Make ssl_renegotiate the only interface

ssl_write_hello_request() is no private
2024-10-18 20:11:20 +00:00 · 2013-10-30 13:06:54 +01:00 · 2013-10-30 13:06:54 +01:00 · 214eed38c7
parent caed0541a0
commit 214eed38c7
3 changed files with 44 additions and 30 deletions
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -1566,8 +1566,6 @@ static inline x509_crt *ssl_own_cert( ssl_context *ssl )
 }
 #endif /* POLARSSL_X509_CRT_PARSE_C */

-int ssl_write_hello_request( ssl_context *ssl );
-
 #ifdef __cplusplus
 }
 #endif
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -335,30 +335,6 @@ static int ssl_parse_ticket( ssl_context *ssl,
 }
 #endif /* POLARSSL_SSL_SESSION_TICKETS */

-/*
- * Write HelloRequest to request renegotiation
- */
-int ssl_write_hello_request( ssl_context *ssl )
-{
-    int ret;
-
-    SSL_DEBUG_MSG( 2, ( "=> write hello request" ) );
-
-    ssl->out_msglen  = 4;
-    ssl->out_msgtype = SSL_MSG_HANDSHAKE;
-    ssl->out_msg[0]  = SSL_HS_HELLO_REQUEST;
-
-    if( ( ret = ssl_write_record( ssl ) ) != 0 )
-    {
-        SSL_DEBUG_RET( 1, "ssl_write_record", ret );
-        return( ret );
-    }
-
-    SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
-
-    return( 0 );
-}
-
 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
 /*
 * Wrapper around f_sni, allowing use of ssl_set_own_cert() but
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -3972,9 +3972,37 @@ int ssl_handshake( ssl_context *ssl )
 }

 /*
- * Renegotiate current connection
+ * Write HelloRequest to request renegotiation on server
 */
-int ssl_renegotiate( ssl_context *ssl )
+static int ssl_write_hello_request( ssl_context *ssl )
+{
+    int ret;
+
+    SSL_DEBUG_MSG( 2, ( "=> write hello request" ) );
+
+    ssl->out_msglen  = 4;
+    ssl->out_msgtype = SSL_MSG_HANDSHAKE;
+    ssl->out_msg[0]  = SSL_HS_HELLO_REQUEST;
+
+    if( ( ret = ssl_write_record( ssl ) ) != 0 )
+    {
+        SSL_DEBUG_RET( 1, "ssl_write_record", ret );
+        return( ret );
+    }
+
+    SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
+
+    return( 0 );
+}
+
+/*
+ * Actually renegotiate current connection, triggered by either:
+ * - calling ssl_renegotiate() on client,
+ * - receiving a HelloRequestion on client during ssl_read(),
+ * - receiving any handshake message on server during ssl_read() after the
+ *   initial handshake is completed
+ */
+static int ssl_do_renegotiate( ssl_context *ssl )
 {
    int ret;

@ -4006,6 +4034,18 @@ int ssl_renegotiate( ssl_context *ssl )
    return( 0 );
 }

+/*
+ * Renegotiate current connection on client,
+ * or request renegotiation on server
+ */
+int ssl_renegotiate( ssl_context *ssl )
+{
+    if( ssl->endpoint == SSL_IS_CLIENT )
+        return( ssl_do_renegotiate( ssl ) );
+    else
+        return( ssl_write_hello_request( ssl ) );
+}
+
 /*
 * Receive application data decrypted from the SSL layer
 */
@ -4101,9 +4141,9 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
            }
            else
            {
-                if( ( ret = ssl_renegotiate( ssl ) ) != 0 )
+                if( ( ret = ssl_do_renegotiate( ssl ) ) != 0 )
                {
-                    SSL_DEBUG_RET( 1, "ssl_renegotiate", ret );
+                    SSL_DEBUG_RET( 1, "ssl_do_renegotiate", ret );
                    return( ret );
                }