Merge branch 'bugfix/mbedtls_patches_3.0' into 'release/v3.0'
Bugfix/mbedtls patches 3.0 See merge request idf/esp-idf!2261
This commit is contained in:
commit
ba13d282dd
|
@ -2049,10 +2049,16 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
|
||||||
*
|
*
|
||||||
* opaque psk_identity_hint<0..2^16-1>;
|
* opaque psk_identity_hint<0..2^16-1>;
|
||||||
*/
|
*/
|
||||||
|
if( (*p) > end - 2 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
|
||||||
|
"(psk_identity_hint length)" ) );
|
||||||
|
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||||
|
}
|
||||||
len = (*p)[0] << 8 | (*p)[1];
|
len = (*p)[0] << 8 | (*p)[1];
|
||||||
*p += 2;
|
*p += 2;
|
||||||
|
|
||||||
if( (*p) + len > end )
|
if( (*p) > end - len )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
|
||||||
"(psk_identity_hint length)" ) );
|
"(psk_identity_hint length)" ) );
|
||||||
|
@ -2470,10 +2476,18 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
|
||||||
/*
|
/*
|
||||||
* Read signature
|
* Read signature
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
if( p > end - 2 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
|
||||||
|
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||||
|
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
|
||||||
|
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||||
|
}
|
||||||
sig_len = ( p[0] << 8 ) | p[1];
|
sig_len = ( p[0] << 8 ) | p[1];
|
||||||
p += 2;
|
p += 2;
|
||||||
|
|
||||||
if( end != p + sig_len )
|
if( p != end - sig_len )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
|
||||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||||
|
|
|
@ -3436,7 +3436,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
|
||||||
/*
|
/*
|
||||||
* Receive client pre-shared key identity name
|
* Receive client pre-shared key identity name
|
||||||
*/
|
*/
|
||||||
if( *p + 2 > end )
|
if( end - *p < 2 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
||||||
|
@ -3445,7 +3445,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
|
||||||
n = ( (*p)[0] << 8 ) | (*p)[1];
|
n = ( (*p)[0] << 8 ) | (*p)[1];
|
||||||
*p += 2;
|
*p += 2;
|
||||||
|
|
||||||
if( n < 1 || n > 65535 || *p + n > end )
|
if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
||||||
|
|
|
@ -926,7 +926,7 @@
|
||||||
*
|
*
|
||||||
* This enables support for RSAES-OAEP and RSASSA-PSS operations.
|
* This enables support for RSAES-OAEP and RSASSA-PSS operations.
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_PKCS1_V21
|
//#define MBEDTLS_PKCS1_V21
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_RSA_NO_CRT
|
* \def MBEDTLS_RSA_NO_CRT
|
||||||
|
@ -1326,7 +1326,7 @@
|
||||||
*
|
*
|
||||||
* Comment this macro to disable support for truncated HMAC in SSL
|
* Comment this macro to disable support for truncated HMAC in SSL
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_SSL_TRUNCATED_HMAC
|
//#define MBEDTLS_SSL_TRUNCATED_HMAC
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_THREADING_ALT
|
* \def MBEDTLS_THREADING_ALT
|
||||||
|
@ -1420,7 +1420,7 @@
|
||||||
*
|
*
|
||||||
* Comment this macro to disallow using RSASSA-PSS in certificates.
|
* Comment this macro to disallow using RSASSA-PSS in certificates.
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
//#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_ZLIB_SUPPORT
|
* \def MBEDTLS_ZLIB_SUPPORT
|
||||||
|
|
Loading…
Reference in a new issue