mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2066 from SparkiDev/sec_reneg_scsv

Browse Source 
Fix empty renegotiation info ciphersuite handling
This commit is contained in:
toddouska 2019-02-01 10:05:59 -08:00 committed by GitHub
commit 73fbf845f2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/internal.c
View File

@ -23715,12 +23715,20 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef HAVE_SERVER_RENEGOTIATION_INFO #ifdef HAVE_SERVER_RENEGOTIATION_INFO
/* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */ /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */
if (FindSuite(&clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >= 0) { if (FindSuite(&clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >= 0) {
TLSX* extension;
/* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */
ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions, ssl->heap); ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions, ssl->heap);
if (ret != WOLFSSL_SUCCESS) if (ret != WOLFSSL_SUCCESS)
return ret; return ret;
if (ssl->secure_renegotiation)
extension = TLSX_Find(ssl->extensions, TLSX_RENEGOTIATION_INFO);
if (extension) {
ssl->secure_renegotiation =
(SecureRenegotiation*)extension->data;
ssl->secure_renegotiation->enabled = 1; ssl->secure_renegotiation->enabled = 1;
} }
}
#endif /* HAVE_SERVER_RENEGOTIATION_INFO */ #endif /* HAVE_SERVER_RENEGOTIATION_INFO */
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS

7
src/tls13.c
View File

@ -3882,12 +3882,19 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef HAVE_SERVER_RENEGOTIATION_INFO #ifdef HAVE_SERVER_RENEGOTIATION_INFO
if (FindSuite(&clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >= 0) { if (FindSuite(&clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >= 0) {
TLSX* extension;
/* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */ /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */
ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions, ssl->heap); ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions, ssl->heap);
if (ret != WOLFSSL_SUCCESS) if (ret != WOLFSSL_SUCCESS)
return ret; return ret;
extension = TLSX_Find(ssl->extensions, TLSX_RENEGOTIATION_INFO);
if (extension) {
ssl->secure_renegotiation = (SecureRenegotiation*)extension->data;
ssl->secure_renegotiation->enabled = 1; ssl->secure_renegotiation->enabled = 1;
} }
}
#endif /* HAVE_SERVER_RENEGOTIATION_INFO */ #endif /* HAVE_SERVER_RENEGOTIATION_INFO */
/* Compression */ /* Compression */