add server initiated scr
This commit is contained in:
parent
d3db4546ec
commit
dcde28db51
@ -1342,7 +1342,8 @@ enum key_cache_state {
|
||||
|
||||
/* Additional Conection State according to rfc5746 section 3.1 */
|
||||
typedef struct SecureRenegotiation {
|
||||
byte enabled; /* secure_renegotiation flag in rfc */
|
||||
byte enabled; /* secure_renegotiation flag in rfc */
|
||||
byte startScr; /* server requested client to start scr */
|
||||
enum key_cache_state cache_status; /* track key cache state */
|
||||
byte client_verify_data[TLS_FINISHED_SZ]; /* cached */
|
||||
byte server_verify_data[TLS_FINISHED_SZ]; /* cached */
|
||||
@ -1768,7 +1769,6 @@ typedef struct Options {
|
||||
#ifdef HAVE_POLY1305
|
||||
byte oldPoly; /* set when to use old rfc way of poly*/
|
||||
#endif
|
||||
|
||||
#ifndef NO_PSK
|
||||
byte havePSK; /* psk key set by user */
|
||||
psk_client_callback client_psk_cb;
|
||||
|
@ -2014,7 +2014,7 @@ void FreeHandshakeResources(CYASSL* ssl)
|
||||
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
|
||||
CYASSL_MSG("Secure Renegottation needs to retain handshake resources");
|
||||
CYASSL_MSG("Secure Renegotiation needs to retain handshake resources");
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
@ -4392,8 +4392,15 @@ static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx,
|
||||
SendAlert(ssl, alert_fatal, unexpected_message); /* try */
|
||||
return FATAL_ERROR;
|
||||
}
|
||||
else
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
else if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
|
||||
ssl->secure_renegotiation->startScr = 1;
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
else {
|
||||
return SendAlert(ssl, alert_warning, no_renegotiation);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -7196,7 +7203,18 @@ int ReceiveData(CYASSL* ssl, byte* output, int sz, int peek)
|
||||
return err;
|
||||
}
|
||||
|
||||
while (ssl->buffers.clearOutputBuffer.length == 0)
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
startScr:
|
||||
if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) {
|
||||
int err;
|
||||
ssl->secure_renegotiation->startScr = 0; /* only start once */
|
||||
CYASSL_MSG("Need to start scr, server requested");
|
||||
if ( (err = CyaSSL_Rehandshake(ssl)) != SSL_SUCCESS)
|
||||
return err;
|
||||
}
|
||||
#endif
|
||||
|
||||
while (ssl->buffers.clearOutputBuffer.length == 0) {
|
||||
if ( (ssl->error = ProcessReply(ssl)) < 0) {
|
||||
CYASSL_ERROR(ssl->error);
|
||||
if (ssl->error == ZERO_RETURN) {
|
||||
@ -7211,6 +7229,13 @@ int ReceiveData(CYASSL* ssl, byte* output, int sz, int peek)
|
||||
}
|
||||
return ssl->error;
|
||||
}
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
if (ssl->secure_renegotiation &&
|
||||
ssl->secure_renegotiation->startScr) {
|
||||
goto startScr;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
if (sz < (int)ssl->buffers.clearOutputBuffer.length)
|
||||
size = sz;
|
||||
|
Loading…
Reference in New Issue
Block a user