diff options
Diffstat (limited to 'src/tls')
-rw-r--r-- | src/tls/tls_client.cpp | 4 | ||||
-rw-r--r-- | src/tls/tls_handshake_io.cpp | 24 | ||||
-rw-r--r-- | src/tls/tls_messages.h | 9 | ||||
-rw-r--r-- | src/tls/tls_record.h | 2 | ||||
-rw-r--r-- | src/tls/tls_server.cpp | 4 |
5 files changed, 31 insertions, 12 deletions
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index e5e8db0c3..42d549136 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -427,7 +427,7 @@ void Client::process_handshake_msg(Handshake_Type type, ); } - m_writer.send(CHANGE_CIPHER_SPEC, 1); + m_state->handshake_io().send(Change_Cipher_Spec()); m_writer.change_cipher_spec(CLIENT, m_state->ciphersuite(), @@ -483,7 +483,7 @@ void Client::process_handshake_msg(Handshake_Type type, if(!m_state->client_finished()) // session resume case { - m_writer.send(CHANGE_CIPHER_SPEC, 1); + m_state->handshake_io().send(Change_Cipher_Spec()); m_writer.change_cipher_spec(CLIENT, m_state->ciphersuite(), diff --git a/src/tls/tls_handshake_io.cpp b/src/tls/tls_handshake_io.cpp index aa644571d..6ff8f71e0 100644 --- a/src/tls/tls_handshake_io.cpp +++ b/src/tls/tls_handshake_io.cpp @@ -102,10 +102,16 @@ Stream_Handshake_IO::format(const std::vector<byte>& msg, std::vector<byte> Stream_Handshake_IO::send(const Handshake_Message& msg) { - const std::vector<byte> buf = format(msg.serialize(), msg.type()); + const std::vector<byte> msg_bits = msg.serialize(); - m_writer.send(HANDSHAKE, &buf[0], buf.size()); + if(msg.type() == HANDSHAKE_CCS) + { + m_writer.send(CHANGE_CIPHER_SPEC, msg_bits); + return std::vector<byte>(); // not included in handshake hashes + } + const std::vector<byte> buf = format(msg_bits, msg.type()); + m_writer.send(HANDSHAKE, buf); return buf; } @@ -282,15 +288,21 @@ Datagram_Handshake_IO::format(const std::vector<byte>& msg, } std::vector<byte> -Datagram_Handshake_IO::send(const Handshake_Message& handshake_msg) +Datagram_Handshake_IO::send(const Handshake_Message& msg) { - const std::vector<byte> msg = handshake_msg.serialize(); + const std::vector<byte> msg_bits = msg.serialize(); + + if(msg.type() == HANDSHAKE_CCS) + { + m_writer.send(CHANGE_CIPHER_SPEC, msg_bits); + return std::vector<byte>(); // not included in handshake hashes + } const std::vector<byte> no_fragment = - format_w_seq(msg, handshake_msg.type(), m_out_message_seq); + format_w_seq(msg_bits, msg.type(), m_out_message_seq); // FIXME: fragment to mtu size if needed - m_writer.send(HANDSHAKE, &no_fragment[0], no_fragment.size()); + m_writer.send(HANDSHAKE, no_fragment); m_out_message_seq += 1; diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h index f162a8cce..555520073 100644 --- a/src/tls/tls_messages.h +++ b/src/tls/tls_messages.h @@ -491,6 +491,15 @@ class New_Session_Ticket : public Handshake_Message std::vector<byte> m_ticket; }; +class Change_Cipher_Spec : public Handshake_Message + { + public: + Handshake_Type type() const override { return HANDSHAKE_CCS; } + + std::vector<byte> serialize() const override + { return std::vector<byte>(1, 1); } + }; + } } diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h index 820de0958..5de17033a 100644 --- a/src/tls/tls_record.h +++ b/src/tls/tls_record.h @@ -32,8 +32,6 @@ class BOTAN_DLL Record_Writer public: void send(byte type, const byte input[], size_t length); - void send(byte type, byte val) { send(type, &val, 1); } - void send(byte type, const std::vector<byte>& input) { send(type, &input[0], input.size()); } diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index aabafaaaa..426da353b 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -445,7 +445,7 @@ void Server::process_handshake_msg(Handshake_Type type, } } - m_writer.send(CHANGE_CIPHER_SPEC, 1); + m_state->handshake_io().send(Change_Cipher_Spec()); m_writer.change_cipher_spec(SERVER, m_state->ciphersuite(), @@ -713,7 +713,7 @@ void Server::process_handshake_msg(Handshake_Type type, ); } - m_writer.send(CHANGE_CIPHER_SPEC, 1); + m_state->handshake_io().send(Change_Cipher_Spec()); m_writer.change_cipher_spec(SERVER, m_state->ciphersuite(), |