Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
38a3cbfb
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
38a3cbfb
编写于
10月 01, 2015
作者:
E
Emilia Kasper
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
PACKETize and clean up ssl_bytes_to_cipher_list.
Fix alerts. Reviewed-by:
N
Matt Caswell
<
matt@openssl.org
>
上级
b3e2272c
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
63 addition
and
59 deletion
+63
-59
ssl/s3_srvr.c
ssl/s3_srvr.c
+63
-59
未找到文件。
ssl/s3_srvr.c
浏览文件 @
38a3cbfb
...
...
@@ -164,8 +164,10 @@
#include <openssl/bn.h>
#include <openssl/md5.h>
static
STACK_OF
(
SSL_CIPHER
)
*
ssl_bytes_to_cipher_list
(
SSL
*
s
,
unsigned
char
*
p
,
int
num
,
STACK_OF
(
SSL_CIPHER
)
**
skp
,
int
sslv2format
);
static
STACK_OF
(
SSL_CIPHER
)
*
ssl_bytes_to_cipher_list
(
SSL
*
s
,
PACKET
*
cipher_suites
,
STACK_OF
(
SSL_CIPHER
)
**
skp
,
int
sslv2format
,
int
*
al
);
#ifndef OPENSSL_NO_SRP
...
...
@@ -1208,20 +1210,11 @@ int ssl3_get_client_hello(SSL *s)
}
}
if
(
PACKET_remaining
(
&
cipher_suites
)
==
0
)
{
/* we need at least one cipher */
al
=
SSL_AD_ILLEGAL_PARAMETER
;
SSLerr
(
SSL_F_SSL3_GET_CLIENT_HELLO
,
SSL_R_NO_CIPHERS_SPECIFIED
);
if
(
ssl_bytes_to_cipher_list
(
s
,
&
cipher_suites
,
&
(
ciphers
),
is_v2_record
,
&
al
)
==
NULL
)
{
goto
f_err
;
}
if
(
ssl_bytes_to_cipher_list
(
s
,
PACKET_data
(
&
cipher_suites
),
PACKET_remaining
(
&
cipher_suites
),
&
(
ciphers
),
is_v2_record
)
==
NULL
)
{
/* TODO(openssl-team): make this alert correctly. */
goto
err
;
}
/* If it is a hit, check that the cipher is in the list */
if
(
s
->
hit
)
{
j
=
0
;
...
...
@@ -3452,32 +3445,49 @@ err:
#define SSLV2_CIPHER_LEN 3
STACK_OF
(
SSL_CIPHER
)
*
ssl_bytes_to_cipher_list
(
SSL
*
s
,
unsigned
char
*
p
,
int
num
,
STACK_OF
(
SSL_CIPHER
)
*
ssl_bytes_to_cipher_list
(
SSL
*
s
,
PACKET
*
cipher_suites
,
STACK_OF
(
SSL_CIPHER
)
**
skp
,
int
sslv2format
)
int
sslv2format
,
int
*
al
)
{
const
SSL_CIPHER
*
c
;
STACK_OF
(
SSL_CIPHER
)
*
sk
;
int
i
,
n
;
int
n
;
/* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */
unsigned
char
cipher
[
SSLV2_CIPHER_LEN
];
if
(
s
->
s3
)
s
->
s3
->
send_connection_binding
=
0
;
/*
* Can this ever happen?
* This method used to check for s->s3, but did so inconsistently.
*/
if
(
s
->
s3
==
NULL
)
{
*
al
=
SSL_AD_INTERNAL_ERROR
;
return
NULL
;
}
if
(
sslv2format
)
{
n
=
SSLV2_CIPHER_LEN
;
}
else
{
n
=
TLS_CIPHER_LEN
;
s
->
s3
->
send_connection_binding
=
0
;
n
=
sslv2format
?
SSLV2_CIPHER_LEN
:
TLS_CIPHER_LEN
;
if
(
PACKET_remaining
(
cipher_suites
)
==
0
)
{
SSLerr
(
SSL_F_SSL_BYTES_TO_CIPHER_LIST
,
SSL_R_NO_CIPHERS_SPECIFIED
);
*
al
=
SSL_AD_ILLEGAL_PARAMETER
;
return
NULL
;
}
if
(
n
==
0
||
(
num
%
n
)
!=
0
)
{
if
(
PACKET_remaining
(
cipher_suites
)
%
n
!=
0
)
{
SSLerr
(
SSL_F_SSL_BYTES_TO_CIPHER_LIST
,
SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST
);
return
(
NULL
);
*
al
=
SSL_AD_DECODE_ERROR
;
return
NULL
;
}
if
((
skp
==
NULL
)
||
(
*
skp
==
NULL
))
{
sk
=
sk_SSL_CIPHER_new_null
();
/* change perhaps later */
if
(
sk
==
NULL
)
{
SSLerr
(
SSL_F_SSL_BYTES_TO_CIPHER_LIST
,
ERR_R_MALLOC_FAILURE
);
*
al
=
SSL_AD_INTERNAL_ERROR
;
return
NULL
;
}
}
else
{
...
...
@@ -3485,28 +3495,33 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
sk_SSL_CIPHER_zero
(
sk
);
}
OPENSSL_free
(
s
->
s3
->
tmp
.
ciphers_raw
);
s
->
s3
->
tmp
.
ciphers_raw
=
BUF_memdup
(
p
,
num
);
if
(
s
->
s3
->
tmp
.
ciphers_raw
==
NULL
)
{
SSLerr
(
SSL_F_SSL_BYTES_TO_CIPHER_LIST
,
ERR_R_MALLOC_FAILURE
);
if
(
!
PACKET_memdup
(
cipher_suites
,
&
s
->
s3
->
tmp
.
ciphers_raw
,
&
s
->
s3
->
tmp
.
ciphers_rawlen
))
{
*
al
=
SSL_AD_INTERNAL_ERROR
;
goto
err
;
}
s
->
s3
->
tmp
.
ciphers_rawlen
=
(
size_t
)
num
;
for
(
i
=
0
;
i
<
num
;
i
+=
n
)
{
while
(
PACKET_copy_bytes
(
cipher_suites
,
cipher
,
n
))
{
/*
* We only support SSLv2 format ciphers in SSLv3+ using a
* SSLv2 backward compatible ClientHello. In this case the first
* byte is always 0 for SSLv3 compatible ciphers. Anything else
* is an SSLv2 cipher and we ignore it
*/
if
(
sslv2format
&&
cipher
[
0
]
!=
'\0'
)
continue
;
/* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */
if
(
s
->
s3
&&
(
n
!=
3
||
!
p
[
0
])
&&
(
p
[
n
-
2
]
==
((
SSL3_CK_SCSV
>>
8
)
&
0xff
))
&&
(
p
[
n
-
1
]
==
(
SSL3_CK_SCSV
&
0xff
)))
{
if
((
cipher
[
n
-
2
]
==
((
SSL3_CK_SCSV
>>
8
)
&
0xff
))
&&
(
cipher
[
n
-
1
]
==
(
SSL3_CK_SCSV
&
0xff
)))
{
/* SCSV fatal if renegotiating */
if
(
s
->
renegotiate
)
{
SSLerr
(
SSL_F_SSL_BYTES_TO_CIPHER_LIST
,
SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING
);
ssl3_send_alert
(
s
,
SSL3_AL_FATAL
,
SSL_AD_HANDSHAKE_FAILURE
)
;
*
al
=
SSL_AD_HANDSHAKE_FAILURE
;
goto
err
;
}
s
->
s3
->
send_connection_binding
=
1
;
p
+=
n
;
#ifdef OPENSSL_RI_DEBUG
fprintf
(
stderr
,
"SCSV received by server
\n
"
);
#endif
...
...
@@ -3514,9 +3529,8 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
}
/* Check for TLS_FALLBACK_SCSV */
if
((
n
!=
3
||
!
p
[
0
])
&&
(
p
[
n
-
2
]
==
((
SSL3_CK_FALLBACK_SCSV
>>
8
)
&
0xff
))
&&
(
p
[
n
-
1
]
==
(
SSL3_CK_FALLBACK_SCSV
&
0xff
)))
{
if
((
cipher
[
n
-
2
]
==
((
SSL3_CK_FALLBACK_SCSV
>>
8
)
&
0xff
))
&&
(
cipher
[
n
-
1
]
==
(
SSL3_CK_FALLBACK_SCSV
&
0xff
)))
{
/*
* The SCSV indicates that the client previously tried a higher
* version. Fail if the current version is an unexpected
...
...
@@ -3525,37 +3539,27 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
if
(
!
SSL_ctrl
(
s
,
SSL_CTRL_CHECK_PROTO_VERSION
,
0
,
NULL
))
{
SSLerr
(
SSL_F_SSL_BYTES_TO_CIPHER_LIST
,
SSL_R_INAPPROPRIATE_FALLBACK
);
if
(
s
->
s3
)
ssl3_send_alert
(
s
,
SSL3_AL_FATAL
,
SSL_AD_INAPPROPRIATE_FALLBACK
);
*
al
=
SSL_AD_INAPPROPRIATE_FALLBACK
;
goto
err
;
}
p
+=
n
;
continue
;
}
if
(
sslv2format
)
{
/*
* We only support SSLv2 format ciphers in SSLv3+ using a
* SSLv2 backward compatible ClientHello. In this case the first
* byte is always 0 for SSLv3 compatible ciphers. Anything else
* is an SSLv2 cipher and we ignore it
*/
if
(
p
[
0
]
==
0
)
c
=
ssl_get_cipher_by_char
(
s
,
&
p
[
1
]);
else
c
=
NULL
;
}
else
{
c
=
ssl_get_cipher_by_char
(
s
,
p
);
}
p
+=
n
;
/* For SSLv2-compat, ignore leading 0-byte. */
c
=
ssl_get_cipher_by_char
(
s
,
sslv2format
?
&
cipher
[
1
]
:
cipher
);
if
(
c
!=
NULL
)
{
if
(
!
sk_SSL_CIPHER_push
(
sk
,
c
))
{
SSLerr
(
SSL_F_SSL_BYTES_TO_CIPHER_LIST
,
ERR_R_MALLOC_FAILURE
);
*
al
=
SSL_AD_INTERNAL_ERROR
;
goto
err
;
}
}
}
if
(
PACKET_remaining
(
cipher_suites
)
>
0
)
{
*
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_SSL_BYTES_TO_CIPHER_LIST
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
if
(
skp
!=
NULL
)
*
skp
=
sk
;
...
...
@@ -3563,5 +3567,5 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
err:
if
((
skp
==
NULL
)
||
(
*
skp
==
NULL
))
sk_SSL_CIPHER_free
(
sk
);
return
(
NULL
)
;
return
NULL
;
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录