move secure r inside of tls extensions
This commit is contained in:
parent
9a90a0c113
commit
4bb20612a1
@ -1882,9 +1882,9 @@ typedef struct DtlsMsg {
|
||||
typedef struct SecureR_State {
|
||||
byte client_verify_data[TLS_FINISHED_SZ]; /* previous handshake value */
|
||||
byte server_verify_data[TLS_FINISHED_SZ]; /* previous handshake value */
|
||||
byte secure_renegotation; /* is current connection using */
|
||||
byte doing_secure_renegotation; /* are we doing it now flag */
|
||||
byte enabled; /* runtime allowed? */
|
||||
byte secure_renegotation; /* extensions flag */
|
||||
byte previous_handshake_used; /* did previous handshake use secure r */
|
||||
byte enabled; /* runtime allowed? */
|
||||
} SecureR_State;
|
||||
|
||||
#endif
|
||||
@ -1994,13 +1994,16 @@ struct CYASSL {
|
||||
#endif
|
||||
#ifdef HAVE_TLS_EXTENSIONS
|
||||
TLSX* extensions; /* RFC 6066 TLS Extensions data */
|
||||
#ifdef HAVE_MAX_FRAGMENT
|
||||
word16 max_fragment;
|
||||
#endif
|
||||
#ifdef HAVE_TRUNCATED_HMAC
|
||||
byte truncated_hmac;
|
||||
#endif
|
||||
#endif
|
||||
#ifdef HAVE_MAX_FRAGMENT
|
||||
word16 max_fragment;
|
||||
#endif
|
||||
#ifdef HAVE_TRUNCATED_HMAC
|
||||
byte truncated_hmac;
|
||||
#endif
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
SecureR_State secureR_state; /* secure renegotiation state */
|
||||
#endif
|
||||
#endif /* HAVE_TLS_EXTENSIONS */
|
||||
#ifdef HAVE_NETX
|
||||
NetX_Ctx nxCtx; /* NetX IO Context */
|
||||
#endif
|
||||
@ -2024,9 +2027,6 @@ struct CYASSL {
|
||||
void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */
|
||||
#endif /* NO_RSA */
|
||||
#endif /* HAVE_PK_CALLBACKS */
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
SecureR_State secureR_state; /* secure renegotiation state */
|
||||
#endif
|
||||
};
|
||||
|
||||
|
||||
|
@ -1772,11 +1772,11 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
||||
#endif /* NO_RSA */
|
||||
#endif /* HAVE_PK_CALLBACKS */
|
||||
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
#if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_TLS_EXTENSIONS)
|
||||
ssl->secureR_state.secure_renegotation = 0;
|
||||
ssl->secureR_state.doing_secure_renegotation = 0;
|
||||
ssl->secureR_state.enabled = 0;
|
||||
#endif /* HAVE_SECURE_RENEGOTIATION */
|
||||
#endif /* HAVE_SECURE_RENEGOTIATION && HAVE_TLS_EXTENSIONS */
|
||||
|
||||
/* all done with init, now can return errors, call other stuff */
|
||||
|
||||
@ -4404,7 +4404,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size,
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
#if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_TLS_EXTENSIONS)
|
||||
if (ssl->secureR_state.enabled) {
|
||||
/* save peer's state */
|
||||
if (ssl->options.side == CYASSL_CLIENT_END)
|
||||
@ -4414,7 +4414,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size,
|
||||
XMEMCPY(ssl->secureR_state.client_verify_data, input + *inOutIdx,
|
||||
TLS_FINISHED_SZ);
|
||||
}
|
||||
#endif /* HAVE_SECURE_RENEGOTIATION */
|
||||
#endif /* (HAVE_SECURE_RENEGOTIATION) && (HAVE_TLS_EXTENSIONS) */
|
||||
|
||||
/* force input exhaustion at ProcessReply consuming padSz */
|
||||
*inOutIdx += size + ssl->keys.padSz;
|
||||
@ -6732,7 +6732,7 @@ int SendFinished(CYASSL* ssl)
|
||||
ssl->options.side == CYASSL_CLIENT_END ? client : server);
|
||||
if (ret != 0) return ret;
|
||||
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
#if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_TLS_EXTENSIONS)
|
||||
if (ssl->secureR_state.enabled) {
|
||||
if (ssl->options.side == CYASSL_CLIENT_END)
|
||||
XMEMCPY(ssl->secureR_state.client_verify_data, hashes,
|
||||
@ -6741,7 +6741,7 @@ int SendFinished(CYASSL* ssl)
|
||||
XMEMCPY(ssl->secureR_state.server_verify_data, hashes,
|
||||
TLS_FINISHED_SZ);
|
||||
}
|
||||
#endif /* HAVE_SECURE_RENEGOTIATION */
|
||||
#endif /* HAVE_SECURE_RENEGOTIATION && HAVE_TLS_EXTENSIONS */
|
||||
|
||||
sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz,
|
||||
handshake);
|
||||
|
Loading…
Reference in New Issue
Block a user