forked from wolfSSL/wolfssl
1. Remove the clearing of the sessionID from Rehandshake.
2. Put SecureResume in terms of a regular resume, using Get/SetSession and then calling Rehandshake. 3. Add the startScr after checking secure_renegotiation enabled during a resume.
This commit is contained in:
John Safranek
@ -23898,6 +23898,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
ret = HandleTlsResumption(ssl, bogusID, &clSuites);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
if (ssl->secure_renegotiation &&
|
||||
ssl->secure_renegotiation->enabled &&
|
||||
IsEncryptionOn(ssl, 0))
|
||||
ssl->secure_renegotiation->startScr = 1;
|
||||
#endif
|
||||
|
||||
if (ssl->options.clientState == CLIENT_KEYEXCHANGE_COMPLETE) {
|
||||
WOLFSSL_LEAVE("DoClientHello", ret);
|
||||
WOLFSSL_END(WC_FUNC_CLIENT_HELLO_DO);
|
||||
|
||||
43
src/ssl.c
43
src/ssl.c
@ -2347,7 +2347,7 @@ int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl)
|
||||
|
||||
|
||||
/* do a secure renegotiation handshake, user forced, we discourage */
|
||||
int wolfSSL_StartSecureRenegotiation(WOLFSSL* ssl, int resume)
|
||||
int wolfSSL_Rehandshake(WOLFSSL* ssl)
|
||||
{
|
||||
int ret;
|
||||
|
||||
@ -2364,9 +2364,6 @@ int wolfSSL_StartSecureRenegotiation(WOLFSSL* ssl, int resume)
|
||||
return SECURE_RENEGOTIATION_E;
|
||||
}
|
||||
|
||||
if (!resume)
|
||||
ssl->options.resuming = 0;
|
||||
|
||||
/* If the client started the renegotiation, the server will already
|
||||
* have processed the client's hello. */
|
||||
if (ssl->options.side != WOLFSSL_SERVER_END ||
|
||||
@ -2386,12 +2383,8 @@ int wolfSSL_StartSecureRenegotiation(WOLFSSL* ssl, int resume)
|
||||
}
|
||||
#endif
|
||||
|
||||
if (!resume) {
|
||||
XMEMSET(ssl->session.sessionID, 0, sizeof(ssl->session.sessionID));
|
||||
ssl->session.sessionIDSz = 0;
|
||||
}
|
||||
|
||||
/* reset handshake states */
|
||||
ssl->options.sendVerify = 0;
|
||||
ssl->options.serverState = NULL_STATE;
|
||||
ssl->options.clientState = NULL_STATE;
|
||||
ssl->options.connectState = CONNECT_BEGIN;
|
||||
@ -2406,29 +2399,39 @@ int wolfSSL_StartSecureRenegotiation(WOLFSSL* ssl, int resume)
|
||||
#if !defined(NO_WOLFSSL_SERVER) && defined(HAVE_SERVER_RENEGOTIATION_INFO)
|
||||
if (ssl->options.side == WOLFSSL_SERVER_END) {
|
||||
ret = SendHelloRequest(ssl);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
if (ret != 0) {
|
||||
ssl->error = ret;
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
}
|
||||
#endif /* NO_WOLFSSL_SERVER && HAVE_SERVER_RENEGOTIATION_INFO */
|
||||
|
||||
ret = InitHandshakeHashes(ssl);
|
||||
if (ret !=0)
|
||||
return ret;
|
||||
if (ret != 0) {
|
||||
ssl->error = ret;
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
}
|
||||
ret = wolfSSL_negotiate(ssl);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
int wolfSSL_Rehandshake(WOLFSSL* ssl) {
|
||||
WOLFSSL_ENTER("wolfSSL_Rehandshake()");
|
||||
return wolfSSL_StartSecureRenegotiation(ssl, 0);
|
||||
}
|
||||
/* do a secure resumption handshake, user forced, we discourage */
|
||||
int wolfSSL_SecureResume(WOLFSSL* ssl)
|
||||
{
|
||||
WOLFSSL_SESSION* session;
|
||||
int ret;
|
||||
|
||||
|
||||
int wolfSSL_SecureResume(WOLFSSL* ssl) {
|
||||
WOLFSSL_ENTER("wolfSSL_SecureResume()");
|
||||
return wolfSSL_StartSecureRenegotiation(ssl, 1);
|
||||
|
||||
session = wolfSSL_get_session(ssl);
|
||||
ret = wolfSSL_set_session(ssl, session);
|
||||
session = NULL;
|
||||
if (ret == WOLFSSL_SUCCESS)
|
||||
ret = wolfSSL_Rehandshake(ssl);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* HAVE_SECURE_RENEGOTIATION */
|
||||
|
||||
Reference in New Issue
Block a user