yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-25 23:31:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Introduce getter function for renego_status

Browse source 
While not strictly related to this PR, this change improves readability in
some resumption-related runtime conditions that previously had rather ugly
preprocessor directives in the middle of already complex predicates.
This commit is contained in:
Manuel Pégourié-Gonnard 2019-07-01 12:20:54 +02:00
parent 3652e99100
commit 754b9f32db
3 changed files with 32 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
include/mbedtls/ssl_internal.h
View file

@ -1127,4 +1127,15 @@ static inline int mbedtls_ssl_handshake_get_resume(
#endif #endif
} }
static inline int mbedtls_ssl_get_renego_status(
const mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_SSL_RENEGOTIATION)
return( ssl->renego_status );
#else
(void) ssl;
return( MBEDTLS_SSL_INITIAL_HANDSHAKE );
#endif
}
#endif /* ssl_internal.h */ #endif /* ssl_internal.h */

34
library/ssl_cli.c
View file

@ -828,9 +828,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_NO_RNG ); return( MBEDTLS_ERR_SSL_NO_RNG );
} }
#if defined(MBEDTLS_SSL_RENEGOTIATION) if( mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE )
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
#endif
{ {
ssl->major_ver = ssl->conf->min_major_ver; ssl->major_ver = ssl->conf->min_major_ver;
ssl->minor_ver = ssl->conf->min_minor_ver; ssl->minor_ver = ssl->conf->min_minor_ver;
@ -885,9 +883,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
n = ssl->session_negotiate->id_len; n = ssl->session_negotiate->id_len;
if( n < 16 || n > 32 || if( n < 16 || n > 32 ||
#if defined(MBEDTLS_SSL_RENEGOTIATION) mbedtls_ssl_get_renego_status( ssl ) != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
#endif
mbedtls_ssl_handshake_get_resume( ssl->handshake ) == 0 ) mbedtls_ssl_handshake_get_resume( ssl->handshake ) == 0 )
{ {
n = 0; n = 0;
@ -898,20 +894,16 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
* RFC 5077 section 3.4: "When presenting a ticket, the client MAY * RFC 5077 section 3.4: "When presenting a ticket, the client MAY
* generate and include a Session ID in the TLS ClientHello." * generate and include a Session ID in the TLS ClientHello."
*/ */
#if defined(MBEDTLS_SSL_RENEGOTIATION) if( mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE &&
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) ssl->session_negotiate->ticket != NULL &&
#endif ssl->session_negotiate->ticket_len != 0 )
{ {
if( ssl->session_negotiate->ticket != NULL && ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id, 32 );
ssl->session_negotiate->ticket_len != 0 )
{
ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id, 32 );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
ssl->session_negotiate->id_len = n = 32; ssl->session_negotiate->id_len = n = 32;
}
} }
#endif /* MBEDTLS_SSL_SESSION_TICKETS */ #endif /* MBEDTLS_SSL_SESSION_TICKETS */
@ -985,9 +977,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
/* /*
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*/ */
#if defined(MBEDTLS_SSL_RENEGOTIATION) if( mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE )
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
#endif
{ {
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
*p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 ); *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
@ -1800,9 +1790,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
*/ */
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) #if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
if( n == 0 || if( n == 0 ||
#if defined(MBEDTLS_SSL_RENEGOTIATION) mbedtls_ssl_get_renego_status( ssl ) != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
#endif
ssl->session_negotiate->ciphersuite != i || ssl->session_negotiate->ciphersuite != i ||
ssl->session_negotiate->compression != comp || ssl->session_negotiate->compression != comp ||
ssl->session_negotiate->id_len != n || ssl->session_negotiate->id_len != n ||

32
library/ssl_srv.c
View file

@ -1287,16 +1287,12 @@ read_record_header:
* otherwise read it ourselves manually in order to support SSLv2 * otherwise read it ourselves manually in order to support SSLv2
* ClientHello, which doesn't use the same record layer format. * ClientHello, which doesn't use the same record layer format.
*/ */
#if defined(MBEDTLS_SSL_RENEGOTIATION) if( mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE &&
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) ( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 )
#endif
{ {
if( ( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 ) /* No alert on a read error. */
{ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
/* No alert on a read error. */ return( ret );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
return( ret );
}
} }
buf = ssl->in_hdr; buf = ssl->in_hdr;
@ -1351,11 +1347,8 @@ read_record_header:
/* For DTLS if this is the initial handshake, remember the client sequence /* For DTLS if this is the initial handshake, remember the client sequence
* number to use it in our next message (RFC 6347 4.2.1) */ * number to use it in our next message (RFC 6347 4.2.1) */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
#if defined(MBEDTLS_SSL_RENEGOTIATION) mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE )
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
#endif
)
{ {
/* Epoch should be 0 for initial handshakes */ /* Epoch should be 0 for initial handshakes */
if( ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0 ) if( ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0 )
@ -1616,11 +1609,8 @@ read_record_header:
buf + cookie_offset + 1, cookie_len ); buf + cookie_offset + 1, cookie_len );
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
if( ssl->conf->f_cookie_check != NULL if( ssl->conf->f_cookie_check != NULL &&
#if defined(MBEDTLS_SSL_RENEGOTIATION) mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE )
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
#endif
)
{ {
if( ssl->conf->f_cookie_check( ssl->conf->p_cookie, if( ssl->conf->f_cookie_check( ssl->conf->p_cookie,
buf + cookie_offset + 1, cookie_len, buf + cookie_offset + 1, cookie_len,
@ -2644,9 +2634,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
* If not, try looking up session ID in our cache. * If not, try looking up session ID in our cache.
*/ */
if( mbedtls_ssl_handshake_get_resume( ssl->handshake ) == 0 && if( mbedtls_ssl_handshake_get_resume( ssl->handshake ) == 0 &&
#if defined(MBEDTLS_SSL_RENEGOTIATION) mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE &&
ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE &&
#endif
ssl->session_negotiate->id_len != 0 && ssl->session_negotiate->id_len != 0 &&
ssl->conf->f_get_cache != NULL && ssl->conf->f_get_cache != NULL &&
ssl->conf->f_get_cache( ssl->conf->p_cache, ssl->session_negotiate ) == 0 ) ssl->conf->f_get_cache( ssl->conf->p_cache, ssl->session_negotiate ) == 0 )