abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-19 19:33:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Minor TLS fixes

Browse Source
This commit is contained in:
Zhi Guan
2026-06-12 13:48:45 +08:00
parent 473498ad93
commit 51883c507a
2 changed files with 35 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/tlcp.c
View File

@@ -398,10 +398,10 @@ int tlcp_send_client_hello(TLS_CONNECT *conn)
return -1; return -1;
} }
tls_handshake_digest_print(stderr, 0, 0, "ClientHello", &conn->dgst_ctx); tls_handshake_digest_print(stderr, 0, 0, "ClientHello", &conn->dgst_ctx);
}
if (conn->client_certificate_verify) { if (conn->client_certificate_verify) {
sm2_sign_update(&conn->sign_ctx, conn->record + 5, conn->recordlen - 5); sm2_sign_update(&conn->sign_ctx, conn->record + 5, conn->recordlen - 5);
}
} }
if ((ret = tls_send_record(conn)) != 1) { if ((ret = tls_send_record(conn)) != 1) {

60
src/tls13.c
View File

@@ -4027,10 +4027,10 @@ int tls13_send_client_hello(TLS_CONNECT *conn)
memcpy(conn->plain_record, conn->record, conn->recordlen); memcpy(conn->plain_record, conn->record, conn->recordlen);
conn->plain_recordlen = conn->recordlen; conn->plain_recordlen = conn->recordlen;
}
if (conn->client_certificate_verify) { if (conn->client_certificate_verify) {
sm2_sign_update(&conn->sign_ctx, conn->record + 5, conn->recordlen - 5); sm2_sign_update(&conn->sign_ctx, conn->record + 5, conn->recordlen - 5);
}
} }
if ((ret = tls_send_record(conn)) != 1) { if ((ret = tls_send_record(conn)) != 1) {
@@ -4641,10 +4641,10 @@ int tls13_send_client_hello_again(TLS_CONNECT *conn)
error_print(); error_print();
return -1; return -1;
} }
}
if (conn->client_certificate_verify) { if (conn->client_certificate_verify) {
sm2_sign_update(&conn->sign_ctx, conn->record + 5, conn->recordlen - 5); sm2_sign_update(&conn->sign_ctx, conn->record + 5, conn->recordlen - 5);
}
} }
if ((ret = tls_send_record(conn)) != 1) { if ((ret = tls_send_record(conn)) != 1) {
@@ -7790,36 +7790,40 @@ int tls13_send_alert(TLS_CONNECT *conn, int alert)
tls_trace("send {Alert}\n"); tls_trace("send {Alert}\n");
tls_record_set_protocol(conn->plain_record, TLS_protocol_tls12); if (conn->recordlen == 0) {
tls_record_set_alert(conn->plain_record, &conn->plain_recordlen, TLS_alert_level_fatal, alert); tls_record_set_protocol(conn->plain_record, TLS_protocol_tls12);
tls_record_set_alert(conn->plain_record, &conn->plain_recordlen, TLS_alert_level_fatal, alert);
tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen); tls13_record_print(stderr, 0, 0, conn->plain_record, conn->plain_recordlen);
switch (conn->handshake_state) { switch (conn->handshake_state) {
case TLS_state_client_hello: case TLS_state_client_hello:
case TLS_state_server_hello: case TLS_state_server_hello:
case TLS_state_hello_retry_request: case TLS_state_hello_retry_request:
tls_socket_send(conn->sock, conn->plain_record, conn->plain_recordlen, 0); memcpy(conn->record, conn->plain_record, conn->plain_recordlen);
break; conn->recordlen = conn->plain_recordlen;
default: break;
tls13_padding_len_rand(&padding_len); default:
if (tls13_record_encrypt(&conn->server_write_key, conn->server_write_iv, tls13_padding_len_rand(&padding_len);
conn->server_seq_num, conn->plain_record, conn->plain_recordlen, padding_len, if (tls13_record_encrypt(&conn->server_write_key, conn->server_write_iv,
conn->record, &conn->recordlen) != 1) { conn->server_seq_num, conn->plain_record, conn->plain_recordlen, padding_len,
error_print(); conn->record, &conn->recordlen) != 1) {
return -1;
}
tls_seq_num_incr(conn->server_seq_num);
if ((ret = tls_send_record(conn)) != 1) {
if (ret != TLS_ERROR_SEND_AGAIN) {
error_print(); error_print();
return -1;
} }
return ret; tls_seq_num_incr(conn->server_seq_num);
} }
} }
if ((ret = tls_send_record(conn)) != 1) {
if (ret != TLS_ERROR_SEND_AGAIN) {
error_print();
}
return ret;
}
tls_clean_record(conn);
return 1; return 1;
} }