diff options
Diffstat (limited to 'nss/lib/ssl/tls13con.c')
-rw-r--r-- | nss/lib/ssl/tls13con.c | 76 |
1 files changed, 40 insertions, 36 deletions
diff --git a/nss/lib/ssl/tls13con.c b/nss/lib/ssl/tls13con.c index 2a3b899..d7dda94 100644 --- a/nss/lib/ssl/tls13con.c +++ b/nss/lib/ssl/tls13con.c @@ -3580,11 +3580,11 @@ static SECStatus tls13_SendCompressedCertificate(sslSocket *ss, sslBuffer *bufferCertificate) { /* TLS Certificate Compression. RFC 8879 */ - /* As the encoding function takes as input a SECItem, + /* As the encoding function takes as input a SECItem, * we convert bufferCertificate to certificateToEncode. * - * encodedCertificate is used to store the certificate - * after encoding. + * encodedCertificate is used to store the certificate + * after encoding. */ SECItem encodedCertificate = { siBuffer, NULL, 0 }; SECItem certificateToEncode = { siBuffer, NULL, 0 }; @@ -3618,12 +3618,12 @@ tls13_SendCompressedCertificate(sslSocket *ss, sslBuffer *bufferCertificate) } /* The CompressedCertificate message is formed as follows: - * struct { - * CertificateCompressionAlgorithm algorithm; - * uint24 uncompressed_length; - * opaque compressed_certificate_message<1..2^24-1>; - * } CompressedCertificate; - */ + * struct { + * CertificateCompressionAlgorithm algorithm; + * uint24 uncompressed_length; + * opaque compressed_certificate_message<1..2^24-1>; + * } CompressedCertificate; + */ if (encodedCertificate.len < 1) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); @@ -3764,7 +3764,7 @@ tls13_SendCertificate(sslSocket *ss) } } - /* If no compression mechanism was established or + /* If no compression mechanism was established or * the compression mechanism supports only decoding, * we continue as before. */ if (ss->xtnData.compressionAlg == 0 || !tls13_FindCompressionAlgAndCheckIfSupportsEncoding(ss)) { @@ -3921,7 +3921,8 @@ tls13_HandleCertificateDecode(sslSocket *ss, PRUint8 *b, PRUint32 length) } PRBool compressionAlgorithmIsSupported = PR_FALSE; - SECStatus (*certificateDecodingFunc)(const SECItem *, SECItem *, size_t) = NULL; + SECStatus (*certificateDecodingFunc)(const SECItem *, + unsigned char *output, size_t outputLen, size_t *usedLen) = NULL; for (int i = 0; i < ss->ssl3.supportedCertCompressionAlgorithmsCount; i++) { if (ss->ssl3.supportedCertCompressionAlgorithms[i].id == compressionAlg) { compressionAlgorithmIsSupported = PR_TRUE; @@ -3946,16 +3947,16 @@ tls13_HandleCertificateDecode(sslSocket *ss, PRUint8 *b, PRUint32 length) SSL_TRC(30, ("%d: TLS13[%d]: %s is decoding the certificate using the %s compression algorithm", SSL_GETPID(), ss->fd, SSL_ROLE(ss), ssl3_mapCertificateCompressionAlgorithmToName(ss, compressionAlg))); - PRUint32 decodedCertificateLen = 0; - rv = ssl3_ConsumeHandshakeNumber(ss, &decodedCertificateLen, 3, &b, &length); + PRUint32 decodedCertLen = 0; + rv = ssl3_ConsumeHandshakeNumber(ss, &decodedCertLen, 3, &b, &length); if (rv != SECSuccess) { return SECFailure; /* alert has been sent */ } /* If the received CompressedCertificate message cannot be decompressed, - * he connection MUST be terminated with the "bad_certificate" alert. + * he connection MUST be terminated with the "bad_certificate" alert. */ - if (decodedCertificateLen == 0) { + if (decodedCertLen == 0) { SSL_TRC(50, ("%d: TLS13[%d]: %s decoded certificate length is incorrect", SSL_GETPID(), ss->fd, SSL_ROLE(ss), ssl3_mapCertificateCompressionAlgorithmToName(ss, compressionAlg))); @@ -3964,25 +3965,28 @@ tls13_HandleCertificateDecode(sslSocket *ss, PRUint8 *b, PRUint32 length) } /* opaque compressed_certificate_message<1..2^24-1>; */ - PRUint32 compressedCertificateMessageLen = 0; - rv = ssl3_ConsumeHandshakeNumber(ss, &compressedCertificateMessageLen, 3, &b, &length); + PRUint32 compressedCertLen = 0; + rv = ssl3_ConsumeHandshakeNumber(ss, &compressedCertLen, 3, &b, &length); if (rv != SECSuccess) { return SECFailure; /* alert has been sent */ } - if (compressedCertificateMessageLen == 0 || compressedCertificateMessageLen != length) { + if (compressedCertLen == 0 || compressedCertLen != length) { FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CERTIFICATE, bad_certificate); return SECFailure; } /* Decoding received certificate. */ - SECItem decodedCertificate = { siBuffer, NULL, 0 }; + PRUint8 *decodedCert = PORT_ZAlloc(decodedCertLen); + if (!decodedCert) { + return SECFailure; + } - SECItem encodedCertAsSecItem; - SECITEM_MakeItem(NULL, &encodedCertAsSecItem, b, compressedCertificateMessageLen); + size_t actualCertLen = 0; - rv = certificateDecodingFunc(&encodedCertAsSecItem, &decodedCertificate, decodedCertificateLen); - SECITEM_FreeItem(&encodedCertAsSecItem, PR_FALSE); + SECItem encodedCertAsSecItem = { siBuffer, b, compressedCertLen }; + rv = certificateDecodingFunc(&encodedCertAsSecItem, + decodedCert, decodedCertLen, &actualCertLen); if (rv != SECSuccess) { SSL_TRC(50, ("%d: TLS13[%d]: %s decoding of the certificate has failed", @@ -3991,15 +3995,15 @@ tls13_HandleCertificateDecode(sslSocket *ss, PRUint8 *b, PRUint32 length) FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CERTIFICATE, bad_certificate); goto loser; } - PRINT_BUF(60, (ss, "consume bytes:", b, compressedCertificateMessageLen)); - *b += compressedCertificateMessageLen; - length -= compressedCertificateMessageLen; + PRINT_BUF(60, (ss, "consume bytes:", b, compressedCertLen)); + *b += compressedCertLen; + length -= compressedCertLen; - /* If, after decompression, the specified length does not match the actual length, - * the party receiving the invalid message MUST abort the connection - * with the "bad_certificate" alert. + /* If, after decompression, the specified length does not match the actual length, + * the party receiving the invalid message MUST abort the connection + * with the "bad_certificate" alert. */ - if (decodedCertificateLen != decodedCertificate.len) { + if (actualCertLen != decodedCertLen) { SSL_TRC(50, ("%d: TLS13[%d]: %s certificate length does not correspond to extension length", SSL_GETPID(), ss->fd, SSL_ROLE(ss), ssl3_mapCertificateCompressionAlgorithmToName(ss, compressionAlg))); @@ -4008,7 +4012,7 @@ tls13_HandleCertificateDecode(sslSocket *ss, PRUint8 *b, PRUint32 length) } PRINT_BUF(50, (NULL, "Decoded certificate", - decodedCertificate.data, decodedCertificate.len)); + decodedCert, decodedCertLen)); /* compressed_certificate_message: The result of applying the indicated * compression algorithm to the encoded Certificate message that @@ -4019,19 +4023,19 @@ tls13_HandleCertificateDecode(sslSocket *ss, PRUint8 *b, PRUint32 length) * the verification have the same security properties as they would have * in TLS normally. */ - rv = tls13_HandleCertificate(ss, decodedCertificate.data, decodedCertificate.len, PR_TRUE); + rv = tls13_HandleCertificate(ss, decodedCert, decodedCertLen, PR_TRUE); if (rv != SECSuccess) { goto loser; } - /* We allow only one compressed certificate to be handled after each - certificate compression advertisement. + /* We allow only one compressed certificate to be handled after each + certificate compression advertisement. See test CertificateCompression_TwoEncodedCertificateRequests. */ ss->xtnData.certificateCompressionAdvertised = PR_FALSE; - SECITEM_FreeItem(&decodedCertificate, PR_FALSE); + PORT_Free(decodedCert); return SECSuccess; loser: - SECITEM_FreeItem(&decodedCertificate, PR_FALSE); + PORT_Free(decodedCert); return SECFailure; } |