add server initiated scr

This commit is contained in:
toddouska 2014-09-29 14:48:49 -07:00
parent d3db4546ec
commit dcde28db51
2 changed files with 30 additions and 5 deletions

View File

@ -1342,7 +1342,8 @@ enum key_cache_state {
/* Additional Conection State according to rfc5746 section 3.1 */
typedef struct SecureRenegotiation {
byte enabled; /* secure_renegotiation flag in rfc */
byte enabled; /* secure_renegotiation flag in rfc */
byte startScr; /* server requested client to start scr */
enum key_cache_state cache_status; /* track key cache state */
byte client_verify_data[TLS_FINISHED_SZ]; /* cached */
byte server_verify_data[TLS_FINISHED_SZ]; /* cached */
@ -1768,7 +1769,6 @@ typedef struct Options {
#ifdef HAVE_POLY1305
byte oldPoly; /* set when to use old rfc way of poly*/
#endif
#ifndef NO_PSK
byte havePSK; /* psk key set by user */
psk_client_callback client_psk_cb;

View File

@ -2014,7 +2014,7 @@ void FreeHandshakeResources(CYASSL* ssl)
#ifdef HAVE_SECURE_RENEGOTIATION
if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
CYASSL_MSG("Secure Renegottation needs to retain handshake resources");
CYASSL_MSG("Secure Renegotiation needs to retain handshake resources");
return;
}
#endif
@ -4392,8 +4392,15 @@ static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx,
SendAlert(ssl, alert_fatal, unexpected_message); /* try */
return FATAL_ERROR;
}
else
#ifdef HAVE_SECURE_RENEGOTIATION
else if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
ssl->secure_renegotiation->startScr = 1;
return 0;
}
#endif
else {
return SendAlert(ssl, alert_warning, no_renegotiation);
}
}
@ -7196,7 +7203,18 @@ int ReceiveData(CYASSL* ssl, byte* output, int sz, int peek)
return err;
}
while (ssl->buffers.clearOutputBuffer.length == 0)
#ifdef HAVE_SECURE_RENEGOTIATION
startScr:
if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) {
int err;
ssl->secure_renegotiation->startScr = 0; /* only start once */
CYASSL_MSG("Need to start scr, server requested");
if ( (err = CyaSSL_Rehandshake(ssl)) != SSL_SUCCESS)
return err;
}
#endif
while (ssl->buffers.clearOutputBuffer.length == 0) {
if ( (ssl->error = ProcessReply(ssl)) < 0) {
CYASSL_ERROR(ssl->error);
if (ssl->error == ZERO_RETURN) {
@ -7211,6 +7229,13 @@ int ReceiveData(CYASSL* ssl, byte* output, int sz, int peek)
}
return ssl->error;
}
#ifdef HAVE_SECURE_RENEGOTIATION
if (ssl->secure_renegotiation &&
ssl->secure_renegotiation->startScr) {
goto startScr;
}
#endif
}
if (sz < (int)ssl->buffers.clearOutputBuffer.length)
size = sz;