Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
d18b716d
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
d18b716d
编写于
7月 24, 2012
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
check EC tmp key matches preferences
上级
1e4cb467
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
37 addition
and
3 deletion
+37
-3
CHANGES
CHANGES
+3
-0
ssl/s3_clnt.c
ssl/s3_clnt.c
+11
-3
ssl/ssl.h
ssl/ssl.h
+1
-0
ssl/ssl_err.c
ssl/ssl_err.c
+1
-0
ssl/ssl_locl.h
ssl/ssl_locl.h
+1
-0
ssl/t1_lib.c
ssl/t1_lib.c
+20
-0
未找到文件。
CHANGES
浏览文件 @
d18b716d
...
...
@@ -4,6 +4,9 @@
Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
*) If server EC tmp key is not in client preference list abort handshake.
[Steve Henson]
*) Add support for certificate stores in CERT structure. This makes it
possible to have different stores per SSL structure or one store in
the parent SSL_CTX. Include distint stores for certificate chain
...
...
ssl/s3_clnt.c
浏览文件 @
d18b716d
...
...
@@ -1647,9 +1647,17 @@ int ssl3_get_key_exchange(SSL *s)
* and the ECParameters in this case is just three bytes.
*/
param_len
=
3
;
if
((
param_len
>
n
)
||
(
*
p
!=
NAMED_CURVE_TYPE
)
||
((
curve_nid
=
tls1_ec_curve_id2nid
(
*
(
p
+
2
)))
==
0
))
/* Check curve is one of our prefrences, if not server has
* sent an invalid curve.
*/
if
(
!
tls1_check_curve
(
s
,
p
,
param_len
))
{
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_WRONG_CURVE
);
goto
f_err
;
}
if
((
curve_nid
=
tls1_ec_curve_id2nid
(
*
(
p
+
2
)))
==
0
)
{
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS
);
...
...
ssl/ssl.h
浏览文件 @
d18b716d
...
...
@@ -2764,6 +2764,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_USE_SRTP_NOT_NEGOTIATED 369
#define SSL_R_WRITE_BIO_NOT_SET 260
#define SSL_R_WRONG_CIPHER_RETURNED 261
#define SSL_R_WRONG_CURVE 378
#define SSL_R_WRONG_MESSAGE_TYPE 262
#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
#define SSL_R_WRONG_SIGNATURE_LENGTH 264
...
...
ssl/ssl_err.c
浏览文件 @
d18b716d
...
...
@@ -603,6 +603,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{
ERR_REASON
(
SSL_R_USE_SRTP_NOT_NEGOTIATED
),
"use srtp not negotiated"
},
{
ERR_REASON
(
SSL_R_WRITE_BIO_NOT_SET
)
,
"write bio not set"
},
{
ERR_REASON
(
SSL_R_WRONG_CIPHER_RETURNED
)
,
"wrong cipher returned"
},
{
ERR_REASON
(
SSL_R_WRONG_CURVE
)
,
"wrong curve"
},
{
ERR_REASON
(
SSL_R_WRONG_MESSAGE_TYPE
)
,
"wrong message type"
},
{
ERR_REASON
(
SSL_R_WRONG_NUMBER_OF_KEY_BITS
),
"wrong number of key bits"
},
{
ERR_REASON
(
SSL_R_WRONG_SIGNATURE_LENGTH
),
"wrong signature length"
},
...
...
ssl/ssl_locl.h
浏览文件 @
d18b716d
...
...
@@ -1186,6 +1186,7 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
#ifndef OPENSSL_NO_EC
int
tls1_ec_curve_id2nid
(
int
curve_id
);
int
tls1_ec_nid2curve_id
(
int
nid
);
int
tls1_check_curve
(
SSL
*
s
,
const
unsigned
char
*
p
,
size_t
len
);
int
tls1_shared_curve
(
SSL
*
s
,
int
nmatch
);
int
tls1_set_curves
(
unsigned
char
**
pext
,
size_t
*
pextlen
,
int
*
curves
,
size_t
ncurves
);
...
...
ssl/t1_lib.c
浏览文件 @
d18b716d
...
...
@@ -333,6 +333,21 @@ static void tls1_get_curvelist(SSL *s, int sess,
*
pcurveslen
=
sizeof
(
eccurves_default
);
}
}
/* Check a curve is one of our preferences */
int
tls1_check_curve
(
SSL
*
s
,
const
unsigned
char
*
p
,
size_t
len
)
{
const
unsigned
char
*
curves
;
size_t
curveslen
,
i
;
if
(
len
!=
3
||
p
[
0
]
!=
NAMED_CURVE_TYPE
)
return
0
;
tls1_get_curvelist
(
s
,
0
,
&
curves
,
&
curveslen
);
for
(
i
=
0
;
i
<
curveslen
;
i
+=
2
,
curves
+=
2
)
{
if
(
p
[
1
]
==
curves
[
0
]
&&
p
[
2
]
==
curves
[
1
])
return
1
;
}
return
0
;
}
/* Return nth shared curve. If nmatch == -1 return number of
* matches.
...
...
@@ -584,7 +599,12 @@ int tls1_check_ec_tmp_key(SSL *s)
}
if
(
!
tls1_set_ec_id
(
curve_id
,
NULL
,
ec
))
return
0
;
/* Set this to allow use of invalid curves for testing */
#if 0
return 1;
#else
return
tls1_check_ec_key
(
s
,
curve_id
,
NULL
);
#endif
}
#endif
/* OPENSSL_NO_EC */
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录