yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-05-04 19:42:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Guard RSA-only max_major/minor_ver fields from SSL handshake params

Browse source 
The fields
- mbedtls_ssl_handshake_params::max_major_ver,
- mbedtls_ssl_handshake_params::max_minor_ver
are used only for server-side RSA-based key exchanges
can be removed otherwise.
This commit is contained in:
Hanno Becker 2019-06-12 14:47:21 +01:00
parent 7b628e5b88
commit 18729aeaac
2 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
include/mbedtls/ssl_internal.h
View file

@ -514,8 +514,14 @@ struct mbedtls_ssl_handshake_params
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) #if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
int resume; /*!< session resume indicator*/ int resume; /*!< session resume indicator*/
#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */ #endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
#if defined(MBEDTLS_SSL_SRV_C) && \
( defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ) )
int max_major_ver; /*!< max. major version client*/ int max_major_ver; /*!< max. major version client*/
int max_minor_ver; /*!< max. minor version client*/ int max_minor_ver; /*!< max. minor version client*/
#endif /* MBEDTLS_SSL_SRV_C && ( MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ||
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ) */
int cli_exts; /*!< client extension presence*/ int cli_exts; /*!< client extension presence*/
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)

8
library/ssl_srv.c
View file

@ -1110,8 +1110,12 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
} }
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
ssl->handshake->max_major_ver = buf[3]; ssl->handshake->max_major_ver = buf[3];
ssl->handshake->max_minor_ver = buf[4]; ssl->handshake->max_minor_ver = buf[4];
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ||
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
if( ( ret = mbedtls_ssl_fetch_input( ssl, 2 + n ) ) != 0 ) if( ( ret = mbedtls_ssl_fetch_input( ssl, 2 + n ) ) != 0 )
{ {
@ -1630,8 +1634,12 @@ read_record_header:
ssl->conf->transport, ssl->conf->transport,
buf ); buf );
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
ssl->handshake->max_major_ver = major_ver; ssl->handshake->max_major_ver = major_ver;
ssl->handshake->max_minor_ver = minor_ver; ssl->handshake->max_minor_ver = minor_ver;
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ||
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
if( major_ver < mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) || if( major_ver < mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) ||
minor_ver < mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) ) minor_ver < mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) )