forked from wolfSSL/wolfssl
fix secure r extensions send/recv
This commit is contained in:
toddouska
@ -6731,7 +6731,6 @@ int SendFinished(CYASSL* ssl)
|
|||||||
|
|
||||||
#if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_TLS_EXTENSIONS)
|
#if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_TLS_EXTENSIONS)
|
||||||
if (ssl->secure_renegotiation) {
|
if (ssl->secure_renegotiation) {
|
||||||
printf("doing secure ren memcpy\n");
|
|
||||||
if (ssl->options.side == CYASSL_CLIENT_END)
|
if (ssl->options.side == CYASSL_CLIENT_END)
|
||||||
XMEMCPY(ssl->secure_renegotiation->client_verify_data, hashes,
|
XMEMCPY(ssl->secure_renegotiation->client_verify_data, hashes,
|
||||||
TLS_FINISHED_SZ);
|
TLS_FINISHED_SZ);
|
||||||
@ -7513,6 +7512,9 @@ const char* CyaSSL_ERR_reason_error_string(unsigned long e)
|
|||||||
case SEND_OOB_READ_E:
|
case SEND_OOB_READ_E:
|
||||||
return "Send Callback Out of Bounds Read Error";
|
return "Send Callback Out of Bounds Read Error";
|
||||||
|
|
||||||
|
case SECURE_RENEGOTIATION_E:
|
||||||
|
return "Invalid Renegotiation Error";
|
||||||
|
|
||||||
default :
|
default :
|
||||||
return "unknown error number";
|
return "unknown error number";
|
||||||
}
|
}
|
||||||
|
|||||||
37
src/tls.c
37
src/tls.c
@ -704,6 +704,15 @@ int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
|
|||||||
#ifdef HAVE_TLS_EXTENSIONS
|
#ifdef HAVE_TLS_EXTENSIONS
|
||||||
|
|
||||||
|
|
||||||
|
static INLINE word16 ConvertExtType(word16 type)
|
||||||
|
{
|
||||||
|
if (type < 0x10)
|
||||||
|
return type;
|
||||||
|
|
||||||
|
return 0x0a + (type & 0xFF);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
#define IS_OFF(semaphore, light) \
|
#define IS_OFF(semaphore, light) \
|
||||||
((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8)))
|
((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8)))
|
||||||
|
|
||||||
@ -1377,7 +1386,7 @@ static void TLSX_EllipticCurve_ValidateRequest(CYASSL* ssl, byte* semaphore)
|
|||||||
return;
|
return;
|
||||||
|
|
||||||
/* No elliptic curve suite found */
|
/* No elliptic curve suite found */
|
||||||
TURN_ON(semaphore, ELLIPTIC_CURVES);
|
TURN_ON(semaphore, ConvertExtType(ELLIPTIC_CURVES));
|
||||||
}
|
}
|
||||||
|
|
||||||
static word16 TLSX_EllipticCurve_GetSize(EllipticCurve* list)
|
static word16 TLSX_EllipticCurve_GetSize(EllipticCurve* list)
|
||||||
@ -1615,11 +1624,11 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name)
|
|||||||
|
|
||||||
static byte TLSX_SCR_GetSize(SecureRenegotiation* data, int isRequest)
|
static byte TLSX_SCR_GetSize(SecureRenegotiation* data, int isRequest)
|
||||||
{
|
{
|
||||||
byte length = OPAQUE8_LEN; /* RenegotiationInfo length */
|
byte length = OPAQUE8_LEN; /* empty info length */
|
||||||
|
|
||||||
if (data->enabled) {
|
if (data->enabled) {
|
||||||
/* client sends client_verify_data only */
|
/* client sends client_verify_data only */
|
||||||
length += TLS_FINISHED_SZ;
|
length = TLS_FINISHED_SZ;
|
||||||
|
|
||||||
/* server also sends server_verify_data */
|
/* server also sends server_verify_data */
|
||||||
if (!isRequest)
|
if (!isRequest)
|
||||||
@ -1632,10 +1641,8 @@ static byte TLSX_SCR_GetSize(SecureRenegotiation* data, int isRequest)
|
|||||||
static word16 TLSX_SCR_Write(SecureRenegotiation* data, byte* output,
|
static word16 TLSX_SCR_Write(SecureRenegotiation* data, byte* output,
|
||||||
int isRequest)
|
int isRequest)
|
||||||
{
|
{
|
||||||
word16 offset = OPAQUE8_LEN; /* RenegotiationInfo length */
|
word16 offset = 0; /* RenegotiationInfo length */
|
||||||
|
|
||||||
output[0] = TLSX_SCR_GetSize(data, isRequest);
|
|
||||||
|
|
||||||
if (data->enabled) {
|
if (data->enabled) {
|
||||||
/* client sends client_verify_data only */
|
/* client sends client_verify_data only */
|
||||||
XMEMCPY(output + offset, data->client_verify_data, TLS_FINISHED_SZ);
|
XMEMCPY(output + offset, data->client_verify_data, TLS_FINISHED_SZ);
|
||||||
@ -1646,6 +1653,8 @@ static word16 TLSX_SCR_Write(SecureRenegotiation* data, byte* output,
|
|||||||
XMEMCPY(output + offset, data->server_verify_data, TLS_FINISHED_SZ);
|
XMEMCPY(output + offset, data->server_verify_data, TLS_FINISHED_SZ);
|
||||||
offset += TLS_FINISHED_SZ;
|
offset += TLS_FINISHED_SZ;
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
output[offset++] = 0x00; /* empty info */
|
||||||
}
|
}
|
||||||
|
|
||||||
return offset;
|
return offset;
|
||||||
@ -1656,11 +1665,11 @@ static int TLSX_SCR_Parse(CYASSL* ssl, byte* input, word16 length,
|
|||||||
{
|
{
|
||||||
int ret = SECURE_RENEGOTIATION_E;
|
int ret = SECURE_RENEGOTIATION_E;
|
||||||
|
|
||||||
if (length >= OPAQUE8_LEN && *input == (length - OPAQUE8_LEN)) {
|
if (length >= OPAQUE8_LEN) {
|
||||||
if (ssl->secure_renegotiation == NULL) {
|
if (ssl->secure_renegotiation == NULL) {
|
||||||
#ifndef NO_CYASSL_SERVER
|
#ifndef NO_CYASSL_SERVER
|
||||||
if (isRequest && *input == 0) {
|
if (isRequest && *input == 0) {
|
||||||
ret = CyaSSL_UseSecureRenegotiation(ssl);
|
ret = 0; /* don't reply, user didn't enable */
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
@ -1688,8 +1697,10 @@ static int TLSX_SCR_Parse(CYASSL* ssl, byte* input, word16 length,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret != 0)
|
if (ret != 0) {
|
||||||
|
/* TODO: turn on fatal error at ssl level too */
|
||||||
SendAlert(ssl, alert_fatal, handshake_failure);
|
SendAlert(ssl, alert_fatal, handshake_failure);
|
||||||
|
}
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@ -1788,7 +1799,7 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
|
|||||||
if (!isRequest && !extension->resp)
|
if (!isRequest && !extension->resp)
|
||||||
continue; /* skip! */
|
continue; /* skip! */
|
||||||
|
|
||||||
if (!IS_OFF(semaphore, extension->type))
|
if (!IS_OFF(semaphore, ConvertExtType(extension->type)))
|
||||||
continue; /* skip! */
|
continue; /* skip! */
|
||||||
|
|
||||||
/* type + data length */
|
/* type + data length */
|
||||||
@ -1816,7 +1827,7 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
TURN_ON(semaphore, extension->type);
|
TURN_ON(semaphore, ConvertExtType(extension->type));
|
||||||
}
|
}
|
||||||
|
|
||||||
return length;
|
return length;
|
||||||
@ -1835,7 +1846,7 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
|
|||||||
if (!isRequest && !extension->resp)
|
if (!isRequest && !extension->resp)
|
||||||
continue; /* skip! */
|
continue; /* skip! */
|
||||||
|
|
||||||
if (!IS_OFF(semaphore, extension->type))
|
if (!IS_OFF(semaphore, ConvertExtType(extension->type)))
|
||||||
continue; /* skip! */
|
continue; /* skip! */
|
||||||
|
|
||||||
/* extension type */
|
/* extension type */
|
||||||
@ -1872,7 +1883,7 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
|
|||||||
/* writing extension data length */
|
/* writing extension data length */
|
||||||
c16toa(offset - length_offset, output + length_offset - OPAQUE16_LEN);
|
c16toa(offset - length_offset, output + length_offset - OPAQUE16_LEN);
|
||||||
|
|
||||||
TURN_ON(semaphore, extension->type);
|
TURN_ON(semaphore, ConvertExtType(extension->type));
|
||||||
}
|
}
|
||||||
|
|
||||||
return offset;
|
return offset;
|
||||||
|
|||||||
Reference in New Issue
Block a user