gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

validate KEXS in client hellos

Browse Source 
fixes #364
This commit is contained in:
Marten Seemann
2016-12-03 14:24:55 +07:00
parent 62a38f24d7
commit 4e8a2ee2b1
2 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
handshake/crypto_setup.go
View File

@@ -258,6 +258,11 @@ func (h *CryptoSetup) handleCHLO(sni string, data []byte, cryptoData map[Tag][]b
return nil, qerr.Error(qerr.CryptoNoSupport, "Unsupported AEAD or KEXS")
}
kexs := cryptoData[TagKEXS]
if !bytes.Equal(kexs, []byte("C255")) {
return nil, qerr.Error(qerr.CryptoNoSupport, "Unsupported AEAD or KEXS")
}
h.secureAEAD, err = h.keyDerivation(
false,
sharedSecret,