update based on comments
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
This commit is contained in:
parent
6d42bb430c
commit
51f515a503
4 changed files with 22 additions and 38 deletions
|
@ -267,9 +267,7 @@
|
|||
/* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */
|
||||
#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#define MBEDTLS_RECEIVED_SIG_ALGS_SIZE 20
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Check that we obey the standard's message size bounds
|
||||
|
@ -600,7 +598,8 @@ struct mbedtls_ssl_handshake_params
|
|||
mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
uint16_t received_sig_algs[MBEDTLS_RECEIVED_SIG_ALGS_SIZE];
|
||||
#endif
|
||||
|
||||
|
@ -1700,11 +1699,6 @@ int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
|
|||
unsigned char **buf,
|
||||
size_t *buf_len );
|
||||
|
||||
/*
|
||||
* Handler of TLS 1.3 server certificate request message
|
||||
*/
|
||||
int mbedtls_ssl_tls13_process_certificate_request( mbedtls_ssl_context *ssl );
|
||||
|
||||
/*
|
||||
* Handler of TLS 1.3 server certificate message
|
||||
*/
|
||||
|
|
|
@ -5579,14 +5579,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
|||
mbedtls_free( (void*) handshake->sig_algs );
|
||||
handshake->sig_algs = NULL;
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( ssl->handshake->certificate_request_context )
|
||||
{
|
||||
mbedtls_free( (void*) handshake->certificate_request_context );
|
||||
}
|
||||
handshake->certificate_request_context = NULL;
|
||||
handshake->certificate_request_context_len = 0;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
|
|
|
@ -1523,11 +1523,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
|
|||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||
( "Duplicate signature algorithms extensions found" ) );
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT(
|
||||
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
|
||||
MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||
mbedtls_ssl_handshake_free( ssl );
|
||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||
goto error;
|
||||
}
|
||||
break;
|
||||
|
||||
|
@ -1544,11 +1540,8 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
|
|||
if( p != end )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||
( "Signature algorithms extension length misaligned" ) );
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
|
||||
MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||
mbedtls_ssl_handshake_free( ssl );
|
||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||
( "CertificateRequset misaligned" ) );
|
||||
goto error;
|
||||
}
|
||||
/* Check that we found signature algorithms extension */
|
||||
if( ! sig_alg_ext_found )
|
||||
|
@ -1556,16 +1549,17 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||
( "no signature algorithms extension found" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||
( "Signature algorithms extension length misaligned" ) );
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
|
||||
MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||
mbedtls_ssl_handshake_free( ssl );
|
||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||
|
||||
( "ssl_tls13_parse_certificate_request" ) );
|
||||
goto error;
|
||||
}
|
||||
|
||||
ssl->client_auth = 1;
|
||||
return( 0 );
|
||||
|
||||
error:
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
|
||||
MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1602,7 +1596,8 @@ static int ssl_tls13_process_certificate_request( mbedtls_ssl_context *ssl )
|
|||
else
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "got %s certificate request",
|
||||
|
|
|
@ -166,12 +166,11 @@ int mbedtls_ssl_tls13_parse_sig_alg_ext( mbedtls_ssl_context *ssl,
|
|||
p += 2;
|
||||
|
||||
memset( ssl->handshake->received_sig_algs, 0,
|
||||
sizeof( ssl->handshake->received_sig_algs) );
|
||||
sizeof(ssl->handshake->received_sig_algs) );
|
||||
|
||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, supported_sig_algs_len );
|
||||
supported_sig_algs_end = p + supported_sig_algs_len;
|
||||
while( p < supported_sig_algs_end &&
|
||||
common_idx + 1 < MBEDTLS_RECEIVED_SIG_ALGS_SIZE )
|
||||
while( p < supported_sig_algs_end )
|
||||
{
|
||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, supported_sig_algs_end, 2 );
|
||||
sig_alg = MBEDTLS_GET_UINT16_BE( p, 0 );
|
||||
|
@ -180,8 +179,11 @@ int mbedtls_ssl_tls13_parse_sig_alg_ext( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "received signature algorithm: 0x%x",
|
||||
sig_alg ) );
|
||||
|
||||
if( mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) &&
|
||||
mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) )
|
||||
if( ! mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) ||
|
||||
! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) )
|
||||
continue;
|
||||
|
||||
if( common_idx + 1 < MBEDTLS_RECEIVED_SIG_ALGS_SIZE )
|
||||
{
|
||||
ssl->handshake->received_sig_algs[common_idx] = sig_alg;
|
||||
common_idx += 1;
|
||||
|
|
Loading…
Reference in a new issue