diff --git a/certs/test/catalog.txt b/certs/test/catalog.txt index a1f77b4b3..da7c211ec 100644 --- a/certs/test/catalog.txt +++ b/certs/test/catalog.txt @@ -7,3 +7,6 @@ dh512.pem, dh512.der: dh1024.pem, dh1024.der: 1024-bit DH parameters. Used for testing the rejection of lower-bit sized DH keys. +digsigku.pem: + ECC certificate with a KeyUsage extension without the digitalSignature bit + set. diff --git a/certs/test/digsigku.pem b/certs/test/digsigku.pem new file mode 100644 index 000000000..edc30ba3d --- /dev/null +++ b/certs/test/digsigku.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + e3:81:4b:48:a5:70:61:70 + Signature Algorithm: ecdsa-with-SHA1 + Issuer: C=US, ST=Washington, L=Seattle, O=Foofarah, OU=Arglebargle, CN=foobarbaz/emailAddress=info@worlss.com + Validity + Not Before: Sep 10 00:45:36 2014 GMT + Not After : Jun 6 00:45:36 2017 GMT + Subject: C=US, ST=Washington, L=Seattle, O=Foofarah, OU=Arglebargle, CN=foobarbaz/emailAddress=info@worlss.com + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + EC Public Key: + pub: + 04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de: + 9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c: + 16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92: + 21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33: + 0b:80:34:89:d8 + ASN1 OID: prime256v1 + X509v3 extensions: + X509v3 Subject Key Identifier: + 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 + X509v3 Authority Key Identifier: + keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 + + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Non Repudiation, Key Encipherment + Signature Algorithm: ecdsa-with-SHA1 + 30:46:02:21:00:f4:36:ee:86:21:d5:c7:1f:2d:0d:bb:29:ae: + c1:74:ff:a3:ce:41:fe:cb:93:eb:ff:ef:fe:e3:4d:20:e5:18: + 65:02:21:00:b1:39:13:12:e2:b5:19:f2:8f:5b:40:ac:7a:5c: + e2:a6:e3:d3:e6:9f:79:3c:29:d8:c6:7d:88:f4:60:0c:48:00 +-----BEGIN CERTIFICATE----- +MIICfTCCAiOgAwIBAgIJAOOBS0ilcGFwMAkGByqGSM49BAEwgZExCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYD +VQQKDAhGb29mYXJhaDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZv +b2JhcmJhejEeMBwGCSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMB4XDTE0MDkx +MDAwNDUzNloXDTE3MDYwNjAwNDUzNlowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYDVQQKDAhGb29mYXJh +aDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZvb2JhcmJhejEeMBwG +CSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D +AQcDQgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFb +l5Ihf/DPGNqREQI0huggWDMLgDSJ2KNjMGEwHQYDVR0OBBYEFF1dJu+sfjb5m3YV +K0olAiPvsokwMB8GA1UdIwQYMBaAFF1dJu+sfjb5m3YVK0olAiPvsokwMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgVgMAkGByqGSM49BAEDSQAwRgIhAPQ2 +7oYh1ccfLQ27Ka7BdP+jzkH+y5Pr/+/+400g5RhlAiEAsTkTEuK1GfKPW0Cselzi +puPT5p95PCnYxn2I9GAMSAA= +-----END CERTIFICATE----- diff --git a/src/internal.c b/src/internal.c index 8517a814a..75d85b130 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2166,14 +2166,15 @@ void DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type, word32 fragOffset, word32 fragSz) { if (msg != NULL && data != NULL && msg->fragSz <= msg->sz && - fragOffset < msg->sz && (fragOffset + fragSz) <= msg->sz) { + fragOffset <= msg->sz && (fragOffset + fragSz) <= msg->sz) { msg->seq = seq; msg->type = type; msg->fragSz += fragSz; /* If fragOffset is zero, this is either a full message that is out * of order, or the first fragment of a fragmented message. Copy the - * handshake message header as well as the message data. */ + * handshake message header with the message data. Zero length messages + * like Server Hello Done should be saved as well. */ if (fragOffset == 0) XMEMCPY(msg->buf, data - DTLS_HANDSHAKE_HEADER_SZ, fragSz + DTLS_HANDSHAKE_HEADER_SZ); @@ -2184,8 +2185,8 @@ void DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type, * hash routines look at a defragmented message if it had actually * come across as a single handshake message. */ XMEMCPY(msg->msg + fragOffset, data, fragSz); - c32to24(msg->sz, msg->msg - DTLS_HANDSHAKE_FRAG_SZ); } + c32to24(msg->sz, msg->msg - DTLS_HANDSHAKE_FRAG_SZ); } }