Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
d139723b
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
d139723b
编写于
3月 02, 2016
作者:
K
Kurt Roeckx
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
session tickets: use more sizeof
Reviewed-by:
N
Matt Caswell
<
matt@openssl.org
>
MR: #2153
上级
05df5c20
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
23 addition
and
15 deletion
+23
-15
ssl/s3_lib.c
ssl/s3_lib.c
+2
-2
ssl/ssl_locl.h
ssl/ssl_locl.h
+3
-1
ssl/statem/statem_srvr.c
ssl/statem/statem_srvr.c
+18
-12
未找到文件。
ssl/s3_lib.c
浏览文件 @
d139723b
...
...
@@ -3396,8 +3396,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{
unsigned
char
*
keys
=
parg
;
long
tlsext_tick_keylen
=
(
sizeof
(
ctx
->
tlsext_tick_key_name
)
+
sizeof
(
ctx
->
tlsext_tick_hmac_key
)
+
(
ctx
->
tlsext_tick_aes_key
));
if
(
!
keys
)
sizeof
(
ctx
->
tlsext_tick_hmac_key
)
+
sizeof
(
ctx
->
tlsext_tick_aes_key
));
if
(
keys
==
NULL
)
return
tlsext_tick_keylen
;
if
(
larg
!=
tlsext_tick_keylen
)
{
SSLerr
(
SSL_F_SSL3_CTX_CTRL
,
SSL_R_INVALID_TICKET_KEYS_LENGTH
);
...
...
ssl/ssl_locl.h
浏览文件 @
d139723b
...
...
@@ -686,6 +686,8 @@ DEFINE_LHASH_OF(SSL_SESSION);
/* Needed in ssl_cert.c */
DEFINE_LHASH_OF
(
X509_NAME
);
#define TLSEXT_KEYNAME_LENGTH 16
struct
ssl_ctx_st
{
const
SSL_METHOD
*
method
;
STACK_OF
(
SSL_CIPHER
)
*
cipher_list
;
...
...
@@ -857,7 +859,7 @@ struct ssl_ctx_st {
int
(
*
tlsext_servername_callback
)
(
SSL
*
,
int
*
,
void
*
);
void
*
tlsext_servername_arg
;
/* RFC 4507 session ticket keys */
unsigned
char
tlsext_tick_key_name
[
16
];
unsigned
char
tlsext_tick_key_name
[
TLSEXT_KEYNAME_LENGTH
];
unsigned
char
tlsext_tick_hmac_key
[
32
];
unsigned
char
tlsext_tick_aes_key
[
32
];
/* Callback to support customisation of ticket key setting */
...
...
ssl/statem/statem_srvr.c
浏览文件 @
d139723b
...
...
@@ -2978,7 +2978,8 @@ int tls_construct_new_session_ticket(SSL *s)
unsigned
int
hlen
;
SSL_CTX
*
tctx
=
s
->
initial_ctx
;
unsigned
char
iv
[
EVP_MAX_IV_LENGTH
];
unsigned
char
key_name
[
16
];
unsigned
char
key_name
[
TLSEXT_KEYNAME_LENGTH
];
int
iv_len
;
/* get session encoding length */
slen_full
=
i2d_SSL_SESSION
(
s
->
session
,
NULL
);
...
...
@@ -3028,13 +3029,14 @@ int tls_construct_new_session_ticket(SSL *s)
* Grow buffer if need be: the length calculation is as
* follows handshake_header_length +
* 4 (ticket lifetime hint) + 2 (ticket length) +
*
16 (key
name) + max_iv_len (iv length) +
*
session_length + max_enc_block_size (max encrypted session
*
length) + max_md_size (HMAC)
.
*
sizeof(key
name) + max_iv_len (iv length) +
*
max_enc_block_size (max encrypted session * length) +
*
max_md_size (HMAC) + session_length
.
*/
if
(
!
BUF_MEM_grow
(
s
->
init_buf
,
SSL_HM_HEADER_LENGTH
(
s
)
+
22
+
EVP_MAX_IV_LENGTH
+
EVP_MAX_BLOCK_LENGTH
+
EVP_MAX_MD_SIZE
+
slen
))
SSL_HM_HEADER_LENGTH
(
s
)
+
6
+
sizeof
(
key_name
)
+
EVP_MAX_IV_LENGTH
+
EVP_MAX_BLOCK_LENGTH
+
EVP_MAX_MD_SIZE
+
slen
))
goto
err
;
p
=
ssl_handshake_start
(
s
);
...
...
@@ -3045,10 +3047,14 @@ int tls_construct_new_session_ticket(SSL *s)
if
(
tctx
->
tlsext_ticket_key_cb
)
{
if
(
tctx
->
tlsext_ticket_key_cb
(
s
,
key_name
,
iv
,
ctx
,
hctx
,
1
)
<
0
)
goto
err
;
iv_len
=
EVP_CIPHER_CTX_iv_length
(
ctx
);
}
else
{
if
(
RAND_bytes
(
iv
,
16
)
<=
0
)
const
EVP_CIPHER
*
cipher
=
EVP_aes_256_cbc
();
iv_len
=
EVP_CIPHER_iv_length
(
cipher
);
if
(
RAND_bytes
(
iv
,
iv_len
)
<=
0
)
goto
err
;
if
(
!
EVP_EncryptInit_ex
(
ctx
,
EVP_aes_256_cbc
()
,
NULL
,
if
(
!
EVP_EncryptInit_ex
(
ctx
,
cipher
,
NULL
,
tctx
->
tlsext_tick_aes_key
,
iv
))
goto
err
;
if
(
!
HMAC_Init_ex
(
hctx
,
tctx
->
tlsext_tick_hmac_key
,
...
...
@@ -3070,11 +3076,11 @@ int tls_construct_new_session_ticket(SSL *s)
p
+=
2
;
/* Output key name */
macstart
=
p
;
memcpy
(
p
,
key_name
,
16
);
p
+=
16
;
memcpy
(
p
,
key_name
,
sizeof
(
key_name
)
);
p
+=
sizeof
(
key_name
)
;
/* output IV */
memcpy
(
p
,
iv
,
EVP_CIPHER_CTX_iv_length
(
ctx
)
);
p
+=
EVP_CIPHER_CTX_iv_length
(
ctx
)
;
memcpy
(
p
,
iv
,
iv_len
);
p
+=
iv_len
;
/* Encrypt session data */
if
(
!
EVP_EncryptUpdate
(
ctx
,
p
,
&
len
,
senc
,
slen
))
goto
err
;
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录