From 90fe80e73b4060cc52f75e9db6e7f2aeba7b0657 Mon Sep 17 00:00:00 2001 From: Giacomo Tesio Date: Wed, 18 Jan 2017 00:09:31 +0100 Subject: [PATCH] libsec: fix #4: Finished.n can only be 0, 12 or 36 As noted ty Cinap Lenrek Finished.n is only set by setVersion and can only be either 0 before setVersion() as emalloc() zeros the TlsConnection struct or SSL3FinishedLen/TLSFinishedLen after when we got the client/server hello. Introducing FinishedLength enum we make the domain of the field explicit. --- sys/src/lib/sec/port/tlshand.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/sys/src/lib/sec/port/tlshand.c b/sys/src/lib/sec/port/tlshand.c index d4d14e2..da2f911 100644 --- a/sys/src/lib/sec/port/tlshand.c +++ b/sys/src/lib/sec/port/tlshand.c @@ -14,8 +14,6 @@ // which is implemented in kernel device #a. See also /lib/rfc/rfc2246. enum { - TLSFinishedLen = 12, - SSL3FinishedLen = MD5dlen+SHA1dlen, MaxKeyData = 160, // amount of secret we may need MaxChunk = 1<<15, MAXdlen = SHA2_512dlen, @@ -48,9 +46,15 @@ typedef struct Namedcurve{ void (*init)(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h); } Namedcurve; +typedef enum FinishedLength{ + BeforeSetVersion = 0, + TLSFinishedLen = 12, + SSL3FinishedLen = MD5dlen+SHA1dlen, +} FinishedLength; + typedef struct Finished{ uint8_t verify[SSL3FinishedLen]; - int n; + FinishedLength n; // see https://github.com/JehanneOS/jehanne/issues/4 } Finished; typedef struct HandshakeHash { @@ -80,7 +84,7 @@ struct TlsSec { // byte generation and handshake checksum void (*prf)(uint8_t*, int, uint8_t*, int, char*, uint8_t*, int, uint8_t*, int); void (*setFinished)(TlsSec*, HandshakeHash, uint8_t*, int); - int nfin; + FinishedLength nfin; }; typedef struct TlsConnection{