Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
0d9824c1
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
0d9824c1
编写于
11月 08, 2016
作者:
M
Matt Caswell
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Implement tls13_change_cipher_state()
Reviewed-by:
N
Rich Salz
<
rsalz@openssl.org
>
上级
9362c93e
变更
7
隐藏空白更改
内联
并排
Showing
7 changed file
with
170 addition
and
2 deletion
+170
-2
include/openssl/ssl.h
include/openssl/ssl.h
+1
-0
include/openssl/ssl3.h
include/openssl/ssl3.h
+2
-0
ssl/ssl_err.c
ssl/ssl_err.c
+1
-0
ssl/ssl_lib.c
ssl/ssl_lib.c
+1
-2
ssl/ssl_locl.h
ssl/ssl_locl.h
+1
-0
ssl/tls13_enc.c
ssl/tls13_enc.c
+156
-0
test/tls13secretstest.c
test/tls13secretstest.c
+8
-0
未找到文件。
include/openssl/ssl.h
浏览文件 @
0d9824c1
...
...
@@ -2242,6 +2242,7 @@ int ERR_load_SSL_strings(void);
# define SSL_F_SSL_WRITE_EX 433
# define SSL_F_STATE_MACHINE 353
# define SSL_F_TLS12_CHECK_PEER_SIGALG 333
# define SSL_F_TLS13_CHANGE_CIPHER_STATE 435
# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341
# define SSL_F_TLS1_ENC 401
...
...
include/openssl/ssl3.h
浏览文件 @
0d9824c1
...
...
@@ -296,6 +296,8 @@ extern "C" {
# define SSL3_CC_WRITE 0x02
# define SSL3_CC_CLIENT 0x10
# define SSL3_CC_SERVER 0x20
# define SSL3_CC_HANDSHAKE 0x40
# define SSL3_CC_APPLICATION 0x80
# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)
# define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ)
# define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ)
...
...
ssl/ssl_err.c
浏览文件 @
0d9824c1
...
...
@@ -238,6 +238,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{
ERR_FUNC
(
SSL_F_SSL_WRITE_EX
),
"SSL_write_ex"
},
{
ERR_FUNC
(
SSL_F_STATE_MACHINE
),
"state_machine"
},
{
ERR_FUNC
(
SSL_F_TLS12_CHECK_PEER_SIGALG
),
"tls12_check_peer_sigalg"
},
{
ERR_FUNC
(
SSL_F_TLS13_CHANGE_CIPHER_STATE
),
"tls13_change_cipher_state"
},
{
ERR_FUNC
(
SSL_F_TLS1_CHANGE_CIPHER_STATE
),
"tls1_change_cipher_state"
},
{
ERR_FUNC
(
SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS
),
"tls1_check_duplicate_extensions"
},
...
...
ssl/ssl_lib.c
浏览文件 @
0d9824c1
...
...
@@ -3828,8 +3828,7 @@ EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
void
ssl_clear_hash_ctx
(
EVP_MD_CTX
**
hash
)
{
if
(
*
hash
)
EVP_MD_CTX_free
(
*
hash
);
EVP_MD_CTX_free
(
*
hash
);
*
hash
=
NULL
;
}
...
...
ssl/ssl_locl.h
浏览文件 @
0d9824c1
...
...
@@ -2003,6 +2003,7 @@ __owur size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen,
__owur
int
tls1_generate_master_secret
(
SSL
*
s
,
unsigned
char
*
out
,
unsigned
char
*
p
,
size_t
len
,
size_t
*
secret_size
);
__owur
int
tls13_change_cipher_state
(
SSL
*
s
,
int
which
);
__owur
int
tls13_derive_secret
(
SSL
*
s
,
const
unsigned
char
*
insecret
,
const
unsigned
char
*
label
,
size_t
labellen
,
unsigned
char
*
secret
);
...
...
ssl/tls13_enc.c
浏览文件 @
0d9824c1
...
...
@@ -214,4 +214,160 @@ int tls13_generate_master_secret(SSL *s, unsigned char *out,
return
tls13_generate_secret
(
s
,
prev
,
NULL
,
0
,
out
);
}
const
unsigned
char
client_handshake_traffic
[]
=
"client handshake traffic secret"
;
const
unsigned
char
client_application_traffic
[]
=
"client application traffic secret"
;
const
unsigned
char
server_handshake_traffic
[]
=
"server handshake traffic secret"
;
const
unsigned
char
server_application_traffic
[]
=
"server application traffic secret"
;
int
tls13_change_cipher_state
(
SSL
*
s
,
int
which
)
{
unsigned
char
key
[
EVP_MAX_KEY_LENGTH
];
unsigned
char
iv
[
EVP_MAX_IV_LENGTH
];
unsigned
char
secret
[
EVP_MAX_MD_SIZE
];
unsigned
char
*
insecret
;
EVP_CIPHER_CTX
*
ciph_ctx
;
const
EVP_CIPHER
*
ciph
=
s
->
s3
->
tmp
.
new_sym_enc
;;
size_t
ivlen
,
keylen
;
const
unsigned
char
*
label
;
size_t
labellen
;
if
(
which
&
SSL3_CC_READ
)
{
if
(
s
->
enc_read_ctx
!=
NULL
)
{
EVP_CIPHER_CTX_reset
(
s
->
enc_read_ctx
);
}
else
{
s
->
enc_read_ctx
=
EVP_CIPHER_CTX_new
();
if
(
s
->
enc_read_ctx
==
NULL
)
{
SSLerr
(
SSL_F_TLS13_CHANGE_CIPHER_STATE
,
ERR_R_MALLOC_FAILURE
);
goto
err
;
}
}
ciph_ctx
=
s
->
enc_read_ctx
;
RECORD_LAYER_reset_read_sequence
(
&
s
->
rlayer
);
}
else
{
if
(
s
->
enc_write_ctx
!=
NULL
)
{
EVP_CIPHER_CTX_reset
(
s
->
enc_write_ctx
);
}
else
{
s
->
enc_write_ctx
=
EVP_CIPHER_CTX_new
();
if
(
s
->
enc_write_ctx
==
NULL
)
{
SSLerr
(
SSL_F_TLS13_CHANGE_CIPHER_STATE
,
ERR_R_MALLOC_FAILURE
);
goto
err
;
}
}
ciph_ctx
=
s
->
enc_write_ctx
;
RECORD_LAYER_reset_write_sequence
(
&
s
->
rlayer
);
}
if
(((
which
&
SSL3_CC_CLIENT
)
&&
(
which
&
SSL3_CC_WRITE
))
||
((
which
&
SSL3_CC_SERVER
)
&&
(
which
&
SSL3_CC_READ
)))
{
if
(
which
&
SSL3_CC_HANDSHAKE
)
{
insecret
=
s
->
handshake_secret
;
label
=
client_handshake_traffic
;
labellen
=
sizeof
(
client_handshake_traffic
)
-
1
;
}
else
{
insecret
=
s
->
session
->
master_key
;
label
=
client_application_traffic
;
labellen
=
sizeof
(
client_application_traffic
)
-
1
;
}
}
else
{
if
(
which
&
SSL3_CC_HANDSHAKE
)
{
insecret
=
s
->
handshake_secret
;
label
=
server_handshake_traffic
;
labellen
=
sizeof
(
server_handshake_traffic
)
-
1
;
}
else
{
insecret
=
s
->
session
->
master_key
;
label
=
server_application_traffic
;
labellen
=
sizeof
(
server_application_traffic
)
-
1
;
}
}
if
(
!
tls13_derive_secret
(
s
,
insecret
,
label
,
labellen
,
secret
))
{
SSLerr
(
SSL_F_TLS13_CHANGE_CIPHER_STATE
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
/* TODO(size_t): convert me */
keylen
=
EVP_CIPHER_key_length
(
ciph
);
if
(
EVP_CIPHER_mode
(
ciph
)
==
EVP_CIPH_GCM_MODE
)
ivlen
=
EVP_GCM_TLS_FIXED_IV_LEN
;
else
if
(
EVP_CIPHER_mode
(
ciph
)
==
EVP_CIPH_CCM_MODE
)
ivlen
=
EVP_CCM_TLS_FIXED_IV_LEN
;
else
ivlen
=
EVP_CIPHER_iv_length
(
ciph
);
if
(
!
tls13_derive_key
(
s
,
secret
,
key
,
keylen
)
||
!
tls13_derive_iv
(
s
,
secret
,
iv
,
ivlen
))
{
SSLerr
(
SSL_F_TLS13_CHANGE_CIPHER_STATE
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
if
(
EVP_CIPHER_mode
(
ciph
)
==
EVP_CIPH_GCM_MODE
)
{
if
(
!
EVP_CipherInit_ex
(
ciph_ctx
,
ciph
,
NULL
,
key
,
NULL
,
(
which
&
SSL3_CC_WRITE
))
||
!
EVP_CIPHER_CTX_ctrl
(
ciph_ctx
,
EVP_CTRL_GCM_SET_IV_FIXED
,
(
int
)
ivlen
,
iv
))
{
SSLerr
(
SSL_F_TLS13_CHANGE_CIPHER_STATE
,
ERR_R_EVP_LIB
);
goto
err
;
}
}
else
if
(
EVP_CIPHER_mode
(
ciph
)
==
EVP_CIPH_CCM_MODE
)
{
int
taglen
;
if
(
s
->
s3
->
tmp
.
new_cipher
->
algorithm_enc
&
(
SSL_AES128CCM8
|
SSL_AES256CCM8
))
taglen
=
8
;
else
taglen
=
16
;
if
(
!
EVP_CipherInit_ex
(
ciph_ctx
,
ciph
,
NULL
,
NULL
,
NULL
,
(
which
&
SSL3_CC_WRITE
))
||
!
EVP_CIPHER_CTX_ctrl
(
ciph_ctx
,
EVP_CTRL_AEAD_SET_IVLEN
,
12
,
NULL
)
||
!
EVP_CIPHER_CTX_ctrl
(
ciph_ctx
,
EVP_CTRL_AEAD_SET_TAG
,
taglen
,
NULL
)
||
!
EVP_CIPHER_CTX_ctrl
(
ciph_ctx
,
EVP_CTRL_CCM_SET_IV_FIXED
,
(
int
)
ivlen
,
iv
)
||
!
EVP_CipherInit_ex
(
ciph_ctx
,
NULL
,
NULL
,
key
,
NULL
,
-
1
))
{
SSLerr
(
SSL_F_TLS13_CHANGE_CIPHER_STATE
,
ERR_R_EVP_LIB
);
goto
err
;
}
}
else
{
if
(
!
EVP_CipherInit_ex
(
ciph_ctx
,
ciph
,
NULL
,
key
,
iv
,
(
which
&
SSL3_CC_WRITE
)))
{
SSLerr
(
SSL_F_TLS13_CHANGE_CIPHER_STATE
,
ERR_R_EVP_LIB
);
goto
err
;
}
}
#ifdef OPENSSL_SSL_TRACE_CRYPTO
if
(
s
->
msg_callback
)
{
int
wh
=
which
&
SSL3_CC_WRITE
?
TLS1_RT_CRYPTO_WRITE
:
0
;
if
(
ciph
->
key_len
)
s
->
msg_callback
(
2
,
s
->
version
,
wh
|
TLS1_RT_CRYPTO_KEY
,
key
,
ciph
->
key_len
,
s
,
s
->
msg_callback_arg
);
if
(
ivlen
)
{
if
(
EVP_CIPHER_mode
(
ciph
)
==
EVP_CIPH_GCM_MODE
)
wh
|=
TLS1_RT_CRYPTO_FIXED_IV
;
else
wh
|=
TLS1_RT_CRYPTO_IV
;
s
->
msg_callback
(
2
,
s
->
version
,
wh
,
iv
,
ivlen
,
s
,
s
->
msg_callback_arg
);
}
}
#endif
OPENSSL_cleanse
(
secret
,
sizeof
(
secret
));
OPENSSL_cleanse
(
key
,
sizeof
(
key
));
OPENSSL_cleanse
(
iv
,
sizeof
(
iv
));
return
1
;
err:
OPENSSL_cleanse
(
secret
,
sizeof
(
secret
));
OPENSSL_cleanse
(
key
,
sizeof
(
key
));
OPENSSL_cleanse
(
iv
,
sizeof
(
iv
));
return
0
;
}
test/tls13secretstest.c
浏览文件 @
0d9824c1
...
...
@@ -162,6 +162,14 @@ const EVP_MD *ssl_handshake_md(SSL *s)
return
EVP_sha256
();
}
void
RECORD_LAYER_reset_read_sequence
(
RECORD_LAYER
*
rl
)
{
}
void
RECORD_LAYER_reset_write_sequence
(
RECORD_LAYER
*
rl
)
{
}
/* End of mocked out code */
static
int
test_secret
(
SSL
*
s
,
unsigned
char
*
prk
,
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录