WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Key Change 

Move the setting of the key in the handshake from right before
sending the finished message to between building change cipher spec
and sending it. This way there won't be any opportunity to send a
message after the change cipher spec that won't be encrypted.
pull/3554/head
John Safranek 2020-12-14 18:13:26 -08:00
parent f8e674e45d
commit 123c713658
No known key found for this signature in database
GPG Key ID: 8CE817DE0D3CCB4A
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/internal.c
View File

@ -15960,6 +15960,14 @@ int SendChangeCipher(WOLFSSL* ssl)
#endif #endif
ssl->buffers.outputBuffer.length += sendSz; ssl->buffers.outputBuffer.length += sendSz;
/* setup encrypt keys */
if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
return ret;
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
ssl->options.startedETMWrite = ssl->options.encThenMac;
#endif
if (ssl->options.groupMessages) if (ssl->options.groupMessages)
return 0; return 0;
#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DEBUG_DTLS) #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DEBUG_DTLS)
@ -16707,14 +16715,6 @@ int SendFinished(WOLFSSL* ssl)
WOLFSSL_START(WC_FUNC_FINISHED_SEND); WOLFSSL_START(WC_FUNC_FINISHED_SEND);
WOLFSSL_ENTER("SendFinished"); WOLFSSL_ENTER("SendFinished");
/* setup encrypt keys */
if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
return ret;
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
ssl->options.startedETMWrite = ssl->options.encThenMac;
#endif
/* check for available size */ /* check for available size */
outputSz = sizeof(input) + MAX_MSG_EXTRA; outputSz = sizeof(input) + MAX_MSG_EXTRA;
if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)