feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix for TLS 1.3 and secure renegotiation

Browse Source
This commit is contained in:
Sean Parkinson
2019-07-01 09:26:05 +10:00
parent f51a8fffde
commit 60af8bdb7c
2 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/internal.c
View File

@ -9660,8 +9660,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
}
#ifdef HAVE_SECURE_RENEGOTIATION
if (args->fatal == 0 && ssl->secure_renegotiation
&& ssl->secure_renegotiation->enabled) {
if (args->fatal == 0 && !IsAtLeastTLSv1_3(ssl->version)
&& ssl->secure_renegotiation
&& ssl->secure_renegotiation->enabled) {
if (IsEncryptionOn(ssl, 0)) {
/* compare against previous time */

10
src/tls.c
View File

@ -9959,7 +9959,7 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
case server_hello:
PF_VALIDATE_RESPONSE(ssl, semaphore);
#ifdef WOLFSSL_TLS13
if (ssl->options.tls1_3) {
if (IsAtLeastTLSv1_3(ssl->version)) {
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
#ifndef WOLFSSL_TLS13_DRAFT_18
TURN_OFF(semaphore,
@ -10003,6 +10003,9 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
#endif
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
#endif
#if defined(HAVE_SECURE_RENEGOTIATION)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_RENEGOTIATION_INFO));
#endif
break;
@ -10076,7 +10079,7 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
case server_hello:
PF_VALIDATE_RESPONSE(ssl, semaphore);
#ifdef WOLFSSL_TLS13
if (ssl->options.tls1_3) {
if (IsAtLeastTLSv1_3(ssl->version)) {
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
#ifndef WOLFSSL_TLS13_DRAFT_18
TURN_OFF(semaphore,
@ -10120,6 +10123,9 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
#endif
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
#endif
#if defined(HAVE_SECURE_RENEGOTIATION)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_RENEGOTIATION_INFO));
#endif
break;