move secure r inside of tls extensions

This commit is contained in:
toddouska 2014-09-16 12:42:13 -07:00
parent 9a90a0c113
commit 4bb20612a1
2 changed files with 19 additions and 19 deletions

View File

@ -1882,9 +1882,9 @@ typedef struct DtlsMsg {
typedef struct SecureR_State {
byte client_verify_data[TLS_FINISHED_SZ]; /* previous handshake value */
byte server_verify_data[TLS_FINISHED_SZ]; /* previous handshake value */
byte secure_renegotation; /* is current connection using */
byte doing_secure_renegotation; /* are we doing it now flag */
byte enabled; /* runtime allowed? */
byte secure_renegotation; /* extensions flag */
byte previous_handshake_used; /* did previous handshake use secure r */
byte enabled; /* runtime allowed? */
} SecureR_State;
#endif
@ -1994,13 +1994,16 @@ struct CYASSL {
#endif
#ifdef HAVE_TLS_EXTENSIONS
TLSX* extensions; /* RFC 6066 TLS Extensions data */
#ifdef HAVE_MAX_FRAGMENT
word16 max_fragment;
#endif
#ifdef HAVE_TRUNCATED_HMAC
byte truncated_hmac;
#endif
#endif
#ifdef HAVE_MAX_FRAGMENT
word16 max_fragment;
#endif
#ifdef HAVE_TRUNCATED_HMAC
byte truncated_hmac;
#endif
#ifdef HAVE_SECURE_RENEGOTIATION
SecureR_State secureR_state; /* secure renegotiation state */
#endif
#endif /* HAVE_TLS_EXTENSIONS */
#ifdef HAVE_NETX
NetX_Ctx nxCtx; /* NetX IO Context */
#endif
@ -2024,9 +2027,6 @@ struct CYASSL {
void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */
#endif /* NO_RSA */
#endif /* HAVE_PK_CALLBACKS */
#ifdef HAVE_SECURE_RENEGOTIATION
SecureR_State secureR_state; /* secure renegotiation state */
#endif
};

View File

@ -1772,11 +1772,11 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
#endif /* NO_RSA */
#endif /* HAVE_PK_CALLBACKS */
#ifdef HAVE_SECURE_RENEGOTIATION
#if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_TLS_EXTENSIONS)
ssl->secureR_state.secure_renegotation = 0;
ssl->secureR_state.doing_secure_renegotation = 0;
ssl->secureR_state.enabled = 0;
#endif /* HAVE_SECURE_RENEGOTIATION */
#endif /* HAVE_SECURE_RENEGOTIATION && HAVE_TLS_EXTENSIONS */
/* all done with init, now can return errors, call other stuff */
@ -4404,7 +4404,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size,
}
}
#ifdef HAVE_SECURE_RENEGOTIATION
#if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_TLS_EXTENSIONS)
if (ssl->secureR_state.enabled) {
/* save peer's state */
if (ssl->options.side == CYASSL_CLIENT_END)
@ -4414,7 +4414,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size,
XMEMCPY(ssl->secureR_state.client_verify_data, input + *inOutIdx,
TLS_FINISHED_SZ);
}
#endif /* HAVE_SECURE_RENEGOTIATION */
#endif /* (HAVE_SECURE_RENEGOTIATION) && (HAVE_TLS_EXTENSIONS) */
/* force input exhaustion at ProcessReply consuming padSz */
*inOutIdx += size + ssl->keys.padSz;
@ -6732,7 +6732,7 @@ int SendFinished(CYASSL* ssl)
ssl->options.side == CYASSL_CLIENT_END ? client : server);
if (ret != 0) return ret;
#ifdef HAVE_SECURE_RENEGOTIATION
#if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_TLS_EXTENSIONS)
if (ssl->secureR_state.enabled) {
if (ssl->options.side == CYASSL_CLIENT_END)
XMEMCPY(ssl->secureR_state.client_verify_data, hashes,
@ -6741,7 +6741,7 @@ int SendFinished(CYASSL* ssl)
XMEMCPY(ssl->secureR_state.server_verify_data, hashes,
TLS_FINISHED_SZ);
}
#endif /* HAVE_SECURE_RENEGOTIATION */
#endif /* HAVE_SECURE_RENEGOTIATION && HAVE_TLS_EXTENSIONS */
sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz,
handshake);