mirror of https://github.com/wolfSSL/wolfssl.git
tls fix for set_groups
JeremiahM37
Juliusz Sosinowicz
parent
c207e2d198
commit
3c1c4792da
47
src/tls.c
47
src/tls.c
|
|
@ -5042,13 +5042,15 @@ static word16 TLSX_PointFormat_Write(PointFormat* list, byte* output)
|
|||
|
||||
#if !defined(NO_WOLFSSL_SERVER) || (defined(WOLFSSL_TLS13) && \
|
||||
!defined(WOLFSSL_NO_SERVER_GROUPS_EXT))
|
||||
|
||||
int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl, const byte* input,
|
||||
word16 length, byte isRequest, TLSX** extensions)
|
||||
{
|
||||
word16 offset;
|
||||
word16 name;
|
||||
int ret;
|
||||
TLSX* existingExt;
|
||||
TLSX* newExt = NULL;
|
||||
SupportedCurve* intersectionCurve;
|
||||
|
||||
if(!isRequest && !IsAtLeastTLSv1_3(ssl->version)) {
|
||||
#ifdef WOLFSSL_ALLOW_SERVER_SC_EXT
|
||||
|
|
@ -5057,16 +5059,12 @@ int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl, const byte* input,
|
|||
return BUFFER_ERROR; /* servers doesn't send this extension. */
|
||||
#endif
|
||||
}
|
||||
|
||||
if (OPAQUE16_LEN > length || length % OPAQUE16_LEN)
|
||||
return BUFFER_ERROR;
|
||||
|
||||
ato16(input, &offset);
|
||||
|
||||
/* validating curve list length */
|
||||
if (length != OPAQUE16_LEN + offset)
|
||||
return BUFFER_ERROR;
|
||||
|
||||
offset = OPAQUE16_LEN;
|
||||
if (offset == length)
|
||||
return 0;
|
||||
|
|
@ -5075,17 +5073,14 @@ int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl, const byte* input,
|
|||
if (!isRequest) {
|
||||
TLSX* extension;
|
||||
SupportedCurve* curve;
|
||||
|
||||
extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS);
|
||||
if (extension != NULL) {
|
||||
/* Replace client list with server list of supported groups. */
|
||||
curve = (SupportedCurve*)extension->data;
|
||||
extension->data = NULL;
|
||||
TLSX_SupportedCurve_FreeAll(curve, ssl->heap);
|
||||
|
||||
ato16(input + offset, &name);
|
||||
offset += OPAQUE16_LEN;
|
||||
|
||||
ret = TLSX_SupportedCurve_New(&curve, name, ssl->heap);
|
||||
if (ret != 0)
|
||||
return ret; /* throw error */
|
||||
|
|
@ -5094,20 +5089,44 @@ int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl, const byte* input,
|
|||
}
|
||||
#endif
|
||||
|
||||
existingExt = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS);
|
||||
|
||||
for (; offset < length; offset += OPAQUE16_LEN) {
|
||||
ato16(input + offset, &name);
|
||||
|
||||
ret = TLSX_UseSupportedCurve(extensions, name, ssl->heap);
|
||||
if (existingExt != NULL) {
|
||||
/* Check if this curve exists in our current list */
|
||||
intersectionCurve = (SupportedCurve*)existingExt->data;
|
||||
while (intersectionCurve != NULL) {
|
||||
if (intersectionCurve->name == name) {
|
||||
ret = TLSX_UseSupportedCurve(&newExt, name, ssl->heap);
|
||||
if (ret != WOLFSSL_SUCCESS && ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
return ret;
|
||||
break;
|
||||
}
|
||||
intersectionCurve = intersectionCurve->next;
|
||||
}
|
||||
}
|
||||
else {
|
||||
ret = TLSX_UseSupportedCurve(extensions, name, ssl->heap);
|
||||
if (ret != WOLFSSL_SUCCESS && ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
return ret;
|
||||
}
|
||||
/* If it is BAD_FUNC_ARG then it is a group we do not support, but
|
||||
* that is fine. */
|
||||
if (ret != WOLFSSL_SUCCESS && ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
|
||||
if (existingExt != NULL) {
|
||||
if (newExt == NULL){
|
||||
printf("No commong group found\n");
|
||||
return ECC_CURVE_ERROR;
|
||||
}
|
||||
/* Replace existing extension data with intersection */
|
||||
intersectionCurve = (SupportedCurve*)existingExt->data;
|
||||
TLSX_SupportedCurve_FreeAll(intersectionCurve, ssl->heap);
|
||||
existingExt->data = newExt->data;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#if !defined(NO_WOLFSSL_SERVER)
|
||||
|
|
|
|||
Loading…
Reference in New Issue