fixed client session size, empty certificate list

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@88 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
2025-04-21 10:26:06 +03:00 · 2007-04-25 11:09:32 +00:00 · 2007-04-25 11:09:32 +00:00 · 8438e9fd7f
commit 8438e9fd7f
parent 548d14772f
3 changed files with 20 additions and 26 deletions
--- a/ssl/bigint.c
+++ b/ssl/bigint.c
@ -77,24 +77,14 @@ static void check(const bigint *bi);
 */
 BI_CTX *bi_initialize(void)
 {
-    BI_CTX *ctx;
-   
-    ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX));
-    ctx->active_list = NULL;
-    ctx->active_count = 0;
-    ctx->free_list = NULL;
-    ctx->free_count = 0;
-    ctx->mod_offset = 0;
-#ifdef CONFIG_BIGINT_MONTGOMERY
-    ctx->use_classical = 0;
-#endif
+    /* calloc() sets everything to zero */
+    BI_CTX *ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX));
   
    /* the radix */
    ctx->bi_radix = alloc(ctx, 2); 
    ctx->bi_radix->comps[0] = 0;
    ctx->bi_radix->comps[1] = 1;
    bi_permanent(ctx->bi_radix);
-
    return ctx;
 }

--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@ -213,6 +213,7 @@ static int process_server_hello(SSL *ssl)
    int offset;
    int version = (buf[4] << 4) + buf[5];
    int num_sessions = ssl->ssl_ctx->num_sessions;
+    uint8_t session_id_length;
    int ret = SSL_OK;

    /* check that we are talking to a TLSv1 server */
@ -221,17 +222,18 @@ static int process_server_hello(SSL *ssl)

    /* get the server random value */
    memcpy(ssl->server_random, &buf[6], SSL_RANDOM_SIZE);
-    offset = 7 + SSL_RANDOM_SIZE; /* skip of session id size */
+    offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */
+    session_id_length = buf[offset++];

    if (num_sessions)
    {
        ssl->session = ssl_session_update(num_sessions,
                ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]);
-        memcpy(ssl->session->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
+        memcpy(ssl->session->session_id, &buf[offset], session_id_length);
    }

-    memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
-    offset += SSL_SESSION_ID_SIZE;
+    memcpy(ssl->session_id, &buf[offset], session_id_length);
+    offset += session_id_length;

    /* get the real cipher we are using */
    ssl->cipher = buf[++offset];
@ -304,7 +306,7 @@ static int send_cert_verify(SSL *ssl)
    uint8_t *buf = ssl->bm_data;
    uint8_t dgst[MD5_SIZE+SHA1_SIZE];
    RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
-    int n, ret;
+    int n = 0, ret;

    DISPLAY_RSA(ssl, "send_cert_verify", rsa_ctx);

@ -314,6 +316,8 @@ static int send_cert_verify(SSL *ssl)
    finished_digest(ssl, NULL, dgst);   /* calculate the digest */

    /* rsa_ctx->bi_ctx is not thread-safe */
+    if (rsa_ctx)
+    {
        SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
        n = RSA_encrypt(rsa_ctx, dgst, sizeof(dgst), &buf[6], 1);
        SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
@ -323,6 +327,7 @@ static int send_cert_verify(SSL *ssl)
            ret = SSL_ERROR_INVALID_KEY;
            goto error;
        }
+    }
    
    buf[4] = n >> 8;        /* add the RSA size (not officially documented) */
    buf[5] = n & 0xff;
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@ -307,8 +307,7 @@ static int send_server_hello(SSL *ssl)
    if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))
    {
        /* retrieve id from session cache */
-        memcpy(&buf[offset], ssl->session->session_id, 
-                SSL_SESSION_ID_SIZE);
+        memcpy(&buf[offset], ssl->session->session_id, SSL_SESSION_ID_SIZE);
        memcpy(ssl->session_id, ssl->session->session_id, SSL_SESSION_ID_SIZE);
    }
    else    /* generate our own session id */