Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
cae41364
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
cae41364
编写于
12月 12, 2015
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Use EC_KEY_key2buf and EC_oct2key in libssl.
Reviewed-by:
N
Richard Levitte
<
levitte@openssl.org
>
上级
981bd8a2
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
15 addition
and
89 deletion
+15
-89
ssl/statem/statem_clnt.c
ssl/statem/statem_clnt.c
+11
-53
ssl/statem/statem_srvr.c
ssl/statem/statem_srvr.c
+4
-36
未找到文件。
ssl/statem/statem_clnt.c
浏览文件 @
cae41364
...
...
@@ -1586,8 +1586,6 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
#endif
#ifndef OPENSSL_NO_EC
EC_KEY
*
ecdh
=
NULL
;
BN_CTX
*
bn_ctx
=
NULL
;
EC_POINT
*
srvr_ecpoint
=
NULL
;
int
curve_nid
=
0
;
#endif
PACKET
save_param_start
,
signature
;
...
...
@@ -1742,16 +1740,9 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
#ifndef OPENSSL_NO_EC
else
if
(
alg_k
&
(
SSL_kECDHE
|
SSL_kECDHEPSK
))
{
EC_GROUP
*
ngroup
;
const
EC_GROUP
*
group
;
PACKET
encoded_pt
;
unsigned
char
*
ecparams
;
if
((
ecdh
=
EC_KEY_new
())
==
NULL
)
{
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
ERR_R_MALLOC_FAILURE
);
goto
err
;
}
/*
* Extract elliptic curve parameters and the server's ephemeral ECDH
* public key. For now we only support named (not generic) curves and
...
...
@@ -1777,23 +1768,10 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
goto
f_err
;
}
ngroup
=
EC_GROUP_new_by_curve_name
(
curve_nid
);
if
(
ngroup
==
NULL
)
{
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
ERR_R_EC_LIB
);
goto
err
;
}
if
(
EC_KEY_set_group
(
ecdh
,
ngroup
)
==
0
)
{
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
ERR_R_EC_LIB
);
goto
err
;
}
EC_GROUP_free
(
ngroup
);
group
=
EC_KEY_get0_group
(
ecdh
);
ecdh
=
EC_KEY_new_by_curve_name
(
curve_nid
);
/* Next, get the encoded ECPoint */
if
(((
srvr_ecpoint
=
EC_POINT_new
(
group
))
==
NULL
)
||
((
bn_ctx
=
BN_CTX_new
())
==
NULL
))
{
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
ERR_R_MALLOC_FAILURE
);
if
(
ecdh
==
NULL
)
{
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
ERR_R_EC_LIB
);
goto
err
;
}
...
...
@@ -1802,8 +1780,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
goto
f_err
;
}
if
(
EC_
POINT_oct2point
(
group
,
srvr_ecpoint
,
PACKET_data
(
&
encoded_pt
),
PACKET_remaining
(
&
encoded_pt
),
bn_ctx
)
==
0
)
{
if
(
EC_
KEY_oct2key
(
ecdh
,
PACKET_data
(
&
encoded_pt
),
PACKET_remaining
(
&
encoded_pt
),
NULL
)
==
0
)
{
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
SSL_R_BAD_ECPOINT
);
goto
f_err
;
}
...
...
@@ -1823,13 +1801,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
pkey
=
X509_get_pubkey
(
s
->
session
->
peer
);
# endif
/* else anonymous ECDH, so no certificate or pkey. */
EC_KEY_set_public_key
(
ecdh
,
srvr_ecpoint
);
s
->
s3
->
peer_ecdh_tmp
=
ecdh
;
ecdh
=
NULL
;
BN_CTX_free
(
bn_ctx
);
bn_ctx
=
NULL
;
EC_POINT_free
(
srvr_ecpoint
);
srvr_ecpoint
=
NULL
;
}
else
if
(
alg_k
)
{
al
=
SSL_AD_UNEXPECTED_MESSAGE
;
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
SSL_R_UNEXPECTED_MESSAGE
);
...
...
@@ -1940,8 +1913,6 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
DH_free
(
dh
);
#endif
#ifndef OPENSSL_NO_EC
BN_CTX_free
(
bn_ctx
);
EC_POINT_free
(
srvr_ecpoint
);
EC_KEY_free
(
ecdh
);
#endif
EVP_MD_CTX_free
(
md_ctx
);
...
...
@@ -2272,7 +2243,6 @@ int tls_construct_client_key_exchange(SSL *s)
EVP_PKEY
*
srvr_pub_pkey
=
NULL
;
unsigned
char
*
encodedPoint
=
NULL
;
int
encoded_pt_len
=
0
;
BN_CTX
*
bn_ctx
=
NULL
;
#endif
unsigned
char
*
pms
=
NULL
;
size_t
pmslen
=
0
;
...
...
@@ -2620,25 +2590,15 @@ psk_err:
* accordingly.
*/
encoded_pt_len
=
EC_POINT_point2oct
(
srvr_group
,
EC_KEY_get0_public_key
(
clnt_ecdh
),
POINT_CONVERSION_UNCOMPRESSED
,
NULL
,
0
,
NULL
);
encodedPoint
=
(
unsigned
char
*
)
OPENSSL_malloc
(
encoded_pt_len
*
sizeof
(
unsigned
char
));
bn_ctx
=
BN_CTX_new
();
if
((
encodedPoint
==
NULL
)
||
(
bn_ctx
==
NULL
))
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_MALLOC_FAILURE
);
EC_KEY_key2buf
(
clnt_ecdh
,
POINT_CONVERSION_UNCOMPRESSED
,
&
encodedPoint
,
NULL
);
if
(
encoded_pt_len
==
0
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_EC_LIB
);
goto
err
;
}
/* Encode the public key */
n
=
EC_POINT_point2oct
(
srvr_group
,
EC_KEY_get0_public_key
(
clnt_ecdh
),
POINT_CONVERSION_UNCOMPRESSED
,
encodedPoint
,
encoded_pt_len
,
bn_ctx
);
n
=
encoded_pt_len
;
*
p
=
n
;
/* length of encoded point */
/* Encoded point will be copied here */
...
...
@@ -2650,7 +2610,6 @@ psk_err:
}
/* Free allocated memory */
BN_CTX_free
(
bn_ctx
);
OPENSSL_free
(
encodedPoint
);
EC_KEY_free
(
clnt_ecdh
);
EVP_PKEY_free
(
srvr_pub_pkey
);
...
...
@@ -2828,7 +2787,6 @@ psk_err:
OPENSSL_clear_free
(
pms
,
pmslen
);
s
->
s3
->
tmp
.
pms
=
NULL
;
#ifndef OPENSSL_NO_EC
BN_CTX_free
(
bn_ctx
);
OPENSSL_free
(
encodedPoint
);
EC_KEY_free
(
clnt_ecdh
);
EVP_PKEY_free
(
srvr_pub_pkey
);
...
...
ssl/statem/statem_srvr.c
浏览文件 @
cae41364
...
...
@@ -1721,7 +1721,6 @@ int tls_construct_server_key_exchange(SSL *s)
unsigned
char
*
encodedPoint
=
NULL
;
int
encodedlen
=
0
;
int
curve_id
=
0
;
BN_CTX
*
bn_ctx
=
NULL
;
#endif
EVP_PKEY
*
pkey
;
const
EVP_MD
*
md
=
NULL
;
...
...
@@ -1879,33 +1878,14 @@ int tls_construct_server_key_exchange(SSL *s)
* Encode the public key. First check the size of encoding and
* allocate memory accordingly.
*/
encodedlen
=
EC_POINT_point2oct
(
group
,
EC_KEY_get0_public_key
(
ecdh
),
POINT_CONVERSION_UNCOMPRESSED
,
NULL
,
0
,
NULL
);
encodedPoint
=
(
unsigned
char
*
)
OPENSSL_malloc
(
encodedlen
*
sizeof
(
unsigned
char
));
bn_ctx
=
BN_CTX_new
();
if
((
encodedPoint
==
NULL
)
||
(
bn_ctx
==
NULL
))
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE
,
ERR_R_MALLOC_FAILURE
);
goto
err
;
}
encodedlen
=
EC_POINT_point2oct
(
group
,
EC_KEY_get0_public_key
(
ecdh
),
POINT_CONVERSION_UNCOMPRESSED
,
encodedPoint
,
encodedlen
,
bn_ctx
);
encodedlen
=
EC_KEY_key2buf
(
ecdh
,
POINT_CONVERSION_UNCOMPRESSED
,
&
encodedPoint
,
NULL
);
if
(
encodedlen
==
0
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE
,
ERR_R_EC
DH
_LIB
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE
,
ERR_R_EC_LIB
);
goto
err
;
}
BN_CTX_free
(
bn_ctx
);
bn_ctx
=
NULL
;
/*
* XXX: For now, we only support named (not generic) curves in
* ECDH ephemeral key exchanges. In this situation, we need four
...
...
@@ -2082,7 +2062,6 @@ int tls_construct_server_key_exchange(SSL *s)
err:
#ifndef OPENSSL_NO_EC
OPENSSL_free
(
encodedPoint
);
BN_CTX_free
(
bn_ctx
);
#endif
EVP_MD_CTX_free
(
md_ctx
);
ossl_statem_set_error
(
s
);
...
...
@@ -2176,9 +2155,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
#endif
#ifndef OPENSSL_NO_EC
EC_KEY
*
srvr_ecdh
=
NULL
;
EVP_PKEY
*
clnt_pub_pkey
=
NULL
;
EC_POINT
*
clnt_ecpoint
=
NULL
;
BN_CTX
*
bn_ctx
=
NULL
;
#endif
PACKET
enc_premaster
;
unsigned
char
*
data
,
*
rsa_decrypt
=
NULL
;
...
...
@@ -2581,11 +2558,6 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
* Get client's public key from encoded point in the
* ClientKeyExchange message.
*/
if
((
bn_ctx
=
BN_CTX_new
())
==
NULL
)
{
SSLerr
(
SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE
,
ERR_R_MALLOC_FAILURE
);
goto
err
;
}
/* Get encoded point length */
if
(
!
PACKET_get_1
(
pkt
,
&
i
))
{
...
...
@@ -2599,7 +2571,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
SSLerr
(
SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE
,
ERR_R_EC_LIB
);
goto
err
;
}
if
(
EC_POINT_oct2point
(
group
,
clnt_ecpoint
,
data
,
i
,
bn_ctx
)
==
0
)
{
if
(
EC_POINT_oct2point
(
group
,
clnt_ecpoint
,
data
,
i
,
NULL
)
==
0
)
{
SSLerr
(
SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE
,
ERR_R_EC_LIB
);
goto
err
;
}
...
...
@@ -2624,10 +2596,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
goto
err
;
}
EVP_PKEY_free
(
clnt_pub_pkey
);
EC_POINT_free
(
clnt_ecpoint
);
EC_KEY_free
(
srvr_ecdh
);
BN_CTX_free
(
bn_ctx
);
EC_KEY_free
(
s
->
s3
->
tmp
.
ecdh
);
s
->
s3
->
tmp
.
ecdh
=
NULL
;
...
...
@@ -2780,10 +2750,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
err:
#endif
#ifndef OPENSSL_NO_EC
EVP_PKEY_free
(
clnt_pub_pkey
);
EC_POINT_free
(
clnt_ecpoint
);
EC_KEY_free
(
srvr_ecdh
);
BN_CTX_free
(
bn_ctx
);
OPENSSL_free
(
rsa_decrypt
);
#endif
#ifndef OPENSSL_NO_PSK
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录