mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-06 12:40:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Rework server extensions writing

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2013-07-17 11:17:14 +02:00
parent de600e571a
commit f11a6d78c7
1 changed files with 45 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
library/ssl_srv.c
View File

@ -958,13 +958,42 @@ have_ciphersuite:
return( 0 ); return( 0 );
} }
static void ssl_write_renegotiation_ext( ssl_context *ssl,
unsigned char *buf,
size_t *olen )
{
unsigned char *p = buf;
if( ssl->secure_renegotiation != SSL_SECURE_RENEGOTIATION )
{
*olen = 0;
return;
}
SSL_DEBUG_MSG( 3, ( "server hello, secure renegotiation extension" ) );
*p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO ) & 0xFF );
*p++ = 0x00;
*p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF;
*p++ = ssl->verify_data_len * 2 & 0xFF;
memcpy( p, ssl->peer_verify_data, ssl->verify_data_len );
p += ssl->verify_data_len;
memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
p += ssl->verify_data_len;
*olen = 5 + ssl->verify_data_len * 2;
}
static int ssl_write_server_hello( ssl_context *ssl ) static int ssl_write_server_hello( ssl_context *ssl )
{ {
#if defined(POLARSSL_HAVE_TIME) #if defined(POLARSSL_HAVE_TIME)
time_t t; time_t t;
#endif #endif
int ret, n; int ret, n;
size_t ext_len = 0; size_t olen, ext_len = 0;
unsigned char *buf, *p; unsigned char *buf, *p;
SSL_DEBUG_MSG( 2, ( "=> write server hello" ) ); SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
@ -1014,6 +1043,8 @@ static int ssl_write_server_hello( ssl_context *ssl )
* 39 . 38+n session id * 39 . 38+n session id
* 39+n . 40+n chosen ciphersuite * 39+n . 40+n chosen ciphersuite
* 41+n . 41+n chosen compression alg. * 41+n . 41+n chosen compression alg.
* 42+n . 43+n extensions length
* 44+n . 43+n+m extensions
*/ */
ssl->session_negotiate->length = n = 32; ssl->session_negotiate->length = n = 32;
*p++ = (unsigned char) ssl->session_negotiate->length; *p++ = (unsigned char) ssl->session_negotiate->length;
@ -1064,34 +1095,17 @@ static int ssl_write_server_hello( ssl_context *ssl )
SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d",
ssl->session_negotiate->compression ) ); ssl->session_negotiate->compression ) );
if( ssl->secure_renegotiation == SSL_SECURE_RENEGOTIATION ) /*
{ * First write extensions, then the total length
SSL_DEBUG_MSG( 3, ( "server hello, prepping for secure renegotiation extension" ) ); */
ext_len += 5 + ssl->verify_data_len * 2; ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) );
ext_len ) );
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ext_len ) & 0xFF ); *p++ = (unsigned char)( ( ext_len ) & 0xFF );
p += ext_len;
/*
* Secure renegotiation
*/
SSL_DEBUG_MSG( 3, ( "client hello, secure renegotiation extension" ) );
*p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( TLS_EXT_RENEGOTIATION_INFO ) & 0xFF );
*p++ = 0x00;
*p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF;
*p++ = ssl->verify_data_len * 2 & 0xFF;
memcpy( p, ssl->peer_verify_data, ssl->verify_data_len );
p += ssl->verify_data_len;
memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
p += ssl->verify_data_len;
}
ssl->out_msglen = p - buf; ssl->out_msglen = p - buf;
ssl->out_msgtype = SSL_MSG_HANDSHAKE; ssl->out_msgtype = SSL_MSG_HANDSHAKE;