Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
9 个月 前同步成功

通知 8
Star 18
Fork 1
T
Third Party Openssl

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 f2d9a32c 编写于 作者: B Bodo Möller
浏览文件
操作

Use separate arrays for certificate verify and for finished hashes.

上级 245206ea
隐藏空白更改
内联 并排
Showing with 59 addition and 15 deletion
CHANGES
浏览文件 @ f2d9a32c
...@@ -4,6 +4,9 @@ ...@@ -4,6 +4,9 @@
Changes between 0.9.4 and 0.9.5 [xx XXX 1999] Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
*) Clean up 'Finished' handling.
[Bodo Moeller]
*) Enhanced support for Alpha Linux is added. Now ./config checks if *) Enhanced support for Alpha Linux is added. Now ./config checks if
the host supports BWX extension and if Compaq C is present on the the host supports BWX extension and if Compaq C is present on the
$PATH. Just exploiting of the BWX extention results in 20-30% $PATH. Just exploiting of the BWX extention results in 20-30%
......
ssl/s3_both.c
浏览文件 @ f2d9a32c
...@@ -56,6 +56,7 @@ ...@@ -56,6 +56,7 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
#include <string.h>
#include <stdio.h> #include <stdio.h>
#include <openssl/buffer.h> #include <openssl/buffer.h>
#include <openssl/rand.h> #include <openssl/rand.h>
...@@ -69,6 +70,19 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) ...@@ -69,6 +70,19 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
unsigned char *p,*d; unsigned char *p,*d;
int i; int i;
unsigned long l; unsigned long l;
unsigned char *finish_md;
int *finish_md_len;
if (s->state & SSL_ST_ACCEPT)
{
finish_md = s->s3->tmp.server_finish_md;
finish_md_len = &s->s3->tmp.server_finish_md_len;
}
else
{
finish_md = s->s3->tmp.client_finish_md;
finish_md_len = &s->s3->tmp.client_finish_md_len;
}
if (s->state == a) if (s->state == a)
{ {
...@@ -78,7 +92,9 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) ...@@ -78,7 +92,9 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
i=s->method->ssl3_enc->final_finish_mac(s, i=s->method->ssl3_enc->final_finish_mac(s,
&(s->s3->finish_dgst1), &(s->s3->finish_dgst1),
&(s->s3->finish_dgst2), &(s->s3->finish_dgst2),
sender,slen,p); sender,slen,finish_md);
*finish_md_len = i;
memcpy(p, finish_md, i);
p+=i; p+=i;
l=i; l=i;
...@@ -106,9 +122,22 @@ int ssl3_get_finished(SSL *s, int a, int b) ...@@ -106,9 +122,22 @@ int ssl3_get_finished(SSL *s, int a, int b)
int al,i,ok; int al,i,ok;
long n; long n;
unsigned char *p; unsigned char *p;
unsigned char *finish_md;
int *finish_md_len;
if (s->state & SSL_ST_ACCEPT)
{
finish_md = s->s3->tmp.client_finish_md;
finish_md_len = &s->s3->tmp.client_finish_md_len;
}
else
{
finish_md = s->s3->tmp.server_finish_md;
finish_md_len = &s->s3->tmp.server_finish_md_len;
}
/* the mac has already been generated when we received the /* the mac has already been generated when we received the
* change cipher spec message and is in s->s3->tmp.finish_md * change cipher spec message and is in finish_md
*/ */
n=ssl3_get_message(s, n=ssl3_get_message(s,
...@@ -131,7 +160,7 @@ int ssl3_get_finished(SSL *s, int a, int b) ...@@ -131,7 +160,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
p=(unsigned char *)s->init_buf->data; p=(unsigned char *)s->init_buf->data;
i=s->method->ssl3_enc->finish_mac_length; i=*finish_md_len;
if (i != n) if (i != n)
{ {
...@@ -140,7 +169,7 @@ int ssl3_get_finished(SSL *s, int a, int b) ...@@ -140,7 +169,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
goto f_err; goto f_err;
} }
if (memcmp( p, (char *)&(s->s3->tmp.finish_md[0]),i) != 0) if (memcmp(p, finish_md, i) != 0)
{ {
al=SSL_AD_DECRYPT_ERROR; al=SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED); SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
......
ssl/s3_enc.c
浏览文件 @ f2d9a32c
...@@ -79,7 +79,7 @@ static unsigned char ssl3_pad_2[48]={ ...@@ -79,7 +79,7 @@ static unsigned char ssl3_pad_2[48]={
0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c }; 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c };
static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
unsigned char *sender, int len, unsigned char *p); const char *sender, int len, unsigned char *p);
static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num) static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
{ {
...@@ -423,7 +423,7 @@ int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2, ...@@ -423,7 +423,7 @@ int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
} }
static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
unsigned char *sender, int len, unsigned char *p) const char *sender, int len, unsigned char *p)
{ {
unsigned int ret; unsigned int ret;
int npad,n; int npad,n;
......
ssl/s3_pkt.c
浏览文件 @ f2d9a32c
...@@ -937,6 +937,8 @@ static int do_change_cipher_spec(SSL *s) ...@@ -937,6 +937,8 @@ static int do_change_cipher_spec(SSL *s)
int i; int i;
const char *sender; const char *sender;
int slen; int slen;
unsigned char *finish_md;
int *finish_md_len;
if (s->state & SSL_ST_ACCEPT) if (s->state & SSL_ST_ACCEPT)
i=SSL3_CHANGE_CIPHER_SERVER_READ; i=SSL3_CHANGE_CIPHER_SERVER_READ;
...@@ -959,17 +961,21 @@ static int do_change_cipher_spec(SSL *s) ...@@ -959,17 +961,21 @@ static int do_change_cipher_spec(SSL *s)
{ {
sender=s->method->ssl3_enc->server_finished_label; sender=s->method->ssl3_enc->server_finished_label;
slen=s->method->ssl3_enc->server_finished_label_len; slen=s->method->ssl3_enc->server_finished_label_len;
finish_md = s->s3->tmp.server_finish_md;
finish_md_len = &s->s3->tmp.server_finish_md_len;
} }
else else
{ {
sender=s->method->ssl3_enc->client_finished_label; sender=s->method->ssl3_enc->client_finished_label;
slen=s->method->ssl3_enc->client_finished_label_len; slen=s->method->ssl3_enc->client_finished_label_len;
finish_md = s->s3->tmp.client_finish_md;
finish_md_len = &s->s3->tmp.client_finish_md_len;
} }
s->method->ssl3_enc->final_finish_mac(s, *finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
&(s->s3->finish_dgst1), &(s->s3->finish_dgst1),
&(s->s3->finish_dgst2), &(s->s3->finish_dgst2),
sender,slen,&(s->s3->tmp.finish_md[0])); sender,slen,finish_md);
return(1); return(1);
} }
......
ssl/s3_srvr.c
浏览文件 @ f2d9a32c
...@@ -368,10 +368,10 @@ int ssl3_accept(SSL *s) ...@@ -368,10 +368,10 @@ int ssl3_accept(SSL *s)
* a client cert, it can be verified */ * a client cert, it can be verified */
s->method->ssl3_enc->cert_verify_mac(s, s->method->ssl3_enc->cert_verify_mac(s,
&(s->s3->finish_dgst1), &(s->s3->finish_dgst1),
&(s->s3->tmp.finish_md[0])); &(s->s3->tmp.cert_verify_md[0]));
s->method->ssl3_enc->cert_verify_mac(s, s->method->ssl3_enc->cert_verify_mac(s,
&(s->s3->finish_dgst2), &(s->s3->finish_dgst2),
&(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH])); &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
break; break;
...@@ -1484,7 +1484,7 @@ static int ssl3_get_cert_verify(SSL *s) ...@@ -1484,7 +1484,7 @@ static int ssl3_get_cert_verify(SSL *s)
#ifndef NO_RSA #ifndef NO_RSA
if (pkey->type == EVP_PKEY_RSA) if (pkey->type == EVP_PKEY_RSA)
{ {
i=RSA_verify(NID_md5_sha1, s->s3->tmp.finish_md, i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i, MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i,
pkey->pkey.rsa); pkey->pkey.rsa);
if (i < 0) if (i < 0)
...@@ -1506,7 +1506,7 @@ static int ssl3_get_cert_verify(SSL *s) ...@@ -1506,7 +1506,7 @@ static int ssl3_get_cert_verify(SSL *s)
if (pkey->type == EVP_PKEY_DSA) if (pkey->type == EVP_PKEY_DSA)
{ {
j=DSA_verify(pkey->save_type, j=DSA_verify(pkey->save_type,
&(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]), &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa); SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
if (j <= 0) if (j <= 0)
{ {
......
ssl/ssl3.h
浏览文件 @ f2d9a32c
...@@ -314,8 +314,14 @@ typedef struct ssl3_ctx_st ...@@ -314,8 +314,14 @@ typedef struct ssl3_ctx_st
int in_read_app_data; int in_read_app_data;
struct { struct {
/* Actually only needs to be 16+20 for SSLv3 and 12 for TLS */ /* actually only needs to be 16+20 */
unsigned char finish_md[EVP_MAX_MD_SIZE*2]; unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
unsigned char server_finish_md[EVP_MAX_MD_SIZE*2];
int server_finish_md_len;
unsigned char client_finish_md[EVP_MAX_MD_SIZE*2];
int client_finish_md_len;
unsigned long message_size; unsigned long message_size;
int message_type; int message_type;
......
ssl/ssl_locl.h
浏览文件 @ f2d9a32c
...@@ -442,7 +442,7 @@ int ssl3_dispatch_alert(SSL *s); ...@@ -442,7 +442,7 @@ int ssl3_dispatch_alert(SSL *s);
int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len); int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len);
int ssl3_part_read(SSL *s, int i); int ssl3_part_read(SSL *s, int i);
int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1,EVP_MD_CTX *ctx2, int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
const char *sender, int slen,unsigned char *p); const char *sender, int slen,unsigned char *p);
int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p); int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册