feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

fix issue between certificate fragmentation and secure renegotiation

Browse Source
This commit is contained in:
John Safranek
2015-08-18 21:00:17 -07:00
parent c1d663f22d
commit b0d90918f9
1 changed files with 16 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/internal.c
View File

@ -7523,15 +7523,17 @@ int SendCertificate(WOLFSSL* ssl)
if (ssl->fragOffset == 0) { if (ssl->fragOffset == 0) {
if (!ssl->options.dtls) { if (!ssl->options.dtls) {
AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl); AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl);
HashOutputRaw(ssl, output + RECORD_HEADER_SZ, if (!ssl->keys.encryptionOn)
HANDSHAKE_HEADER_SZ); HashOutputRaw(ssl, output + RECORD_HEADER_SZ,
HANDSHAKE_HEADER_SZ);
} }
else { else {
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
AddHeaders(output, payloadSz, certificate, ssl); AddHeaders(output, payloadSz, certificate, ssl);
HashOutputRaw(ssl, if (!ssl->keys.encryptionOn)
output + RECORD_HEADER_SZ + DTLS_RECORD_EXTRA, HashOutputRaw(ssl,
HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA); output + RECORD_HEADER_SZ + DTLS_RECORD_EXTRA,
HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA);
/* Adding the headers increments these, decrement them for /* Adding the headers increments these, decrement them for
* actual message header. */ * actual message header. */
ssl->keys.dtls_sequence_number--; ssl->keys.dtls_sequence_number--;
@ -7543,21 +7545,24 @@ int SendCertificate(WOLFSSL* ssl)
/* list total */ /* list total */
c32to24(listSz, output + i); c32to24(listSz, output + i);
HashOutputRaw(ssl, output + i, CERT_HEADER_SZ); if (!ssl->keys.encryptionOn)
HashOutputRaw(ssl, output + i, CERT_HEADER_SZ);
i += CERT_HEADER_SZ; i += CERT_HEADER_SZ;
length -= CERT_HEADER_SZ; length -= CERT_HEADER_SZ;
fragSz -= CERT_HEADER_SZ; fragSz -= CERT_HEADER_SZ;
if (certSz) { if (certSz) {
c32to24(certSz, output + i); c32to24(certSz, output + i);
HashOutputRaw(ssl, output + i, CERT_HEADER_SZ); if (!ssl->keys.encryptionOn)
HashOutputRaw(ssl, output + i, CERT_HEADER_SZ);
i += CERT_HEADER_SZ; i += CERT_HEADER_SZ;
length -= CERT_HEADER_SZ; length -= CERT_HEADER_SZ;
fragSz -= CERT_HEADER_SZ; fragSz -= CERT_HEADER_SZ;
HashOutputRaw(ssl, ssl->buffers.certificate.buffer, certSz); if (!ssl->keys.encryptionOn) {
if (certChainSz) { HashOutputRaw(ssl, ssl->buffers.certificate.buffer, certSz);
HashOutputRaw(ssl, if (certChainSz)
ssl->buffers.certChain.buffer, certChainSz); HashOutputRaw(ssl, ssl->buffers.certChain.buffer,
certChainSz);
} }
} }
} }