Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
389ebcec
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
389ebcec
编写于
6月 21, 2015
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Remove SESS_CERT entirely.
Reviewed-by:
N
Richard Levitte
<
levitte@openssl.org
>
上级
c34b0f99
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
3 addition
and
102 deletion
+3
-102
ssl/s3_clnt.c
ssl/s3_clnt.c
+1
-38
ssl/s3_lib.c
ssl/s3_lib.c
+2
-2
ssl/s3_srvr.c
ssl/s3_srvr.c
+0
-11
ssl/ssl_cert.c
ssl/ssl_cert.c
+0
-40
ssl/ssl_locl.h
ssl/ssl_locl.h
+0
-7
ssl/ssl_sess.c
ssl/ssl_sess.c
+0
-4
未找到文件。
ssl/s3_clnt.c
浏览文件 @
389ebcec
...
...
@@ -1243,7 +1243,6 @@ int ssl3_get_server_certificate(SSL *s)
const
unsigned
char
*
q
,
*
p
;
unsigned
char
*
d
;
STACK_OF
(
X509
)
*
sk
=
NULL
;
SESS_CERT
*
sc
;
EVP_PKEY
*
pkey
=
NULL
;
n
=
s
->
method
->
ssl_get_message
(
s
,
...
...
@@ -1322,13 +1321,6 @@ int ssl3_get_server_certificate(SSL *s)
goto
f_err
;
}
sc
=
ssl_sess_cert_new
();
if
(
sc
==
NULL
)
goto
err
;
ssl_sess_cert_free
(
s
->
session
->
sess_cert
);
s
->
session
->
sess_cert
=
sc
;
s
->
session
->
peer_chain
=
sk
;
/*
* Inconsistency alert: cert_chain does include the peer's certificate,
...
...
@@ -1446,7 +1438,6 @@ int ssl3_get_key_exchange(SSL *s)
* problems later.
*/
if
(
alg_k
&
SSL_kPSK
)
{
s
->
session
->
sess_cert
=
ssl_sess_cert_new
();
OPENSSL_free
(
s
->
ctx
->
psk_identity_hint
);
s
->
ctx
->
psk_identity_hint
=
NULL
;
}
...
...
@@ -1470,9 +1461,6 @@ int ssl3_get_key_exchange(SSL *s)
s
->
s3
->
peer_ecdh_tmp
=
NULL
;
#endif
if
(
s
->
session
->
sess_cert
==
NULL
)
s
->
session
->
sess_cert
=
ssl_sess_cert_new
();
/* Total length of the parameters including the length prefix */
param_len
=
0
;
...
...
@@ -2397,7 +2385,7 @@ int ssl3_send_client_key_exchange(SSL *s)
if
(
!
pms
)
goto
memerr
;
if
(
s
->
session
->
sess_cert
==
NULL
)
{
if
(
s
->
session
->
peer
==
NULL
)
{
/*
* We should always have a server certificate with SSL_kRSA.
*/
...
...
@@ -2452,15 +2440,6 @@ int ssl3_send_client_key_exchange(SSL *s)
#ifndef OPENSSL_NO_DH
else
if
(
alg_k
&
(
SSL_kDHE
|
SSL_kDHr
|
SSL_kDHd
))
{
DH
*
dh_srvr
,
*
dh_clnt
;
SESS_CERT
*
scert
=
s
->
session
->
sess_cert
;
if
(
scert
==
NULL
)
{
ssl3_send_alert
(
s
,
SSL3_AL_FATAL
,
SSL_AD_UNEXPECTED_MESSAGE
);
SSLerr
(
SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE
,
SSL_R_UNEXPECTED_MESSAGE
);
goto
err
;
}
if
(
s
->
s3
->
peer_dh_tmp
!=
NULL
)
dh_srvr
=
s
->
s3
->
peer_dh_tmp
;
else
{
...
...
@@ -2543,14 +2522,6 @@ int ssl3_send_client_key_exchange(SSL *s)
EC_KEY
*
tkey
;
int
ecdh_clnt_cert
=
0
;
int
field_size
=
0
;
if
(
s
->
session
->
sess_cert
==
NULL
)
{
ssl3_send_alert
(
s
,
SSL3_AL_FATAL
,
SSL_AD_UNEXPECTED_MESSAGE
);
SSLerr
(
SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE
,
SSL_R_UNEXPECTED_MESSAGE
);
goto
err
;
}
/*
* Did we send out the client's ECDH share for use in premaster
* computation as part of client certificate? If so, set
...
...
@@ -3280,7 +3251,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
long
alg_k
,
alg_a
;
EVP_PKEY
*
pkey
=
NULL
;
int
pkey_bits
;
SESS_CERT
*
sc
;
#ifndef OPENSSL_NO_RSA
RSA
*
rsa
;
#endif
...
...
@@ -3295,12 +3265,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
/* we don't have a certificate */
if
((
alg_a
&
SSL_aNULL
)
||
(
alg_k
&
SSL_kPSK
))
return
(
1
);
sc
=
s
->
session
->
sess_cert
;
if
(
sc
==
NULL
)
{
SSLerr
(
SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
#ifndef OPENSSL_NO_RSA
rsa
=
s
->
s3
->
peer_rsa_tmp
;
#endif
...
...
@@ -3437,7 +3401,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
return
(
1
);
f_err:
ssl3_send_alert
(
s
,
SSL3_AL_FATAL
,
al
);
err:
return
(
0
);
}
...
...
ssl/s3_lib.c
浏览文件 @
389ebcec
...
...
@@ -3327,7 +3327,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
case
SSL_CTRL_GET_PEER_SIGNATURE_NID
:
if
(
SSL_USE_SIGALGS
(
s
))
{
if
(
s
->
session
&&
s
->
session
->
sess_cert
)
{
if
(
s
->
session
)
{
const
EVP_MD
*
sig
;
sig
=
s
->
s3
->
tmp
.
peer_md
;
if
(
sig
)
{
...
...
@@ -3342,7 +3342,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
return
0
;
case
SSL_CTRL_GET_SERVER_TMP_KEY
:
if
(
s
->
server
||
!
s
->
session
||
!
s
->
session
->
sess_cert
)
if
(
s
->
server
||
!
s
->
session
)
return
0
;
else
{
EVP_PKEY
*
ptmp
;
...
...
ssl/s3_srvr.c
浏览文件 @
389ebcec
...
...
@@ -3195,17 +3195,6 @@ int ssl3_get_client_certificate(SSL *s)
s
->
session
->
peer
=
sk_X509_shift
(
sk
);
s
->
session
->
verify_result
=
s
->
verify_result
;
/*
* With the current implementation, sess_cert will always be NULL when we
* arrive here.
*/
if
(
s
->
session
->
sess_cert
==
NULL
)
{
s
->
session
->
sess_cert
=
ssl_sess_cert_new
();
if
(
s
->
session
->
sess_cert
==
NULL
)
{
SSLerr
(
SSL_F_SSL3_GET_CLIENT_CERTIFICATE
,
ERR_R_MALLOC_FAILURE
);
goto
done
;
}
}
sk_X509_pop_free
(
s
->
session
->
peer_chain
,
X509_free
);
s
->
session
->
peer_chain
=
sk
;
/*
...
...
ssl/ssl_cert.c
浏览文件 @
389ebcec
...
...
@@ -519,46 +519,6 @@ void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg)
c
->
cert_cb_arg
=
arg
;
}
SESS_CERT
*
ssl_sess_cert_new
(
void
)
{
SESS_CERT
*
ret
;
ret
=
OPENSSL_malloc
(
sizeof
(
*
ret
));
if
(
ret
==
NULL
)
{
SSLerr
(
SSL_F_SSL_SESS_CERT_NEW
,
ERR_R_MALLOC_FAILURE
);
return
NULL
;
}
memset
(
ret
,
0
,
sizeof
(
*
ret
));
ret
->
references
=
1
;
return
ret
;
}
void
ssl_sess_cert_free
(
SESS_CERT
*
sc
)
{
int
i
;
if
(
sc
==
NULL
)
return
;
i
=
CRYPTO_add
(
&
sc
->
references
,
-
1
,
CRYPTO_LOCK_SSL_SESS_CERT
);
#ifdef REF_PRINT
REF_PRINT
(
"SESS_CERT"
,
sc
);
#endif
if
(
i
>
0
)
return
;
#ifdef REF_CHECK
if
(
i
<
0
)
{
fprintf
(
stderr
,
"ssl_sess_cert_free, bad reference count
\n
"
);
abort
();
/* ok */
}
#endif
/* i == 0 */
OPENSSL_free
(
sc
);
}
int
ssl_verify_cert_chain
(
SSL
*
s
,
STACK_OF
(
X509
)
*
sk
)
{
X509
*
x
;
...
...
ssl/ssl_locl.h
浏览文件 @
389ebcec
...
...
@@ -624,8 +624,6 @@ struct ssl_session_st {
* to disable session caching and tickets.
*/
int
not_resumable
;
/* The cert is the certificate used to establish this connection */
struct
sess_cert_st
/* SESS_CERT */
*
sess_cert
;
/* This is the cert and type for the other end. */
X509
*
peer
;
int
peer_type
;
...
...
@@ -1588,9 +1586,6 @@ typedef struct cert_st {
int
references
;
/* >1 only if SSL_copy_session_id is used */
}
CERT
;
typedef
struct
sess_cert_st
{
int
references
;
/* actually always 1 at the moment */
}
SESS_CERT
;
/* Structure containing decoded values of signature algorithms extension */
struct
tls_sigalgs_st
{
/* NID of hash algorithm */
...
...
@@ -1845,8 +1840,6 @@ __owur CERT *ssl_cert_new(void);
__owur
CERT
*
ssl_cert_dup
(
CERT
*
cert
);
void
ssl_cert_clear_certs
(
CERT
*
c
);
void
ssl_cert_free
(
CERT
*
c
);
__owur
SESS_CERT
*
ssl_sess_cert_new
(
void
);
void
ssl_sess_cert_free
(
SESS_CERT
*
sc
);
__owur
int
ssl_get_new_session
(
SSL
*
s
,
int
session
);
__owur
int
ssl_get_prev_session
(
SSL
*
s
,
unsigned
char
*
session
,
int
len
,
const
unsigned
char
*
limit
);
...
...
ssl/ssl_sess.c
浏览文件 @
389ebcec
...
...
@@ -265,9 +265,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
dest
->
references
=
1
;
if
(
src
->
sess_cert
!=
NULL
)
CRYPTO_add
(
&
src
->
sess_cert
->
references
,
1
,
CRYPTO_LOCK_SSL_SESS_CERT
);
if
(
src
->
peer
!=
NULL
)
CRYPTO_add
(
&
src
->
peer
->
references
,
1
,
CRYPTO_LOCK_X509
);
...
...
@@ -843,7 +840,6 @@ void SSL_SESSION_free(SSL_SESSION *ss)
OPENSSL_cleanse
(
ss
->
master_key
,
sizeof
ss
->
master_key
);
OPENSSL_cleanse
(
ss
->
session_id
,
sizeof
ss
->
session_id
);
ssl_sess_cert_free
(
ss
->
sess_cert
);
X509_free
(
ss
->
peer
);
sk_X509_pop_free
(
ss
->
peer_chain
,
X509_free
);
sk_SSL_CIPHER_free
(
ss
->
ciphers
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录