Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
12472b45
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
12472b45
编写于
10月 04, 2016
作者:
M
Matt Caswell
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Update numerous misc libssl fields to be size_t
Reviewed-by:
N
Rich Salz
<
rsalz@openssl.org
>
上级
ec60ccc1
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
52 addition
and
46 deletion
+52
-46
ssl/s3_enc.c
ssl/s3_enc.c
+1
-1
ssl/s3_msg.c
ssl/s3_msg.c
+5
-5
ssl/ssl_lib.c
ssl/ssl_lib.c
+1
-1
ssl/ssl_locl.h
ssl/ssl_locl.h
+15
-15
ssl/statem/statem_lib.c
ssl/statem/statem_lib.c
+29
-23
ssl/t1_enc.c
ssl/t1_enc.c
+1
-1
未找到文件。
ssl/s3_enc.c
浏览文件 @
12472b45
...
@@ -407,7 +407,7 @@ int ssl3_digest_cached_records(SSL *s, int keep)
...
@@ -407,7 +407,7 @@ int ssl3_digest_cached_records(SSL *s, int keep)
return
1
;
return
1
;
}
}
in
t
ssl3_final_finish_mac
(
SSL
*
s
,
const
char
*
sender
,
int
len
,
unsigned
char
*
p
)
size_
t
ssl3_final_finish_mac
(
SSL
*
s
,
const
char
*
sender
,
int
len
,
unsigned
char
*
p
)
{
{
int
ret
;
int
ret
;
EVP_MD_CTX
*
ctx
=
NULL
;
EVP_MD_CTX
*
ctx
=
NULL
;
...
...
ssl/s3_msg.c
浏览文件 @
12472b45
...
@@ -13,6 +13,7 @@
...
@@ -13,6 +13,7 @@
int
ssl3_do_change_cipher_spec
(
SSL
*
s
)
int
ssl3_do_change_cipher_spec
(
SSL
*
s
)
{
{
int
i
;
int
i
;
size_t
finish_md_len
;
const
char
*
sender
;
const
char
*
sender
;
int
slen
;
int
slen
;
...
@@ -48,14 +49,13 @@ int ssl3_do_change_cipher_spec(SSL *s)
...
@@ -48,14 +49,13 @@ int ssl3_do_change_cipher_spec(SSL *s)
slen
=
s
->
method
->
ssl3_enc
->
client_finished_label_len
;
slen
=
s
->
method
->
ssl3_enc
->
client_finished_label_len
;
}
}
i
=
s
->
method
->
ssl3_enc
->
final_finish_mac
(
s
,
finish_md_len
=
s
->
method
->
ssl3_enc
->
final_finish_mac
(
s
,
sender
,
slen
,
sender
,
slen
,
s
->
s3
->
tmp
.
peer_finish_md
);
s
->
s3
->
tmp
.
peer_finish_md
);
if
(
finish_md_len
==
0
)
{
if
(
i
==
0
)
{
SSLerr
(
SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC
,
ERR_R_INTERNAL_ERROR
);
return
0
;
return
0
;
}
}
s
->
s3
->
tmp
.
peer_finish_md_len
=
i
;
s
->
s3
->
tmp
.
peer_finish_md_len
=
finish_md_len
;
return
(
1
);
return
(
1
);
}
}
...
...
ssl/ssl_lib.c
浏览文件 @
12472b45
...
@@ -65,7 +65,7 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = {
...
@@ -65,7 +65,7 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = {
(
int
(
*
)(
SSL
*
,
unsigned
char
*
,
unsigned
char
*
,
size_t
,
size_t
*
))
(
int
(
*
)(
SSL
*
,
unsigned
char
*
,
unsigned
char
*
,
size_t
,
size_t
*
))
ssl_undefined_function
,
ssl_undefined_function
,
(
int
(
*
)(
SSL
*
,
int
))
ssl_undefined_function
,
(
int
(
*
)(
SSL
*
,
int
))
ssl_undefined_function
,
(
in
t
(
*
)(
SSL
*
,
const
char
*
,
int
,
unsigned
char
*
))
(
size_
t
(
*
)(
SSL
*
,
const
char
*
,
int
,
unsigned
char
*
))
ssl_undefined_function
,
ssl_undefined_function
,
0
,
/* finish_mac_length */
0
,
/* finish_mac_length */
NULL
,
/* client_finished_label */
NULL
,
/* client_finished_label */
...
...
ssl/ssl_locl.h
浏览文件 @
12472b45
...
@@ -612,7 +612,7 @@ struct ssl_ctx_st {
...
@@ -612,7 +612,7 @@ struct ssl_ctx_st {
* Most session-ids that will be cached, default is
* Most session-ids that will be cached, default is
* SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
* SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
*/
*/
unsigned
long
session_cache_size
;
size_t
session_cache_size
;
struct
ssl_session_st
*
session_cache_head
;
struct
ssl_session_st
*
session_cache_head
;
struct
ssl_session_st
*
session_cache_tail
;
struct
ssl_session_st
*
session_cache_tail
;
/*
/*
...
@@ -711,7 +711,7 @@ struct ssl_ctx_st {
...
@@ -711,7 +711,7 @@ struct ssl_ctx_st {
uint32_t
mode
;
uint32_t
mode
;
int
min_proto_version
;
int
min_proto_version
;
int
max_proto_version
;
int
max_proto_version
;
long
max_cert_list
;
size_t
max_cert_list
;
struct
cert_st
/* CERT */
*
cert
;
struct
cert_st
/* CERT */
*
cert
;
int
read_ahead
;
int
read_ahead
;
...
@@ -848,7 +848,7 @@ struct ssl_ctx_st {
...
@@ -848,7 +848,7 @@ struct ssl_ctx_st {
* format.
* format.
*/
*/
unsigned
char
*
alpn_client_proto_list
;
unsigned
char
*
alpn_client_proto_list
;
unsigned
alpn_client_proto_list_len
;
size_t
alpn_client_proto_list_len
;
/* Shared DANE context */
/* Shared DANE context */
struct
dane_ctx_st
dane
;
struct
dane_ctx_st
dane
;
...
@@ -1003,7 +1003,7 @@ struct ssl_st {
...
@@ -1003,7 +1003,7 @@ struct ssl_st {
uint32_t
mode
;
uint32_t
mode
;
int
min_proto_version
;
int
min_proto_version
;
int
max_proto_version
;
int
max_proto_version
;
long
max_cert_list
;
size_t
max_cert_list
;
int
first_packet
;
int
first_packet
;
/* what was passed, used for SSLv3/TLS rollback check */
/* what was passed, used for SSLv3/TLS rollback check */
int
client_version
;
int
client_version
;
...
@@ -1090,7 +1090,7 @@ struct ssl_st {
...
@@ -1090,7 +1090,7 @@ struct ssl_st {
* the Finished message.
* the Finished message.
*/
*/
unsigned
char
*
next_proto_negotiated
;
unsigned
char
*
next_proto_negotiated
;
unsigned
char
next_proto_negotiated_len
;
size_t
next_proto_negotiated_len
;
# endif
# endif
# define session_ctx initial_ctx
# define session_ctx initial_ctx
/* What we'll do */
/* What we'll do */
...
@@ -1113,7 +1113,7 @@ struct ssl_st {
...
@@ -1113,7 +1113,7 @@ struct ssl_st {
* format.
* format.
*/
*/
unsigned
char
*
alpn_client_proto_list
;
unsigned
char
*
alpn_client_proto_list
;
unsigned
alpn_client_proto_list_len
;
size_t
alpn_client_proto_list_len
;
/*-
/*-
* 1 if we are renegotiating.
* 1 if we are renegotiating.
* 2 if we are a server and are inside a handshake
* 2 if we are a server and are inside a handshake
...
@@ -1185,9 +1185,9 @@ typedef struct ssl3_state_st {
...
@@ -1185,9 +1185,9 @@ typedef struct ssl3_state_st {
struct
{
struct
{
/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
unsigned
char
finish_md
[
EVP_MAX_MD_SIZE
*
2
];
unsigned
char
finish_md
[
EVP_MAX_MD_SIZE
*
2
];
in
t
finish_md_len
;
size_
t
finish_md_len
;
unsigned
char
peer_finish_md
[
EVP_MAX_MD_SIZE
*
2
];
unsigned
char
peer_finish_md
[
EVP_MAX_MD_SIZE
*
2
];
in
t
peer_finish_md_len
;
size_
t
peer_finish_md_len
;
size_t
message_size
;
size_t
message_size
;
int
message_type
;
int
message_type
;
/* used to hold the new cipher we are going to use */
/* used to hold the new cipher we are going to use */
...
@@ -1259,9 +1259,9 @@ typedef struct ssl3_state_st {
...
@@ -1259,9 +1259,9 @@ typedef struct ssl3_state_st {
/* Connection binding to prevent renegotiation attacks */
/* Connection binding to prevent renegotiation attacks */
unsigned
char
previous_client_finished
[
EVP_MAX_MD_SIZE
];
unsigned
char
previous_client_finished
[
EVP_MAX_MD_SIZE
];
unsigned
char
previous_client_finished_len
;
size_t
previous_client_finished_len
;
unsigned
char
previous_server_finished
[
EVP_MAX_MD_SIZE
];
unsigned
char
previous_server_finished
[
EVP_MAX_MD_SIZE
];
unsigned
char
previous_server_finished_len
;
size_t
previous_server_finished_len
;
int
send_connection_binding
;
/* TODOEKR */
int
send_connection_binding
;
/* TODOEKR */
# ifndef OPENSSL_NO_NEXTPROTONEG
# ifndef OPENSSL_NO_NEXTPROTONEG
...
@@ -1572,7 +1572,7 @@ typedef struct ssl3_enc_method {
...
@@ -1572,7 +1572,7 @@ typedef struct ssl3_enc_method {
int
(
*
generate_master_secret
)
(
SSL
*
,
unsigned
char
*
,
unsigned
char
*
,
int
(
*
generate_master_secret
)
(
SSL
*
,
unsigned
char
*
,
unsigned
char
*
,
size_t
,
size_t
*
);
size_t
,
size_t
*
);
int
(
*
change_cipher_state
)
(
SSL
*
,
int
);
int
(
*
change_cipher_state
)
(
SSL
*
,
int
);
in
t
(
*
final_finish_mac
)
(
SSL
*
,
const
char
*
,
int
,
unsigned
char
*
);
size_
t
(
*
final_finish_mac
)
(
SSL
*
,
const
char
*
,
int
,
unsigned
char
*
);
int
finish_mac_length
;
int
finish_mac_length
;
const
char
*
client_finished_label
;
const
char
*
client_finished_label
;
int
client_finished_label_len
;
int
client_finished_label_len
;
...
@@ -1887,8 +1887,8 @@ __owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
...
@@ -1887,8 +1887,8 @@ __owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
int
ssl3_renegotiate
(
SSL
*
ssl
);
int
ssl3_renegotiate
(
SSL
*
ssl
);
int
ssl3_renegotiate_check
(
SSL
*
ssl
);
int
ssl3_renegotiate_check
(
SSL
*
ssl
);
__owur
int
ssl3_dispatch_alert
(
SSL
*
s
);
__owur
int
ssl3_dispatch_alert
(
SSL
*
s
);
__owur
in
t
ssl3_final_finish_mac
(
SSL
*
s
,
const
char
*
sender
,
int
slen
,
__owur
size_
t
ssl3_final_finish_mac
(
SSL
*
s
,
const
char
*
sender
,
int
slen
,
unsigned
char
*
p
);
unsigned
char
*
p
);
__owur
int
ssl3_finish_mac
(
SSL
*
s
,
const
unsigned
char
*
buf
,
size_t
len
);
__owur
int
ssl3_finish_mac
(
SSL
*
s
,
const
unsigned
char
*
buf
,
size_t
len
);
void
ssl3_free_digest_list
(
SSL
*
s
);
void
ssl3_free_digest_list
(
SSL
*
s
);
__owur
unsigned
long
ssl3_output_cert_chain
(
SSL
*
s
,
WPACKET
*
pkt
,
__owur
unsigned
long
ssl3_output_cert_chain
(
SSL
*
s
,
WPACKET
*
pkt
,
...
@@ -1983,8 +1983,8 @@ void ssl_free_wbio_buffer(SSL *s);
...
@@ -1983,8 +1983,8 @@ void ssl_free_wbio_buffer(SSL *s);
__owur
int
tls1_change_cipher_state
(
SSL
*
s
,
int
which
);
__owur
int
tls1_change_cipher_state
(
SSL
*
s
,
int
which
);
__owur
int
tls1_setup_key_block
(
SSL
*
s
);
__owur
int
tls1_setup_key_block
(
SSL
*
s
);
__owur
int
tls1_final_finish_mac
(
SSL
*
s
,
__owur
size_t
tls1_final_finish_mac
(
SSL
*
s
,
const
char
*
str
,
int
slen
,
const
char
*
str
,
int
slen
,
unsigned
char
*
p
);
unsigned
char
*
p
);
__owur
int
tls1_generate_master_secret
(
SSL
*
s
,
unsigned
char
*
out
,
__owur
int
tls1_generate_master_secret
(
SSL
*
s
,
unsigned
char
*
out
,
unsigned
char
*
p
,
size_t
len
,
unsigned
char
*
p
,
size_t
len
,
size_t
*
secret_size
);
size_t
*
secret_size
);
...
...
ssl/statem/statem_lib.c
浏览文件 @
12472b45
...
@@ -74,7 +74,7 @@ int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype)
...
@@ -74,7 +74,7 @@ int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype)
int
tls_construct_finished
(
SSL
*
s
,
WPACKET
*
pkt
)
int
tls_construct_finished
(
SSL
*
s
,
WPACKET
*
pkt
)
{
{
int
i
;
size_t
finish_md_len
;
const
char
*
sender
;
const
char
*
sender
;
int
slen
;
int
slen
;
...
@@ -86,17 +86,17 @@ int tls_construct_finished(SSL *s, WPACKET *pkt)
...
@@ -86,17 +86,17 @@ int tls_construct_finished(SSL *s, WPACKET *pkt)
slen
=
s
->
method
->
ssl3_enc
->
client_finished_label_len
;
slen
=
s
->
method
->
ssl3_enc
->
client_finished_label_len
;
}
}
i
=
s
->
method
->
ssl3_enc
->
final_finish_mac
(
s
,
finish_md_len
=
s
->
method
->
ssl3_enc
->
final_finish_mac
(
s
,
sender
,
slen
,
sender
,
slen
,
s
->
s3
->
tmp
.
finish_md
);
s
->
s3
->
tmp
.
finish_md
);
if
(
i
<
=
0
)
{
if
(
finish_md_len
=
=
0
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_FINISHED
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_FINISHED
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
goto
err
;
}
}
s
->
s3
->
tmp
.
finish_md_len
=
i
;
s
->
s3
->
tmp
.
finish_md_len
=
finish_md_len
;
if
(
!
WPACKET_memcpy
(
pkt
,
s
->
s3
->
tmp
.
finish_md
,
i
))
{
if
(
!
WPACKET_memcpy
(
pkt
,
s
->
s3
->
tmp
.
finish_md
,
finish_md_len
))
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_FINISHED
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_FINISHED
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
goto
err
;
}
}
...
@@ -105,13 +105,15 @@ int tls_construct_finished(SSL *s, WPACKET *pkt)
...
@@ -105,13 +105,15 @@ int tls_construct_finished(SSL *s, WPACKET *pkt)
* Copy the finished so we can use it for renegotiation checks
* Copy the finished so we can use it for renegotiation checks
*/
*/
if
(
!
s
->
server
)
{
if
(
!
s
->
server
)
{
OPENSSL_assert
(
i
<=
EVP_MAX_MD_SIZE
);
OPENSSL_assert
(
finish_md_len
<=
EVP_MAX_MD_SIZE
);
memcpy
(
s
->
s3
->
previous_client_finished
,
s
->
s3
->
tmp
.
finish_md
,
i
);
memcpy
(
s
->
s3
->
previous_client_finished
,
s
->
s3
->
tmp
.
finish_md
,
s
->
s3
->
previous_client_finished_len
=
i
;
finish_md_len
);
s
->
s3
->
previous_client_finished_len
=
finish_md_len
;
}
else
{
}
else
{
OPENSSL_assert
(
i
<=
EVP_MAX_MD_SIZE
);
OPENSSL_assert
(
finish_md_len
<=
EVP_MAX_MD_SIZE
);
memcpy
(
s
->
s3
->
previous_server_finished
,
s
->
s3
->
tmp
.
finish_md
,
i
);
memcpy
(
s
->
s3
->
previous_server_finished
,
s
->
s3
->
tmp
.
finish_md
,
s
->
s3
->
previous_server_finished_len
=
i
;
finish_md_len
);
s
->
s3
->
previous_server_finished_len
=
finish_md_len
;
}
}
return
1
;
return
1
;
...
@@ -219,7 +221,8 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
...
@@ -219,7 +221,8 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
MSG_PROCESS_RETURN
tls_process_finished
(
SSL
*
s
,
PACKET
*
pkt
)
MSG_PROCESS_RETURN
tls_process_finished
(
SSL
*
s
,
PACKET
*
pkt
)
{
{
int
al
,
i
;
int
al
;
size_t
md_len
;
/* If this occurs, we have missed a message */
/* If this occurs, we have missed a message */
if
(
!
s
->
s3
->
change_cipher_spec
)
{
if
(
!
s
->
s3
->
change_cipher_spec
)
{
...
@@ -229,15 +232,16 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
...
@@ -229,15 +232,16 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
}
}
s
->
s3
->
change_cipher_spec
=
0
;
s
->
s3
->
change_cipher_spec
=
0
;
i
=
s
->
s3
->
tmp
.
peer_finish_md_len
;
md_len
=
s
->
s3
->
tmp
.
peer_finish_md_len
;
if
(
(
unsigned
long
)
i
!=
PACKET_remaining
(
pkt
))
{
if
(
md_len
!=
PACKET_remaining
(
pkt
))
{
al
=
SSL_AD_DECODE_ERROR
;
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_FINISHED
,
SSL_R_BAD_DIGEST_LENGTH
);
SSLerr
(
SSL_F_TLS_PROCESS_FINISHED
,
SSL_R_BAD_DIGEST_LENGTH
);
goto
f_err
;
goto
f_err
;
}
}
if
(
CRYPTO_memcmp
(
PACKET_data
(
pkt
),
s
->
s3
->
tmp
.
peer_finish_md
,
i
)
!=
0
)
{
if
(
CRYPTO_memcmp
(
PACKET_data
(
pkt
),
s
->
s3
->
tmp
.
peer_finish_md
,
md_len
)
!=
0
)
{
al
=
SSL_AD_DECRYPT_ERROR
;
al
=
SSL_AD_DECRYPT_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_FINISHED
,
SSL_R_DIGEST_CHECK_FAILED
);
SSLerr
(
SSL_F_TLS_PROCESS_FINISHED
,
SSL_R_DIGEST_CHECK_FAILED
);
goto
f_err
;
goto
f_err
;
...
@@ -247,13 +251,15 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
...
@@ -247,13 +251,15 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
* Copy the finished so we can use it for renegotiation checks
* Copy the finished so we can use it for renegotiation checks
*/
*/
if
(
s
->
server
)
{
if
(
s
->
server
)
{
OPENSSL_assert
(
i
<=
EVP_MAX_MD_SIZE
);
OPENSSL_assert
(
md_len
<=
EVP_MAX_MD_SIZE
);
memcpy
(
s
->
s3
->
previous_client_finished
,
s
->
s3
->
tmp
.
peer_finish_md
,
i
);
memcpy
(
s
->
s3
->
previous_client_finished
,
s
->
s3
->
tmp
.
peer_finish_md
,
s
->
s3
->
previous_client_finished_len
=
i
;
md_len
);
s
->
s3
->
previous_client_finished_len
=
md_len
;
}
else
{
}
else
{
OPENSSL_assert
(
i
<=
EVP_MAX_MD_SIZE
);
OPENSSL_assert
(
md_len
<=
EVP_MAX_MD_SIZE
);
memcpy
(
s
->
s3
->
previous_server_finished
,
s
->
s3
->
tmp
.
peer_finish_md
,
i
);
memcpy
(
s
->
s3
->
previous_server_finished
,
s
->
s3
->
tmp
.
peer_finish_md
,
s
->
s3
->
previous_server_finished_len
=
i
;
md_len
);
s
->
s3
->
previous_server_finished_len
=
md_len
;
}
}
return
MSG_PROCESS_FINISHED_READING
;
return
MSG_PROCESS_FINISHED_READING
;
...
...
ssl/t1_enc.c
浏览文件 @
12472b45
...
@@ -451,7 +451,7 @@ int tls1_setup_key_block(SSL *s)
...
@@ -451,7 +451,7 @@ int tls1_setup_key_block(SSL *s)
return
(
ret
);
return
(
ret
);
}
}
in
t
tls1_final_finish_mac
(
SSL
*
s
,
const
char
*
str
,
int
slen
,
unsigned
char
*
out
)
size_
t
tls1_final_finish_mac
(
SSL
*
s
,
const
char
*
str
,
int
slen
,
unsigned
char
*
out
)
{
{
size_t
hashlen
;
size_t
hashlen
;
unsigned
char
hash
[
EVP_MAX_MD_SIZE
];
unsigned
char
hash
[
EVP_MAX_MD_SIZE
];
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录