Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
a2a01589
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
a2a01589
编写于
2月 21, 2000
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Fix some bugs and document others
上级
e7ecc7d4
变更
7
隐藏空白更改
内联
并排
Showing
7 changed file
with
91 addition
and
60 deletion
+91
-60
apps/s_server.c
apps/s_server.c
+37
-23
ssl/s3_both.c
ssl/s3_both.c
+3
-2
ssl/s3_lib.c
ssl/s3_lib.c
+4
-0
ssl/s3_pkt.c
ssl/s3_pkt.c
+21
-3
ssl/s3_srvr.c
ssl/s3_srvr.c
+16
-29
ssl/ssl_lib.c
ssl/ssl_lib.c
+8
-1
ssl/ssl_locl.h
ssl/ssl_locl.h
+2
-2
未找到文件。
apps/s_server.c
浏览文件 @
a2a01589
...
...
@@ -813,33 +813,47 @@ static int sv_body(char *hostname, int s, unsigned char *context)
width
=
s
+
1
;
for
(;;)
{
FD_ZERO
(
&
readfds
);
int
read_from_terminal
;
int
read_from_sslcon
;
read_from_terminal
=
0
;
read_from_sslcon
=
SSL_pending
(
con
);
if
(
!
read_from_sslcon
)
{
FD_ZERO
(
&
readfds
);
#ifndef WINDOWS
FD_SET
(
fileno
(
stdin
),
&
readfds
);
FD_SET
(
fileno
(
stdin
),
&
readfds
);
#endif
FD_SET
(
s
,
&
readfds
);
/* Note: under VMS with SOCKETSHR the second parameter is
* currently of type (int *) whereas under other systems
* it is (void *) if you don't have a cast it will choke
* the compiler: if you do have a cast then you can either
* go for (int *) or (void *).
*/
FD_SET
(
s
,
&
readfds
);
/* Note: under VMS with SOCKETSHR the second parameter is
* currently of type (int *) whereas under other systems
* it is (void *) if you don't have a cast it will choke
* the compiler: if you do have a cast then you can either
* go for (int *) or (void *).
*/
#ifdef WINDOWS
/* Under Windows we can't select on stdin: only
* on sockets. As a workaround we timeout the select every
* second and check for any keypress. In a proper Windows
* application we wouldn't do this because it is inefficient.
*/
tv
.
tv_sec
=
1
;
tv
.
tv_usec
=
0
;
i
=
select
(
width
,(
void
*
)
&
readfds
,
NULL
,
NULL
,
&
tv
);
if
((
i
<
0
)
||
(
!
i
&&
!
_kbhit
()
)
)
continue
;
if
(
_kbhit
())
/* Under Windows we can't select on stdin: only
* on sockets. As a workaround we timeout the select every
* second and check for any keypress. In a proper Windows
* application we wouldn't do this because it is inefficient.
*/
tv
.
tv_sec
=
1
;
tv
.
tv_usec
=
0
;
i
=
select
(
width
,(
void
*
)
&
readfds
,
NULL
,
NULL
,
&
tv
);
if
((
i
<
0
)
||
(
!
i
&&
!
_kbhit
()
)
)
continue
;
if
(
_kbhit
())
read_from_terminal
=
1
;
#else
i
=
select
(
width
,(
void
*
)
&
readfds
,
NULL
,
NULL
,
NULL
);
if
(
i
<=
0
)
continue
;
if
(
FD_ISSET
(
fileno
(
stdin
),
&
readfds
))
i
=
select
(
width
,(
void
*
)
&
readfds
,
NULL
,
NULL
,
NULL
);
if
(
i
<=
0
)
continue
;
if
(
FD_ISSET
(
fileno
(
stdin
),
&
readfds
))
read_from_terminal
=
1
;
#endif
if
(
FD_ISSET
(
s
,
&
readfds
))
read_from_sslcon
=
1
;
}
if
(
read_from_terminal
)
{
if
(
s_crlf
)
{
...
...
@@ -952,7 +966,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
if
(
i
<=
0
)
break
;
}
}
if
(
FD_ISSET
(
s
,
&
readfds
)
)
if
(
read_from_sslcon
)
{
if
(
!
SSL_is_init_finished
(
con
))
{
...
...
ssl/s3_both.c
浏览文件 @
a2a01589
...
...
@@ -342,14 +342,15 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
SSLerr
(
SSL_F_SSL3_GET_MESSAGE
,
SSL_R_UNEXPECTED_MESSAGE
);
goto
f_err
;
}
if
((
mt
<
0
)
&&
(
*
p
==
SSL3_MT_CLIENT_HELLO
)
&&
if
((
mt
<
0
)
&&
(
*
p
==
SSL3_MT_CLIENT_HELLO
)
&&
(
st1
==
SSL3_ST_SR_CERT_A
)
&&
(
stn
==
SSL3_ST_SR_CERT_B
))
{
/* At this point we have got an MS SGC second client
* hello (maybe we should always allow the client to
* start a new handshake?). We need to restart the mac.
*/
* Don't increment {num,total}_renegotiations because
* we have not completed the handshake. */
ssl3_init_finished_mac
(
s
);
}
...
...
ssl/s3_lib.c
浏览文件 @
a2a01589
...
...
@@ -695,6 +695,10 @@ void ssl3_clear(SSL *s)
Free
(
s
->
s3
->
rrec
.
comp
);
s
->
s3
->
rrec
.
comp
=
NULL
;
}
#ifndef NO_DH
if
(
s
->
s3
->
tmp
.
dh
!=
NULL
)
DH_free
(
s
->
s3
->
tmp
.
dh
);
#endif
rp
=
s
->
s3
->
rbuf
.
buf
;
wp
=
s
->
s3
->
wbuf
.
buf
;
...
...
ssl/s3_pkt.c
浏览文件 @
a2a01589
...
...
@@ -709,7 +709,6 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
int
al
,
i
,
j
,
n
,
ret
;
SSL3_RECORD
*
rr
;
void
(
*
cb
)()
=
NULL
;
BIO
*
bio
;
if
(
s
->
s3
->
rbuf
.
buf
==
NULL
)
/* Not initialized yet */
if
(
!
ssl3_setup_buffers
(
s
))
...
...
@@ -988,9 +987,15 @@ start:
if
(((
s
->
state
&
SSL_ST_MASK
)
==
SSL_ST_OK
)
&&
!
(
s
->
s3
->
flags
&
SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
))
{
#if 0 /* worked only because C operator preferences are not as expected (and
* because this is not really needed for clients except for detecting
* protocol violations): */
s->state=SSL_ST_BEFORE|(s->server)
?SSL_ST_ACCEPT
:SSL_ST_CONNECT;
#else
s
->
state
=
s
->
server
?
SSL_ST_ACCEPT
:
SSL_ST_CONNECT
;
#endif
s
->
new_session
=
1
;
}
n
=
s
->
handshake_func
(
s
);
...
...
@@ -1001,11 +1006,20 @@ start:
return
(
-
1
);
}
#if 1
/* probably nonsense (does not work with readahead),
* but keep it for now anyway ... s_server relies on this */
{
BIO
*
bio
;
/* In the case where we try to read application data
* the first time, but we trigger an SSL handshake, we
* return -1 with the retry option set. I do this
* otherwise renegotiation can cause nasty problems
* in the non-blocking world */
* in the non-blocking world */
/* That's "non-non-blocking",
* I guess? When receiving a
* Hello Request, we have the
* same problem (e.g. in s_client),
* but it's really an application bug.
*/
s
->
rwstate
=
SSL_READING
;
bio
=
SSL_get_rbio
(
s
);
...
...
@@ -1013,6 +1027,10 @@ start:
BIO_set_retry_read
(
bio
);
return
(
-
1
);
}
#else
goto
start
;
#endif
}
switch
(
rr
->
type
)
{
...
...
@@ -1041,7 +1059,7 @@ start:
* but have application data. If the library was
* running inside ssl3_read() (i.e. in_read_app_data
* is set) and it makes sense to read application data
* at this point (session renegotation not yet started),
* at this point (session renegot
i
ation not yet started),
* we will indulge it.
*/
if
(
s
->
s3
->
in_read_app_data
&&
...
...
ssl/s3_srvr.c
浏览文件 @
a2a01589
...
...
@@ -77,9 +77,9 @@ static int ssl3_send_server_hello(SSL *s);
static
int
ssl3_send_server_key_exchange
(
SSL
*
s
);
static
int
ssl3_send_certificate_request
(
SSL
*
s
);
static
int
ssl3_send_server_done
(
SSL
*
s
);
static
int
ssl3_get_cert_verify
(
SSL
*
s
);
static
int
ssl3_get_client_key_exchange
(
SSL
*
s
);
static
int
ssl3_get_client_certificate
(
SSL
*
s
);
static
int
ssl3_get_cert_verify
(
SSL
*
s
);
static
int
ssl3_send_hello_request
(
SSL
*
s
);
static
SSL_METHOD
*
ssl3_get_server_method
(
int
ver
)
...
...
@@ -154,7 +154,6 @@ int ssl3_accept(SSL *s)
if
((
s
->
version
>>
8
)
!=
3
)
abort
();
/* s->version=SSL3_VERSION; */
s
->
type
=
SSL_ST_ACCEPT
;
if
(
s
->
init_buf
==
NULL
)
...
...
@@ -539,7 +538,21 @@ static int ssl3_check_client_hello(SSL *s)
&
ok
);
if
(
!
ok
)
return
((
int
)
n
);
s
->
s3
->
tmp
.
reuse_message
=
1
;
if
(
s
->
s3
->
tmp
.
message_type
==
SSL3_MT_CLIENT_HELLO
)
return
2
;
if
(
s
->
s3
->
tmp
.
message_type
==
SSL3_MT_CLIENT_HELLO
)
{
/* Throw away what we have done so far in the current handshake,
* which will now be aborted. (A full SSL_clear would be too much.)
* I hope that tmp.dh is the only thing that may need to be cleared
* when a handshake is not completed ... */
#ifndef NO_DH
if
(
s
->
s3
->
tmp
.
dh
!=
NULL
)
{
DH_free
(
s
->
s3
->
tmp
.
dh
);
s
->
s3
->
tmp
.
dh
=
NULL
;
}
#endif
return
2
;
}
return
1
;
}
...
...
@@ -1300,31 +1313,6 @@ static int ssl3_get_client_key_exchange(SSL *s)
i
=
RSA_private_decrypt
((
int
)
n
,
p
,
p
,
rsa
,
RSA_PKCS1_PADDING
);
#if 0
/* If a bad decrypt, use a random master key */
if ((i != SSL_MAX_MASTER_KEY_LENGTH) ||
((p[0] != (s->client_version>>8)) ||
(p[1] != (s->client_version & 0xff))))
{
int bad=1;
if ((i == SSL_MAX_MASTER_KEY_LENGTH) &&
(p[0] == (s->version>>8)) &&
(p[1] == 0))
{
if (s->options & SSL_OP_TLS_ROLLBACK_BUG)
bad=0;
}
if (bad)
{
p[0]=(s->version>>8);
p[1]=(s->version & 0xff);
RAND_pseudo_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
i=SSL_MAX_MASTER_KEY_LENGTH;
}
/* else, an SSLeay bug, ssl only server, tls client */
}
#else
if
(
i
!=
SSL_MAX_MASTER_KEY_LENGTH
)
{
al
=
SSL_AD_DECODE_ERROR
;
...
...
@@ -1347,7 +1335,6 @@ static int ssl3_get_client_key_exchange(SSL *s)
memset
(
p
,
0
,
i
);
}
else
#endif
#ifndef NO_DH
if
(
l
&
(
SSL_kEDH
|
SSL_kDHr
|
SSL_kDHd
))
{
...
...
ssl/ssl_lib.c
浏览文件 @
a2a01589
...
...
@@ -107,10 +107,17 @@ int SSL_clear(SSL *s)
s
->
hit
=
0
;
s
->
shutdown
=
0
;
#if 0
#if 0 /* Disabled since version 1.10 of this file (early return not
* needed because SSL_clear is not called when doing renegotiation) */
/* This is set if we are doing dynamic renegotiation so keep
* the old cipher. It is sort of a SSL_clear_lite :-) */
if (s->new_session) return(1);
#else
if
(
s
->
new_session
)
{
SSLerr
(
SSL_F_SSL_CLEAR
,
SSL_R_INTERNAL_ERROR
);
return
0
;
}
#endif
state
=
s
->
state
;
/* Keep to check if we throw away the session-id */
...
...
ssl/ssl_locl.h
浏览文件 @
a2a01589
...
...
@@ -306,8 +306,8 @@ typedef struct cert_st
{
/* Current active set */
CERT_PKEY
*
key
;
/* ALWAYS points to an element of the pkeys array
* Probably it would make more sense to store
* an index, not a pointer. */
* Probably it would make more sense to store
* an index, not a pointer. */
/* The following masks are for the key and auth
* algorithms that are supported by the certs below */
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录