Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
9 个月 前同步成功

通知 8
Star 18
Fork 1
T
Third Party Openssl

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 48948d53 编写于 作者: B Bodo Möller
浏览文件
操作

Change ssl3_get_message and the functions using it so that complete 

'Handshake' protocol structures are kept in memory, including
'msg_type' and 'length'.

(This is in preparation of future support for callbacks that get to
peek at handshake messages and the like.)
上级 dbec1962
隐藏空白更改
内联 并排
Showing with 43 addition and 18 deletion
CHANGES
浏览文件 @ 48948d53
...@@ -12,6 +12,15 @@ ...@@ -12,6 +12,15 @@
*) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
+) applies to 0.9.7 only +) applies to 0.9.7 only
+) Change ssl3_get_message (ssl/s3_both.c) and the functions using it
so that complete 'Handshake' protocol structures are kept in memory
instead of overwriting 'msg_type' and 'length' with 'body' data.
[Bodo Moeller]
*) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
correctly.
[Bodo Moeller]
+) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32. +) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32.
[Massimo Santin via Richard Levitte] [Massimo Santin via Richard Levitte]
......
ssl/s23_srvr.c
浏览文件 @ 48948d53
...@@ -202,7 +202,7 @@ int ssl23_get_client_hello(SSL *s) ...@@ -202,7 +202,7 @@ int ssl23_get_client_hello(SSL *s)
* 9/10 client_version / * 9/10 client_version /
*/ */
char *buf= &(buf_space[0]); char *buf= &(buf_space[0]);
unsigned char *p,*d,*dd; unsigned char *p,*d,*d_len,*dd;
unsigned int i; unsigned int i;
unsigned int csl,sil,cl; unsigned int csl,sil,cl;
int n=0,j; int n=0,j;
...@@ -365,6 +365,14 @@ int ssl23_get_client_hello(SSL *s) ...@@ -365,6 +365,14 @@ int ssl23_get_client_hello(SSL *s)
goto err; goto err;
} }
/* record header: version ... */
*(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
*(d++) = v[1];
/* ... and length (actual value will be written later) */
d_len = d++;
d++;
/* client_version */
*(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
*(d++) = v[1]; *(d++) = v[1];
...@@ -396,6 +404,7 @@ int ssl23_get_client_hello(SSL *s) ...@@ -396,6 +404,7 @@ int ssl23_get_client_hello(SSL *s)
*(d++)=0; *(d++)=0;
i=(d-(unsigned char *)s->init_buf->data); i=(d-(unsigned char *)s->init_buf->data);
s2n(i, d_len);
/* get the data reused from the init_buf */ /* get the data reused from the init_buf */
s->s3->tmp.reuse_message=1; s->s3->tmp.reuse_message=1;
......
ssl/s3_both.c
浏览文件 @ 48948d53
...@@ -109,6 +109,7 @@ ...@@ -109,6 +109,7 @@
* *
*/ */
#include <limits.h>
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
#include <openssl/buffer.h> #include <openssl/buffer.h>
...@@ -205,7 +206,7 @@ int ssl3_get_finished(SSL *s, int a, int b) ...@@ -205,7 +206,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
} }
s->s3->change_cipher_spec=0; s->s3->change_cipher_spec=0;
p = (unsigned char *)s->init_buf->data; p = (unsigned char *)s->init_msg;
i = s->s3->tmp.peer_finish_md_len; i = s->s3->tmp.peer_finish_md_len;
if (i != n) if (i != n)
...@@ -355,6 +356,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) ...@@ -355,6 +356,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
goto f_err; goto f_err;
} }
*ok=1; *ok=1;
s->init_msg = s->init_buf->data + 4;
return((int)s->s3->tmp.message_size); return((int)s->s3->tmp.message_size);
} }
...@@ -415,8 +417,6 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) ...@@ -415,8 +417,6 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
ssl3_init_finished_mac(s); ssl3_init_finished_mac(s);
} }
ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, 4);
s->s3->tmp.message_type= *(p++); s->s3->tmp.message_type= *(p++);
n2l3(p,l); n2l3(p,l);
...@@ -426,7 +426,13 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) ...@@ -426,7 +426,13 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err; goto f_err;
} }
if (l && !BUF_MEM_grow(s->init_buf,(int)l)) if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
if (l && !BUF_MEM_grow(s->init_buf,(int)l+4))
{ {
SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB); SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
goto err; goto err;
...@@ -434,13 +440,13 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) ...@@ -434,13 +440,13 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
s->s3->tmp.message_size=l; s->s3->tmp.message_size=l;
s->state=stn; s->state=stn;
s->init_num=0; s->init_msg = s->init_buf->data + 4;
s->init_num = 0;
} }
/* next state (stn) */ /* next state (stn) */
p=(unsigned char *)s->init_buf->data; p = s->init_msg;
n=s->s3->tmp.message_size; n = s->s3->tmp.message_size - s->init_num;
n -= s->init_num;
while (n > 0) while (n > 0)
{ {
i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0); i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
...@@ -453,7 +459,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) ...@@ -453,7 +459,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
s->init_num += i; s->init_num += i;
n -= i; n -= i;
} }
ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num); ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
*ok=1; *ok=1;
return s->init_num; return s->init_num;
f_err: f_err:
......
ssl/s3_clnt.c
浏览文件 @ 48948d53
...@@ -554,7 +554,7 @@ static int ssl3_get_server_hello(SSL *s) ...@@ -554,7 +554,7 @@ static int ssl3_get_server_hello(SSL *s)
&ok); &ok);
if (!ok) return((int)n); if (!ok) return((int)n);
d=p=(unsigned char *)s->init_buf->data; d=p=(unsigned char *)s->init_msg;
if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff))) if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
{ {
...@@ -710,7 +710,7 @@ static int ssl3_get_server_certificate(SSL *s) ...@@ -710,7 +710,7 @@ static int ssl3_get_server_certificate(SSL *s)
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE); SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
goto f_err; goto f_err;
} }
d=p=(unsigned char *)s->init_buf->data; d=p=(unsigned char *)s->init_msg;
if ((sk=sk_X509_new_null()) == NULL) if ((sk=sk_X509_new_null()) == NULL)
{ {
...@@ -895,7 +895,7 @@ static int ssl3_get_key_exchange(SSL *s) ...@@ -895,7 +895,7 @@ static int ssl3_get_key_exchange(SSL *s)
return(1); return(1);
} }
param=p=(unsigned char *)s->init_buf->data; param=p=(unsigned char *)s->init_msg;
if (s->session->sess_cert != NULL) if (s->session->sess_cert != NULL)
{ {
...@@ -1218,7 +1218,7 @@ static int ssl3_get_certificate_request(SSL *s) ...@@ -1218,7 +1218,7 @@ static int ssl3_get_certificate_request(SSL *s)
} }
} }
d=p=(unsigned char *)s->init_buf->data; d=p=(unsigned char *)s->init_msg;
if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL) if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
{ {
......
ssl/s3_srvr.c
浏览文件 @ 48948d53
...@@ -663,7 +663,7 @@ static int ssl3_get_client_hello(SSL *s) ...@@ -663,7 +663,7 @@ static int ssl3_get_client_hello(SSL *s)
&ok); &ok);
if (!ok) return((int)n); if (!ok) return((int)n);
d=p=(unsigned char *)s->init_buf->data; d=p=(unsigned char *)s->init_msg;
/* use version from inside client hello, not from record header /* use version from inside client hello, not from record header
* (may differ: see RFC 2246, Appendix E, second paragraph) */ * (may differ: see RFC 2246, Appendix E, second paragraph) */
...@@ -1355,7 +1355,7 @@ static int ssl3_get_client_key_exchange(SSL *s) ...@@ -1355,7 +1355,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
&ok); &ok);
if (!ok) return((int)n); if (!ok) return((int)n);
p=(unsigned char *)s->init_buf->data; p=(unsigned char *)s->init_msg;
l=s->s3->tmp.new_cipher->algorithms; l=s->s3->tmp.new_cipher->algorithms;
...@@ -1756,7 +1756,7 @@ static int ssl3_get_cert_verify(SSL *s) ...@@ -1756,7 +1756,7 @@ static int ssl3_get_cert_verify(SSL *s)
} }
/* we now have a signature that we need to verify */ /* we now have a signature that we need to verify */
p=(unsigned char *)s->init_buf->data; p=(unsigned char *)s->init_msg;
n2s(p,i); n2s(p,i);
n-=2; n-=2;
if (i > n) if (i > n)
...@@ -1872,7 +1872,7 @@ static int ssl3_get_client_certificate(SSL *s) ...@@ -1872,7 +1872,7 @@ static int ssl3_get_client_certificate(SSL *s)
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE); SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
goto f_err; goto f_err;
} }
d=p=(unsigned char *)s->init_buf->data; d=p=(unsigned char *)s->init_msg;
if ((sk=sk_X509_new_null()) == NULL) if ((sk=sk_X509_new_null()) == NULL)
{ {
......
ssl/ssl.h
浏览文件 @ 48948d53
...@@ -652,6 +652,7 @@ struct ssl_st ...@@ -652,6 +652,7 @@ struct ssl_st
int rstate; /* where we are when reading */ int rstate; /* where we are when reading */
BUF_MEM *init_buf; /* buffer used during init */ BUF_MEM *init_buf; /* buffer used during init */
void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */
int init_num; /* amount read/written */ int init_num; /* amount read/written */
int init_off; /* amount read/written */ int init_off; /* amount read/written */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册