* RC4 only used if PKCS12 is used.
* Buffer sizes tightned up. * Buffer check on client handshake due to some incompatibilities. git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@270 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
This commit is contained in:
cameronrich
parent
57b95e6e05
commit
3805b7c2b9
5 changed files with 14 additions and 6 deletions
|
|
@ -37,6 +37,9 @@
|
|||
#include "os_port.h"
|
||||
#include "crypto.h"
|
||||
|
||||
/* only used for PKCS12 now */
|
||||
#ifdef CONFIG_SSL_USE_PKCS12
|
||||
|
||||
/**
|
||||
* Get ready for an encrypt/decrypt operation
|
||||
*/
|
||||
|
|
@ -90,3 +93,5 @@ void RC4_crypt(RC4_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
|
|||
ctx->x = x;
|
||||
ctx->y = y;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -1540,7 +1540,11 @@ static void do_server(server_t *svr)
|
|||
else
|
||||
{
|
||||
sprintf(openssl_buf, "openssl s_server "
|
||||
#ifdef WIN32
|
||||
"-accept %d -quiet %s",
|
||||
#else
|
||||
"-accept %d -quiet %s > /dev/null",
|
||||
#endif
|
||||
g_port, svr->openssl_option);
|
||||
}
|
||||
//printf("SERVER %s\n", openssl_buf);
|
||||
|
|
|
|||
|
|
@ -647,7 +647,7 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
|
|||
const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
|
||||
{
|
||||
int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
|
||||
uint8_t *t_buf = (uint8_t *)alloca(buf_len+100);
|
||||
uint8_t *t_buf = (uint8_t *)alloca(hmac_len);
|
||||
|
||||
memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ?
|
||||
ssl->write_sequence : ssl->read_sequence, 8);
|
||||
|
|
@ -847,8 +847,8 @@ static void prf(SSL *ssl, const uint8_t *sec, int sec_len,
|
|||
{
|
||||
int len, i;
|
||||
const uint8_t *S1, *S2;
|
||||
uint8_t xbuf[256]; /* needs to be > the amount of key data */
|
||||
uint8_t ybuf[256]; /* needs to be > the amount of key data */
|
||||
uint8_t xbuf[2*(SHA256_SIZE+32+16) + MD5_SIZE]; /* max keyblock */
|
||||
uint8_t ybuf[2*(SHA256_SIZE+32+16) + SHA1_SIZE]; /* max keyblock */
|
||||
|
||||
len = sec_len/2;
|
||||
S1 = sec;
|
||||
|
|
|
|||
|
|
@ -311,7 +311,7 @@ static int process_server_hello(SSL *ssl)
|
|||
offset += 2; // ignore compression
|
||||
PARANOIA_CHECK(pkt_size, offset);
|
||||
|
||||
ssl->dc->bm_proc_index = offset+1;
|
||||
ssl->dc->bm_proc_index = offset;
|
||||
PARANOIA_CHECK(pkt_size, offset);
|
||||
|
||||
// no extensions
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue