Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
33273721
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
33273721
编写于
18年前
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Implement Supported Elliptic Curves Extension.
Submitted by: Douglas Stebila
上级
bcbe37b7
变更
9
隐藏空白更改
内联
并排
Showing
9 changed file
with
333 addition
and
157 deletion
+333
-157
CHANGES
CHANGES
+4
-0
ssl/s3_clnt.c
ssl/s3_clnt.c
+1
-45
ssl/s3_lib.c
ssl/s3_lib.c
+100
-1
ssl/s3_srvr.c
ssl/s3_srvr.c
+1
-69
ssl/ssl.h
ssl/ssl.h
+4
-0
ssl/ssl_asn1.c
ssl/ssl_asn1.c
+31
-7
ssl/ssl_locl.h
ssl/ssl_locl.h
+5
-0
ssl/ssl_sess.c
ssl/ssl_sess.c
+16
-0
ssl/t1_lib.c
ssl/t1_lib.c
+171
-35
未找到文件。
CHANGES
浏览文件 @
33273721
...
...
@@ -4,6 +4,10 @@
Changes between 0.9.8a and 0.9.9 [xx XXX xxxx]
*) Implement the Supported Elliptic Curves Extension for
ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
[Douglas Stebila]
*) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or
EVP_CIPHER structures to avoid later problems in EVP_cleanup().
[Steve Henson]
...
...
This diff is collapsed.
Click to expand it.
ssl/s3_clnt.c
浏览文件 @
33273721
...
...
@@ -165,7 +165,6 @@ static const SSL_METHOD *ssl3_get_client_method(int ver);
static
int
ca_dn_cmp
(
const
X509_NAME
*
const
*
a
,
const
X509_NAME
*
const
*
b
);
#ifndef OPENSSL_NO_ECDH
static
int
curve_id2nid
(
int
curve_id
);
int
check_srvr_ecc_cert_and_alg
(
X509
*
x
,
SSL_CIPHER
*
cs
);
#endif
...
...
@@ -1332,7 +1331,7 @@ int ssl3_get_key_exchange(SSL *s)
param_len
=
3
;
if
((
param_len
>
n
)
||
(
*
p
!=
NAMED_CURVE_TYPE
)
||
((
curve_nid
=
curve_id2nid
(
*
(
p
+
2
)))
==
0
))
((
curve_nid
=
tls1_ec_
curve_id2nid
(
*
(
p
+
2
)))
==
0
))
{
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS
);
...
...
@@ -2609,46 +2608,3 @@ f_err:
err:
return
(
0
);
}
#ifndef OPENSSL_NO_ECDH
/* This is the complement of nid2curve_id in s3_srvr.c. */
static
int
curve_id2nid
(
int
curve_id
)
{
/* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)
* (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */
static
int
nid_list
[
26
]
=
{
0
,
NID_sect163k1
,
/* sect163k1 (1) */
NID_sect163r1
,
/* sect163r1 (2) */
NID_sect163r2
,
/* sect163r2 (3) */
NID_sect193r1
,
/* sect193r1 (4) */
NID_sect193r2
,
/* sect193r2 (5) */
NID_sect233k1
,
/* sect233k1 (6) */
NID_sect233r1
,
/* sect233r1 (7) */
NID_sect239k1
,
/* sect239k1 (8) */
NID_sect283k1
,
/* sect283k1 (9) */
NID_sect283r1
,
/* sect283r1 (10) */
NID_sect409k1
,
/* sect409k1 (11) */
NID_sect409r1
,
/* sect409r1 (12) */
NID_sect571k1
,
/* sect571k1 (13) */
NID_sect571r1
,
/* sect571r1 (14) */
NID_secp160k1
,
/* secp160k1 (15) */
NID_secp160r1
,
/* secp160r1 (16) */
NID_secp160r2
,
/* secp160r2 (17) */
NID_secp192k1
,
/* secp192k1 (18) */
NID_X9_62_prime192v1
,
/* secp192r1 (19) */
NID_secp224k1
,
/* secp224k1 (20) */
NID_secp224r1
,
/* secp224r1 (21) */
NID_secp256k1
,
/* secp256k1 (22) */
NID_X9_62_prime256v1
,
/* secp256r1 (23) */
NID_secp384r1
,
/* secp384r1 (24) */
NID_secp521r1
/* secp521r1 (25) */
};
if
((
curve_id
<
1
)
||
(
curve_id
>
25
))
return
0
;
return
nid_list
[
curve_id
];
}
#endif
This diff is collapsed.
Click to expand it.
ssl/s3_lib.c
浏览文件 @
33273721
...
...
@@ -2046,7 +2046,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
int
i
,
j
,
ok
;
#ifndef OPENSSL_NO_TLSEXT
#ifndef OPENSSL_NO_EC
int
ec_ok
;
int
ec_ok
,
ec_nid
;
unsigned
char
ec_search1
,
ec_search2
;
unsigned
char
*
ec_ptr
;
#endif
/* OPENSSL_NO_EC */
#endif
/* OPENSSL_NO_TLSEXT */
CERT
*
cert
;
...
...
@@ -2188,6 +2190,103 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
}
ok
=
ok
&&
ec_ok
;
}
if
(
/* if we are considering an ECC cipher suite that uses our certificate */
(
alg
&
SSL_aECDSA
)
/* and we have an ECC certificate */
&&
(
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
x509
!=
NULL
)
/* and the client specified an EllipticCurves extension */
&&
((
s
->
session
->
tlsext_ellipticcurvelist_length
>
0
)
&&
(
s
->
session
->
tlsext_ellipticcurvelist
!=
NULL
))
)
{
ec_ok
=
0
;
if
(
(
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
privatekey
->
pkey
.
ec
!=
NULL
)
&&
(
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
privatekey
->
pkey
.
ec
->
group
!=
NULL
)
)
{
ec_nid
=
EC_GROUP_get_curve_name
(
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
privatekey
->
pkey
.
ec
->
group
);
if
((
ec_nid
==
0
)
&&
(
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
privatekey
->
pkey
.
ec
->
group
->
meth
!=
NULL
)
)
{
if
(
EC_METHOD_get_field_type
(
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
privatekey
->
pkey
.
ec
->
group
->
meth
)
==
NID_X9_62_prime_field
)
{
ec_search1
=
0xFF
;
ec_search2
=
0x01
;
}
else
if
(
EC_METHOD_get_field_type
(
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
privatekey
->
pkey
.
ec
->
group
->
meth
)
==
NID_X9_62_characteristic_two_field
)
{
ec_search1
=
0xFF
;
ec_search2
=
0x02
;
}
}
else
{
ec_search1
=
0x00
;
ec_search2
=
tls1_ec_nid2curve_id
(
ec_nid
);
}
if
((
ec_search1
!=
0
)
||
(
ec_search2
!=
0
))
{
for
(
j
=
0
;
j
<
s
->
session
->
tlsext_ellipticcurvelist_length
/
2
;
j
++
)
{
if
((
s
->
session
->
tlsext_ellipticcurvelist
[
2
*
j
]
==
ec_search1
)
&&
(
s
->
session
->
tlsext_ellipticcurvelist
[
2
*
j
+
1
]
==
ec_search2
))
{
ec_ok
=
1
;
break
;
}
}
}
}
ok
=
ok
&&
ec_ok
;
}
if
(
/* if we are considering an ECC cipher suite that uses an ephemeral EC key */
((
alg
&
SSL_kECDH
)
||
(
alg
&
SSL_kECDHE
))
/* and we have an ephemeral EC key */
&&
(
s
->
cert
->
ecdh_tmp
!=
NULL
)
/* and the client specified an EllipticCurves extension */
&&
((
s
->
session
->
tlsext_ellipticcurvelist_length
>
0
)
&&
(
s
->
session
->
tlsext_ellipticcurvelist
!=
NULL
))
)
{
ec_ok
=
0
;
if
(
s
->
cert
->
ecdh_tmp
->
group
!=
NULL
)
{
ec_nid
=
EC_GROUP_get_curve_name
(
s
->
cert
->
ecdh_tmp
->
group
);
if
((
ec_nid
==
0
)
&&
(
s
->
cert
->
ecdh_tmp
->
group
->
meth
!=
NULL
)
)
{
if
(
EC_METHOD_get_field_type
(
s
->
cert
->
ecdh_tmp
->
group
->
meth
)
==
NID_X9_62_prime_field
)
{
ec_search1
=
0xFF
;
ec_search2
=
0x01
;
}
else
if
(
EC_METHOD_get_field_type
(
s
->
cert
->
ecdh_tmp
->
group
->
meth
)
==
NID_X9_62_characteristic_two_field
)
{
ec_search1
=
0xFF
;
ec_search2
=
0x02
;
}
}
else
{
ec_search1
=
0x00
;
ec_search2
=
tls1_ec_nid2curve_id
(
ec_nid
);
}
if
((
ec_search1
!=
0
)
||
(
ec_search2
!=
0
))
{
for
(
j
=
0
;
j
<
s
->
session
->
tlsext_ellipticcurvelist_length
/
2
;
j
++
)
{
if
((
s
->
session
->
tlsext_ellipticcurvelist
[
2
*
j
]
==
ec_search1
)
&&
(
s
->
session
->
tlsext_ellipticcurvelist
[
2
*
j
+
1
]
==
ec_search2
))
{
ec_ok
=
1
;
break
;
}
}
}
}
ok
=
ok
&&
ec_ok
;
}
#endif
/* OPENSSL_NO_EC */
#endif
/* OPENSSL_NO_TLSEXT */
...
...
This diff is collapsed.
Click to expand it.
ssl/s3_srvr.c
浏览文件 @
33273721
...
...
@@ -170,10 +170,6 @@
static
const
SSL_METHOD
*
ssl3_get_server_method
(
int
ver
);
#ifndef OPENSSL_NO_ECDH
static
int
nid2curve_id
(
int
nid
);
#endif
static
const
SSL_METHOD
*
ssl3_get_server_method
(
int
ver
)
{
if
(
ver
==
SSL3_VERSION
)
...
...
@@ -1376,7 +1372,7 @@ int ssl3_send_server_key_exchange(SSL *s)
* supported named curves, curve_id is non-zero.
*/
if
((
curve_id
=
nid2curve_id
(
EC_GROUP_get_curve_name
(
group
)))
tls1_ec_
nid2curve_id
(
EC_GROUP_get_curve_name
(
group
)))
==
0
)
{
SSLerr
(
SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE
,
SSL_R_UNSUPPORTED_ELLIPTIC_CURVE
);
...
...
@@ -2696,67 +2692,3 @@ int ssl3_send_server_certificate(SSL *s)
/* SSL3_ST_SW_CERT_B */
return
(
ssl3_do_write
(
s
,
SSL3_RT_HANDSHAKE
));
}
#ifndef OPENSSL_NO_ECDH
/* This is the complement of curve_id2nid in s3_clnt.c. */
static
int
nid2curve_id
(
int
nid
)
{
/* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)
* (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */
switch
(
nid
)
{
case
NID_sect163k1
:
/* sect163k1 (1) */
return
1
;
case
NID_sect163r1
:
/* sect163r1 (2) */
return
2
;
case
NID_sect163r2
:
/* sect163r2 (3) */
return
3
;
case
NID_sect193r1
:
/* sect193r1 (4) */
return
4
;
case
NID_sect193r2
:
/* sect193r2 (5) */
return
5
;
case
NID_sect233k1
:
/* sect233k1 (6) */
return
6
;
case
NID_sect233r1
:
/* sect233r1 (7) */
return
7
;
case
NID_sect239k1
:
/* sect239k1 (8) */
return
8
;
case
NID_sect283k1
:
/* sect283k1 (9) */
return
9
;
case
NID_sect283r1
:
/* sect283r1 (10) */
return
10
;
case
NID_sect409k1
:
/* sect409k1 (11) */
return
11
;
case
NID_sect409r1
:
/* sect409r1 (12) */
return
12
;
case
NID_sect571k1
:
/* sect571k1 (13) */
return
13
;
case
NID_sect571r1
:
/* sect571r1 (14) */
return
14
;
case
NID_secp160k1
:
/* secp160k1 (15) */
return
15
;
case
NID_secp160r1
:
/* secp160r1 (16) */
return
16
;
case
NID_secp160r2
:
/* secp160r2 (17) */
return
17
;
case
NID_secp192k1
:
/* secp192k1 (18) */
return
18
;
case
NID_X9_62_prime192v1
:
/* secp192r1 (19) */
return
19
;
case
NID_secp224k1
:
/* secp224k1 (20) */
return
20
;
case
NID_secp224r1
:
/* secp224r1 (21) */
return
21
;
case
NID_secp256k1
:
/* secp256k1 (22) */
return
22
;
case
NID_X9_62_prime256v1
:
/* secp256r1 (23) */
return
23
;
case
NID_secp384r1
:
/* secp384r1 (24) */
return
24
;
case
NID_secp521r1
:
/* secp521r1 (25) */
return
25
;
default:
return
0
;
}
}
#endif
This diff is collapsed.
Click to expand it.
ssl/ssl.h
浏览文件 @
33273721
...
...
@@ -512,6 +512,8 @@ typedef struct ssl_session_st
#ifndef OPENSSL_NO_EC
size_t
tlsext_ecpointformatlist_length
;
unsigned
char
*
tlsext_ecpointformatlist
;
/* peer's list */
size_t
tlsext_ellipticcurvelist_length
;
unsigned
char
*
tlsext_ellipticcurvelist
;
/* peer's list */
#endif
/* OPENSSL_NO_EC */
#endif
}
SSL_SESSION
;
...
...
@@ -1066,6 +1068,8 @@ struct ssl_st
#ifndef OPENSSL_NO_EC
size_t
tlsext_ecpointformatlist_length
;
unsigned
char
*
tlsext_ecpointformatlist
;
/* our list */
size_t
tlsext_ellipticcurvelist_length
;
unsigned
char
*
tlsext_ellipticcurvelist
;
/* our list */
#endif
/* OPENSSL_NO_EC */
SSL_CTX
*
initial_ctx
;
/* initial ctx, used to store sessions */
#define session_ctx initial_ctx
...
...
This diff is collapsed.
Click to expand it.
ssl/ssl_asn1.c
浏览文件 @
33273721
...
...
@@ -108,6 +108,7 @@ typedef struct ssl_session_asn1_st
ASN1_OCTET_STRING
tlsext_hostname
;
#ifndef OPENSSL_NO_EC
ASN1_OCTET_STRING
tlsext_ecpointformatlist
;
ASN1_OCTET_STRING
tlsext_ellipticcurvelist
;
#endif
/* OPENSSL_NO_EC */
#endif
/* OPENSSL_NO_TLSEXT */
#ifndef OPENSSL_NO_PSK
...
...
@@ -119,7 +120,7 @@ typedef struct ssl_session_asn1_st
int
i2d_SSL_SESSION
(
SSL_SESSION
*
in
,
unsigned
char
**
pp
)
{
#define LSIZE2 (sizeof(long)*2)
int
v1
=
0
,
v2
=
0
,
v3
=
0
,
v4
=
0
,
v5
=
0
,
v6
=
0
,
v7
=
0
,
v8
=
0
,
v9
=
0
;
int
v1
=
0
,
v2
=
0
,
v3
=
0
,
v4
=
0
,
v5
=
0
,
v6
=
0
,
v7
=
0
,
v8
=
0
,
v9
=
0
,
v10
=
0
;
unsigned
char
buf
[
4
],
ibuf1
[
LSIZE2
],
ibuf2
[
LSIZE2
];
unsigned
char
ibuf3
[
LSIZE2
],
ibuf4
[
LSIZE2
],
ibuf5
[
LSIZE2
];
long
l
;
...
...
@@ -228,6 +229,12 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
a
.
tlsext_ecpointformatlist
.
type
=
V_ASN1_OCTET_STRING
;
a
.
tlsext_ecpointformatlist
.
data
=
(
unsigned
char
*
)
in
->
tlsext_ecpointformatlist
;
}
if
(
in
->
tlsext_ellipticcurvelist
)
{
a
.
tlsext_ellipticcurvelist
.
length
=
in
->
tlsext_ellipticcurvelist_length
;
a
.
tlsext_ellipticcurvelist
.
type
=
V_ASN1_OCTET_STRING
;
a
.
tlsext_ellipticcurvelist
.
data
=
(
unsigned
char
*
)
in
->
tlsext_ellipticcurvelist
;
}
#endif
/* OPENSSL_NO_EC */
#endif
/* OPENSSL_NO_TLSEXT */
#ifndef OPENSSL_NO_PSK
...
...
@@ -272,13 +279,15 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
#ifndef OPENSSL_NO_EC
if
(
in
->
tlsext_ecpointformatlist
)
M_ASN1_I2D_len_EXP_opt
(
&
(
a
.
tlsext_ecpointformatlist
),
i2d_ASN1_OCTET_STRING
,
7
,
v7
);
if
(
in
->
tlsext_ellipticcurvelist
)
M_ASN1_I2D_len_EXP_opt
(
&
(
a
.
tlsext_ellipticcurvelist
),
i2d_ASN1_OCTET_STRING
,
8
,
v8
);
#endif
/* OPENSSL_NO_EC */
#endif
/* OPENSSL_NO_TLSEXT */
#ifndef OPENSSL_NO_PSK
if
(
in
->
psk_identity_hint
)
M_ASN1_I2D_len_EXP_opt
(
&
(
a
.
psk_identity_hint
),
i2d_ASN1_OCTET_STRING
,
8
,
v8
);
M_ASN1_I2D_len_EXP_opt
(
&
(
a
.
psk_identity_hint
),
i2d_ASN1_OCTET_STRING
,
9
,
v9
);
if
(
in
->
psk_identity
)
M_ASN1_I2D_len_EXP_opt
(
&
(
a
.
psk_identity
),
i2d_ASN1_OCTET_STRING
,
9
,
v9
);
M_ASN1_I2D_len_EXP_opt
(
&
(
a
.
psk_identity
),
i2d_ASN1_OCTET_STRING
,
10
,
v10
);
#endif
/* OPENSSL_NO_PSK */
M_ASN1_I2D_seq_total
();
...
...
@@ -310,13 +319,15 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
#ifndef OPENSSL_NO_EC
if
(
in
->
tlsext_ecpointformatlist
)
M_ASN1_I2D_put_EXP_opt
(
&
(
a
.
tlsext_ecpointformatlist
),
i2d_ASN1_OCTET_STRING
,
7
,
v7
);
if
(
in
->
tlsext_ellipticcurvelist
)
M_ASN1_I2D_put_EXP_opt
(
&
(
a
.
tlsext_ellipticcurvelist
),
i2d_ASN1_OCTET_STRING
,
8
,
v8
);
#endif
/* OPENSSL_NO_EC */
#endif
/* OPENSSL_NO_TLSEXT */
#ifndef OPENSSL_NO_PSK
if
(
in
->
psk_identity_hint
)
M_ASN1_I2D_put_EXP_opt
(
&
(
a
.
psk_identity_hint
),
i2d_ASN1_OCTET_STRING
,
8
,
v8
);
M_ASN1_I2D_put_EXP_opt
(
&
(
a
.
psk_identity_hint
),
i2d_ASN1_OCTET_STRING
,
9
,
v9
);
if
(
in
->
psk_identity
)
M_ASN1_I2D_put_EXP_opt
(
&
(
a
.
psk_identity
),
i2d_ASN1_OCTET_STRING
,
9
,
v9
);
M_ASN1_I2D_put_EXP_opt
(
&
(
a
.
psk_identity
),
i2d_ASN1_OCTET_STRING
,
10
,
v10
);
#endif
/* OPENSSL_NO_PSK */
M_ASN1_I2D_finish
();
}
...
...
@@ -517,13 +528,26 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
else
ret
->
tlsext_ecpointformatlist_length
=
0
;
ret
->
tlsext_ecpointformatlist
=
NULL
;
os
.
length
=
0
;
M_ASN1_D2I_get_EXP_opt
(
osp
,
d2i_ASN1_OCTET_STRING
,
8
);
if
(
os
.
data
)
{
ret
->
tlsext_ellipticcurvelist_length
=
os
.
length
;
memcpy
(
ret
->
tlsext_ellipticcurvelist
,
os
.
data
,
ret
->
tlsext_ellipticcurvelist_length
);
OPENSSL_free
(
os
.
data
);
os
.
data
=
NULL
;
os
.
length
=
0
;
}
else
ret
->
tlsext_ellipticcurvelist_length
=
0
;
ret
->
tlsext_ellipticcurvelist
=
NULL
;
#endif
/* OPENSSL_NO_EC */
#endif
/* OPENSSL_NO_TLSEXT */
#ifndef OPENSSL_NO_PSK
os
.
length
=
0
;
os
.
data
=
NULL
;
M_ASN1_D2I_get_EXP_opt
(
osp
,
d2i_ASN1_OCTET_STRING
,
8
);
M_ASN1_D2I_get_EXP_opt
(
osp
,
d2i_ASN1_OCTET_STRING
,
9
);
if
(
os
.
data
)
{
ret
->
psk_identity_hint
=
BUF_strndup
((
char
*
)
os
.
data
,
os
.
length
);
...
...
@@ -536,7 +560,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
os
.
length
=
0
;
os
.
data
=
NULL
;
M_ASN1_D2I_get_EXP_opt
(
osp
,
d2i_ASN1_OCTET_STRING
,
9
);
M_ASN1_D2I_get_EXP_opt
(
osp
,
d2i_ASN1_OCTET_STRING
,
10
);
if
(
os
.
data
)
{
ret
->
psk_identity
=
BUF_strndup
((
char
*
)
os
.
data
,
os
.
length
);
...
...
This diff is collapsed.
Click to expand it.
ssl/ssl_locl.h
浏览文件 @
33273721
...
...
@@ -970,6 +970,11 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
SSL_COMP
*
ssl3_comp_find
(
STACK_OF
(
SSL_COMP
)
*
sk
,
int
n
);
#ifndef OPENSSL_NO_EC
int
tls1_ec_curve_id2nid
(
int
curve_id
);
int
tls1_ec_nid2curve_id
(
int
nid
);
#endif
/* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_TLSEXT
unsigned
char
*
ssl_add_clienthello_tlsext
(
SSL
*
s
,
unsigned
char
*
p
,
unsigned
char
*
limit
);
unsigned
char
*
ssl_add_serverhello_tlsext
(
SSL
*
s
,
unsigned
char
*
p
,
unsigned
char
*
limit
);
...
...
This diff is collapsed.
Click to expand it.
ssl/ssl_sess.c
浏览文件 @
33273721
...
...
@@ -206,6 +206,8 @@ SSL_SESSION *SSL_SESSION_new(void)
#ifndef OPENSSL_NO_EC
ss
->
tlsext_ecpointformatlist_length
=
0
;
ss
->
tlsext_ecpointformatlist
=
NULL
;
ss
->
tlsext_ellipticcurvelist_length
=
0
;
ss
->
tlsext_ellipticcurvelist
=
NULL
;
#endif
#endif
CRYPTO_new_ex_data
(
CRYPTO_EX_INDEX_SSL_SESSION
,
ss
,
&
ss
->
ex_data
);
...
...
@@ -369,6 +371,18 @@ int ssl_get_new_session(SSL *s, int session)
ss
->
tlsext_ecpointformatlist_length
=
s
->
tlsext_ecpointformatlist_length
;
memcpy
(
ss
->
tlsext_ecpointformatlist
,
s
->
tlsext_ecpointformatlist
,
s
->
tlsext_ecpointformatlist_length
);
}
if
(
s
->
tlsext_ellipticcurvelist
)
{
if
(
ss
->
tlsext_ellipticcurvelist
!=
NULL
)
OPENSSL_free
(
ss
->
tlsext_ellipticcurvelist
);
if
((
ss
->
tlsext_ellipticcurvelist
=
OPENSSL_malloc
(
s
->
tlsext_ellipticcurvelist_length
))
==
NULL
)
{
SSLerr
(
SSL_F_SSL_GET_NEW_SESSION
,
ERR_R_MALLOC_FAILURE
);
SSL_SESSION_free
(
ss
);
return
0
;
}
ss
->
tlsext_ellipticcurvelist_length
=
s
->
tlsext_ellipticcurvelist_length
;
memcpy
(
ss
->
tlsext_ellipticcurvelist
,
s
->
tlsext_ellipticcurvelist
,
s
->
tlsext_ellipticcurvelist_length
);
}
#endif
#endif
}
...
...
@@ -665,6 +679,8 @@ void SSL_SESSION_free(SSL_SESSION *ss)
#ifndef OPENSSL_NO_EC
ss
->
tlsext_ecpointformatlist_length
=
0
;
if
(
ss
->
tlsext_ecpointformatlist
!=
NULL
)
OPENSSL_free
(
ss
->
tlsext_ecpointformatlist
);
ss
->
tlsext_ellipticcurvelist_length
=
0
;
if
(
ss
->
tlsext_ellipticcurvelist
!=
NULL
)
OPENSSL_free
(
ss
->
tlsext_ellipticcurvelist
);
#endif
/* OPENSSL_NO_EC */
#endif
#ifndef OPENSSL_NO_PSK
...
...
This diff is collapsed.
Click to expand it.
ssl/t1_lib.c
浏览文件 @
33273721
...
...
@@ -201,6 +201,26 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
memcpy
(
ret
,
s
->
tlsext_ecpointformatlist
,
s
->
tlsext_ecpointformatlist_length
);
ret
+=
s
->
tlsext_ecpointformatlist_length
;
}
if
(
s
->
tlsext_ellipticcurvelist
!=
NULL
)
{
/* Add TLS extension EllipticCurves to the ClientHello message */
long
lenmax
;
if
((
lenmax
=
limit
-
p
-
5
)
<
0
)
return
NULL
;
if
(
s
->
tlsext_ellipticcurvelist_length
>
(
unsigned
long
)
lenmax
)
return
NULL
;
if
(
s
->
tlsext_ellipticcurvelist_length
>
255
)
{
SSLerr
(
SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT
,
ERR_R_INTERNAL_ERROR
);
return
NULL
;
}
s2n
(
TLSEXT_TYPE_elliptic_curves
,
ret
);
s2n
(
s
->
tlsext_ellipticcurvelist_length
+
2
,
ret
);
*
(
ret
++
)
=
(
unsigned
char
)
((
s
->
tlsext_ellipticcurvelist_length
>>
8
)
&
0xFF
);
*
(
ret
++
)
=
(
unsigned
char
)
(
s
->
tlsext_ellipticcurvelist_length
&
0xFF
);
memcpy
(
ret
,
s
->
tlsext_ellipticcurvelist
,
s
->
tlsext_ellipticcurvelist_length
);
ret
+=
s
->
tlsext_ellipticcurvelist_length
;
}
#endif
/* OPENSSL_NO_EC */
if
((
extdatalen
=
ret
-
p
-
2
)
==
0
)
...
...
@@ -245,6 +265,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
memcpy
(
ret
,
s
->
tlsext_ecpointformatlist
,
s
->
tlsext_ecpointformatlist_length
);
ret
+=
s
->
tlsext_ecpointformatlist_length
;
}
/* Currently the server should not respond with a SupportedCurves extension */
#endif
/* OPENSSL_NO_EC */
if
((
extdatalen
=
ret
-
p
-
2
)
==
0
)
...
...
@@ -382,6 +403,34 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
fprintf(stderr,"%i ",*(sdata++));
fprintf(stderr,"\n");
#endif
}
else
if
(
type
==
TLSEXT_TYPE_elliptic_curves
)
{
unsigned
char
*
sdata
=
data
;
int
ellipticcurvelist_length
=
(
*
(
sdata
++
)
<<
8
);
ellipticcurvelist_length
+=
(
*
(
sdata
++
));
if
(
ellipticcurvelist_length
!=
size
-
2
)
{
*
al
=
TLS1_AD_DECODE_ERROR
;
return
0
;
}
s
->
session
->
tlsext_ellipticcurvelist_length
=
0
;
if
(
s
->
session
->
tlsext_ellipticcurvelist
!=
NULL
)
OPENSSL_free
(
s
->
session
->
tlsext_ellipticcurvelist
);
if
((
s
->
session
->
tlsext_ellipticcurvelist
=
OPENSSL_malloc
(
ellipticcurvelist_length
))
==
NULL
)
{
*
al
=
TLS1_AD_INTERNAL_ERROR
;
return
0
;
}
s
->
session
->
tlsext_ellipticcurvelist_length
=
ellipticcurvelist_length
;
memcpy
(
s
->
session
->
tlsext_ellipticcurvelist
,
sdata
,
ellipticcurvelist_length
);
#if 0
fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length);
sdata = s->session->tlsext_ellipticcurvelist;
for (i = 0; i < s->session->tlsext_ellipticcurvelist_length; i++)
fprintf(stderr,"%i ",*(sdata++));
fprintf(stderr,"\n");
#endif
}
#endif
/* OPENSSL_NO_EC */
...
...
@@ -400,9 +449,6 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
unsigned
char
*
data
=
*
p
;
int
tlsext_servername
=
0
;
#ifndef OPENSSL_NO_EC
int
tlsext_ecpointformats
=
0
;
#endif
/* OPENSSL_NO_EC */
if
(
data
>=
(
d
+
n
-
2
))
return
1
;
...
...
@@ -486,31 +532,6 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
}
}
#ifndef OPENSSL_NO_EC
if
(
!
s
->
hit
&&
tlsext_ecpointformats
==
1
)
{
if
(
s
->
tlsext_ecpointformatlist
)
{
if
(
s
->
session
->
tlsext_ecpointformatlist
==
NULL
)
{
s
->
session
->
tlsext_ecpointformatlist_length
=
s
->
tlsext_ecpointformatlist_length
;
if
(
s
->
session
->
tlsext_ecpointformatlist
!=
NULL
)
OPENSSL_free
(
s
->
session
->
tlsext_ecpointformatlist
);
if
((
s
->
session
->
tlsext_ecpointformatlist
=
OPENSSL_malloc
(
s
->
tlsext_ecpointformatlist_length
))
==
NULL
)
{
*
al
=
TLS1_AD_INTERNAL_ERROR
;
return
0
;
}
memcpy
(
s
->
session
->
tlsext_ecpointformatlist
,
s
->
tlsext_ecpointformatlist
,
s
->
tlsext_ecpointformatlist_length
);
}
else
{
*
al
=
SSL_AD_DECODE_ERROR
;
return
0
;
}
}
}
#endif
/* OPENSSL_NO_EC */
*
p
=
data
;
return
1
;
}
...
...
@@ -518,11 +539,12 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
int
ssl_prepare_clienthello_tlsext
(
SSL
*
s
)
{
#ifndef OPENSSL_NO_EC
/* If we are client and using an elliptic curve cryptography cipher suite, send the point formats
we
* support.
/* If we are client and using an elliptic curve cryptography cipher suite, send the point formats
*
and elliptic curves we
support.
*/
int
using_ecc
=
0
;
int
i
;
unsigned
char
*
j
;
int
algs
;
STACK_OF
(
SSL_CIPHER
)
*
cipher_stack
=
SSL_get_ciphers
(
s
);
for
(
i
=
0
;
i
<
sk_SSL_CIPHER_num
(
cipher_stack
);
i
++
)
...
...
@@ -548,6 +570,19 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
s
->
tlsext_ecpointformatlist
[
0
]
=
TLSEXT_ECPOINTFORMAT_uncompressed
;
s
->
tlsext_ecpointformatlist
[
1
]
=
TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime
;
s
->
tlsext_ecpointformatlist
[
2
]
=
TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
;
/* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
if
(
s
->
tlsext_ellipticcurvelist
!=
NULL
)
OPENSSL_free
(
s
->
tlsext_ellipticcurvelist
);
if
((
s
->
tlsext_ellipticcurvelist
=
OPENSSL_malloc
(
50
))
==
NULL
)
{
SSLerr
(
SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT
,
ERR_R_MALLOC_FAILURE
);
return
-
1
;
}
s
->
tlsext_ellipticcurvelist_length
=
50
;
for
(
i
=
1
,
j
=
s
->
tlsext_ellipticcurvelist
;
i
<=
25
;
i
++
)
{
*
(
j
++
)
=
0x00
;
*
(
j
++
)
=
i
;
}
}
#endif
/* OPENSSL_NO_EC */
return
1
;
...
...
@@ -557,7 +592,8 @@ int ssl_prepare_serverhello_tlsext(SSL *s)
{
#ifndef OPENSSL_NO_EC
/* If we are server and using an ECC cipher suite, send the point formats we support
* if the client sent us an ECPointsFormat extension.
* if the client sent us an ECPointsFormat extension. Note that the server is not
* supposed to send an EllipticCurves extension.
*/
int
algs
=
s
->
s3
->
tmp
.
new_cipher
->
algorithms
;
int
using_ecc
=
(
algs
&
SSL_kECDH
)
||
(
algs
&
SSL_kECDHE
)
||
(
algs
&
SSL_aECDSA
);
...
...
@@ -586,10 +622,11 @@ int ssl_check_clienthello_tlsext(SSL *s)
int
al
=
SSL_AD_UNRECOGNIZED_NAME
;
#ifndef OPENSSL_NO_EC
/* If we are server and using an elliptic curve cyrptography cipher suite, then we don't
* need to check EC point formats since all clients must support uncompressed and it's the
* only thing we support; we just need to copy the data in. We probably ought to check it
* for validity, but we never use it.
/* The handling of the ECPointFormats extension is done elsewhere, namely in
* ssl3_choose_cipher in s3_lib.c.
*/
/* The handling of the EllipticCurves extension is done elsewhere, namely in
* ssl3_choose_cipher in s3_lib.c.
*/
#endif
...
...
@@ -675,3 +712,102 @@ int ssl_check_serverhello_tlsext(SSL *s)
}
}
#endif
#ifndef OPENSSL_NO_EC
int
tls1_ec_curve_id2nid
(
int
curve_id
)
{
/* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
static
int
nid_list
[
26
]
=
{
0
,
NID_sect163k1
,
/* sect163k1 (1) */
NID_sect163r1
,
/* sect163r1 (2) */
NID_sect163r2
,
/* sect163r2 (3) */
NID_sect193r1
,
/* sect193r1 (4) */
NID_sect193r2
,
/* sect193r2 (5) */
NID_sect233k1
,
/* sect233k1 (6) */
NID_sect233r1
,
/* sect233r1 (7) */
NID_sect239k1
,
/* sect239k1 (8) */
NID_sect283k1
,
/* sect283k1 (9) */
NID_sect283r1
,
/* sect283r1 (10) */
NID_sect409k1
,
/* sect409k1 (11) */
NID_sect409r1
,
/* sect409r1 (12) */
NID_sect571k1
,
/* sect571k1 (13) */
NID_sect571r1
,
/* sect571r1 (14) */
NID_secp160k1
,
/* secp160k1 (15) */
NID_secp160r1
,
/* secp160r1 (16) */
NID_secp160r2
,
/* secp160r2 (17) */
NID_secp192k1
,
/* secp192k1 (18) */
NID_X9_62_prime192v1
,
/* secp192r1 (19) */
NID_secp224k1
,
/* secp224k1 (20) */
NID_secp224r1
,
/* secp224r1 (21) */
NID_secp256k1
,
/* secp256k1 (22) */
NID_X9_62_prime256v1
,
/* secp256r1 (23) */
NID_secp384r1
,
/* secp384r1 (24) */
NID_secp521r1
/* secp521r1 (25) */
};
if
((
curve_id
<
1
)
||
(
curve_id
>
25
))
return
0
;
return
nid_list
[
curve_id
];
}
int
tls1_ec_nid2curve_id
(
int
nid
)
{
/* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
switch
(
nid
)
{
case
NID_sect163k1
:
/* sect163k1 (1) */
return
1
;
case
NID_sect163r1
:
/* sect163r1 (2) */
return
2
;
case
NID_sect163r2
:
/* sect163r2 (3) */
return
3
;
case
NID_sect193r1
:
/* sect193r1 (4) */
return
4
;
case
NID_sect193r2
:
/* sect193r2 (5) */
return
5
;
case
NID_sect233k1
:
/* sect233k1 (6) */
return
6
;
case
NID_sect233r1
:
/* sect233r1 (7) */
return
7
;
case
NID_sect239k1
:
/* sect239k1 (8) */
return
8
;
case
NID_sect283k1
:
/* sect283k1 (9) */
return
9
;
case
NID_sect283r1
:
/* sect283r1 (10) */
return
10
;
case
NID_sect409k1
:
/* sect409k1 (11) */
return
11
;
case
NID_sect409r1
:
/* sect409r1 (12) */
return
12
;
case
NID_sect571k1
:
/* sect571k1 (13) */
return
13
;
case
NID_sect571r1
:
/* sect571r1 (14) */
return
14
;
case
NID_secp160k1
:
/* secp160k1 (15) */
return
15
;
case
NID_secp160r1
:
/* secp160r1 (16) */
return
16
;
case
NID_secp160r2
:
/* secp160r2 (17) */
return
17
;
case
NID_secp192k1
:
/* secp192k1 (18) */
return
18
;
case
NID_X9_62_prime192v1
:
/* secp192r1 (19) */
return
19
;
case
NID_secp224k1
:
/* secp224k1 (20) */
return
20
;
case
NID_secp224r1
:
/* secp224r1 (21) */
return
21
;
case
NID_secp256k1
:
/* secp256k1 (22) */
return
22
;
case
NID_X9_62_prime256v1
:
/* secp256r1 (23) */
return
23
;
case
NID_secp384r1
:
/* secp384r1 (24) */
return
24
;
case
NID_secp521r1
:
/* secp521r1 (25) */
return
25
;
default:
return
0
;
}
}
#endif
/* OPENSSL_NO_EC */
This diff is collapsed.
Click to expand it.
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录
新手
引导
客服
返回
顶部