From 8438e9fd7fdcd49f9a2e600aaa2baedc5254941c Mon Sep 17 00:00:00 2001 From: cameronrich Date: Wed, 25 Apr 2007 11:09:32 +0000 Subject: [PATCH] fixed client session size, empty certificate list git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@88 9a5d90b5-6617-0410-8a86-bb477d3ed2e3 --- ssl/bigint.c | 14 ++------------ ssl/tls1_clnt.c | 29 +++++++++++++++++------------ ssl/tls1_svr.c | 3 +-- 3 files changed, 20 insertions(+), 26 deletions(-) diff --git a/ssl/bigint.c b/ssl/bigint.c index e64375f80..2551f593d 100644 --- a/ssl/bigint.c +++ b/ssl/bigint.c @@ -77,24 +77,14 @@ static void check(const bigint *bi); */ BI_CTX *bi_initialize(void) { - BI_CTX *ctx; + /* calloc() sets everything to zero */ + BI_CTX *ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX)); - ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX)); - ctx->active_list = NULL; - ctx->active_count = 0; - ctx->free_list = NULL; - ctx->free_count = 0; - ctx->mod_offset = 0; -#ifdef CONFIG_BIGINT_MONTGOMERY - ctx->use_classical = 0; -#endif - /* the radix */ ctx->bi_radix = alloc(ctx, 2); ctx->bi_radix->comps[0] = 0; ctx->bi_radix->comps[1] = 1; bi_permanent(ctx->bi_radix); - return ctx; } diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c index 2c587f142..b9ab721a1 100644 --- a/ssl/tls1_clnt.c +++ b/ssl/tls1_clnt.c @@ -213,6 +213,7 @@ static int process_server_hello(SSL *ssl) int offset; int version = (buf[4] << 4) + buf[5]; int num_sessions = ssl->ssl_ctx->num_sessions; + uint8_t session_id_length; int ret = SSL_OK; /* check that we are talking to a TLSv1 server */ @@ -221,17 +222,18 @@ static int process_server_hello(SSL *ssl) /* get the server random value */ memcpy(ssl->server_random, &buf[6], SSL_RANDOM_SIZE); - offset = 7 + SSL_RANDOM_SIZE; /* skip of session id size */ + offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */ + session_id_length = buf[offset++]; if (num_sessions) { ssl->session = ssl_session_update(num_sessions, ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]); - memcpy(ssl->session->session_id, &buf[offset], SSL_SESSION_ID_SIZE); + memcpy(ssl->session->session_id, &buf[offset], session_id_length); } - memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE); - offset += SSL_SESSION_ID_SIZE; + memcpy(ssl->session_id, &buf[offset], session_id_length); + offset += session_id_length; /* get the real cipher we are using */ ssl->cipher = buf[++offset]; @@ -304,7 +306,7 @@ static int send_cert_verify(SSL *ssl) uint8_t *buf = ssl->bm_data; uint8_t dgst[MD5_SIZE+SHA1_SIZE]; RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx; - int n, ret; + int n = 0, ret; DISPLAY_RSA(ssl, "send_cert_verify", rsa_ctx); @@ -314,14 +316,17 @@ static int send_cert_verify(SSL *ssl) finished_digest(ssl, NULL, dgst); /* calculate the digest */ /* rsa_ctx->bi_ctx is not thread-safe */ - SSL_CTX_LOCK(ssl->ssl_ctx->mutex); - n = RSA_encrypt(rsa_ctx, dgst, sizeof(dgst), &buf[6], 1); - SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex); - - if (n == 0) + if (rsa_ctx) { - ret = SSL_ERROR_INVALID_KEY; - goto error; + SSL_CTX_LOCK(ssl->ssl_ctx->mutex); + n = RSA_encrypt(rsa_ctx, dgst, sizeof(dgst), &buf[6], 1); + SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex); + + if (n == 0) + { + ret = SSL_ERROR_INVALID_KEY; + goto error; + } } buf[4] = n >> 8; /* add the RSA size (not officially documented) */ diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c index dc26e0599..c56a9650b 100644 --- a/ssl/tls1_svr.c +++ b/ssl/tls1_svr.c @@ -307,8 +307,7 @@ static int send_server_hello(SSL *ssl) if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME)) { /* retrieve id from session cache */ - memcpy(&buf[offset], ssl->session->session_id, - SSL_SESSION_ID_SIZE); + memcpy(&buf[offset], ssl->session->session_id, SSL_SESSION_ID_SIZE); memcpy(ssl->session_id, ssl->session->session_id, SSL_SESSION_ID_SIZE); } else /* generate our own session id */