yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-02 19:01:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Secure renegotiation extension should only be sent in case client supports secure renegotiation

Browse source
This commit is contained in:
Paul Bakker 2013-06-06 11:22:13 +02:00
parent 822e958bb2
commit 7c3c3899cf
2 changed files with 27 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -1,5 +1,10 @@
PolarSSL ChangeLog PolarSSL ChangeLog
= Branch 1.2
Bugfix
* Secure renegotiation extension should only be sent in case client
supports secure renegotiation
= Version 1.2.7 released 2013-04-13 = Version 1.2.7 released 2013-04-13
Features Features
* Ability to specify allowed ciphersuites based on the protocol version. * Ability to specify allowed ciphersuites based on the protocol version.

41
library/ssl_srv.c
View file

@ -864,31 +864,34 @@ static int ssl_write_server_hello( ssl_context *ssl )
SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d",
ssl->session_negotiate->compression ) ); ssl->session_negotiate->compression ) );
SSL_DEBUG_MSG( 3, ( "server hello, prepping for secure renegotiation extension" ) ); if( ssl->secure_renegotiation == SSL_SECURE_RENEGOTIATION )
ext_len += 5 + ssl->verify_data_len * 2; {
SSL_DEBUG_MSG( 3, ( "server hello, prepping for secure renegotiation extension" ) );
ext_len += 5 + ssl->verify_data_len * 2;
SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d",
ext_len ) ); ext_len ) );
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ext_len ) & 0xFF ); *p++ = (unsigned char)( ( ext_len ) & 0xFF );
/* /*
* Secure renegotiation * Secure renegotiation
*/ */
SSL_DEBUG_MSG( 3, ( "client hello, secure renegotiation extension" ) ); SSL_DEBUG_MSG( 3, ( "client hello, secure renegotiation extension" ) );
*p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO ) & 0xFF ); *p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO ) & 0xFF );
*p++ = 0x00; *p++ = 0x00;
*p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF; *p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF;
*p++ = ssl->verify_data_len * 2 & 0xFF; *p++ = ssl->verify_data_len * 2 & 0xFF;
memcpy( p, ssl->peer_verify_data, ssl->verify_data_len ); memcpy( p, ssl->peer_verify_data, ssl->verify_data_len );
p += ssl->verify_data_len; p += ssl->verify_data_len;
memcpy( p, ssl->own_verify_data, ssl->verify_data_len ); memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
p += ssl->verify_data_len; p += ssl->verify_data_len;
}
ssl->out_msglen = p - buf; ssl->out_msglen = p - buf;
ssl->out_msgtype = SSL_MSG_HANDSHAKE; ssl->out_msgtype = SSL_MSG_HANDSHAKE;