commit d0f6fa7bdc1a2c6539165ed044b9c85a109afaf1
author Paul Bakker <p.j.bakker@polarssl.org> Mon Sep 17 09:18:12 2012 +0000
committer Paul Bakker <p.j.bakker@polarssl.org> Mon Sep 17 09:18:12 2012 +0000
tree 6160065a461003563222caf03369263b79e2e35e
parent 17a97909188bb529acf7fa2db2d582e7b489b89e

 - Sending of handshake_failures during renegotiation added
 - Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 9b82110..3d5008b 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -328,12 +328,17 @@
                                          unsigned char *buf,
                                          size_t len )
 {
+    int ret;
+
     if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
     {
         if( len != 1 || buf[0] != 0x0 )
         {
             SSL_DEBUG_MSG( 1, ( "non-zero length renegotiated connection field" ) );
-            /* TODO: Send handshake failure alert */
+
+            if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+                return( ret );
+
             return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
         }
 
@@ -348,7 +353,10 @@
                     ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
         {
             SSL_DEBUG_MSG( 1, ( "non-matching renegotiated connection field" ) );
-            /* TODO: Send handshake failure alert */
+
+            if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+                return( ret );
+
             return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
         }
     }
@@ -366,6 +374,7 @@
     size_t ext_len = 0;
     unsigned char *buf, *ext;
     int renegotiation_info_seen = 0;
+    int handshake_failure = 0;
 
     SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) );
 
@@ -563,18 +572,39 @@
     /*
      * Renegotiation security checks
      */
-    if( ssl->renegotiation == SSL_RENEGOTIATION &&
-        ssl->secure_renegotiation == SSL_SECURE_RENEGOTIATION &&
-        renegotiation_info_seen == 0 )
+    if( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
+        ssl->allow_legacy_renegotiation == SSL_LEGACY_BREAK_HANDSHAKE )
     {
-        SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing" ) );
-        return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+        SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
+        handshake_failure = 1;
+    } 
+    else if( ssl->renegotiation == SSL_RENEGOTIATION &&
+             ssl->secure_renegotiation == SSL_SECURE_RENEGOTIATION &&
+             renegotiation_info_seen == 0 )
+    {
+        SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) );
+        handshake_failure = 1;
     }
-
-    if( !ssl->allow_legacy_renegotiation &&
-        ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION )
+    else if( ssl->renegotiation == SSL_RENEGOTIATION &&
+             ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
+             ssl->allow_legacy_renegotiation == SSL_LEGACY_NO_RENEGOTIATION )
     {
         SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
+        handshake_failure = 1;
+    }
+    else if( ssl->renegotiation == SSL_RENEGOTIATION &&
+             ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
+             renegotiation_info_seen == 1 )
+    {
+        SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) );
+        handshake_failure = 1;
+    }
+
+    if( handshake_failure == 1 )
+    {
+        if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+            return( ret );
+
         return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
     }