Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
af6e2d51
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
af6e2d51
编写于
11月 18, 2014
作者:
M
Matt Caswell
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add OPENSSL_NO_ECDH guards
Reviewed-by:
N
Emilia Käsper
<
emilia@openssl.org
>
上级
55e53026
变更
7
显示空白变更内容
内联
并排
Showing
7 changed file
with
46 addition
and
1 deletion
+46
-1
crypto/ec/ec_pmeth.c
crypto/ec/ec_pmeth.c
+8
-0
ssl/s3_lib.c
ssl/s3_lib.c
+7
-1
ssl/ssl_ciph.c
ssl/ssl_ciph.c
+5
-0
ssl/ssl_lib.c
ssl/ssl_lib.c
+2
-0
ssl/ssl_locl.h
ssl/ssl_locl.h
+2
-0
ssl/t1_lib.c
ssl/t1_lib.c
+2
-0
test/cms-test.pl
test/cms-test.pl
+20
-0
未找到文件。
crypto/ec/ec_pmeth.c
浏览文件 @
af6e2d51
...
@@ -213,6 +213,7 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
...
@@ -213,6 +213,7 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
return
ret
;
return
ret
;
}
}
#ifndef OPENSSL_NO_ECDH
static
int
pkey_ec_derive
(
EVP_PKEY_CTX
*
ctx
,
unsigned
char
*
key
,
size_t
*
keylen
)
static
int
pkey_ec_derive
(
EVP_PKEY_CTX
*
ctx
,
unsigned
char
*
key
,
size_t
*
keylen
)
{
{
int
ret
;
int
ret
;
...
@@ -288,6 +289,7 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,
...
@@ -288,6 +289,7 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,
}
}
return
rv
;
return
rv
;
}
}
#endif
static
int
pkey_ec_ctrl
(
EVP_PKEY_CTX
*
ctx
,
int
type
,
int
p1
,
void
*
p2
)
static
int
pkey_ec_ctrl
(
EVP_PKEY_CTX
*
ctx
,
int
type
,
int
p1
,
void
*
p2
)
{
{
...
@@ -316,6 +318,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
...
@@ -316,6 +318,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
EC_GROUP_set_asn1_flag
(
dctx
->
gen_group
,
p1
);
EC_GROUP_set_asn1_flag
(
dctx
->
gen_group
,
p1
);
return
1
;
return
1
;
#ifndef OPENSSL_NO_ECDH
case
EVP_PKEY_CTRL_EC_ECDH_COFACTOR
:
case
EVP_PKEY_CTRL_EC_ECDH_COFACTOR
:
if
(
p1
==
-
2
)
if
(
p1
==
-
2
)
{
{
...
@@ -357,6 +360,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
...
@@ -357,6 +360,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
dctx
->
co_key
=
NULL
;
dctx
->
co_key
=
NULL
;
}
}
return
1
;
return
1
;
#endif
case
EVP_PKEY_CTRL_EC_KDF_TYPE
:
case
EVP_PKEY_CTRL_EC_KDF_TYPE
:
if
(
p1
==
-
2
)
if
(
p1
==
-
2
)
...
@@ -556,7 +560,11 @@ const EVP_PKEY_METHOD ec_pkey_meth =
...
@@ -556,7 +560,11 @@ const EVP_PKEY_METHOD ec_pkey_meth =
0
,
0
,
0
,
0
,
0
,
0
,
#ifndef OPENSSL_NO_ECDH
pkey_ec_kdf_derive
,
pkey_ec_kdf_derive
,
#else
0
,
#endif
pkey_ec_ctrl
,
pkey_ec_ctrl
,
pkey_ec_ctrl_str
pkey_ec_ctrl_str
...
...
ssl/s3_lib.c
浏览文件 @
af6e2d51
...
@@ -3810,9 +3810,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
...
@@ -3810,9 +3810,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
case
SSL_CTRL_GET_SHARED_CURVE
:
case
SSL_CTRL_GET_SHARED_CURVE
:
return
tls1_shared_curve
(
s
,
larg
);
return
tls1_shared_curve
(
s
,
larg
);
#ifndef OPENSSL_NO_ECDH
case
SSL_CTRL_SET_ECDH_AUTO
:
case
SSL_CTRL_SET_ECDH_AUTO
:
s
->
cert
->
ecdh_tmp_auto
=
larg
;
s
->
cert
->
ecdh_tmp_auto
=
larg
;
return
1
;
return
1
;
#endif
#endif
#endif
case
SSL_CTRL_SET_SIGALGS
:
case
SSL_CTRL_SET_SIGALGS
:
return
tls1_set_sigalgs
(
s
->
cert
,
parg
,
larg
,
0
);
return
tls1_set_sigalgs
(
s
->
cert
,
parg
,
larg
,
0
);
...
@@ -3884,7 +3886,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
...
@@ -3884,7 +3886,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
EVP_PKEY
*
ptmp
;
EVP_PKEY
*
ptmp
;
int
rv
=
0
;
int
rv
=
0
;
sc
=
s
->
session
->
sess_cert
;
sc
=
s
->
session
->
sess_cert
;
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
&& !defined(OPENSSL_NO_ECDH)
if
(
!
sc
->
peer_rsa_tmp
&&
!
sc
->
peer_dh_tmp
if
(
!
sc
->
peer_rsa_tmp
&&
!
sc
->
peer_dh_tmp
&&
!
sc
->
peer_ecdh_tmp
)
&&
!
sc
->
peer_ecdh_tmp
)
return
0
;
return
0
;
...
@@ -4237,9 +4239,11 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
...
@@ -4237,9 +4239,11 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
return
tls1_set_curves_list
(
&
ctx
->
tlsext_ellipticcurvelist
,
return
tls1_set_curves_list
(
&
ctx
->
tlsext_ellipticcurvelist
,
&
ctx
->
tlsext_ellipticcurvelist_length
,
&
ctx
->
tlsext_ellipticcurvelist_length
,
parg
);
parg
);
#ifndef OPENSSL_NO_ECDH
case
SSL_CTRL_SET_ECDH_AUTO
:
case
SSL_CTRL_SET_ECDH_AUTO
:
ctx
->
cert
->
ecdh_tmp_auto
=
larg
;
ctx
->
cert
->
ecdh_tmp_auto
=
larg
;
return
1
;
return
1
;
#endif
#endif
#endif
case
SSL_CTRL_SET_SIGALGS
:
case
SSL_CTRL_SET_SIGALGS
:
return
tls1_set_sigalgs
(
ctx
->
cert
,
parg
,
larg
,
0
);
return
tls1_set_sigalgs
(
ctx
->
cert
,
parg
,
larg
,
0
);
...
@@ -4543,10 +4547,12 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
...
@@ -4543,10 +4547,12 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#ifndef OPENSSL_NO_TLSEXT
#ifndef OPENSSL_NO_TLSEXT
#ifndef OPENSSL_NO_EC
#ifndef OPENSSL_NO_EC
#ifndef OPENSSL_NO_ECDH
/* if we are considering an ECC cipher suite that uses
/* if we are considering an ECC cipher suite that uses
* an ephemeral EC key check it */
* an ephemeral EC key check it */
if
(
alg_k
&
SSL_kECDHE
)
if
(
alg_k
&
SSL_kECDHE
)
ok
=
ok
&&
tls1_check_ec_tmp_key
(
s
,
c
->
id
);
ok
=
ok
&&
tls1_check_ec_tmp_key
(
s
,
c
->
id
);
#endif
/* OPENSSL_NO_ECDH */
#endif
/* OPENSSL_NO_EC */
#endif
/* OPENSSL_NO_EC */
#endif
/* OPENSSL_NO_TLSEXT */
#endif
/* OPENSSL_NO_TLSEXT */
...
...
ssl/ssl_ciph.c
浏览文件 @
af6e2d51
...
@@ -1436,6 +1436,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
...
@@ -1436,6 +1436,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
return
0
;
return
0
;
}
}
#ifndef OPENSSL_NO_ECDH
switch
(
suiteb_flags
)
switch
(
suiteb_flags
)
{
{
case
SSL_CERT_FLAG_SUITEB_128_LOS
:
case
SSL_CERT_FLAG_SUITEB_128_LOS
:
...
@@ -1454,6 +1455,10 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
...
@@ -1454,6 +1455,10 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
/* Set auto ECDH parameter determination */
/* Set auto ECDH parameter determination */
c
->
ecdh_tmp_auto
=
1
;
c
->
ecdh_tmp_auto
=
1
;
return
1
;
return
1
;
#else
SSLerr
(
SSL_F_CHECK_SUITEB_CIPHER_LIST
,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS
);
return
0
;
#endif
}
}
#endif
#endif
...
...
ssl/ssl_lib.c
浏览文件 @
af6e2d51
...
@@ -2361,8 +2361,10 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
...
@@ -2361,8 +2361,10 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
x
=
cpk
->
x509
;
x
=
cpk
->
x509
;
/* This call populates extension flags (ex_flags) */
/* This call populates extension flags (ex_flags) */
X509_check_purpose
(
x
,
-
1
,
0
);
X509_check_purpose
(
x
,
-
1
,
0
);
#ifndef OPENSSL_NO_ECDH
ecdh_ok
=
(
x
->
ex_flags
&
EXFLAG_KUSAGE
)
?
ecdh_ok
=
(
x
->
ex_flags
&
EXFLAG_KUSAGE
)
?
(
x
->
ex_kusage
&
X509v3_KU_KEY_AGREEMENT
)
:
1
;
(
x
->
ex_kusage
&
X509v3_KU_KEY_AGREEMENT
)
:
1
;
#endif
ecdsa_ok
=
(
x
->
ex_flags
&
EXFLAG_KUSAGE
)
?
ecdsa_ok
=
(
x
->
ex_flags
&
EXFLAG_KUSAGE
)
?
(
x
->
ex_kusage
&
X509v3_KU_DIGITAL_SIGNATURE
)
:
1
;
(
x
->
ex_kusage
&
X509v3_KU_DIGITAL_SIGNATURE
)
:
1
;
if
(
!
(
cpk
->
valid_flags
&
CERT_PKEY_SIGN
))
if
(
!
(
cpk
->
valid_flags
&
CERT_PKEY_SIGN
))
...
...
ssl/ssl_locl.h
浏览文件 @
af6e2d51
...
@@ -1250,7 +1250,9 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen,
...
@@ -1250,7 +1250,9 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen,
int
*
curves
,
size_t
ncurves
);
int
*
curves
,
size_t
ncurves
);
int
tls1_set_curves_list
(
unsigned
char
**
pext
,
size_t
*
pextlen
,
int
tls1_set_curves_list
(
unsigned
char
**
pext
,
size_t
*
pextlen
,
const
char
*
str
);
const
char
*
str
);
#ifndef OPENSSL_NO_ECDH
int
tls1_check_ec_tmp_key
(
SSL
*
s
,
unsigned
long
id
);
int
tls1_check_ec_tmp_key
(
SSL
*
s
,
unsigned
long
id
);
#endif
/* OPENSSL_NO_ECDH */
#endif
/* OPENSSL_NO_EC */
#endif
/* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_TLSEXT
#ifndef OPENSSL_NO_TLSEXT
...
...
ssl/t1_lib.c
浏览文件 @
af6e2d51
...
@@ -828,6 +828,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
...
@@ -828,6 +828,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
}
}
return
rv
;
return
rv
;
}
}
#ifndef OPENSSL_NO_ECDH
/* Check EC temporary key is compatible with client extensions */
/* Check EC temporary key is compatible with client extensions */
int
tls1_check_ec_tmp_key
(
SSL
*
s
,
unsigned
long
cid
)
int
tls1_check_ec_tmp_key
(
SSL
*
s
,
unsigned
long
cid
)
{
{
...
@@ -894,6 +895,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
...
@@ -894,6 +895,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
return
tls1_check_ec_key
(
s
,
curve_id
,
NULL
);
return
tls1_check_ec_key
(
s
,
curve_id
,
NULL
);
#endif
#endif
}
}
#endif
/* OPENSSL_NO_ECDH */
#else
#else
...
...
test/cms-test.pl
浏览文件 @
af6e2d51
...
@@ -84,6 +84,7 @@ my $halt_err = 1;
...
@@ -84,6 +84,7 @@ my $halt_err = 1;
my
$badcmd
=
0
;
my
$badcmd
=
0
;
my
$no_ec
;
my
$no_ec
;
my
$no_ec2m
;
my
$no_ec2m
;
my
$no_ecdh
;
my
$ossl8
=
`
$ossl_path
version -v
`
=~
/0\.9\.8/
;
my
$ossl8
=
`
$ossl_path
version -v
`
=~
/0\.9\.8/
;
system
("
$ossl_path
no-ec >/dev/null
");
system
("
$ossl_path
no-ec >/dev/null
");
...
@@ -114,6 +115,20 @@ else
...
@@ -114,6 +115,20 @@ else
die
"
Error checking for EC2M support
\n
";
die
"
Error checking for EC2M support
\n
";
}
}
system
("
$ossl_path
no-ecdh >/dev/null
");
if
(
$?
==
0
)
{
$no_ecdh
=
1
;
}
elsif
(
$?
==
256
)
{
$no_ecdh
=
0
;
}
else
{
die
"
Error checking for ECDH support
\n
";
}
my
@smime_pkcs7_tests
=
(
my
@smime_pkcs7_tests
=
(
[
[
...
@@ -507,6 +522,11 @@ sub run_smime_tests {
...
@@ -507,6 +522,11 @@ sub run_smime_tests {
print
"
$tnam
: skipped, EC disabled
\n
";
print
"
$tnam
: skipped, EC disabled
\n
";
next
;
next
;
}
}
if
(
$no_ecdh
&&
$tnam
=~
/ECDH/
)
{
print
"
$tnam
: skipped, ECDH disabled
\n
";
next
;
}
if
(
$no_ec2m
&&
$tnam
=~
/K-283/
)
if
(
$no_ec2m
&&
$tnam
=~
/K-283/
)
{
{
print
"
$tnam
: skipped, EC2M disabled
\n
";
print
"
$tnam
: skipped, EC2M disabled
\n
";
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录