Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
8d92c1f8
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
8d92c1f8
编写于
6月 21, 2015
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Remove peer temp keys from SESS_CERT
Reviewed-by:
N
Richard Levitte
<
levitte@openssl.org
>
上级
7fba8407
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
55 addition
and
49 deletion
+55
-49
ssl/s3_clnt.c
ssl/s3_clnt.c
+21
-21
ssl/s3_lib.c
ssl/s3_lib.c
+22
-9
ssl/ssl_cert.c
ssl/ssl_cert.c
+0
-10
ssl/ssl_locl.h
ssl/ssl_locl.h
+12
-9
未找到文件。
ssl/s3_clnt.c
浏览文件 @
8d92c1f8
...
...
@@ -1464,22 +1464,22 @@ int ssl3_get_key_exchange(SSL *s)
}
param
=
p
=
(
unsigned
char
*
)
s
->
init_msg
;
if
(
s
->
session
->
sess_cert
!=
NULL
)
{
#ifndef OPENSSL_NO_RSA
RSA_free
(
s
->
session
->
sess_cert
->
peer_rsa_tmp
);
s
->
session
->
sess_cert
->
peer_rsa_tmp
=
NULL
;
RSA_free
(
s
->
s3
->
peer_rsa_tmp
);
s
->
s3
->
peer_rsa_tmp
=
NULL
;
#endif
#ifndef OPENSSL_NO_DH
DH_free
(
s
->
session
->
sess_cert
->
peer_dh_tmp
);
s
->
session
->
sess_cert
->
peer_dh_tmp
=
NULL
;
DH_free
(
s
->
s3
->
peer_dh_tmp
);
s
->
s3
->
peer_dh_tmp
=
NULL
;
#endif
#ifndef OPENSSL_NO_EC
EC_KEY_free
(
s
->
session
->
sess_cert
->
peer_ecdh_tmp
);
s
->
session
->
sess_cert
->
peer_ecdh_tmp
=
NULL
;
EC_KEY_free
(
s
->
s3
->
peer_ecdh_tmp
);
s
->
s3
->
peer_ecdh_tmp
=
NULL
;
#endif
}
else
{
if
(
s
->
session
->
sess_cert
==
NULL
)
s
->
session
->
sess_cert
=
ssl_sess_cert_new
();
}
/* Total length of the parameters including the length prefix */
param_len
=
0
;
...
...
@@ -1711,7 +1711,7 @@ int ssl3_get_key_exchange(SSL *s)
goto
f_err
;
}
s
->
s
ession
->
sess_cert
->
peer_rsa_tmp
=
rsa
;
s
->
s
3
->
peer_rsa_tmp
=
rsa
;
rsa
=
NULL
;
}
#else
/* OPENSSL_NO_RSA */
...
...
@@ -1806,7 +1806,7 @@ int ssl3_get_key_exchange(SSL *s)
# endif
/* else anonymous DH, so no certificate or pkey. */
s
->
s
ession
->
sess_cert
->
peer_dh_tmp
=
dh
;
s
->
s
3
->
peer_dh_tmp
=
dh
;
dh
=
NULL
;
}
#endif
/* !OPENSSL_NO_DH */
...
...
@@ -1917,7 +1917,7 @@ int ssl3_get_key_exchange(SSL *s)
# endif
/* else anonymous ECDH, so no certificate or pkey. */
EC_KEY_set_public_key
(
ecdh
,
srvr_ecpoint
);
s
->
s
ession
->
sess_cert
->
peer_ecdh_tmp
=
ecdh
;
s
->
s
3
->
peer_ecdh_tmp
=
ecdh
;
ecdh
=
NULL
;
BN_CTX_free
(
bn_ctx
);
bn_ctx
=
NULL
;
...
...
@@ -2446,8 +2446,8 @@ int ssl3_send_client_key_exchange(SSL *s)
goto
err
;
}
if
(
s
->
s
ession
->
sess_cert
->
peer_rsa_tmp
!=
NULL
)
rsa
=
s
->
s
ession
->
sess_cert
->
peer_rsa_tmp
;
if
(
s
->
s
3
->
peer_rsa_tmp
!=
NULL
)
rsa
=
s
->
s
3
->
peer_rsa_tmp
;
else
{
pkey
=
X509_get_pubkey
(
s
->
session
->
...
...
@@ -2504,8 +2504,8 @@ int ssl3_send_client_key_exchange(SSL *s)
goto
err
;
}
if
(
s
cert
->
peer_dh_tmp
!=
NULL
)
dh_srvr
=
s
cert
->
peer_dh_tmp
;
if
(
s
->
s3
->
peer_dh_tmp
!=
NULL
)
dh_srvr
=
s
->
s3
->
peer_dh_tmp
;
else
{
/* we get them from the cert */
int
idx
=
scert
->
peer_cert_type
;
...
...
@@ -2558,7 +2558,7 @@ int ssl3_send_client_key_exchange(SSL *s)
*/
n
=
DH_compute_key
(
pms
,
dh_srvr
->
pub_key
,
dh_clnt
);
if
(
s
cert
->
peer_dh_tmp
==
NULL
)
if
(
s
->
s3
->
peer_dh_tmp
==
NULL
)
DH_free
(
dh_srvr
);
if
(
n
<=
0
)
{
...
...
@@ -2624,8 +2624,8 @@ int ssl3_send_client_key_exchange(SSL *s)
*/
}
if
(
s
->
s
ession
->
sess_cert
->
peer_ecdh_tmp
!=
NULL
)
{
tkey
=
s
->
s
ession
->
sess_cert
->
peer_ecdh_tmp
;
if
(
s
->
s
3
->
peer_ecdh_tmp
!=
NULL
)
{
tkey
=
s
->
s
3
->
peer_ecdh_tmp
;
}
else
{
/* Get the Server Public Key from Cert */
srvr_pub_pkey
=
...
...
@@ -3357,10 +3357,10 @@ int ssl3_check_cert_and_algorithm(SSL *s)
goto
err
;
}
#ifndef OPENSSL_NO_RSA
rsa
=
s
->
s
ession
->
sess_cert
->
peer_rsa_tmp
;
rsa
=
s
->
s
3
->
peer_rsa_tmp
;
#endif
#ifndef OPENSSL_NO_DH
dh
=
s
->
s
ession
->
sess_cert
->
peer_dh_tmp
;
dh
=
s
->
s
3
->
peer_dh_tmp
;
#endif
/* This is the passed certificate */
...
...
ssl/s3_lib.c
浏览文件 @
8d92c1f8
...
...
@@ -2894,11 +2894,17 @@ void ssl3_free(SSL *s)
return
;
ssl3_cleanup_key_block
(
s
);
#ifndef OPENSSL_NO_RSA
RSA_free
(
s
->
s3
->
peer_rsa_tmp
);
#endif
#ifndef OPENSSL_NO_DH
DH_free
(
s
->
s3
->
tmp
.
dh
);
DH_free
(
s
->
s3
->
peer_dh_tmp
);
#endif
#ifndef OPENSSL_NO_EC
EC_KEY_free
(
s
->
s3
->
tmp
.
ecdh
);
EC_KEY_free
(
s
->
s3
->
peer_ecdh_tmp
);
#endif
sk_X509_NAME_pop_free
(
s
->
s3
->
tmp
.
ca_names
,
X509_NAME_free
);
...
...
@@ -2929,13 +2935,22 @@ void ssl3_clear(SSL *s)
OPENSSL_free
(
s
->
s3
->
tmp
.
peer_sigalgs
);
s
->
s3
->
tmp
.
peer_sigalgs
=
NULL
;
#ifndef OPENSSL_NO_RSA
RSA_free
(
s
->
s3
->
peer_rsa_tmp
);
s
->
s3
->
peer_rsa_tmp
=
NULL
;
#endif
#ifndef OPENSSL_NO_DH
DH_free
(
s
->
s3
->
tmp
.
dh
);
s
->
s3
->
tmp
.
dh
=
NULL
;
DH_free
(
s
->
s3
->
peer_dh_tmp
);
s
->
s3
->
peer_dh_tmp
=
NULL
;
#endif
#ifndef OPENSSL_NO_EC
EC_KEY_free
(
s
->
s3
->
tmp
.
ecdh
);
s
->
s3
->
tmp
.
ecdh
=
NULL
;
EC_KEY_free
(
s
->
s3
->
peer_ecdh_tmp
);
s
->
s3
->
peer_ecdh_tmp
=
NULL
;
s
->
s3
->
is_probably_safari
=
0
;
#endif
/* !OPENSSL_NO_EC */
...
...
@@ -3330,28 +3345,26 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
if
(
s
->
server
||
!
s
->
session
||
!
s
->
session
->
sess_cert
)
return
0
;
else
{
SESS_CERT
*
sc
;
EVP_PKEY
*
ptmp
;
int
rv
=
0
;
sc
=
s
->
session
->
sess_cert
;
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
if
(
!
s
c
->
peer_rsa_tmp
&&
!
sc
->
peer_dh_tmp
&&
!
sc
->
peer_ecdh_tmp
)
if
(
!
s
->
s3
->
peer_rsa_tmp
&&
!
s
->
s3
->
peer_dh_tmp
&&
!
s
->
s3
->
peer_ecdh_tmp
)
return
0
;
#endif
ptmp
=
EVP_PKEY_new
();
if
(
!
ptmp
)
return
0
;
#ifndef OPENSSL_NO_RSA
else
if
(
s
c
->
peer_rsa_tmp
)
rv
=
EVP_PKEY_set1_RSA
(
ptmp
,
s
c
->
peer_rsa_tmp
);
else
if
(
s
->
s3
->
peer_rsa_tmp
)
rv
=
EVP_PKEY_set1_RSA
(
ptmp
,
s
->
s3
->
peer_rsa_tmp
);
#endif
#ifndef OPENSSL_NO_DH
else
if
(
s
c
->
peer_dh_tmp
)
rv
=
EVP_PKEY_set1_DH
(
ptmp
,
s
c
->
peer_dh_tmp
);
else
if
(
s
->
s3
->
peer_dh_tmp
)
rv
=
EVP_PKEY_set1_DH
(
ptmp
,
s
->
s3
->
peer_dh_tmp
);
#endif
#ifndef OPENSSL_NO_EC
else
if
(
s
c
->
peer_ecdh_tmp
)
rv
=
EVP_PKEY_set1_EC_KEY
(
ptmp
,
s
c
->
peer_ecdh_tmp
);
else
if
(
s
->
s3
->
peer_ecdh_tmp
)
rv
=
EVP_PKEY_set1_EC_KEY
(
ptmp
,
s
->
s3
->
peer_ecdh_tmp
);
#endif
if
(
rv
)
{
*
(
EVP_PKEY
**
)
parg
=
ptmp
;
...
...
ssl/ssl_cert.c
浏览文件 @
8d92c1f8
...
...
@@ -570,16 +570,6 @@ void ssl_sess_cert_free(SESS_CERT *sc)
#endif
}
#ifndef OPENSSL_NO_RSA
RSA_free
(
sc
->
peer_rsa_tmp
);
#endif
#ifndef OPENSSL_NO_DH
DH_free
(
sc
->
peer_dh_tmp
);
#endif
#ifndef OPENSSL_NO_EC
EC_KEY_free
(
sc
->
peer_ecdh_tmp
);
#endif
OPENSSL_free
(
sc
);
}
...
...
ssl/ssl_locl.h
浏览文件 @
8d92c1f8
...
...
@@ -1340,6 +1340,18 @@ typedef struct ssl3_state_st {
*/
char
is_probably_safari
;
# endif
/* !OPENSSL_NO_EC */
/* For clients: peer temporary key */
# ifndef OPENSSL_NO_RSA
RSA
*
peer_rsa_tmp
;
# endif
# ifndef OPENSSL_NO_DH
DH
*
peer_dh_tmp
;
# endif
# ifndef OPENSSL_NO_EC
EC_KEY
*
peer_ecdh_tmp
;
# endif
}
SSL3_STATE
;
...
...
@@ -1589,15 +1601,6 @@ typedef struct sess_cert_st {
* Obviously we don't have the private keys of these, so maybe we
* shouldn't even use the CERT_PKEY type here.
*/
# ifndef OPENSSL_NO_RSA
RSA
*
peer_rsa_tmp
;
/* not used for SSL 2 */
# endif
# ifndef OPENSSL_NO_DH
DH
*
peer_dh_tmp
;
/* not used for SSL 2 */
# endif
# ifndef OPENSSL_NO_EC
EC_KEY
*
peer_ecdh_tmp
;
# endif
int
references
;
/* actually always 1 at the moment */
}
SESS_CERT
;
/* Structure containing decoded values of signature algorithms extension */
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录