Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
ca3895f0
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
ca3895f0
编写于
3月 08, 2016
作者:
K
Kurt Roeckx
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Move disabling of RC4 for DTLS to the cipher list.
Reviewed-by:
N
Viktor Dukhovni
<
viktor@openssl.org
>
MR: #1595
上级
82478521
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
35 addition
and
46 deletion
+35
-46
ssl/d1_lib.c
ssl/d1_lib.c
+0
-19
ssl/s3_lib.c
ssl/s3_lib.c
+10
-10
ssl/ssl_ciph.c
ssl/ssl_ciph.c
+24
-15
ssl/ssl_locl.h
ssl/ssl_locl.h
+1
-2
未找到文件。
ssl/d1_lib.c
浏览文件 @
ca3895f0
...
...
@@ -274,25 +274,6 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
return
(
ret
);
}
/*
* As it's impossible to use stream ciphers in "datagram" mode, this
* simple filter is designed to disengage them in DTLS. Unfortunately
* there is no universal way to identify stream SSL_CIPHER, so we have
* to explicitly list their SSL_* codes. Currently RC4 is the only one
* available, but if new ones emerge, they will have to be added...
*/
const
SSL_CIPHER
*
dtls1_get_cipher
(
unsigned
int
u
)
{
const
SSL_CIPHER
*
ciph
=
ssl3_get_cipher
(
u
);
if
(
ciph
!=
NULL
)
{
if
(
ciph
->
algorithm_enc
==
SSL_RC4
)
return
NULL
;
}
return
ciph
;
}
void
dtls1_start_timer
(
SSL
*
s
)
{
#ifndef OPENSSL_NO_SCTP
...
...
ssl/s3_lib.c
浏览文件 @
ca3895f0
...
...
@@ -207,7 +207,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_RC4
,
SSL_MD5
,
SSL3_VERSION
,
TLS1_2_VERSION
,
DTLS1_VERSION
,
DTLS1_2_VERSION
,
0
,
0
,
SSL_NOT_DEFAULT
|
SSL_MEDIUM
,
SSL_HANDSHAKE_MAC_DEFAULT
|
TLS1_PRF
,
128
,
...
...
@@ -224,7 +224,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_RC4
,
SSL_SHA1
,
SSL3_VERSION
,
TLS1_2_VERSION
,
DTLS1_VERSION
,
DTLS1_2_VERSION
,
0
,
0
,
SSL_NOT_DEFAULT
|
SSL_MEDIUM
,
SSL_HANDSHAKE_MAC_DEFAULT
|
TLS1_PRF
,
128
,
...
...
@@ -313,7 +313,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_RC4
,
SSL_MD5
,
SSL3_VERSION
,
TLS1_2_VERSION
,
DTLS1_VERSION
,
DTLS1_2_VERSION
,
0
,
0
,
SSL_NOT_DEFAULT
|
SSL_MEDIUM
,
SSL_HANDSHAKE_MAC_DEFAULT
|
TLS1_PRF
,
128
,
...
...
@@ -867,7 +867,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_RC4
,
SSL_SHA1
,
SSL3_VERSION
,
TLS1_2_VERSION
,
DTLS1_VERSION
,
DTLS1_2_VERSION
,
0
,
0
,
SSL_NOT_DEFAULT
|
SSL_MEDIUM
,
SSL_HANDSHAKE_MAC_DEFAULT
|
TLS1_PRF
,
128
,
...
...
@@ -937,7 +937,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_RC4
,
SSL_SHA1
,
SSL3_VERSION
,
TLS1_2_VERSION
,
DTLS1_VERSION
,
DTLS1_2_VERSION
,
0
,
0
,
SSL_NOT_DEFAULT
|
SSL_MEDIUM
,
SSL_HANDSHAKE_MAC_DEFAULT
|
TLS1_PRF
,
128
,
...
...
@@ -1007,7 +1007,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_RC4
,
SSL_SHA1
,
SSL3_VERSION
,
TLS1_2_VERSION
,
DTLS1_VERSION
,
DTLS1_2_VERSION
,
0
,
0
,
SSL_NOT_DEFAULT
|
SSL_MEDIUM
,
SSL_HANDSHAKE_MAC_DEFAULT
|
TLS1_PRF
,
128
,
...
...
@@ -1757,7 +1757,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_RC4
,
SSL_SHA1
,
SSL3_VERSION
,
TLS1_2_VERSION
,
DTLS1_VERSION
,
DTLS1_2_VERSION
,
0
,
0
,
SSL_NOT_DEFAULT
|
SSL_MEDIUM
,
SSL_HANDSHAKE_MAC_DEFAULT
|
TLS1_PRF
,
128
,
...
...
@@ -1844,7 +1844,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_RC4
,
SSL_SHA1
,
SSL3_VERSION
,
TLS1_2_VERSION
,
DTLS1_VERSION
,
DTLS1_2_VERSION
,
0
,
0
,
SSL_NOT_DEFAULT
|
SSL_MEDIUM
,
SSL_HANDSHAKE_MAC_DEFAULT
|
TLS1_PRF
,
128
,
...
...
@@ -1931,7 +1931,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_RC4
,
SSL_SHA1
,
SSL3_VERSION
,
TLS1_2_VERSION
,
DTLS1_VERSION
,
DTLS1_2_VERSION
,
0
,
0
,
SSL_NOT_DEFAULT
|
SSL_MEDIUM
,
SSL_HANDSHAKE_MAC_DEFAULT
|
TLS1_PRF
,
128
,
...
...
@@ -2300,7 +2300,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_RC4
,
SSL_SHA1
,
SSL3_VERSION
,
TLS1_2_VERSION
,
DTLS1_VERSION
,
DTLS1_2_VERSION
,
0
,
0
,
SSL_NOT_DEFAULT
|
SSL_MEDIUM
,
SSL_HANDSHAKE_MAC_DEFAULT
|
TLS1_PRF
,
128
,
...
...
ssl/ssl_ciph.c
浏览文件 @
ca3895f0
...
...
@@ -787,21 +787,30 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
for
(
i
=
0
;
i
<
num_of_ciphers
;
i
++
)
{
c
=
ssl_method
->
get_cipher
(
i
);
/* drop those that use any of that is not available */
if
((
c
!=
NULL
)
&&
c
->
valid
&&
(
!
FIPS_mode
()
||
(
c
->
algo_strength
&
SSL_FIPS
))
&&
!
(
c
->
algorithm_mkey
&
disabled_mkey
)
&&
!
(
c
->
algorithm_auth
&
disabled_auth
)
&&
!
(
c
->
algorithm_enc
&
disabled_enc
)
&&
!
(
c
->
algorithm_mac
&
disabled_mac
))
{
co_list
[
co_list_num
].
cipher
=
c
;
co_list
[
co_list_num
].
next
=
NULL
;
co_list
[
co_list_num
].
prev
=
NULL
;
co_list
[
co_list_num
].
active
=
0
;
co_list_num
++
;
/*
* if (!sk_push(ca_list,(char *)c)) goto err;
*/
}
if
(
c
==
NULL
||
!
c
->
valid
)
continue
;
if
(
FIPS_mode
()
&&
(
c
->
algo_strength
&
SSL_FIPS
))
continue
;
if
((
c
->
algorithm_mkey
&
disabled_mkey
)
||
(
c
->
algorithm_auth
&
disabled_auth
)
||
(
c
->
algorithm_enc
&
disabled_enc
)
||
(
c
->
algorithm_mac
&
disabled_mac
))
continue
;
if
(((
ssl_method
->
ssl3_enc
->
enc_flags
&
SSL_ENC_FLAG_DTLS
)
==
0
)
&&
c
->
min_tls
==
0
)
continue
;
if
(((
ssl_method
->
ssl3_enc
->
enc_flags
&
SSL_ENC_FLAG_DTLS
)
!=
0
)
&&
c
->
min_dtls
==
0
)
continue
;
co_list
[
co_list_num
].
cipher
=
c
;
co_list
[
co_list_num
].
next
=
NULL
;
co_list
[
co_list_num
].
prev
=
NULL
;
co_list
[
co_list_num
].
active
=
0
;
co_list_num
++
;
/*
* if (!sk_push(ca_list,(char *)c)) goto err;
*/
}
/*
...
...
ssl/ssl_locl.h
浏览文件 @
ca3895f0
...
...
@@ -1854,7 +1854,7 @@ const SSL_METHOD *func_name(void) \
ssl3_put_cipher_by_char, \
ssl3_pending, \
ssl3_num_ciphers, \
dtls1
_get_cipher, \
ssl3
_get_cipher, \
s_get_meth, \
dtls1_default_timeout, \
&enc_data, \
...
...
@@ -2013,7 +2013,6 @@ __owur long dtls1_default_timeout(void);
__owur
struct
timeval
*
dtls1_get_timeout
(
SSL
*
s
,
struct
timeval
*
timeleft
);
__owur
int
dtls1_check_timeout_num
(
SSL
*
s
);
__owur
int
dtls1_handle_timeout
(
SSL
*
s
);
__owur
const
SSL_CIPHER
*
dtls1_get_cipher
(
unsigned
int
u
);
void
dtls1_start_timer
(
SSL
*
s
);
void
dtls1_stop_timer
(
SSL
*
s
);
__owur
int
dtls1_is_timer_expired
(
SSL
*
s
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录