diff options
| author | RFL890 <rfl890mc@gmail.com> | 2025-08-26 20:33:02 +0500 |
|---|---|---|
| committer | Ron Yorston <rmy@pobox.com> | 2025-08-28 11:51:48 +0000 |
| commit | 2c94f4417538b1b2bbe499b7681d389ea72a08ce (patch) | |
| tree | 311a13a250f63b491909cff8acf9af50e1fd8e2f /include | |
| parent | f5764865cb846ad953b8a7082330f9b47ebad5e8 (diff) | |
| download | busybox-w32-2c94f4417538b1b2bbe499b7681d389ea72a08ce.tar.gz busybox-w32-2c94f4417538b1b2bbe499b7681d389ea72a08ce.tar.bz2 busybox-w32-2c94f4417538b1b2bbe499b7681d389ea72a08ce.zip | |
tls: rewrite Schannel code
The previous code had issues with buffer management,
resulting in failures.
Diffstat (limited to 'include')
| -rw-r--r-- | include/libbb.h | 40 |
1 files changed, 20 insertions, 20 deletions
diff --git a/include/libbb.h b/include/libbb.h index 60037ed3d..3151ad65b 100644 --- a/include/libbb.h +++ b/include/libbb.h | |||
| @@ -920,33 +920,33 @@ struct hostent *xgethostbyname(const char *name) FAST_FUNC; | |||
| 920 | // + inet_common.c has additional IPv4-only stuff | 920 | // + inet_common.c has additional IPv4-only stuff |
| 921 | 921 | ||
| 922 | #if defined CONFIG_FEATURE_TLS_SCHANNEL | 922 | #if defined CONFIG_FEATURE_TLS_SCHANNEL |
| 923 | enum schannel_connection_state { | ||
| 924 | BB_SCHANNEL_OPEN = 0, | ||
| 925 | BB_SCHANNEL_CLOSED = 1, | ||
| 926 | BB_SCHANNEL_CLOSED_AND_FREED = 2 | ||
| 927 | }; | ||
| 928 | |||
| 923 | typedef struct tls_state { | 929 | typedef struct tls_state { |
| 924 | int ofd; | 930 | int ofd; |
| 925 | int ifd; | 931 | int ifd; |
| 926 | 932 | ||
| 927 | // handles | 933 | // handles |
| 928 | CredHandle cred_handle; | 934 | CredHandle cred_handle; |
| 929 | CtxtHandle ctx_handle; | 935 | CtxtHandle ctx_handle; |
| 930 | |||
| 931 | // buffers | ||
| 932 | char in_buffer[16384 + 256]; // input buffer (to read from server) | ||
| 933 | unsigned long in_buffer_size; // amount of data currently in input buffer | ||
| 934 | |||
| 935 | char *out_buffer; // output buffer (for decrypted data), this is essentially the same as input buffer as data is decrypted in place | ||
| 936 | unsigned long out_buffer_size; // amount of data currently in output buffer | ||
| 937 | unsigned long out_buffer_used; // amount of extra data currently in output buffer | ||
| 938 | |||
| 939 | // data | ||
| 940 | char *hostname; | ||
| 941 | SecPkgContext_StreamSizes stream_sizes; | ||
| 942 | 936 | ||
| 943 | // booleans | 937 | // buffers |
| 938 | char in_buffer[16384 + 256]; // input buffer (to read from server), length is maximum TLS packet size | ||
| 939 | unsigned long in_buffer_offset; | ||
| 944 | 940 | ||
| 945 | // context initialized | 941 | char *out_buffer; // output buffer (for decrypted data, offset from in_buffer) |
| 946 | int initialized; | 942 | unsigned long out_buffer_length; |
| 943 | unsigned long out_buffer_extra; | ||
| 947 | 944 | ||
| 948 | // closed by remote peer | 945 | // data |
| 949 | int closed; | 946 | char *hostname; |
| 947 | SecPkgContext_StreamSizes stream_sizes; | ||
| 948 | bool initialized; | ||
| 949 | enum schannel_connection_state connection_state; | ||
| 950 | } tls_state_t; | 950 | } tls_state_t; |
| 951 | #else | 951 | #else |
| 952 | struct tls_aes { | 952 | struct tls_aes { |