From 4528f3f5c03d9b86cd48d3d3ad2f3ae487ce9062 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 10 Sep 2014 14:17:23 +0000 Subject: [PATCH] No memmove: parse_certificate_verify() --- library/ssl_srv.c | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 14aeb6c13b..94a7ae6f50 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3259,7 +3259,7 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) static int ssl_parse_certificate_verify( ssl_context *ssl ) { int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; - size_t sa_len, sig_len; + size_t i, sig_len; unsigned char hash[48]; unsigned char *hash_start = hash; size_t hashlen; @@ -3296,8 +3296,6 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) return( ret ); } - ssl_hs_rm_dtls_hdr( ssl ); - ssl->state++; if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ) @@ -3312,20 +3310,18 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); } - /* - * 0 . 0 handshake type - * 1 . 3 handshake length - * 4 . 5 sig alg (TLS 1.2 only) - * 4+n . 5+n signature length (n = sa_len) - * 6+n . 6+n+m signature (m = sig_len) - */ + i = ssl_hs_hdr_len( ssl ); + /* + * struct { + * SignatureAndHashAlgorithm algorithm; -- TLS 1.2 only + * opaque signature<0..2^16-1>; + * } DigitallySigned; + */ #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \ defined(POLARSSL_SSL_PROTO_TLS1_1) if( ssl->minor_ver != SSL_MINOR_VERSION_3 ) { - sa_len = 0; - md_alg = POLARSSL_MD_NONE; hashlen = 36; @@ -3344,12 +3340,10 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) #if defined(POLARSSL_SSL_PROTO_TLS1_2) if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) { - sa_len = 2; - /* * Hash */ - if( ssl->in_msg[4] != ssl->handshake->verify_sig_alg ) + if( ssl->in_msg[i] != ssl->handshake->verify_sig_alg ) { SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg" " for verify message" ) ); @@ -3361,10 +3355,12 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) /* Info from md_alg will be used instead */ hashlen = 0; + i++; + /* * Signature */ - if( ( pk_alg = ssl_pk_alg_from_sig( ssl->in_msg[5] ) ) + if( ( pk_alg = ssl_pk_alg_from_sig( ssl->in_msg[i] ) ) == POLARSSL_PK_NONE ) { SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg" @@ -3380,6 +3376,8 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) SSL_DEBUG_MSG( 1, ( "sig_alg doesn't match cert key" ) ); return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); } + + i++; } else #endif /* POLARSSL_SSL_PROTO_TLS1_2 */ @@ -3388,9 +3386,10 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) return( POLARSSL_ERR_SSL_INTERNAL_ERROR ); } - sig_len = ( ssl->in_msg[4 + sa_len] << 8 ) | ssl->in_msg[5 + sa_len]; + sig_len = ( ssl->in_msg[i] << 8 ) | ssl->in_msg[i+1]; + i += 2; - if( sa_len + sig_len + 6 != ssl->in_hslen ) + if( i + sig_len != ssl->in_hslen ) { SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); @@ -3398,7 +3397,7 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) if( ( ret = pk_verify( &ssl->session_negotiate->peer_cert->pk, md_alg, hash_start, hashlen, - ssl->in_msg + 6 + sa_len, sig_len ) ) != 0 ) + ssl->in_msg + i, sig_len ) ) != 0 ) { SSL_DEBUG_RET( 1, "pk_verify", ret ); return( ret );