void _gnutls_handshake_hash_buffers_clear(gnutls_session_t session)
{
session->internals.handshake_hash_buffer_prev_len = 0;
+ session->internals.handshake_hash_buffer_client_kx_len = 0;
_gnutls_buffer_clear(&session->internals.handshake_hash_buffer);
}
return gnutls_assert_val(ret);
}
+ /* save the size until client KX. That is because the TLS
+ * session hash is calculated up to this message.
+ */
+ if (recv_type == GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE)
+ session->internals.handshake_hash_buffer_client_kx_len =
+ session->internals.handshake_hash_buffer.length;
+
return 0;
}
if (ret < 0)
return gnutls_assert_val(ret);
+ if (type == GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE)
+ session->internals.handshake_hash_buffer_client_kx_len =
+ session->internals.handshake_hash_buffer.length;
+
return 0;
}
if (unlikely(ver == NULL))
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ if (session->internals.handshake_hash_buffer_client_kx_len == 0 ||
+ (session->internals.handshake_hash_buffer.length <
+ session->internals.handshake_hash_buffer_client_kx_len)) {
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+
if (_gnutls_version_has_selectable_prf(ver)) { /* TLS 1.2+ */
gnutls_mac_algorithm_t prf;
_gnutls_hash_fast((gnutls_digest_algorithm_t)me->id,
session->internals.handshake_hash_buffer.
data,
- session->internals.handshake_hash_buffer.
- length, concat);
+ session->internals.handshake_hash_buffer_client_kx_len,
+ concat);
if (ret < 0)
return gnutls_assert_val(ret);
_gnutls_hash(&td_sha,
session->internals.handshake_hash_buffer.data,
- session->internals.handshake_hash_buffer.length);
+ session->internals.handshake_hash_buffer_client_kx_len);
_gnutls_hash_deinit(&td_sha, &concat[16]);
_gnutls_hash(&td_md5,
session->internals.handshake_hash_buffer.data,
- session->internals.handshake_hash_buffer.
- length);
+ session->internals.handshake_hash_buffer_client_kx_len);
_gnutls_hash_deinit(&td_md5, concat);
int handshake_hash_buffer_prev_len; /* keeps the length of handshake_hash_buffer, excluding
* the last received message */
+ unsigned handshake_hash_buffer_client_kx_len;/* if non-zero it is the length of data until the
+ * the client key exchange message */
gnutls_buffer_st handshake_hash_buffer; /* used to keep the last received handshake
* message */
bool resumable; /* TRUE or FALSE - if we can resume that session */