yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-11 15:45:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Introduce getter function for renego_status

Browse source 
While not strictly related to this PR, this change improves readability in
some resumption-related runtime conditions that previously had rather ugly
preprocessor directives in the middle of already complex predicates.
This commit is contained in:
Manuel Pégourié-Gonnard 2019-07-01 12:20:54 +02:00
parent 3652e99100
commit 754b9f32db
3 changed files with 32 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
include/mbedtls/ssl_internal.h
View file

@ -1127,4 +1127,15 @@ static inline int mbedtls_ssl_handshake_get_resume(
#endif
}
static inline int mbedtls_ssl_get_renego_status(
const mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_SSL_RENEGOTIATION)
return( ssl->renego_status );
#else
(void) ssl;
return( MBEDTLS_SSL_INITIAL_HANDSHAKE );
#endif
}
#endif /* ssl_internal.h */

24
library/ssl_cli.c
View file

@ -828,9 +828,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_NO_RNG );
}
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
#endif
if( mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE )
{
ssl->major_ver = ssl->conf->min_major_ver;
ssl->minor_ver = ssl->conf->min_minor_ver;
@ -885,9 +883,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
n = ssl->session_negotiate->id_len;
if( n < 16 || n > 32 ||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
#endif
mbedtls_ssl_get_renego_status( ssl ) != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
mbedtls_ssl_handshake_get_resume( ssl->handshake ) == 0 )
{
n = 0;
@ -898,11 +894,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
* RFC 5077 section 3.4: "When presenting a ticket, the client MAY
* generate and include a Session ID in the TLS ClientHello."
*/
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
#endif
{
if( ssl->session_negotiate->ticket != NULL &&
if( mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE &&
ssl->session_negotiate->ticket != NULL &&
ssl->session_negotiate->ticket_len != 0 )
{
ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id, 32 );
@ -912,7 +905,6 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
ssl->session_negotiate->id_len = n = 32;
}
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
*p++ = (unsigned char) n;
@ -985,9 +977,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
/*
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*/
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
#endif
if( mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
*p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
@ -1800,9 +1790,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
*/
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
if( n == 0 ||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
#endif
mbedtls_ssl_get_renego_status( ssl ) != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
ssl->session_negotiate->ciphersuite != i ||
ssl->session_negotiate->compression != comp ||
ssl->session_negotiate->id_len != n ||

26
library/ssl_srv.c
View file

@ -1287,17 +1287,13 @@ read_record_header:
* otherwise read it ourselves manually in order to support SSLv2
* ClientHello, which doesn't use the same record layer format.
*/
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
#endif
{
if( ( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 )
if( mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE &&
( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 )
{
/* No alert on a read error. */
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
return( ret );
}
}
buf = ssl->in_hdr;
@ -1351,11 +1347,8 @@ read_record_header:
/* For DTLS if this is the initial handshake, remember the client sequence
* number to use it in our next message (RFC 6347 4.2.1) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport )
#if defined(MBEDTLS_SSL_RENEGOTIATION)
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
#endif
)
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE )
{
/* Epoch should be 0 for initial handshakes */
if( ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0 )
@ -1616,11 +1609,8 @@ read_record_header:
buf + cookie_offset + 1, cookie_len );
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
if( ssl->conf->f_cookie_check != NULL
#if defined(MBEDTLS_SSL_RENEGOTIATION)
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
#endif
)
if( ssl->conf->f_cookie_check != NULL &&
mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE )
{
if( ssl->conf->f_cookie_check( ssl->conf->p_cookie,
buf + cookie_offset + 1, cookie_len,
@ -2644,9 +2634,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
* If not, try looking up session ID in our cache.
*/
if( mbedtls_ssl_handshake_get_resume( ssl->handshake ) == 0 &&
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE &&
#endif
mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE &&
ssl->session_negotiate->id_len != 0 &&
ssl->conf->f_get_cache != NULL &&
ssl->conf->f_get_cache( ssl->conf->p_cache, ssl->session_negotiate ) == 0 )