diff options
author | lloyd <[email protected]> | 2011-12-30 15:54:50 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2011-12-30 15:54:50 +0000 |
commit | eedc562549e726e040a1a76893ddb264d3b85e64 (patch) | |
tree | f5e5cce131eedd9cd882ee1a5a5d8a049126ac4d /src | |
parent | fc626d62f464a7dee5e62134781f5a6ccdfafc72 (diff) |
Server side handling of the secure renegotiation extension.
Diffstat (limited to 'src')
-rw-r--r-- | src/tls/hello.cpp | 17 | ||||
-rw-r--r-- | src/tls/tls_messages.h | 2 | ||||
-rw-r--r-- | src/tls/tls_server.cpp | 9 |
3 files changed, 26 insertions, 2 deletions
diff --git a/src/tls/hello.cpp b/src/tls/hello.cpp index 055f92018..c2593ba4c 100644 --- a/src/tls/hello.cpp +++ b/src/tls/hello.cpp @@ -160,6 +160,9 @@ void Client_Hello::deserialize_sslv2(const MemoryRegion<byte>& buf) c_random.resize(challenge_len); copy_mem(&c_random[0], &buf[9+cipher_spec_len+sess_id_len], challenge_len); + + // FIXME: might be a ciphersuite value + has_secure_renegotiation = false; } /* @@ -223,13 +226,16 @@ Server_Hello::Server_Hello(Record_Writer& writer, TLS_Handshake_Hash& hash, const TLS_Policy& policy, RandomNumberGenerator& rng, + const MemoryRegion<byte>& reneg_info, const std::vector<X509_Certificate>& certs, const Client_Hello& c_hello, const MemoryRegion<byte>& session_id, Version_Code ver) : s_version(ver), sess_id(session_id), - s_random(rng.random_vec(32)) + s_random(rng.random_vec(32)), + has_secure_renegotiation(false), + renegotiation_info_bits(reneg_info) { bool have_rsa = false, have_dsa = false; @@ -260,6 +266,7 @@ Server_Hello::Server_Hello(Record_Writer& writer, Server_Hello::Server_Hello(Record_Writer& writer, TLS_Handshake_Hash& hash, RandomNumberGenerator& rng, + const MemoryRegion<byte>& reneg_info, const MemoryRegion<byte>& session_id, u16bit ciphersuite, byte compression, @@ -268,7 +275,9 @@ Server_Hello::Server_Hello(Record_Writer& writer, sess_id(session_id), s_random(rng.random_vec(32)), suite(ciphersuite), - comp_method(compression) + comp_method(compression), + has_secure_renegotiation(false), + renegotiation_info_bits(reneg_info) { send(writer, hash); } @@ -291,6 +300,10 @@ MemoryVector<byte> Server_Hello::serialize() const buf.push_back(comp_method); + TLS_Extensions extensions; + + extensions.push_back(new Renegotation_Extension(renegotiation_info_bits)); + return buf; } diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h index 5ac655bec..3f02903fe 100644 --- a/src/tls/tls_messages.h +++ b/src/tls/tls_messages.h @@ -135,6 +135,7 @@ class Server_Hello : public HandshakeMessage TLS_Handshake_Hash& hash, const TLS_Policy& policies, RandomNumberGenerator& rng, + const MemoryRegion<byte>& reneg_info, const std::vector<X509_Certificate>& certs, const Client_Hello& other, const MemoryRegion<byte>& session_id, @@ -143,6 +144,7 @@ class Server_Hello : public HandshakeMessage Server_Hello(Record_Writer& writer, TLS_Handshake_Hash& hash, RandomNumberGenerator& rng, + const MemoryRegion<byte>& reneg_info, const MemoryRegion<byte>& session_id, u16bit ciphersuite, byte compression, diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 197ed4b2c..427e699af 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -171,6 +171,8 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, state->version = choose_version(state->client_hello->version(), policy.min_version()); + secure_renegotiation.update(state->client_hello); + writer.set_version(state->version); reader.set_version(state->version); @@ -186,6 +188,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, writer, state->hash, rng, + secure_renegotiation.for_server_hello(), session_info.session_id(), session_info.ciphersuite(), session_info.compression_method(), @@ -216,6 +219,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, state->hash, policy, rng, + secure_renegotiation.for_server_hello(), cert_chain, *(state->client_hello), rng.random_vec(32), @@ -263,6 +267,8 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, state->set_expected_next(CERTIFICATE); } + secure_renegotiation.update(state->server_hello); + /* * If the client doesn't have a cert they want to use they are * allowed to send either an empty cert message or proceed @@ -379,6 +385,9 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, session_manager.save(session_info); } + secure_renegotiation.update(state->client_finished, + state->server_finished); + delete state; state = 0; active = true; |