From 4bb20612a121d3ef05584d949b1479207801193d Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 16 Sep 2014 12:42:13 -0700 Subject: [PATCH] move secure r inside of tls extensions --- cyassl/internal.h | 26 +++++++++++++------------- src/internal.c | 12 ++++++------ 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index f51063ff1..da8d64ece 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1882,9 +1882,9 @@ typedef struct DtlsMsg { typedef struct SecureR_State { byte client_verify_data[TLS_FINISHED_SZ]; /* previous handshake value */ byte server_verify_data[TLS_FINISHED_SZ]; /* previous handshake value */ - byte secure_renegotation; /* is current connection using */ - byte doing_secure_renegotation; /* are we doing it now flag */ - byte enabled; /* runtime allowed? */ + byte secure_renegotation; /* extensions flag */ + byte previous_handshake_used; /* did previous handshake use secure r */ + byte enabled; /* runtime allowed? */ } SecureR_State; #endif @@ -1994,13 +1994,16 @@ struct CYASSL { #endif #ifdef HAVE_TLS_EXTENSIONS TLSX* extensions; /* RFC 6066 TLS Extensions data */ -#ifdef HAVE_MAX_FRAGMENT - word16 max_fragment; -#endif -#ifdef HAVE_TRUNCATED_HMAC - byte truncated_hmac; -#endif -#endif + #ifdef HAVE_MAX_FRAGMENT + word16 max_fragment; + #endif + #ifdef HAVE_TRUNCATED_HMAC + byte truncated_hmac; + #endif + #ifdef HAVE_SECURE_RENEGOTIATION + SecureR_State secureR_state; /* secure renegotiation state */ + #endif +#endif /* HAVE_TLS_EXTENSIONS */ #ifdef HAVE_NETX NetX_Ctx nxCtx; /* NetX IO Context */ #endif @@ -2024,9 +2027,6 @@ struct CYASSL { void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */ #endif /* NO_RSA */ #endif /* HAVE_PK_CALLBACKS */ -#ifdef HAVE_SECURE_RENEGOTIATION - SecureR_State secureR_state; /* secure renegotiation state */ -#endif }; diff --git a/src/internal.c b/src/internal.c index 25586d9b7..960e428bc 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1772,11 +1772,11 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) #endif /* NO_RSA */ #endif /* HAVE_PK_CALLBACKS */ -#ifdef HAVE_SECURE_RENEGOTIATION +#if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_TLS_EXTENSIONS) ssl->secureR_state.secure_renegotation = 0; ssl->secureR_state.doing_secure_renegotation = 0; ssl->secureR_state.enabled = 0; -#endif /* HAVE_SECURE_RENEGOTIATION */ +#endif /* HAVE_SECURE_RENEGOTIATION && HAVE_TLS_EXTENSIONS */ /* all done with init, now can return errors, call other stuff */ @@ -4404,7 +4404,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size, } } -#ifdef HAVE_SECURE_RENEGOTIATION +#if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_TLS_EXTENSIONS) if (ssl->secureR_state.enabled) { /* save peer's state */ if (ssl->options.side == CYASSL_CLIENT_END) @@ -4414,7 +4414,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size, XMEMCPY(ssl->secureR_state.client_verify_data, input + *inOutIdx, TLS_FINISHED_SZ); } -#endif /* HAVE_SECURE_RENEGOTIATION */ +#endif /* (HAVE_SECURE_RENEGOTIATION) && (HAVE_TLS_EXTENSIONS) */ /* force input exhaustion at ProcessReply consuming padSz */ *inOutIdx += size + ssl->keys.padSz; @@ -6732,7 +6732,7 @@ int SendFinished(CYASSL* ssl) ssl->options.side == CYASSL_CLIENT_END ? client : server); if (ret != 0) return ret; -#ifdef HAVE_SECURE_RENEGOTIATION +#if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_TLS_EXTENSIONS) if (ssl->secureR_state.enabled) { if (ssl->options.side == CYASSL_CLIENT_END) XMEMCPY(ssl->secureR_state.client_verify_data, hashes, @@ -6741,7 +6741,7 @@ int SendFinished(CYASSL* ssl) XMEMCPY(ssl->secureR_state.server_verify_data, hashes, TLS_FINISHED_SZ); } -#endif /* HAVE_SECURE_RENEGOTIATION */ +#endif /* HAVE_SECURE_RENEGOTIATION && HAVE_TLS_EXTENSIONS */ sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz, handshake);