From e8b46caf75fb695022d73973ae1f51e3745cd5cf Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 29 Jan 2019 12:51:49 +1000 Subject: [PATCH] Fix empty renegotiation info ciphersuite handling --- src/internal.c | 10 +++++++++- src/tls13.c | 9 ++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/src/internal.c b/src/internal.c index 4bf2cbe0f..d1052f306 100644 --- a/src/internal.c +++ b/src/internal.c @@ -23701,11 +23701,19 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef HAVE_SERVER_RENEGOTIATION_INFO /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */ if (FindSuite(&clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >= 0) { + TLSX* extension; + + /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */ ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions, ssl->heap); if (ret != WOLFSSL_SUCCESS) return ret; - if (ssl->secure_renegotiation) + + extension = TLSX_Find(ssl->extensions, TLSX_RENEGOTIATION_INFO); + if (extension) { + ssl->secure_renegotiation = + (SecureRenegotiation*)extension->data; ssl->secure_renegotiation->enabled = 1; + } } #endif /* HAVE_SERVER_RENEGOTIATION_INFO */ diff --git a/src/tls13.c b/src/tls13.c index e6ecf0e9d..fdd573b07 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -3874,11 +3874,18 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef HAVE_SERVER_RENEGOTIATION_INFO if (FindSuite(&clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >= 0) { + TLSX* extension; + /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */ ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions, ssl->heap); if (ret != WOLFSSL_SUCCESS) return ret; - ssl->secure_renegotiation->enabled = 1; + + extension = TLSX_Find(ssl->extensions, TLSX_RENEGOTIATION_INFO); + if (extension) { + ssl->secure_renegotiation = (SecureRenegotiation*)extension->data; + ssl->secure_renegotiation->enabled = 1; + } } #endif /* HAVE_SERVER_RENEGOTIATION_INFO */