explicit check for change cipher before finished instead of encryptionOn implicit

2014-10-29 14:07:41 -07:00 · 2014-10-29 14:07:41 -07:00 · 7fed36b09d
commit 7fed36b09d
parent a4228740f5
4 changed files with 13 additions and 0 deletions
--- a/cyassl/error-ssl.h
+++ b/cyassl/error-ssl.h
@ -123,6 +123,7 @@ enum CyaSSL_ErrorCodes {
    SESSION_TICKET_EXPECT_E = -390,        /* Session Ticket missing   */
    SCR_DIFFERENT_CERT_E    = -391,        /* SCR Different cert error  */
    SESSION_SECRET_CB_E     = -392,        /* Session secret Cb fcn failure */
+    NO_CHANGE_CIPHER_E      = -393,        /* Finished before change cipher */

    /* add strings to SetErrorString !!!!! */

--- a/cyassl/internal.h
+++ b/cyassl/internal.h
@ -1788,6 +1788,7 @@ typedef struct Options {
    byte            quietShutdown;      /* don't send close notify */
    byte            certOnly;           /* stop once we get cert */
    byte            groupMessages;      /* group handshake messages */
+    byte            gotChangeCipher;    /* received change cipher from peer */
    byte            usingNonblock;      /* set when using nonblocking socket */
    byte            saveArrays;         /* save array Memory for user get keys
                                           or psk */
--- a/src/internal.c
+++ b/src/internal.c
@ -1685,6 +1685,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
    ssl->options.quietShutdown = ctx->quietShutdown;
    ssl->options.certOnly = 0;
    ssl->options.groupMessages = ctx->groupMessages;
+    ssl->options.gotChangeCipher = 0;
    ssl->options.usingNonblock = 0;
    ssl->options.saveArrays = 0;
 #ifdef HAVE_POLY1305
@ -4601,6 +4602,11 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size,
    if (finishedSz != size)
        return BUFFER_ERROR;

+    if (ssl->options.gotChangeCipher == 0) {
+        CYASSL_MSG("Finished received from peer before change cipher");
+        return NO_CHANGE_CIPHER_E;
+    }
+
    /* check against totalSz */
    if (*inOutIdx + size + ssl->keys.padSz > totalSz)
        return BUFFER_E;
@ -6457,6 +6463,7 @@ int ProcessReply(CYASSL* ssl)
                    break;

                case change_cipher_spec:
+                    ssl->options.gotChangeCipher = 1;
                    CYASSL_MSG("got CHANGE CIPHER SPEC");
                    #ifdef CYASSL_CALLBACKS
                        if (ssl->hsInfoOn)
@ -7861,6 +7868,9 @@ const char* CyaSSL_ERR_reason_error_string(unsigned long e)
    case SESSION_SECRET_CB_E:
        return "Session Secret Callback Error";

+    case NO_CHANGE_CIPHER_E:
+        return "Finished received from peer before Change Cipher Error";
+
    default :
        return "unknown error number";
    }
--- a/src/ssl.c
+++ b/src/ssl.c
@ -775,6 +775,7 @@ int CyaSSL_Rehandshake(CYASSL* ssl)
    ssl->options.acceptState   = ACCEPT_BEGIN;
    ssl->options.handShakeState = NULL_STATE;
    ssl->options.processReply  = 0;  /* TODO, move states in internal.h */
+    ssl->options.gotChangeCipher = 0;

    ssl->secure_renegotiation->cache_status = SCR_CACHE_NEEDED;