tls: add comment, no code changes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2018-11-18 19:50:24 +01:00
parent af694a4b29
commit 4e46b98a45

View File

@ -1527,11 +1527,11 @@ static void process_server_key(tls_state_t *tls, int len)
xhdr = (void*)tls->inbuf; xhdr = (void*)tls->inbuf;
keybuf = (void*)(xhdr + 1); keybuf = (void*)(xhdr + 1);
//seen from is.gd: it selects curve_x25519: //seen from is.gd: it selects curve_x25519:
// 0c 00006e //SERVER_KEY_EXCHANGE // 0c 00006e //SERVER_KEY_EXCHANGE, len
// 03 //curve_type: named curve // 03 //curve_type: named curve
// 001d //curve_x25519 // 001d //curve_x25519
//server-chosen EC point, and then signed_params //server-chosen EC point, and then signed_params
// (rfc8422: "A hash of the params, with the signature // (RFC 8422: "A hash of the params, with the signature
// appropriate to that hash applied. The private key corresponding // appropriate to that hash applied. The private key corresponding
// to the certified public key in the server's Certificate message is // to the certified public key in the server's Certificate message is
// used for signing.") // used for signing.")
@ -1547,6 +1547,18 @@ static void process_server_key(tls_state_t *tls, int len)
// 02 20 //INTEGER, len // 02 20 //INTEGER, len
// 64523d6216cb94c43c9b20e377d8c52c55be6703fd6730a155930c705eaf3af6 //32bytes // 64523d6216cb94c43c9b20e377d8c52c55be6703fd6730a155930c705eaf3af6 //32bytes
//same about this item ^^^^^ //same about this item ^^^^^
//seen from www.openbsd.org
//(which only accepts ECDHE-RSA-AESnnn-GCM-SHAnnn and ECDHE-RSA-CHACHA20-POLY1305 ciphers):
// 0c 000228 //SERVER_KEY_EXCHANGE, len
// 03 //curve_type: named curve
// 001d //curve_x25519
// 20 //eccPubKeyLen
// eef7a15c43b71a4c7eaa48a39369399cc4332e569ec90a83274cc92596705c1a //eccPubKey
// 0401 //hashSigAlg: 4:SHA256, 1:RSA
// 0200 //len
// //0x200 bytes follow
/* Get and verify length */ /* Get and verify length */
len1 = get24be(keybuf + 1); len1 = get24be(keybuf + 1);
if (len1 > len - 4) tls_error_die(tls); if (len1 > len - 4) tls_error_die(tls);