Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
4d69f9e6
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
4d69f9e6
编写于
5月 18, 2015
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
move masks out of CERT structure
Reviewed-by:
N
Rich Salz
<
rsalz@openssl.org
>
上级
00d565cf
变更
7
隐藏空白更改
内联
并排
Showing
7 changed file
with
39 addition
and
53 deletion
+39
-53
ssl/s3_clnt.c
ssl/s3_clnt.c
+2
-3
ssl/s3_lib.c
ssl/s3_lib.c
+4
-6
ssl/ssl_cert.c
ssl/ssl_cert.c
+0
-5
ssl/ssl_lib.c
ssl/ssl_lib.c
+4
-5
ssl/ssl_locl.h
ssl/ssl_locl.h
+11
-12
ssl/ssl_rsa.c
ssl/ssl_rsa.c
+0
-2
ssl/t1_lib.c
ssl/t1_lib.c
+18
-20
未找到文件。
ssl/s3_clnt.c
浏览文件 @
4d69f9e6
...
...
@@ -957,7 +957,6 @@ int ssl3_get_server_hello(SSL *s)
{
STACK_OF
(
SSL_CIPHER
)
*
sk
;
const
SSL_CIPHER
*
c
;
CERT
*
ct
=
s
->
cert
;
unsigned
char
*
p
,
*
d
;
int
i
,
al
=
SSL_AD_INTERNAL_ERROR
,
ok
;
unsigned
int
j
;
...
...
@@ -1151,9 +1150,9 @@ int ssl3_get_server_hello(SSL *s)
}
/* Set version disabled mask now we know version */
if
(
!
SSL_USE_TLS1_2_CIPHERS
(
s
))
ct
->
mask_ssl
=
SSL_TLSV1_2
;
s
->
s3
->
tmp
.
mask_ssl
=
SSL_TLSV1_2
;
else
ct
->
mask_ssl
=
0
;
s
->
s3
->
tmp
.
mask_ssl
=
0
;
/*
* If it is a disabled cipher we didn't send it in client hello, so
* return an error.
...
...
ssl/s3_lib.c
浏览文件 @
4d69f9e6
...
...
@@ -3843,11 +3843,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
SSL_CIPHER
*
c
,
*
ret
=
NULL
;
STACK_OF
(
SSL_CIPHER
)
*
prio
,
*
allow
;
int
i
,
ii
,
ok
;
CERT
*
cert
;
unsigned
long
alg_k
,
alg_a
,
mask_k
,
mask_a
,
emask_k
,
emask_a
;
/* Let's see which ciphers we can support */
cert
=
s
->
cert
;
#if 0
/*
...
...
@@ -3893,10 +3891,10 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
continue
;
ssl_set_masks
(
s
,
c
);
mask_k
=
cert
->
mask_k
;
mask_a
=
cert
->
mask_a
;
emask_k
=
cert
->
export_mask_k
;
emask_a
=
cert
->
export_mask_a
;
mask_k
=
s
->
s3
->
tmp
.
mask_k
;
mask_a
=
s
->
s3
->
tmp
.
mask_a
;
emask_k
=
s
->
s3
->
tmp
.
export_mask_k
;
emask_a
=
s
->
s3
->
tmp
.
export_mask_a
;
#ifndef OPENSSL_NO_SRP
if
(
s
->
srp_ctx
.
srp_Mask
&
SSL_kSRP
)
{
mask_k
|=
SSL_kSRP
;
...
...
ssl/ssl_cert.c
浏览文件 @
4d69f9e6
...
...
@@ -196,11 +196,6 @@ CERT *ssl_cert_dup(CERT *cert)
memset
(
ret
,
0
,
sizeof
(
*
ret
));
ret
->
key
=
&
ret
->
pkeys
[
cert
->
key
-
cert
->
pkeys
];
ret
->
valid
=
cert
->
valid
;
ret
->
mask_k
=
cert
->
mask_k
;
ret
->
mask_a
=
cert
->
mask_a
;
ret
->
export_mask_k
=
cert
->
export_mask_k
;
ret
->
export_mask_a
=
cert
->
export_mask_a
;
#ifndef OPENSSL_NO_RSA
if
(
cert
->
rsa_tmp
!=
NULL
)
{
...
...
ssl/ssl_lib.c
浏览文件 @
4d69f9e6
...
...
@@ -2114,11 +2114,10 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
emask_a
|=
SSL_aPSK
;
#endif
c
->
mask_k
=
mask_k
;
c
->
mask_a
=
mask_a
;
c
->
export_mask_k
=
emask_k
;
c
->
export_mask_a
=
emask_a
;
c
->
valid
=
1
;
s
->
s3
->
tmp
.
mask_k
=
mask_k
;
s
->
s3
->
tmp
.
mask_a
=
mask_a
;
s
->
s3
->
tmp
.
export_mask_k
=
emask_k
;
s
->
s3
->
tmp
.
export_mask_a
=
emask_a
;
}
/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
...
...
ssl/ssl_locl.h
浏览文件 @
4d69f9e6
...
...
@@ -1301,6 +1301,17 @@ typedef struct ssl3_state_st {
* If zero it can't be used at all.
*/
int
valid_flags
[
SSL_PKEY_NUM
];
/*
* For servers the following masks are for the key and auth algorithms
* that are supported by the certs below. For clients they are masks of
* *disabled* algorithms based on the current session.
*/
unsigned
long
mask_k
;
unsigned
long
mask_a
;
unsigned
long
export_mask_k
;
unsigned
long
export_mask_a
;
/* Client only */
unsigned
long
mask_ssl
;
}
tmp
;
/* Connection binding to prevent renegotiation attacks */
...
...
@@ -1509,18 +1520,6 @@ typedef struct cert_st {
* an index, not a pointer.
*/
CERT_PKEY
*
key
;
/*
* For servers the following masks are for the key and auth algorithms
* that are supported by the certs below. For clients they are masks of
* *disabled* algorithms based on the current session.
*/
int
valid
;
unsigned
long
mask_k
;
unsigned
long
mask_a
;
unsigned
long
export_mask_k
;
unsigned
long
export_mask_a
;
/* Client only */
unsigned
long
mask_ssl
;
# ifndef OPENSSL_NO_RSA
RSA
*
rsa_tmp
;
RSA
*
(
*
rsa_tmp_cb
)
(
SSL
*
ssl
,
int
is_export
,
int
keysize
);
...
...
ssl/ssl_rsa.c
浏览文件 @
4d69f9e6
...
...
@@ -216,7 +216,6 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
CRYPTO_add
(
&
pkey
->
references
,
1
,
CRYPTO_LOCK_EVP_PKEY
);
c
->
pkeys
[
i
].
privatekey
=
pkey
;
c
->
key
=
&
(
c
->
pkeys
[
i
]);
c
->
valid
=
0
;
return
(
1
);
}
...
...
@@ -420,7 +419,6 @@ static int ssl_set_cert(CERT *c, X509 *x)
c
->
pkeys
[
i
].
x509
=
x
;
c
->
key
=
&
(
c
->
pkeys
[
i
]);
c
->
valid
=
0
;
return
(
1
);
}
...
...
ssl/t1_lib.c
浏览文件 @
4d69f9e6
...
...
@@ -1048,46 +1048,44 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
*/
void
ssl_set_client_disabled
(
SSL
*
s
)
{
CERT
*
c
=
s
->
cert
;
c
->
mask_a
=
0
;
c
->
mask_k
=
0
;
s
->
s3
->
tmp
.
mask_a
=
0
;
s
->
s3
->
tmp
.
mask_k
=
0
;
/* Don't allow TLS 1.2 only ciphers if we don't suppport them */
if
(
!
SSL_CLIENT_USE_TLS1_2_CIPHERS
(
s
))
c
->
mask_ssl
=
SSL_TLSV1_2
;
s
->
s3
->
tmp
.
mask_ssl
=
SSL_TLSV1_2
;
else
c
->
mask_ssl
=
0
;
ssl_set_sig_mask
(
&
c
->
mask_a
,
s
,
SSL_SECOP_SIGALG_MASK
);
s
->
s3
->
tmp
.
mask_ssl
=
0
;
ssl_set_sig_mask
(
&
s
->
s3
->
tmp
.
mask_a
,
s
,
SSL_SECOP_SIGALG_MASK
);
/*
* Disable static DH if we don't include any appropriate signature
* algorithms.
*/
if
(
c
->
mask_a
&
SSL_aRSA
)
c
->
mask_k
|=
SSL_kDHr
|
SSL_kECDHr
;
if
(
c
->
mask_a
&
SSL_aDSS
)
c
->
mask_k
|=
SSL_kDHd
;
if
(
c
->
mask_a
&
SSL_aECDSA
)
c
->
mask_k
|=
SSL_kECDHe
;
if
(
s
->
s3
->
tmp
.
mask_a
&
SSL_aRSA
)
s
->
s3
->
tmp
.
mask_k
|=
SSL_kDHr
|
SSL_kECDHr
;
if
(
s
->
s3
->
tmp
.
mask_a
&
SSL_aDSS
)
s
->
s3
->
tmp
.
mask_k
|=
SSL_kDHd
;
if
(
s
->
s3
->
tmp
.
mask_a
&
SSL_aECDSA
)
s
->
s3
->
tmp
.
mask_k
|=
SSL_kECDHe
;
# ifndef OPENSSL_NO_PSK
/* with PSK there must be client callback set */
if
(
!
s
->
psk_client_callback
)
{
c
->
mask_a
|=
SSL_aPSK
;
c
->
mask_k
|=
SSL_kPSK
;
s
->
s3
->
tmp
.
mask_a
|=
SSL_aPSK
;
s
->
s3
->
tmp
.
mask_k
|=
SSL_kPSK
;
}
# endif
/* OPENSSL_NO_PSK */
# ifndef OPENSSL_NO_SRP
if
(
!
(
s
->
srp_ctx
.
srp_Mask
&
SSL_kSRP
))
{
c
->
mask_a
|=
SSL_aSRP
;
c
->
mask_k
|=
SSL_kSRP
;
s
->
s3
->
tmp
.
mask_a
|=
SSL_aSRP
;
s
->
s3
->
tmp
.
mask_k
|=
SSL_kSRP
;
}
# endif
c
->
valid
=
1
;
}
int
ssl_cipher_disabled
(
SSL
*
s
,
const
SSL_CIPHER
*
c
,
int
op
)
{
CERT
*
ct
=
s
->
cert
;
if
(
c
->
algorithm_ssl
&
ct
->
mask_ssl
||
c
->
algorithm_mkey
&
ct
->
mask_k
||
c
->
algorithm_auth
&
ct
->
mask_a
)
if
(
c
->
algorithm_ssl
&
s
->
s3
->
tmp
.
mask_ssl
||
c
->
algorithm_mkey
&
s
->
s3
->
tmp
.
mask_k
||
c
->
algorithm_auth
&
s
->
s3
->
tmp
.
mask_a
)
return
1
;
return
!
ssl_security
(
s
,
op
,
c
->
strength_bits
,
0
,
(
void
*
)
c
);
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录