TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 98801af26b9bf8e543e93bd279439ba58977c1c1^! / . / library / ssl_cli.c
commit98801af26b9bf8e543e93bd279439ba58977c1c1[log] [tgz]
authorJarno Lamsa <jarno.lamsa@arm.com>Tue Dec 17 15:57:41 2019 +0200
committerJarno Lamsa <jarno.lamsa@arm.com>Thu Dec 19 09:02:02 2019 +0200
tree1776a94e42648dcda690585b069cbb1f839fb2bc
parentb57d7fd568da2bd241ce0d08b8a88e82e4d81d94 [diff] [blame]
Protect setting of hello_random flag

The handshake flag tells when the handshake hello.random
is set and can be used later to decide if we have the correct
keys.

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index a1d2e19..6b95cfa 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -687,7 +687,7 @@
 #if defined(MBEDTLS_HAVE_TIME)
     mbedtls_time_t t;
 #endif
-
+    ssl->handshake->hello_random_set = MBEDTLS_SSL_FI_FLAG_UNSET;
     /*
      * When responding to a verify request, MUST reuse random (RFC 6347 4.2.1)
      */
@@ -713,13 +713,19 @@
     p += 4;
 #endif /* MBEDTLS_HAVE_TIME */
 
-    if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf )
-          ( mbedtls_ssl_conf_get_prng( ssl->conf ), p, 28 ) ) != 0 )
+    ret = mbedtls_ssl_conf_get_frng( ssl->conf )
+            ( mbedtls_ssl_conf_get_prng( ssl->conf ), p, 28 );
+    if( ret == 0 )
     {
-        return( ret );
+        mbedtls_platform_enforce_volatile_reads();
+        if( ret == 0 )
+        {
+            ssl->handshake->hello_random_set = MBEDTLS_SSL_FI_FLAG_SET;
+            return( 0 );
+        }
     }
 
-    return( 0 );
+    return( ret );
 }
 
 /**
@@ -1719,8 +1725,15 @@
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu",
         (unsigned long)mbedtls_platform_get_uint32_be( &buf[2] ) ) );
 
+    ssl->handshake->hello_random_set = MBEDTLS_SSL_FI_FLAG_UNSET;
+
     mbedtls_platform_memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
 
+    if( mbedtls_platform_memcmp( ssl->handshake->randbytes + 32, buf + 2, 32 ) == 0 )
+    {
+        ssl->handshake->hello_random_set = MBEDTLS_SSL_FI_FLAG_SET;
+    }
+
     n = buf[34];
 
     MBEDTLS_SSL_DEBUG_BUF( 3,   "server hello, random bytes", buf + 2, 32 );