Update mbedtls_ssl_handshake_free()
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 049195e..60c68d4 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -267,7 +267,7 @@
/* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */
#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
#define MBEDTLS_RECEIVED_SIG_ALGS_SIZE 20
#endif
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5e8b60b..91767fb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5579,7 +5579,14 @@
mbedtls_free( (void*) handshake->sig_algs );
handshake->sig_algs = NULL;
#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ if( ssl->handshake->certificate_request_context )
+ {
+ mbedtls_free( (void*) handshake->certificate_request_context );
+ }
+ handshake->certificate_request_context = NULL;
+ handshake->certificate_request_context_len = 0;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index b3272c9..8751787 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1473,7 +1473,7 @@
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
handshake->certificate_request_context =
- mbedtls_calloc( 1, certificate_request_context_len);
+ mbedtls_calloc( 1, certificate_request_context_len );
if( handshake->certificate_request_context == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
@@ -1523,7 +1523,11 @@
{
MBEDTLS_SSL_DEBUG_MSG( 3,
( "Duplicate signature algorithms extensions found" ) );
- goto error;
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+ MBEDTLS_ERR_SSL_DECODE_ERROR );
+ mbedtls_ssl_handshake_free( ssl );
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
break;
@@ -1541,24 +1545,27 @@
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "Signature algorithms extension length misaligned" ) );
- goto error;
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+ MBEDTLS_ERR_SSL_DECODE_ERROR );
+ mbedtls_ssl_handshake_free( ssl );
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
/* Check that we found signature algorithms extension */
if( ! sig_alg_ext_found )
{
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "no signature algorithms extension found" ) );
- goto error;
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "no signature algorithms extension found" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "Signature algorithms extension length misaligned" ) );
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+ MBEDTLS_ERR_SSL_DECODE_ERROR );
+ mbedtls_ssl_handshake_free( ssl );
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+
}
ssl->client_auth = 1;
return( 0 );
-
-error:
- MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
- MBEDTLS_ERR_SSL_DECODE_ERROR );
- mbedtls_free( ssl->handshake->certificate_request_context );
- return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
/*