diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2018-11-18 19:50:24 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2018-11-18 19:50:24 +0100 |
| commit | 4e46b98a4574aee0a77055741d460016faa11b75 (patch) | |
| tree | fa5be3901589489bff279f54e75a72f9d77bea11 | |
| parent | af694a4b290e9c664919c8c7bcc98a89dd2fbb7d (diff) | |
| download | busybox-w32-4e46b98a4574aee0a77055741d460016faa11b75.tar.gz busybox-w32-4e46b98a4574aee0a77055741d460016faa11b75.tar.bz2 busybox-w32-4e46b98a4574aee0a77055741d460016faa11b75.zip | |
tls: add comment, no code changes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | networking/tls.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/networking/tls.c b/networking/tls.c index 90a1bcf35..fba66f6f0 100644 --- a/networking/tls.c +++ b/networking/tls.c | |||
| @@ -1527,11 +1527,11 @@ static void process_server_key(tls_state_t *tls, int len) | |||
| 1527 | xhdr = (void*)tls->inbuf; | 1527 | xhdr = (void*)tls->inbuf; |
| 1528 | keybuf = (void*)(xhdr + 1); | 1528 | keybuf = (void*)(xhdr + 1); |
| 1529 | //seen from is.gd: it selects curve_x25519: | 1529 | //seen from is.gd: it selects curve_x25519: |
| 1530 | // 0c 00006e //SERVER_KEY_EXCHANGE | 1530 | // 0c 00006e //SERVER_KEY_EXCHANGE, len |
| 1531 | // 03 //curve_type: named curve | 1531 | // 03 //curve_type: named curve |
| 1532 | // 001d //curve_x25519 | 1532 | // 001d //curve_x25519 |
| 1533 | //server-chosen EC point, and then signed_params | 1533 | //server-chosen EC point, and then signed_params |
| 1534 | // (rfc8422: "A hash of the params, with the signature | 1534 | // (RFC 8422: "A hash of the params, with the signature |
| 1535 | // appropriate to that hash applied. The private key corresponding | 1535 | // appropriate to that hash applied. The private key corresponding |
| 1536 | // to the certified public key in the server's Certificate message is | 1536 | // to the certified public key in the server's Certificate message is |
| 1537 | // used for signing.") | 1537 | // used for signing.") |
| @@ -1547,6 +1547,18 @@ static void process_server_key(tls_state_t *tls, int len) | |||
| 1547 | // 02 20 //INTEGER, len | 1547 | // 02 20 //INTEGER, len |
| 1548 | // 64523d6216cb94c43c9b20e377d8c52c55be6703fd6730a155930c705eaf3af6 //32bytes | 1548 | // 64523d6216cb94c43c9b20e377d8c52c55be6703fd6730a155930c705eaf3af6 //32bytes |
| 1549 | //same about this item ^^^^^ | 1549 | //same about this item ^^^^^ |
| 1550 | |||
| 1551 | //seen from www.openbsd.org | ||
| 1552 | //(which only accepts ECDHE-RSA-AESnnn-GCM-SHAnnn and ECDHE-RSA-CHACHA20-POLY1305 ciphers): | ||
| 1553 | // 0c 000228 //SERVER_KEY_EXCHANGE, len | ||
| 1554 | // 03 //curve_type: named curve | ||
| 1555 | // 001d //curve_x25519 | ||
| 1556 | // 20 //eccPubKeyLen | ||
| 1557 | // eef7a15c43b71a4c7eaa48a39369399cc4332e569ec90a83274cc92596705c1a //eccPubKey | ||
| 1558 | // 0401 //hashSigAlg: 4:SHA256, 1:RSA | ||
| 1559 | // 0200 //len | ||
| 1560 | // //0x200 bytes follow | ||
| 1561 | |||
| 1550 | /* Get and verify length */ | 1562 | /* Get and verify length */ |
| 1551 | len1 = get24be(keybuf + 1); | 1563 | len1 = get24be(keybuf + 1); |
| 1552 | if (len1 > len - 4) tls_error_die(tls); | 1564 | if (len1 > len - 4) tls_error_die(tls); |