mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-06 19:21:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Only store the first group in ssl_tls13_parse_supported_groups_ext()

Browse Source 
Change-Id: I4427149aeb6eb453150e522e4c7b11187e2e3825
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
This commit is contained in:
XiaokangQian 2022-04-19 07:57:30 +00:00
parent 3f84d5d0cd
commit 84823779ce
1 changed files with 10 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
library/ssl_tls13_server.c
View File

@ -109,8 +109,8 @@ static int ssl_tls13_parse_supported_groups_ext(
const unsigned char *buf, const unsigned char *end ) const unsigned char *buf, const unsigned char *end )
{ {
const unsigned char *p = buf; const unsigned char *p = buf;
size_t named_group_list_len, curve_list_len; size_t named_group_list_len;
const mbedtls_ecp_curve_info *curve_info, **curves; const mbedtls_ecp_curve_info *curve_info;
const unsigned char *named_group_list_end; const unsigned char *named_group_list_end;
MBEDTLS_SSL_DEBUG_BUF( 3, "supported_groups extension", p, end - buf ); MBEDTLS_SSL_DEBUG_BUF( 3, "supported_groups extension", p, end - buf );
@ -118,47 +118,25 @@ static int ssl_tls13_parse_supported_groups_ext(
named_group_list_len = MBEDTLS_GET_UINT16_BE( p, 0 ); named_group_list_len = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2; p += 2;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, named_group_list_len ); MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, named_group_list_len );
/* At the moment, this can happen when receiving a second
* ClientHello after an HRR. We should properly reset the
* state upon receiving an HRR, in which case we should
* not observe handshake->curves already being allocated. */
if( ssl->handshake->curves != NULL )
{
mbedtls_free( ssl->handshake->curves );
ssl->handshake->curves = NULL;
}
/* Don't allow our peer to make us allocate too much memory,
* and leave room for a final 0
*/
curve_list_len = named_group_list_len / 2 + 1;
if( curve_list_len > MBEDTLS_ECP_DP_MAX )
curve_list_len = MBEDTLS_ECP_DP_MAX;
if( ( curves = mbedtls_calloc( curve_list_len, sizeof( *curves ) ) ) == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
named_group_list_end = p + named_group_list_len; named_group_list_end = p + named_group_list_len;
ssl->handshake->curves = curves;
while ( p < named_group_list_end && curve_list_len > 1 ) while ( p < named_group_list_end )
{ {
uint16_t tls_grp_id; uint16_t tls_grp_id;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, named_group_list_end, 2 ); MBEDTLS_SSL_CHK_BUF_READ_PTR( p, named_group_list_end, 2 );
tls_grp_id = MBEDTLS_GET_UINT16_BE( p, 0 ); tls_grp_id = MBEDTLS_GET_UINT16_BE( p, 0 );
curve_info = mbedtls_ecp_curve_info_from_tls_id( tls_grp_id ); curve_info = mbedtls_ecp_curve_info_from_tls_id( tls_grp_id );
/* mbedtls_ecp_curve_info_from_tls_id() uses the mbedtls_ecp_curve_info
* data structure (defined in ecp.c), which only includes the list of
* curves implemented. Hence, we only add curves that are also supported
* and implemented by the server.
*/
if( curve_info != NULL ) if( curve_info != NULL )
{ {
*curves++ = curve_info;
MBEDTLS_SSL_DEBUG_MSG( 4, ( "supported curve: %s", curve_info->name ) ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "supported curve: %s", curve_info->name ) );
curve_list_len--; /*
* Here we only update offered_group_id field with the first
* offered group
*/
ssl->handshake->offered_group_id = tls_grp_id;
break;
} }
p += 2; p += 2;