espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-02 20:24:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bugfix/mbedtls_patches_3.0' into 'release/v3.0'

Browse Source 
Bugfix/mbedtls patches 3.0

See merge request idf/esp-idf!2261
This commit is contained in:
Ivan Grokhotkov
2018-04-19 17:30:16 +08:00
parent 806d23b17b 8de29499ce
commit ba13d282dd
3 changed files with 21 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
components/mbedtls/library/ssl_cli.c
View File

@@ -2049,10 +2049,16 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
* *
* opaque psk_identity_hint<0..2^16-1>; * opaque psk_identity_hint<0..2^16-1>;
*/ */
if( (*p) > end - 2 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
"(psk_identity_hint length)" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
len = (*p)[0] << 8 | (*p)[1]; len = (*p)[0] << 8 | (*p)[1];
*p += 2; *p += 2;
if( (*p) + len > end ) if( (*p) > end - len )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
"(psk_identity_hint length)" ) ); "(psk_identity_hint length)" ) );
@@ -2470,10 +2476,18 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
/* /*
* Read signature * Read signature
*/ */
if( p > end - 2 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
sig_len = ( p[0] << 8 ) | p[1]; sig_len = ( p[0] << 8 ) | p[1];
p += 2; p += 2;
if( end != p + sig_len ) if( p != end - sig_len )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,

4
components/mbedtls/library/ssl_srv.c
View File

@@ -3436,7 +3436,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
/* /*
* Receive client pre-shared key identity name * Receive client pre-shared key identity name
*/ */
if( *p + 2 > end ) if( end - *p < 2 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
@@ -3445,7 +3445,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
n = ( (*p)[0] << 8 ) | (*p)[1]; n = ( (*p)[0] << 8 ) | (*p)[1];
*p += 2; *p += 2;
if( n < 1 || n > 65535 || *p + n > end ) if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );

6
components/mbedtls/port/include/mbedtls/esp_config.h
View File

@@ -926,7 +926,7 @@
* *
* This enables support for RSAES-OAEP and RSASSA-PSS operations. * This enables support for RSAES-OAEP and RSASSA-PSS operations.
*/ */
#define MBEDTLS_PKCS1_V21 //#define MBEDTLS_PKCS1_V21
/** /**
* \def MBEDTLS_RSA_NO_CRT * \def MBEDTLS_RSA_NO_CRT
@@ -1326,7 +1326,7 @@
* *
* Comment this macro to disable support for truncated HMAC in SSL * Comment this macro to disable support for truncated HMAC in SSL
*/ */
#define MBEDTLS_SSL_TRUNCATED_HMAC //#define MBEDTLS_SSL_TRUNCATED_HMAC
/** /**
* \def MBEDTLS_THREADING_ALT * \def MBEDTLS_THREADING_ALT
@@ -1420,7 +1420,7 @@
* *
* Comment this macro to disallow using RSASSA-PSS in certificates. * Comment this macro to disallow using RSASSA-PSS in certificates.
*/ */
#define MBEDTLS_X509_RSASSA_PSS_SUPPORT //#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
/** /**
* \def MBEDTLS_ZLIB_SUPPORT * \def MBEDTLS_ZLIB_SUPPORT