added renegotiation indication SCSV sending on client hello.

2014-01-21 11:36:06 -03:00 · 2014-01-21 11:36:06 -03:00 · 8541c2cc97
commit 8541c2cc97
parent c35a635fd7
3 changed files with 25 additions and 3 deletions
--- a/configure.ac
+++ b/configure.ac
@ -1200,6 +1200,18 @@ then
    AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_TRUNCATED_HMAC"
 fi

+# Renegotiation Indication
+AC_ARG_ENABLE([renegotiation-indication],
+    [  --enable-renegotiation-indication  Enable Renegotiation Indication (default: disabled)],
+    [ ENABLED_RENEGOTIATION_INDICATION=$enableval ],
+    [ ENABLED_RENEGOTIATION_INDICATION=no ]
+    )
+
+if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_RENEGOTIATION_INDICATION"
+fi
+
 # TLS Extensions
 AC_ARG_ENABLE([tlsx],
    [  --enable-tlsx           Enable all TLS Extensions (default: disabled)],
@ -1212,7 +1224,8 @@ then
 	ENABLED_SNI=yes
 	ENABLED_MAX_FRAGMENT=yes
 	ENABLED_TRUNCATED_HMAC=yes
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC"
+	ENABLED_RENEGOTIATION_INDICATION=yes
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_RENEGOTIATION_INDICATION"
 fi

 # PKCS7
@ -1613,6 +1626,7 @@ echo "   * NTRU:                      $ENABLED_NTRU"
 echo "   * SNI:                       $ENABLED_SNI"
 echo "   * Maximum Fragment Length:   $ENABLED_MAX_FRAGMENT"
 echo "   * Truncated HMAC:            $ENABLED_TRUNCATED_HMAC"
+echo "   * Renegotiation Indication:  $ENABLED_RENEGOTIATION_INDICATION"
 echo "   * All TLS Extensions:        $ENABLED_TLSX"
 echo "   * PKCS#7                     $ENABLED_PKCS7"
 echo "   * valgrind unit tests:       $ENABLED_VALGRIND"
--- a/cyassl/internal.h
+++ b/cyassl/internal.h
@ -483,7 +483,6 @@ enum {
    TLS_RSA_WITH_AES_256_CBC_B2B256   = 0xF9,
    TLS_RSA_WITH_HC_128_B2B256        = 0xFA,   /* eSTREAM too */

-
    /* CyaSSL extension - NTRU */
    TLS_NTRU_RSA_WITH_RC4_128_SHA      = 0xe5,
    TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
@ -533,8 +532,10 @@ enum {
    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA    = 0x45,
    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA    = 0x88,
    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
-    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4
+    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,

+    /* Renegotiation Indication Extension Special Suite */
+    TLS_EMPTY_RENEGOTIATION_INFO_SCSV        = 0xff
 };


--- a/src/internal.c
+++ b/src/internal.c
@ -646,6 +646,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
    }
 #endif

+#ifdef HAVE_RENEGOTIATION_INDICATION
+    if (side == CYASSL_CLIENT_END) {
+        suites->suites[idx++] = 0;
+        suites->suites[idx++] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV;
+    }
+#endif
+
 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
    if (tls && haveNTRU && haveRSA) {
        suites->suites[idx++] = 0;