Merge branch 'development'
This commit is contained in:
Simon Butcher
commit
9c22e7311c
19 changed files with 266 additions and 160 deletions
|
|
@ -56,7 +56,7 @@
|
|||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@
|
|||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
void mbedtls_arc4_init( mbedtls_arc4_context *ctx )
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@
|
|||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -269,7 +269,8 @@ int mbedtls_asn1_get_sequence_of( unsigned char **p,
|
|||
/* Allocate and assign next pointer */
|
||||
if( *p < end )
|
||||
{
|
||||
cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
|
||||
cur->next = (mbedtls_asn1_sequence*)mbedtls_calloc( 1,
|
||||
sizeof( mbedtls_asn1_sequence ) );
|
||||
|
||||
if( cur->next == NULL )
|
||||
return( MBEDTLS_ERR_ASN1_ALLOC_FAILED );
|
||||
|
|
|
|||
|
|
@ -312,7 +312,9 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data
|
|||
{
|
||||
// Add new entry if not present yet based on OID
|
||||
//
|
||||
if( ( cur = mbedtls_calloc( 1, sizeof(mbedtls_asn1_named_data) ) ) == NULL )
|
||||
cur = (mbedtls_asn1_named_data*)mbedtls_calloc( 1,
|
||||
sizeof(mbedtls_asn1_named_data) );
|
||||
if( cur == NULL )
|
||||
return( NULL );
|
||||
|
||||
cur->oid.len = oid_len;
|
||||
|
|
|
|||
|
|
@ -120,7 +120,7 @@ int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs )
|
|||
|
||||
if( X->n < nblimbs )
|
||||
{
|
||||
if( ( p = mbedtls_calloc( nblimbs, ciL ) ) == NULL )
|
||||
if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( nblimbs, ciL ) ) == NULL )
|
||||
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
|
||||
|
||||
if( X->p != NULL )
|
||||
|
|
@ -158,7 +158,7 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs )
|
|||
if( i < nblimbs )
|
||||
i = nblimbs;
|
||||
|
||||
if( ( p = mbedtls_calloc( i, ciL ) ) == NULL )
|
||||
if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( i, ciL ) ) == NULL )
|
||||
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
|
||||
|
||||
if( X->p != NULL )
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@
|
|||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@
|
|||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@
|
|||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#define CCM_ENCRYPT 0
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@
|
|||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
static int supported_init = 0;
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@
|
|||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -1685,7 +1685,7 @@ int mbedtls_rsa_self_test( int verbose )
|
|||
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "PKCS#1 data sign : " );
|
||||
mbedtls_printf( " PKCS#1 data sign : " );
|
||||
|
||||
mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum );
|
||||
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@
|
|||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -1507,192 +1507,200 @@ read_record_header:
|
|||
ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Check the extension length
|
||||
*/
|
||||
ext_offset = comp_offset + 1 + comp_len;
|
||||
if( msg_len > ext_offset )
|
||||
/* Do not parse the extensions if the protocol is SSLv3 */
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||
if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
|
||||
{
|
||||
if( msg_len < ext_offset + 2 )
|
||||
#endif
|
||||
/*
|
||||
* Check the extension length
|
||||
*/
|
||||
ext_offset = comp_offset + 1 + comp_len;
|
||||
if( msg_len > ext_offset )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
if( msg_len < ext_offset + 2 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
|
||||
ext_len = ( buf[ext_offset + 0] << 8 )
|
||||
| ( buf[ext_offset + 1] );
|
||||
|
||||
if( ( ext_len > 0 && ext_len < 4 ) ||
|
||||
msg_len != ext_offset + 2 + ext_len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
}
|
||||
else
|
||||
ext_len = 0;
|
||||
|
||||
ext_len = ( buf[ext_offset + 0] << 8 )
|
||||
| ( buf[ext_offset + 1] );
|
||||
ext = buf + ext_offset + 2;
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len );
|
||||
|
||||
if( ( ext_len > 0 && ext_len < 4 ) ||
|
||||
msg_len != ext_offset + 2 + ext_len )
|
||||
while( ext_len != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
}
|
||||
else
|
||||
ext_len = 0;
|
||||
unsigned int ext_id = ( ( ext[0] << 8 )
|
||||
| ( ext[1] ) );
|
||||
unsigned int ext_size = ( ( ext[2] << 8 )
|
||||
| ( ext[3] ) );
|
||||
|
||||
ext = buf + ext_offset + 2;
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len );
|
||||
|
||||
while( ext_len != 0 )
|
||||
{
|
||||
unsigned int ext_id = ( ( ext[0] << 8 )
|
||||
| ( ext[1] ) );
|
||||
unsigned int ext_size = ( ( ext[2] << 8 )
|
||||
| ( ext[3] ) );
|
||||
|
||||
if( ext_size + 4 > ext_len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
switch( ext_id )
|
||||
{
|
||||
if( ext_size + 4 > ext_len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
switch( ext_id )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
case MBEDTLS_TLS_EXT_SERVERNAME:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
|
||||
if( ssl->conf->f_sni == NULL )
|
||||
break;
|
||||
case MBEDTLS_TLS_EXT_SERVERNAME:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
|
||||
if( ssl->conf->f_sni == NULL )
|
||||
break;
|
||||
|
||||
ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
|
||||
case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
|
||||
case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
renegotiation_info_seen = 1;
|
||||
renegotiation_info_seen = 1;
|
||||
#endif
|
||||
|
||||
ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
case MBEDTLS_TLS_EXT_SIG_ALG:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
|
||||
case MBEDTLS_TLS_EXT_SIG_ALG:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
|
||||
break;
|
||||
if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
|
||||
break;
|
||||
#endif
|
||||
|
||||
ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
|
||||
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
case MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) );
|
||||
case MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) );
|
||||
|
||||
ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
|
||||
case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) );
|
||||
ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT;
|
||||
case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) );
|
||||
ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT;
|
||||
|
||||
ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake kkpp extension" ) );
|
||||
case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake kkpp extension" ) );
|
||||
|
||||
ret = ssl_parse_ecjpake_kkpp( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_ecjpake_kkpp( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) );
|
||||
case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) );
|
||||
|
||||
ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||
case MBEDTLS_TLS_EXT_TRUNCATED_HMAC:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) );
|
||||
case MBEDTLS_TLS_EXT_TRUNCATED_HMAC:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) );
|
||||
|
||||
ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) );
|
||||
case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) );
|
||||
|
||||
ret = ssl_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||
case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended master secret extension" ) );
|
||||
case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended master secret extension" ) );
|
||||
|
||||
ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
case MBEDTLS_TLS_EXT_SESSION_TICKET:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) );
|
||||
case MBEDTLS_TLS_EXT_SESSION_TICKET:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) );
|
||||
|
||||
ret = ssl_parse_session_ticket_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_session_ticket_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
case MBEDTLS_TLS_EXT_ALPN:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
|
||||
case MBEDTLS_TLS_EXT_ALPN:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
|
||||
|
||||
ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
default:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
|
||||
ext_id ) );
|
||||
}
|
||||
default:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
|
||||
ext_id ) );
|
||||
}
|
||||
|
||||
ext_len -= 4 + ext_size;
|
||||
ext += 4 + ext_size;
|
||||
ext_len -= 4 + ext_size;
|
||||
ext += 4 + ext_size;
|
||||
|
||||
if( ext_len > 0 && ext_len < 4 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
if( ext_len > 0 && ext_len < 4 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
}
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
|
||||
for( i = 0, p = buf + 41 + sess_len; i < ciph_len; i += 2, p += 2 )
|
||||
|
|
@ -2363,6 +2371,12 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
|
||||
ssl->session_negotiate->compression ) );
|
||||
|
||||
/* Do not write the extensions if the protocol is SSLv3 */
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||
if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
|
||||
{
|
||||
#endif
|
||||
|
||||
/*
|
||||
* First write extensions, then the total length
|
||||
*/
|
||||
|
|
@ -2419,6 +2433,10 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||
p += ext_len;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||
}
|
||||
#endif
|
||||
|
||||
ssl->out_msglen = p - buf;
|
||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
||||
ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO;
|
||||
|
|
|
|||
|
|
@ -502,14 +502,15 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s
|
|||
{
|
||||
mbedtls_pem_init( &pem );
|
||||
|
||||
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
||||
if( buflen == 0 || buf[buflen - 1] != '\0' )
|
||||
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
||||
else
|
||||
ret = mbedtls_pem_read_buffer( &pem,
|
||||
"-----BEGIN X509 CRL-----",
|
||||
"-----END X509 CRL-----",
|
||||
buf, NULL, 0, &use_len );
|
||||
// Avoid calling mbedtls_pem_read_buffer() on non-null-terminated
|
||||
// string
|
||||
if( buflen == 0 || buf[buflen - 1] != '\0' )
|
||||
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
||||
else
|
||||
ret = mbedtls_pem_read_buffer( &pem,
|
||||
"-----BEGIN X509 CRL-----",
|
||||
"-----END X509 CRL-----",
|
||||
buf, NULL, 0, &use_len );
|
||||
|
||||
if( ret == 0 )
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue