Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
fb79abe3
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
fb79abe3
编写于
12月 17, 2015
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
EVP_PKEY DH client support.
Reviewed-by:
N
Matt Caswell
<
matt@openssl.org
>
上级
ffaef3f1
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
48 addition
and
91 deletion
+48
-91
ssl/s3_lib.c
ssl/s3_lib.c
+15
-30
ssl/ssl_locl.h
ssl/ssl_locl.h
+1
-4
ssl/statem/statem_clnt.c
ssl/statem/statem_clnt.c
+32
-57
未找到文件。
ssl/s3_lib.c
浏览文件 @
fb79abe3
...
...
@@ -3377,11 +3377,13 @@ void ssl3_free(SSL *s)
#ifndef OPENSSL_NO_DH
DH_free
(
s
->
s3
->
tmp
.
dh
);
DH_free
(
s
->
s3
->
peer_dh_tmp
);
#endif
#ifndef OPENSSL_NO_EC
EVP_PKEY_free
(
s
->
s3
->
tmp
.
pkey
);
s
->
s3
->
tmp
.
pkey
=
NULL
;
#endif
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free
(
s
->
s3
->
peer_tmp
);
s
->
s3
->
peer_tmp
=
NULL
;
#endif
...
...
@@ -3414,15 +3416,15 @@ void ssl3_clear(SSL *s)
#ifndef OPENSSL_NO_DH
DH_free
(
s
->
s3
->
tmp
.
dh
);
s
->
s3
->
tmp
.
dh
=
NULL
;
DH_free
(
s
->
s3
->
peer_dh_tmp
);
s
->
s3
->
peer_dh_tmp
=
NULL
;
#endif
#ifndef OPENSSL_NO_EC
EVP_PKEY_free
(
s
->
s3
->
tmp
.
pkey
);
s
->
s3
->
tmp
.
pkey
=
NULL
;
s
->
s3
->
is_probably_safari
=
0
;
#endif
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free
(
s
->
s3
->
peer_tmp
);
s
->
s3
->
peer_tmp
=
NULL
;
s
->
s3
->
is_probably_safari
=
0
;
#endif
/* !OPENSSL_NO_EC */
ssl3_free_digest_list
(
s
);
...
...
@@ -3759,34 +3761,17 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
return
0
;
case
SSL_CTRL_GET_SERVER_TMP_KEY
:
if
(
s
->
server
||
!
s
->
session
)
return
0
;
else
{
EVP_PKEY
*
ptmp
;
int
rv
=
0
;
#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
if
(
s
->
s3
->
peer_dh_tmp
==
NULL
&&
s
->
s3
->
peer_tmp
==
NULL
)
return
0
;
#endif
ptmp
=
EVP_PKEY_new
();
if
(
ptmp
==
NULL
)
return
0
;
#ifndef OPENSSL_NO_DH
else
if
(
s
->
s3
->
peer_dh_tmp
!=
NULL
)
rv
=
EVP_PKEY_set1_DH
(
ptmp
,
s
->
s3
->
peer_dh_tmp
);
#endif
#ifndef OPENSSL_NO_EC
else
if
(
s
->
s3
->
peer_tmp
!=
NULL
)
rv
=
EVP_PKEY_set1_EC_KEY
(
ptmp
,
EVP_PKEY_get0_EC_KEY
(
s
->
s3
->
peer_tmp
));
#endif
if
(
rv
)
{
*
(
EVP_PKEY
**
)
parg
=
ptmp
;
return
1
;
}
EVP_PKEY_free
(
ptmp
);
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
if
(
s
->
server
||
s
->
session
==
NULL
||
s
->
s3
->
peer_tmp
==
NULL
)
{
return
0
;
}
else
{
EVP_PKEY_up_ref
(
s
->
s3
->
peer_tmp
);
*
(
EVP_PKEY
**
)
parg
=
s
->
s3
->
peer_tmp
;
return
1
;
}
#else
return
0
;
#endif
#ifndef OPENSSL_NO_EC
case
SSL_CTRL_GET_EC_POINT_FORMATS
:
{
...
...
ssl/ssl_locl.h
浏览文件 @
fb79abe3
...
...
@@ -1327,10 +1327,7 @@ typedef struct ssl3_state_st {
# endif
/* !OPENSSL_NO_EC */
/* For clients: peer temporary key */
# ifndef OPENSSL_NO_DH
DH
*
peer_dh_tmp
;
# endif
# ifndef OPENSSL_NO_EC
# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY
*
peer_tmp
;
# endif
...
...
ssl/statem/statem_clnt.c
浏览文件 @
fb79abe3
...
...
@@ -1581,9 +1581,6 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
#ifndef OPENSSL_NO_RSA
RSA
*
rsa
=
NULL
;
#endif
#ifndef OPENSSL_NO_DH
DH
*
dh
=
NULL
;
#endif
#ifndef OPENSSL_NO_EC
EVP_PKEY_CTX
*
pctx
=
NULL
;
#endif
...
...
@@ -1600,11 +1597,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
save_param_start
=
*
pkt
;
#ifndef OPENSSL_NO_DH
DH_free
(
s
->
s3
->
peer_dh_tmp
);
s
->
s3
->
peer_dh_tmp
=
NULL
;
#endif
#ifndef OPENSSL_NO_EC
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free
(
s
->
s3
->
peer_tmp
);
s
->
s3
->
peer_tmp
=
NULL
;
#endif
...
...
@@ -1695,6 +1688,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
else
if
(
alg_k
&
(
SSL_kDHE
|
SSL_kDHEPSK
))
{
PACKET
prime
,
generator
,
pub_key
;
DH
*
dh
;
if
(
!
PACKET_get_length_prefixed_2
(
pkt
,
&
prime
)
||
!
PACKET_get_length_prefixed_2
(
pkt
,
&
generator
)
||
!
PACKET_get_length_prefixed_2
(
pkt
,
&
pub_key
))
{
...
...
@@ -1702,8 +1697,18 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
goto
f_err
;
}
if
((
dh
=
DH_new
())
==
NULL
)
{
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
ERR_R_DH_LIB
);
s
->
s3
->
peer_tmp
=
EVP_PKEY_new
();
dh
=
DH_new
();
if
(
s
->
s3
->
peer_tmp
==
NULL
||
dh
==
NULL
)
{
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
ERR_R_MALLOC_FAILURE
);
DH_free
(
dh
);
goto
err
;
}
if
(
EVP_PKEY_assign_DH
(
s
->
s3
->
peer_tmp
,
dh
)
==
0
)
{
SSLerr
(
SSL_F_TLS_PROCESS_KEY_EXCHANGE
,
ERR_R_EVP_LIB
);
DH_free
(
dh
);
goto
err
;
}
...
...
@@ -1731,9 +1736,6 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
if
(
alg_a
&
(
SSL_aRSA
|
SSL_aDSS
))
pkey
=
X509_get_pubkey
(
s
->
session
->
peer
);
/* else anonymous DH, so no certificate or pkey. */
s
->
s3
->
peer_dh_tmp
=
dh
;
dh
=
NULL
;
}
#endif
/* !OPENSSL_NO_DH */
...
...
@@ -1915,9 +1917,6 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
#ifndef OPENSSL_NO_RSA
RSA_free
(
rsa
);
#endif
#ifndef OPENSSL_NO_DH
DH_free
(
dh
);
#endif
#ifndef OPENSSL_NO_EC
EVP_PKEY_CTX_free
(
pctx
);
#endif
...
...
@@ -2243,8 +2242,10 @@ int tls_construct_client_key_exchange(SSL *s)
unsigned
char
*
q
;
EVP_PKEY
*
pkey
=
NULL
;
#endif
#if
ndef OPENSSL_NO_EC
#if
!defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY
*
ckey
=
NULL
,
*
skey
=
NULL
;
#endif
#ifndef OPENSSL_NO_EC
unsigned
char
*
encodedPoint
=
NULL
;
int
encoded_pt_len
=
0
;
#endif
...
...
@@ -2391,52 +2392,30 @@ psk_err:
#endif
#ifndef OPENSSL_NO_DH
else
if
(
alg_k
&
(
SSL_kDHE
|
SSL_kDHEPSK
))
{
DH
*
dh_srvr
,
*
dh_clnt
;
if
(
s
->
s3
->
peer_dh_tmp
==
NULL
)
{
DH
*
dh_clnt
=
NULL
;
skey
=
s
->
s3
->
peer_tmp
;
if
(
skey
==
NULL
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
dh_srvr
=
s
->
s3
->
peer_dh_tmp
;
/* generate a new random key */
if
((
dh_clnt
=
DHparams_dup
(
dh_srvr
))
==
NULL
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_DH_LIB
);
goto
err
;
}
if
(
!
DH_generate_key
(
dh_clnt
))
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_DH_LIB
);
DH_free
(
dh_clnt
);
goto
err
;
}
pmslen
=
DH_size
(
dh_clnt
);
pms
=
OPENSSL_malloc
(
pmslen
);
if
(
pms
==
NULL
)
goto
memerr
;
/*
* use the 'p' output buffer for the DH key, but make sure to
* clear it out afterwards
*/
n
=
DH_compute_key
(
pms
,
dh_srvr
->
pub_key
,
dh_clnt
);
if
(
s
->
s3
->
peer_dh_tmp
==
NULL
)
DH_free
(
dh_srvr
);
ckey
=
ssl_generate_pkey
(
skey
,
NID_undef
);
dh_clnt
=
EVP_PKEY_get0_DH
(
ckey
);
if
(
n
<
=
0
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_DH_LIB
);
DH_free
(
dh_clnt
);
if
(
dh_clnt
==
NULL
||
ssl_derive
(
s
,
ckey
,
skey
)
=
=
0
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
goto
err
;
}
pmslen
=
n
;
/* send off the data */
n
=
BN_num_bytes
(
dh_clnt
->
pub_key
);
s2n
(
n
,
p
);
BN_bn2bin
(
dh_clnt
->
pub_key
,
p
);
n
+=
2
;
DH_free
(
dh_clnt
)
;
EVP_PKEY_free
(
ckey
);
ckey
=
NULL
;
}
#endif
...
...
@@ -2666,6 +2645,8 @@ psk_err:
s
->
s3
->
tmp
.
pms
=
NULL
;
#ifndef OPENSSL_NO_EC
OPENSSL_free
(
encodedPoint
);
#endif
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free
(
ckey
);
#endif
#ifndef OPENSSL_NO_PSK
...
...
@@ -2927,9 +2908,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
#endif
long
alg_k
,
alg_a
;
EVP_PKEY
*
pkey
=
NULL
;
#ifndef OPENSSL_NO_DH
DH
*
dh
;
#endif
int
al
=
SSL_AD_HANDSHAKE_FAILURE
;
alg_k
=
s
->
s3
->
tmp
.
new_cipher
->
algorithm_mkey
;
...
...
@@ -2938,9 +2916,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
/* we don't have a certificate */
if
((
alg_a
&
SSL_aNULL
)
||
(
alg_k
&
SSL_kPSK
))
return
(
1
);
#ifndef OPENSSL_NO_DH
dh
=
s
->
s3
->
peer_dh_tmp
;
#endif
/* This is the passed certificate */
...
...
@@ -2989,7 +2964,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
}
#endif
#ifndef OPENSSL_NO_DH
if
((
alg_k
&
SSL_kDHE
)
&&
(
dh
==
NULL
))
{
if
((
alg_k
&
SSL_kDHE
)
&&
(
s
->
s3
->
peer_tmp
==
NULL
))
{
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM
,
ERR_R_INTERNAL_ERROR
);
goto
f_err
;
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录