From f5b4d25cfaf39b1acdf49882ebbf6a85517392ea Mon Sep 17 00:00:00 2001 From: Xiaofei Bai Date: Fri, 28 Jan 2022 06:37:15 +0000 Subject: [PATCH] Add received_sig_algs member to struct mbedtls_ssl_handshake_params Signed-off-by: Xiaofei Bai --- library/ssl_misc.h | 6 +++++- library/ssl_tls13_generic.c | 29 ++++++++++++----------------- 2 files changed, 17 insertions(+), 18 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 093732e03..049195eb3 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -268,7 +268,7 @@ #define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#define MBEDTLS_SIG_ALGS_SIZE 20 +#define MBEDTLS_RECEIVED_SIG_ALGS_SIZE 20 #endif /* @@ -600,6 +600,10 @@ struct mbedtls_ssl_handshake_params mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */ #endif +#if defined(MBEDTLS_X509_CRT_PARSE_C) + uint16_t received_sig_algs[MBEDTLS_RECEIVED_SIG_ALGS_SIZE]; +#endif + #if !defined(MBEDTLS_DEPRECATED_REMOVED) const uint16_t *group_list; const uint16_t *sig_algs; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 2f4d04e10..86699d959 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -155,26 +155,25 @@ int mbedtls_ssl_tls13_parse_sig_alg_ext( mbedtls_ssl_context *ssl, const unsigned char *end ) { const unsigned char *p = buf; - size_t sig_algs_len = 0; - uint16_t *sig_algs; - const unsigned char *sig_algs_end; + size_t supported_sig_algs_len = 0; + const unsigned char *supported_sig_algs_end; uint16_t sig_alg; uint32_t common_idx = 0; /* iterate through received signature schemes list */ /* skip 2 bytes of signature algorithms length */ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); - sig_algs_len = MBEDTLS_GET_UINT16_BE( p, 0 ); + supported_sig_algs_len = MBEDTLS_GET_UINT16_BE( p, 0 ); p += 2; - sig_algs = mbedtls_calloc( MBEDTLS_SIG_ALGS_SIZE, sizeof( uint16_t ) ); - if( sig_algs == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + memset( ssl->handshake->received_sig_algs, 0, + sizeof( ssl->handshake->received_sig_algs) ); - MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, sig_algs_len ); - sig_algs_end = p + sig_algs_len; - while( p < sig_algs_end && common_idx + 1 < MBEDTLS_SIG_ALGS_SIZE ) + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, supported_sig_algs_len ); + supported_sig_algs_end = p + supported_sig_algs_len; + while( p < supported_sig_algs_end && + common_idx + 1 < MBEDTLS_RECEIVED_SIG_ALGS_SIZE ) { - MBEDTLS_SSL_CHK_BUF_READ_PTR( p, sig_algs_end, 2 ); + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, supported_sig_algs_end, 2 ); sig_alg = MBEDTLS_GET_UINT16_BE( p, 0 ); p += 2; @@ -184,7 +183,7 @@ int mbedtls_ssl_tls13_parse_sig_alg_ext( mbedtls_ssl_context *ssl, if( mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) && mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) ) { - sig_algs[common_idx] = sig_alg; + ssl->handshake->received_sig_algs[common_idx] = sig_alg; common_idx += 1; } } @@ -195,7 +194,6 @@ int mbedtls_ssl_tls13_parse_sig_alg_ext( mbedtls_ssl_context *ssl, ( "Signature algorithms extension length misaligned" ) ); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, MBEDTLS_ERR_SSL_DECODE_ERROR ); - mbedtls_free( sig_algs ); return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } @@ -204,13 +202,10 @@ int mbedtls_ssl_tls13_parse_sig_alg_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "no signature algorithm in common" ) ); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - mbedtls_free( sig_algs ); return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } - sig_algs[common_idx] = MBEDTLS_TLS1_3_SIG_NONE; - ssl->handshake->sig_algs = sig_algs; - ssl->handshake->sig_algs_heap_allocated = 1; + ssl->handshake->received_sig_algs[common_idx] = MBEDTLS_TLS1_3_SIG_NONE; return( 0 ); }