mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-17 20:42:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tls12: psa_pake: check elliptic curve's TLS ID on handshake

Browse Source 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit is contained in:
Valerio Setti 2022-11-16 08:17:09 +01:00
parent fbbc1f3812
commit 4a9caaa0c9
1 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
library/ssl_misc.h
View File

@ -2452,22 +2452,27 @@ static inline int psa_tls12_parse_ecjpake_round_two(
/* /*
* On its 2nd round, the server sends 3 extra bytes which identify the * On its 2nd round, the server sends 3 extra bytes which identify the
* curve. Therefore we should skip them only on the client side * curve:
* - the 1st one is MBEDTLS_ECP_TLS_NAMED_CURVE
* - the 2nd and 3rd represent curve's TLS ID
* Validate this data before moving forward
*/ */
if( ( step == PSA_PAKE_STEP_KEY_SHARE ) && if( ( step == PSA_PAKE_STEP_KEY_SHARE ) &&
( role == MBEDTLS_SSL_IS_CLIENT ) ) ( role == MBEDTLS_SSL_IS_CLIENT ) )
{ {
/* Length is stored after the 3 bytes for the curve */ uint16_t tls_id = MBEDTLS_GET_UINT16_BE( buf, 1 );
length = buf[input_offset + 3];
input_offset += 3 + 1; if( ( *buf != MBEDTLS_ECP_TLS_NAMED_CURVE ) ||
} ( mbedtls_ecp_curve_info_from_tls_id( tls_id ) == NULL ) )
else return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
{
/* Length is stored at the first byte */ input_offset += 3;
length = buf[input_offset];
input_offset += 1;
} }
/* Length is stored at the first byte */
length = buf[input_offset];
input_offset += 1;
if( input_offset + length > len ) if( input_offset + length > len )
{ {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;