wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

save secure r verify data

Browse Source
This commit is contained in:
toddouska
2014-09-16 11:51:13 -07:00
parent 2e6b472ace
commit 9a90a0c113
2 changed files with 28 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cyassl/internal.h
View File

@@ -1884,6 +1884,7 @@ typedef struct DtlsMsg {
byte server_verify_data[TLS_FINISHED_SZ]; /* previous handshake value */ byte server_verify_data[TLS_FINISHED_SZ]; /* previous handshake value */
byte secure_renegotation; /* is current connection using */ byte secure_renegotation; /* is current connection using */
byte doing_secure_renegotation; /* are we doing it now flag */ byte doing_secure_renegotation; /* are we doing it now flag */
byte enabled; /* runtime allowed? */
} SecureR_State; } SecureR_State;
#endif #endif

30
src/internal.c
View File

@@ -1775,6 +1775,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
ssl->secureR_state.secure_renegotation = 0; ssl->secureR_state.secure_renegotation = 0;
ssl->secureR_state.doing_secure_renegotation = 0; ssl->secureR_state.doing_secure_renegotation = 0;
ssl->secureR_state.enabled = 0;
#endif /* HAVE_SECURE_RENEGOTIATION */ #endif /* HAVE_SECURE_RENEGOTIATION */
/* all done with init, now can return errors, call other stuff */ /* all done with init, now can return errors, call other stuff */
@@ -4387,6 +4388,10 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size,
if (finishedSz != size) if (finishedSz != size)
return BUFFER_ERROR; return BUFFER_ERROR;
/* check against totalSz */
if (*inOutIdx + size + ssl->keys.padSz > totalSz)
return BUFFER_E;
#ifdef CYASSL_CALLBACKS #ifdef CYASSL_CALLBACKS
if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo); if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo);
if (ssl->toInfoOn) AddLateName("Finished", &ssl->timeoutInfo); if (ssl->toInfoOn) AddLateName("Finished", &ssl->timeoutInfo);
@@ -4399,9 +4404,17 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size,
} }
} }
/* increment beyond input + size should be checked against totalSz */ #ifdef HAVE_SECURE_RENEGOTIATION
if (*inOutIdx + size + ssl->keys.padSz > totalSz) if (ssl->secureR_state.enabled) {
return INCOMPLETE_DATA; /* save peer's state */
if (ssl->options.side == CYASSL_CLIENT_END)
XMEMCPY(ssl->secureR_state.server_verify_data, input + *inOutIdx,
TLS_FINISHED_SZ);
else
XMEMCPY(ssl->secureR_state.client_verify_data, input + *inOutIdx,
TLS_FINISHED_SZ);
}
#endif /* HAVE_SECURE_RENEGOTIATION */
/* force input exhaustion at ProcessReply consuming padSz */ /* force input exhaustion at ProcessReply consuming padSz */
*inOutIdx += size + ssl->keys.padSz; *inOutIdx += size + ssl->keys.padSz;
@@ -6719,6 +6732,17 @@ int SendFinished(CYASSL* ssl)
ssl->options.side == CYASSL_CLIENT_END ? client : server); ssl->options.side == CYASSL_CLIENT_END ? client : server);
if (ret != 0) return ret; if (ret != 0) return ret;
#ifdef HAVE_SECURE_RENEGOTIATION
if (ssl->secureR_state.enabled) {
if (ssl->options.side == CYASSL_CLIENT_END)
XMEMCPY(ssl->secureR_state.client_verify_data, hashes,
TLS_FINISHED_SZ);
else
XMEMCPY(ssl->secureR_state.server_verify_data, hashes,
TLS_FINISHED_SZ);
}
#endif /* HAVE_SECURE_RENEGOTIATION */
sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz, sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz,
handshake); handshake);
if (sendSz < 0) if (sendSz < 0)