Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
f393b744
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
10 个月 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
f393b744
编写于
3月 30, 2006
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Implement cipher-suite selection logic given Supported Point Formats Extension.
Submitted by: Douglas Stebila
上级
531308d9
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
67 addition
and
0 deletion
+67
-0
ssl/s3_lib.c
ssl/s3_lib.c
+67
-0
未找到文件。
ssl/s3_lib.c
浏览文件 @
f393b744
...
...
@@ -152,6 +152,11 @@
#include <openssl/objects.h>
#include "ssl_locl.h"
#include "kssl_lcl.h"
#ifndef OPENSSL_NO_TLSEXT
#ifndef OPENSSL_NO_EC
#include "../crypto/ec/ec_lcl.h"
#endif
/* OPENSSL_NO_EC */
#endif
/* OPENSSL_NO_TLSEXT */
#include <openssl/md5.h>
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
...
...
@@ -2039,6 +2044,11 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
SSL_CIPHER
*
c
,
*
ret
=
NULL
;
STACK_OF
(
SSL_CIPHER
)
*
prio
,
*
allow
;
int
i
,
j
,
ok
;
#ifndef OPENSSL_NO_TLSEXT
#ifndef OPENSSL_NO_EC
int
ec_ok
;
#endif
/* OPENSSL_NO_EC */
#endif
/* OPENSSL_NO_TLSEXT */
CERT
*
cert
;
unsigned
long
alg
,
mask
,
emask
;
...
...
@@ -2124,6 +2134,63 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#endif
}
#ifndef OPENSSL_NO_TLSEXT
#ifndef OPENSSL_NO_EC
if
(
/* if we are considering an ECC cipher suite that uses our certificate */
(
alg
&
SSL_aECDSA
)
/* and we have an ECC certificate */
&&
(
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
x509
!=
NULL
)
/* and the client specified a Supported Point Formats extension */
&&
((
s
->
session
->
tlsext_ecpointformatlist_length
>
0
)
&&
(
s
->
session
->
tlsext_ecpointformatlist
!=
NULL
))
/* and our certificate's point is compressed */
&&
(
(
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
x509
->
cert_info
!=
NULL
)
&&
(
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
x509
->
cert_info
->
key
!=
NULL
)
&&
(
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
x509
->
cert_info
->
key
->
public_key
!=
NULL
)
&&
(
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
x509
->
cert_info
->
key
->
public_key
->
data
!=
NULL
)
&&
(
(
*
(
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
x509
->
cert_info
->
key
->
public_key
->
data
)
==
POINT_CONVERSION_COMPRESSED
)
||
(
*
(
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
x509
->
cert_info
->
key
->
public_key
->
data
)
==
POINT_CONVERSION_COMPRESSED
+
1
)
)
)
)
{
ec_ok
=
0
;
/* if our certificate's curve is over a field type that the client does not support
* then do not allow this cipher suite to be negotiated */
if
(
(
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
privatekey
->
pkey
.
ec
!=
NULL
)
&&
(
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
privatekey
->
pkey
.
ec
->
group
!=
NULL
)
&&
(
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
privatekey
->
pkey
.
ec
->
group
->
meth
!=
NULL
)
&&
(
EC_METHOD_get_field_type
(
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
privatekey
->
pkey
.
ec
->
group
->
meth
)
==
NID_X9_62_prime_field
)
)
{
for
(
j
=
0
;
j
<
s
->
session
->
tlsext_ecpointformatlist_length
;
j
++
)
{
if
(
s
->
session
->
tlsext_ecpointformatlist
[
j
]
==
TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime
)
{
ec_ok
=
1
;
break
;
}
}
}
else
if
(
EC_METHOD_get_field_type
(
s
->
cert
->
pkeys
[
SSL_PKEY_ECC
].
privatekey
->
pkey
.
ec
->
group
->
meth
)
==
NID_X9_62_characteristic_two_field
)
{
for
(
j
=
0
;
j
<
s
->
session
->
tlsext_ecpointformatlist_length
;
j
++
)
{
if
(
s
->
session
->
tlsext_ecpointformatlist
[
j
]
==
TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
)
{
ec_ok
=
1
;
break
;
}
}
}
ok
=
ok
&&
ec_ok
;
}
#endif
/* OPENSSL_NO_EC */
#endif
/* OPENSSL_NO_TLSEXT */
if
(
!
ok
)
continue
;
j
=
sk_SSL_CIPHER_find
(
allow
,
c
);
if
(
j
>=
0
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录