yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-03 16:21:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow delay on renego on client

Browse source 
Currently unbounded: will be fixed later
This commit is contained in:
Manuel Pégourié-Gonnard 2014-08-19 12:50:30 +02:00
parent f26a1e8602
commit 6591962f06
6 changed files with 36 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
include/polarssl/error.h
View file

@ -91,7 +91,7 @@
* ECP 4 8 (Started from top) * ECP 4 8 (Started from top)
* MD 5 4 * MD 5 4
* CIPHER 6 6 * CIPHER 6 6
* SSL 6 9 (Started from top) * SSL 6 10 (Started from top)
* SSL 7 31 * SSL 7 31
* *
* Module dependent error code (5 bits 0x.00.-0x.F8.) * Module dependent error code (5 bits 0x.00.-0x.F8.)

1
include/polarssl/ssl.h
View file

@ -145,6 +145,7 @@
#define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Unknown identity received (eg, PSK identity) */ #define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Unknown identity received (eg, PSK identity) */
#define POLARSSL_ERR_SSL_INTERNAL_ERROR -0x6C00 /**< Internal error (eg, unexpected failure in lower-level module) */ #define POLARSSL_ERR_SSL_INTERNAL_ERROR -0x6C00 /**< Internal error (eg, unexpected failure in lower-level module) */
#define POLARSSL_ERR_SSL_COUNTER_WRAPPING -0x6B80 /**< A counter would wrap (eg, too many messages exchanged). */ #define POLARSSL_ERR_SSL_COUNTER_WRAPPING -0x6B80 /**< A counter would wrap (eg, too many messages exchanged). */
#define POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 /**< Unexpected message at ServerHello in renegotiation. */
/* /*
* Various constants * Various constants

2
library/error.c
View file

@ -450,6 +450,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
snprintf( buf, buflen, "SSL - Internal error (eg, unexpected failure in lower-level module)" ); snprintf( buf, buflen, "SSL - Internal error (eg, unexpected failure in lower-level module)" );
if( use_ret == -(POLARSSL_ERR_SSL_COUNTER_WRAPPING) ) if( use_ret == -(POLARSSL_ERR_SSL_COUNTER_WRAPPING) )
snprintf( buf, buflen, "SSL - A counter would wrap (eg, too many messages exchanged)" ); snprintf( buf, buflen, "SSL - A counter would wrap (eg, too many messages exchanged)" );
if( use_ret == -(POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO) )
snprintf( buf, buflen, "SSL - Unexpected message at ServerHello in renegotiation" );
#endif /* POLARSSL_SSL_TLS_C */ #endif /* POLARSSL_SSL_TLS_C */
#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C) #if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)

6
library/ssl_cli.c
View file

@ -902,6 +902,12 @@ static int ssl_parse_server_hello( ssl_context *ssl )
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ) if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
{ {
if( ssl->renegotiation == SSL_RENEGOTIATION )
{
SSL_DEBUG_MSG( 1, ( "non-handshake message during renego" ) );
return( POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO );
}
SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE ); return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
} }

23
library/ssl_tls.c
View file

@ -4260,14 +4260,19 @@ int ssl_renegotiate( ssl_context *ssl )
*/ */
int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len ) int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
{ {
int ret; int ret, record_read = 0;
size_t n; size_t n;
SSL_DEBUG_MSG( 2, ( "=> read" ) ); SSL_DEBUG_MSG( 2, ( "=> read" ) );
if( ssl->state != SSL_HANDSHAKE_OVER ) if( ssl->state != SSL_HANDSHAKE_OVER )
{ {
if( ( ret = ssl_handshake( ssl ) ) != 0 ) ret = ssl_handshake( ssl );
if( ret == POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO )
{
record_read = 1;
}
else if( ret != 0 )
{ {
SSL_DEBUG_RET( 1, "ssl_handshake", ret ); SSL_DEBUG_RET( 1, "ssl_handshake", ret );
return( ret ); return( ret );
@ -4275,6 +4280,8 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
} }
if( ssl->in_offt == NULL ) if( ssl->in_offt == NULL )
{
if( ! record_read )
{ {
if( ( ret = ssl_read_record( ssl ) ) != 0 ) if( ( ret = ssl_read_record( ssl ) ) != 0 )
{ {
@ -4284,6 +4291,7 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
SSL_DEBUG_RET( 1, "ssl_read_record", ret ); SSL_DEBUG_RET( 1, "ssl_read_record", ret );
return( ret ); return( ret );
} }
}
if( ssl->in_msglen == 0 && if( ssl->in_msglen == 0 &&
ssl->in_msgtype == SSL_MSG_APPLICATION_DATA ) ssl->in_msgtype == SSL_MSG_APPLICATION_DATA )
@ -4352,14 +4360,21 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
} }
else else
{ {
if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 ) ret = ssl_start_renegotiation( ssl );
if( ret == POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO )
{
record_read = 1;
}
else if( ret != 0 )
{ {
SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
return( ret ); return( ret );
} }
} }
/* Tell the user to call ssl_read() again */ /* If a non-handshake record was read during renego, fallthrough,
* else tell the user they should call ssl_read() again */
if( ! record_read )
return( POLARSSL_ERR_NET_WANT_READ ); return( POLARSSL_ERR_NET_WANT_READ );
} }
else if( ssl->renegotiation == SSL_RENEGOTIATION_PENDING ) else if( ssl->renegotiation == SSL_RENEGOTIATION_PENDING )

2
tests/ssl-opt.sh
View file

@ -627,7 +627,7 @@ run_test "Renegotiation #4 (client-initiated, server-rejected)" \
-c "=> renegotiate" \ -c "=> renegotiate" \
-S "=> renegotiate" \ -S "=> renegotiate" \
-S "write hello request" \ -S "write hello request" \
-c "SSL - An unexpected message was received from our peer" \ -c "SSL - Unexpected message at ServerHello in renegotiation" \
-c "failed" -c "failed"
run_test "Renegotiation #5 (server-initiated, client-rejected, default)" \ run_test "Renegotiation #5 (server-initiated, client-rejected, default)" \