Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
大约 1 年 前同步成功

通知 9
Star 18
Fork 1
T
Third Party Openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 a16ca4e8 编写于 作者: D Dr. Stephen Henson
浏览文件
操作

Fix PSK client handling. 

The PSK identity hint should be stored in the SSL_SESSION structure
and not in the parent context (which will overwrite values used
by other SSL structures with the same SSL_CTX).
Reviewed-by: NMatt Caswell <matt@openssl.org>
上级 547dba74
隐藏空白更改
内联 并排
Showing with 5 addition and 25 deletion
ssl/s3_clnt.c
浏览文件 @ a16ca4e8
...@@ -1431,17 +1431,7 @@ int ssl3_get_key_exchange(SSL *s) ...@@ -1431,17 +1431,7 @@ int ssl3_get_key_exchange(SSL *s)
al = SSL_AD_UNEXPECTED_MESSAGE; al = SSL_AD_UNEXPECTED_MESSAGE;
goto f_err; goto f_err;
} }
#ifndef OPENSSL_NO_PSK
/*
* In plain PSK ciphersuite, ServerKeyExchange can be omitted if no
* identity hint is sent. Set session->sess_cert anyway to avoid
* problems later.
*/
if (alg_k & SSL_kPSK) {
OPENSSL_free(s->ctx->psk_identity_hint);
s->ctx->psk_identity_hint = NULL;
}
#endif
s->s3->tmp.reuse_message = 1; s->s3->tmp.reuse_message = 1;
return (1); return (1);
} }
...@@ -1504,9 +1494,9 @@ int ssl3_get_key_exchange(SSL *s) ...@@ -1504,9 +1494,9 @@ int ssl3_get_key_exchange(SSL *s)
*/ */
memcpy(tmp_id_hint, p, i); memcpy(tmp_id_hint, p, i);
memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i); memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
OPENSSL_free(s->ctx->psk_identity_hint); OPENSSL_free(s->session->psk_identity_hint);
s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); s->session->psk_identity_hint = BUF_strdup(tmp_id_hint);
if (s->ctx->psk_identity_hint == NULL) { if (s->session->psk_identity_hint == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE; al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
goto f_err; goto f_err;
...@@ -2830,7 +2820,7 @@ int ssl3_send_client_key_exchange(SSL *s) ...@@ -2830,7 +2820,7 @@ int ssl3_send_client_key_exchange(SSL *s)
if (!pms) if (!pms)
goto memerr; goto memerr;
psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, psk_len = s->psk_client_callback(s, s->session->psk_identity_hint,
identity, sizeof(identity) - 1, identity, sizeof(identity) - 1,
pms, pmslen); pms, pmslen);
if (psk_len > PSK_MAX_PSK_LEN) { if (psk_len > PSK_MAX_PSK_LEN) {
...@@ -2859,16 +2849,6 @@ int ssl3_send_client_key_exchange(SSL *s) ...@@ -2859,16 +2849,6 @@ int ssl3_send_client_key_exchange(SSL *s)
t += psk_len; t += psk_len;
s2n(psk_len, t); s2n(psk_len, t);
OPENSSL_free(s->session->psk_identity_hint);
s->session->psk_identity_hint =
BUF_strdup(s->ctx->psk_identity_hint);
if (s->ctx->psk_identity_hint != NULL
&& s->session->psk_identity_hint == NULL) {
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
ERR_R_MALLOC_FAILURE);
goto psk_err;
}
OPENSSL_free(s->session->psk_identity); OPENSSL_free(s->session->psk_identity);
s->session->psk_identity = BUF_strdup(identity); s->session->psk_identity = BUF_strdup(identity);
if (s->session->psk_identity == NULL) { if (s->session->psk_identity == NULL) {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册