projects
/
BearSSL
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Made Base64 decoding constant-time (with regards to actual data byte contents).
[BearSSL]
/
src
/
ssl
/
ssl_hs_server.t0
diff --git
a/src/ssl/ssl_hs_server.t0
b/src/ssl/ssl_hs_server.t0
index
cb0579c
..
9f6e934
100644
(file)
--- a/
src/ssl/ssl_hs_server.t0
+++ b/
src/ssl/ssl_hs_server.t0
@@
-31,7
+31,7
@@
preamble {
* specific name. It must be noted that since the engine context is the
* first field of the br_ssl_server_context structure ('eng'), then
* pointers values of both types are interchangeable, modulo an
* specific name. It must be noted that since the engine context is the
* first field of the br_ssl_server_context structure ('eng'), then
* pointers values of both types are interchangeable, modulo an
- * appropriate cast. This also means that "adresses" computed as offsets
+ * appropriate cast. This also means that "ad
d
resses" computed as offsets
* within the structure work for both kinds of context.
*/
#define CTX ((br_ssl_server_context *)ENG)
* within the structure work for both kinds of context.
*/
#define CTX ((br_ssl_server_context *)ENG)
@@
-611,6
+611,13
@@
cc: save-session ( -- ) {
}
}
}
}
+\ Read and drop ClientHello. This is used when a client-triggered
+\ renegotiation attempt is rejected.
+: skip-ClientHello ( -- )
+ read-handshake-header-core
+ 1 = ifnot ERR_UNEXPECTED fail then
+ dup skip-blob drop ;
+
\ Read ClientHello. If the session is resumed, then -1 is returned.
: read-ClientHello ( -- resume )
\ Get header, and check message type.
\ Read ClientHello. If the session is resumed, then -1 is returned.
: read-ClientHello ( -- resume )
\ Get header, and check message type.
@@
-814,6
+821,11
@@
cc: save-session ( -- ) {
\ we should mark the client as "supporting secure renegotiation".
reneg-scsv if 2 addr-reneg set8 then
\ we should mark the client as "supporting secure renegotiation".
reneg-scsv if 2 addr-reneg set8 then
+ \ If, at that point, the 'reneg' value is still 0, then the client
+ \ did not send the extension or the SCSV, so we have to assume
+ \ that secure renegotiation is not supported by that client.
+ addr-reneg get8 ifnot 1 addr-reneg set8 then
+
\ Check compression.
ok-compression ifnot 40 fail-alert then
\ Check compression.
ok-compression ifnot 40 fail-alert then
@@
-852,7
+864,7
@@
cc: save-session ( -- ) {
\ suites are filtered out. In particular:
\ -- ECDHE suites are removed if there is no common hash function
\ (for the relevant signature algorithm) or no common curve.
\ suites are filtered out. In particular:
\ -- ECDHE suites are removed if there is no common hash function
\ (for the relevant signature algorithm) or no common curve.
- \ -- TLS-1.2-only suites are removed if the nego
c
iated version is
+ \ -- TLS-1.2-only suites are removed if the nego
t
iated version is
\ TLS-1.1 or lower.
addr-client_suites dup >css-off
begin dup css-max < while
\ TLS-1.1 or lower.
addr-client_suites dup >css-off
begin dup css-max < while
@@
-1468,6
+1480,7
@@
cc: verify-CV-sig ( sig-len -- err ) {
\ The best we can do is ask for a
\ renegotiation, then wait for it
\ to happen.
\ The best we can do is ask for a
\ renegotiation, then wait for it
\ to happen.
+ 0 addr-application_data set8
send-HelloRequest
then
endof
send-HelloRequest
then
endof
@@
-1477,11
+1490,16
@@
cc: verify-CV-sig ( sig-len -- err ) {
\ "no renegotiation" flag is set.
drop
addr-reneg get8 1 = 1 flag? or if
\ "no renegotiation" flag is set.
drop
addr-reneg get8 1 = 1 flag? or if
+ skip-ClientHello
flush-record
begin can-output? not while
wait-co drop
repeat
100 send-warning
flush-record
begin can-output? not while
wait-co drop
repeat
100 send-warning
+ \ Put back connection in "application
+ \ data" state: it's not dead yet.
+ 1 addr-application_data set8
+ 23 addr-record_type_out set8
else
0 do-handshake
then
else
0 do-handshake
then