Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
ec60ccc1
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
ec60ccc1
编写于
10月 04, 2016
作者:
M
Matt Caswell
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Convert session_id_length and sid_ctx_len to size_t
Reviewed-by:
N
Rich Salz
<
rsalz@openssl.org
>
上级
8c1a5343
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
31 addition
and
24 deletion
+31
-24
ssl/ssl_asn1.c
ssl/ssl_asn1.c
+4
-4
ssl/ssl_locl.h
ssl/ssl_locl.h
+4
-4
ssl/ssl_txt.c
ssl/ssl_txt.c
+4
-4
ssl/statem/statem_clnt.c
ssl/statem/statem_clnt.c
+14
-7
ssl/statem/statem_srvr.c
ssl/statem/statem_srvr.c
+3
-3
ssl/t1_lib.c
ssl/t1_lib.c
+2
-2
未找到文件。
ssl/ssl_asn1.c
浏览文件 @
ec60ccc1
...
@@ -223,14 +223,14 @@ static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src)
...
@@ -223,14 +223,14 @@ static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src)
/* Copy an OCTET STRING, return error if it exceeds maximum length */
/* Copy an OCTET STRING, return error if it exceeds maximum length */
static
int
ssl_session_memcpy
(
unsigned
char
*
dst
,
unsigned
in
t
*
pdstlen
,
static
int
ssl_session_memcpy
(
unsigned
char
*
dst
,
size_
t
*
pdstlen
,
ASN1_OCTET_STRING
*
src
,
in
t
maxlen
)
ASN1_OCTET_STRING
*
src
,
size_
t
maxlen
)
{
{
if
(
src
==
NULL
)
{
if
(
src
==
NULL
)
{
*
pdstlen
=
0
;
*
pdstlen
=
0
;
return
1
;
return
1
;
}
}
if
(
src
->
length
>
maxlen
)
if
(
src
->
length
<
0
||
src
->
length
>
(
int
)
maxlen
)
return
0
;
return
0
;
memcpy
(
dst
,
src
->
data
,
src
->
length
);
memcpy
(
dst
,
src
->
data
,
src
->
length
);
*
pdstlen
=
src
->
length
;
*
pdstlen
=
src
->
length
;
...
@@ -241,7 +241,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
...
@@ -241,7 +241,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
long
length
)
long
length
)
{
{
long
id
;
long
id
;
unsigned
in
t
tmpl
;
size_
t
tmpl
;
const
unsigned
char
*
p
=
*
pp
;
const
unsigned
char
*
p
=
*
pp
;
SSL_SESSION_ASN1
*
as
=
NULL
;
SSL_SESSION_ASN1
*
as
=
NULL
;
SSL_SESSION
*
ret
=
NULL
;
SSL_SESSION
*
ret
=
NULL
;
...
...
ssl/ssl_locl.h
浏览文件 @
ec60ccc1
...
@@ -503,14 +503,14 @@ struct ssl_session_st {
...
@@ -503,14 +503,14 @@ struct ssl_session_st {
size_t
master_key_length
;
size_t
master_key_length
;
unsigned
char
master_key
[
SSL_MAX_MASTER_KEY_LENGTH
];
unsigned
char
master_key
[
SSL_MAX_MASTER_KEY_LENGTH
];
/* session_id - valid? */
/* session_id - valid? */
unsigned
in
t
session_id_length
;
size_
t
session_id_length
;
unsigned
char
session_id
[
SSL_MAX_SSL_SESSION_ID_LENGTH
];
unsigned
char
session_id
[
SSL_MAX_SSL_SESSION_ID_LENGTH
];
/*
/*
* this is used to determine whether the session is being reused in the
* this is used to determine whether the session is being reused in the
* appropriate context. It is up to the application to set this, via
* appropriate context. It is up to the application to set this, via
* SSL_new
* SSL_new
*/
*/
unsigned
in
t
sid_ctx_length
;
size_
t
sid_ctx_length
;
unsigned
char
sid_ctx
[
SSL_MAX_SID_CTX_LENGTH
];
unsigned
char
sid_ctx
[
SSL_MAX_SID_CTX_LENGTH
];
# ifndef OPENSSL_NO_PSK
# ifndef OPENSSL_NO_PSK
char
*
psk_identity_hint
;
char
*
psk_identity_hint
;
...
@@ -722,7 +722,7 @@ struct ssl_ctx_st {
...
@@ -722,7 +722,7 @@ struct ssl_ctx_st {
void
*
msg_callback_arg
;
void
*
msg_callback_arg
;
uint32_t
verify_mode
;
uint32_t
verify_mode
;
unsigned
in
t
sid_ctx_length
;
size_
t
sid_ctx_length
;
unsigned
char
sid_ctx
[
SSL_MAX_SID_CTX_LENGTH
];
unsigned
char
sid_ctx
[
SSL_MAX_SID_CTX_LENGTH
];
/* called 'verify_callback' in the SSL */
/* called 'verify_callback' in the SSL */
int
(
*
default_verify_callback
)
(
int
ok
,
X509_STORE_CTX
*
ctx
);
int
(
*
default_verify_callback
)
(
int
ok
,
X509_STORE_CTX
*
ctx
);
...
@@ -958,7 +958,7 @@ struct ssl_st {
...
@@ -958,7 +958,7 @@ struct ssl_st {
* the session_id_context is used to ensure sessions are only reused in
* the session_id_context is used to ensure sessions are only reused in
* the appropriate context
* the appropriate context
*/
*/
unsigned
in
t
sid_ctx_length
;
size_
t
sid_ctx_length
;
unsigned
char
sid_ctx
[
SSL_MAX_SID_CTX_LENGTH
];
unsigned
char
sid_ctx
[
SSL_MAX_SID_CTX_LENGTH
];
/* This can also be in the session once a session is established */
/* This can also be in the session once a session is established */
SSL_SESSION
*
session
;
SSL_SESSION
*
session
;
...
...
ssl/ssl_txt.c
浏览文件 @
ec60ccc1
...
@@ -57,7 +57,7 @@ int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
...
@@ -57,7 +57,7 @@ int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
int
SSL_SESSION_print
(
BIO
*
bp
,
const
SSL_SESSION
*
x
)
int
SSL_SESSION_print
(
BIO
*
bp
,
const
SSL_SESSION
*
x
)
{
{
unsigned
in
t
i
;
size_
t
i
;
const
char
*
s
;
const
char
*
s
;
if
(
x
==
NULL
)
if
(
x
==
NULL
)
...
@@ -98,7 +98,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
...
@@ -98,7 +98,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
}
}
if
(
BIO_puts
(
bp
,
"
\n
Master-Key: "
)
<=
0
)
if
(
BIO_puts
(
bp
,
"
\n
Master-Key: "
)
<=
0
)
goto
err
;
goto
err
;
for
(
i
=
0
;
i
<
(
unsigned
int
)
x
->
master_key_length
;
i
++
)
{
for
(
i
=
0
;
i
<
x
->
master_key_length
;
i
++
)
{
if
(
BIO_printf
(
bp
,
"%02X"
,
x
->
master_key
[
i
])
<=
0
)
if
(
BIO_printf
(
bp
,
"%02X"
,
x
->
master_key
[
i
])
<=
0
)
goto
err
;
goto
err
;
}
}
...
@@ -181,7 +181,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
...
@@ -181,7 +181,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
*/
*/
int
SSL_SESSION_print_keylog
(
BIO
*
bp
,
const
SSL_SESSION
*
x
)
int
SSL_SESSION_print_keylog
(
BIO
*
bp
,
const
SSL_SESSION
*
x
)
{
{
unsigned
in
t
i
;
size_
t
i
;
if
(
x
==
NULL
)
if
(
x
==
NULL
)
goto
err
;
goto
err
;
...
@@ -204,7 +204,7 @@ int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x)
...
@@ -204,7 +204,7 @@ int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x)
}
}
if
(
BIO_puts
(
bp
,
" Master-Key:"
)
<=
0
)
if
(
BIO_puts
(
bp
,
" Master-Key:"
)
<=
0
)
goto
err
;
goto
err
;
for
(
i
=
0
;
i
<
(
unsigned
int
)
x
->
master_key_length
;
i
++
)
{
for
(
i
=
0
;
i
<
x
->
master_key_length
;
i
++
)
{
if
(
BIO_printf
(
bp
,
"%02X"
,
x
->
master_key
[
i
])
<=
0
)
if
(
BIO_printf
(
bp
,
"%02X"
,
x
->
master_key
[
i
])
<=
0
)
goto
err
;
goto
err
;
}
}
...
...
ssl/statem/statem_clnt.c
浏览文件 @
ec60ccc1
...
@@ -696,8 +696,8 @@ WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst)
...
@@ -696,8 +696,8 @@ WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst)
int
tls_construct_client_hello
(
SSL
*
s
,
WPACKET
*
pkt
)
int
tls_construct_client_hello
(
SSL
*
s
,
WPACKET
*
pkt
)
{
{
unsigned
char
*
p
;
unsigned
char
*
p
;
int
i
;
size_t
sess_id_len
;
int
protverr
;
int
i
,
protverr
;
int
al
=
SSL_AD_HANDSHAKE_FAILURE
;
int
al
=
SSL_AD_HANDSHAKE_FAILURE
;
#ifndef OPENSSL_NO_COMP
#ifndef OPENSSL_NO_COMP
SSL_COMP
*
comp
;
SSL_COMP
*
comp
;
...
@@ -788,12 +788,13 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
...
@@ -788,12 +788,13 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
/* Session ID */
/* Session ID */
if
(
s
->
new_session
)
if
(
s
->
new_session
)
i
=
0
;
sess_id_len
=
0
;
else
else
i
=
s
->
session
->
session_id_length
;
sess_id_len
=
s
->
session
->
session_id_length
;
if
(
i
>
(
int
)
sizeof
(
s
->
session
->
session_id
)
if
(
sess_id_len
>
sizeof
(
s
->
session
->
session_id
)
||
!
WPACKET_start_sub_packet_u8
(
pkt
)
||
!
WPACKET_start_sub_packet_u8
(
pkt
)
||
(
i
!=
0
&&
!
WPACKET_memcpy
(
pkt
,
s
->
session
->
session_id
,
i
))
||
(
sess_id_len
!=
0
&&
!
WPACKET_memcpy
(
pkt
,
s
->
session
->
session_id
,
sess_id_len
))
||
!
WPACKET_close
(
pkt
))
{
||
!
WPACKET_close
(
pkt
))
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_HELLO
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_HELLO
,
ERR_R_INTERNAL_ERROR
);
return
0
;
return
0
;
...
@@ -1880,6 +1881,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
...
@@ -1880,6 +1881,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
int
al
;
int
al
;
unsigned
int
ticklen
;
unsigned
int
ticklen
;
unsigned
long
ticket_lifetime_hint
;
unsigned
long
ticket_lifetime_hint
;
unsigned
int
sess_len
;
if
(
!
PACKET_get_net_4
(
pkt
,
&
ticket_lifetime_hint
)
if
(
!
PACKET_get_net_4
(
pkt
,
&
ticket_lifetime_hint
)
||
!
PACKET_get_net_2
(
pkt
,
&
ticklen
)
||
!
PACKET_get_net_2
(
pkt
,
&
ticklen
)
...
@@ -1944,12 +1946,17 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
...
@@ -1944,12 +1946,17 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
* elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
* elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
* SHA256 is disabled) hash of the ticket.
* SHA256 is disabled) hash of the ticket.
*/
*/
/*
* TODO(size_t): we use sess_len here because EVP_Digest expects an int
* but s->session->session_id_length is a size_t
*/
if
(
!
EVP_Digest
(
s
->
session
->
tlsext_tick
,
ticklen
,
if
(
!
EVP_Digest
(
s
->
session
->
tlsext_tick
,
ticklen
,
s
->
session
->
session_id
,
&
s
->
session
->
session_id_length
,
s
->
session
->
session_id
,
&
s
ess_len
,
EVP_sha256
(),
NULL
))
{
EVP_sha256
(),
NULL
))
{
SSLerr
(
SSL_F_TLS_PROCESS_NEW_SESSION_TICKET
,
ERR_R_EVP_LIB
);
SSLerr
(
SSL_F_TLS_PROCESS_NEW_SESSION_TICKET
,
ERR_R_EVP_LIB
);
goto
err
;
goto
err
;
}
}
s
->
session
->
session_id_length
=
sess_len
;
return
MSG_PROCESS_CONTINUE_READING
;
return
MSG_PROCESS_CONTINUE_READING
;
f_err:
f_err:
ssl3_send_alert
(
s
,
SSL3_AL_FATAL
,
al
);
ssl3_send_alert
(
s
,
SSL3_AL_FATAL
,
al
);
...
...
ssl/statem/statem_srvr.c
浏览文件 @
ec60ccc1
...
@@ -1491,8 +1491,8 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
...
@@ -1491,8 +1491,8 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
int
tls_construct_server_hello
(
SSL
*
s
,
WPACKET
*
pkt
)
int
tls_construct_server_hello
(
SSL
*
s
,
WPACKET
*
pkt
)
{
{
int
sl
,
compm
,
al
=
SSL_AD_INTERNAL_ERROR
;
int
compm
,
al
=
SSL_AD_INTERNAL_ERROR
;
size_t
len
;
size_t
sl
,
len
;
if
(
!
WPACKET_put_bytes_u16
(
pkt
,
s
->
version
)
if
(
!
WPACKET_put_bytes_u16
(
pkt
,
s
->
version
)
/*
/*
...
@@ -1526,7 +1526,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
...
@@ -1526,7 +1526,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
s
->
session
->
session_id_length
=
0
;
s
->
session
->
session_id_length
=
0
;
sl
=
s
->
session
->
session_id_length
;
sl
=
s
->
session
->
session_id_length
;
if
(
sl
>
(
int
)
sizeof
(
s
->
session
->
session_id
))
{
if
(
sl
>
sizeof
(
s
->
session
->
session_id
))
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_SERVER_HELLO
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_CONSTRUCT_SERVER_HELLO
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
goto
err
;
}
}
...
...
ssl/t1_lib.c
浏览文件 @
ec60ccc1
...
@@ -21,7 +21,7 @@
...
@@ -21,7 +21,7 @@
#include <openssl/ct.h>
#include <openssl/ct.h>
static
int
tls_decrypt_ticket
(
SSL
*
s
,
const
unsigned
char
*
tick
,
int
ticklen
,
static
int
tls_decrypt_ticket
(
SSL
*
s
,
const
unsigned
char
*
tick
,
int
ticklen
,
const
unsigned
char
*
sess_id
,
in
t
sesslen
,
const
unsigned
char
*
sess_id
,
size_
t
sesslen
,
SSL_SESSION
**
psess
);
SSL_SESSION
**
psess
);
static
int
ssl_check_clienthello_tlsext_early
(
SSL
*
s
);
static
int
ssl_check_clienthello_tlsext_early
(
SSL
*
s
);
static
int
ssl_check_serverhello_tlsext
(
SSL
*
s
);
static
int
ssl_check_serverhello_tlsext
(
SSL
*
s
);
...
@@ -2964,7 +2964,7 @@ int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext,
...
@@ -2964,7 +2964,7 @@ int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext,
*/
*/
static
int
tls_decrypt_ticket
(
SSL
*
s
,
const
unsigned
char
*
etick
,
static
int
tls_decrypt_ticket
(
SSL
*
s
,
const
unsigned
char
*
etick
,
int
eticklen
,
const
unsigned
char
*
sess_id
,
int
eticklen
,
const
unsigned
char
*
sess_id
,
in
t
sesslen
,
SSL_SESSION
**
psess
)
size_
t
sesslen
,
SSL_SESSION
**
psess
)
{
{
SSL_SESSION
*
sess
;
SSL_SESSION
*
sess
;
unsigned
char
*
sdec
;
unsigned
char
*
sdec
;
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录