fixed client session size, empty certificate list

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@88 9a5d90b5-6617-0410-8a86-bb477d3ed2e3

ssl/bigint.c

@@ -77,24 +77,14 @@ static void check(const bigint *bi);
  */
 BI_CTX *bi_initialize(void)
 {
-    BI_CTX *ctx;
+    /* calloc() sets everything to zero */
+    BI_CTX *ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX));
    
-    ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX));
-    ctx->active_list = NULL;
-    ctx->active_count = 0;
-    ctx->free_list = NULL;
-    ctx->free_count = 0;
-    ctx->mod_offset = 0;
-#ifdef CONFIG_BIGINT_MONTGOMERY
-    ctx->use_classical = 0;
-#endif
-
     /* the radix */
     ctx->bi_radix = alloc(ctx, 2); 
     ctx->bi_radix->comps[0] = 0;
     ctx->bi_radix->comps[1] = 1;
     bi_permanent(ctx->bi_radix);
-
     return ctx;
 }
 

ssl/tls1_clnt.c

@@ -213,6 +213,7 @@ static int process_server_hello(SSL *ssl)
     int offset;
     int version = (buf[4] << 4) + buf[5];
     int num_sessions = ssl->ssl_ctx->num_sessions;
+    uint8_t session_id_length;
     int ret = SSL_OK;
 
     /* check that we are talking to a TLSv1 server */
@@ -221,17 +222,18 @@ static int process_server_hello(SSL *ssl)
 
     /* get the server random value */
     memcpy(ssl->server_random, &buf[6], SSL_RANDOM_SIZE);
-    offset = 7 + SSL_RANDOM_SIZE; /* skip of session id size */
+    offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */
+    session_id_length = buf[offset++];
 
     if (num_sessions)
     {
         ssl->session = ssl_session_update(num_sessions,
                 ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]);
-        memcpy(ssl->session->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
+        memcpy(ssl->session->session_id, &buf[offset], session_id_length);
     }
 
-    memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
+    memcpy(ssl->session_id, &buf[offset], session_id_length);
-    offset += SSL_SESSION_ID_SIZE;
+    offset += session_id_length;
 
     /* get the real cipher we are using */
     ssl->cipher = buf[++offset];
@@ -304,7 +306,7 @@ static int send_cert_verify(SSL *ssl)
     uint8_t *buf = ssl->bm_data;
     uint8_t dgst[MD5_SIZE+SHA1_SIZE];
     RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
-    int n, ret;
+    int n = 0, ret;
 
     DISPLAY_RSA(ssl, "send_cert_verify", rsa_ctx);
 
@@ -314,14 +316,17 @@ static int send_cert_verify(SSL *ssl)
     finished_digest(ssl, NULL, dgst);   /* calculate the digest */
 
     /* rsa_ctx->bi_ctx is not thread-safe */
-    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    if (rsa_ctx)
-    n = RSA_encrypt(rsa_ctx, dgst, sizeof(dgst), &buf[6], 1);
-    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
-
-    if (n == 0)
     {
-        ret = SSL_ERROR_INVALID_KEY;
+        SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
-        goto error;
+        n = RSA_encrypt(rsa_ctx, dgst, sizeof(dgst), &buf[6], 1);
+        SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
+        if (n == 0)
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto error;
+        }
     }
     
     buf[4] = n >> 8;        /* add the RSA size (not officially documented) */

ssl/tls1_svr.c

@@ -307,8 +307,7 @@ static int send_server_hello(SSL *ssl)
     if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))
     {
         /* retrieve id from session cache */
-        memcpy(&buf[offset], ssl->session->session_id, 
+        memcpy(&buf[offset], ssl->session->session_id, SSL_SESSION_ID_SIZE);
-                SSL_SESSION_ID_SIZE);
         memcpy(ssl->session_id, ssl->session->session_id, SSL_SESSION_ID_SIZE);
     }
     else    /* generate our own session id */