feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add server initiated scr

Browse Source
This commit is contained in:
toddouska
2014-09-29 14:48:49 -07:00
parent d3db4546ec
commit dcde28db51
2 changed files with 30 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cyassl/internal.h
View File

@ -1342,7 +1342,8 @@ enum key_cache_state {
/* Additional Conection State according to rfc5746 section 3.1 */ /* Additional Conection State according to rfc5746 section 3.1 */
typedef struct SecureRenegotiation { typedef struct SecureRenegotiation {
byte enabled; /* secure_renegotiation flag in rfc */ byte enabled; /* secure_renegotiation flag in rfc */
byte startScr; /* server requested client to start scr */
enum key_cache_state cache_status; /* track key cache state */ enum key_cache_state cache_status; /* track key cache state */
byte client_verify_data[TLS_FINISHED_SZ]; /* cached */ byte client_verify_data[TLS_FINISHED_SZ]; /* cached */
byte server_verify_data[TLS_FINISHED_SZ]; /* cached */ byte server_verify_data[TLS_FINISHED_SZ]; /* cached */
@ -1768,7 +1769,6 @@ typedef struct Options {
#ifdef HAVE_POLY1305 #ifdef HAVE_POLY1305
byte oldPoly; /* set when to use old rfc way of poly*/ byte oldPoly; /* set when to use old rfc way of poly*/
#endif #endif
#ifndef NO_PSK #ifndef NO_PSK
byte havePSK; /* psk key set by user */ byte havePSK; /* psk key set by user */
psk_client_callback client_psk_cb; psk_client_callback client_psk_cb;

31
src/internal.c
View File

@ -2014,7 +2014,7 @@ void FreeHandshakeResources(CYASSL* ssl)
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) { if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
CYASSL_MSG("Secure Renegottation needs to retain handshake resources"); CYASSL_MSG("Secure Renegotiation needs to retain handshake resources");
return; return;
} }
#endif #endif
@ -4392,8 +4392,15 @@ static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx,
SendAlert(ssl, alert_fatal, unexpected_message); /* try */ SendAlert(ssl, alert_fatal, unexpected_message); /* try */
return FATAL_ERROR; return FATAL_ERROR;
} }
else #ifdef HAVE_SECURE_RENEGOTIATION
else if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
ssl->secure_renegotiation->startScr = 1;
return 0;
}
#endif
else {
return SendAlert(ssl, alert_warning, no_renegotiation); return SendAlert(ssl, alert_warning, no_renegotiation);
}
} }
@ -7196,7 +7203,18 @@ int ReceiveData(CYASSL* ssl, byte* output, int sz, int peek)
return err; return err;
} }
while (ssl->buffers.clearOutputBuffer.length == 0) #ifdef HAVE_SECURE_RENEGOTIATION
startScr:
if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) {
int err;
ssl->secure_renegotiation->startScr = 0; /* only start once */
CYASSL_MSG("Need to start scr, server requested");
if ( (err = CyaSSL_Rehandshake(ssl)) != SSL_SUCCESS)
return err;
}
#endif
while (ssl->buffers.clearOutputBuffer.length == 0) {
if ( (ssl->error = ProcessReply(ssl)) < 0) { if ( (ssl->error = ProcessReply(ssl)) < 0) {
CYASSL_ERROR(ssl->error); CYASSL_ERROR(ssl->error);
if (ssl->error == ZERO_RETURN) { if (ssl->error == ZERO_RETURN) {
@ -7211,6 +7229,13 @@ int ReceiveData(CYASSL* ssl, byte* output, int sz, int peek)
} }
return ssl->error; return ssl->error;
} }
#ifdef HAVE_SECURE_RENEGOTIATION
if (ssl->secure_renegotiation &&
ssl->secure_renegotiation->startScr) {
goto startScr;
}
#endif
}
if (sz < (int)ssl->buffers.clearOutputBuffer.length) if (sz < (int)ssl->buffers.clearOutputBuffer.length)
size = sz; size = sz;