doxygen/a02204_source.html

 #ifndef _SSL_PARSE_RENEGOTIATION_INFO_H
 #define _SSL_PARSE_RENEGOTIATION_INFO_H

 static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
                                          const unsigned char *buf,
                                          size_t len )
 {
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
     if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
     {
         /* Check verify-data in constant-time. The length OTOH is no secret */
         if( len    != 1 + ssl->verify_data_len ||
             buf[0] !=     ssl->verify_data_len ||
             mbedtls_ssl_safer_memcmp( buf + 1, ssl->peer_verify_data,
                           ssl->verify_data_len ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
             mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
                                             MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
             return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
         }
     }
     else
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
     {
         if( len != 1 || buf[0] != 0x0 )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) );
             mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
                                             MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
             return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
         }

         ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
     }

     return( 0 );
 }

 #endif
mbedtls_ssl_send_alert_message
int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl, unsigned char level, unsigned char message)
Send an alert message.
Definition: ssl_tls.c:4113

buf
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:8418

len
GLenum GLsizei len
Definition: glext.h:7389

MBEDTLS_SSL_ALERT_LEVEL_FATAL
#define MBEDTLS_SSL_ALERT_LEVEL_FATAL
Definition: ssl.h:274

mbedtls_ssl_context::secure_renegotiation
int secure_renegotiation
Definition: ssl.h:902

MBEDTLS_SSL_DEBUG_MSG
#define MBEDTLS_SSL_DEBUG_MSG(level, args)
Definition: debug.h:42

MBEDTLS_SSL_SECURE_RENEGOTIATION
#define MBEDTLS_SSL_SECURE_RENEGOTIATION
Definition: ssl.h:157

mbedtls_ssl_context::peer_verify_data
char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]
Definition: ssl.h:907

mbedtls_ssl_context
Definition: ssl.h:763

mbedtls_ssl_context::verify_data_len
size_t verify_data_len
Definition: ssl.h:905

MBEDTLS_SSL_INITIAL_HANDSHAKE
#define MBEDTLS_SSL_INITIAL_HANDSHAKE
Definition: ssl_internal.h:91

MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO
#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO
Definition: ssl.h:78

MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE
#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE
Definition: ssl.h:282

mbedtls_ssl_safer_memcmp
static int mbedtls_ssl_safer_memcmp(const void *a, const void *b, size_t n)
Definition: ssl_internal.h:600

mbedtls_ssl_context::renego_status
int renego_status
Definition: ssl.h:772

ssl_parse_renegotiation_info
static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len)
Definition: ssl_parse_renegotiation_info.h:4