feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #3554 from ejohnstown/psk-fix

Browse Source 
PSK Alert
This commit is contained in:
Sean Parkinson
2020-12-16 09:40:04 +10:00
committed by GitHub
parent bab2f55661 123c713658
commit 922ca916a9
1 changed files with 16 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/internal.c
View File

@ -15960,6 +15960,14 @@ int SendChangeCipher(WOLFSSL* ssl)
#endif #endif
ssl->buffers.outputBuffer.length += sendSz; ssl->buffers.outputBuffer.length += sendSz;
/* setup encrypt keys */
if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
return ret;
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
ssl->options.startedETMWrite = ssl->options.encThenMac;
#endif
if (ssl->options.groupMessages) if (ssl->options.groupMessages)
return 0; return 0;
#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DEBUG_DTLS) #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DEBUG_DTLS)
@ -16707,14 +16715,6 @@ int SendFinished(WOLFSSL* ssl)
WOLFSSL_START(WC_FUNC_FINISHED_SEND); WOLFSSL_START(WC_FUNC_FINISHED_SEND);
WOLFSSL_ENTER("SendFinished"); WOLFSSL_ENTER("SendFinished");
/* setup encrypt keys */
if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
return ret;
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
ssl->options.startedETMWrite = ssl->options.encThenMac;
#endif
/* check for available size */ /* check for available size */
outputSz = sizeof(input) + MAX_MSG_EXTRA; outputSz = sizeof(input) + MAX_MSG_EXTRA;
if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
@ -29405,6 +29405,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (ssl->arrays->psk_keySz == 0 || if (ssl->arrays->psk_keySz == 0 ||
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) { ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal,
unknown_psk_identity);
#endif
ERROR_OUT(PSK_KEY_ERROR, exit_dcke); ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
} }
@ -30285,6 +30289,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (ssl->arrays->psk_keySz == 0 || if (ssl->arrays->psk_keySz == 0 ||
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) { ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal,
unknown_psk_identity);
#endif
ERROR_OUT(PSK_KEY_ERROR, exit_dcke); ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
} }