Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
60e31c3a
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
60e31c3a
编写于
2月 21, 1999
作者:
B
Ben Laurie
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
More stuff for new TLS ciphersuites.
上级
a040ea82
变更
7
隐藏空白更改
内联
并排
Showing
7 changed file
with
54 addition
and
45 deletion
+54
-45
apps/s_server.c
apps/s_server.c
+5
-4
ssl/s3_lib.c
ssl/s3_lib.c
+5
-4
ssl/s3_srvr.c
ssl/s3_srvr.c
+4
-2
ssl/ssl.h
ssl/ssl.h
+5
-6
ssl/ssl_lib.c
ssl/ssl_lib.c
+27
-22
ssl/ssl_locl.h
ssl/ssl_locl.h
+3
-3
ssl/ssltest.c
ssl/ssltest.c
+5
-4
未找到文件。
apps/s_server.c
浏览文件 @
60e31c3a
...
...
@@ -75,7 +75,7 @@
#include "s_apps.h"
#ifndef NOPROTO
static
RSA
MS_CALLBACK
*
tmp_rsa_cb
(
SSL
*
s
,
int
export
);
static
RSA
MS_CALLBACK
*
tmp_rsa_cb
(
SSL
*
s
,
int
export
,
int
keylength
);
static
int
sv_body
(
char
*
hostname
,
int
s
);
static
int
www_body
(
char
*
hostname
,
int
s
);
static
void
close_accept_socket
(
void
);
...
...
@@ -1211,9 +1211,10 @@ err:
return
(
ret
);
}
static
RSA
MS_CALLBACK
*
tmp_rsa_cb
(
s
,
export
)
static
RSA
MS_CALLBACK
*
tmp_rsa_cb
(
s
,
export
,
keylength
)
SSL
*
s
;
int
export
;
int
keylength
;
{
static
RSA
*
rsa_tmp
=
NULL
;
...
...
@@ -1221,11 +1222,11 @@ int export;
{
if
(
!
s_quiet
)
{
BIO_printf
(
bio_err
,
"Generating temp (
512 bit) RSA key..."
);
BIO_printf
(
bio_err
,
"Generating temp (
%d bit) RSA key..."
,
keylength
);
BIO_flush
(
bio_err
);
}
#ifndef NO_RSA
rsa_tmp
=
RSA_generate_key
(
512
,
RSA_F4
,
NULL
,
NULL
);
rsa_tmp
=
RSA_generate_key
(
keylength
,
RSA_F4
,
NULL
,
NULL
);
#endif
if
(
!
s_quiet
)
{
...
...
ssl/s3_lib.c
浏览文件 @
60e31c3a
...
...
@@ -752,15 +752,16 @@ STACK *have,*pref;
else
cert
=
s
->
ctx
->
default_cert
;
ssl_set_cert_masks
(
cert
);
mask
=
cert
->
mask
;
emask
=
cert
->
export_mask
;
sk_set_cmp_func
(
pref
,
ssl_cipher_ptr_id_cmp
);
for
(
i
=
0
;
i
<
sk_num
(
have
);
i
++
)
{
c
=
(
SSL_CIPHER
*
)
sk_value
(
have
,
i
);
ssl_set_cert_masks
(
cert
,
c
);
mask
=
cert
->
mask
;
emask
=
cert
->
export_mask
;
alg
=
c
->
algorithms
&
(
SSL_MKEY_MASK
|
SSL_AUTH_MASK
);
if
(
SSL_IS_EXPORT
(
alg
))
{
...
...
ssl/s3_srvr.c
浏览文件 @
60e31c3a
...
...
@@ -945,7 +945,8 @@ SSL *s;
if
((
rsa
==
NULL
)
&&
(
s
->
ctx
->
default_cert
->
rsa_tmp_cb
!=
NULL
))
{
rsa
=
s
->
ctx
->
default_cert
->
rsa_tmp_cb
(
s
,
!
SSL_C_IS_EXPORT
(
s
->
s3
->
tmp
.
new_cipher
));
!
SSL_C_IS_EXPORT
(
s
->
s3
->
tmp
.
new_cipher
),
SSL_C_EXPORT_PKEYLENGTH
(
s
->
s3
->
tmp
.
new_cipher
));
CRYPTO_add
(
&
rsa
->
references
,
1
,
CRYPTO_LOCK_RSA
);
cert
->
rsa_tmp
=
rsa
;
}
...
...
@@ -967,7 +968,8 @@ SSL *s;
dhp
=
cert
->
dh_tmp
;
if
((
dhp
==
NULL
)
&&
(
cert
->
dh_tmp_cb
!=
NULL
))
dhp
=
cert
->
dh_tmp_cb
(
s
,
!
SSL_C_IS_EXPORT
(
s
->
s3
->
tmp
.
new_cipher
));
!
SSL_C_IS_EXPORT
(
s
->
s3
->
tmp
.
new_cipher
),
SSL_C_EXPORT_PKEYLENGTH
(
s
->
s3
->
tmp
.
new_cipher
));
if
(
dhp
==
NULL
)
{
al
=
SSL_AD_HANDSHAKE_FAILURE
;
...
...
ssl/ssl.h
浏览文件 @
60e31c3a
...
...
@@ -1022,13 +1022,12 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
#define SSL_CTX_set_read_ahead(ctx,m) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL)
/* For the next 2, the callbacks are
* RSA *tmp_rsa_cb(SSL *ssl,int export)
* DH *tmp_dh_cb(SSL *ssl,int export)
*/
/* NB: the keylength is only applicable when export is true */
void
SSL_CTX_set_tmp_rsa_callback
(
SSL_CTX
*
ctx
,
RSA
*
(
*
cb
)(
SSL
*
ssl
,
int
export
));
void
SSL_CTX_set_tmp_dh_callback
(
SSL_CTX
*
ctx
,
DH
*
(
*
dh
)(
SSL
*
ssl
,
int
export
));
RSA
*
(
*
cb
)(
SSL
*
ssl
,
int
export
,
int
keylength
));
void
SSL_CTX_set_tmp_dh_callback
(
SSL_CTX
*
ctx
,
DH
*
(
*
dh
)(
SSL
*
ssl
,
int
export
,
int
keylength
));
#ifdef HEADER_COMP_H
int
SSL_COMP_add_compression_method
(
int
id
,
COMP_METHOD
*
cm
);
...
...
ssl/ssl_lib.c
浏览文件 @
60e31c3a
...
...
@@ -1131,46 +1131,49 @@ int (*cb)();
X509_STORE_set_verify_cb_func
(
ctx
->
cert_store
,
cb
);
}
void
ssl_set_cert_masks
(
c
)
void
ssl_set_cert_masks
(
c
,
cipher
)
CERT
*
c
;
SSL_CIPHER
*
cipher
;
{
CERT_PKEY
*
cpk
;
int
rsa_enc
,
rsa_tmp
,
rsa_sign
,
dh_tmp
,
dh_rsa
,
dh_dsa
,
dsa_sign
;
int
rsa_enc_export
,
dh_rsa_export
,
dh_dsa_export
;
int
rsa_tmp_export
,
dh_tmp_export
;
int
rsa_tmp_export
,
dh_tmp_export
,
kl
;
unsigned
long
mask
,
emask
;
if
((
c
==
NULL
)
||
(
c
->
valid
))
return
;
kl
=
SSL_C_EXPORT_PKEYLENGTH
(
cipher
);
#ifndef NO_RSA
rsa_tmp
=
(
(
c
->
rsa_tmp
!=
NULL
)
||
(
c
->
rsa_tmp_cb
!=
NULL
))
?
1
:
0
;
rsa_tmp_export
=
(
(
c
->
rsa_tmp_cb
!=
NULL
)
||
(
rsa_tmp
&&
(
RSA_size
(
c
->
rsa_tmp
)
*
8
<=
512
)))
?
1
:
0
;
rsa_tmp
=
(
c
->
rsa_tmp
!=
NULL
||
c
->
rsa_tmp_cb
!=
NULL
)
;
rsa_tmp_export
=
(
c
->
rsa_tmp_cb
!=
NULL
||
(
rsa_tmp
&&
RSA_size
(
c
->
rsa_tmp
)
*
8
<=
kl
))
;
#else
rsa_tmp
=
rsa_tmp_export
=
0
;
#endif
#ifndef NO_DH
dh_tmp
=
(
(
c
->
dh_tmp
!=
NULL
)
||
(
c
->
dh_tmp_cb
!=
NULL
))
?
1
:
0
;
dh_tmp_export
=
(
(
c
->
dh_tmp_cb
!=
NULL
)
||
(
dh_tmp
&&
(
DH_size
(
c
->
dh_tmp
)
*
8
<=
512
)))
?
1
:
0
;
dh_tmp
=
(
c
->
dh_tmp
!=
NULL
||
c
->
dh_tmp_cb
!=
NULL
)
;
dh_tmp_export
=
(
c
->
dh_tmp_cb
!=
NULL
||
(
dh_tmp
&&
DH_size
(
c
->
dh_tmp
)
*
8
<=
kl
))
;
#else
dh_tmp
=
dh_tmp_export
=
0
;
#endif
cpk
=
&
(
c
->
pkeys
[
SSL_PKEY_RSA_ENC
]);
rsa_enc
=
(
(
cpk
->
x509
!=
NULL
)
&&
(
cpk
->
privatekey
!=
NULL
))
?
1
:
0
;
rsa_enc_export
=
(
rsa_enc
&&
(
EVP_PKEY_size
(
cpk
->
privatekey
)
*
8
<=
512
))
?
1
:
0
;
rsa_enc
=
(
cpk
->
x509
!=
NULL
&&
cpk
->
privatekey
!=
NULL
)
;
rsa_enc_export
=
(
rsa_enc
&&
EVP_PKEY_size
(
cpk
->
privatekey
)
*
8
<=
kl
)
;
cpk
=
&
(
c
->
pkeys
[
SSL_PKEY_RSA_SIGN
]);
rsa_sign
=
(
(
cpk
->
x509
!=
NULL
)
&&
(
cpk
->
privatekey
!=
NULL
))
?
1
:
0
;
rsa_sign
=
(
cpk
->
x509
!=
NULL
&&
cpk
->
privatekey
!=
NULL
)
;
cpk
=
&
(
c
->
pkeys
[
SSL_PKEY_DSA_SIGN
]);
dsa_sign
=
(
(
cpk
->
x509
!=
NULL
)
&&
(
cpk
->
privatekey
!=
NULL
))
?
1
:
0
;
dsa_sign
=
(
cpk
->
x509
!=
NULL
&&
cpk
->
privatekey
!=
NULL
)
;
cpk
=
&
(
c
->
pkeys
[
SSL_PKEY_DH_RSA
]);
dh_rsa
=
(
(
cpk
->
x509
!=
NULL
)
&&
(
cpk
->
privatekey
!=
NULL
))
?
1
:
0
;
dh_rsa_export
=
(
dh_rsa
&&
(
EVP_PKEY_size
(
cpk
->
privatekey
)
*
8
<=
512
))
?
1
:
0
;
dh_rsa
=
(
cpk
->
x509
!=
NULL
&&
cpk
->
privatekey
!=
NULL
)
;
dh_rsa_export
=
(
dh_rsa
&&
EVP_PKEY_size
(
cpk
->
privatekey
)
*
8
<=
kl
)
;
cpk
=
&
(
c
->
pkeys
[
SSL_PKEY_DH_DSA
]);
/* FIX THIS EAY EAY EAY */
dh_dsa
=
(
(
cpk
->
x509
!=
NULL
)
&&
(
cpk
->
privatekey
!=
NULL
))
?
1
:
0
;
dh_dsa_export
=
(
dh_dsa
&&
(
EVP_PKEY_size
(
cpk
->
privatekey
)
*
8
<=
512
))
?
1
:
0
;
dh_dsa
=
(
cpk
->
x509
!=
NULL
&&
cpk
->
privatekey
!=
NULL
)
;
dh_dsa_export
=
(
dh_dsa
&&
EVP_PKEY_size
(
cpk
->
privatekey
)
*
8
<=
kl
)
;
mask
=
0
;
emask
=
0
;
...
...
@@ -1236,13 +1239,13 @@ SSL *s;
{
unsigned
long
alg
,
mask
,
kalg
;
CERT
*
c
;
int
i
,
_
export
;
int
i
,
export
;
c
=
s
->
cert
;
ssl_set_cert_masks
(
c
);
ssl_set_cert_masks
(
c
,
s
->
s3
->
tmp
.
new_cipher
);
alg
=
s
->
s3
->
tmp
.
new_cipher
->
algorithms
;
_
export
=
SSL_IS_EXPORT
(
alg
);
mask
=
_
export
?
c
->
export_mask
:
c
->
mask
;
export
=
SSL_IS_EXPORT
(
alg
);
mask
=
export
?
c
->
export_mask
:
c
->
mask
;
kalg
=
alg
&
(
SSL_MKEY_MASK
|
SSL_AUTH_MASK
);
if
(
kalg
&
SSL_kDHr
)
...
...
@@ -1888,10 +1891,12 @@ SSL *s;
return
(
s
->
rwstate
);
}
void
SSL_CTX_set_tmp_rsa_callback
(
SSL_CTX
*
ctx
,
RSA
*
(
*
cb
)(
SSL
*
ssl
,
int
export
))
void
SSL_CTX_set_tmp_rsa_callback
(
SSL_CTX
*
ctx
,
RSA
*
(
*
cb
)(
SSL
*
ssl
,
int
export
,
int
keylength
))
{
SSL_CTX_ctrl
(
ctx
,
SSL_CTRL_SET_TMP_RSA_CB
,
0
,(
char
*
)
cb
);
}
void
SSL_CTX_set_tmp_dh_callback
(
SSL_CTX
*
ctx
,
DH
*
(
*
dh
)(
SSL
*
ssl
,
int
export
))
void
SSL_CTX_set_tmp_dh_callback
(
SSL_CTX
*
ctx
,
DH
*
(
*
dh
)(
SSL
*
ssl
,
int
export
,
int
keylength
))
{
SSL_CTX_ctrl
(
ctx
,
SSL_CTRL_SET_TMP_DH_CB
,
0
,(
char
*
)
dh
);
}
#if defined(_WINDLL) && defined(WIN16)
...
...
ssl/ssl_locl.h
浏览文件 @
60e31c3a
...
...
@@ -275,8 +275,8 @@ typedef struct cert_st
RSA
*
rsa_tmp
;
DH
*
dh_tmp
;
RSA
*
(
*
rsa_tmp_cb
)();
DH
*
(
*
dh_tmp_cb
)();
RSA
*
(
*
rsa_tmp_cb
)(
SSL
*
ssl
,
int
export
,
int
keysize
);
DH
*
(
*
dh_tmp_cb
)(
SSL
*
ssl
,
int
export
,
int
keysize
);
CERT_PKEY
pkeys
[
SSL_PKEY_NUM
];
STACK
*
cert_chain
;
...
...
@@ -366,7 +366,7 @@ int ssl_undefined_function(SSL *s);
X509
*
ssl_get_server_send_cert
(
SSL
*
);
EVP_PKEY
*
ssl_get_sign_pkey
(
SSL
*
,
SSL_CIPHER
*
);
int
ssl_cert_type
(
X509
*
x
,
EVP_PKEY
*
pkey
);
void
ssl_set_cert_masks
(
CERT
*
c
);
void
ssl_set_cert_masks
(
CERT
*
c
,
SSL_CIPHER
*
cipher
);
STACK
*
ssl_get_ciphers_by_id
(
SSL
*
s
);
int
ssl_verify_alarm_type
(
long
type
);
...
...
ssl/ssltest.c
浏览文件 @
60e31c3a
...
...
@@ -75,7 +75,7 @@
#ifndef NOPROTO
int
MS_CALLBACK
verify_callback
(
int
ok
,
X509_STORE_CTX
*
ctx
);
static
RSA
MS_CALLBACK
*
tmp_rsa_cb
(
SSL
*
s
,
int
export
);
static
RSA
MS_CALLBACK
*
tmp_rsa_cb
(
SSL
*
s
,
int
export
,
int
keylength
);
#ifndef NO_DSA
static
DH
*
get_dh512
(
void
);
#endif
...
...
@@ -730,18 +730,19 @@ static DH *get_dh512()
}
#endif
static
RSA
MS_CALLBACK
*
tmp_rsa_cb
(
s
,
export
)
static
RSA
MS_CALLBACK
*
tmp_rsa_cb
(
s
,
export
,
keylength
)
SSL
*
s
;
int
export
;
int
keylength
;
{
static
RSA
*
rsa_tmp
=
NULL
;
if
(
rsa_tmp
==
NULL
)
{
BIO_printf
(
bio_err
,
"Generating temp (
512 bit) RSA key..."
);
BIO_printf
(
bio_err
,
"Generating temp (
%d bit) RSA key..."
,
keylength
);
BIO_flush
(
bio_err
);
#ifndef NO_RSA
rsa_tmp
=
RSA_generate_key
(
512
,
RSA_F4
,
NULL
,
NULL
);
rsa_tmp
=
RSA_generate_key
(
keylength
,
RSA_F4
,
NULL
,
NULL
);
#endif
BIO_printf
(
bio_err
,
"
\n
"
);
BIO_flush
(
bio_err
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录