feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix for TLS 1.3 and secure renegotiation

Browse Source
This commit is contained in:
Sean Parkinson
2019-07-01 09:26:05 +10:00
parent f51a8fffde
commit 60af8bdb7c
2 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/internal.c
View File

@@ -9660,7 +9660,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
} }
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
if (args->fatal == 0 && ssl->secure_renegotiation if (args->fatal == 0 && !IsAtLeastTLSv1_3(ssl->version)
&& ssl->secure_renegotiation
&& ssl->secure_renegotiation->enabled) { && ssl->secure_renegotiation->enabled) {
if (IsEncryptionOn(ssl, 0)) { if (IsEncryptionOn(ssl, 0)) {

10
src/tls.c
View File

@@ -9959,7 +9959,7 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
case server_hello: case server_hello:
PF_VALIDATE_RESPONSE(ssl, semaphore); PF_VALIDATE_RESPONSE(ssl, semaphore);
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
if (ssl->options.tls1_3) { if (IsAtLeastTLSv1_3(ssl->version)) {
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
#ifndef WOLFSSL_TLS13_DRAFT_18 #ifndef WOLFSSL_TLS13_DRAFT_18
TURN_OFF(semaphore, TURN_OFF(semaphore,
@@ -10003,6 +10003,9 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
#endif #endif
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
#endif
#if defined(HAVE_SECURE_RENEGOTIATION)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_RENEGOTIATION_INFO));
#endif #endif
break; break;
@@ -10076,7 +10079,7 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
case server_hello: case server_hello:
PF_VALIDATE_RESPONSE(ssl, semaphore); PF_VALIDATE_RESPONSE(ssl, semaphore);
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
if (ssl->options.tls1_3) { if (IsAtLeastTLSv1_3(ssl->version)) {
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
#ifndef WOLFSSL_TLS13_DRAFT_18 #ifndef WOLFSSL_TLS13_DRAFT_18
TURN_OFF(semaphore, TURN_OFF(semaphore,
@@ -10120,6 +10123,9 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
#endif #endif
#ifdef HAVE_CERTIFICATE_STATUS_REQUEST #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST)); TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
#endif
#if defined(HAVE_SECURE_RENEGOTIATION)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_RENEGOTIATION_INFO));
#endif #endif
break; break;