AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Rename ssl.renegotiation to ssl.renego_status

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2015-03-19 16:15:20 +00:00
parent 240b092a6c
commit 852a6d3d8f
4 changed files with 42 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/mbedtls/ssl.h
View File

@ -795,7 +795,7 @@ struct _ssl_context
int state; /*!< SSL handshake: current state */
int transport; /*!< Transport: stream or datagram */
#if defined(POLARSSL_SSL_RENEGOTIATION)
int renegotiation; /*!< Initial or renegotiation */
int renego_status; /*!< Initial, in progress, pending? */
int renego_records_seen; /*!< Records since renego request, or with DTLS,
number of retransmissions of request if
renego_max_records is < 0 */

22
library/ssl_cli.c
View File

@ -120,7 +120,7 @@ static void ssl_write_renegotiation_ext( ssl_context *ssl,
*olen = 0;
if( ssl->renegotiation != SSL_RENEGOTIATION_IN_PROGRESS )
if( ssl->renego_status != SSL_RENEGOTIATION_IN_PROGRESS )
return;
SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) );
@ -562,7 +562,7 @@ static int ssl_write_client_hello( ssl_context *ssl )
}
#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
if( ssl->renego_status == SSL_INITIAL_HANDSHAKE )
#endif
{
ssl->major_ver = ssl->min_major_ver;
@ -618,7 +618,7 @@ static int ssl_write_client_hello( ssl_context *ssl )
if( n < 16 || n > 32 ||
#if defined(POLARSSL_SSL_RENEGOTIATION)
ssl->renegotiation != SSL_INITIAL_HANDSHAKE ||
ssl->renego_status != SSL_INITIAL_HANDSHAKE ||
#endif
ssl->handshake->resume == 0 )
{
@ -631,7 +631,7 @@ static int ssl_write_client_hello( ssl_context *ssl )
* generate and include a Session ID in the TLS ClientHello."
*/
#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
if( ssl->renego_status == SSL_INITIAL_HANDSHAKE )
#endif
{
if( ssl->session_negotiate->ticket != NULL &&
@ -723,7 +723,7 @@ static int ssl_write_client_hello( ssl_context *ssl )
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*/
#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
if( ssl->renego_status == SSL_INITIAL_HANDSHAKE )
#endif
{
*p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
@ -882,7 +882,7 @@ static int ssl_parse_renegotiation_info( ssl_context *ssl,
int ret;
#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
if( ssl->renego_status != SSL_INITIAL_HANDSHAKE )
{
/* Check verify-data in constant-time. The length OTOH is no secret */
if( len != 1 + ssl->verify_data_len * 2 ||
@ -1195,7 +1195,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
{
#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS )
if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS )
{
ssl->renego_records_seen++;
@ -1366,7 +1366,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
*/
if( ssl->handshake->resume == 0 || n == 0 ||
#if defined(POLARSSL_SSL_RENEGOTIATION)
ssl->renegotiation != SSL_INITIAL_HANDSHAKE ||
ssl->renego_status != SSL_INITIAL_HANDSHAKE ||
#endif
ssl->session_negotiate->ciphersuite != i ||
ssl->session_negotiate->compression != comp ||
@ -1581,21 +1581,21 @@ static int ssl_parse_server_hello( ssl_context *ssl )
handshake_failure = 1;
}
#if defined(POLARSSL_SSL_RENEGOTIATION)
else if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS &&
else if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->secure_renegotiation == SSL_SECURE_RENEGOTIATION &&
renegotiation_info_seen == 0 )
{
SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) );
handshake_failure = 1;
}
else if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS &&
else if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
ssl->allow_legacy_renegotiation == SSL_LEGACY_NO_RENEGOTIATION )
{
SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
handshake_failure = 1;
}
else if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS &&
else if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
renegotiation_info_seen == 1 )
{

32
library/ssl_srv.c
View File

@ -460,7 +460,7 @@ static int ssl_parse_renegotiation_info( ssl_context *ssl,
int ret;
#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
if( ssl->renego_status != SSL_INITIAL_HANDSHAKE )
{
/* Check verify-data in constant-time. The length OTOH is no secret */
if( len != 1 + ssl->verify_data_len ||
@ -733,7 +733,7 @@ static int ssl_parse_session_ticket_ext( ssl_context *ssl,
return( 0 );
#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
if( ssl->renego_status != SSL_INITIAL_HANDSHAKE )
{
SSL_DEBUG_MSG( 3, ( "ticket rejected: renegotiating" ) );
return( 0 );
@ -1042,7 +1042,7 @@ static int ssl_parse_client_hello_v2( ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "=> parse client hello v2" ) );
#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
if( ssl->renego_status != SSL_INITIAL_HANDSHAKE )
{
SSL_DEBUG_MSG( 1, ( "client hello v2 illegal for renegotiation" ) );
@ -1189,7 +1189,7 @@ static int ssl_parse_client_hello_v2( ssl_context *ssl )
{
SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) );
#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS )
if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS )
{
SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV "
"during renegotiation" ) );
@ -1329,7 +1329,7 @@ read_record_header:
* ClientHello, which doesn't use the same record layer format.
*/
#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
if( ssl->renego_status == SSL_INITIAL_HANDSHAKE )
#endif
{
if( ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 )
@ -1392,7 +1392,7 @@ read_record_header:
#if defined(POLARSSL_SSL_PROTO_DTLS)
if( ssl->transport == SSL_TRANSPORT_DATAGRAM
#if defined(POLARSSL_SSL_RENEGOTIATION)
&& ssl->renegotiation == SSL_INITIAL_HANDSHAKE
&& ssl->renego_status == SSL_INITIAL_HANDSHAKE
#endif
)
{
@ -1423,7 +1423,7 @@ read_record_header:
msg_len = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
if( ssl->renego_status != SSL_INITIAL_HANDSHAKE )
{
/* Set by ssl_read_record() */
msg_len = ssl->in_hslen;
@ -1499,7 +1499,7 @@ read_record_header:
* check sequence number on renego.
*/
#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS )
if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS )
{
/* This couldn't be done in ssl_prepare_handshake_record() */
unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) |
@ -1648,7 +1648,7 @@ read_record_header:
#if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
if( ssl->f_cookie_check != NULL
#if defined(POLARSSL_SSL_RENEGOTIATION)
&& ssl->renegotiation == SSL_INITIAL_HANDSHAKE
&& ssl->renego_status == SSL_INITIAL_HANDSHAKE
#endif
)
{
@ -1808,7 +1808,7 @@ read_record_header:
case TLS_EXT_SIG_ALG:
SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS )
if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS )
break;
#endif
@ -1945,7 +1945,7 @@ read_record_header:
{
SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) );
#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS )
if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS )
{
SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV during renegotiation" ) );
@ -1970,21 +1970,21 @@ read_record_header:
handshake_failure = 1;
}
#if defined(POLARSSL_SSL_RENEGOTIATION)
else if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS &&
else if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->secure_renegotiation == SSL_SECURE_RENEGOTIATION &&
renegotiation_info_seen == 0 )
{
SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) );
handshake_failure = 1;
}
else if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS &&
else if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
ssl->allow_legacy_renegotiation == SSL_LEGACY_NO_RENEGOTIATION )
{
SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
handshake_failure = 1;
}
else if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS &&
else if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
renegotiation_info_seen == 1 )
{
@ -2205,7 +2205,7 @@ static void ssl_write_renegotiation_ext( ssl_context *ssl,
*p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO ) & 0xFF );
#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
if( ssl->renego_status != SSL_INITIAL_HANDSHAKE )
{
*p++ = 0x00;
*p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF;
@ -2461,7 +2461,7 @@ static int ssl_write_server_hello( ssl_context *ssl )
*/
if( ssl->handshake->resume == 0 &&
#if defined(POLARSSL_SSL_RENEGOTIATION)
ssl->renegotiation == SSL_INITIAL_HANDSHAKE &&
ssl->renego_status == SSL_INITIAL_HANDSHAKE &&
#endif
ssl->session_negotiate->length != 0 &&
ssl->f_get_cache != NULL &&

28
library/ssl_tls.c
View File

@ -2258,7 +2258,7 @@ int ssl_fetch_input( ssl_context *ssl, size_t nb_want )
}
#if defined(POLARSSL_SSL_SRV_C) && defined(POLARSSL_SSL_RENEGOTIATION)
else if( ssl->endpoint == SSL_IS_SERVER &&
ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
ssl->renego_status == SSL_RENEGOTIATION_PENDING )
{
if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
{
@ -3207,7 +3207,7 @@ static int ssl_parse_record_header( ssl_context *ssl )
if( ssl->in_msgtype == SSL_MSG_APPLICATION_DATA &&
ssl->state != SSL_HANDSHAKE_OVER
#if defined(POLARSSL_SSL_RENEGOTIATION)
&& ! ( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS &&
&& ! ( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->state == SSL_SERVER_HELLO )
#endif
)
@ -3945,7 +3945,7 @@ int ssl_parse_certificate( ssl_context *ssl )
*/
#if defined(POLARSSL_SSL_RENEGOTIATION) && defined(POLARSSL_SSL_CLI_C)
if( ssl->endpoint == SSL_IS_CLIENT &&
ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS )
ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS )
{
if( ssl->session->peer_cert == NULL )
{
@ -4490,9 +4490,9 @@ void ssl_handshake_wrapup( ssl_context *ssl )
SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
#if defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS )
if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS )
{
ssl->renegotiation = SSL_RENEGOTIATION_DONE;
ssl->renego_status = SSL_RENEGOTIATION_DONE;
ssl->renego_records_seen = 0;
}
#endif
@ -4990,7 +4990,7 @@ int ssl_session_reset( ssl_context *ssl )
ssl->state = SSL_HELLO_REQUEST;
#if defined(POLARSSL_SSL_RENEGOTIATION)
ssl->renegotiation = SSL_INITIAL_HANDSHAKE;
ssl->renego_status = SSL_INITIAL_HANDSHAKE;
ssl->renego_records_seen = 0;
ssl->verify_data_len = 0;
@ -5972,7 +5972,7 @@ static int ssl_start_renegotiation( ssl_context *ssl )
* the ServerHello will have message_seq = 1" */
#if defined(POLARSSL_SSL_PROTO_DTLS)
if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
ssl->renego_status == SSL_RENEGOTIATION_PENDING )
{
if( ssl->endpoint == SSL_IS_SERVER )
ssl->handshake->out_msg_seq = 1;
@ -5982,7 +5982,7 @@ static int ssl_start_renegotiation( ssl_context *ssl )
#endif
ssl->state = SSL_HELLO_REQUEST;
ssl->renegotiation = SSL_RENEGOTIATION_IN_PROGRESS;
ssl->renego_status = SSL_RENEGOTIATION_IN_PROGRESS;
if( ( ret = ssl_handshake( ssl ) ) != 0 )
{
@ -6010,7 +6010,7 @@ int ssl_renegotiate( ssl_context *ssl )
if( ssl->state != SSL_HANDSHAKE_OVER )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
ssl->renego_status = SSL_RENEGOTIATION_PENDING;
/* Did we already try/start sending HelloRequest? */
if( ssl->out_left != 0 )
@ -6025,7 +6025,7 @@ int ssl_renegotiate( ssl_context *ssl )
* On client, either start the renegotiation process or,
* if already in progress, continue the handshake
*/
if( ssl->renegotiation != SSL_RENEGOTIATION_IN_PROGRESS )
if( ssl->renego_status != SSL_RENEGOTIATION_IN_PROGRESS )
{
if( ssl->state != SSL_HANDSHAKE_OVER )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
@ -6055,7 +6055,7 @@ int ssl_renegotiate( ssl_context *ssl )
static int ssl_check_ctr_renegotiate( ssl_context *ssl )
{
if( ssl->state != SSL_HANDSHAKE_OVER ||
ssl->renegotiation == SSL_RENEGOTIATION_PENDING ||
ssl->renego_status == SSL_RENEGOTIATION_PENDING ||
ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED )
{
return( 0 );
@ -6234,7 +6234,7 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
ssl->endpoint == SSL_IS_CLIENT )
{
ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
ssl->renego_status = SSL_RENEGOTIATION_PENDING;
}
#endif
ret = ssl_start_renegotiation( ssl );
@ -6254,7 +6254,7 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
if( ! record_read )
return( POLARSSL_ERR_NET_WANT_READ );
}
else if( ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
else if( ssl->renego_status == SSL_RENEGOTIATION_PENDING )
{
if( ssl->renego_max_records >= 0 )
@ -6295,7 +6295,7 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
* again if ssl_write_hello_request() returns WANT_WRITE */
#if defined(POLARSSL_SSL_SRV_C) && defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->endpoint == SSL_IS_SERVER &&
ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
ssl->renego_status == SSL_RENEGOTIATION_PENDING )
{
if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
{