eden-emu/mbedtls
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow compile-time configuration of legacy renegotiation

Browse source 
Introduces MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION
allowing to configure enforcing secure renegotiation at
compile-time.

Impact on code-size:

|  | GCC | ARMC5 | ARMC6 |
| --- | --- | --- | --- |
| `libmbedtls.a` after  | 23379 | 23929 | 27727 |
| `libmbedtls.a` before | 23307 | 23865 | 27615 |
| gain in Bytes | 72 | 64 | 112 |
This commit is contained in:
Hanno Becker 2019-06-12 16:58:10 +01:00
parent acd4fc0ac9
commit b0b2b67568
11 changed files with 89 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

6
library/ssl_cli.c
View file

@ -2059,7 +2059,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
* Renegotiation security checks
*/
if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
mbedtls_ssl_conf_get_allow_legacy_renegotiation( ssl->conf ) ==
MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
handshake_failure = 1;
@ -2074,7 +2075,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
}
else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
mbedtls_ssl_conf_get_allow_legacy_renegotiation( ssl->conf ) ==
MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
handshake_failure = 1;