yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 09:15:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Adapt client-side signature verification to use raw public key

Browse Source 
We must dispatch between the peer's public key stored as part of
the peer's CRT in the current session structure (situation until
now, and future behaviour if MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is
enabled), and the sole public key stored in the handshake structure
(new, if MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is disabled).
This commit is contained in:
Hanno Becker 2019-02-06 18:26:03 +00:00
parent 53b6b7e09b
commit 69fad13853
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
library/ssl_cli.c
View File

@ -2655,6 +2655,8 @@ start_processing:
size_t params_len = p - params;
void *rs_ctx = NULL;
mbedtls_pk_context * peer_pk;
/*
* Handle the digitally-signed structure
*/
@ -2757,16 +2759,21 @@ start_processing:
MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
peer_pk = &ssl->handshake->peer_pubkey;
#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
if( ssl->session_negotiate->peer_cert == NULL )
{
/* Should never happen */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
peer_pk = &ssl->session_negotiate->peer_cert->pk;
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/*
* Verify signature
*/
if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) )
if( !mbedtls_pk_can_do( peer_pk, pk_alg ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
@ -2779,8 +2786,7 @@ start_processing:
rs_ctx = &ssl->handshake->ecrs_ctx.pk;
#endif
if( ( ret = mbedtls_pk_verify_restartable(
&ssl->session_negotiate->peer_cert->pk,
if( ( ret = mbedtls_pk_verify_restartable( peer_pk,
md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 )
{
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)