commit 214eed38c740614c0842bd90e97accca4a600b90
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Oct 30 13:06:54 2013 +0100
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Oct 30 16:48:09 2013 +0100
tree d4ac7943b22b63f712958e5ec4b4c013d1277a6e
parent caed0541a0646684745b19d1f4e6d4e7e2cd59d2

Make ssl_renegotiate the only interface

ssl_write_hello_request() is no private

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 66ba58a..7d81fc9 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -335,30 +335,6 @@
 }
 #endif /* POLARSSL_SSL_SESSION_TICKETS */
 
-/*
- * Write HelloRequest to request renegotiation
- */
-int ssl_write_hello_request( ssl_context *ssl )
-{
-    int ret;
-
-    SSL_DEBUG_MSG( 2, ( "=> write hello request" ) );
-
-    ssl->out_msglen  = 4;
-    ssl->out_msgtype = SSL_MSG_HANDSHAKE;
-    ssl->out_msg[0]  = SSL_HS_HELLO_REQUEST;
-
-    if( ( ret = ssl_write_record( ssl ) ) != 0 )
-    {
-        SSL_DEBUG_RET( 1, "ssl_write_record", ret );
-        return( ret );
-    }
-
-    SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
-
-    return( 0 );
-}
-
 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
 /*
  * Wrapper around f_sni, allowing use of ssl_set_own_cert() but

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f6f3e10..00372f9 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3972,9 +3972,37 @@
 }
 
 /*
- * Renegotiate current connection
+ * Write HelloRequest to request renegotiation on server
  */
-int ssl_renegotiate( ssl_context *ssl )
+static int ssl_write_hello_request( ssl_context *ssl )
+{
+    int ret;
+
+    SSL_DEBUG_MSG( 2, ( "=> write hello request" ) );
+
+    ssl->out_msglen  = 4;
+    ssl->out_msgtype = SSL_MSG_HANDSHAKE;
+    ssl->out_msg[0]  = SSL_HS_HELLO_REQUEST;
+
+    if( ( ret = ssl_write_record( ssl ) ) != 0 )
+    {
+        SSL_DEBUG_RET( 1, "ssl_write_record", ret );
+        return( ret );
+    }
+
+    SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
+
+    return( 0 );
+}
+
+/*
+ * Actually renegotiate current connection, triggered by either:
+ * - calling ssl_renegotiate() on client,
+ * - receiving a HelloRequestion on client during ssl_read(),
+ * - receiving any handshake message on server during ssl_read() after the
+ *   initial handshake is completed
+ */
+static int ssl_do_renegotiate( ssl_context *ssl )
 {
     int ret;
 
@@ -4007,6 +4035,18 @@
 }
 
 /*
+ * Renegotiate current connection on client,
+ * or request renegotiation on server
+ */
+int ssl_renegotiate( ssl_context *ssl )
+{
+    if( ssl->endpoint == SSL_IS_CLIENT )
+        return( ssl_do_renegotiate( ssl ) );
+    else
+        return( ssl_write_hello_request( ssl ) );
+}
+
+/*
  * Receive application data decrypted from the SSL layer
  */
 int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
@@ -4101,9 +4141,9 @@
             }
             else
             {
-                if( ( ret = ssl_renegotiate( ssl ) ) != 0 )
+                if( ( ret = ssl_do_renegotiate( ssl ) ) != 0 )
                 {
-                    SSL_DEBUG_RET( 1, "ssl_renegotiate", ret );
+                    SSL_DEBUG_RET( 1, "ssl_do_renegotiate", ret );
                     return( ret );
                 }