Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
c51ae173
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
c51ae173
编写于
1月 11, 2000
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Clean up some of the SSL server code.
上级
7e3d8df1
变更
7
隐藏空白更改
内联
并排
Showing
7 changed file
with
143 addition
and
106 deletion
+143
-106
CHANGES
CHANGES
+5
-0
ssl/s23_srvr.c
ssl/s23_srvr.c
+12
-1
ssl/s3_pkt.c
ssl/s3_pkt.c
+115
-77
ssl/s3_srvr.c
ssl/s3_srvr.c
+1
-1
ssl/ssl.h
ssl/ssl.h
+4
-3
ssl/ssl3.h
ssl/ssl3.h
+5
-23
ssl/ssl_err.c
ssl/ssl_err.c
+1
-1
未找到文件。
CHANGES
浏览文件 @
c51ae173
...
...
@@ -4,6 +4,11 @@
Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
*) Rewrite ssl3_read_n (ssl/s3_pkt.c) avoiding a couple of bugs,
including a possible buffer overflow when the 'read_ahead'
flag is set.
[Bodo Moeller]
*) New function X509_CTX_rget_chain(), this returns the chain
from an X509_CTX structure with a dup of the stack and all
the X509 reference counts upped: so the stack will exist
...
...
ssl/s23_srvr.c
浏览文件 @
c51ae173
...
...
@@ -186,7 +186,18 @@ end:
int
ssl23_get_client_hello
(
SSL
*
s
)
{
char
buf_space
[
11
];
/* request this many bytes in initial read */
char
buf_space
[
11
];
/* Request this many bytes in initial read.
* We can detect SSL 3.0/TLS 1.0 Client Hellos only
* when the following is in a single record
* (not guaranteed by protocol specs):
* Byte Content
* 0 type \
* 1/2 version > record header
* 3/4 length /
* 5 msg_type \
* 6-8 length > Client Hello message
* 9/10 client_version /
*/
char
*
buf
=
&
(
buf_space
[
0
]);
unsigned
char
*
p
,
*
d
,
*
dd
;
unsigned
int
i
;
...
...
ssl/s3_pkt.c
浏览文件 @
c51ae173
...
...
@@ -55,6 +55,59 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <errno.h>
...
...
@@ -71,104 +124,91 @@ static int ssl3_get_record(SSL *s);
static
int
do_compress
(
SSL
*
ssl
);
static
int
do_uncompress
(
SSL
*
ssl
);
static
int
do_change_cipher_spec
(
SSL
*
ssl
);
static
int
ssl3_read_n
(
SSL
*
s
,
int
n
,
int
max
,
int
extend
)
{
/* If extend == 0, obtain new n-byte packet; if extend == 1, increase
* packet by another n bytes.
* The packet will be in the sub-array of s->s3->rbuf.buf specified
* by s->packet and s->packet_length.
* (If s->read_ahead is set, 'max' bytes may be stored in rbuf
* [plus s->packet_length bytes if extend == 1].)
*/
int
i
,
off
,
newb
;
/* if there is stuff still in the buffer from a previous read,
* and there is more than we want, take some. */
if
(
!
extend
)
{
/* start with empty packet ... */
if
(
s
->
s3
->
rbuf
.
left
==
0
)
s
->
s3
->
rbuf
.
offset
=
0
;
s
->
packet
=
s
->
s3
->
rbuf
.
buf
+
s
->
s3
->
rbuf
.
offset
;
s
->
packet_length
=
0
;
/* ... now we can act as if 'extend' was set */
}
/* if there is enough in the buffer from a previous read, take some */
if
(
s
->
s3
->
rbuf
.
left
>=
(
int
)
n
)
{
if
(
extend
)
s
->
packet_length
+=
n
;
else
{
s
->
packet
=
&
(
s
->
s3
->
rbuf
.
buf
[
s
->
s3
->
rbuf
.
offset
]);
s
->
packet_length
=
n
;
}
s
->
packet_length
+=
n
;
s
->
s3
->
rbuf
.
left
-=
n
;
s
->
s3
->
rbuf
.
offset
+=
n
;
return
(
n
);
}
/* else we need to read more data */
if
(
!
s
->
read_ahead
)
max
=
n
;
if
(
max
>
SSL3_RT_MAX_PACKET_SIZE
)
max
=
SSL3_RT_MAX_PACKET_SIZE
;
/* First check if there is some left or we want to extend */
off
=
0
;
if
(
(
s
->
s3
->
rbuf
.
left
!=
0
)
||
((
s
->
packet_length
!=
0
)
&&
extend
))
{
newb
=
s
->
s3
->
rbuf
.
left
;
if
(
extend
)
{
/* Copy bytes back to the front of the buffer
* Take the bytes already pointed to by 'packet'
* and take the extra ones on the end. */
off
=
s
->
packet_length
;
if
(
s
->
packet
!=
s
->
s3
->
rbuf
.
buf
)
memcpy
(
s
->
s3
->
rbuf
.
buf
,
s
->
packet
,
newb
+
off
);
}
else
if
(
s
->
s3
->
rbuf
.
offset
!=
0
)
{
/* so the data is not at the start of the buffer */
memcpy
(
s
->
s3
->
rbuf
.
buf
,
&
(
s
->
s3
->
rbuf
.
buf
[
s
->
s3
->
rbuf
.
offset
]),
newb
);
s
->
s3
->
rbuf
.
offset
=
0
;
}
s
->
s3
->
rbuf
.
left
=
0
;
}
else
newb
=
0
;
if
(
!
s
->
read_ahead
)
max
=
n
;
/* So we now have 'newb' bytes at the front of
* s->s3->rbuf.buf and need to read some more in on the end
* We start reading into the buffer at 's->s3->rbuf.offset'
*/
s
->
packet
=
s
->
s3
->
rbuf
.
buf
;
{
/* avoid buffer overflow */
int
max_max
=
SSL3_RT_MAX_PACKET_SIZE
-
s
->
packet_length
;
if
(
s
->
options
&
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
)
max_max
+=
SSL3_RT_MAX_EXTRA
;
if
(
max
>
max_max
)
max
=
max_max
;
}
off
=
s
->
packet_length
;
newb
=
s
->
s3
->
rbuf
.
left
;
/* Move any available bytes to front of buffer:
* 'off' bytes already pointed to by 'packet',
* 'newb' extra ones at the end */
if
(
s
->
packet
!=
s
->
s3
->
rbuf
.
buf
)
{
/* off > 0 */
memmove
(
s
->
s3
->
rbuf
.
buf
,
s
->
packet
,
off
+
newb
);
s
->
packet
=
s
->
s3
->
rbuf
.
buf
;
}
while
(
newb
<
n
)
{
/* Now we have off+newb bytes at the front of s->s3->rbuf.buf and need
* to read in more until we have off+n (up to off+max if possible) */
clear_sys_error
();
if
(
s
->
rbio
!=
NULL
)
{
s
->
rwstate
=
SSL_READING
;
i
=
BIO_read
(
s
->
rbio
,
(
char
*
)
&
(
s
->
s3
->
rbuf
.
buf
[
off
+
newb
]),
max
-
newb
);
i
=
BIO_read
(
s
->
rbio
,
&
(
s
->
s3
->
rbuf
.
buf
[
off
+
newb
]),
max
-
newb
);
}
else
{
SSLerr
(
SSL_F_SSL3_READ_N
,
SSL_R_READ_BIO_NOT_SET
);
i
=
-
1
;
i
=
-
1
;
}
if
(
i
<=
0
)
{
s
->
s3
->
rbuf
.
left
+=
newb
;
s
->
s3
->
rbuf
.
left
=
newb
;
return
(
i
);
}
newb
+=
i
;
}
/* record used data read */
if
(
newb
>
n
)
{
s
->
s3
->
rbuf
.
offset
=
n
+
off
;
s
->
s3
->
rbuf
.
left
=
newb
-
n
;
}
else
{
s
->
s3
->
rbuf
.
offset
=
0
;
s
->
s3
->
rbuf
.
left
=
0
;
}
if
(
extend
)
s
->
packet_length
+=
n
;
else
s
->
packet_length
+=
n
;
/* done reading, now the book-keeping */
s
->
s3
->
rbuf
.
offset
=
off
+
n
;
s
->
s3
->
rbuf
.
left
=
newb
-
n
;
s
->
packet_length
+=
n
;
return
(
n
);
}
...
...
@@ -176,8 +216,8 @@ static int ssl3_read_n(SSL *s, int n, int max, int extend)
* It will return <= 0 if more data is needed, normally due to an error
* or non-blocking IO.
* When it finishes, one packet has been decoded and can be found in
* ssl->s3->rrec.type
- is the type of record
* ssl->s3->rrec.data, - data
* ssl->s3->rrec.type
- is the type of record
* ssl->s3->rrec.data,
- data
* ssl->s3->rrec.length, - number of bytes
*/
static
int
ssl3_get_record
(
SSL
*
s
)
...
...
@@ -262,7 +302,6 @@ again:
if
(
rr
->
length
>
(
s
->
packet_length
-
SSL3_RT_HEADER_LENGTH
))
{
i
=
rr
->
length
;
/*-(s->packet_length-SSL3_RT_HEADER_LENGTH); */
n
=
ssl3_read_n
(
s
,
i
,
i
,
1
);
if
(
n
<=
0
)
return
(
n
);
/* error or non-blocking io */
}
...
...
@@ -645,7 +684,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
void
(
*
cb
)()
=
NULL
;
BIO
*
bio
;
if
(
s
->
s3
->
rbuf
.
buf
==
NULL
)
/* Not initialize yet */
if
(
s
->
s3
->
rbuf
.
buf
==
NULL
)
/* Not initialize
d
yet */
if
(
!
ssl3_setup_buffers
(
s
))
return
(
-
1
);
...
...
@@ -662,10 +701,10 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
start:
s
->
rwstate
=
SSL_NOTHING
;
/* s->s3->rrec.type - is the type of record
* s->s3->rrec.data,
- data
* s->s3->rrec.off,
- o
fset into 'data' for next read
* s->s3->rrec.length,
- number of bytes. */
/* s->s3->rrec.type
- is the type of record
* s->s3->rrec.data,
- data
* s->s3->rrec.off,
- of
fset into 'data' for next read
* s->s3->rrec.length,
- number of bytes. */
rr
=
&
(
s
->
s3
->
rrec
);
/* get new packet */
...
...
@@ -692,16 +731,16 @@ start:
return
(
0
);
}
/* Check for an incoming '
Client Request' message
*/
/* Check for an incoming '
Hello Request' message from client
*/
if
((
rr
->
type
==
SSL3_RT_HANDSHAKE
)
&&
(
rr
->
length
==
4
)
&&
(
rr
->
data
[
0
]
==
SSL3_MT_
CLIENT
_REQUEST
)
&&
(
rr
->
data
[
0
]
==
SSL3_MT_
HELLO
_REQUEST
)
&&
(
s
->
session
!=
NULL
)
&&
(
s
->
session
->
cipher
!=
NULL
))
{
if
((
rr
->
data
[
1
]
!=
0
)
||
(
rr
->
data
[
2
]
!=
0
)
||
(
rr
->
data
[
3
]
!=
0
))
{
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_SSL3_READ_BYTES
,
SSL_R_BAD_
CLIENT
_REQUEST
);
SSLerr
(
SSL_F_SSL3_READ_BYTES
,
SSL_R_BAD_
HELLO
_REQUEST
);
goto
err
;
}
...
...
@@ -1038,4 +1077,3 @@ int ssl3_dispatch_alert(SSL *s)
}
return
(
i
);
}
ssl/s3_srvr.c
浏览文件 @
c51ae173
...
...
@@ -503,7 +503,7 @@ static int ssl3_send_hello_request(SSL *s)
if
(
s
->
state
==
SSL3_ST_SW_HELLO_REQ_A
)
{
p
=
(
unsigned
char
*
)
s
->
init_buf
->
data
;
*
(
p
++
)
=
SSL3_MT_
CLIENT
_REQUEST
;
*
(
p
++
)
=
SSL3_MT_
HELLO
_REQUEST
;
*
(
p
++
)
=
0
;
*
(
p
++
)
=
0
;
*
(
p
++
)
=
0
;
...
...
ssl/ssl.h
浏览文件 @
c51ae173
...
...
@@ -441,7 +441,7 @@ struct ssl_ctx_st
/* get client cert callback */
/**/
int
(
*
client_cert_cb
)(
/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */
);
/* what we put in client requests */
/* what we put in client
cert
requests */
STACK_OF
(
X509_NAME
)
*
client_CA
;
/**/
int
quiet_shutdown
;
...
...
@@ -575,7 +575,8 @@ struct ssl_st
struct
ssl2_ctx_st
*
s2
;
/* SSLv2 variables */
struct
ssl3_ctx_st
*
s3
;
/* SSLv3 variables */
int
read_ahead
;
/* Read as many input bytes as possible */
int
read_ahead
;
/* Read as many input bytes as possible
* (for non-blocking reads) */
int
hit
;
/* reusing a previous session */
int
purpose
;
/* Purpose setting */
...
...
@@ -1310,7 +1311,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
#define SSL_R_BAD_AUTHENTICATION_TYPE 102
#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
#define SSL_R_BAD_CHECKSUM 104
#define SSL_R_BAD_
CLIENT_REQUEST
105
#define SSL_R_BAD_
HELLO_REQUEST
105
#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
#define SSL_R_BAD_DECOMPRESSION 107
#define SSL_R_BAD_DH_G_LENGTH 108
...
...
ssl/ssl3.h
浏览文件 @
c51ae173
...
...
@@ -158,22 +158,6 @@ extern "C" {
#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
#define SSL3_RT_MAX_DATA_SIZE (1024*1024)
/* the states that a SSL3_RECORD can be in
* For SSL_read it goes
* rbuf->ENCODED -> read
* ENCODED -> we need to decode everything - call decode_record
*/
#define SSL3_RS_BLANK 1
#define SSL3_RS_DATA
#define SSL3_RS_ENCODED 2
#define SSL3_RS_READ_MORE 3
#define SSL3_RS_WRITE_MORE
#define SSL3_RS_PLAIN 3
#define SSL3_RS_PART_READ 4
#define SSL3_RS_PART_WRITE 5
#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
...
...
@@ -205,7 +189,6 @@ extern "C" {
typedef
struct
ssl3_record_st
{
/*r */
int
type
;
/* type of record */
/* */
/*int state;*/
/* any data in it? */
/*rw*/
unsigned
int
length
;
/* How many bytes available */
/*r */
unsigned
int
off
;
/* read/write offset into 'buf' */
/*rw*/
unsigned
char
*
data
;
/* pointer to the record data */
...
...
@@ -215,11 +198,10 @@ typedef struct ssl3_record_st
typedef
struct
ssl3_buffer_st
{
/*r */
int
total
;
/* used in non-blocking writes */
/*r */
int
wanted
;
/* how many more bytes we need */
/*rw*/
int
left
;
/* how many bytes left */
/*rw*/
int
offset
;
/* where to 'copy from' */
/*rw*/
unsigned
char
*
buf
;
/* SSL3_RT_MAX_PACKET_SIZE bytes */
unsigned
char
*
buf
;
/* SSL3_RT_MAX_PACKET_SIZE bytes (more if
* SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER is set) */
int
offset
;
/* where to 'copy from' */
int
left
;
/* how many bytes left */
}
SSL3_BUFFER
;
#define SSL3_CT_RSA_SIGN 1
...
...
@@ -436,7 +418,7 @@ typedef struct ssl3_ctx_st
#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT)
#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT)
#define SSL3_MT_
CLIENT
_REQUEST 0
#define SSL3_MT_
HELLO
_REQUEST 0
#define SSL3_MT_CLIENT_HELLO 1
#define SSL3_MT_SERVER_HELLO 2
#define SSL3_MT_CERTIFICATE 11
...
...
ssl/ssl_err.c
浏览文件 @
c51ae173
...
...
@@ -205,7 +205,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{
SSL_R_BAD_AUTHENTICATION_TYPE
,
"bad authentication type"
},
{
SSL_R_BAD_CHANGE_CIPHER_SPEC
,
"bad change cipher spec"
},
{
SSL_R_BAD_CHECKSUM
,
"bad checksum"
},
{
SSL_R_BAD_
CLIENT_REQUEST
,
"bad client
request"
},
{
SSL_R_BAD_
HELLO_REQUEST
,
"bad hello
request"
},
{
SSL_R_BAD_DATA_RETURNED_BY_CALLBACK
,
"bad data returned by callback"
},
{
SSL_R_BAD_DECOMPRESSION
,
"bad decompression"
},
{
SSL_R_BAD_DH_G_LENGTH
,
"bad dh g length"
},
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录