yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-24 19:56:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix TLS alert codes

Browse source 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Dave Rodgman 2021-06-28 21:58:56 +01:00
parent 78c601b529
commit dd5f624f32
3 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
ChangeLog.d/fix_tls_alert_codes.txt Normal file
View file

@ -0,0 +1,6 @@
Bugfix
* Fix the alert raised when a client requests an invalid
* fragment length, as per RFC6066 section 4. We now alert with
* MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER. Similarly, raise
* MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR for an invalid finished
* message, as per RFC5247 section 7.2.2.

2
library/ssl_cli.c
View file

@ -1525,7 +1525,7 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
mbedtls_ssl_send_alert_message( mbedtls_ssl_send_alert_message(
ssl, ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
} }

2
library/ssl_tls.c
View file

@ -3610,7 +3610,7 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED ); return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED );
} }