tls13: fix to not send RENEGOTIATION_INFO ext

Introduced in PR #4742 to enable sending of extension in TLS1.2
without fully supporting secure renegotiation in accordance with
RFC 5746 4.3 https://datatracker.ietf.org/doc/html/rfc5746#section-4.3
This commit is contained in:
elms
2022-02-17 10:55:51 -08:00
parent 95ae242550
commit 208c457348
3 changed files with 8 additions and 6 deletions

View File

@ -4257,8 +4257,10 @@ then
fi fi
# Renegotiation Indication - (FAKE Secure Renegotiation) # Renegotiation Indication - (FAKE Secure Renegotiation)
# Client will send TLS_EMPTY_RENEGOTIATION_INFO_SCSV, not supported
# with enabling secure renegotiation
AC_ARG_ENABLE([renegotiation-indication], AC_ARG_ENABLE([renegotiation-indication],
[AS_HELP_STRING([--enable-renegotiation-indication],[Enable Renegotiation Indication (default: disabled)])], [AS_HELP_STRING([--enable-renegotiation-indication],[Enable Renegotiation Indication for client via empty cipher (default: disabled)])],
[ ENABLED_RENEGOTIATION_INDICATION=$enableval ], [ ENABLED_RENEGOTIATION_INDICATION=$enableval ],
[ ENABLED_RENEGOTIATION_INDICATION=no ] [ ENABLED_RENEGOTIATION_INDICATION=no ]
) )

View File

@ -3125,7 +3125,7 @@ static int _Rehandshake(WOLFSSL* ssl)
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
} }
} }
#endif /* NO_WOLFSSL_SERVER && HAVE_SERVER_RENEGOTIATION_INFO */ #endif /* !NO_WOLFSSL_SERVER && HAVE_SECURE_RENEGOTIATION */
ret = InitHandshakeHashes(ssl); ret = InitHandshakeHashes(ssl);
if (ret != 0) { if (ret != 0) {

View File

@ -4997,7 +4997,7 @@ int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap)
#define SCR_WRITE(a, b, c) 0 #define SCR_WRITE(a, b, c) 0
#define SCR_PARSE(a, b, c, d) 0 #define SCR_PARSE(a, b, c, d) 0
#endif /* HAVE_SECURE_RENEGOTIATION */ #endif /* HAVE_SECURE_RENEGOTIATION || HAVE_SERVER_RENEGOTIATION_INFO */
/******************************************************************************/ /******************************************************************************/
/* Session Tickets */ /* Session Tickets */
@ -11107,7 +11107,7 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST_V2)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST_V2));
#endif #endif
#if defined(HAVE_SECURE_RENEGOTIATION) #if defined(HAVE_SERVER_RENEGOTIATION_INFO)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_RENEGOTIATION_INFO)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_RENEGOTIATION_INFO));
#endif #endif
break; break;
@ -11233,7 +11233,7 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST_V2)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST_V2));
#endif #endif
#if defined(HAVE_SECURE_RENEGOTIATION) #if defined(HAVE_SERVER_RENEGOTIATION_INFO)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_RENEGOTIATION_INFO)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_RENEGOTIATION_INFO));
#endif #endif
break; break;
@ -11561,7 +11561,7 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
WOLFSSL_BUFFER(input + offset, size); WOLFSSL_BUFFER(input + offset, size);
#endif #endif
#if defined(WOLFSSL_TLS13) && defined(HAVE_SECURE_RENEGOTIATION) #if defined(WOLFSSL_TLS13) && defined(HAVE_SERVER_RENEGOTIATION_INFO)
if (IsAtLeastTLSv1_3(ssl->version)) if (IsAtLeastTLSv1_3(ssl->version))
break; break;
#endif #endif