Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
9 个月 前同步成功

通知 8
Star 18
Fork 1
T
Third Party Openssl

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 a71a4966 编写于 作者: M Matt Caswell
浏览文件
操作

Move |no_cert_verify| into state machine 

The |no_cert_verify| should be in the state machine structure not in SSL
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
上级 c874def6
隐藏空白更改
内联 并排
Showing with 12 addition and 11 deletion
ssl/ssl_lib.c
浏览文件 @ a71a4966
......@@ -225,7 +225,6 @@ int SSL_clear(SSL *s)
s->init_buf = NULL;
clear_ciphers(s);
s->first_packet = 0;
s->no_cert_verify = 0;
/*
* Check to see if we were changed into a different method, if so, revert
......
ssl/ssl_locl.h
浏览文件 @ a71a4966
......@@ -1021,9 +1021,6 @@ struct ssl_st {
struct ssl3_state_st *s3; /* SSLv3 variables */
struct dtls1_state_st *d1; /* DTLSv1 variables */
/* Should we skip the CertificateVerify message? */
unsigned int no_cert_verify;
/* callback that allows applications to peek at protocol messages */
void (*msg_callback) (int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg);
......
ssl/statem/statem.c
浏览文件 @ a71a4966
......@@ -155,6 +155,7 @@ void ossl_statem_clear(SSL *s)
s->statem.state = MSG_FLOW_UNINITED;
s->statem.hand_state = TLS_ST_BEFORE;
s->statem.in_init = 1;
s->statem.no_cert_verify = 0;
}
/*
......
ssl/statem/statem.h
浏览文件 @ a71a4966
......@@ -135,6 +135,10 @@ struct statem_st {
OSSL_HANDSHAKE_STATE hand_state;
int in_init;
int read_state_first_init;
/* Should we skip the CertificateVerify message? */
unsigned int no_cert_verify;
int use_timer;
#ifndef OPENSSL_NO_SCTP
int in_sctp_read_sock;
......
ssl/statem/statem_srvr.c
浏览文件 @ a71a4966
......@@ -232,10 +232,10 @@ int server_read_transition(SSL *s, int mt)
* received a Certificate from the client. If so then |s->session->peer|
* will be non NULL. In some instances a CertificateVerify message is
* not required even if the peer has sent a Certificate (e.g. such as in
* the case of static DH). In that case |s->no_cert_verify| should be
* the case of static DH). In that case |st->no_cert_verify| should be
* set.
*/
if (s->session->peer == NULL || s->no_cert_verify) {
if (s->session->peer == NULL || st->no_cert_verify) {
if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
/*
* For the ECDH ciphersuites when the client sends its ECDH
......@@ -2619,7 +2619,7 @@ enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
goto f_err;
}
if (dh_clnt) {
s->no_cert_verify = 1;
s->statem.no_cert_verify = 1;
return MSG_PROCESS_CONTINUE_PROCESSING;
}
} else
......@@ -2697,7 +2697,7 @@ enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
goto err;
}
s->no_cert_verify = 1;
s->statem.no_cert_verify = 1;
} else {
/*
* Get client's public key from encoded point in the
......@@ -2854,7 +2854,7 @@ enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
/* Check if pubkey from client certificate was used */
if (EVP_PKEY_CTX_ctrl
(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
s->no_cert_verify = 1;
s->statem.no_cert_verify = 1;
EVP_PKEY_free(client_pub_pkey);
EVP_PKEY_CTX_free(pkey_ctx);
......@@ -2924,7 +2924,7 @@ enum WORK_STATE tls_post_process_client_key_exchange(SSL *s,
/* Are we renegotiating? */
&& s->renegotiate
/* Are we going to skip the CertificateVerify? */
&& (s->session->peer == NULL || s->no_cert_verify)
&& (s->session->peer == NULL || s->statem.no_cert_verify)
&& BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
s->s3->in_read_app_data = 2;
s->rwstate = SSL_READING;
......@@ -2937,7 +2937,7 @@ enum WORK_STATE tls_post_process_client_key_exchange(SSL *s,
}
#endif
if (s->no_cert_verify) {
if (s->statem.no_cert_verify) {
/* No certificate verify so we no longer need the handshake_buffer */
BIO_free(s->s3->handshake_buffer);
return WORK_FINISHED_CONTINUE;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册