switch to extensions secure r state

2014-09-16 17:26:57 -07:00 · 2014-09-16 17:26:57 -07:00 · a735a52608
commit a735a52608
parent d80e820654
2 changed files with 9 additions and 29 deletions
--- a/cyassl/internal.h
+++ b/cyassl/internal.h
@ -1890,20 +1890,6 @@ typedef struct DtlsMsg {
 #endif


-#ifdef HAVE_SECURE_RENEGOTIATION
-
-    /* Secure Renegotiation State */
-    typedef struct SecureR_State {
-        byte client_verify_data[TLS_FINISHED_SZ]; /* previous handshake value */
-        byte server_verify_data[TLS_FINISHED_SZ]; /* previous handshake value */
-        byte secure_renegotiation;     /* extensions flag */
-        byte previous_handshake_used;  /* did previous handshake use secure r */
-        byte enabled;                  /* runtime allowed? */
-    } SecureR_State;
-
-#endif
-
-
 /* CyaSSL ssl type */
 struct CYASSL {
    CYASSL_CTX*     ctx;
@ -2015,7 +2001,6 @@ struct CYASSL {
        byte truncated_hmac;
    #endif
    #ifdef HAVE_SECURE_RENEGOTIATION
-        SecureR_State secureR_state;    /* secure renegotiation state */
        SecureRenegotiation* secure_renegotiation;
    #endif
 #endif /* HAVE_TLS_EXTENSIONS */
--- a/src/internal.c
+++ b/src/internal.c
@ -1775,12 +1775,6 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
    #endif /* NO_RSA */
 #endif /* HAVE_PK_CALLBACKS */

-#if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_TLS_EXTENSIONS)
-        ssl->secureR_state.secure_renegotiation = 0;
-        ssl->secureR_state.previous_handshake_used = 0;
-        ssl->secureR_state.enabled = 0;
-#endif /* HAVE_SECURE_RENEGOTIATION && HAVE_TLS_EXTENSIONS */
-
    /* all done with init, now can return errors, call other stuff */

    /* increment CTX reference count */
@ -4408,14 +4402,14 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size,
    }

 #if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_TLS_EXTENSIONS)
-    if (ssl->secureR_state.enabled) {
+    if (ssl->secure_renegotiation) {
        /* save peer's state */
        if (ssl->options.side == CYASSL_CLIENT_END)
-            XMEMCPY(ssl->secureR_state.server_verify_data, input + *inOutIdx,
-                    TLS_FINISHED_SZ);
+            XMEMCPY(ssl->secure_renegotiation->server_verify_data,
+                    input + *inOutIdx, TLS_FINISHED_SZ);
        else
-            XMEMCPY(ssl->secureR_state.client_verify_data, input + *inOutIdx,
-                    TLS_FINISHED_SZ);
+            XMEMCPY(ssl->secure_renegotiation->client_verify_data,
+                    input + *inOutIdx, TLS_FINISHED_SZ);
    }
 #endif /* (HAVE_SECURE_RENEGOTIATION) && (HAVE_TLS_EXTENSIONS) */

@ -6736,12 +6730,13 @@ int SendFinished(CYASSL* ssl)
    if (ret != 0) return ret;

 #if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_TLS_EXTENSIONS)
-    if (ssl->secureR_state.enabled) {
+    if (ssl->secure_renegotiation) {
+        printf("doing secure ren memcpy\n");
        if (ssl->options.side == CYASSL_CLIENT_END)
-            XMEMCPY(ssl->secureR_state.client_verify_data, hashes,
+            XMEMCPY(ssl->secure_renegotiation->client_verify_data, hashes,
                    TLS_FINISHED_SZ);
        else
-            XMEMCPY(ssl->secureR_state.server_verify_data, hashes,
+            XMEMCPY(ssl->secure_renegotiation->server_verify_data, hashes,
                    TLS_FINISHED_SZ);
    }
 #endif /* HAVE_SECURE_RENEGOTIATION && HAVE_TLS_EXTENSIONS */