eden-emu/mbedtls
20
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Check return codes from MD in ssl code

Browse source
This commit is contained in:
Andres Amaya Garcia 2017-07-20 16:17:51 +01:00
parent 8798a10ff0
commit 46f5a3e9b4
4 changed files with 177 additions and 156 deletions
Download patch file Download diff file Expand all files Collapse all files

87
library/ssl_srv.c
View file

@ -3096,57 +3096,12 @@ curve_matching_done:
defined(MBEDTLS_SSL_PROTO_TLS1_1)
if( md_alg == MBEDTLS_MD_NONE )
{
mbedtls_md5_context mbedtls_md5;
mbedtls_sha1_context mbedtls_sha1;
mbedtls_md5_init( &mbedtls_md5 );
/*
* digitally-signed struct {
* opaque md5_hash[16];
* opaque sha_hash[20];
* };
*
* md5_hash
* MD5(ClientHello.random + ServerHello.random
* + ServerParams);
* sha_hash
* SHA(ClientHello.random + ServerHello.random
* + ServerParams);
*/
if( ( ret = mbedtls_md5_starts_ext( &mbedtls_md5 ) ) != 0 ||
( ret = mbedtls_md5_update_ext( &mbedtls_md5,
ssl->handshake->randbytes, 64 ) ) != 0 ||
( ret = mbedtls_md5_update_ext( &mbedtls_md5, dig_signed,
dig_signed_len ) ) != 0 ||
( ret = mbedtls_md5_finish_ext( &mbedtls_md5, hash ) ) != 0 )
{
mbedtls_md5_free( &mbedtls_md5 );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_*", ret );
return( ret );
}
mbedtls_md5_free( &mbedtls_md5 );
mbedtls_sha1_init( &mbedtls_sha1 );
if( ( ret = mbedtls_sha1_starts_ext( &mbedtls_sha1 ) ) != 0 ||
( ret = mbedtls_sha1_update_ext( &mbedtls_sha1,
ssl->handshake->randbytes, 64 ) ) != 0 ||
( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, dig_signed,
dig_signed_len ) ) != 0 ||
( ret = mbedtls_sha1_finish_ext( &mbedtls_sha1,
hash + 16 ) ) != 0 )
{
mbedtls_sha1_free( &mbedtls_sha1 );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_*", ret );
return( ret );
}
mbedtls_sha1_free( &mbedtls_sha1 );
hashlen = 36;
ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash,
dig_signed,
dig_signed_len );
if( ret != 0 )
return( ret );
}
else
#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
@ -3155,36 +3110,14 @@ curve_matching_done:
defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( md_alg != MBEDTLS_MD_NONE )
{
mbedtls_md_context_t ctx;
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
mbedtls_md_init( &ctx );
/* Info from md_alg will be used instead */
hashlen = 0;
/*
* digitally-signed struct {
* opaque client_random[32];
* opaque server_random[32];
* ServerDHParams params;
* };
*/
if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ||
( ret = mbedtls_md_starts( &ctx ) ) != 0 ||
( ret = mbedtls_md_update( &ctx,
ssl->handshake->randbytes, 64 ) ) != 0 ||
( ret = mbedtls_md_update( &ctx, dig_signed,
dig_signed_len ) ) != 0 ||
( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 )
{
mbedtls_md_free( &ctx );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_*", ret );
ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash,
dig_signed,
dig_signed_len,
md_alg );
if( ret != 0 )
return( ret );
}
mbedtls_md_free( &ctx );
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \