yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-10 21:35:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Protect setting of hello_random flag

Browse source 
The handshake flag tells when the handshake hello.random
is set and can be used later to decide if we have the correct
keys.
This commit is contained in:
Jarno Lamsa 2019-12-17 15:57:41 +02:00
parent b57d7fd568
commit 98801af26b
2 changed files with 34 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
library/ssl_cli.c
View file

@ -687,7 +687,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t t;
#endif
ssl->handshake->hello_random_set = MBEDTLS_SSL_FI_FLAG_UNSET;
/*
* When responding to a verify request, MUST reuse random (RFC 6347 4.2.1)
*/
@ -713,13 +713,19 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
p += 4;
#endif /* MBEDTLS_HAVE_TIME */
if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf )
( mbedtls_ssl_conf_get_prng( ssl->conf ), p, 28 ) ) != 0 )
ret = mbedtls_ssl_conf_get_frng( ssl->conf )
( mbedtls_ssl_conf_get_prng( ssl->conf ), p, 28 );
if( ret == 0 )
{
return( ret );
mbedtls_platform_enforce_volatile_reads();
if( ret == 0 )
{
ssl->handshake->hello_random_set = MBEDTLS_SSL_FI_FLAG_SET;
return( 0 );
}
}
return( 0 );
return( ret );
}
/**
@ -1719,8 +1725,15 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu",
(unsigned long)mbedtls_platform_get_uint32_be( &buf[2] ) ) );
ssl->handshake->hello_random_set = MBEDTLS_SSL_FI_FLAG_UNSET;
mbedtls_platform_memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
if( mbedtls_platform_memcmp( ssl->handshake->randbytes + 32, buf + 2, 32 ) == 0 )
{
ssl->handshake->hello_random_set = MBEDTLS_SSL_FI_FLAG_SET;
}
n = buf[34];
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 2, 32 );

18
library/ssl_srv.c
View file

@ -1223,8 +1223,14 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
mbedtls_platform_memcpy( ssl->session_negotiate->id, p, ssl->session_negotiate->id_len );
p += sess_len;
ssl->handshake->hello_random_set = MBEDTLS_SSL_FI_FLAG_UNSET;
memset( ssl->handshake->randbytes, 0, 64 );
mbedtls_platform_memcpy( ssl->handshake->randbytes + 32 - chal_len, p, chal_len );
if( mbedtls_platform_memcmp( ssl->handshake->randbytes + 32 - chal_len, p, chal_len ) == 0 )
{
ssl->handshake->hello_random_set = MBEDTLS_SSL_FI_FLAG_SET;
}
/*
* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
@ -1717,10 +1723,14 @@ read_record_header:
/*
* Save client random (inc. Unix time)
*/
ssl->handshake->hello_random_set = MBEDTLS_SSL_FI_FLAG_UNSET;
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", buf + 2, 32 );
mbedtls_platform_memcpy( ssl->handshake->randbytes, buf + 2, 32 );
if( mbedtls_platform_memcmp( ssl->handshake->randbytes, buf + 2, 32 ) == 0 )
{
ssl->handshake->hello_random_set = MBEDTLS_SSL_FI_FLAG_SET;
}
/*
* Check the session ID length and save session ID
*/
@ -2814,8 +2824,12 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
}
p += 28;
ssl->handshake->hello_random_set = MBEDTLS_SSL_FI_FLAG_UNSET;
mbedtls_platform_memcpy( ssl->handshake->randbytes + 32, buf + 6, 32 );
if( mbedtls_platform_memcmp( ssl->handshake->randbytes + 32, buf + 6, 32 ) == 0 )
{
ssl->handshake->hello_random_set = MBEDTLS_SSL_FI_FLAG_SET;
}
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 );