Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
d18b716d
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
d18b716d
编写于
7月 24, 2012
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
check EC tmp key matches preferences
上级
1e4cb467
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
37 addition
and
3 deletion
+37
-3
CHANGES
CHANGES
+3
-0
ssl/s3_clnt.c
ssl/s3_clnt.c
+11
-3
ssl/ssl.h
ssl/ssl.h
+1
-0
ssl/ssl_err.c
ssl/ssl_err.c
+1
-0
ssl/ssl_locl.h
ssl/ssl_locl.h
+1
-0
ssl/t1_lib.c
ssl/t1_lib.c
+20
-0
未找到文件。
CHANGES
浏览文件 @
d18b716d
...
@@ -4,6 +4,9 @@
...
@@ -4,6 +4,9 @@
Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
*) If server EC tmp key is not in client preference list abort handshake.
[Steve Henson]
*) Add support for certificate stores in CERT structure. This makes it
*) Add support for certificate stores in CERT structure. This makes it
possible to have different stores per SSL structure or one store in
possible to have different stores per SSL structure or one store in
the parent SSL_CTX. Include distint stores for certificate chain
the parent SSL_CTX. Include distint stores for certificate chain
...
...
ssl/s3_clnt.c
浏览文件 @
d18b716d
...
@@ -1647,9 +1647,17 @@ int ssl3_get_key_exchange(SSL *s)
...
@@ -1647,9 +1647,17 @@ int ssl3_get_key_exchange(SSL *s)
* and the ECParameters in this case is just three bytes.
* and the ECParameters in this case is just three bytes.
*/
*/
param_len
=
3
;
param_len
=
3
;
if
((
param_len
>
n
)
||
/* Check curve is one of our prefrences, if not server has
(
*
p
!=
NAMED_CURVE_TYPE
)
||
* sent an invalid curve.
((
curve_nid
=
tls1_ec_curve_id2nid
(
*
(
p
+
2
)))
==
0
))
*/
if
(
!
tls1_check_curve
(
s
,
p
,
param_len
))
{
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_WRONG_CURVE
);
goto
f_err
;
}
if
((
curve_nid
=
tls1_ec_curve_id2nid
(
*
(
p
+
2
)))
==
0
)
{
{
al
=
SSL_AD_INTERNAL_ERROR
;
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS
);
SSLerr
(
SSL_F_SSL3_GET_KEY_EXCHANGE
,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS
);
...
...
ssl/ssl.h
浏览文件 @
d18b716d
...
@@ -2764,6 +2764,7 @@ void ERR_load_SSL_strings(void);
...
@@ -2764,6 +2764,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_USE_SRTP_NOT_NEGOTIATED 369
#define SSL_R_USE_SRTP_NOT_NEGOTIATED 369
#define SSL_R_WRITE_BIO_NOT_SET 260
#define SSL_R_WRITE_BIO_NOT_SET 260
#define SSL_R_WRONG_CIPHER_RETURNED 261
#define SSL_R_WRONG_CIPHER_RETURNED 261
#define SSL_R_WRONG_CURVE 378
#define SSL_R_WRONG_MESSAGE_TYPE 262
#define SSL_R_WRONG_MESSAGE_TYPE 262
#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
#define SSL_R_WRONG_SIGNATURE_LENGTH 264
#define SSL_R_WRONG_SIGNATURE_LENGTH 264
...
...
ssl/ssl_err.c
浏览文件 @
d18b716d
...
@@ -603,6 +603,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
...
@@ -603,6 +603,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{
ERR_REASON
(
SSL_R_USE_SRTP_NOT_NEGOTIATED
),
"use srtp not negotiated"
},
{
ERR_REASON
(
SSL_R_USE_SRTP_NOT_NEGOTIATED
),
"use srtp not negotiated"
},
{
ERR_REASON
(
SSL_R_WRITE_BIO_NOT_SET
)
,
"write bio not set"
},
{
ERR_REASON
(
SSL_R_WRITE_BIO_NOT_SET
)
,
"write bio not set"
},
{
ERR_REASON
(
SSL_R_WRONG_CIPHER_RETURNED
)
,
"wrong cipher returned"
},
{
ERR_REASON
(
SSL_R_WRONG_CIPHER_RETURNED
)
,
"wrong cipher returned"
},
{
ERR_REASON
(
SSL_R_WRONG_CURVE
)
,
"wrong curve"
},
{
ERR_REASON
(
SSL_R_WRONG_MESSAGE_TYPE
)
,
"wrong message type"
},
{
ERR_REASON
(
SSL_R_WRONG_MESSAGE_TYPE
)
,
"wrong message type"
},
{
ERR_REASON
(
SSL_R_WRONG_NUMBER_OF_KEY_BITS
),
"wrong number of key bits"
},
{
ERR_REASON
(
SSL_R_WRONG_NUMBER_OF_KEY_BITS
),
"wrong number of key bits"
},
{
ERR_REASON
(
SSL_R_WRONG_SIGNATURE_LENGTH
),
"wrong signature length"
},
{
ERR_REASON
(
SSL_R_WRONG_SIGNATURE_LENGTH
),
"wrong signature length"
},
...
...
ssl/ssl_locl.h
浏览文件 @
d18b716d
...
@@ -1186,6 +1186,7 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
...
@@ -1186,6 +1186,7 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
#ifndef OPENSSL_NO_EC
#ifndef OPENSSL_NO_EC
int
tls1_ec_curve_id2nid
(
int
curve_id
);
int
tls1_ec_curve_id2nid
(
int
curve_id
);
int
tls1_ec_nid2curve_id
(
int
nid
);
int
tls1_ec_nid2curve_id
(
int
nid
);
int
tls1_check_curve
(
SSL
*
s
,
const
unsigned
char
*
p
,
size_t
len
);
int
tls1_shared_curve
(
SSL
*
s
,
int
nmatch
);
int
tls1_shared_curve
(
SSL
*
s
,
int
nmatch
);
int
tls1_set_curves
(
unsigned
char
**
pext
,
size_t
*
pextlen
,
int
tls1_set_curves
(
unsigned
char
**
pext
,
size_t
*
pextlen
,
int
*
curves
,
size_t
ncurves
);
int
*
curves
,
size_t
ncurves
);
...
...
ssl/t1_lib.c
浏览文件 @
d18b716d
...
@@ -333,6 +333,21 @@ static void tls1_get_curvelist(SSL *s, int sess,
...
@@ -333,6 +333,21 @@ static void tls1_get_curvelist(SSL *s, int sess,
*
pcurveslen
=
sizeof
(
eccurves_default
);
*
pcurveslen
=
sizeof
(
eccurves_default
);
}
}
}
}
/* Check a curve is one of our preferences */
int
tls1_check_curve
(
SSL
*
s
,
const
unsigned
char
*
p
,
size_t
len
)
{
const
unsigned
char
*
curves
;
size_t
curveslen
,
i
;
if
(
len
!=
3
||
p
[
0
]
!=
NAMED_CURVE_TYPE
)
return
0
;
tls1_get_curvelist
(
s
,
0
,
&
curves
,
&
curveslen
);
for
(
i
=
0
;
i
<
curveslen
;
i
+=
2
,
curves
+=
2
)
{
if
(
p
[
1
]
==
curves
[
0
]
&&
p
[
2
]
==
curves
[
1
])
return
1
;
}
return
0
;
}
/* Return nth shared curve. If nmatch == -1 return number of
/* Return nth shared curve. If nmatch == -1 return number of
* matches.
* matches.
...
@@ -584,7 +599,12 @@ int tls1_check_ec_tmp_key(SSL *s)
...
@@ -584,7 +599,12 @@ int tls1_check_ec_tmp_key(SSL *s)
}
}
if
(
!
tls1_set_ec_id
(
curve_id
,
NULL
,
ec
))
if
(
!
tls1_set_ec_id
(
curve_id
,
NULL
,
ec
))
return
0
;
return
0
;
/* Set this to allow use of invalid curves for testing */
#if 0
return 1;
#else
return
tls1_check_ec_key
(
s
,
curve_id
,
NULL
);
return
tls1_check_ec_key
(
s
,
curve_id
,
NULL
);
#endif
}
}
#endif
/* OPENSSL_NO_EC */
#endif
/* OPENSSL_NO_EC */
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录