* RC4 only used if PKCS12 is used.

* Buffer sizes tightned up.
* Buffer check on client handshake due to some incompatibilities.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@270 9a5d90b5-6617-0410-8a86-bb477d3ed2e3

crypto/rc4.c

@@ -37,6 +37,9 @@
 #include "os_port.h"
 #include "crypto.h"
 
+/* only used for PKCS12 now */
+#ifdef CONFIG_SSL_USE_PKCS12
+
 /**
  * Get ready for an encrypt/decrypt operation
  */
@@ -90,3 +93,5 @@ void RC4_crypt(RC4_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
     ctx->x = x;
     ctx->y = y;
 }
+
+#endif

ssl/tls1.c

@@ -735,7 +735,7 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
         const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
 {
     int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
-    uint8_t *t_buf = (uint8_t *)malloc(buf_len+100);
+    uint8_t *t_buf = (uint8_t *)malloc(hmac_len);
 
     memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
                     ssl->write_sequence : ssl->read_sequence, 8);
@@ -937,8 +937,8 @@ static void prf(SSL *ssl, const uint8_t *sec, int sec_len,
     {
         int len, i;
         const uint8_t *S1, *S2;
-        uint8_t xbuf[256]; /* needs to be > the amount of key data */
+        uint8_t xbuf[2*(SHA256_SIZE+32+16) + MD5_SIZE]; /* max keyblock */
-        uint8_t ybuf[256]; /* needs to be > the amount of key data */
+        uint8_t ybuf[2*(SHA256_SIZE+32+16) + SHA1_SIZE]; /* max keyblock */
 
         len = sec_len/2;
         S1 = sec;