Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
fc5ce51d
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
fc5ce51d
编写于
9月 18, 2015
作者:
E
Emilia Kasper
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
PACKET: simplify ServerHello parsing
Reviewed-by:
N
Tim Hudson
<
tjh@openssl.org
>
上级
cf7f8592
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
35 addition
and
38 deletion
+35
-38
ssl/s3_clnt.c
ssl/s3_clnt.c
+35
-38
未找到文件。
ssl/s3_clnt.c
浏览文件 @
fc5ce51d
...
...
@@ -928,10 +928,11 @@ int ssl3_get_server_hello(SSL *s)
{
STACK_OF
(
SSL_CIPHER
)
*
sk
;
const
SSL_CIPHER
*
c
;
PACKET
pkt
;
unsigned
char
*
session_id
,
*
cipherchars
;
PACKET
pkt
,
session_id
;
size_t
session_id_len
;
unsigned
char
*
cipherchars
;
int
i
,
al
=
SSL_AD_INTERNAL_ERROR
,
ok
;
unsigned
int
j
;
unsigned
int
compression
;
long
n
;
#ifndef OPENSSL_NO_COMP
SSL_COMP
*
comp
;
...
...
@@ -1075,15 +1076,26 @@ int ssl3_get_server_hello(SSL *s)
s
->
hit
=
0
;
/* get the session-id length */
if
(
!
PACKET_get_1
(
&
pkt
,
&
j
)
||
(
j
>
sizeof
s
->
session
->
session_id
)
||
(
j
>
SSL3_SESSION_ID_SIZE
))
{
/* Get the session-id. */
if
(
!
PACKET_get_length_prefixed_1
(
&
pkt
,
&
session_id
))
{
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_SSL3_GET_SERVER_HELLO
,
SSL_R_LENGTH_MISMATCH
);
goto
f_err
;
}
session_id_len
=
PACKET_remaining
(
&
session_id
);
if
(
session_id_len
>
sizeof
s
->
session
->
session_id
||
session_id_len
>
SSL3_SESSION_ID_SIZE
)
{
al
=
SSL_AD_ILLEGAL_PARAMETER
;
SSLerr
(
SSL_F_SSL3_GET_SERVER_HELLO
,
SSL_R_SSL3_SESSION_ID_TOO_LONG
);
goto
f_err
;
}
if
(
!
PACKET_get_bytes
(
&
pkt
,
&
cipherchars
,
TLS_CIPHER_LEN
))
{
SSLerr
(
SSL_F_SSL3_GET_SERVER_HELLO
,
SSL_R_LENGTH_MISMATCH
);
al
=
SSL_AD_DECODE_ERROR
;
goto
f_err
;
}
/*
* Check if we can resume the session based on external pre-shared secret.
* EAP-FAST (RFC 4851) supports two types of session resumption.
...
...
@@ -1099,13 +1111,6 @@ int ssl3_get_server_hello(SSL *s)
if
(
s
->
version
>=
TLS1_VERSION
&&
s
->
tls_session_secret_cb
&&
s
->
session
->
tlsext_tick
)
{
SSL_CIPHER
*
pref_cipher
=
NULL
;
PACKET
bookmark
=
pkt
;
if
(
!
PACKET_forward
(
&
pkt
,
j
)
||
!
PACKET_get_bytes
(
&
pkt
,
&
cipherchars
,
TLS_CIPHER_LEN
))
{
SSLerr
(
SSL_F_SSL3_GET_SERVER_HELLO
,
SSL_R_LENGTH_MISMATCH
);
al
=
SSL_AD_DECODE_ERROR
;
goto
f_err
;
}
s
->
session
->
master_key_length
=
sizeof
(
s
->
session
->
master_key
);
if
(
s
->
tls_session_secret_cb
(
s
,
s
->
session
->
master_key
,
&
s
->
session
->
master_key_length
,
...
...
@@ -1118,18 +1123,11 @@ int ssl3_get_server_hello(SSL *s)
al
=
SSL_AD_INTERNAL_ERROR
;
goto
f_err
;
}
pkt
=
bookmark
;
}
/* Get the session id */
if
(
!
PACKET_get_bytes
(
&
pkt
,
&
session_id
,
j
))
{
SSLerr
(
SSL_F_SSL3_GET_SERVER_HELLO
,
SSL_R_LENGTH_MISMATCH
);
al
=
SSL_AD_DECODE_ERROR
;
goto
f_err
;
}
if
(
j
!=
0
&&
j
==
s
->
session
->
session_id_length
&&
memcmp
(
session_id
,
s
->
session
->
session_id
,
j
)
==
0
)
{
if
(
session_id_len
!=
0
&&
session_id_len
==
s
->
session
->
session_id_length
&&
memcmp
(
PACKET_data
(
&
session_id
),
s
->
session
->
session_id
,
session_id_len
)
==
0
)
{
if
(
s
->
sid_ctx_length
!=
s
->
session
->
sid_ctx_length
||
memcmp
(
s
->
session
->
sid_ctx
,
s
->
sid_ctx
,
s
->
sid_ctx_length
))
{
/* actually a client application bug */
...
...
@@ -1152,15 +1150,13 @@ int ssl3_get_server_hello(SSL *s)
goto
f_err
;
}
}
s
->
session
->
session_id_length
=
j
;
memcpy
(
s
->
session
->
session_id
,
session_id
,
j
);
/* j could be 0 */
}
if
(
!
PACKET_get_bytes
(
&
pkt
,
&
cipherchars
,
TLS_CIPHER_LEN
))
{
SSLerr
(
SSL_F_SSL3_GET_SERVER_HELLO
,
SSL_R_LENGTH_MISMATCH
);
al
=
SSL_AD_DECODE_ERROR
;
goto
f_err
;
s
->
session
->
session_id_length
=
session_id_len
;
/* session_id_len could be 0 */
memcpy
(
s
->
session
->
session_id
,
PACKET_data
(
&
session_id
),
session_id_len
)
;
}
c
=
ssl_get_cipher_by_char
(
s
,
cipherchars
);
if
(
c
==
NULL
)
{
/* unknown cipher */
...
...
@@ -1214,13 +1210,13 @@ int ssl3_get_server_hello(SSL *s)
goto
f_err
;
/* lets get the compression algorithm */
/* COMPRESSION */
if
(
!
PACKET_get_1
(
&
pkt
,
&
j
))
{
if
(
!
PACKET_get_1
(
&
pkt
,
&
compression
))
{
SSLerr
(
SSL_F_SSL3_GET_SERVER_HELLO
,
SSL_R_LENGTH_MISMATCH
);
al
=
SSL_AD_DECODE_ERROR
;
goto
f_err
;
}
#ifdef OPENSSL_NO_COMP
if
(
j
!=
0
)
{
if
(
compression
!=
0
)
{
al
=
SSL_AD_ILLEGAL_PARAMETER
;
SSLerr
(
SSL_F_SSL3_GET_SERVER_HELLO
,
SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM
);
...
...
@@ -1235,22 +1231,23 @@ int ssl3_get_server_hello(SSL *s)
goto
f_err
;
}
#else
if
(
s
->
hit
&&
j
!=
s
->
session
->
compress_meth
)
{
if
(
s
->
hit
&&
compression
!=
s
->
session
->
compress_meth
)
{
al
=
SSL_AD_ILLEGAL_PARAMETER
;
SSLerr
(
SSL_F_SSL3_GET_SERVER_HELLO
,
SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED
);
goto
f_err
;
}
if
(
j
==
0
)
if
(
compression
==
0
)
comp
=
NULL
;
else
if
(
!
ssl_allow_compression
(
s
))
{
al
=
SSL_AD_ILLEGAL_PARAMETER
;
SSLerr
(
SSL_F_SSL3_GET_SERVER_HELLO
,
SSL_R_COMPRESSION_DISABLED
);
goto
f_err
;
}
else
comp
=
ssl3_comp_find
(
s
->
ctx
->
comp_methods
,
j
);
}
else
{
comp
=
ssl3_comp_find
(
s
->
ctx
->
comp_methods
,
compression
);
}
if
(
(
j
!=
0
)
&&
(
comp
==
NULL
)
)
{
if
(
compression
!=
0
&&
comp
==
NULL
)
{
al
=
SSL_AD_ILLEGAL_PARAMETER
;
SSLerr
(
SSL_F_SSL3_GET_SERVER_HELLO
,
SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录