diff options
Diffstat (limited to 'extra/yassl/src')
| -rw-r--r-- | extra/yassl/src/yassl_imp.cpp | 29 | ||||
| -rw-r--r-- | extra/yassl/src/yassl_int.cpp | 76 |
2 files changed, 99 insertions, 6 deletions
diff --git a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp index 25e00d45d2b..5d5632f3ba4 100644 --- a/extra/yassl/src/yassl_imp.cpp +++ b/extra/yassl/src/yassl_imp.cpp @@ -242,6 +242,7 @@ void EncryptedPreMasterSecret::read(SSL& ssl, input_buffer& input) } opaque preMasterSecret[SECRET_LEN]; + memset(preMasterSecret, 0, sizeof(preMasterSecret)); rsa.decrypt(preMasterSecret, secret_, length_, ssl.getCrypto().get_random()); @@ -300,6 +301,11 @@ void ClientDiffieHellmanPublic::read(SSL& ssl, input_buffer& input) tmp[1] = input[AUTO]; ato16(tmp, keyLength); + if (keyLength < dh.get_agreedKeyLength()/2) { + ssl.SetError(bad_input); + return; + } + alloc(keyLength); input.read(Yc_, keyLength); if (input.get_error()) { @@ -408,6 +414,10 @@ void DH_Server::read(SSL& ssl, input_buffer& input) tmp[1] = input[AUTO]; ato16(tmp, length); + if (length == 0) { + ssl.SetError(bad_input); + return; + } signature_ = NEW_YS byte[length]; input.read(signature_, length); if (input.get_error()) { @@ -864,6 +874,12 @@ void ChangeCipherSpec::Process(input_buffer& input, SSL& ssl) return; } + // detect duplicate change_cipher + if (ssl.getSecurity().get_parms().pending_ == false) { + ssl.order_error(); + return; + } + ssl.useSecurity().use_parms().pending_ = false; if (ssl.getSecurity().get_resuming()) { if (ssl.getSecurity().get_parms().entity_ == client_end) @@ -2047,12 +2063,8 @@ input_buffer& operator>>(input_buffer& input, CertificateRequest& request) tmp[0] = input[AUTO]; tmp[1] = input[AUTO]; ato16(tmp, dnSz); - - DistinguishedName dn; - request.certificate_authorities_.push_back(dn = NEW_YS - byte[REQUEST_HEADER + dnSz]); - memcpy(dn, tmp, REQUEST_HEADER); - input.read(&dn[REQUEST_HEADER], dnSz); + + input.set_current(input.get_current() + dnSz); sz -= dnSz + REQUEST_HEADER; @@ -2191,6 +2203,11 @@ input_buffer& operator>>(input_buffer& input, CertificateVerify& request) ato16(tmp, sz); request.set_length(sz); + if (sz == 0) { + input.set_error(); + return input; + } + request.signature_ = NEW_YS byte[sz]; input.read(request.signature_, sz); diff --git a/extra/yassl/src/yassl_int.cpp b/extra/yassl/src/yassl_int.cpp index cbda9f97d83..8dad9ce052c 100644 --- a/extra/yassl/src/yassl_int.cpp +++ b/extra/yassl/src/yassl_int.cpp @@ -255,6 +255,77 @@ void States::SetError(YasslError ye) } +// mark message recvd, check for duplicates, return 0 on success +int States::SetMessageRecvd(HandShakeType hst) +{ + switch (hst) { + case hello_request: + break; // could send more than one + + case client_hello: + if (recvdMessages_.gotClientHello_) + return -1; + recvdMessages_.gotClientHello_ = 1; + break; + + case server_hello: + if (recvdMessages_.gotServerHello_) + return -1; + recvdMessages_.gotServerHello_ = 1; + break; + + case certificate: + if (recvdMessages_.gotCert_) + return -1; + recvdMessages_.gotCert_ = 1; + break; + + case server_key_exchange: + if (recvdMessages_.gotServerKeyExchange_) + return -1; + recvdMessages_.gotServerKeyExchange_ = 1; + break; + + case certificate_request: + if (recvdMessages_.gotCertRequest_) + return -1; + recvdMessages_.gotCertRequest_ = 1; + break; + + case server_hello_done: + if (recvdMessages_.gotServerHelloDone_) + return -1; + recvdMessages_.gotServerHelloDone_ = 1; + break; + + case certificate_verify: + if (recvdMessages_.gotCertVerify_) + return -1; + recvdMessages_.gotCertVerify_ = 1; + break; + + case client_key_exchange: + if (recvdMessages_.gotClientKeyExchange_) + return -1; + recvdMessages_.gotClientKeyExchange_ = 1; + break; + + case finished: + if (recvdMessages_.gotFinished_) + return -1; + recvdMessages_.gotFinished_ = 1; + break; + + + default: + return -1; + + } + + return 0; +} + + sslFactory::sslFactory() : messageFactory_(InitMessageFactory), handShakeFactory_(InitHandShakeFactory), @@ -1199,6 +1270,11 @@ void SSL::verifyState(const HandShakeHeader& hsHeader) return; } + if (states_.SetMessageRecvd(hsHeader.get_handshakeType()) != 0) { + order_error(); + return; + } + if (secure_.get_parms().entity_ == client_end) verifyClientState(hsHeader.get_handshakeType()); else |