From 852a6d3d8f9cf5dec20a364f938f9df7fdbf6c91 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Thu, 19 Mar 2015 16:15:20 +0000
Subject: [PATCH] Rename ssl.renegotiation to ssl.renego_status
---
include/mbedtls/ssl.h | 2 +-
library/ssl_cli.c | 22 +++++++++++-----------
library/ssl_srv.c | 32 ++++++++++++++++----------------
library/ssl_tls.c | 28 ++++++++++++++--------------
4 files changed, 42 insertions(+), 42 deletions(-)
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 569fdb58de..d96dd2882a 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -795,7 +795,7 @@ struct _ssl_context
int state; /*!< SSL handshake: current state */
int transport; /*!< Transport: stream or datagram */
#if defined(POLARSSL_SSL_RENEGOTIATION)
- int renegotiation; /*!< Initial or renegotiation */
+ int renego_status; /*!< Initial, in progress, pending? */
int renego_records_seen; /*!< Records since renego request, or with DTLS,
number of retransmissions of request if
renego_max_records is < 0 */
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index db4bf69642..09d5cf84b3 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -120,7 +120,7 @@ static void ssl_write_renegotiation_ext( ssl_context *ssl,
*olen = 0;
- if( ssl->renegotiation != SSL_RENEGOTIATION_IN_PROGRESS )
+ if( ssl->renego_status != SSL_RENEGOTIATION_IN_PROGRESS )
return;
SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) );
@@ -562,7 +562,7 @@ static int ssl_write_client_hello( ssl_context *ssl )
}
#if defined(POLARSSL_SSL_RENEGOTIATION)
- if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
+ if( ssl->renego_status == SSL_INITIAL_HANDSHAKE )
#endif
{
ssl->major_ver = ssl->min_major_ver;
@@ -618,7 +618,7 @@ static int ssl_write_client_hello( ssl_context *ssl )
if( n < 16 || n > 32 ||
#if defined(POLARSSL_SSL_RENEGOTIATION)
- ssl->renegotiation != SSL_INITIAL_HANDSHAKE ||
+ ssl->renego_status != SSL_INITIAL_HANDSHAKE ||
#endif
ssl->handshake->resume == 0 )
{
@@ -631,7 +631,7 @@ static int ssl_write_client_hello( ssl_context *ssl )
* generate and include a Session ID in the TLS ClientHello."
*/
#if defined(POLARSSL_SSL_RENEGOTIATION)
- if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
+ if( ssl->renego_status == SSL_INITIAL_HANDSHAKE )
#endif
{
if( ssl->session_negotiate->ticket != NULL &&
@@ -723,7 +723,7 @@ static int ssl_write_client_hello( ssl_context *ssl )
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*/
#if defined(POLARSSL_SSL_RENEGOTIATION)
- if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
+ if( ssl->renego_status == SSL_INITIAL_HANDSHAKE )
#endif
{
*p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
@@ -882,7 +882,7 @@ static int ssl_parse_renegotiation_info( ssl_context *ssl,
int ret;
#if defined(POLARSSL_SSL_RENEGOTIATION)
- if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
+ if( ssl->renego_status != SSL_INITIAL_HANDSHAKE )
{
/* Check verify-data in constant-time. The length OTOH is no secret */
if( len != 1 + ssl->verify_data_len * 2 ||
@@ -1195,7 +1195,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
{
#if defined(POLARSSL_SSL_RENEGOTIATION)
- if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS )
+ if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS )
{
ssl->renego_records_seen++;
@@ -1366,7 +1366,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
*/
if( ssl->handshake->resume == 0 || n == 0 ||
#if defined(POLARSSL_SSL_RENEGOTIATION)
- ssl->renegotiation != SSL_INITIAL_HANDSHAKE ||
+ ssl->renego_status != SSL_INITIAL_HANDSHAKE ||
#endif
ssl->session_negotiate->ciphersuite != i ||
ssl->session_negotiate->compression != comp ||
@@ -1581,21 +1581,21 @@ static int ssl_parse_server_hello( ssl_context *ssl )
handshake_failure = 1;
}
#if defined(POLARSSL_SSL_RENEGOTIATION)
- else if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS &&
+ else if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->secure_renegotiation == SSL_SECURE_RENEGOTIATION &&
renegotiation_info_seen == 0 )
{
SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) );
handshake_failure = 1;
}
- else if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS &&
+ else if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
ssl->allow_legacy_renegotiation == SSL_LEGACY_NO_RENEGOTIATION )
{
SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
handshake_failure = 1;
}
- else if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS &&
+ else if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
renegotiation_info_seen == 1 )
{
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index bb66352bbb..908c56d09d 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -460,7 +460,7 @@ static int ssl_parse_renegotiation_info( ssl_context *ssl,
int ret;
#if defined(POLARSSL_SSL_RENEGOTIATION)
- if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
+ if( ssl->renego_status != SSL_INITIAL_HANDSHAKE )
{
/* Check verify-data in constant-time. The length OTOH is no secret */
if( len != 1 + ssl->verify_data_len ||
@@ -733,7 +733,7 @@ static int ssl_parse_session_ticket_ext( ssl_context *ssl,
return( 0 );
#if defined(POLARSSL_SSL_RENEGOTIATION)
- if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
+ if( ssl->renego_status != SSL_INITIAL_HANDSHAKE )
{
SSL_DEBUG_MSG( 3, ( "ticket rejected: renegotiating" ) );
return( 0 );
@@ -1042,7 +1042,7 @@ static int ssl_parse_client_hello_v2( ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "=> parse client hello v2" ) );
#if defined(POLARSSL_SSL_RENEGOTIATION)
- if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
+ if( ssl->renego_status != SSL_INITIAL_HANDSHAKE )
{
SSL_DEBUG_MSG( 1, ( "client hello v2 illegal for renegotiation" ) );
@@ -1189,7 +1189,7 @@ static int ssl_parse_client_hello_v2( ssl_context *ssl )
{
SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) );
#if defined(POLARSSL_SSL_RENEGOTIATION)
- if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS )
+ if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS )
{
SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV "
"during renegotiation" ) );
@@ -1329,7 +1329,7 @@ read_record_header:
* ClientHello, which doesn't use the same record layer format.
*/
#if defined(POLARSSL_SSL_RENEGOTIATION)
- if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
+ if( ssl->renego_status == SSL_INITIAL_HANDSHAKE )
#endif
{
if( ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 )
@@ -1392,7 +1392,7 @@ read_record_header:
#if defined(POLARSSL_SSL_PROTO_DTLS)
if( ssl->transport == SSL_TRANSPORT_DATAGRAM
#if defined(POLARSSL_SSL_RENEGOTIATION)
- && ssl->renegotiation == SSL_INITIAL_HANDSHAKE
+ && ssl->renego_status == SSL_INITIAL_HANDSHAKE
#endif
)
{
@@ -1423,7 +1423,7 @@ read_record_header:
msg_len = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
#if defined(POLARSSL_SSL_RENEGOTIATION)
- if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
+ if( ssl->renego_status != SSL_INITIAL_HANDSHAKE )
{
/* Set by ssl_read_record() */
msg_len = ssl->in_hslen;
@@ -1499,7 +1499,7 @@ read_record_header:
* check sequence number on renego.
*/
#if defined(POLARSSL_SSL_RENEGOTIATION)
- if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS )
+ if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS )
{
/* This couldn't be done in ssl_prepare_handshake_record() */
unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) |
@@ -1648,7 +1648,7 @@ read_record_header:
#if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
if( ssl->f_cookie_check != NULL
#if defined(POLARSSL_SSL_RENEGOTIATION)
- && ssl->renegotiation == SSL_INITIAL_HANDSHAKE
+ && ssl->renego_status == SSL_INITIAL_HANDSHAKE
#endif
)
{
@@ -1808,7 +1808,7 @@ read_record_header:
case TLS_EXT_SIG_ALG:
SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
#if defined(POLARSSL_SSL_RENEGOTIATION)
- if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS )
+ if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS )
break;
#endif
@@ -1945,7 +1945,7 @@ read_record_header:
{
SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) );
#if defined(POLARSSL_SSL_RENEGOTIATION)
- if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS )
+ if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS )
{
SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV during renegotiation" ) );
@@ -1970,21 +1970,21 @@ read_record_header:
handshake_failure = 1;
}
#if defined(POLARSSL_SSL_RENEGOTIATION)
- else if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS &&
+ else if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->secure_renegotiation == SSL_SECURE_RENEGOTIATION &&
renegotiation_info_seen == 0 )
{
SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) );
handshake_failure = 1;
}
- else if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS &&
+ else if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
ssl->allow_legacy_renegotiation == SSL_LEGACY_NO_RENEGOTIATION )
{
SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
handshake_failure = 1;
}
- else if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS &&
+ else if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
renegotiation_info_seen == 1 )
{
@@ -2205,7 +2205,7 @@ static void ssl_write_renegotiation_ext( ssl_context *ssl,
*p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO ) & 0xFF );
#if defined(POLARSSL_SSL_RENEGOTIATION)
- if( ssl->renegotiation != SSL_INITIAL_HANDSHAKE )
+ if( ssl->renego_status != SSL_INITIAL_HANDSHAKE )
{
*p++ = 0x00;
*p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF;
@@ -2461,7 +2461,7 @@ static int ssl_write_server_hello( ssl_context *ssl )
*/
if( ssl->handshake->resume == 0 &&
#if defined(POLARSSL_SSL_RENEGOTIATION)
- ssl->renegotiation == SSL_INITIAL_HANDSHAKE &&
+ ssl->renego_status == SSL_INITIAL_HANDSHAKE &&
#endif
ssl->session_negotiate->length != 0 &&
ssl->f_get_cache != NULL &&
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 6cb359090f..064860735b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2258,7 +2258,7 @@ int ssl_fetch_input( ssl_context *ssl, size_t nb_want )
}
#if defined(POLARSSL_SSL_SRV_C) && defined(POLARSSL_SSL_RENEGOTIATION)
else if( ssl->endpoint == SSL_IS_SERVER &&
- ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
+ ssl->renego_status == SSL_RENEGOTIATION_PENDING )
{
if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
{
@@ -3207,7 +3207,7 @@ static int ssl_parse_record_header( ssl_context *ssl )
if( ssl->in_msgtype == SSL_MSG_APPLICATION_DATA &&
ssl->state != SSL_HANDSHAKE_OVER
#if defined(POLARSSL_SSL_RENEGOTIATION)
- && ! ( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS &&
+ && ! ( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->state == SSL_SERVER_HELLO )
#endif
)
@@ -3945,7 +3945,7 @@ int ssl_parse_certificate( ssl_context *ssl )
*/
#if defined(POLARSSL_SSL_RENEGOTIATION) && defined(POLARSSL_SSL_CLI_C)
if( ssl->endpoint == SSL_IS_CLIENT &&
- ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS )
+ ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS )
{
if( ssl->session->peer_cert == NULL )
{
@@ -4490,9 +4490,9 @@ void ssl_handshake_wrapup( ssl_context *ssl )
SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
#if defined(POLARSSL_SSL_RENEGOTIATION)
- if( ssl->renegotiation == SSL_RENEGOTIATION_IN_PROGRESS )
+ if( ssl->renego_status == SSL_RENEGOTIATION_IN_PROGRESS )
{
- ssl->renegotiation = SSL_RENEGOTIATION_DONE;
+ ssl->renego_status = SSL_RENEGOTIATION_DONE;
ssl->renego_records_seen = 0;
}
#endif
@@ -4990,7 +4990,7 @@ int ssl_session_reset( ssl_context *ssl )
ssl->state = SSL_HELLO_REQUEST;
#if defined(POLARSSL_SSL_RENEGOTIATION)
- ssl->renegotiation = SSL_INITIAL_HANDSHAKE;
+ ssl->renego_status = SSL_INITIAL_HANDSHAKE;
ssl->renego_records_seen = 0;
ssl->verify_data_len = 0;
@@ -5972,7 +5972,7 @@ static int ssl_start_renegotiation( ssl_context *ssl )
* the ServerHello will have message_seq = 1" */
#if defined(POLARSSL_SSL_PROTO_DTLS)
if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
- ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
+ ssl->renego_status == SSL_RENEGOTIATION_PENDING )
{
if( ssl->endpoint == SSL_IS_SERVER )
ssl->handshake->out_msg_seq = 1;
@@ -5982,7 +5982,7 @@ static int ssl_start_renegotiation( ssl_context *ssl )
#endif
ssl->state = SSL_HELLO_REQUEST;
- ssl->renegotiation = SSL_RENEGOTIATION_IN_PROGRESS;
+ ssl->renego_status = SSL_RENEGOTIATION_IN_PROGRESS;
if( ( ret = ssl_handshake( ssl ) ) != 0 )
{
@@ -6010,7 +6010,7 @@ int ssl_renegotiate( ssl_context *ssl )
if( ssl->state != SSL_HANDSHAKE_OVER )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
- ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
+ ssl->renego_status = SSL_RENEGOTIATION_PENDING;
/* Did we already try/start sending HelloRequest? */
if( ssl->out_left != 0 )
@@ -6025,7 +6025,7 @@ int ssl_renegotiate( ssl_context *ssl )
* On client, either start the renegotiation process or,
* if already in progress, continue the handshake
*/
- if( ssl->renegotiation != SSL_RENEGOTIATION_IN_PROGRESS )
+ if( ssl->renego_status != SSL_RENEGOTIATION_IN_PROGRESS )
{
if( ssl->state != SSL_HANDSHAKE_OVER )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
@@ -6055,7 +6055,7 @@ int ssl_renegotiate( ssl_context *ssl )
static int ssl_check_ctr_renegotiate( ssl_context *ssl )
{
if( ssl->state != SSL_HANDSHAKE_OVER ||
- ssl->renegotiation == SSL_RENEGOTIATION_PENDING ||
+ ssl->renego_status == SSL_RENEGOTIATION_PENDING ||
ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED )
{
return( 0 );
@@ -6234,7 +6234,7 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
ssl->endpoint == SSL_IS_CLIENT )
{
- ssl->renegotiation = SSL_RENEGOTIATION_PENDING;
+ ssl->renego_status = SSL_RENEGOTIATION_PENDING;
}
#endif
ret = ssl_start_renegotiation( ssl );
@@ -6254,7 +6254,7 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
if( ! record_read )
return( POLARSSL_ERR_NET_WANT_READ );
}
- else if( ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
+ else if( ssl->renego_status == SSL_RENEGOTIATION_PENDING )
{
if( ssl->renego_max_records >= 0 )
@@ -6295,7 +6295,7 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
* again if ssl_write_hello_request() returns WANT_WRITE */
#if defined(POLARSSL_SSL_SRV_C) && defined(POLARSSL_SSL_RENEGOTIATION)
if( ssl->endpoint == SSL_IS_SERVER &&
- ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
+ ssl->renego_status == SSL_RENEGOTIATION_PENDING )
{
if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
{