Moved setting encryption flags to after handshake completion

ehuman · ehuman · commit 5c51893035a1 · 2013-08-05T15:47:52.000Z
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@230 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
diff --git a/ssl/tls1.c b/ssl/tls1.c
@@ -1334,14 +1334,14 @@ int basic_read(SSL *ssl, uint8_t **in_data)
                 goto error;
             }
 
-            /* all encrypted from now on */
-            SET_SSL_FLAG(SSL_RX_ENCRYPTED);
             if (set_key_block(ssl, 0) < 0)
             {
                 ret = SSL_ERROR_INVALID_HANDSHAKE;
                 goto error;
             }
             
+            /* all encrypted from now on */
+            SET_SSL_FLAG(SSL_RX_ENCRYPTED);
             memset(ssl->read_sequence, 0, 8);
             break;
 
@@ -1441,11 +1441,12 @@ int send_change_cipher_spec(SSL *ssl)
 {
     int ret = send_packet(ssl, PT_CHANGE_CIPHER_SPEC, 
             g_chg_cipher_spec_pkt, sizeof(g_chg_cipher_spec_pkt));
-    SET_SSL_FLAG(SSL_TX_ENCRYPTED);
 
     if (ret >= 0 && set_key_block(ssl, 1) < 0)
         ret = SSL_ERROR_INVALID_HANDSHAKE;
-
+    
+    if (ssl->cipher_info)
+        SET_SSL_FLAG(SSL_TX_ENCRYPTED);
     memset(ssl->write_sequence, 0, 8);
     return ret;
 }

Original file line number	Diff line number	Diff line change
`@@ -1334,14 +1334,14 @@ int basic_read(SSL ssl, uint8_t *in_data)`
`1334`	`1334`	`goto error;`
`1335`	`1335`	`}`
`1336`	`1336`
`1337`		`- /* all encrypted from now on */`
`1338`		`- SET_SSL_FLAG(SSL_RX_ENCRYPTED);`
`1339`	`1337`	`if (set_key_block(ssl, 0) < 0)`
`1340`	`1338`	`{`
`1341`	`1339`	`ret = SSL_ERROR_INVALID_HANDSHAKE;`
`1342`	`1340`	`goto error;`
`1343`	`1341`	`}`
`1344`	`1342`
	`1343`	`+ /* all encrypted from now on */`
	`1344`	`+ SET_SSL_FLAG(SSL_RX_ENCRYPTED);`
`1345`	`1345`	`memset(ssl->read_sequence, 0, 8);`
`1346`	`1346`	`break;`
`1347`	`1347`
`@@ -1441,11 +1441,12 @@ int send_change_cipher_spec(SSL *ssl)`
`1441`	`1441`	`{`
`1442`	`1442`	`int ret = send_packet(ssl, PT_CHANGE_CIPHER_SPEC,`
`1443`	`1443`	`g_chg_cipher_spec_pkt, sizeof(g_chg_cipher_spec_pkt));`
`1444`		`- SET_SSL_FLAG(SSL_TX_ENCRYPTED);`
`1445`	`1444`
`1446`	`1445`	`if (ret >= 0 && set_key_block(ssl, 1) < 0)`
`1447`	`1446`	`ret = SSL_ERROR_INVALID_HANDSHAKE;`
`1448`		`-`
	`1447`	`+`
	`1448`	`+ if (ssl->cipher_info)`
	`1449`	`+ SET_SSL_FLAG(SSL_TX_ENCRYPTED);`
`1449`	`1450`	`memset(ssl->write_sequence, 0, 8);`
`1450`	`1451`	`return ret;`
`1451`	`1452`	`}`