aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
diff options
context:
space:
mode:
Diffstat (limited to 'src/tls')
-rw-r--r--src/tls/tls_client.cpp4
-rw-r--r--src/tls/tls_handshake_io.cpp24
-rw-r--r--src/tls/tls_messages.h9
-rw-r--r--src/tls/tls_record.h2
-rw-r--r--src/tls/tls_server.cpp4
5 files changed, 31 insertions, 12 deletions
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp
index e5e8db0c3..42d549136 100644
--- a/src/tls/tls_client.cpp
+++ b/src/tls/tls_client.cpp
@@ -427,7 +427,7 @@ void Client::process_handshake_msg(Handshake_Type type,
);
}
- m_writer.send(CHANGE_CIPHER_SPEC, 1);
+ m_state->handshake_io().send(Change_Cipher_Spec());
m_writer.change_cipher_spec(CLIENT,
m_state->ciphersuite(),
@@ -483,7 +483,7 @@ void Client::process_handshake_msg(Handshake_Type type,
if(!m_state->client_finished()) // session resume case
{
- m_writer.send(CHANGE_CIPHER_SPEC, 1);
+ m_state->handshake_io().send(Change_Cipher_Spec());
m_writer.change_cipher_spec(CLIENT,
m_state->ciphersuite(),
diff --git a/src/tls/tls_handshake_io.cpp b/src/tls/tls_handshake_io.cpp
index aa644571d..6ff8f71e0 100644
--- a/src/tls/tls_handshake_io.cpp
+++ b/src/tls/tls_handshake_io.cpp
@@ -102,10 +102,16 @@ Stream_Handshake_IO::format(const std::vector<byte>& msg,
std::vector<byte> Stream_Handshake_IO::send(const Handshake_Message& msg)
{
- const std::vector<byte> buf = format(msg.serialize(), msg.type());
+ const std::vector<byte> msg_bits = msg.serialize();
- m_writer.send(HANDSHAKE, &buf[0], buf.size());
+ if(msg.type() == HANDSHAKE_CCS)
+ {
+ m_writer.send(CHANGE_CIPHER_SPEC, msg_bits);
+ return std::vector<byte>(); // not included in handshake hashes
+ }
+ const std::vector<byte> buf = format(msg_bits, msg.type());
+ m_writer.send(HANDSHAKE, buf);
return buf;
}
@@ -282,15 +288,21 @@ Datagram_Handshake_IO::format(const std::vector<byte>& msg,
}
std::vector<byte>
-Datagram_Handshake_IO::send(const Handshake_Message& handshake_msg)
+Datagram_Handshake_IO::send(const Handshake_Message& msg)
{
- const std::vector<byte> msg = handshake_msg.serialize();
+ const std::vector<byte> msg_bits = msg.serialize();
+
+ if(msg.type() == HANDSHAKE_CCS)
+ {
+ m_writer.send(CHANGE_CIPHER_SPEC, msg_bits);
+ return std::vector<byte>(); // not included in handshake hashes
+ }
const std::vector<byte> no_fragment =
- format_w_seq(msg, handshake_msg.type(), m_out_message_seq);
+ format_w_seq(msg_bits, msg.type(), m_out_message_seq);
// FIXME: fragment to mtu size if needed
- m_writer.send(HANDSHAKE, &no_fragment[0], no_fragment.size());
+ m_writer.send(HANDSHAKE, no_fragment);
m_out_message_seq += 1;
diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h
index f162a8cce..555520073 100644
--- a/src/tls/tls_messages.h
+++ b/src/tls/tls_messages.h
@@ -491,6 +491,15 @@ class New_Session_Ticket : public Handshake_Message
std::vector<byte> m_ticket;
};
+class Change_Cipher_Spec : public Handshake_Message
+ {
+ public:
+ Handshake_Type type() const override { return HANDSHAKE_CCS; }
+
+ std::vector<byte> serialize() const override
+ { return std::vector<byte>(1, 1); }
+ };
+
}
}
diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h
index 820de0958..5de17033a 100644
--- a/src/tls/tls_record.h
+++ b/src/tls/tls_record.h
@@ -32,8 +32,6 @@ class BOTAN_DLL Record_Writer
public:
void send(byte type, const byte input[], size_t length);
- void send(byte type, byte val) { send(type, &val, 1); }
-
void send(byte type, const std::vector<byte>& input)
{ send(type, &input[0], input.size()); }
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index aabafaaaa..426da353b 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -445,7 +445,7 @@ void Server::process_handshake_msg(Handshake_Type type,
}
}
- m_writer.send(CHANGE_CIPHER_SPEC, 1);
+ m_state->handshake_io().send(Change_Cipher_Spec());
m_writer.change_cipher_spec(SERVER,
m_state->ciphersuite(),
@@ -713,7 +713,7 @@ void Server::process_handshake_msg(Handshake_Type type,
);
}
- m_writer.send(CHANGE_CIPHER_SPEC, 1);
+ m_state->handshake_io().send(Change_Cipher_Spec());
m_writer.change_cipher_spec(SERVER,
m_state->ciphersuite(),