Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
6049399b
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
6049399b
编写于
4月 07, 2005
作者:
N
Nils Larsch
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
get rid of very buggy and very imcomplete DH cert support
Reviewed by: Bodo Moeller
上级
f763e0b5
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
23 addition
and
93 deletion
+23
-93
CHANGES
CHANGES
+4
-0
ssl/s3_both.c
ssl/s3_both.c
+1
-25
ssl/ssl_rsa.c
ssl/ssl_rsa.c
+18
-68
未找到文件。
CHANGES
浏览文件 @
6049399b
...
...
@@ -4,6 +4,10 @@
Changes between 0.9.7f and 0.9.8 [xx XXX xxxx]
*) Remove buggy and incompletet DH cert support from
ssl/ssl_rsa.c and ssl/s3_both.c
[Nils Larsch]
*) Use SHA-1 instead of MD5 as the default digest algorithm for
the apps/openssl applications.
[Nils Larsch]
...
...
ssl/s3_both.c
浏览文件 @
6049399b
...
...
@@ -497,7 +497,7 @@ err:
int
ssl_cert_type
(
X509
*
x
,
EVP_PKEY
*
pkey
)
{
EVP_PKEY
*
pk
;
int
ret
=
-
1
,
i
,
j
;
int
ret
=
-
1
,
i
;
if
(
pkey
==
NULL
)
pk
=
X509_get_pubkey
(
x
);
...
...
@@ -509,41 +509,17 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
if
(
i
==
EVP_PKEY_RSA
)
{
ret
=
SSL_PKEY_RSA_ENC
;
if
(
x
!=
NULL
)
{
j
=
X509_get_ext_count
(
x
);
/* check to see if this is a signing only certificate */
/* EAY EAY EAY EAY */
}
}
else
if
(
i
==
EVP_PKEY_DSA
)
{
ret
=
SSL_PKEY_DSA_SIGN
;
}
else
if
(
i
==
EVP_PKEY_DH
)
{
/* if we just have a key, we needs to be guess */
if
(
x
==
NULL
)
ret
=
SSL_PKEY_DH_DSA
;
else
{
j
=
X509_get_signature_type
(
x
);
if
(
j
==
EVP_PKEY_RSA
)
ret
=
SSL_PKEY_DH_RSA
;
else
if
(
j
==
EVP_PKEY_DSA
)
ret
=
SSL_PKEY_DH_DSA
;
else
ret
=
-
1
;
}
}
#ifndef OPENSSL_NO_EC
else
if
(
i
==
EVP_PKEY_EC
)
{
ret
=
SSL_PKEY_ECC
;
}
#endif
else
ret
=
-
1
;
err:
if
(
!
pkey
)
EVP_PKEY_free
(
pk
);
...
...
ssl/ssl_rsa.c
浏览文件 @
6049399b
...
...
@@ -181,7 +181,7 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
static
int
ssl_set_pkey
(
CERT
*
c
,
EVP_PKEY
*
pkey
)
{
int
i
,
ok
=
0
,
bad
=
0
;
int
i
;
i
=
ssl_cert_type
(
NULL
,
pkey
);
if
(
i
<
0
)
...
...
@@ -202,47 +202,18 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
/* Don't check the public/private key, this is mostly
* for smart cards. */
if
((
pkey
->
type
==
EVP_PKEY_RSA
)
&&
(
RSA_flags
(
pkey
->
pkey
.
rsa
)
&
RSA_METHOD_FLAG_NO_CHECK
))
ok
=
1
;
(
RSA_flags
(
pkey
->
pkey
.
rsa
)
&
RSA_METHOD_FLAG_NO_CHECK
))
;
else
#endif
if
(
!
X509_check_private_key
(
c
->
pkeys
[
i
].
x509
,
pkey
))
if
(
!
X509_check_private_key
(
c
->
pkeys
[
i
].
x509
,
pkey
))
{
if
((
i
==
SSL_PKEY_DH_RSA
)
||
(
i
==
SSL_PKEY_DH_DSA
))
{
i
=
(
i
==
SSL_PKEY_DH_RSA
)
?
SSL_PKEY_DH_DSA:
SSL_PKEY_DH_RSA
;
if
(
c
->
pkeys
[
i
].
x509
==
NULL
)
ok
=
1
;
else
{
if
(
!
X509_check_private_key
(
c
->
pkeys
[
i
].
x509
,
pkey
))
bad
=
1
;
else
ok
=
1
;
}
}
else
bad
=
1
;
X509_free
(
c
->
pkeys
[
i
].
x509
);
c
->
pkeys
[
i
].
x509
=
NULL
;
return
0
;
}
else
ok
=
1
;
}
else
ok
=
1
;
if
(
bad
)
{
X509_free
(
c
->
pkeys
[
i
].
x509
);
c
->
pkeys
[
i
].
x509
=
NULL
;
return
(
0
);
}
ERR_clear_error
();
/* make sure no error from X509_check_private_key()
* is left if we have chosen to ignore it */
if
(
c
->
pkeys
[
i
].
privatekey
!=
NULL
)
EVP_PKEY_free
(
c
->
pkeys
[
i
].
privatekey
);
CRYPTO_add
(
&
pkey
->
references
,
1
,
CRYPTO_LOCK_EVP_PKEY
);
...
...
@@ -418,7 +389,7 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
static
int
ssl_set_cert
(
CERT
*
c
,
X509
*
x
)
{
EVP_PKEY
*
pkey
;
int
i
,
ok
=
0
,
bad
=
0
;
int
i
;
pkey
=
X509_get_pubkey
(
x
);
if
(
pkey
==
NULL
)
...
...
@@ -446,44 +417,23 @@ static int ssl_set_cert(CERT *c, X509 *x)
if
((
c
->
pkeys
[
i
].
privatekey
->
type
==
EVP_PKEY_RSA
)
&&
(
RSA_flags
(
c
->
pkeys
[
i
].
privatekey
->
pkey
.
rsa
)
&
RSA_METHOD_FLAG_NO_CHECK
))
ok
=
1
;
;
else
#endif
{
#endif
/* OPENSSL_NO_RSA */
if
(
!
X509_check_private_key
(
x
,
c
->
pkeys
[
i
].
privatekey
))
{
if
((
i
==
SSL_PKEY_DH_RSA
)
||
(
i
==
SSL_PKEY_DH_DSA
))
{
i
=
(
i
==
SSL_PKEY_DH_RSA
)
?
SSL_PKEY_DH_DSA:
SSL_PKEY_DH_RSA
;
if
(
c
->
pkeys
[
i
].
privatekey
==
NULL
)
ok
=
1
;
else
{
if
(
!
X509_check_private_key
(
x
,
c
->
pkeys
[
i
].
privatekey
))
bad
=
1
;
else
ok
=
1
;
}
}
else
bad
=
1
;
/* don't fail for a cert/key mismatch, just free
* current private key (when switching to a different
* cert & key, first this function should be used,
* then ssl_set_pkey */
EVP_PKEY_free
(
c
->
pkeys
[
i
].
privatekey
);
c
->
pkeys
[
i
].
privatekey
=
NULL
;
/* clear error queue */
ERR_clear_error
();
}
else
ok
=
1
;
}
/* OPENSSL_NO_RSA */
}
else
ok
=
1
;
EVP_PKEY_free
(
pkey
);
if
(
bad
)
{
EVP_PKEY_free
(
c
->
pkeys
[
i
].
privatekey
);
c
->
pkeys
[
i
].
privatekey
=
NULL
;
}
if
(
c
->
pkeys
[
i
].
x509
!=
NULL
)
X509_free
(
c
->
pkeys
[
i
].
x509
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录