Update mbedtls_ssl_handshake_free() and address review comments.

Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2025-03-28 19:21:08 +00:00 · 2022-02-08 09:59:23 +00:00 · 2022-02-08 09:59:23 +00:00 · c234ecf695
commit c234ecf695
parent 51f515a503
3 changed files with 13 additions and 11 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -5579,7 +5579,12 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
        mbedtls_free( (void*) handshake->sig_algs );
    handshake->sig_algs = NULL;
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
-
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+    if( ssl->handshake->certificate_request_context )
+    {
+        mbedtls_free( (void*) handshake->certificate_request_context );
+    }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */

 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -1468,6 +1468,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,

    if( certificate_request_context_len > 0 )
    {
+        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, certificate_request_context_len );
        MBEDTLS_SSL_DEBUG_BUF( 3, "Certificate Request Context",
                               p, certificate_request_context_len );

@ -1479,7 +1480,6 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
            MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
            return ( MBEDTLS_ERR_SSL_ALLOC_FAILED );
        }
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, certificate_request_context_len );
        memcpy( handshake->certificate_request_context, p,
                certificate_request_context_len );
        p += certificate_request_context_len;
@ -1523,7 +1523,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
                {
                    MBEDTLS_SSL_DEBUG_MSG( 3,
                        ( "Duplicate signature algorithms extensions found" ) );
-                    goto error;
+                    goto decode_error;
                }
                break;

@ -1540,23 +1540,21 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
    if( p != end )
    {
        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "CertificateRequset misaligned" ) );
-        goto error;
+            ( "CertificateRequest misaligned" ) );
+        goto decode_error;
    }
    /* Check that we found signature algorithms extension */
    if( ! sig_alg_ext_found )
    {
        MBEDTLS_SSL_DEBUG_MSG( 3,
            ( "no signature algorithms extension found" ) );
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "ssl_tls13_parse_certificate_request" ) );
-        goto error;
+        goto decode_error;
    }

    ssl->client_auth = 1;
    return( 0 );

-error:
+decode_error:
    MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
                                  MBEDTLS_ERR_SSL_DECODE_ERROR );
    return( MBEDTLS_ERR_SSL_DECODE_ERROR );
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@ -158,9 +158,8 @@ int mbedtls_ssl_tls13_parse_sig_alg_ext( mbedtls_ssl_context *ssl,
    size_t supported_sig_algs_len = 0;
    const unsigned char *supported_sig_algs_end;
    uint16_t sig_alg;
-    uint32_t common_idx = 0; /* iterate through received signature schemes list */
+    uint32_t common_idx = 0;

-    /* skip 2 bytes of signature algorithms length */
    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
    supported_sig_algs_len = MBEDTLS_GET_UINT16_BE( p, 0 );
    p += 2;