Corrections after the code review
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index a5a12ce..1f1de2b 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -72,7 +72,7 @@
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
+#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
/* Determine maximum supported version */
@@ -113,13 +113,7 @@
* counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256).
*/
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
- defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#define MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/* This macro determines whether CBC is supported. */
#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
@@ -147,7 +141,7 @@
#define MBEDTLS_SSL_SOME_SUITES_USE_MAC
#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
/* Ciphersuites using HMAC */
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index b629d79..a75b919 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -86,6 +86,70 @@
return( 0 );
}
+static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
+ unsigned char *buf,
+ size_t len,
+ mbedtls_record *rec );
+
+int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl,
+ unsigned char *buf,
+ size_t buflen )
+{
+ int ret = 0;
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "=> mbedtls_ssl_check_record" ) );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "record buffer", buf, buflen );
+
+ /* We don't support record checking in TLS because
+ * (a) there doesn't seem to be a usecase for it, and
+ * (b) In TLS 1.0, CBC record decryption has state
+ * and we'd need to backup the transform here.
+ */
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
+ {
+ ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+ goto exit;
+ }
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ else
+ {
+ mbedtls_record rec;
+
+ ret = ssl_parse_record_header( ssl, buf, buflen, &rec );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 3, "ssl_parse_record_header", ret );
+ goto exit;
+ }
+
+ if( ssl->transform_in != NULL )
+ {
+ ret = mbedtls_ssl_decrypt_buf( ssl, ssl->transform_in, &rec );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 3, "mbedtls_ssl_decrypt_buf", ret );
+ goto exit;
+ }
+ }
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+exit:
+ /* On success, we have decrypted the buffer in-place, so make
+ * sure we don't leak any plaintext data. */
+ mbedtls_platform_zeroize( buf, buflen );
+
+ /* For the purpose of this API, treat messages with unexpected CID
+ * as well as such from future epochs as unexpected. */
+ if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID ||
+ ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE )
+ {
+ ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) );
+ return( ret );
+}
+
#define SSL_DONT_FORCE_FLUSH 0
#define SSL_FORCE_FLUSH 1
@@ -4960,7 +5024,7 @@
* more than the block size of the underlying cipher. */
transform_expansion += block_size;
- /* For TLS 1.1 or higher, an explicit IV is added
+ /* For TLS 1.2 or higher, an explicit IV is added
* after the record header. */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index e2b2757..8f13a2c 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3148,11 +3148,8 @@
/*
* 2.1: Choose hash algorithm:
- * A: For TLS 1.2, obey signature-hash-algorithm extension
- * to choose appropriate hash.
- * B: For TLS1.0, TLS1.1 and ECDHE_ECDSA, use SHA1
- * (RFC 4492, Sec. 5.4)
- * C: Otherwise, use MD5 + SHA1 (RFC 4346, Sec. 7.4.3)
+ * For TLS 1.2, obey signature-hash-algorithm extension
+ * to choose appropriate hash.
*/
mbedtls_md_type_t md_alg;
@@ -3162,7 +3159,7 @@
mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
- /* A: For TLS 1.2, obey signature-hash-algorithm extension
+ /* For TLS 1.2, obey signature-hash-algorithm extension
* (RFC 5246, Sec. 7.4.1.4.1). */
if( sig_alg == MBEDTLS_PK_NONE ||
( md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs,
@@ -3175,11 +3172,11 @@
}
}
else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
- /* C: MD5 + SHA1 */
- md_alg = MBEDTLS_MD_NONE;
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", (unsigned) md_alg ) );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index edb41ef..e60c072 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -961,7 +961,7 @@
goto end;
}
-#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
{