Merge pull request #614 from toddouska/scr-verify
add SCR client and server verify data check
This commit is contained in:
John Safranek
GitHub
commit
c271806936
@ -1520,8 +1520,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
}
|
}
|
||||||
else if (input < 0) {
|
else if (input < 0) {
|
||||||
int readErr = wolfSSL_get_error(ssl, 0);
|
int readErr = wolfSSL_get_error(ssl, 0);
|
||||||
if (readErr != SSL_ERROR_WANT_READ)
|
if (readErr != SSL_ERROR_WANT_READ) {
|
||||||
|
printf("wolfSSL_read error %d!\n", readErr);
|
||||||
err_sys("wolfSSL_read failed");
|
err_sys("wolfSSL_read failed");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifndef NO_SESSION_CACHE
|
#ifndef NO_SESSION_CACHE
|
||||||
@ -1687,8 +1689,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
}
|
}
|
||||||
} else if (input < 0) {
|
} else if (input < 0) {
|
||||||
int readErr = wolfSSL_get_error(ssl, 0);
|
int readErr = wolfSSL_get_error(ssl, 0);
|
||||||
if (readErr != SSL_ERROR_WANT_READ)
|
if (readErr != SSL_ERROR_WANT_READ) {
|
||||||
|
printf("wolfSSL_read error %d!\n", readErr);
|
||||||
err_sys("wolfSSL_read failed");
|
err_sys("wolfSSL_read failed");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* try to send session break */
|
/* try to send session break */
|
||||||
|
|||||||
21
src/tls.c
21
src/tls.c
@ -3163,16 +3163,29 @@ static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input,
|
|||||||
ret = 0;
|
ret = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (*input == 2 * TLS_FINISHED_SZ) {
|
else if (*input == 2 * TLS_FINISHED_SZ &&
|
||||||
/* TODO compare client_verify_data and server_verify_data */
|
length == 2 * TLS_FINISHED_SZ + OPAQUE8_LEN) {
|
||||||
ret = 0;
|
input++; /* get past size */
|
||||||
|
|
||||||
|
/* validate client and server verify data */
|
||||||
|
if (XMEMCMP(input,
|
||||||
|
ssl->secure_renegotiation->client_verify_data,
|
||||||
|
TLS_FINISHED_SZ) == 0 &&
|
||||||
|
XMEMCMP(input + TLS_FINISHED_SZ,
|
||||||
|
ssl->secure_renegotiation->server_verify_data,
|
||||||
|
TLS_FINISHED_SZ) == 0) {
|
||||||
|
WOLFSSL_MSG("SCR client and server verify data match");
|
||||||
|
ret = 0; /* verified */
|
||||||
|
} else {
|
||||||
|
/* already in error state */
|
||||||
|
WOLFSSL_MSG("SCR client and server verify data Failure");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
/* TODO: turn on fatal error at ssl level too */
|
|
||||||
SendAlert(ssl, alert_fatal, handshake_failure);
|
SendAlert(ssl, alert_fatal, handshake_failure);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user