fix spaces
This commit is contained in:
parent
b28f60cdd3
commit
ffa6f9c6ea
|
@ -112,9 +112,9 @@ typedef struct Msg{
|
||||||
struct {
|
struct {
|
||||||
Bytes *key;
|
Bytes *key;
|
||||||
} clientKeyExchange;
|
} clientKeyExchange;
|
||||||
struct {
|
struct {
|
||||||
Bytes *signature;
|
Bytes *signature;
|
||||||
} certificateVerify;
|
} certificateVerify;
|
||||||
Finished finished;
|
Finished finished;
|
||||||
} u;
|
} u;
|
||||||
} Msg;
|
} Msg;
|
||||||
|
@ -726,9 +726,9 @@ tlsClient2(int ctl, int hand, uchar *csid, int ncsid, uchar *cert, int certlen,
|
||||||
}
|
}
|
||||||
|
|
||||||
if(creq) {
|
if(creq) {
|
||||||
m.u.certificate.ncert = 1;
|
m.u.certificate.ncert = 1;
|
||||||
m.u.certificate.certs = emalloc(m.u.certificate.ncert * sizeof(Bytes));
|
m.u.certificate.certs = emalloc(m.u.certificate.ncert * sizeof(Bytes));
|
||||||
m.u.certificate.certs[0] = makebytes(cert, certlen);
|
m.u.certificate.certs[0] = makebytes(cert, certlen);
|
||||||
m.tag = HCertificate;
|
m.tag = HCertificate;
|
||||||
if(!msgSend(c, &m, AFlush))
|
if(!msgSend(c, &m, AFlush))
|
||||||
goto Err;
|
goto Err;
|
||||||
|
@ -749,13 +749,13 @@ tlsClient2(int ctl, int hand, uchar *csid, int ncsid, uchar *cert, int certlen,
|
||||||
goto Err;
|
goto Err;
|
||||||
msgClear(&m);
|
msgClear(&m);
|
||||||
|
|
||||||
/* CertificateVerify */
|
/* CertificateVerify */
|
||||||
/*XXX I should only send this when it is not DH right?
|
/*XXX I should only send this when it is not DH right?
|
||||||
Also we need to know which TLS key
|
Also we need to know which TLS key
|
||||||
we have to use in case there are more than one*/
|
we have to use in case there are more than one*/
|
||||||
if(cert) {
|
if(cert){
|
||||||
m.tag = HCertificateVerify;
|
m.tag = HCertificateVerify;
|
||||||
uchar hshashes[MD5dlen+SHA1dlen]; /* content of signature */
|
uchar hshashes[MD5dlen+SHA1dlen]; /* content of signature */
|
||||||
MD5state hsmd5_save;
|
MD5state hsmd5_save;
|
||||||
SHAstate hssha1_save;
|
SHAstate hssha1_save;
|
||||||
|
|
||||||
|
@ -763,22 +763,22 @@ tlsClient2(int ctl, int hand, uchar *csid, int ncsid, uchar *cert, int certlen,
|
||||||
|
|
||||||
hsmd5_save = c->hsmd5;
|
hsmd5_save = c->hsmd5;
|
||||||
hssha1_save = c->hssha1;
|
hssha1_save = c->hssha1;
|
||||||
md5(nil, 0, hshashes, &c->hsmd5);
|
md5(nil, 0, hshashes, &c->hsmd5);
|
||||||
sha1(nil, 0, hshashes+MD5dlen, &c->hssha1);
|
sha1(nil, 0, hshashes+MD5dlen, &c->hssha1);
|
||||||
|
|
||||||
c->hsmd5 = hsmd5_save;
|
c->hsmd5 = hsmd5_save;
|
||||||
c->hssha1 = hssha1_save;
|
c->hssha1 = hssha1_save;
|
||||||
|
|
||||||
c->sec->rpc = factotum_rsa_open(cert, certlen);
|
c->sec->rpc = factotum_rsa_open(cert, certlen);
|
||||||
if(c->sec->rpc == nil){
|
if(c->sec->rpc == nil){
|
||||||
tlsError(c, EHandshakeFailure, "factotum_rsa_open: %r");
|
tlsError(c, EHandshakeFailure, "factotum_rsa_open: %r");
|
||||||
goto Err;
|
goto Err;
|
||||||
}
|
}
|
||||||
c->sec->rsapub = X509toRSApub(cert, certlen, nil, 0);
|
c->sec->rsapub = X509toRSApub(cert, certlen, nil, 0);
|
||||||
|
|
||||||
paddedHashes = pkcs1padbuf(hshashes, 36, c->sec->rsapub->n);
|
paddedHashes = pkcs1padbuf(hshashes, 36, c->sec->rsapub->n);
|
||||||
signedMP = factotum_rsa_decrypt(c->sec->rpc, paddedHashes);
|
signedMP = factotum_rsa_decrypt(c->sec->rpc, paddedHashes);
|
||||||
m.u.certificateVerify.signature = mptobytes(signedMP);
|
m.u.certificateVerify.signature = mptobytes(signedMP);
|
||||||
free(signedMP);
|
free(signedMP);
|
||||||
|
|
||||||
if(m.u.certificateVerify.signature == nil){
|
if(m.u.certificateVerify.signature == nil){
|
||||||
|
@ -787,11 +787,11 @@ tlsClient2(int ctl, int hand, uchar *csid, int ncsid, uchar *cert, int certlen,
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!msgSend(c, &m, AFlush)){
|
if(!msgSend(c, &m, AFlush)){
|
||||||
msgClear(&m);
|
msgClear(&m);
|
||||||
goto Err;
|
goto Err;
|
||||||
}
|
}
|
||||||
msgClear(&m);
|
msgClear(&m);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* change cipher spec */
|
/* change cipher spec */
|
||||||
if(fprint(c->ctl, "changecipher") < 0){
|
if(fprint(c->ctl, "changecipher") < 0){
|
||||||
|
@ -946,12 +946,12 @@ msgSend(TlsConnection *c, Msg *m, int act)
|
||||||
p += m->u.certificate.certs[i]->len;
|
p += m->u.certificate.certs[i]->len;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case HCertificateVerify:
|
case HCertificateVerify:
|
||||||
put16(p, m->u.certificateVerify.signature->len);
|
put16(p, m->u.certificateVerify.signature->len);
|
||||||
p += 2;
|
p += 2;
|
||||||
memmove(p, m->u.certificateVerify.signature->data, m->u.certificateVerify.signature->len);
|
memmove(p, m->u.certificateVerify.signature->data, m->u.certificateVerify.signature->len);
|
||||||
p += m->u.certificateVerify.signature->len;
|
p += m->u.certificateVerify.signature->len;
|
||||||
break;
|
break;
|
||||||
case HClientKeyExchange:
|
case HClientKeyExchange:
|
||||||
n = m->u.clientKeyExchange.key->len;
|
n = m->u.clientKeyExchange.key->len;
|
||||||
if(c->version != SSL3Version){
|
if(c->version != SSL3Version){
|
||||||
|
@ -1310,9 +1310,9 @@ msgClear(Msg *m)
|
||||||
freebytes(m->u.certificateRequest.cas[i]);
|
freebytes(m->u.certificateRequest.cas[i]);
|
||||||
free(m->u.certificateRequest.cas);
|
free(m->u.certificateRequest.cas);
|
||||||
break;
|
break;
|
||||||
case HCertificateVerify:
|
case HCertificateVerify:
|
||||||
freebytes(m->u.certificateVerify.signature);
|
freebytes(m->u.certificateVerify.signature);
|
||||||
break;
|
break;
|
||||||
case HServerHelloDone:
|
case HServerHelloDone:
|
||||||
break;
|
break;
|
||||||
case HClientKeyExchange:
|
case HClientKeyExchange:
|
||||||
|
@ -1406,10 +1406,10 @@ msgPrint(char *buf, int n, Msg *m)
|
||||||
for(i=0; i<m->u.certificateRequest.nca; i++)
|
for(i=0; i<m->u.certificateRequest.nca; i++)
|
||||||
bs = bytesPrint(bs, be, "\t\t", m->u.certificateRequest.cas[i], "\n");
|
bs = bytesPrint(bs, be, "\t\t", m->u.certificateRequest.cas[i], "\n");
|
||||||
break;
|
break;
|
||||||
case HCertificateVerify:
|
case HCertificateVerify:
|
||||||
bs = seprint(bs, be, "HCertificateVerify\n");
|
bs = seprint(bs, be, "HCertificateVerify\n");
|
||||||
bs = bytesPrint(bs, be, "\tsignature: ", m->u.certificateVerify.signature,"\n");
|
bs = bytesPrint(bs, be, "\tsignature: ", m->u.certificateVerify.signature,"\n");
|
||||||
break;
|
break;
|
||||||
case HServerHelloDone:
|
case HServerHelloDone:
|
||||||
bs = seprint(bs, be, "ServerHelloDone\n");
|
bs = seprint(bs, be, "ServerHelloDone\n");
|
||||||
break;
|
break;
|
||||||
|
|
Loading…
Reference in a new issue