X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=src%2Fssl%2Fssl_engine.c;h=be78c5dd7fd863037c286bfc49cbb0109f5e50b6;hp=c66abcbf818bbc4e71bb63a49f1bbf7d06660869;hb=44c79c1add4cd4a217b1dd77c8421c1d3a08dcef;hpb=60126cafc85572a53d38752b8830e91c7ab18f88

diff --git a/src/ssl/ssl_engine.c b/src/ssl/ssl_engine.c
index c66abcb..be78c5d 100644
--- a/src/ssl/ssl_engine.c
+++ b/src/ssl/ssl_engine.c
@@ -1091,6 +1091,9 @@ jump_handshake(br_ssl_engine_context *cc, int action)
 		cc->hlen_out = hlen_out;
 		cc->action = action;
 		cc->hsrun(&cc->cpu);
+		if (br_ssl_engine_closed(cc)) {
+			return;
+		}
 		if (cc->hbuf_out != cc->saved_hbuf_out) {
 			sendpld_ack(cc, cc->hbuf_out - cc->saved_hbuf_out);
 		}
@@ -1239,7 +1242,9 @@ br_ssl_engine_close(br_ssl_engine_context *cc)
 int
 br_ssl_engine_renegotiate(br_ssl_engine_context *cc)
 {
-	if (br_ssl_engine_closed(cc) || cc->reneg == 1) {
+	if (br_ssl_engine_closed(cc) || cc->reneg == 1
+		|| (cc->flags & BR_OPT_NO_RENEGOTIATION) != 0)
+	{
 		return 0;
 	}
 	jump_handshake(cc, 2);
@@ -1472,3 +1477,44 @@ br_ssl_engine_switch_gcm_out(br_ssl_engine_context *cc,
 	cc->igcm_out->init(&cc->out.gcm.vtable.out,
 		bc_impl, cipher_key, cipher_key_len, cc->ighash, iv);
 }
+
+/* see inner.h */
+void
+br_ssl_engine_switch_chapol_in(br_ssl_engine_context *cc,
+	int is_client, int prf_id)
+{
+	unsigned char kb[88];
+	unsigned char *cipher_key, *iv;
+
+	compute_key_block(cc, prf_id, 44, kb);
+	if (is_client) {
+		cipher_key = &kb[32];
+		iv = &kb[76];
+	} else {
+		cipher_key = &kb[0];
+		iv = &kb[64];
+	}
+	cc->ichapol_in->init(&cc->in.chapol.vtable.in,
+		cc->ichacha, cc->ipoly, cipher_key, iv);
+	cc->incrypt = 1;
+}
+
+/* see inner.h */
+void
+br_ssl_engine_switch_chapol_out(br_ssl_engine_context *cc,
+	int is_client, int prf_id)
+{
+	unsigned char kb[88];
+	unsigned char *cipher_key, *iv;
+
+	compute_key_block(cc, prf_id, 44, kb);
+	if (is_client) {
+		cipher_key = &kb[0];
+		iv = &kb[64];
+	} else {
+		cipher_key = &kb[32];
+		iv = &kb[76];
+	}
+	cc->ichapol_out->init(&cc->out.chapol.vtable.out,
+		cc->ichacha, cc->ipoly, cipher_key, iv);
+}