Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
c6c2e313
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
c6c2e313
编写于
19年前
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled
with the SSL_OP_NO_SSLv2 option.
上级
4b26fe30
变更
8
隐藏空白更改
内联
并排
Showing
8 changed file
with
182 addition
and
65 deletion
+182
-65
CHANGES
CHANGES
+8
-1
ssl/d1_clnt.c
ssl/d1_clnt.c
+1
-1
ssl/s23_clnt.c
ssl/s23_clnt.c
+164
-57
ssl/s2_clnt.c
ssl/s2_clnt.c
+1
-1
ssl/s2_srvr.c
ssl/s2_srvr.c
+1
-1
ssl/s3_clnt.c
ssl/s3_clnt.c
+1
-1
ssl/ssl_lib.c
ssl/ssl_lib.c
+4
-2
ssl/ssl_locl.h
ssl/ssl_locl.h
+2
-1
未找到文件。
CHANGES
浏览文件 @
c6c2e313
...
...
@@ -2,7 +2,7 @@
OpenSSL CHANGES
_______________
Changes between 0.9.7
g
and 0.9.8 [xx XXX xxxx]
Changes between 0.9.7
h
and 0.9.8 [xx XXX xxxx]
*) Add new functionality to the bn blinding code:
- automatic re-creation of the BN_BLINDING parameters after
...
...
@@ -794,6 +794,13 @@
Changes between 0.9.7g and 0.9.7h [XX xxx XXXX]
*) Change the client implementation for SSLv23_method() and
SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0
Client Hello message format if the SSL_OP_NO_SSLv2 option is set.
(Previously, the SSL 2.0 backwards compatible Client Hello
message format would be used even with SSL_OP_NO_SSLv2.)
[Bodo Moeller]
*) Add support for smime-type MIME parameter in S/MIME messages which some
clients need.
[Steve Henson]
...
...
This diff is collapsed.
Click to expand it.
ssl/d1_clnt.c
浏览文件 @
c6c2e313
...
...
@@ -597,7 +597,7 @@ int dtls1_client_hello(SSL *s)
p
+=
s
->
d1
->
cookie_len
;
/* Ciphers supported */
i
=
ssl_cipher_list_to_bytes
(
s
,
SSL_get_ciphers
(
s
),
&
(
p
[
2
]));
i
=
ssl_cipher_list_to_bytes
(
s
,
SSL_get_ciphers
(
s
),
&
(
p
[
2
])
,
0
);
if
(
i
==
0
)
{
SSLerr
(
SSL_F_DTLS1_CLIENT_HELLO
,
SSL_R_NO_CIPHERS_AVAILABLE
);
...
...
This diff is collapsed.
Click to expand it.
ssl/s23_clnt.c
浏览文件 @
c6c2e313
...
...
@@ -220,9 +220,28 @@ static int ssl23_client_hello(SSL *s)
{
unsigned
char
*
buf
;
unsigned
char
*
p
,
*
d
;
int
i
,
ch_len
;
int
i
,
j
,
ch_len
;
unsigned
long
Time
,
l
;
int
ssl2_compat
;
int
version
=
0
,
version_major
,
version_minor
;
SSL_COMP
*
comp
;
int
ret
;
ssl2_compat
=
(
s
->
options
&
SSL_OP_NO_SSLv2
)
?
0
:
1
;
if
(
!
(
s
->
options
&
SSL_OP_NO_TLSv1
))
{
version
=
TLS1_VERSION
;
}
else
if
(
!
(
s
->
options
&
SSL_OP_NO_SSLv3
))
{
version
=
SSL3_VERSION
;
}
else
if
(
!
(
s
->
options
&
SSL_OP_NO_SSLv2
))
{
version
=
SSL2_VERSION
;
}
buf
=
(
unsigned
char
*
)
s
->
init_buf
->
data
;
if
(
s
->
state
==
SSL23_ST_CW_CLNT_HELLO_A
)
{
...
...
@@ -235,31 +254,25 @@ static int ssl23_client_hello(SSL *s)
#endif
p
=
s
->
s3
->
client_random
;
if
(
RAND_pseudo_bytes
(
p
,
SSL3_RANDOM_SIZE
)
<=
0
)
Time
=
time
(
NULL
);
/* Time */
l2n
(
Time
,
p
);
if
(
RAND_pseudo_bytes
(
p
,
SSL3_RANDOM_SIZE
-
4
)
<=
0
)
return
-
1
;
/* Do the message type and length last */
d
=
&
(
buf
[
2
]);
p
=
d
+
9
;
*
(
d
++
)
=
SSL2_MT_CLIENT_HELLO
;
if
(
!
(
s
->
options
&
SSL_OP_NO_TLSv1
))
if
(
version
==
TLS1_VERSION
)
{
*
(
d
++
)
=
TLS1_VERSION_MAJOR
;
*
(
d
++
)
=
TLS1_VERSION_MINOR
;
s
->
client_version
=
TLS1_VERSION
;
version_major
=
TLS1_VERSION_MAJOR
;
version_minor
=
TLS1_VERSION_MINOR
;
}
else
if
(
!
(
s
->
options
&
SSL_OP_NO_SSLv3
)
)
else
if
(
version
==
SSL3_VERSION
)
{
*
(
d
++
)
=
SSL3_VERSION_MAJOR
;
*
(
d
++
)
=
SSL3_VERSION_MINOR
;
s
->
client_version
=
SSL3_VERSION
;
version_major
=
SSL3_VERSION_MAJOR
;
version_minor
=
SSL3_VERSION_MINOR
;
}
else
if
(
!
(
s
->
options
&
SSL_OP_NO_SSLv2
)
)
else
if
(
version
==
SSL2_VERSION
)
{
*
(
d
++
)
=
SSL2_VERSION_MAJOR
;
*
(
d
++
)
=
SSL2_VERSION_MINOR
;
s
->
client_version
=
SSL2_VERSION
;
version_major
=
SSL2_VERSION_MAJOR
;
version_minor
=
SSL2_VERSION_MINOR
;
}
else
{
...
...
@@ -267,59 +280,153 @@ static int ssl23_client_hello(SSL *s)
return
(
-
1
);
}
/* Ciphers supported */
i
=
ssl_cipher_list_to_bytes
(
s
,
SSL_get_ciphers
(
s
),
p
);
if
(
i
==
0
)
s
->
client_version
=
version
;
if
(
ssl2_compat
)
{
/* no ciphers */
SSLerr
(
SSL_F_SSL23_CLIENT_HELLO
,
SSL_R_NO_CIPHERS_AVAILABLE
);
return
(
-
1
);
}
s2n
(
i
,
d
);
p
+=
i
;
/* create SSL 2.0 compatible Client Hello */
/* put in the session-id, zero since there is no
* reuse. */
/* two byte record header will be written last */
d
=
&
(
buf
[
2
]);
p
=
d
+
9
;
/* leave space for message type, version, individual length fields */
*
(
d
++
)
=
SSL2_MT_CLIENT_HELLO
;
*
(
d
++
)
=
version_major
;
*
(
d
++
)
=
version_minor
;
/* Ciphers supported */
i
=
ssl_cipher_list_to_bytes
(
s
,
SSL_get_ciphers
(
s
),
p
,
0
);
if
(
i
==
0
)
{
/* no ciphers */
SSLerr
(
SSL_F_SSL23_CLIENT_HELLO
,
SSL_R_NO_CIPHERS_AVAILABLE
);
return
-
1
;
}
s2n
(
i
,
d
);
p
+=
i
;
/* put in the session-id length (zero since there is no reuse) */
#if 0
s->session->session_id_length=0;
s->session->session_id_length=0;
#endif
s2n
(
0
,
d
);
if
(
s
->
options
&
SSL_OP_NETSCAPE_CHALLENGE_BUG
)
ch_len
=
SSL2_CHALLENGE_LENGTH
;
s2n
(
0
,
d
);
if
(
s
->
options
&
SSL_OP_NETSCAPE_CHALLENGE_BUG
)
ch_len
=
SSL2_CHALLENGE_LENGTH
;
else
ch_len
=
SSL2_MAX_CHALLENGE_LENGTH
;
/* write out sslv2 challenge */
if
(
SSL3_RANDOM_SIZE
<
ch_len
)
i
=
SSL3_RANDOM_SIZE
;
else
i
=
ch_len
;
s2n
(
i
,
d
);
memset
(
&
(
s
->
s3
->
client_random
[
0
]),
0
,
SSL3_RANDOM_SIZE
);
if
(
RAND_pseudo_bytes
(
&
(
s
->
s3
->
client_random
[
SSL3_RANDOM_SIZE
-
i
]),
i
)
<=
0
)
return
-
1
;
memcpy
(
p
,
&
(
s
->
s3
->
client_random
[
SSL3_RANDOM_SIZE
-
i
]),
i
);
p
+=
i
;
i
=
p
-
&
(
buf
[
2
]);
buf
[
0
]
=
((
i
>>
8
)
&
0xff
)
|
0x80
;
buf
[
1
]
=
(
i
&
0xff
);
/* number of bytes to write */
s
->
init_num
=
i
+
2
;
s
->
init_off
=
0
;
ssl3_finish_mac
(
s
,
&
(
buf
[
2
]),
i
);
}
else
ch_len
=
SSL2_MAX_CHALLENGE_LENGTH
;
{
/* create Client Hello in SSL 3.0/TLS 1.0 format */
/* write out sslv2 challenge */
if
(
SSL3_RANDOM_SIZE
<
ch_len
)
i
=
SSL3_RANDOM_SIZE
;
else
i
=
ch_len
;
s2n
(
i
,
d
);
memset
(
&
(
s
->
s3
->
client_random
[
0
]),
0
,
SSL3_RANDOM_SIZE
);
if
(
RAND_pseudo_bytes
(
&
(
s
->
s3
->
client_random
[
SSL3_RANDOM_SIZE
-
i
]),
i
)
<=
0
)
return
-
1
;
/* do the record header (5 bytes) and handshake message header (4 bytes) last */
d
=
p
=
&
(
buf
[
9
]);
*
(
p
++
)
=
version_major
;
*
(
p
++
)
=
version_minor
;
/* Random stuff */
memcpy
(
p
,
s
->
s3
->
client_random
,
SSL3_RANDOM_SIZE
);
p
+=
SSL3_RANDOM_SIZE
;
/* Session ID (zero since there is no reuse) */
*
(
p
++
)
=
0
;
/* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
i
=
ssl_cipher_list_to_bytes
(
s
,
SSL_get_ciphers
(
s
),
&
(
p
[
2
]),
ssl3_put_cipher_by_char
);
if
(
i
==
0
)
{
SSLerr
(
SSL_F_SSL23_CLIENT_HELLO
,
SSL_R_NO_CIPHERS_AVAILABLE
);
return
-
1
;
}
s2n
(
i
,
p
);
p
+=
i
;
/* COMPRESSION */
if
(
s
->
ctx
->
comp_methods
==
NULL
)
j
=
0
;
else
j
=
sk_SSL_COMP_num
(
s
->
ctx
->
comp_methods
);
*
(
p
++
)
=
1
+
j
;
for
(
i
=
0
;
i
<
j
;
i
++
)
{
comp
=
sk_SSL_COMP_value
(
s
->
ctx
->
comp_methods
,
i
);
*
(
p
++
)
=
comp
->
id
;
}
*
(
p
++
)
=
0
;
/* Add the NULL method */
l
=
p
-
d
;
*
p
=
42
;
memcpy
(
p
,
&
(
s
->
s3
->
client_random
[
SSL3_RANDOM_SIZE
-
i
]),
i
);
p
+=
i
;
/* fill in 4-byte handshake header */
d
=&
(
buf
[
5
]);
*
(
d
++
)
=
SSL3_MT_CLIENT_HELLO
;
l2n3
(
l
,
d
);
i
=
p
-
&
(
buf
[
2
]);
buf
[
0
]
=
((
i
>>
8
)
&
0xff
)
|
0x80
;
buf
[
1
]
=
(
i
&
0xff
);
l
+=
4
;
if
(
l
>
SSL3_RT_MAX_PLAIN_LENGTH
)
{
SSLerr
(
SSL_F_SSL23_CLIENT_HELLO
,
ERR_R_INTERNAL_ERROR
);
return
-
1
;
}
/* fill in 5-byte record header */
d
=
buf
;
*
(
d
++
)
=
SSL3_RT_HANDSHAKE
;
*
(
d
++
)
=
version_major
;
*
(
d
++
)
=
version_minor
;
/* arguably we should send the *lowest* suported version here
* (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */
s2n
((
int
)
l
,
d
);
/* number of bytes to write */
s
->
init_num
=
p
-
buf
;
s
->
init_off
=
0
;
ssl3_finish_mac
(
s
,
&
(
buf
[
5
]),
s
->
init_num
-
5
);
}
s
->
state
=
SSL23_ST_CW_CLNT_HELLO_B
;
/* number of bytes to write */
s
->
init_num
=
i
+
2
;
s
->
init_off
=
0
;
ssl3_finish_mac
(
s
,
&
(
buf
[
2
]),
i
);
}
/* SSL3_ST_CW_CLNT_HELLO_B */
ret
=
ssl23_write_bytes
(
s
);
if
(
ret
>=
2
)
if
(
s
->
msg_callback
)
s
->
msg_callback
(
1
,
SSL2_VERSION
,
0
,
s
->
init_buf
->
data
+
2
,
ret
-
2
,
s
,
s
->
msg_callback_arg
);
/* CLIENT-HELLO */
if
((
ret
>=
2
)
&&
s
->
msg_callback
)
{
/* Client Hello has been sent; tell msg_callback */
if
(
ssl2_compat
)
s
->
msg_callback
(
1
,
version
,
0
,
s
->
init_buf
->
data
+
2
,
ret
-
2
,
s
,
s
->
msg_callback_arg
);
else
s
->
msg_callback
(
1
,
version
,
SSL3_RT_HANDSHAKE
,
s
->
init_buf
->
data
+
5
,
ret
-
5
,
s
,
s
->
msg_callback_arg
);
}
return
ret
;
}
...
...
This diff is collapsed.
Click to expand it.
ssl/s2_clnt.c
浏览文件 @
c6c2e313
...
...
@@ -584,7 +584,7 @@ static int client_hello(SSL *s)
s2n
(
SSL2_VERSION
,
p
);
/* version */
n
=
j
=
0
;
n
=
ssl_cipher_list_to_bytes
(
s
,
SSL_get_ciphers
(
s
),
d
);
n
=
ssl_cipher_list_to_bytes
(
s
,
SSL_get_ciphers
(
s
),
d
,
0
);
d
+=
n
;
if
(
n
==
0
)
...
...
This diff is collapsed.
Click to expand it.
ssl/s2_srvr.c
浏览文件 @
c6c2e313
...
...
@@ -797,7 +797,7 @@ static int server_hello(SSL *s)
/* lets send out the ciphers we like in the
* prefered order */
sk
=
s
->
session
->
ciphers
;
n
=
ssl_cipher_list_to_bytes
(
s
,
s
->
session
->
ciphers
,
d
);
n
=
ssl_cipher_list_to_bytes
(
s
,
s
->
session
->
ciphers
,
d
,
0
);
d
+=
n
;
s2n
(
n
,
p
);
/* add cipher length */
}
...
...
This diff is collapsed.
Click to expand it.
ssl/s3_clnt.c
浏览文件 @
c6c2e313
...
...
@@ -584,7 +584,7 @@ int ssl3_client_hello(SSL *s)
}
/* Ciphers supported */
i
=
ssl_cipher_list_to_bytes
(
s
,
SSL_get_ciphers
(
s
),
&
(
p
[
2
]));
i
=
ssl_cipher_list_to_bytes
(
s
,
SSL_get_ciphers
(
s
),
&
(
p
[
2
])
,
0
);
if
(
i
==
0
)
{
SSLerr
(
SSL_F_SSL3_CLIENT_HELLO
,
SSL_R_NO_CIPHERS_AVAILABLE
);
...
...
This diff is collapsed.
Click to expand it.
ssl/ssl_lib.c
浏览文件 @
c6c2e313
...
...
@@ -1204,7 +1204,8 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
return
(
buf
);
}
int
ssl_cipher_list_to_bytes
(
SSL
*
s
,
STACK_OF
(
SSL_CIPHER
)
*
sk
,
unsigned
char
*
p
)
int
ssl_cipher_list_to_bytes
(
SSL
*
s
,
STACK_OF
(
SSL_CIPHER
)
*
sk
,
unsigned
char
*
p
,
int
(
*
put_cb
)(
const
SSL_CIPHER
*
,
unsigned
char
*
))
{
int
i
,
j
=
0
;
SSL_CIPHER
*
c
;
...
...
@@ -1223,7 +1224,8 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
if
((
c
->
algorithms
&
SSL_KRB5
)
&&
nokrb5
)
continue
;
#endif
/* OPENSSL_NO_KRB5 */
j
=
ssl_put_cipher_by_char
(
s
,
c
,
p
);
j
=
put_cb
?
put_cb
(
c
,
p
)
:
ssl_put_cipher_by_char
(
s
,
c
,
p
);
p
+=
j
;
}
return
(
p
-
q
);
...
...
This diff is collapsed.
Click to expand it.
ssl/ssl_locl.h
浏览文件 @
c6c2e313
...
...
@@ -527,7 +527,8 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
const
SSL_CIPHER
*
const
*
bp
);
STACK_OF
(
SSL_CIPHER
)
*
ssl_bytes_to_cipher_list
(
SSL
*
s
,
unsigned
char
*
p
,
int
num
,
STACK_OF
(
SSL_CIPHER
)
**
skp
);
int
ssl_cipher_list_to_bytes
(
SSL
*
s
,
STACK_OF
(
SSL_CIPHER
)
*
sk
,
unsigned
char
*
p
);
int
ssl_cipher_list_to_bytes
(
SSL
*
s
,
STACK_OF
(
SSL_CIPHER
)
*
sk
,
unsigned
char
*
p
,
int
(
*
put_cb
)(
const
SSL_CIPHER
*
,
unsigned
char
*
));
STACK_OF
(
SSL_CIPHER
)
*
ssl_create_cipher_list
(
const
SSL_METHOD
*
meth
,
STACK_OF
(
SSL_CIPHER
)
**
pref
,
STACK_OF
(
SSL_CIPHER
)
**
sorted
,
...
...
This diff is collapsed.
Click to expand it.
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录
新手
引导
客服
返回
顶部