RetroArch
ssl_parse_renegotiation_info.h
Go to the documentation of this file.
1 #ifndef _SSL_PARSE_RENEGOTIATION_INFO_H
2 #define _SSL_PARSE_RENEGOTIATION_INFO_H
3 
4 static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
5  const unsigned char *buf,
6  size_t len )
7 {
8 #if defined(MBEDTLS_SSL_RENEGOTIATION)
9  if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
10  {
11  /* Check verify-data in constant-time. The length OTOH is no secret */
12  if( len != 1 + ssl->verify_data_len ||
13  buf[0] != ssl->verify_data_len ||
14  mbedtls_ssl_safer_memcmp( buf + 1, ssl->peer_verify_data,
15  ssl->verify_data_len ) != 0 )
16  {
17  MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
18  mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
19  MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
20  return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
21  }
22  }
23  else
24 #endif /* MBEDTLS_SSL_RENEGOTIATION */
25  {
26  if( len != 1 || buf[0] != 0x0 )
27  {
28  MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) );
29  mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
30  MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
31  return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
32  }
33 
34  ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
35  }
36 
37  return( 0 );
38 }
39 
40 #endif
mbedtls_ssl_send_alert_message
int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl, unsigned char level, unsigned char message)
Send an alert message.
Definition: ssl_tls.c:4113
buf
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:8418
len
GLenum GLsizei len
Definition: glext.h:7389
MBEDTLS_SSL_ALERT_LEVEL_FATAL
#define MBEDTLS_SSL_ALERT_LEVEL_FATAL
Definition: ssl.h:274
mbedtls_ssl_context::secure_renegotiation
int secure_renegotiation
Definition: ssl.h:902
MBEDTLS_SSL_DEBUG_MSG
#define MBEDTLS_SSL_DEBUG_MSG(level, args)
Definition: debug.h:42
MBEDTLS_SSL_SECURE_RENEGOTIATION
#define MBEDTLS_SSL_SECURE_RENEGOTIATION
Definition: ssl.h:157
mbedtls_ssl_context::peer_verify_data
char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]
Definition: ssl.h:907
mbedtls_ssl_context
Definition: ssl.h:763
mbedtls_ssl_context::verify_data_len
size_t verify_data_len
Definition: ssl.h:905
MBEDTLS_SSL_INITIAL_HANDSHAKE
#define MBEDTLS_SSL_INITIAL_HANDSHAKE
Definition: ssl_internal.h:91
MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO
#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO
Definition: ssl.h:78
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE
#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE
Definition: ssl.h:282
mbedtls_ssl_safer_memcmp
static int mbedtls_ssl_safer_memcmp(const void *a, const void *b, size_t n)
Definition: ssl_internal.h:600
mbedtls_ssl_context::renego_status
int renego_status
Definition: ssl.h:772
ssl_parse_renegotiation_info
static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len)
Definition: ssl_parse_renegotiation_info.h:4
Generated by   doxygen 1.8.15