Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
192e4bbb
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
192e4bbb
编写于
11月 21, 2015
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Remove RSA exception when processing server key exchange.
Reviewed-by:
N
Tim Hudson
<
tjh@openssl.org
>
上级
d18d31a1
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
20 addition
and
66 deletion
+20
-66
ssl/statem/statem_clnt.c
ssl/statem/statem_clnt.c
+20
-66
未找到文件。
ssl/statem/statem_clnt.c
浏览文件 @
192e4bbb
...
@@ -1593,11 +1593,8 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
...
@@ -1593,11 +1593,8 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
MSG_PROCESS_RETURN
tls_process_key_exchange
(
SSL
*
s
,
PACKET
*
pkt
)
MSG_PROCESS_RETURN
tls_process_key_exchange
(
SSL
*
s
,
PACKET
*
pkt
)
{
{
#ifndef OPENSSL_NO_RSA
unsigned
char
*
q
,
md_buf
[
EVP_MAX_MD_SIZE
*
2
];
#endif
EVP_MD_CTX
md_ctx
;
EVP_MD_CTX
md_ctx
;
int
al
,
j
,
verify_ret
;
int
al
,
j
;
long
alg_k
,
alg_a
;
long
alg_k
,
alg_a
;
EVP_PKEY
*
pkey
=
NULL
;
EVP_PKEY
*
pkey
=
NULL
;
const
EVP_MD
*
md
=
NULL
;
const
EVP_MD
*
md
=
NULL
;
...
@@ -1935,6 +1932,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
...
@@ -1935,6 +1932,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
#ifdef SSL_DEBUG
#ifdef SSL_DEBUG
fprintf
(
stderr
,
"USING TLSv1.2 HASH %s
\n
"
,
EVP_MD_name
(
md
));
fprintf
(
stderr
,
"USING TLSv1.2 HASH %s
\n
"
,
EVP_MD_name
(
md
));
#endif
#endif
}
else
if
(
pkey
->
type
==
EVP_PKEY_RSA
)
{
md
=
EVP_md5_sha1
();
}
else
{
}
else
{
md
=
EVP_sha1
();
md
=
EVP_sha1
();
}
}
...
@@ -1958,68 +1957,23 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
...
@@ -1958,68 +1957,23 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
SSL_R_WRONG_SIGNATURE_LENGTH
);
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
SSL_R_WRONG_SIGNATURE_LENGTH
);
goto
f_err
;
goto
f_err
;
}
}
#ifndef OPENSSL_NO_RSA
if
(
EVP_VerifyInit_ex
(
&
md_ctx
,
md
,
NULL
)
<=
0
if
(
pkey
->
type
==
EVP_PKEY_RSA
&&
!
SSL_USE_SIGALGS
(
s
))
{
||
EVP_VerifyUpdate
(
&
md_ctx
,
&
(
s
->
s3
->
client_random
[
0
]),
int
num
;
SSL3_RANDOM_SIZE
)
<=
0
unsigned
int
size
;
||
EVP_VerifyUpdate
(
&
md_ctx
,
&
(
s
->
s3
->
server_random
[
0
]),
SSL3_RANDOM_SIZE
)
<=
0
j
=
0
;
||
EVP_VerifyUpdate
(
&
md_ctx
,
PACKET_data
(
&
params
),
q
=
md_buf
;
PACKET_remaining
(
&
params
))
<=
0
)
{
for
(
num
=
2
;
num
>
0
;
num
--
)
{
al
=
SSL_AD_INTERNAL_ERROR
;
EVP_MD_CTX_set_flags
(
&
md_ctx
,
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
);
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
ERR_R_EVP_LIB
);
if
(
EVP_DigestInit_ex
(
&
md_ctx
,
goto
f_err
;
(
num
==
2
)
?
s
->
ctx
->
md5
:
s
->
ctx
->
sha1
,
}
NULL
)
<=
0
if
(
EVP_VerifyFinal
(
&
md_ctx
,
PACKET_data
(
&
signature
),
||
EVP_DigestUpdate
(
&
md_ctx
,
&
(
s
->
s3
->
client_random
[
0
]),
PACKET_remaining
(
&
signature
),
pkey
)
<=
0
)
{
SSL3_RANDOM_SIZE
)
<=
0
/* bad signature */
||
EVP_DigestUpdate
(
&
md_ctx
,
&
(
s
->
s3
->
server_random
[
0
]),
al
=
SSL_AD_DECRYPT_ERROR
;
SSL3_RANDOM_SIZE
)
<=
0
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
SSL_R_BAD_SIGNATURE
);
||
EVP_DigestUpdate
(
&
md_ctx
,
PACKET_data
(
&
params
),
goto
f_err
;
PACKET_remaining
(
&
params
))
<=
0
||
EVP_DigestFinal_ex
(
&
md_ctx
,
q
,
&
size
)
<=
0
)
{
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
al
=
SSL_AD_INTERNAL_ERROR
;
goto
f_err
;
}
q
+=
size
;
j
+=
size
;
}
verify_ret
=
RSA_verify
(
NID_md5_sha1
,
md_buf
,
j
,
PACKET_data
(
&
signature
),
PACKET_remaining
(
&
signature
),
pkey
->
pkey
.
rsa
);
if
(
verify_ret
<
0
)
{
al
=
SSL_AD_DECRYPT_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
SSL_R_BAD_RSA_DECRYPT
);
goto
f_err
;
}
if
(
verify_ret
==
0
)
{
/* bad signature */
al
=
SSL_AD_DECRYPT_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
SSL_R_BAD_SIGNATURE
);
goto
f_err
;
}
}
else
#endif
{
if
(
EVP_VerifyInit_ex
(
&
md_ctx
,
md
,
NULL
)
<=
0
||
EVP_VerifyUpdate
(
&
md_ctx
,
&
(
s
->
s3
->
client_random
[
0
]),
SSL3_RANDOM_SIZE
)
<=
0
||
EVP_VerifyUpdate
(
&
md_ctx
,
&
(
s
->
s3
->
server_random
[
0
]),
SSL3_RANDOM_SIZE
)
<=
0
||
EVP_VerifyUpdate
(
&
md_ctx
,
PACKET_data
(
&
params
),
PACKET_remaining
(
&
params
))
<=
0
)
{
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
ERR_R_EVP_LIB
);
goto
f_err
;
}
if
(
EVP_VerifyFinal
(
&
md_ctx
,
PACKET_data
(
&
signature
),
PACKET_remaining
(
&
signature
),
pkey
)
<=
0
)
{
/* bad signature */
al
=
SSL_AD_DECRYPT_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
SSL_R_BAD_SIGNATURE
);
goto
f_err
;
}
}
}
}
else
{
}
else
{
/* aNULL, aSRP or PSK do not need public keys */
/* aNULL, aSRP or PSK do not need public keys */
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录