fix hello_request processing w/ mac-verify at upper layer
This commit is contained in:
toddouska
parent
422a2b8be8
commit
c8d67670f3
@ -1330,7 +1330,7 @@ AC_ARG_ENABLE([renegotiation-indication],
|
||||
|
||||
if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_RENEGOTIATION_INDICATION"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_RENEGOTIATION_INDICATION"
|
||||
fi
|
||||
|
||||
# Supported Elliptic Curves Extensions
|
||||
|
||||
@ -4351,21 +4351,15 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx,
|
||||
static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx,
|
||||
word32 size, word32 totalSz)
|
||||
{
|
||||
int ret = 0;
|
||||
(void)input;
|
||||
|
||||
if (size) /* must be 0 */
|
||||
return BUFFER_ERROR;
|
||||
|
||||
if (ssl->keys.encryptionOn) {
|
||||
byte verify[MAX_DIGEST_SIZE];
|
||||
int padSz = ssl->keys.encryptSz - HANDSHAKE_HEADER_SZ -
|
||||
ssl->specs.hash_size;
|
||||
|
||||
ret = ssl->hmac(ssl, verify, input + *inOutIdx - HANDSHAKE_HEADER_SZ,
|
||||
HANDSHAKE_HEADER_SZ, handshake, 1);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
|
||||
padSz -= ssl->specs.block_size;
|
||||
|
||||
@ -4373,12 +4367,6 @@ static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx,
|
||||
if ((word32) (*inOutIdx + ssl->specs.hash_size + padSz) > totalSz)
|
||||
return INCOMPLETE_DATA;
|
||||
|
||||
/* verify */
|
||||
if (XMEMCMP(input + *inOutIdx, verify, ssl->specs.hash_size) != 0) {
|
||||
CYASSL_MSG(" hello_request verify mac error");
|
||||
return VERIFY_MAC_ERROR;
|
||||
}
|
||||
|
||||
*inOutIdx += ssl->specs.hash_size + padSz;
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user