Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
05ec6a25
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
10 个月 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
05ec6a25
编写于
7月 08, 2016
作者:
M
Matt Caswell
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Fix up error codes after splitting up tls_construct_key_exchange()
Reviewed-by:
N
Richard Levitte
<
levitte@openssl.org
>
上级
a7a75228
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
43 addition
and
49 deletion
+43
-49
include/openssl/ssl.h
include/openssl/ssl.h
+6
-0
ssl/ssl_err.c
ssl/ssl_err.c
+7
-0
ssl/statem/statem_clnt.c
ssl/statem/statem_clnt.c
+30
-49
未找到文件。
include/openssl/ssl.h
浏览文件 @
05ec6a25
...
...
@@ -2203,6 +2203,12 @@ void ERR_load_SSL_strings(void);
# define SSL_F_TLS1_SET_SERVER_SIGALGS 335
# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354
# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372
# define SSL_F_TLS_CONSTRUCT_CKE_DHE 404
# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 405
# define SSL_F_TLS_CONSTRUCT_CKE_GOST 406
# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 407
# define SSL_F_TLS_CONSTRUCT_CKE_RSA 409
# define SSL_F_TLS_CONSTRUCT_CKE_SRP 410
# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 355
# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 356
# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 357
...
...
ssl/ssl_err.c
浏览文件 @
05ec6a25
...
...
@@ -231,6 +231,13 @@ static ERR_STRING_DATA SSL_str_functs[] = {
"tls_client_key_exchange_post_work"
},
{
ERR_FUNC
(
SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST
),
"tls_construct_certificate_request"
},
{
ERR_FUNC
(
SSL_F_TLS_CONSTRUCT_CKE_DHE
),
"tls_construct_cke_dhe"
},
{
ERR_FUNC
(
SSL_F_TLS_CONSTRUCT_CKE_ECDHE
),
"tls_construct_cke_ecdhe"
},
{
ERR_FUNC
(
SSL_F_TLS_CONSTRUCT_CKE_GOST
),
"tls_construct_cke_gost"
},
{
ERR_FUNC
(
SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE
),
"tls_construct_cke_psk_preamble"
},
{
ERR_FUNC
(
SSL_F_TLS_CONSTRUCT_CKE_RSA
),
"tls_construct_cke_rsa"
},
{
ERR_FUNC
(
SSL_F_TLS_CONSTRUCT_CKE_SRP
),
"tls_construct_cke_srp"
},
{
ERR_FUNC
(
SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE
),
"tls_construct_client_certificate"
},
{
ERR_FUNC
(
SSL_F_TLS_CONSTRUCT_CLIENT_HELLO
),
...
...
ssl/statem/statem_clnt.c
浏览文件 @
05ec6a25
...
...
@@ -2030,8 +2030,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p,
size_t
psklen
=
0
;
if
(
s
->
psk_client_callback
==
NULL
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
SSL_R_PSK_NO_CLIENT_CB
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE
,
SSL_R_PSK_NO_CLIENT_CB
);
*
al
=
SSL_AD_INTERNAL_ERROR
;
goto
err
;
}
...
...
@@ -2043,12 +2042,11 @@ static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p,
psk
,
sizeof
(
psk
));
if
(
psklen
>
PSK_MAX_PSK_LEN
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE
,
ERR_R_INTERNAL_ERROR
);
*
al
=
SSL_AD_HANDSHAKE_FAILURE
;
goto
err
;
}
else
if
(
psklen
==
0
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
LIENT_KEY_EXCHANG
E
,
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
KE_PSK_PREAMBL
E
,
SSL_R_PSK_IDENTITY_NOT_FOUND
);
*
al
=
SSL_AD_HANDSHAKE_FAILURE
;
goto
err
;
...
...
@@ -2056,8 +2054,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p,
identitylen
=
strlen
(
identity
);
if
(
identitylen
>
PSK_MAX_IDENTITY_LEN
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE
,
ERR_R_INTERNAL_ERROR
);
*
al
=
SSL_AD_HANDSHAKE_FAILURE
;
goto
err
;
}
...
...
@@ -2065,7 +2062,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p,
tmppsk
=
OPENSSL_memdup
(
psk
,
psklen
);
tmpidentity
=
OPENSSL_strdup
(
identity
);
if
(
tmppsk
==
NULL
||
tmpidentity
==
NULL
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
LIENT_KEY_EXCHANG
E
,
ERR_R_MALLOC_FAILURE
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
KE_PSK_PREAMBL
E
,
ERR_R_MALLOC_FAILURE
);
*
al
=
SSL_AD_INTERNAL_ERROR
;
goto
err
;
}
...
...
@@ -2092,7 +2089,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p,
return
ret
;
#else
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
LIENT_KEY_EXCHANG
E
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
KE_PSK_PREAMBL
E
,
ERR_R_INTERNAL_ERROR
);
*
al
=
SSL_AD_INTERNAL_ERROR
;
return
0
;
#endif
...
...
@@ -2112,23 +2109,20 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al)
/*
* We should always have a server certificate with SSL_kRSA.
*/
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_CKE_RSA
,
ERR_R_INTERNAL_ERROR
);
return
0
;
}
pkey
=
X509_get0_pubkey
(
s
->
session
->
peer
);
if
(
EVP_PKEY_get0_RSA
(
pkey
)
==
NULL
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_CKE_RSA
,
ERR_R_INTERNAL_ERROR
);
return
0
;
}
pmslen
=
SSL_MAX_MASTER_KEY_LENGTH
;
pms
=
OPENSSL_malloc
(
pmslen
);
if
(
pms
==
NULL
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_MALLOC_FAILURE
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_CKE_RSA
,
ERR_R_MALLOC_FAILURE
);
*
al
=
SSL_AD_INTERNAL_ERROR
;
return
0
;
}
...
...
@@ -2146,13 +2140,11 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al)
pctx
=
EVP_PKEY_CTX_new
(
pkey
,
NULL
);
if
(
pctx
==
NULL
||
EVP_PKEY_encrypt_init
(
pctx
)
<=
0
||
EVP_PKEY_encrypt
(
pctx
,
NULL
,
&
enclen
,
pms
,
pmslen
)
<=
0
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_EVP_LIB
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_CKE_RSA
,
ERR_R_EVP_LIB
);
goto
err
;
}
if
(
EVP_PKEY_encrypt
(
pctx
,
*
p
,
&
enclen
,
pms
,
pmslen
)
<=
0
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
SSL_R_BAD_RSA_ENCRYPT
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_CKE_RSA
,
SSL_R_BAD_RSA_ENCRYPT
);
goto
err
;
}
*
len
=
enclen
;
...
...
@@ -2181,7 +2173,7 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al)
return
0
;
#else
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
LIENT_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
KE_RSA
,
ERR_R_INTERNAL_ERROR
);
*
al
=
SSL_AD_INTERNAL_ERROR
;
return
0
;
#endif
...
...
@@ -2196,16 +2188,14 @@ static int tls_construct_cke_dhe(SSL *s, unsigned char **p, int *len, int *al)
skey
=
s
->
s3
->
peer_tmp
;
if
(
skey
==
NULL
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_CKE_DHE
,
ERR_R_INTERNAL_ERROR
);
return
0
;
}
ckey
=
ssl_generate_pkey
(
skey
,
NID_undef
);
dh_clnt
=
EVP_PKEY_get0_DH
(
ckey
);
if
(
dh_clnt
==
NULL
||
ssl_derive
(
s
,
ckey
,
skey
)
==
0
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_CKE_DHE
,
ERR_R_INTERNAL_ERROR
);
EVP_PKEY_free
(
ckey
);
return
0
;
}
...
...
@@ -2220,7 +2210,7 @@ static int tls_construct_cke_dhe(SSL *s, unsigned char **p, int *len, int *al)
return
1
;
#else
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
LIENT_KEY_EXCHANG
E
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
KE_DH
E
,
ERR_R_INTERNAL_ERROR
);
*
al
=
SSL_AD_INTERNAL_ERROR
;
return
0
;
#endif
...
...
@@ -2235,15 +2225,14 @@ static int tls_construct_cke_ecdhe(SSL *s, unsigned char **p, int *len, int *al)
skey
=
s
->
s3
->
peer_tmp
;
if
((
skey
==
NULL
)
||
EVP_PKEY_get0_EC_KEY
(
skey
)
==
NULL
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_CKE_ECDHE
,
ERR_R_INTERNAL_ERROR
);
return
0
;
}
ckey
=
ssl_generate_pkey
(
skey
,
NID_undef
);
if
(
ssl_derive
(
s
,
ckey
,
skey
)
==
0
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
LIENT_KEY_EXCHANG
E
,
ERR_R_EVP_LIB
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
KE_ECDH
E
,
ERR_R_EVP_LIB
);
goto
err
;
}
...
...
@@ -2253,7 +2242,7 @@ static int tls_construct_cke_ecdhe(SSL *s, unsigned char **p, int *len, int *al)
&
encodedPoint
,
NULL
);
if
(
encoded_pt_len
==
0
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
LIENT_KEY_EXCHANG
E
,
ERR_R_EC_LIB
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
KE_ECDH
E
,
ERR_R_EC_LIB
);
goto
err
;
}
...
...
@@ -2277,7 +2266,7 @@ static int tls_construct_cke_ecdhe(SSL *s, unsigned char **p, int *len, int *al)
EVP_PKEY_free
(
ckey
);
return
0
;
#else
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
LIENT_KEY_EXCHANG
E
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
KE_ECDH
E
,
ERR_R_INTERNAL_ERROR
);
*
al
=
SSL_AD_INTERNAL_ERROR
;
return
0
;
#endif
...
...
@@ -2306,7 +2295,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
peer_cert
=
s
->
session
->
peer
;
if
(
!
peer_cert
)
{
*
al
=
SSL_AD_HANDSHAKE_FAILURE
;
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
LIENT_KEY_EXCHANGE
,
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
KE_GOST
,
SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER
);
return
0
;
}
...
...
@@ -2314,8 +2303,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
pkey_ctx
=
EVP_PKEY_CTX_new
(
X509_get0_pubkey
(
peer_cert
),
NULL
);
if
(
pkey_ctx
==
NULL
)
{
*
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_MALLOC_FAILURE
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_CKE_GOST
,
ERR_R_MALLOC_FAILURE
);
return
0
;
}
/*
...
...
@@ -2329,8 +2317,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
pms
=
OPENSSL_malloc
(
pmslen
);
if
(
pms
==
NULL
)
{
*
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_MALLOC_FAILURE
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_CKE_GOST
,
ERR_R_MALLOC_FAILURE
);
return
0
;
}
...
...
@@ -2338,8 +2325,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
/* Generate session key */
||
RAND_bytes
(
pms
,
pmslen
)
<=
0
)
{
*
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_CKE_GOST
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
};
/*
...
...
@@ -2368,8 +2354,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
SSL3_RANDOM_SIZE
)
<=
0
||
EVP_DigestFinal_ex
(
ukm_hash
,
shared_ukm
,
&
md_len
)
<=
0
)
{
*
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_CKE_GOST
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
EVP_MD_CTX_free
(
ukm_hash
);
...
...
@@ -2377,8 +2362,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
if
(
EVP_PKEY_CTX_ctrl
(
pkey_ctx
,
-
1
,
EVP_PKEY_OP_ENCRYPT
,
EVP_PKEY_CTRL_SET_IV
,
8
,
shared_ukm
)
<
0
)
{
*
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
SSL_R_LIBRARY_BUG
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_CKE_GOST
,
SSL_R_LIBRARY_BUG
);
goto
err
;
}
/* Make GOST keytransport blob message */
...
...
@@ -2389,8 +2373,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
msglen
=
255
;
if
(
EVP_PKEY_encrypt
(
pkey_ctx
,
tmp
,
&
msglen
,
pms
,
pmslen
)
<=
0
)
{
*
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
SSL_R_LIBRARY_BUG
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_CKE_GOST
,
SSL_R_LIBRARY_BUG
);
goto
err
;
}
if
(
msglen
>=
0x80
)
{
...
...
@@ -2419,7 +2402,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
EVP_MD_CTX_free
(
ukm_hash
);
return
0
;
#else
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
LIENT_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
KE_GOST
,
ERR_R_INTERNAL_ERROR
);
*
al
=
SSL_AD_INTERNAL_ERROR
;
return
0
;
#endif
...
...
@@ -2435,21 +2418,19 @@ static int tls_construct_cke_srp(SSL *s, unsigned char **p, int *len, int *al)
BN_bn2bin
(
s
->
srp_ctx
.
A
,
*
p
);
*
len
+=
2
;
}
else
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_CKE_SRP
,
ERR_R_INTERNAL_ERROR
);
return
0
;
}
OPENSSL_free
(
s
->
session
->
srp_username
);
s
->
session
->
srp_username
=
OPENSSL_strdup
(
s
->
srp_ctx
.
login
);
if
(
s
->
session
->
srp_username
==
NULL
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_MALLOC_FAILURE
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_CKE_SRP
,
ERR_R_MALLOC_FAILURE
);
return
0
;
}
return
1
;
#else
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
LIENT_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_C
KE_SRP
,
ERR_R_INTERNAL_ERROR
);
*
al
=
SSL_AD_INTERNAL_ERROR
;
return
0
;
#endif
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录