WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #1359 from SparkiDev/nginx_fixes 

Fixes to get Nginx working again.
pull/1368/head
toddouska 2018-02-09 13:17:38 -08:00 committed by GitHub
parent 44be47a83b 297fb1a447
commit e254f25baf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/internal.c
View File

@ -4764,7 +4764,7 @@ void SSL_ResourceFree(WOLFSSL* ssl)
XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
/* parameters (p,g) may be owned by ctx */
if (ssl->buffers.weOwnDH || ssl->options.side == WOLFSSL_CLIENT_END) {
if (ssl->buffers.weOwnDH) {
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
}
@ -5013,7 +5013,7 @@ void FreeHandshakeResources(WOLFSSL* ssl)
XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_Pub.buffer = NULL;
/* parameters (p,g) may be owned by ctx */
if (ssl->buffers.weOwnDH || ssl->options.side == WOLFSSL_CLIENT_END) {
if (ssl->buffers.weOwnDH) {
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_G.buffer = NULL;
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
@ -7990,12 +7990,16 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
while (listSz) {
word32 certSz;
if (args->totalCerts >= ssl->verifyDepth) {
#ifdef OPENSSL_EXTRA
#ifdef OPENSSL_EXTRA
if (args->totalCerts > ssl->verifyDepth) {
ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG;
#endif
ERROR_OUT(MAX_CHAIN_ERROR, exit_ppc);
}
#else
if (args->totalCerts >= ssl->verifyDepth) {
ERROR_OUT(MAX_CHAIN_ERROR, exit_ppc);
}
#endif
if ((args->idx - args->begin) + OPAQUE24_LEN > totalSz) {
ERROR_OUT(BUFFER_ERROR, exit_ppc);
@ -17842,6 +17846,8 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
length);
args->idx += length;
ssl->buffers.weOwnDH = 1;
/* pub */
if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
ERROR_OUT(BUFFER_ERROR, exit_dske);
@ -18033,6 +18039,8 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
length);
args->idx += length;
ssl->buffers.weOwnDH = 1;
/* pub */
if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
ERROR_OUT(BUFFER_ERROR, exit_dske);

2
src/tls.c
View File

@ -8846,7 +8846,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
(void)heap;
if (method) {
#if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NGINX)
#if defined(WOLFSSL_TLS13)
InitSSL_Method(method, MakeTLSv1_3());
#else
InitSSL_Method(method, MakeTLSv1_2());