mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

allow client auth with scr

Browse Source
This commit is contained in:
toddouska 2014-09-29 13:38:56 -07:00
parent 369b7559c5
commit d3db4546ec
1 changed files with 58 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
src/internal.c
View File

@ -6901,6 +6901,9 @@ int SendCertificate(CYASSL* ssl)
} }
#endif #endif
if (ssl->keys.encryptionOn)
sendSz += MAX_MSG_EXTRA;
/* check for available size */ /* check for available size */
if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
return ret; return ret;
@ -6926,10 +6929,30 @@ int SendCertificate(CYASSL* ssl)
if (ssl->buffers.certChain.buffer) { if (ssl->buffers.certChain.buffer) {
XMEMCPY(output + i, ssl->buffers.certChain.buffer, XMEMCPY(output + i, ssl->buffers.certChain.buffer,
ssl->buffers.certChain.length); ssl->buffers.certChain.length);
/* if add more to output adjust i i += ssl->buffers.certChain.length;
i += ssl->buffers.certChain.length; */
} }
} }
if (ssl->keys.encryptionOn) {
byte* input;
int inputSz = i - RECORD_HEADER_SZ; /* build msg adds rec hdr */
input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (input == NULL)
return MEMORY_E;
XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
sendSz = BuildMessage(ssl, output, sendSz, input,inputSz,handshake);
XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (sendSz < 0)
return sendSz;
} else {
ret = HashOutput(ssl, output, sendSz, 0);
if (ret != 0)
return ret;
}
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
if (ssl->options.dtls) { if (ssl->options.dtls) {
if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
@ -6937,10 +6960,6 @@ int SendCertificate(CYASSL* ssl)
} }
#endif #endif
ret = HashOutput(ssl, output, sendSz, 0);
if (ret != 0)
return ret;
#ifdef CYASSL_CALLBACKS #ifdef CYASSL_CALLBACKS
if (ssl->hsInfoOn) AddPacketName("Certificate", &ssl->handShakeInfo); if (ssl->hsInfoOn) AddPacketName("Certificate", &ssl->handShakeInfo);
if (ssl->toInfoOn) if (ssl->toInfoOn)
@ -9970,7 +9989,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
int SendCertificateVerify(CYASSL* ssl) int SendCertificateVerify(CYASSL* ssl)
{ {
byte *output; byte *output;
int sendSz = 0, length, ret; int sendSz = MAX_CERT_VERIFY_SZ, length, ret;
word32 idx = 0; word32 idx = 0;
word32 sigOutSz = 0; word32 sigOutSz = 0;
#ifndef NO_RSA #ifndef NO_RSA
@ -9987,8 +10006,11 @@ static void PickHashSigAlgo(CYASSL* ssl,
if (ssl->options.sendVerify == SEND_BLANK_CERT) if (ssl->options.sendVerify == SEND_BLANK_CERT)
return 0; /* sent blank cert, can't verify */ return 0; /* sent blank cert, can't verify */
if (ssl->keys.encryptionOn)
sendSz += MAX_MSG_EXTRA;
/* check for available size */ /* check for available size */
if ((ret = CheckAvailableSize(ssl, MAX_CERT_VERIFY_SZ)) != 0) if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
return ret; return ret;
/* get ouput buffer */ /* get ouput buffer */
@ -10197,15 +10219,41 @@ static void PickHashSigAlgo(CYASSL* ssl,
sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + length + sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + length +
extraSz + VERIFY_HEADER; extraSz + VERIFY_HEADER;
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
if (ssl->options.dtls) { if (ssl->options.dtls) {
sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
}
#endif
if (ssl->keys.encryptionOn) {
byte* input;
int inputSz = sendSz - RECORD_HEADER_SZ;
/* build msg adds rec hdr */
input = (byte*)XMALLOC(inputSz, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (input == NULL)
ret = MEMORY_E;
else {
XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
sendSz = BuildMessage(ssl, output,
MAX_CERT_VERIFY_SZ +MAX_MSG_EXTRA,
input, inputSz, handshake);
XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (sendSz < 0)
ret = sendSz;
}
} else {
ret = HashOutput(ssl, output, sendSz, 0);
}
#ifdef CYASSL_DTLS
if (ssl->options.dtls) {
if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
return ret; return ret;
} }
#endif #endif
ret = HashOutput(ssl, output, sendSz, 0);
} }
} }
#ifndef NO_RSA #ifndef NO_RSA