Some more renaming to avoid shadowing.

[BearSSL] / src / ssl / ssl_hs_client.t0

diff --git a/src/ssl/ssl_hs_client.t0 b/src/ssl/ssl_hs_client.t0
index 89da775..911fdfc 100644 (file)
--- a/src/ssl/ssl_hs_client.t0
+++ b/src/ssl/ssl_hs_client.t0
@@ -115,32 +115,12 @@ make_pms_rsa(br_ssl_client_context *ctx, int prf_id)
 /*
  * OID for hash functions in RSA signatures.
  */
 /*
  * OID for hash functions in RSA signatures.
  */

-static const unsigned char HASH_OID_SHA1[] = {
-       0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
-};
-
-static const unsigned char HASH_OID_SHA224[] = {
-       0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
-};
-
-static const unsigned char HASH_OID_SHA256[] = {
-       0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
-};
-
-static const unsigned char HASH_OID_SHA384[] = {
-       0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
-};
-
-static const unsigned char HASH_OID_SHA512[] = {
-       0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
-};
-

 static const unsigned char *HASH_OID[] = {
 static const unsigned char *HASH_OID[] = {

-       HASH_OID_SHA1,
-       HASH_OID_SHA224,
-       HASH_OID_SHA256,
-       HASH_OID_SHA384,
-       HASH_OID_SHA512
+       BR_HASH_OID_SHA1,
+       BR_HASH_OID_SHA224,
+       BR_HASH_OID_SHA256,
+       BR_HASH_OID_SHA384,
+       BR_HASH_OID_SHA512

 };
 
 /*
 };
 
 /*


@@ -825,6 +805,13 @@ cc: DEBUG-BLOB ( addr len -- ) {
                        1 addr-reneg set8
                then
                close-elt
                        1 addr-reneg set8
                then
                close-elt

+       else
+               \ No extension received at all, so the server does not
+               \ support secure renegotiation. This is a hard failure
+               \ if the server was previously known to support it (i.e.
+               \ this is a renegotiation).
+               ext-reneg-length 5 > if ERR_BAD_SECRENEG fail then
+               1 addr-reneg set8

        then
        close-elt
        resume
        then
        close-elt
        resume


@@ -1277,6 +1264,12 @@ cc: do-client-sign ( -- sig_len ) {
                                                wait-co drop
                                        repeat
                                        100 send-warning
                                                wait-co drop
                                        repeat
                                        100 send-warning

+                                       \ We rejected the renegotiation,
+                                       \ but the connection is not dead.
+                                       \ We must set back things into
+                                       \ working "application data" state.
+                                       1 addr-application_data set8
+                                       23 addr-record_type_out set8

                                else
                                        do-handshake
                                then
                                else
                                        do-handshake
                                then