,
rr
->
length
);
#if 0
fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
#endif
/* Lets check version */
/* Lets check version */
if
(
s
->
first_packet
)
if
(
s
->
first_packet
)
...
@@ -300,7 +303,7 @@ again:
...
@@ -300,7 +303,7 @@ again:
goto
err
;
goto
err
;
}
}
if
(
rr
->
length
>
SSL3_RT_MAX_ENCRYPTED_LENGTH
+
extra
)
if
(
rr
->
length
>
s
->
s3
->
rbuf
.
len
-
SSL3_RT_HEADER_LENGTH
)
{
{
al
=
SSL_AD_RECORD_OVERFLOW
;
al
=
SSL_AD_RECORD_OVERFLOW
;
SSLerr
(
SSL_F_SSL3_GET_RECORD
,
SSL_R_PACKET_LENGTH_TOO_LONG
);
SSLerr
(
SSL_F_SSL3_GET_RECORD
,
SSL_R_PACKET_LENGTH_TOO_LONG
);
...
@@ -466,6 +469,10 @@ printf("\n");
...
@@ -466,6 +469,10 @@ printf("\n");
/* just read a 0 length packet */
/* just read a 0 length packet */
if
(
rr
->
length
==
0
)
goto
again
;
if
(
rr
->
length
==
0
)
goto
again
;
#if 0
fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length);
#endif
return
(
1
);
return
(
1
);
f_err:
f_err:
...
@@ -539,8 +546,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
...
@@ -539,8 +546,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
n
=
(
len
-
tot
);
n
=
(
len
-
tot
);
for
(;;)
for
(;;)
{
{
if
(
n
>
SSL3_RT_MAX_PLAIN_LENGTH
)
if
(
n
>
s
->
max_send_fragment
)
nw
=
SSL3_RT_MAX_PLAIN_LENGTH
;
nw
=
s
->
max_send_fragment
;
else
else
nw
=
n
;
nw
=
n
;
...
@@ -624,7 +631,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
...
@@ -624,7 +631,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
if
(
prefix_len
<=
0
)
if
(
prefix_len
<=
0
)
goto
err
;
goto
err
;
if
(
s
->
s3
->
wbuf
.
len
<
(
size_t
)
prefix_len
+
SSL3_RT_MAX_PACKET_SIZE
)
if
(
prefix_len
>
(
SSL3_RT_HEADER_LENGTH
+
SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
))
{
{
/* insufficient space */
/* insufficient space */
SSLerr
(
SSL_F_DO_SSL3_WRITE
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_DO_SSL3_WRITE
,
ERR_R_INTERNAL_ERROR
);
...
...
ssl/s3_srvr.c
浏览文件 @
566dda07
...
@@ -900,7 +900,7 @@ int ssl3_get_client_hello(SSL *s)
...
@@ -900,7 +900,7 @@ int ssl3_get_client_hello(SSL *s)
* algorithms from the client, starting at q. */
* algorithms from the client, starting at q. */
s
->
s3
->
tmp
.
new_compression
=
NULL
;
s
->
s3
->
tmp
.
new_compression
=
NULL
;
#ifndef OPENSSL_NO_COMP
#ifndef OPENSSL_NO_COMP
if
(
s
->
ctx
->
comp_methods
!=
NULL
)
if
(
!
(
s
->
options
&
SSL_OP_NO_COMPRESSION
)
&&
s
->
ctx
->
comp_methods
)
{
/* See if we have a match */
{
/* See if we have a match */
int
m
,
nn
,
o
,
v
,
done
=
0
;
int
m
,
nn
,
o
,
v
,
done
=
0
;
...
...
ssl/ssl.h
浏览文件 @
566dda07
...
@@ -503,6 +503,8 @@ typedef struct ssl_session_st
...
@@ -503,6 +503,8 @@ typedef struct ssl_session_st
/* As server, disallow session resumption on renegotiation */
/* As server, disallow session resumption on renegotiation */
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
/* Don't use compression even if supported */
#define SSL_OP_NO_COMPRESSION 0x00020000L
/* If set, always create a new key when using tmp_ecdh parameters */
/* If set, always create a new key when using tmp_ecdh parameters */
#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
/* If set, always create a new key when using tmp_dh parameters */
/* If set, always create a new key when using tmp_dh parameters */
...
@@ -747,6 +749,12 @@ struct ssl_ctx_st
...
@@ -747,6 +749,12 @@ struct ssl_ctx_st
#endif
#endif
int
quiet_shutdown
;
int
quiet_shutdown
;
/* Maximum amount of data to send in one fragment.
* actual record size can be more than this due to
* padding and MAC overheads.
*/
int
max_send_fragment
;
};
};
#define SSL_SESS_CACHE_OFF 0x0000
#define SSL_SESS_CACHE_OFF 0x0000
...
@@ -968,6 +976,7 @@ struct ssl_st
...
@@ -968,6 +976,7 @@ struct ssl_st
int
first_packet
;
int
first_packet
;
int
client_version
;
/* what was passed, used for
int
client_version
;
/* what was passed, used for
* SSLv3/TLS rollback check */
* SSLv3/TLS rollback check */
int
max_send_fragment
;
};
};
#ifdef __cplusplus
#ifdef __cplusplus
...
@@ -1171,6 +1180,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
...
@@ -1171,6 +1180,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
#define SSL_CTRL_GET_MAX_CERT_LIST 50
#define SSL_CTRL_GET_MAX_CERT_LIST 50
#define SSL_CTRL_SET_MAX_CERT_LIST 51
#define SSL_CTRL_SET_MAX_CERT_LIST 51
#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52
#define SSL_session_reused(ssl) \
#define SSL_session_reused(ssl) \
SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
#define SSL_num_renegotiations(ssl) \
#define SSL_num_renegotiations(ssl) \
...
@@ -1492,6 +1503,11 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
...
@@ -1492,6 +1503,11 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
#define SSL_set_max_cert_list(ssl,m) \
#define SSL_set_max_cert_list(ssl,m) \
SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
#define SSL_CTX_set_max_send_fragment(ctx,m) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
#define SSL_set_max_send_fragment(ssl,m) \
SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
/* NB: the keylength is only applicable when is_export is true */
/* NB: the keylength is only applicable when is_export is true */
#ifndef OPENSSL_NO_RSA
#ifndef OPENSSL_NO_RSA
void
SSL_CTX_set_tmp_rsa_callback
(
SSL_CTX
*
ctx
,
void
SSL_CTX_set_tmp_rsa_callback
(
SSL_CTX
*
ctx
,
...
...
ssl/ssl3.h
浏览文件 @
566dda07
...
@@ -244,6 +244,18 @@ extern "C" {
...
@@ -244,6 +244,18 @@ extern "C" {
#define SSL3_SESSION_ID_SIZE 32
#define SSL3_SESSION_ID_SIZE 32
#define SSL3_RT_HEADER_LENGTH 5
#define SSL3_RT_HEADER_LENGTH 5
/* This is the maximum MAC (digest) size used by the SSL library.
* Currently this is 20 when SHA1 is used. This must be updated if larger
* digests are used in future.
*/
#define SSL3_RT_MAX_MD_SIZE 20
/* Maximum block size used in all ciphersuites. Currently 16 for AES.
*/
#define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16
/* Due to MS stuffing up, this can change.... */
/* Due to MS stuffing up, this can change.... */
#if defined(OPENSSL_SYS_WIN16) || \
#if defined(OPENSSL_SYS_WIN16) || \
(defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
(defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
...
@@ -252,14 +264,36 @@ extern "C" {
...
@@ -252,14 +264,36 @@ extern "C" {
#define SSL3_RT_MAX_EXTRA (16384)
#define SSL3_RT_MAX_EXTRA (16384)
#endif
#endif
/* Maximum plaintext length: defined by SSL/TLS standards */
#define SSL3_RT_MAX_PLAIN_LENGTH 16384
#define SSL3_RT_MAX_PLAIN_LENGTH 16384
/* Maximum compression overhead: defined by SSL/TLS standards */
#define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024
/* The standards give a maximum encryption overhead of 1024 bytes.
* In practice the value is lower than this. The overhead is the maximum
* number of padding bytes (256) plus the mac size.
*/
#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)
/* OpenSSL currently only uses a padding length of at most one block so
* the send overhead is smaller.
*/
#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
(SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
/* If compression isn't used don't include the compression overhead */
#ifdef OPENSSL_NO_COMP
#ifdef OPENSSL_NO_COMP
#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
#define SSL3_RT_MAX_COMPRESSED_LENGTH
SSL3_RT_MAX_PLAIN_LENGTH
#else
#else
#define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH)
#define SSL3_RT_MAX_COMPRESSED_LENGTH \
(SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
#endif
#endif
#define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
#define SSL3_RT_MAX_ENCRYPTED_LENGTH \
#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
(SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
#define SSL3_RT_MAX_PACKET_SIZE \
(SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
#define SSL3_RT_MAX_DATA_SIZE (1024*1024)
#define SSL3_RT_MAX_DATA_SIZE (1024*1024)
#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
...
@@ -347,6 +381,9 @@ typedef struct ssl3_state_st
...
@@ -347,6 +381,9 @@ typedef struct ssl3_state_st
int
need_empty_fragments
;
int
need_empty_fragments
;
int
empty_fragment_done
;
int
empty_fragment_done
;
/* The value of 'extra' when the buffers were initialized */
int
init_extra
;
SSL3_BUFFER
rbuf
;
/* read IO goes into here */
SSL3_BUFFER
rbuf
;
/* read IO goes into here */
SSL3_BUFFER
wbuf
;
/* write IO goes into here */
SSL3_BUFFER
wbuf
;
/* write IO goes into here */
...
...
ssl/ssl_lib.c
浏览文件 @
566dda07
...
@@ -303,6 +303,7 @@ SSL *SSL_new(SSL_CTX *ctx)
...
@@ -303,6 +303,7 @@ SSL *SSL_new(SSL_CTX *ctx)
s->trust = ctx->trust;
s->trust = ctx->trust;
#endif
#endif
s
->
quiet_shutdown
=
ctx
->
quiet_shutdown
;
s
->
quiet_shutdown
=
ctx
->
quiet_shutdown
;
s
->
max_send_fragment
=
ctx
->
max_send_fragment
;
CRYPTO_add
(
&
ctx
->
references
,
1
,
CRYPTO_LOCK_SSL_CTX
);
CRYPTO_add
(
&
ctx
->
references
,
1
,
CRYPTO_LOCK_SSL_CTX
);
s
->
ctx
=
ctx
;
s
->
ctx
=
ctx
;
...
@@ -973,6 +974,11 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
...
@@ -973,6 +974,11 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
return
larg
;
return
larg
;
}
}
return
0
;
return
0
;
case
SSL_CTRL_SET_MAX_SEND_FRAGMENT
:
if
(
larg
<
512
||
larg
>
SSL3_RT_MAX_PLAIN_LENGTH
)
return
0
;
s
->
max_send_fragment
=
larg
;
return
1
;
default:
default:
return
(
s
->
method
->
ssl_ctrl
(
s
,
cmd
,
larg
,
parg
));
return
(
s
->
method
->
ssl_ctrl
(
s
,
cmd
,
larg
,
parg
));
}
}
...
@@ -1061,6 +1067,11 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
...
@@ -1061,6 +1067,11 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
return
(
ctx
->
options
|=
larg
);
return
(
ctx
->
options
|=
larg
);
case
SSL_CTRL_MODE
:
case
SSL_CTRL_MODE
:
return
(
ctx
->
mode
|=
larg
);
return
(
ctx
->
mode
|=
larg
);
case
SSL_CTRL_SET_MAX_SEND_FRAGMENT
:
if
(
larg
<
512
||
larg
>
SSL3_RT_MAX_PLAIN_LENGTH
)
return
0
;
ctx
->
max_send_fragment
=
larg
;
return
1
;
default:
default:
return
(
ctx
->
method
->
ssl_ctx_ctrl
(
ctx
,
cmd
,
larg
,
parg
));
return
(
ctx
->
method
->
ssl_ctx_ctrl
(
ctx
,
cmd
,
larg
,
parg
));
}
}
...
@@ -1453,6 +1464,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
...
@@ -1453,6 +1464,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret
->
extra_certs
=
NULL
;
ret
->
extra_certs
=
NULL
;
ret
->
comp_methods
=
SSL_COMP_get_compression_methods
();
ret
->
comp_methods
=
SSL_COMP_get_compression_methods
();
ret
->
max_send_fragment
=
SSL3_RT_MAX_PLAIN_LENGTH
;
return
(
ret
);
return
(
ret
);
err:
err:
SSLerr
(
SSL_F_SSL_CTX_NEW
,
ERR_R_MALLOC_FAILURE
);
SSLerr
(
SSL_F_SSL_CTX_NEW
,
ERR_R_MALLOC_FAILURE
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录