Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
880d9d86
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
880d9d86
编写于
12月 13, 2015
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Use EVP_PKEY for server EC.
Reviewed-by:
N
Richard Levitte
<
levitte@openssl.org
>
上级
3f3504bd
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
32 addition
and
58 deletion
+32
-58
ssl/s3_lib.c
ssl/s3_lib.c
+4
-3
ssl/ssl_locl.h
ssl/ssl_locl.h
+1
-1
ssl/statem/statem_srvr.c
ssl/statem/statem_srvr.c
+27
-54
未找到文件。
ssl/s3_lib.c
浏览文件 @
880d9d86
...
...
@@ -3760,7 +3760,8 @@ void ssl3_free(SSL *s)
DH_free
(
s
->
s3
->
peer_dh_tmp
);
#endif
#ifndef OPENSSL_NO_EC
EC_KEY_free
(
s
->
s3
->
tmp
.
ecdh
);
EVP_PKEY_free
(
s
->
s3
->
tmp
.
pkey
);
s
->
s3
->
tmp
.
pkey
=
NULL
;
EC_KEY_free
(
s
->
s3
->
peer_ecdh_tmp
);
#endif
...
...
@@ -3798,8 +3799,8 @@ void ssl3_clear(SSL *s)
s
->
s3
->
peer_dh_tmp
=
NULL
;
#endif
#ifndef OPENSSL_NO_EC
E
C_KEY_free
(
s
->
s3
->
tmp
.
ecdh
);
s
->
s3
->
tmp
.
ecdh
=
NULL
;
E
VP_PKEY_free
(
s
->
s3
->
tmp
.
pkey
);
s
->
s3
->
tmp
.
pkey
=
NULL
;
EC_KEY_free
(
s
->
s3
->
peer_ecdh_tmp
);
s
->
s3
->
peer_ecdh_tmp
=
NULL
;
s
->
s3
->
is_probably_safari
=
0
;
...
...
ssl/ssl_locl.h
浏览文件 @
880d9d86
...
...
@@ -1241,7 +1241,7 @@ typedef struct ssl3_state_st {
DH
*
dh
;
# endif
# ifndef OPENSSL_NO_EC
E
C_KEY
*
ecdh
;
/* holds short lived ECDH key */
E
VP_PKEY
*
pkey
;
/* holds short lived ECDH key */
# endif
/* used for certificate requests */
int
cert_req
;
...
...
ssl/statem/statem_srvr.c
浏览文件 @
880d9d86
...
...
@@ -1823,10 +1823,9 @@ int tls_construct_server_key_exchange(SSL *s)
#endif
#ifndef OPENSSL_NO_EC
if
(
type
&
(
SSL_kECDHE
|
SSL_kECDHEPSK
))
{
EC_KEY
*
ecdh
=
NULL
;
int
nid
;
if
(
s
->
s3
->
tmp
.
ecdh
!=
NULL
)
{
if
(
s
->
s3
->
tmp
.
pkey
!=
NULL
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
...
...
@@ -1840,21 +1839,17 @@ int tls_construct_server_key_exchange(SSL *s)
SSL_R_UNSUPPORTED_ELLIPTIC_CURVE
);
goto
err
;
}
ecdh
=
EC_KEY_new_by_curve_name
(
nid
);
if
(
ecdh
==
NULL
||
!
EC_KEY_generate_key
(
ecdh
))
{
s
->
s3
->
tmp
.
pkey
=
ssl_generate_pkey
(
NULL
,
nid
);
/* Generate a new key for this curve */
if
(
s
->
s3
->
tmp
.
pkey
==
NULL
)
{
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE
,
ERR_R_EC_LIB
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE
,
ERR_R_EVP_LIB
);
goto
f_err
;
}
s
->
s3
->
tmp
.
ecdh
=
ecdh
;
/*
* Encode the public key. First check the size of encoding and
* allocate memory accordingly.
*/
encodedlen
=
EC_KEY_key2buf
(
ecdh
,
POINT_CONVERSION_UNCOMPRESSED
,
/* Encode the public key. */
encodedlen
=
EC_KEY_key2buf
(
EVP_PKEY_get0_EC_KEY
(
s
->
s3
->
tmp
.
pkey
),
POINT_CONVERSION_UNCOMPRESSED
,
&
encodedPoint
,
NULL
);
if
(
encodedlen
==
0
)
{
...
...
@@ -2129,7 +2124,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
DH
*
dh_srvr
,
*
dh_clnt
=
NULL
;
#endif
#ifndef OPENSSL_NO_EC
EC_POINT
*
clnt_ecpoint
=
NULL
;
EVP_PKEY
*
ckey
=
NULL
;
EVP_PKEY_CTX
*
pctx
=
NULL
;
#endif
PACKET
enc_premaster
;
unsigned
char
*
data
,
*
rsa_decrypt
=
NULL
;
...
...
@@ -2456,29 +2452,18 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
#ifndef OPENSSL_NO_EC
if
(
alg_k
&
(
SSL_kECDHE
|
SSL_kECDHr
|
SSL_kECDHe
|
SSL_kECDHEPSK
))
{
int
field_size
=
0
;
const
EC_KEY
*
tkey
;
const
EC_GROUP
*
group
;
unsigned
char
*
shared
;
EVP_PKEY
*
skey
=
NULL
;
/* Let's get server private key and group information */
if
(
alg_k
&
(
SSL_kECDHr
|
SSL_kECDHe
))
{
/* use the certificate */
tkey
=
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
privatekey
->
pkey
.
ec
;
skey
=
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
privatekey
;
}
else
{
/*
* use the ephermeral values we saved when generating the
* ServerKeyExchange msg.
*/
tkey
=
s
->
s3
->
tmp
.
ecdh
;
}
group
=
EC_KEY_get0_group
(
tkey
);
/* Let's get client's public key */
if
((
clnt_ecpoint
=
EC_POINT_new
(
group
))
==
NULL
)
{
SSLerr
(
SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE
,
ERR_R_MALLOC_FAILURE
);
goto
err
;
skey
=
s
->
s3
->
tmp
.
pkey
;
}
if
(
PACKET_remaining
(
pkt
)
==
0L
)
{
...
...
@@ -2505,40 +2490,27 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
SSLerr
(
SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE
,
ERR_R_EC_LIB
);
goto
err
;
}
if
(
EC_POINT_oct2point
(
group
,
clnt_ecpoint
,
data
,
i
,
NULL
)
==
0
)
{
ckey
=
EVP_PKEY_new
();
if
(
ckey
==
NULL
||
EVP_PKEY_copy_parameters
(
ckey
,
skey
)
<=
0
)
{
SSLerr
(
SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE
,
ERR_R_EVP_LIB
);
goto
err
;
}
if
(
EC_KEY_oct2key
(
EVP_PKEY_get0_EC_KEY
(
ckey
),
data
,
i
,
NULL
)
==
0
)
{
SSLerr
(
SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE
,
ERR_R_EC_LIB
);
goto
err
;
}
}
/* Compute the shared pre-master secret */
field_size
=
EC_GROUP_get_degree
(
group
);
if
(
field_size
<=
0
)
{
SSLerr
(
SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE
,
ERR_R_ECDH_LIB
);
goto
err
;
}
shared
=
OPENSSL_malloc
((
field_size
+
7
)
/
8
);
if
(
shared
==
NULL
)
{
SSLerr
(
SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE
,
ERR_R_MALLOC_FAILURE
);
goto
err
;
}
i
=
ECDH_compute_key
(
shared
,
(
field_size
+
7
)
/
8
,
clnt_ecpoint
,
tkey
,
NULL
);
if
(
i
<=
0
)
{
SSLerr
(
SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE
,
ERR_R_ECDH_LIB
);
OPENSSL_free
(
shared
);
goto
err
;
}
EC_POINT_free
(
clnt_ecpoint
);
EC_KEY_free
(
s
->
s3
->
tmp
.
ecdh
);
s
->
s3
->
tmp
.
ecdh
=
NULL
;
if
(
!
ssl_generate_master_secret
(
s
,
shared
,
i
,
1
))
{
if
(
ssl_derive
(
s
,
skey
,
ckey
)
==
0
)
{
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
goto
f_err
;
}
EVP_PKEY_free
(
ckey
);
ckey
=
NULL
;
return
MSG_PROCESS_CONTINUE_PROCESSING
;
}
else
#endif
...
...
@@ -2683,7 +2655,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
err:
#endif
#ifndef OPENSSL_NO_EC
EC_POINT_free
(
clnt_ecpoint
);
EVP_PKEY_free
(
ckey
);
EVP_PKEY_CTX_free
(
pctx
);
OPENSSL_free
(
rsa_decrypt
);
#endif
#ifndef OPENSSL_NO_PSK
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录