diff options
-rw-r--r-- | src/tls/rec_read.cpp | 8 | ||||
-rw-r--r-- | src/tls/rec_wri.cpp | 8 | ||||
-rw-r--r-- | src/tls/tls_client.cpp | 9 | ||||
-rw-r--r-- | src/tls/tls_record.h | 10 | ||||
-rw-r--r-- | src/tls/tls_server.cpp | 9 |
5 files changed, 30 insertions, 14 deletions
diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp index 3fd2df33f..c4773d279 100644 --- a/src/tls/rec_read.cpp +++ b/src/tls/rec_read.cpp @@ -65,15 +65,19 @@ void Record_Reader::set_version(Protocol_Version version) /* * Set the keys for reading */ -void Record_Reader::activate(const Ciphersuite& suite, +void Record_Reader::activate(Connection_Side side, + const Ciphersuite& suite, const Session_Keys& keys, - Connection_Side side) + byte compression_method) { m_cipher.reset(); delete m_mac; m_mac = 0; m_seq_no = 0; + if(compression_method != NO_COMPRESSION) + throw Internal_Error("Negotiated unknown compression algorithm"); + SymmetricKey mac_key, cipher_key; InitializationVector iv; diff --git a/src/tls/rec_wri.cpp b/src/tls/rec_wri.cpp index f340c451b..4f4fb4fd4 100644 --- a/src/tls/rec_wri.cpp +++ b/src/tls/rec_wri.cpp @@ -67,14 +67,18 @@ void Record_Writer::set_version(Protocol_Version version) /* * Set the keys for writing */ -void Record_Writer::activate(const Ciphersuite& suite, +void Record_Writer::activate(Connection_Side side, + const Ciphersuite& suite, const Session_Keys& keys, - Connection_Side side) + byte compression_method) { m_cipher.reset(); delete m_mac; m_mac = 0; + if(compression_method != NO_COMPRESSION) + throw Internal_Error("Negotiated unknown compression algorithm"); + /* RFC 4346: A sequence number is incremented after each record: specifically, diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index e0fde4573..d733733be 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -338,7 +338,8 @@ void Client::process_handshake_msg(Handshake_Type type, writer.send(CHANGE_CIPHER_SPEC, 1); - writer.activate(state->suite, state->keys, CLIENT); + writer.activate(CLIENT, state->suite, state->keys, + state->server_hello->compression_method()); if(state->server_hello->next_protocol_notification()) { @@ -354,7 +355,8 @@ void Client::process_handshake_msg(Handshake_Type type, { state->set_expected_next(FINISHED); - reader.activate(state->suite, state->keys, CLIENT); + reader.activate(CLIENT, state->suite, state->keys, + state->server_hello->compression_method()); } else if(type == FINISHED) { @@ -372,7 +374,8 @@ void Client::process_handshake_msg(Handshake_Type type, { writer.send(CHANGE_CIPHER_SPEC, 1); - writer.activate(state->suite, state->keys, CLIENT); + writer.activate(CLIENT, state->suite, state->keys, + state->server_hello->compression_method()); state->client_finished = new Finished(writer, state, CLIENT); } diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h index 41e1c6372..74b7e56a2 100644 --- a/src/tls/tls_record.h +++ b/src/tls/tls_record.h @@ -47,9 +47,10 @@ class BOTAN_DLL Record_Writer void alert(Alert_Level level, Alert_Type type); - void activate(const Ciphersuite& suite, + void activate(Connection_Side side, + const Ciphersuite& suite, const Session_Keys& keys, - Connection_Side side); + byte compression_method); void set_version(Protocol_Version version); @@ -101,9 +102,10 @@ class BOTAN_DLL Record_Reader byte& msg_type, MemoryVector<byte>& msg); - void activate(const Ciphersuite& suite, + void activate(Connection_Side side, + const Ciphersuite& suite, const Session_Keys& keys, - Connection_Side side); + byte compression_method); void set_version(Protocol_Version version); diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 74d4106a2..33dc196bb 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -207,7 +207,8 @@ void Server::process_handshake_msg(Handshake_Type type, writer.send(CHANGE_CIPHER_SPEC, 1); - writer.activate(state->suite, state->keys, SERVER); + writer.activate(SERVER, state->suite, state->keys, + state->server_hello->compression_method()); state->server_finished = new Finished(writer, state, SERVER); @@ -377,7 +378,8 @@ void Server::process_handshake_msg(Handshake_Type type, else state->set_expected_next(FINISHED); - reader.activate(state->suite, state->keys, SERVER); + reader.activate(SERVER, state->suite, state->keys, + state->server_hello->compression_method()); } else if(type == NEXT_PROTOCOL) { @@ -404,7 +406,8 @@ void Server::process_handshake_msg(Handshake_Type type, writer.send(CHANGE_CIPHER_SPEC, 1); - writer.activate(state->suite, state->keys, SERVER); + writer.activate(SERVER, state->suite, state->keys, + state->server_hello->compression_method()); state->server_finished = new Finished(writer, state, SERVER); |