X-Git-Url: https://pd.if.org/git/?a=blobdiff_plain;f=crypto%2Ftlse.c;h=5274dbade4aa15ceca9a6a9e3f621f14fbcc802a;hb=HEAD;hp=a49b447101f59c9bfbbd42bdc5246bbcf9eac515;hpb=4eb87b5be87fdff504476d1798d558367d3f6f3e;p=zpackage

diff --git a/crypto/tlse.c b/crypto/tlse.c
index a49b447..5274dba 100644
--- a/crypto/tlse.c
+++ b/crypto/tlse.c
@@ -451,8 +451,10 @@ static void tls_init() {
 #endif
 #endif
 	/* TODO remove these */
+#if 0
 	register_hash(&md5_desc);
 	register_hash(&sha1_desc); 
+#endif
 
 	register_hash(&sha256_desc);
 	register_hash(&sha384_desc);
@@ -1787,17 +1789,21 @@ static int tls_expand_key(struct TLSContext *context) {
 			(int) TLS_MAX_KEY_EXPANSION_SIZE);
 	DEBUG_DUMP_HEX_LABEL("CLIENT KEY", clientkey, key_length);
 	DEBUG_DUMP_HEX_LABEL("CLIENT IV", clientiv, iv_length);
+#if 0
 	DEBUG_DUMP_HEX_LABEL("CLIENT MAC KEY",
 			context->is_server ? context->crypto.
 			ctx_remote_mac.remote_mac : context->
 			crypto.ctx_local_mac.local_mac,
 			mac_length);
+#endif
 	DEBUG_DUMP_HEX_LABEL("SERVER KEY", serverkey, key_length);
 	DEBUG_DUMP_HEX_LABEL("SERVER IV", serveriv, iv_length);
+#if 0
 	DEBUG_DUMP_HEX_LABEL("SERVER MAC KEY",
 			context->is_server ? context->crypto.
 			ctx_local_mac.local_mac : context->crypto.
 			ctx_remote_mac.remote_mac, mac_length);
+#endif
 	if (context->is_server) {
 		if (is_aead == 2) {
 			memcpy(context->crypto.ctx_remote_mac.remote_nonce,
@@ -4238,6 +4244,7 @@ int tls_parse_payload(struct TLSContext *context, const unsigned char *buf,
 		}
 
 		if (certificate_verify_alert != no_error) {
+			MARK;
 			tls_alert(context, 1, certificate_verify_alert);
 			context->critical_error = 1;
 		}
@@ -4245,21 +4252,27 @@ int tls_parse_payload(struct TLSContext *context, const unsigned char *buf,
 		if (payload_res < 0) {
 			switch (payload_res) {
 				case TLS_UNEXPECTED_MESSAGE:
+					MARK;
 					tls_alert(context, 1, unexpected_message);
 					break;
 				case TLS_COMPRESSION_NOT_SUPPORTED:
+					MARK;
 					tls_alert(context, 1, decompression_failure_RESERVED);
 					break;
 				case TLS_BROKEN_PACKET:
+					MARK;
 					tls_alert(context, 1, decode_error);
 					break;
 				case TLS_NO_MEMORY:
+					MARK;
 					tls_alert(context, 1, internal_error);
 					break;
 				case TLS_NOT_VERIFIED:
+					MARK;
 					tls_alert(context, 1, bad_record_mac);
 					break;
 				case TLS_BAD_CERTIFICATE:
+					MARK;
 					if (context->is_server) {
 						/* bad client certificate, continue */
 						tls_alert(context, 0, bad_certificate);
@@ -4269,19 +4282,24 @@ int tls_parse_payload(struct TLSContext *context, const unsigned char *buf,
 					}
 					break;
 				case TLS_UNSUPPORTED_CERTIFICATE:
+					MARK;
 					tls_alert(context, 1, unsupported_certificate);
 					break;
 				case TLS_NO_COMMON_CIPHER:
+					MARK;
 					tls_alert(context, 1, insufficient_security);
 					break;
 				case TLS_NOT_UNDERSTOOD:
+					MARK;
 					tls_alert(context, 1, internal_error);
 					break;
 				case TLS_NO_RENEGOTIATION:
+					MARK;
 					tls_alert(context, 0, no_renegotiation_RESERVED);
 					payload_res = 0;
 					break;
 				case TLS_DECRYPTION_FAILED:
+					MARK;
 					tls_alert(context, 1, decryption_failed_RESERVED);
 					break;
 			}
@@ -4292,6 +4310,7 @@ int tls_parse_payload(struct TLSContext *context, const unsigned char *buf,
 
 		if (certificate_verify_alert != no_error) {
 			payload_res = TLS_BAD_CERTIFICATE;
+			/* TODO this is set but not used */
 		}
 
 		/* except renegotiation */
@@ -4337,9 +4356,7 @@ int tls_parse_payload(struct TLSContext *context, const unsigned char *buf,
 					}
 
 					tls_send_certificate(context);
-
 					tls_send_certificate_verify(context);
-
 					tls_send_finished(context);
 
 					/* new key */