WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #1231 from dgarske/fix_max_sigalgo 

Fixes and cleanup for handling of sig/algo
pull/1229/head
toddouska 2017-11-14 13:25:29 -08:00 committed by GitHub
parent 815cbd8f68 20f5c61675
commit cc65429946
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 29 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/internal.c
View File

@ -13237,7 +13237,7 @@ int SendCertificateRequest(WOLFSSL* ssl)
/* supported hash/sig */
if (IsAtLeastTLSv1_2(ssl)) {
c16toa(ssl->suites->hashSigAlgoSz, &output[i]);
i += LENGTH_SZ;
i += OPAQUE16_LEN;
XMEMCPY(&output[i],
ssl->suites->hashSigAlgo, ssl->suites->hashSigAlgoSz);
@ -22765,18 +22765,25 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return BUFFER_ERROR;
if (extId == HELLO_EXT_SIG_ALGO) {
ato16(&input[i], &clSuites.hashSigAlgoSz);
word16 hashSigAlgoSz;
ato16(&input[i], &hashSigAlgoSz);
i += OPAQUE16_LEN;
if (OPAQUE16_LEN + clSuites.hashSigAlgoSz > extSz)
if (OPAQUE16_LEN + hashSigAlgoSz > extSz)
return BUFFER_ERROR;
XMEMCPY(clSuites.hashSigAlgo, &input[i],
min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX));
i += clSuites.hashSigAlgoSz;
clSuites.hashSigAlgoSz = hashSigAlgoSz;
if (clSuites.hashSigAlgoSz > WOLFSSL_MAX_SIGALGO) {
WOLFSSL_MSG("ClientHello SigAlgo list exceeds max, "
"truncating");
clSuites.hashSigAlgoSz = WOLFSSL_MAX_SIGALGO;
}
if (clSuites.hashSigAlgoSz > HELLO_EXT_SIGALGO_MAX)
clSuites.hashSigAlgoSz = HELLO_EXT_SIGALGO_MAX;
XMEMCPY(clSuites.hashSigAlgo, &input[i],
clSuites.hashSigAlgoSz);
i += hashSigAlgoSz;
}
#ifdef HAVE_EXTENDED_MASTER
else if (extId == HELLO_EXT_EXTMS)

9
src/tls.c
View File

@ -3779,7 +3779,7 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length,
if (!isRequest) {
if (TLSX_CheckUnsupportedExtension(ssl, TLSX_SESSION_TICKET))
return TLSX_HandleUnsupportedExtension(ssl);
if (length != 0)
return BUFFER_ERROR;
@ -4914,8 +4914,13 @@ static int TLSX_SignatureAlgorithms_Parse(WOLFSSL *ssl, byte* input,
if (length != OPAQUE16_LEN + len)
return BUFFER_ERROR;
XMEMCPY(suites->hashSigAlgo, input, len);
/* truncate hashSigAlgo list if too long */
suites->hashSigAlgoSz = len;
if (suites->hashSigAlgoSz > WOLFSSL_MAX_SIGALGO) {
WOLFSSL_MSG("TLSX SigAlgo list exceeds max, truncating");
suites->hashSigAlgoSz = WOLFSSL_MAX_SIGALGO;
}
XMEMCPY(suites->hashSigAlgo, input, suites->hashSigAlgoSz);
return TLSX_SignatureAlgorithms_MapPss(ssl, input, len);
}

9
wolfssl/internal.h
View File

@ -1034,7 +1034,6 @@ enum Misc {
HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */
HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */
HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */
DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
@ -1192,6 +1191,12 @@ enum Misc {
/* 150 suites for now! */
#endif
/* number of items in the signature algo list */
#ifndef WOLFSSL_MAX_SIGALGO
#define WOLFSSL_MAX_SIGALGO 32
#endif
/* set minimum ECC key size allowed */
#ifndef WOLFSSL_MIN_ECC_BITS
#ifdef WOLFSSL_MAX_STRENGTH
@ -1527,7 +1532,7 @@ typedef struct Suites {
word16 suiteSz; /* suite length in bytes */
word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
byte suites[WOLFSSL_MAX_SUITE_SZ];
byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */
byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */
byte setSuites; /* user set suites from default */
byte hashAlgo; /* selected hash algorithm */
byte sigAlgo; /* selected sig algorithm */