Merge pull request #2313 from SparkiDev/tls13_reneg

Fix for TLS 1.3 and secure renegotiation
2019-07-08 12:56:02 -07:00
parent 406ff31fc8 60af8bdb7c
commit 66db74d827
2 changed files with 11 additions and 4 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -9816,8 +9816,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                }

            #ifdef HAVE_SECURE_RENEGOTIATION
-                if (args->fatal == 0 && ssl->secure_renegotiation
-                               && ssl->secure_renegotiation->enabled) {
+                if (args->fatal == 0 && !IsAtLeastTLSv1_3(ssl->version)
+                                     && ssl->secure_renegotiation
+                                     && ssl->secure_renegotiation->enabled) {

                    if (IsEncryptionOn(ssl, 0)) {
                        /* compare against previous time */
--- a/src/tls.c
+++ b/src/tls.c
@ -9967,7 +9967,7 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
        case server_hello:
            PF_VALIDATE_RESPONSE(ssl, semaphore);
    #ifdef WOLFSSL_TLS13
-                if (ssl->options.tls1_3) {
+                if (IsAtLeastTLSv1_3(ssl->version)) {
                    XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
        #ifndef WOLFSSL_TLS13_DRAFT_18
                    TURN_OFF(semaphore,
@ -10011,6 +10011,9 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
        #endif
        #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
            TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
+        #endif
+        #if defined(HAVE_SECURE_RENEGOTIATION)
+            TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_RENEGOTIATION_INFO));
        #endif
            break;

@ -10084,7 +10087,7 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
            case server_hello:
                PF_VALIDATE_RESPONSE(ssl, semaphore);
    #ifdef WOLFSSL_TLS13
-                if (ssl->options.tls1_3) {
+                if (IsAtLeastTLSv1_3(ssl->version)) {
                    XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
        #ifndef WOLFSSL_TLS13_DRAFT_18
                    TURN_OFF(semaphore,
@ -10128,6 +10131,9 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
        #endif
        #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
                TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST));
+        #endif
+        #if defined(HAVE_SECURE_RENEGOTIATION)
+            TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_RENEGOTIATION_INFO));
        #endif
                break;