Key Change

Move the setting of the key in the handshake from right before sending the finished message to between building change cipher spec and sending it. This way there won't be any opportunity to send a message after the change cipher spec that won't be encrypted.
2025-08-01 11:44:38 +02:00 · 2020-12-14 18:13:26 -08:00
parent f8e674e45d
commit 123c713658
1 changed files with 8 additions and 8 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -15960,6 +15960,14 @@ int SendChangeCipher(WOLFSSL* ssl)
    #endif
    ssl->buffers.outputBuffer.length += sendSz;

+    /* setup encrypt keys */
+    if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
+        return ret;
+
+    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
+        ssl->options.startedETMWrite = ssl->options.encThenMac;
+    #endif
+
    if (ssl->options.groupMessages)
        return 0;
    #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DEBUG_DTLS)
@@ -16707,14 +16715,6 @@ int SendFinished(WOLFSSL* ssl)
    WOLFSSL_START(WC_FUNC_FINISHED_SEND);
    WOLFSSL_ENTER("SendFinished");

-    /* setup encrypt keys */
-    if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
-        return ret;
-
-    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        ssl->options.startedETMWrite = ssl->options.encThenMac;
-    #endif
-
    /* check for available size */
    outputSz = sizeof(input) + MAX_MSG_EXTRA;
    if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)