Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
6400f338
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
6400f338
编写于
9月 14, 2016
作者:
M
Matt Caswell
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Convert ClientVerify Construction to WPACKET
Reviewed-by:
N
Rich Salz
<
rsalz@openssl.org
>
上级
28aef3d9
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
64 addition
and
19 deletion
+64
-19
ssl/ssl_locl.h
ssl/ssl_locl.h
+3
-1
ssl/statem/statem_clnt.c
ssl/statem/statem_clnt.c
+35
-16
ssl/statem/statem_srvr.c
ssl/statem/statem_srvr.c
+1
-1
ssl/t1_lib.c
ssl/t1_lib.c
+25
-1
未找到文件。
ssl/ssl_locl.h
浏览文件 @
6400f338
...
...
@@ -2038,8 +2038,10 @@ __owur int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext,
const
PACKET
*
session_id
,
SSL_SESSION
**
ret
);
__owur
int
tls12_get_sigandhash
(
unsigned
char
*
p
,
const
EVP_PKEY
*
pk
,
__owur
int
tls12_get_sigandhash
(
WPACKET
*
pkt
,
const
EVP_PKEY
*
pk
,
const
EVP_MD
*
md
);
__owur
int
tls12_get_sigandhash_old
(
unsigned
char
*
p
,
const
EVP_PKEY
*
pk
,
const
EVP_MD
*
md
);
__owur
int
tls12_get_sigid
(
const
EVP_PKEY
*
pk
);
__owur
const
EVP_MD
*
tls12_get_hash
(
unsigned
char
hash_alg
);
void
ssl_set_sig_mask
(
uint32_t
*
pmask_a
,
SSL
*
s
,
int
op
);
...
...
ssl/statem/statem_clnt.c
浏览文件 @
6400f338
...
...
@@ -2616,22 +2616,32 @@ int tls_client_key_exchange_post_work(SSL *s)
int
tls_construct_client_verify
(
SSL
*
s
)
{
unsigned
char
*
p
;
EVP_PKEY
*
pkey
;
const
EVP_MD
*
md
=
s
->
s3
->
tmp
.
md
[
s
->
cert
->
key
-
s
->
cert
->
pkeys
];
EVP_MD_CTX
*
mctx
;
unsigned
u
=
0
;
unsigned
long
n
=
0
;
long
hdatalen
=
0
;
void
*
hdata
;
unsigned
char
*
sig
=
NULL
;
WPACKET
pkt
;
if
(
!
WPACKET_init
(
&
pkt
,
s
->
init_buf
))
{
/* Should not happen */
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
if
(
!
ssl_set_handshake_header2
(
s
,
&
pkt
,
SSL3_MT_CERTIFICATE_VERIFY
))
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
mctx
=
EVP_MD_CTX_new
();
if
(
mctx
==
NULL
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY
,
ERR_R_MALLOC_FAILURE
);
goto
err
;
}
p
=
ssl_handshake_start
(
s
);
pkey
=
s
->
cert
->
key
->
privatekey
;
hdatalen
=
BIO_get_mem_data
(
s
->
s3
->
handshake_buffer
,
&
hdata
);
...
...
@@ -2639,24 +2649,25 @@ int tls_construct_client_verify(SSL *s)
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
if
(
SSL_USE_SIGALGS
(
s
))
{
if
(
!
tls12_get_sigandhash
(
p
,
pkey
,
md
))
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
p
+=
2
;
n
=
2
;
if
(
SSL_USE_SIGALGS
(
s
)
&&
!
tls12_get_sigandhash
(
&
pkt
,
pkey
,
md
))
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
#ifdef SSL_DEBUG
fprintf
(
stderr
,
"Using client alg %s
\n
"
,
EVP_MD_name
(
md
));
#endif
sig
=
OPENSSL_malloc
(
EVP_PKEY_size
(
pkey
));
if
(
sig
==
NULL
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY
,
ERR_R_MALLOC_FAILURE
);
goto
err
;
}
if
(
!
EVP_SignInit_ex
(
mctx
,
md
,
NULL
)
||
!
EVP_SignUpdate
(
mctx
,
hdata
,
hdatalen
)
||
(
s
->
version
==
SSL3_VERSION
&&
!
EVP_MD_CTX_ctrl
(
mctx
,
EVP_CTRL_SSL3_MASTER_SECRET
,
s
->
session
->
master_key_length
,
s
->
session
->
master_key
))
||
!
EVP_SignFinal
(
mctx
,
p
+
2
,
&
u
,
pkey
))
{
||
!
EVP_SignFinal
(
mctx
,
sig
,
&
u
,
pkey
))
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY
,
ERR_R_EVP_LIB
);
goto
err
;
}
...
...
@@ -2666,24 +2677,32 @@ int tls_construct_client_verify(SSL *s)
if
(
pktype
==
NID_id_GostR3410_2001
||
pktype
==
NID_id_GostR3410_2012_256
||
pktype
==
NID_id_GostR3410_2012_512
)
BUF_reverse
(
p
+
2
,
NULL
,
u
);
BUF_reverse
(
sig
,
NULL
,
u
);
}
#endif
s2n
(
u
,
p
);
n
+=
u
+
2
;
if
(
!
WPACKET_sub_memcpy_u16
(
&
pkt
,
sig
,
u
))
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
/* Digest cached records and discard handshake buffer */
if
(
!
ssl3_digest_cached_records
(
s
,
0
))
goto
err
;
if
(
!
ssl_set_handshake_header
(
s
,
SSL3_MT_CERTIFICATE_VERIFY
,
n
))
{
if
(
!
ssl_close_construct_packet
(
s
,
&
pkt
))
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
OPENSSL_free
(
sig
);
EVP_MD_CTX_free
(
mctx
);
return
1
;
err:
WPACKET_cleanup
(
&
pkt
);
OPENSSL_free
(
sig
);
EVP_MD_CTX_free
(
mctx
);
ssl3_send_alert
(
s
,
SSL3_AL_FATAL
,
SSL_AD_INTERNAL_ERROR
);
return
0
;
}
...
...
ssl/statem/statem_srvr.c
浏览文件 @
6400f338
...
...
@@ -1918,7 +1918,7 @@ int tls_construct_server_key_exchange(SSL *s)
if
(
md
)
{
/* send signature algorithm */
if
(
SSL_USE_SIGALGS
(
s
))
{
if
(
!
tls12_get_sigandhash
(
p
,
pkey
,
md
))
{
if
(
!
tls12_get_sigandhash
_old
(
p
,
pkey
,
md
))
{
/* Should never happen */
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE
,
...
...
ssl/t1_lib.c
浏览文件 @
6400f338
...
...
@@ -3119,7 +3119,31 @@ static int tls12_find_nid(int id, const tls12_lookup *table, size_t tlen)
return
NID_undef
;
}
int
tls12_get_sigandhash
(
unsigned
char
*
p
,
const
EVP_PKEY
*
pk
,
const
EVP_MD
*
md
)
int
tls12_get_sigandhash
(
WPACKET
*
pkt
,
const
EVP_PKEY
*
pk
,
const
EVP_MD
*
md
)
{
int
sig_id
,
md_id
;
if
(
!
md
)
return
0
;
md_id
=
tls12_find_id
(
EVP_MD_type
(
md
),
tls12_md
,
OSSL_NELEM
(
tls12_md
));
if
(
md_id
==
-
1
)
return
0
;
sig_id
=
tls12_get_sigid
(
pk
);
if
(
sig_id
==
-
1
)
return
0
;
if
(
!
WPACKET_put_bytes
(
pkt
,
md_id
,
1
)
||
!
WPACKET_put_bytes
(
pkt
,
sig_id
,
1
))
return
0
;
return
1
;
}
/*
* Old version of the tls12_get_sigandhash function used by code that has not
* yet been converted to WPACKET yet. It will be deleted once WPACKET conversion
* is complete.
* TODO - DELETE ME
*/
int
tls12_get_sigandhash_old
(
unsigned
char
*
p
,
const
EVP_PKEY
*
pk
,
const
EVP_MD
*
md
)
{
int
sig_id
,
md_id
;
if
(
!
md
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录