mirror of https://github.com/wolfSSL/wolfssl
respond to negotiation attempt with alert warning no_renegotiation to try graceful continue if possible
This commit is contained in:
parent
e98715ee11
commit
9b5ab7c914
|
@ -1160,7 +1160,9 @@ enum AlertDescription {
|
|||
certificate_expired = 45,
|
||||
certificate_unknown = 46,
|
||||
illegal_parameter = 47,
|
||||
decrypt_error = 51
|
||||
decrypt_error = 51,
|
||||
protocol_version = 70,
|
||||
no_renegotiation = 100
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -1709,6 +1709,36 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
|
|||
}
|
||||
|
||||
|
||||
static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx)
|
||||
{
|
||||
if (ssl->keys.encryptionOn) {
|
||||
const byte* mac;
|
||||
int padSz = ssl->keys.encryptSz - HANDSHAKE_HEADER_SZ -
|
||||
ssl->specs.hash_size;
|
||||
byte verify[SHA256_DIGEST_SIZE];
|
||||
|
||||
ssl->hmac(ssl, verify, input + *inOutIdx - HANDSHAKE_HEADER_SZ,
|
||||
HANDSHAKE_HEADER_SZ, handshake, 1);
|
||||
/* read mac and fill */
|
||||
mac = input + *inOutIdx;
|
||||
*inOutIdx += ssl->specs.hash_size;
|
||||
|
||||
if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
|
||||
padSz -= ssl->specs.block_size;
|
||||
|
||||
*inOutIdx += padSz;
|
||||
|
||||
/* verify */
|
||||
if (XMEMCMP(mac, verify, ssl->specs.hash_size)) {
|
||||
CYASSL_MSG(" hello_request verify mac error");
|
||||
return VERIFY_MAC_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
return SendAlert(ssl, alert_warning, no_renegotiation);
|
||||
}
|
||||
|
||||
|
||||
int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, int sniff)
|
||||
{
|
||||
byte verifyMAC[SHA256_DIGEST_SIZE];
|
||||
|
@ -1802,6 +1832,11 @@ static int DoHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx,
|
|||
|
||||
switch (type) {
|
||||
|
||||
case hello_request:
|
||||
CYASSL_MSG("processing hello request");
|
||||
ret = DoHelloRequest(ssl, input, inOutIdx);
|
||||
break;
|
||||
|
||||
#ifndef NO_CYASSL_CLIENT
|
||||
case hello_verify_request:
|
||||
CYASSL_MSG("processing hello verify request");
|
||||
|
|
Loading…
Reference in New Issue