Add parameter to ssl_read_record() controlling checksum update
Previously, mbedtls_ssl_read_record() always updated the handshake checksum in case a handshake record was received. While desirable most of the time, for the CertificateVerify message the checksum update must only happen after the message has been fully processed, because the validation requires the handshake digest up to but excluding the CertificateVerify itself. As a remedy, the bulk of mbedtls_ssl_read_record() was previously duplicated within ssl_parse_certificate_verify(), hardening maintenance in case mbedtls_ssl_read_record() is subject to changes. This commit adds a boolean parameter to mbedtls_ssl_read_record() indicating whether the checksum should be updated in case of a handshake message or not. This allows using it also for ssl_parse_certificate_verify(), manually updating the checksum after the message has been processed.
This commit is contained in:
Hanno Becker
parent
e1dcb03557
commit
327c93b182
4 changed files with 18 additions and 31 deletions
library
|
|
@ -4283,7 +4283,8 @@ static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
|
|||
* RFC 6347 4.1.2.7) and continue reading until a valid record is found.
|
||||
*
|
||||
*/
|
||||
int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl )
|
||||
int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
|
||||
unsigned update_digest )
|
||||
{
|
||||
int ret;
|
||||
|
||||
|
|
@ -4313,7 +4314,8 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl )
|
|||
return( ret );
|
||||
}
|
||||
|
||||
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
|
||||
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||
update_digest == 1 )
|
||||
{
|
||||
mbedtls_ssl_update_handshake_status( ssl );
|
||||
}
|
||||
|
|
@ -4900,7 +4902,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
#endif
|
||||
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
|
||||
{
|
||||
/* mbedtls_ssl_read_record may have sent an alert already. We
|
||||
let it decide whether to alert. */
|
||||
|
|
@ -5275,7 +5277,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
|
|||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) );
|
||||
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
|
||||
return( ret );
|
||||
|
|
@ -5904,7 +5906,7 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
|
|||
|
||||
ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 );
|
||||
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
|
||||
return( ret );
|
||||
|
|
@ -7653,7 +7655,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||
ssl_set_timer( ssl, ssl->conf->read_timeout );
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
|
||||
{
|
||||
if( ret == MBEDTLS_ERR_SSL_CONN_EOF )
|
||||
return( 0 );
|
||||
|
|
@ -7668,7 +7670,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||
/*
|
||||
* OpenSSL sends empty messages to randomize the IV
|
||||
*/
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
|
||||
{
|
||||
if( ret == MBEDTLS_ERR_SSL_CONN_EOF )
|
||||
return( 0 );
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue