mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 12:24:16 +01:00
No memmove: certificate_request + server_hello_done
This commit is contained in:
parent
f4830b5092
commit
04c1b4ece1
@ -1791,7 +1791,6 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
|
|||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
||||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK )
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK )
|
||||||
{
|
{
|
||||||
ssl_hs_rm_dtls_hdr( ssl );
|
|
||||||
ssl->record_read = 1;
|
ssl->record_read = 1;
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
@ -2082,18 +2081,6 @@ static int ssl_parse_certificate_request( ssl_context *ssl )
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
* 0 . 0 handshake type
|
|
||||||
* 1 . 3 handshake length
|
|
||||||
* 4 . 4 cert type count
|
|
||||||
* 5 .. m-1 cert types
|
|
||||||
* m .. m+1 sig alg length (TLS 1.2 only)
|
|
||||||
* m+1 .. n-1 SignatureAndHashAlgorithms (TLS 1.2 only)
|
|
||||||
* n .. n+1 length of all DNs
|
|
||||||
* n+2 .. n+3 length of DN 1
|
|
||||||
* n+4 .. ... Distinguished Name #1
|
|
||||||
* ... .. ... length of DN 2, etc.
|
|
||||||
*/
|
|
||||||
if( ssl->record_read == 0 )
|
if( ssl->record_read == 0 )
|
||||||
{
|
{
|
||||||
if( ( ret = ssl_read_record( ssl ) ) != 0 )
|
if( ( ret = ssl_read_record( ssl ) ) != 0 )
|
||||||
@ -2102,8 +2089,6 @@ static int ssl_parse_certificate_request( ssl_context *ssl )
|
|||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_hs_rm_dtls_hdr( ssl );
|
|
||||||
|
|
||||||
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
|
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
|
SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
|
||||||
@ -2130,20 +2115,28 @@ static int ssl_parse_certificate_request( ssl_context *ssl )
|
|||||||
// TODO: handshake_failure alert for an anonymous server to request
|
// TODO: handshake_failure alert for an anonymous server to request
|
||||||
// client authentication
|
// client authentication
|
||||||
|
|
||||||
|
/*
|
||||||
|
* struct {
|
||||||
|
* ClientCertificateType certificate_types<1..2^8-1>;
|
||||||
|
* SignatureAndHashAlgorithm
|
||||||
|
* supported_signature_algorithms<2^16-1>; -- TLS 1.2 only
|
||||||
|
* DistinguishedName certificate_authorities<0..2^16-1>;
|
||||||
|
* } CertificateRequest;
|
||||||
|
*/
|
||||||
buf = ssl->in_msg;
|
buf = ssl->in_msg;
|
||||||
|
|
||||||
// Retrieve cert types
|
// Retrieve cert types
|
||||||
//
|
//
|
||||||
cert_type_len = buf[4];
|
cert_type_len = buf[ssl_hs_hdr_len( ssl )];
|
||||||
n = cert_type_len;
|
n = cert_type_len;
|
||||||
|
|
||||||
if( ssl->in_hslen < 6 + n )
|
if( ssl->in_hslen < ssl_hs_hdr_len( ssl ) + 2 + n )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
|
SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
|
||||||
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
|
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
|
||||||
}
|
}
|
||||||
|
|
||||||
p = buf + 5;
|
p = buf + ssl_hs_hdr_len( ssl ) + 1;
|
||||||
while( cert_type_len > 0 )
|
while( cert_type_len > 0 )
|
||||||
{
|
{
|
||||||
#if defined(POLARSSL_RSA_C)
|
#if defined(POLARSSL_RSA_C)
|
||||||
@ -2177,14 +2170,14 @@ static int ssl_parse_certificate_request( ssl_context *ssl )
|
|||||||
{
|
{
|
||||||
/* Ignored, see comments about hash in write_certificate_verify */
|
/* Ignored, see comments about hash in write_certificate_verify */
|
||||||
// TODO: should check the signature part against our pk_key though
|
// TODO: should check the signature part against our pk_key though
|
||||||
size_t sig_alg_len = ( ( buf[5 + n] << 8 )
|
size_t sig_alg_len = ( ( buf[ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
|
||||||
| ( buf[6 + n] ) );
|
| ( buf[ssl_hs_hdr_len( ssl ) + 2 + n] ) );
|
||||||
|
|
||||||
p = buf + 7 + n;
|
p = buf + ssl_hs_hdr_len( ssl ) + 3 + n;
|
||||||
m += 2;
|
m += 2;
|
||||||
n += sig_alg_len;
|
n += sig_alg_len;
|
||||||
|
|
||||||
if( ssl->in_hslen < 6 + n )
|
if( ssl->in_hslen < ssl_hs_hdr_len( ssl ) + 2 + n )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
|
SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
|
||||||
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
|
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
|
||||||
@ -2194,11 +2187,11 @@ static int ssl_parse_certificate_request( ssl_context *ssl )
|
|||||||
|
|
||||||
/* Ignore certificate_authorities, we only have one cert anyway */
|
/* Ignore certificate_authorities, we only have one cert anyway */
|
||||||
// TODO: should not send cert if no CA matches
|
// TODO: should not send cert if no CA matches
|
||||||
dn_len = ( ( buf[5 + m + n] << 8 )
|
dn_len = ( ( buf[ssl_hs_hdr_len( ssl ) + 1 + m + n] << 8 )
|
||||||
| ( buf[6 + m + n] ) );
|
| ( buf[ssl_hs_hdr_len( ssl ) + 2 + m + n] ) );
|
||||||
|
|
||||||
n += dn_len;
|
n += dn_len;
|
||||||
if( ssl->in_hslen != 7 + m + n )
|
if( ssl->in_hslen != ssl_hs_hdr_len( ssl ) + 3 + m + n )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
|
SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
|
||||||
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
|
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
|
||||||
@ -2228,8 +2221,6 @@ static int ssl_parse_server_hello_done( ssl_context *ssl )
|
|||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_hs_rm_dtls_hdr( ssl );
|
|
||||||
|
|
||||||
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
|
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) );
|
SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) );
|
||||||
@ -2238,7 +2229,7 @@ static int ssl_parse_server_hello_done( ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
ssl->record_read = 0;
|
ssl->record_read = 0;
|
||||||
|
|
||||||
if( ssl->in_hslen != 4 ||
|
if( ssl->in_hslen != ssl_hs_hdr_len( ssl ) ||
|
||||||
ssl->in_msg[0] != SSL_HS_SERVER_HELLO_DONE )
|
ssl->in_msg[0] != SSL_HS_SERVER_HELLO_DONE )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) );
|
SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) );
|
||||||
|
Loading…
Reference in New Issue
Block a user