Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
348240c6
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
348240c6
编写于
10月 19, 2016
作者:
M
Matt Caswell
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Fix misc size_t issues causing Windows warnings in 64 bit
Reviewed-by:
N
Rich Salz
<
rsalz@openssl.org
>
上级
a14aa99b
变更
17
隐藏空白更改
内联
并排
Showing
17 changed file
with
137 addition
and
112 deletion
+137
-112
ssl/record/ssl3_record.c
ssl/record/ssl3_record.c
+2
-2
ssl/s3_cbc.c
ssl/s3_cbc.c
+1
-1
ssl/s3_enc.c
ssl/s3_enc.c
+1
-1
ssl/s3_lib.c
ssl/s3_lib.c
+6
-4
ssl/ssl_asn1.c
ssl/ssl_asn1.c
+1
-1
ssl/ssl_ciph.c
ssl/ssl_ciph.c
+1
-1
ssl/ssl_lib.c
ssl/ssl_lib.c
+32
-25
ssl/ssl_mcnf.c
ssl/ssl_mcnf.c
+2
-2
ssl/ssl_sess.c
ssl/ssl_sess.c
+5
-5
ssl/ssl_txt.c
ssl/ssl_txt.c
+2
-1
ssl/statem/statem_clnt.c
ssl/statem/statem_clnt.c
+22
-14
ssl/statem/statem_dtls.c
ssl/statem/statem_dtls.c
+3
-4
ssl/statem/statem_lib.c
ssl/statem/statem_lib.c
+1
-1
ssl/statem/statem_srvr.c
ssl/statem/statem_srvr.c
+17
-15
ssl/t1_enc.c
ssl/t1_enc.c
+12
-10
ssl/t1_lib.c
ssl/t1_lib.c
+26
-22
ssl/t1_reneg.c
ssl/t1_reneg.c
+3
-3
未找到文件。
ssl/record/ssl3_record.c
浏览文件 @
348240c6
...
...
@@ -1022,8 +1022,8 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
header
[
8
]
=
rec
->
type
;
header
[
9
]
=
(
unsigned
char
)(
ssl
->
version
>>
8
);
header
[
10
]
=
(
unsigned
char
)(
ssl
->
version
);
header
[
11
]
=
(
rec
->
length
)
>>
8
;
header
[
12
]
=
(
rec
->
length
)
&
0xff
;
header
[
11
]
=
(
unsigned
char
)(
rec
->
length
>>
8
)
;
header
[
12
]
=
(
unsigned
char
)(
rec
->
length
&
0xff
)
;
if
(
!
send
&&
!
SSL_USE_ETM
(
ssl
)
&&
EVP_CIPHER_CTX_mode
(
ssl
->
enc_read_ctx
)
==
EVP_CIPH_CBC_MODE
&&
...
...
ssl/s3_cbc.c
浏览文件 @
348240c6
...
...
@@ -357,7 +357,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
if
(
k
>
0
)
{
if
(
is_sslv3
)
{
unsigned
overhang
;
size_t
overhang
;
/*
* The SSLv3 header is larger than a single block. overhang is
...
...
ssl/s3_enc.c
浏览文件 @
348240c6
...
...
@@ -439,7 +439,7 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
if
((
sender
!=
NULL
&&
EVP_DigestUpdate
(
ctx
,
sender
,
len
)
<=
0
)
||
EVP_MD_CTX_ctrl
(
ctx
,
EVP_CTRL_SSL3_MASTER_SECRET
,
s
->
session
->
master_key_length
,
(
int
)
s
->
session
->
master_key_length
,
s
->
session
->
master_key
)
<=
0
||
EVP_DigestFinal_ex
(
ctx
,
p
,
NULL
)
<=
0
)
{
SSLerr
(
SSL_F_SSL3_FINAL_FINISH_MAC
,
ERR_R_INTERNAL_ERROR
);
...
...
ssl/s3_lib.c
浏览文件 @
348240c6
...
...
@@ -3035,9 +3035,10 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
case
SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP
:
*
(
unsigned
char
**
)
parg
=
s
->
tlsext_ocsp_resp
;
if
(
s
->
tlsext_ocsp_resplen
==
0
)
if
(
s
->
tlsext_ocsp_resplen
==
0
||
s
->
tlsext_ocsp_resplen
>
LONG_MAX
)
return
-
1
;
return
s
->
tlsext_ocsp_resplen
;
return
(
long
)
s
->
tlsext_ocsp_resplen
;
case
SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP
:
OPENSSL_free
(
s
->
tlsext_ocsp_resp
);
...
...
@@ -3955,9 +3956,10 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len)
unsigned
long
Time
=
(
unsigned
long
)
time
(
NULL
);
unsigned
char
*
p
=
result
;
l2n
(
Time
,
p
);
return
RAND_bytes
(
p
,
len
-
4
);
/* TODO(size_t): Convert this */
return
RAND_bytes
(
p
,
(
int
)(
len
-
4
));
}
else
return
RAND_bytes
(
result
,
len
);
return
RAND_bytes
(
result
,
(
int
)
len
);
}
int
ssl_generate_master_secret
(
SSL
*
s
,
unsigned
char
*
pms
,
size_t
pmslen
,
...
...
ssl/ssl_asn1.c
浏览文件 @
348240c6
...
...
@@ -102,7 +102,7 @@ static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os,
unsigned
char
*
data
,
size_t
len
)
{
os
->
data
=
data
;
os
->
length
=
len
;
os
->
length
=
(
int
)
len
;
os
->
flags
=
0
;
*
dest
=
os
;
}
...
...
ssl/ssl_ciph.c
浏览文件 @
348240c6
...
...
@@ -175,7 +175,7 @@ static int ssl_cipher_info_find(const ssl_cipher_table * table,
size_t
i
;
for
(
i
=
0
;
i
<
table_cnt
;
i
++
,
table
++
)
{
if
(
table
->
mask
==
mask
)
return
i
;
return
(
int
)
i
;
}
return
-
1
;
}
...
...
ssl/ssl_lib.c
浏览文件 @
348240c6
...
...
@@ -80,7 +80,7 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = {
struct
ssl_async_args
{
SSL
*
s
;
void
*
buf
;
in
t
num
;
size_
t
num
;
enum
{
READFUNC
,
WRITEFUNC
,
OTHERFUNC
}
type
;
union
{
int
(
*
func_read
)
(
SSL
*
,
void
*
,
size_t
,
size_t
*
);
...
...
@@ -318,14 +318,14 @@ static int dane_tlsa_add(SSL_DANE *dane,
t
->
usage
=
usage
;
t
->
selector
=
selector
;
t
->
mtype
=
mtype
;
t
->
data
=
OPENSSL_malloc
(
i
len
);
t
->
data
=
OPENSSL_malloc
(
d
len
);
if
(
t
->
data
==
NULL
)
{
tlsa_free
(
t
);
SSLerr
(
SSL_F_DANE_TLSA_ADD
,
ERR_R_MALLOC_FAILURE
);
return
-
1
;
}
memcpy
(
t
->
data
,
data
,
i
len
);
t
->
dlen
=
i
len
;
memcpy
(
t
->
data
,
data
,
d
len
);
t
->
dlen
=
d
len
;
/* Validate and cache full certificate or public key */
if
(
mtype
==
DANETLS_MATCHING_FULL
)
{
...
...
@@ -335,7 +335,7 @@ static int dane_tlsa_add(SSL_DANE *dane,
switch
(
selector
)
{
case
DANETLS_SELECTOR_CERT
:
if
(
!
d2i_X509
(
&
cert
,
&
p
,
d
len
)
||
p
<
data
||
if
(
!
d2i_X509
(
&
cert
,
&
p
,
i
len
)
||
p
<
data
||
dlen
!=
(
size_t
)(
p
-
data
))
{
tlsa_free
(
t
);
SSLerr
(
SSL_F_DANE_TLSA_ADD
,
SSL_R_DANE_TLSA_BAD_CERTIFICATE
);
...
...
@@ -370,7 +370,7 @@ static int dane_tlsa_add(SSL_DANE *dane,
break
;
case
DANETLS_SELECTOR_SPKI
:
if
(
!
d2i_PUBKEY
(
&
pkey
,
&
p
,
d
len
)
||
p
<
data
||
if
(
!
d2i_PUBKEY
(
&
pkey
,
&
p
,
i
len
)
||
p
<
data
||
dlen
!=
(
size_t
)(
p
-
data
))
{
tlsa_free
(
t
);
SSLerr
(
SSL_F_DANE_TLSA_ADD
,
SSL_R_DANE_TLSA_BAD_PUBLIC_KEY
);
...
...
@@ -1304,7 +1304,7 @@ int SSL_pending(const SSL *s)
* SSL_pending also cannot work properly if the value >INT_MAX. In that case
* we just return INT_MAX.
*/
return
pending
<
INT_MAX
?
pending
:
INT_MAX
;
return
pending
<
INT_MAX
?
(
int
)
pending
:
INT_MAX
;
}
int
SSL_has_pending
(
const
SSL
*
s
)
...
...
@@ -1382,7 +1382,7 @@ int SSL_copy_session_id(SSL *t, const SSL *f)
CRYPTO_atomic_add
(
&
f
->
cert
->
references
,
1
,
&
i
,
f
->
cert
->
lock
);
ssl_cert_free
(
t
->
cert
);
t
->
cert
=
f
->
cert
;
if
(
!
SSL_set_session_id_context
(
t
,
f
->
sid_ctx
,
f
->
sid_ctx_length
))
{
if
(
!
SSL_set_session_id_context
(
t
,
f
->
sid_ctx
,
(
int
)
f
->
sid_ctx_length
))
{
return
0
;
}
...
...
@@ -1513,7 +1513,7 @@ static int ssl_io_intern(void *vargs)
struct
ssl_async_args
*
args
;
SSL
*
s
;
void
*
buf
;
in
t
num
;
size_
t
num
;
args
=
(
struct
ssl_async_args
*
)
vargs
;
s
=
args
->
s
;
...
...
@@ -1767,11 +1767,13 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
case
SSL_CTRL_CLEAR_MODE
:
return
(
s
->
mode
&=
~
larg
);
case
SSL_CTRL_GET_MAX_CERT_LIST
:
return
(
s
->
max_cert_list
);
return
(
long
)(
s
->
max_cert_list
);
case
SSL_CTRL_SET_MAX_CERT_LIST
:
l
=
s
->
max_cert_list
;
s
->
max_cert_list
=
larg
;
return
(
l
);
if
(
larg
<
0
)
return
0
;
l
=
(
long
)
s
->
max_cert_list
;
s
->
max_cert_list
=
(
size_t
)
larg
;
return
l
;
case
SSL_CTRL_SET_MAX_SEND_FRAGMENT
:
if
(
larg
<
512
||
larg
>
SSL3_RT_MAX_PLAIN_LENGTH
)
return
0
;
...
...
@@ -1879,18 +1881,22 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
return
1
;
case
SSL_CTRL_GET_MAX_CERT_LIST
:
return
(
ctx
->
max_cert_list
);
return
(
long
)(
ctx
->
max_cert_list
);
case
SSL_CTRL_SET_MAX_CERT_LIST
:
l
=
ctx
->
max_cert_list
;
ctx
->
max_cert_list
=
larg
;
return
(
l
);
if
(
larg
<
0
)
return
0
;
l
=
(
long
)
ctx
->
max_cert_list
;
ctx
->
max_cert_list
=
(
size_t
)
larg
;
return
l
;
case
SSL_CTRL_SET_SESS_CACHE_SIZE
:
l
=
ctx
->
session_cache_size
;
ctx
->
session_cache_size
=
larg
;
return
(
l
);
if
(
larg
<
0
)
return
0
;
l
=
(
long
)
ctx
->
session_cache_size
;
ctx
->
session_cache_size
=
(
size_t
)
larg
;
return
l
;
case
SSL_CTRL_GET_SESS_CACHE_SIZE
:
return
(
ctx
->
session_cache_size
);
return
(
long
)(
ctx
->
session_cache_size
);
case
SSL_CTRL_SET_SESS_CACHE_MODE
:
l
=
ctx
->
session_cache_mode
;
ctx
->
session_cache_mode
=
larg
;
...
...
@@ -2249,7 +2255,7 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
if
(
!*
data
)
{
*
len
=
0
;
}
else
{
*
len
=
s
->
next_proto_negotiated_len
;
*
len
=
(
unsigned
int
)
s
->
next_proto_negotiated_len
;
}
}
...
...
@@ -2366,7 +2372,7 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
if
(
*
data
==
NULL
)
*
len
=
0
;
else
*
len
=
ssl
->
s3
->
alpn_selected_len
;
*
len
=
(
unsigned
int
)
ssl
->
s3
->
alpn_selected_len
;
}
int
SSL_export_keying_material
(
SSL
*
s
,
unsigned
char
*
out
,
size_t
olen
,
...
...
@@ -3227,7 +3233,8 @@ SSL *SSL_dup(SSL *s)
goto
err
;
}
if
(
!
SSL_set_session_id_context
(
ret
,
s
->
sid_ctx
,
s
->
sid_ctx_length
))
if
(
!
SSL_set_session_id_context
(
ret
,
s
->
sid_ctx
,
(
int
)
s
->
sid_ctx_length
))
goto
err
;
}
...
...
@@ -4068,7 +4075,7 @@ static int ct_extract_ocsp_response_scts(SSL *s)
goto
err
;
p
=
s
->
tlsext_ocsp_resp
;
rsp
=
d2i_OCSP_RESPONSE
(
NULL
,
&
p
,
s
->
tlsext_ocsp_resplen
);
rsp
=
d2i_OCSP_RESPONSE
(
NULL
,
&
p
,
(
int
)
s
->
tlsext_ocsp_resplen
);
if
(
rsp
==
NULL
)
goto
err
;
...
...
ssl/ssl_mcnf.c
浏览文件 @
348240c6
...
...
@@ -73,7 +73,7 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
ssl_names_count
=
cnt
;
for
(
i
=
0
;
i
<
ssl_names_count
;
i
++
)
{
struct
ssl_conf_name
*
ssl_name
=
ssl_names
+
i
;
CONF_VALUE
*
sect
=
sk_CONF_VALUE_value
(
cmd_lists
,
i
);
CONF_VALUE
*
sect
=
sk_CONF_VALUE_value
(
cmd_lists
,
(
int
)
i
);
STACK_OF
(
CONF_VALUE
)
*
cmds
=
NCONF_get_section
(
cnf
,
sect
->
value
);
if
(
sk_CONF_VALUE_num
(
cmds
)
<=
0
)
{
if
(
cmds
==
NULL
)
...
...
@@ -94,7 +94,7 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
ssl_name
->
cmd_count
=
cnt
;
for
(
j
=
0
;
j
<
cnt
;
j
++
)
{
const
char
*
name
;
CONF_VALUE
*
cmd_conf
=
sk_CONF_VALUE_value
(
cmds
,
j
);
CONF_VALUE
*
cmd_conf
=
sk_CONF_VALUE_value
(
cmds
,
(
int
)
j
);
struct
ssl_conf_cmd
*
cmd
=
ssl_name
->
cmds
+
j
;
/* Skip any initial dot in name */
name
=
strchr
(
cmd_conf
->
name
,
'.'
);
...
...
ssl/ssl_sess.c
浏览文件 @
348240c6
...
...
@@ -236,14 +236,14 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
const
unsigned
char
*
SSL_SESSION_get_id
(
const
SSL_SESSION
*
s
,
unsigned
int
*
len
)
{
if
(
len
)
*
len
=
s
->
session_id_length
;
*
len
=
(
unsigned
int
)
s
->
session_id_length
;
return
s
->
session_id
;
}
const
unsigned
char
*
SSL_SESSION_get0_id_context
(
const
SSL_SESSION
*
s
,
unsigned
int
*
len
)
{
if
(
len
!=
NULL
)
*
len
=
s
->
sid_ctx_length
;
*
len
=
(
unsigned
int
)
s
->
sid_ctx_length
;
return
s
->
sid_ctx
;
}
...
...
@@ -369,7 +369,7 @@ int ssl_get_new_session(SSL *s, int session)
CRYPTO_THREAD_unlock
(
s
->
lock
);
/* Choose a session ID */
memset
(
ss
->
session_id
,
0
,
ss
->
session_id_length
);
tmp
=
ss
->
session_id_length
;
tmp
=
(
int
)
ss
->
session_id_length
;
if
(
!
cb
(
s
,
ss
->
session_id
,
&
tmp
))
{
/* The callback failed */
SSLerr
(
SSL_F_SSL_GET_NEW_SESSION
,
...
...
@@ -391,7 +391,7 @@ int ssl_get_new_session(SSL *s, int session)
ss
->
session_id_length
=
tmp
;
/* Finally, check for a conflict */
if
(
SSL_has_matching_session_id
(
s
,
ss
->
session_id
,
ss
->
session_id_length
))
{
(
unsigned
int
)
ss
->
session_id_length
))
{
SSLerr
(
SSL_F_SSL_GET_NEW_SESSION
,
SSL_R_SSL_SESSION_ID_CONFLICT
);
SSL_SESSION_free
(
ss
);
return
(
0
);
...
...
@@ -502,7 +502,7 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id)
ret
==
NULL
&&
s
->
session_ctx
->
get_session_cb
!=
NULL
)
{
int
copy
=
1
;
ret
=
s
->
session_ctx
->
get_session_cb
(
s
,
PACKET_data
(
session_id
),
PACKET_remaining
(
session_id
),
(
int
)
PACKET_remaining
(
session_id
),
&
copy
);
if
(
ret
!=
NULL
)
{
...
...
ssl/ssl_txt.c
浏览文件 @
348240c6
...
...
@@ -128,8 +128,9 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
if
(
x
->
tlsext_tick
)
{
if
(
BIO_puts
(
bp
,
"
\n
TLS session ticket:
\n
"
)
<=
0
)
goto
err
;
/* TODO(size_t): Convert this call */
if
(
BIO_dump_indent
(
bp
,
(
const
char
*
)
x
->
tlsext_tick
,
x
->
tlsext_ticklen
,
4
)
(
bp
,
(
const
char
*
)
x
->
tlsext_tick
,
(
int
)
x
->
tlsext_ticklen
,
4
)
<=
0
)
goto
err
;
}
...
...
ssl/statem/statem_clnt.c
浏览文件 @
348240c6
...
...
@@ -1358,18 +1358,19 @@ static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
return
0
;
}
/* TODO(size_t): Convert BN_bin2bn() calls */
if
((
s
->
srp_ctx
.
N
=
BN_bin2bn
(
PACKET_data
(
&
prime
),
PACKET_remaining
(
&
prime
),
NULL
))
==
NULL
(
int
)
PACKET_remaining
(
&
prime
),
NULL
))
==
NULL
||
(
s
->
srp_ctx
.
g
=
BN_bin2bn
(
PACKET_data
(
&
generator
),
PACKET_remaining
(
&
generator
),
NULL
))
==
NULL
(
int
)
PACKET_remaining
(
&
generator
),
NULL
))
==
NULL
||
(
s
->
srp_ctx
.
s
=
BN_bin2bn
(
PACKET_data
(
&
salt
),
PACKET_remaining
(
&
salt
),
NULL
))
==
NULL
(
int
)
PACKET_remaining
(
&
salt
),
NULL
))
==
NULL
||
(
s
->
srp_ctx
.
B
=
BN_bin2bn
(
PACKET_data
(
&
server_pub
),
PACKET_remaining
(
&
server_pub
),
NULL
))
==
NULL
)
{
(
int
)
PACKET_remaining
(
&
server_pub
),
NULL
))
==
NULL
)
{
*
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_SKE_SRP
,
ERR_R_BN_LIB
);
return
0
;
...
...
@@ -1419,10 +1420,12 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
goto
err
;
}
p
=
BN_bin2bn
(
PACKET_data
(
&
prime
),
PACKET_remaining
(
&
prime
),
NULL
);
g
=
BN_bin2bn
(
PACKET_data
(
&
generator
),
PACKET_remaining
(
&
generator
),
NULL
);
bnpub_key
=
BN_bin2bn
(
PACKET_data
(
&
pub_key
),
PACKET_remaining
(
&
pub_key
),
NULL
);
/* TODO(size_t): Convert these calls */
p
=
BN_bin2bn
(
PACKET_data
(
&
prime
),
(
int
)
PACKET_remaining
(
&
prime
),
NULL
);
g
=
BN_bin2bn
(
PACKET_data
(
&
generator
),
(
int
)
PACKET_remaining
(
&
generator
),
NULL
);
bnpub_key
=
BN_bin2bn
(
PACKET_data
(
&
pub_key
),
(
int
)
PACKET_remaining
(
&
pub_key
),
NULL
);
if
(
p
==
NULL
||
g
==
NULL
||
bnpub_key
==
NULL
)
{
*
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_SKE_DHE
,
ERR_R_BN_LIB
);
...
...
@@ -1710,8 +1713,10 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
ERR_R_EVP_LIB
);
goto
err
;
}
/* TODO(size_t): Convert this call */
if
(
EVP_VerifyFinal
(
md_ctx
,
PACKET_data
(
&
signature
),
PACKET_remaining
(
&
signature
),
pkey
)
<=
0
)
{
(
unsigned
int
)
PACKET_remaining
(
&
signature
),
pkey
)
<=
0
)
{
/* bad signature */
EVP_MD_CTX_free
(
md_ctx
);
al
=
SSL_AD_DECRYPT_ERROR
;
...
...
@@ -2193,7 +2198,8 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt, int *al)
pms
[
0
]
=
s
->
client_version
>>
8
;
pms
[
1
]
=
s
->
client_version
&
0xff
;
if
(
RAND_bytes
(
pms
+
2
,
pmslen
-
2
)
<=
0
)
{
/* TODO(size_t): Convert this function */
if
(
RAND_bytes
(
pms
+
2
,
(
int
)(
pmslen
-
2
))
<=
0
)
{
goto
err
;
}
...
...
@@ -2283,7 +2289,7 @@ static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt, int *al)
{
#ifndef OPENSSL_NO_EC
unsigned
char
*
encodedPoint
=
NULL
;
in
t
encoded_pt_len
=
0
;
size_
t
encoded_pt_len
=
0
;
EVP_PKEY
*
ckey
=
NULL
,
*
skey
=
NULL
;
int
ret
=
0
;
...
...
@@ -2375,8 +2381,10 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt, int *al)
}
if
(
EVP_PKEY_encrypt_init
(
pkey_ctx
)
<=
0
/* Generate session key */
||
RAND_bytes
(
pms
,
pmslen
)
<=
0
)
{
/* Generate session key
* TODO(size_t): Convert this function
*/
||
RAND_bytes
(
pms
,
(
int
)
pmslen
)
<=
0
)
{
*
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_CONSTRUCT_CKE_GOST
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
...
...
@@ -2617,7 +2625,7 @@ int tls_construct_client_verify(SSL *s, WPACKET *pkt)
||
!
EVP_SignUpdate
(
mctx
,
hdata
,
hdatalen
)
||
(
s
->
version
==
SSL3_VERSION
&&
!
EVP_MD_CTX_ctrl
(
mctx
,
EVP_CTRL_SSL3_MASTER_SECRET
,
s
->
session
->
master_key_length
,
(
int
)
s
->
session
->
master_key_length
,
s
->
session
->
master_key
))
||
!
EVP_SignFinal
(
mctx
,
sig
,
&
u
,
pkey
))
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY
,
ERR_R_EVP_LIB
);
...
...
ssl/statem/statem_dtls.c
浏览文件 @
348240c6
...
...
@@ -390,11 +390,10 @@ int dtls_get_message(SSL *s, int *mt, size_t *len)
* permitted in a DTLS handshake message for |s|. The minimum is 16KB, but
* may be greater if the maximum certificate list size requires it.
*/
static
unsigned
long
dtls1_max_handshake_message_len
(
const
SSL
*
s
)
static
size_t
dtls1_max_handshake_message_len
(
const
SSL
*
s
)
{
unsigned
long
max_len
=
DTLS1_HM_HEADER_LENGTH
+
SSL3_RT_MAX_ENCRYPTED_LENGTH
;
if
(
max_len
<
(
unsigned
long
)
s
->
max_cert_list
)
size_t
max_len
=
DTLS1_HM_HEADER_LENGTH
+
SSL3_RT_MAX_ENCRYPTED_LENGTH
;
if
(
max_len
<
s
->
max_cert_list
)
return
s
->
max_cert_list
;
return
max_len
;
}
...
...
ssl/statem/statem_lib.c
浏览文件 @
348240c6
...
...
@@ -155,7 +155,7 @@ static void ssl3_take_mac(SSL *s)
MSG_PROCESS_RETURN
tls_process_change_cipher_spec
(
SSL
*
s
,
PACKET
*
pkt
)
{
int
al
;
long
remain
;
size_t
remain
;
remain
=
PACKET_remaining
(
pkt
);
/*
...
...
ssl/statem/statem_srvr.c
浏览文件 @
348240c6
...
...
@@ -888,7 +888,8 @@ int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt)
MSG_PROCESS_RETURN
tls_process_client_hello
(
SSL
*
s
,
PACKET
*
pkt
)
{
int
i
,
al
=
SSL_AD_INTERNAL_ERROR
;
unsigned
int
j
,
complen
=
0
;
unsigned
int
j
;
size_t
loop
,
complen
=
0
;
unsigned
long
id
;
const
SSL_CIPHER
*
c
;
#ifndef OPENSSL_NO_COMP
...
...
@@ -1087,8 +1088,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
if
(
SSL_get_options
(
s
)
&
SSL_OP_COOKIE_EXCHANGE
)
{
if
(
s
->
ctx
->
app_verify_cookie_cb
!=
NULL
)
{
if
(
s
->
ctx
->
app_verify_cookie_cb
(
s
,
PACKET_data
(
&
cookie
),
PACKET_remaining
(
&
cookie
))
==
0
)
{
(
unsigned
int
)
PACKET_remaining
(
&
cookie
))
==
0
)
{
al
=
SSL_AD_HANDSHAKE_FAILURE
;
SSLerr
(
SSL_F_TLS_PROCESS_CLIENT_HELLO
,
SSL_R_COOKIE_MISMATCH
);
...
...
@@ -1197,12 +1197,12 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
}
complen
=
PACKET_remaining
(
&
compression
);
for
(
j
=
0
;
j
<
complen
;
j
++
)
{
if
(
PACKET_data
(
&
compression
)[
j
]
==
0
)
for
(
loop
=
0
;
loop
<
complen
;
loop
++
)
{
if
(
PACKET_data
(
&
compression
)[
loop
]
==
0
)
break
;
}
if
(
j
>=
complen
)
{
if
(
loop
>=
complen
)
{
/* no compress */
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_CLIENT_HELLO
,
SSL_R_NO_COMPRESSION_SPECIFIED
);
...
...
@@ -1576,7 +1576,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
#endif
#ifndef OPENSSL_NO_EC
unsigned
char
*
encodedPoint
=
NULL
;
in
t
encodedlen
=
0
;
size_
t
encodedlen
=
0
;
int
curve_id
=
0
;
#endif
EVP_PKEY
*
pkey
;
...
...
@@ -1909,7 +1909,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
int
tls_construct_certificate_request
(
SSL
*
s
,
WPACKET
*
pkt
)
{
int
i
,
nl
;
int
i
;
STACK_OF
(
X509_NAME
)
*
sk
=
NULL
;
/* get the list of acceptable cert types */
...
...
@@ -1922,7 +1922,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
if
(
SSL_USE_SIGALGS
(
s
))
{
const
unsigned
char
*
psigs
;
nl
=
tls12_get_psigalgs
(
s
,
&
psigs
);
size_t
nl
=
tls12_get_psigalgs
(
s
,
&
psigs
);
if
(
!
WPACKET_start_sub_packet_u16
(
pkt
)
||
!
tls12_copy_sigalgs
(
s
,
pkt
,
psigs
,
nl
)
||
!
WPACKET_close
(
pkt
))
{
...
...
@@ -2103,9 +2103,10 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al)
* Decrypt with no padding. PKCS#1 padding will be removed as part of
* the timing-sensitive code below.
*/
decrypt_len
=
RSA_private_decrypt
(
PACKET_remaining
(
&
enc_premaster
),
PACKET_data
(
&
enc_premaster
),
rsa_decrypt
,
rsa
,
RSA_NO_PADDING
);
/* TODO(size_t): Convert this function */
decrypt_len
=
(
int
)
RSA_private_decrypt
((
int
)
PACKET_remaining
(
&
enc_premaster
),
PACKET_data
(
&
enc_premaster
),
rsa_decrypt
,
rsa
,
RSA_NO_PADDING
);
if
(
decrypt_len
<
0
)
goto
err
;
...
...
@@ -2386,7 +2387,7 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt, int *al)
unsigned
long
alg_a
;
int
Ttag
,
Tclass
;
long
Tlen
;
long
sess_key_len
;
size_t
sess_key_len
;
const
unsigned
char
*
data
;
int
ret
=
0
;
...
...
@@ -2436,8 +2437,9 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt, int *al)
SSLerr
(
SSL_F_TLS_PROCESS_CKE_GOST
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
/* TODO(size_t): Convert this function */
if
(
ASN1_get_object
((
const
unsigned
char
**
)
&
data
,
&
Tlen
,
&
Ttag
,
&
Tclass
,
sess_key_len
)
!=
V_ASN1_CONSTRUCTED
&
Tclass
,
(
long
)
sess_key_len
)
!=
V_ASN1_CONSTRUCTED
||
Ttag
!=
V_ASN1_SEQUENCE
||
Tclass
!=
V_ASN1_UNIVERSAL
)
{
*
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_CKE_GOST
,
SSL_R_DECRYPTION_FAILED
);
...
...
@@ -2739,7 +2741,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
if
(
s
->
version
==
SSL3_VERSION
&&
!
EVP_MD_CTX_ctrl
(
mctx
,
EVP_CTRL_SSL3_MASTER_SECRET
,
s
->
session
->
master_key_length
,
(
int
)
s
->
session
->
master_key_length
,
s
->
session
->
master_key
))
{
SSLerr
(
SSL_F_TLS_PROCESS_CERT_VERIFY
,
ERR_R_EVP_LIB
);
al
=
SSL_AD_INTERNAL_ERROR
;
...
...
ssl/t1_enc.c
浏览文件 @
348240c6
...
...
@@ -64,18 +64,18 @@ static int tls1_PRF(SSL *s,
pctx
=
EVP_PKEY_CTX_new_id
(
EVP_PKEY_TLS1_PRF
,
NULL
);
if
(
pctx
==
NULL
||
EVP_PKEY_derive_init
(
pctx
)
<=
0
||
EVP_PKEY_CTX_set_tls1_prf_md
(
pctx
,
md
)
<=
0
||
EVP_PKEY_CTX_set1_tls1_prf_secret
(
pctx
,
sec
,
slen
)
<=
0
)
||
EVP_PKEY_CTX_set1_tls1_prf_secret
(
pctx
,
sec
,
(
int
)
slen
)
<=
0
)
goto
err
;
if
(
EVP_PKEY_CTX_add1_tls1_prf_seed
(
pctx
,
seed1
,
seed1_len
)
<=
0
)
if
(
EVP_PKEY_CTX_add1_tls1_prf_seed
(
pctx
,
seed1
,
(
int
)
seed1_len
)
<=
0
)
goto
err
;
if
(
EVP_PKEY_CTX_add1_tls1_prf_seed
(
pctx
,
seed2
,
seed2_len
)
<=
0
)
if
(
EVP_PKEY_CTX_add1_tls1_prf_seed
(
pctx
,
seed2
,
(
int
)
seed2_len
)
<=
0
)
goto
err
;
if
(
EVP_PKEY_CTX_add1_tls1_prf_seed
(
pctx
,
seed3
,
seed3_len
)
<=
0
)
if
(
EVP_PKEY_CTX_add1_tls1_prf_seed
(
pctx
,
seed3
,
(
int
)
seed3_len
)
<=
0
)
goto
err
;
if
(
EVP_PKEY_CTX_add1_tls1_prf_seed
(
pctx
,
seed4
,
seed4_len
)
<=
0
)
if
(
EVP_PKEY_CTX_add1_tls1_prf_seed
(
pctx
,
seed4
,
(
int
)
seed4_len
)
<=
0
)
goto
err
;
if
(
EVP_PKEY_CTX_add1_tls1_prf_seed
(
pctx
,
seed5
,
seed5_len
)
<=
0
)
if
(
EVP_PKEY_CTX_add1_tls1_prf_seed
(
pctx
,
seed5
,
(
int
)
seed5_len
)
<=
0
)
goto
err
;
if
(
EVP_PKEY_derive
(
pctx
,
out
,
&
olen
)
<=
0
)
...
...
@@ -250,8 +250,9 @@ int tls1_change_cipher_state(SSL *s, int which)
memcpy
(
mac_secret
,
ms
,
i
);
if
(
!
(
EVP_CIPHER_flags
(
c
)
&
EVP_CIPH_FLAG_AEAD_CIPHER
))
{
/* TODO(size_t): Convert this function */
mac_key
=
EVP_PKEY_new_mac_key
(
mac_type
,
NULL
,
mac_secret
,
*
mac_secret_size
);
mac_secret
,
(
int
)
*
mac_secret_size
);
if
(
mac_key
==
NULL
||
EVP_DigestSignInit
(
mac_ctx
,
NULL
,
m
,
NULL
,
mac_key
)
<=
0
)
{
EVP_PKEY_free
(
mac_key
);
...
...
@@ -271,7 +272,8 @@ int tls1_change_cipher_state(SSL *s, int which)
if
(
EVP_CIPHER_mode
(
c
)
==
EVP_CIPH_GCM_MODE
)
{
if
(
!
EVP_CipherInit_ex
(
dd
,
c
,
NULL
,
key
,
NULL
,
(
which
&
SSL3_CC_WRITE
))
||
!
EVP_CIPHER_CTX_ctrl
(
dd
,
EVP_CTRL_GCM_SET_IV_FIXED
,
k
,
iv
))
{
||
!
EVP_CIPHER_CTX_ctrl
(
dd
,
EVP_CTRL_GCM_SET_IV_FIXED
,
(
int
)
k
,
iv
))
{
SSLerr
(
SSL_F_TLS1_CHANGE_CIPHER_STATE
,
ERR_R_INTERNAL_ERROR
);
goto
err2
;
}
...
...
@@ -285,7 +287,7 @@ int tls1_change_cipher_state(SSL *s, int which)
if
(
!
EVP_CipherInit_ex
(
dd
,
c
,
NULL
,
NULL
,
NULL
,
(
which
&
SSL3_CC_WRITE
))
||
!
EVP_CIPHER_CTX_ctrl
(
dd
,
EVP_CTRL_AEAD_SET_IVLEN
,
12
,
NULL
)
||
!
EVP_CIPHER_CTX_ctrl
(
dd
,
EVP_CTRL_AEAD_SET_TAG
,
taglen
,
NULL
)
||
!
EVP_CIPHER_CTX_ctrl
(
dd
,
EVP_CTRL_CCM_SET_IV_FIXED
,
k
,
iv
)
||
!
EVP_CIPHER_CTX_ctrl
(
dd
,
EVP_CTRL_CCM_SET_IV_FIXED
,
(
int
)
k
,
iv
)
||
!
EVP_CipherInit_ex
(
dd
,
NULL
,
NULL
,
key
,
NULL
,
-
1
))
{
SSLerr
(
SSL_F_TLS1_CHANGE_CIPHER_STATE
,
ERR_R_INTERNAL_ERROR
);
goto
err2
;
...
...
@@ -299,7 +301,7 @@ int tls1_change_cipher_state(SSL *s, int which)
/* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
if
((
EVP_CIPHER_flags
(
c
)
&
EVP_CIPH_FLAG_AEAD_CIPHER
)
&&
*
mac_secret_size
&&
!
EVP_CIPHER_CTX_ctrl
(
dd
,
EVP_CTRL_AEAD_SET_MAC_KEY
,
*
mac_secret_size
,
mac_secret
))
{
(
int
)
*
mac_secret_size
,
mac_secret
))
{
SSLerr
(
SSL_F_TLS1_CHANGE_CIPHER_STATE
,
ERR_R_INTERNAL_ERROR
);
goto
err2
;
}
...
...
ssl/t1_lib.c
浏览文件 @
348240c6
...
...
@@ -246,7 +246,7 @@ int tls1_ec_nid2curve_id(int nid)
size_t
i
;
for
(
i
=
0
;
i
<
OSSL_NELEM
(
nid_list
);
i
++
)
{
if
(
nid_list
[
i
].
nid
==
nid
)
return
i
+
1
;
return
(
int
)(
i
+
1
)
;
}
return
0
;
}
...
...
@@ -1151,7 +1151,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
#endif
/* OPENSSL_NO_EC */
if
(
tls_use_ticket
(
s
))
{
in
t
ticklen
;
size_
t
ticklen
;
if
(
!
s
->
new_session
&&
s
->
session
&&
s
->
session
->
tlsext_tick
)
ticklen
=
s
->
session
->
tlsext_ticklen
;
else
if
(
s
->
session
&&
s
->
tlsext_session_ticket
&&
...
...
@@ -1663,7 +1663,7 @@ static int tls1_alpn_handle_client_hello_late(SSL *s, int *al)
if
(
s
->
ctx
->
alpn_select_cb
!=
NULL
&&
s
->
s3
->
alpn_proposed
!=
NULL
)
{
int
r
=
s
->
ctx
->
alpn_select_cb
(
s
,
&
selected
,
&
selected_len
,
s
->
s3
->
alpn_proposed
,
s
->
s3
->
alpn_proposed_len
,
(
unsigned
int
)
s
->
s3
->
alpn_proposed_len
,
s
->
ctx
->
alpn_select_cb_arg
);
if
(
r
==
SSL_TLSEXT_ERR_OK
)
{
...
...
@@ -1825,7 +1825,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
if
(
s
->
tlsext_debug_cb
)
s
->
tlsext_debug_cb
(
s
,
0
,
type
,
PACKET_data
(
&
extension
),
PACKET_remaining
(
&
extension
),
(
int
)
PACKET_remaining
(
&
extension
),
s
->
tlsext_debug_arg
);
if
(
type
==
TLSEXT_TYPE_renegotiate
)
{
...
...
@@ -1977,7 +1977,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
else
if
(
type
==
TLSEXT_TYPE_session_ticket
)
{
if
(
s
->
tls_session_ticket_ext_cb
&&
!
s
->
tls_session_ticket_ext_cb
(
s
,
PACKET_data
(
&
extension
),
PACKET_remaining
(
&
extension
),
(
int
)
PACKET_remaining
(
&
extension
),
s
->
tls_session_ticket_ext_cb_arg
))
{
*
al
=
TLS1_AD_INTERNAL_ERROR
;
...
...
@@ -2039,8 +2039,9 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
}
id_data
=
PACKET_data
(
&
responder_id
);
/* TODO(size_t): Convert d2i_* to size_t */
id
=
d2i_OCSP_RESPID
(
NULL
,
&
id_data
,
PACKET_remaining
(
&
responder_id
));
(
int
)
PACKET_remaining
(
&
responder_id
));
if
(
id
==
NULL
)
return
0
;
...
...
@@ -2066,7 +2067,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
X509_EXTENSION_free
);
s
->
tlsext_ocsp_exts
=
d2i_X509_EXTENSIONS
(
NULL
,
&
ext_data
,
PACKET_remaining
(
&
exts
));
(
int
)
PACKET_remaining
(
&
exts
));
if
(
s
->
tlsext_ocsp_exts
==
NULL
||
ext_data
!=
PACKET_end
(
&
exts
))
{
return
0
;
...
...
@@ -2961,7 +2962,8 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
SSL_SESSION
*
sess
;
unsigned
char
*
sdec
;
const
unsigned
char
*
p
;
int
slen
,
mlen
,
renew_ticket
=
0
,
ret
=
-
1
;
int
slen
,
renew_ticket
=
0
,
ret
=
-
1
,
declen
;
size_t
mlen
;
unsigned
char
tick_hmac
[
EVP_MAX_MD_SIZE
];
HMAC_CTX
*
hctx
=
NULL
;
EVP_CIPHER_CTX
*
ctx
;
...
...
@@ -3009,14 +3011,13 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
* Attempt to process session ticket, first conduct sanity and integrity
* checks on ticket.
*/
/* TODO(size_t) : convert me */
mlen
=
HMAC_size
(
hctx
);
if
(
mlen
<
0
)
{
if
(
mlen
==
0
)
{
goto
err
;
}
/* Sanity check ticket length: must exceed keyname + IV + HMAC */
if
(
eticklen
<=
TLSEXT_KEYNAME_LENGTH
+
EVP_CIPHER_CTX_iv_length
(
ctx
)
+
(
size_t
)
mlen
)
{
TLSEXT_KEYNAME_LENGTH
+
EVP_CIPHER_CTX_iv_length
(
ctx
)
+
mlen
)
{
ret
=
2
;
goto
err
;
}
...
...
@@ -3036,17 +3037,18 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
p
=
etick
+
16
+
EVP_CIPHER_CTX_iv_length
(
ctx
);
eticklen
-=
16
+
EVP_CIPHER_CTX_iv_length
(
ctx
);
sdec
=
OPENSSL_malloc
(
eticklen
);
if
(
sdec
==
NULL
||
EVP_DecryptUpdate
(
ctx
,
sdec
,
&
slen
,
p
,
eticklen
)
<=
0
)
{
if
(
sdec
==
NULL
||
EVP_DecryptUpdate
(
ctx
,
sdec
,
&
slen
,
p
,
(
int
)
eticklen
)
<=
0
)
{
EVP_CIPHER_CTX_free
(
ctx
);
OPENSSL_free
(
sdec
);
return
-
1
;
}
if
(
EVP_DecryptFinal
(
ctx
,
sdec
+
slen
,
&
m
len
)
<=
0
)
{
if
(
EVP_DecryptFinal
(
ctx
,
sdec
+
slen
,
&
dec
len
)
<=
0
)
{
EVP_CIPHER_CTX_free
(
ctx
);
OPENSSL_free
(
sdec
);
return
2
;
}
slen
+=
m
len
;
slen
+=
dec
len
;
EVP_CIPHER_CTX_free
(
ctx
);
ctx
=
NULL
;
p
=
sdec
;
...
...
@@ -3327,9 +3329,9 @@ int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
}
/* Given preference and allowed sigalgs set shared sigalgs */
static
in
t
tls12_shared_sigalgs
(
SSL
*
s
,
TLS_SIGALGS
*
shsig
,
const
unsigned
char
*
pref
,
size_t
preflen
,
const
unsigned
char
*
allow
,
size_t
allowlen
)
static
size_
t
tls12_shared_sigalgs
(
SSL
*
s
,
TLS_SIGALGS
*
shsig
,
const
unsigned
char
*
pref
,
size_t
preflen
,
const
unsigned
char
*
allow
,
size_t
allowlen
)
{
const
unsigned
char
*
ptmp
,
*
atmp
;
size_t
i
,
j
,
nmatch
=
0
;
...
...
@@ -3491,7 +3493,8 @@ int SSL_get_sigalgs(SSL *s, int idx,
unsigned
char
*
rsig
,
unsigned
char
*
rhash
)
{
const
unsigned
char
*
psig
=
s
->
s3
->
tmp
.
peer_sigalgs
;
if
(
psig
==
NULL
)
size_t
numsigalgs
=
s
->
s3
->
tmp
.
peer_sigalgslen
/
2
;
if
(
psig
==
NULL
||
numsigalgs
>
INT_MAX
)
return
0
;
if
(
idx
>=
0
)
{
idx
<<=
1
;
...
...
@@ -3504,7 +3507,7 @@ int SSL_get_sigalgs(SSL *s, int idx,
*
rsig
=
psig
[
1
];
tls1_lookup_sigalg
(
phash
,
psign
,
psignhash
,
psig
);
}
return
s
->
s3
->
tmp
.
peer_sigalgslen
/
2
;
return
(
int
)
numsigalgs
;
}
int
SSL_get_shared_sigalgs
(
SSL
*
s
,
int
idx
,
...
...
@@ -3512,7 +3515,8 @@ int SSL_get_shared_sigalgs(SSL *s, int idx,
unsigned
char
*
rsig
,
unsigned
char
*
rhash
)
{
TLS_SIGALGS
*
shsigalgs
=
s
->
cert
->
shared_sigalgs
;
if
(
!
shsigalgs
||
idx
>=
(
int
)
s
->
cert
->
shared_sigalgslen
)
if
(
!
shsigalgs
||
idx
>=
(
int
)
s
->
cert
->
shared_sigalgslen
||
s
->
cert
->
shared_sigalgslen
>
INT_MAX
)
return
0
;
shsigalgs
+=
idx
;
if
(
phash
)
...
...
@@ -3525,7 +3529,7 @@ int SSL_get_shared_sigalgs(SSL *s, int idx,
*
rsig
=
shsigalgs
->
rsign
;
if
(
rhash
)
*
rhash
=
shsigalgs
->
rhash
;
return
s
->
cert
->
shared_sigalgslen
;
return
(
int
)
s
->
cert
->
shared_sigalgslen
;
}
#define MAX_SIGALGLEN (TLSEXT_hash_num * TLSEXT_signature_num * 2)
...
...
@@ -3698,7 +3702,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
/* idx == -2 means checking client certificate chains */
if
(
idx
==
-
2
)
{
cpk
=
c
->
key
;
idx
=
cpk
-
c
->
pkeys
;
idx
=
(
int
)(
cpk
-
c
->
pkeys
)
;
}
else
cpk
=
c
->
pkeys
+
idx
;
pvalid
=
s
->
s3
->
tmp
.
valid_flags
+
idx
;
...
...
ssl/t1_reneg.c
浏览文件 @
348240c6
...
...
@@ -71,9 +71,9 @@ int ssl_add_serverhello_renegotiate_ext(SSL *s, WPACKET *pkt)
*/
int
ssl_parse_serverhello_renegotiate_ext
(
SSL
*
s
,
PACKET
*
pkt
,
int
*
al
)
{
unsigned
in
t
expected_len
=
s
->
s3
->
previous_client_finished_len
size_
t
expected_len
=
s
->
s3
->
previous_client_finished_len
+
s
->
s3
->
previous_server_finished_len
;
unsigned
in
t
ilen
;
size_
t
ilen
;
const
unsigned
char
*
data
;
/* Check for logic errors */
...
...
@@ -81,7 +81,7 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
OPENSSL_assert
(
!
expected_len
||
s
->
s3
->
previous_server_finished_len
);
/* Parse the length byte */
if
(
!
PACKET_get_1
(
pkt
,
&
ilen
))
{
if
(
!
PACKET_get_1
_len
(
pkt
,
&
ilen
))
{
SSLerr
(
SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT
,
SSL_R_RENEGOTIATION_ENCODING_ERR
);
*
al
=
SSL_AD_ILLEGAL_PARAMETER
;
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录