abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-19 19:33:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update tls12.c

Browse Source
This commit is contained in:
Zhi Guan
2026-06-11 21:19:46 +08:00
parent 60753c73b4
commit 475d29bbd3
1 changed files with 22 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
src/tls12.c
View File

@@ -1428,11 +1428,7 @@ int tls_recv_server_hello(TLS_CONNECT *conn)
size_t extslen; size_t extslen;
const uint8_t *ec_point_formats = NULL; const uint8_t *ec_point_formats = NULL;
size_t ec_point_formats_len; size_t ec_point_formats_len = 0;
const uint8_t *supported_groups = NULL;
size_t supported_groups_len;
const uint8_t *signature_algorithms = NULL;
size_t signature_algorithms_len;
tls_trace("recv ServerHello\n"); tls_trace("recv ServerHello\n");
@@ -1483,12 +1479,11 @@ int tls_recv_server_hello(TLS_CONNECT *conn)
} }
conn->cipher_suite = cipher_suite; conn->cipher_suite = cipher_suite;
if (tls12_cipher_suite_get(conn->cipher_suite, &conn->cipher, &conn->digest) != 1) {
// 初始化digest error_print();
conn->digest = DIGEST_sha256(); tls_send_alert(conn, TLS_alert_internal_error);
return -1;
conn->cipher = BLOCK_CIPHER_aes128(); }
if (digest_init(&conn->dgst_ctx, conn->digest) != 1) { if (digest_init(&conn->dgst_ctx, conn->digest) != 1) {
error_print(); error_print();
@@ -1503,27 +1498,7 @@ int tls_recv_server_hello(TLS_CONNECT *conn)
if (tls_ext_from_bytes(&ext_type, &ext_data, &ext_datalen, &exts, &extslen) != 1) { if (tls_ext_from_bytes(&ext_type, &ext_data, &ext_datalen, &exts, &extslen) != 1) {
error_print(); error_print();
tls13_send_alert(conn, TLS_alert_decode_error); tls_send_alert(conn, TLS_alert_decode_error);
return -1;
}
// extensions in ServerHello
// * ec_point_formats
// * supported_groups
// * signature_algorithms
switch (ext_type) {
case TLS_extension_ec_point_formats:
case TLS_extension_supported_groups:
case TLS_extension_signature_algorithms:
if (!ext_data) {
error_print();
tls13_send_alert(conn, TLS_alert_illegal_parameter);
return -1;
}
break;
default:
error_print();
return -1; return -1;
} }
@@ -1531,49 +1506,31 @@ int tls_recv_server_hello(TLS_CONNECT *conn)
case TLS_extension_ec_point_formats: case TLS_extension_ec_point_formats:
if (ec_point_formats) { if (ec_point_formats) {
error_print(); error_print();
tls13_send_alert(conn, TLS_alert_illegal_parameter); tls_send_alert(conn, TLS_alert_illegal_parameter);
return -1; return -1;
} }
ec_point_formats = ext_data; ec_point_formats = ext_data;
ec_point_formats_len = ext_datalen; ec_point_formats_len = ext_datalen;
break; break;
default:
case TLS_extension_supported_groups: error_print();
if (supported_groups) { tls_send_alert(conn, TLS_alert_illegal_parameter);
error_print(); return -1;
tls13_send_alert(conn, TLS_alert_illegal_parameter);
return -1;
}
supported_groups = ext_data;
supported_groups_len = ext_datalen;
break;
case TLS_extension_signature_algorithms:
if (signature_algorithms) {
error_print();
tls13_send_alert(conn, TLS_alert_illegal_parameter);
return -1;
}
signature_algorithms = ext_data;
signature_algorithms_len = ext_datalen;
break;
} }
} }
if (!ec_point_formats) { if (ec_point_formats) {
error_print(); if ((ret = tls_ec_point_formats_support_uncompressed(ec_point_formats, ec_point_formats_len)) < 0) {
tls13_send_alert(conn, TLS_alert_missing_extension); error_print();
return -1; tls_send_alert(conn, TLS_alert_decode_error);
return -1;
} else if (ret == 0) {
error_print();
tls_send_alert(conn, TLS_alert_illegal_parameter);
return -1;
}
} }
if (supported_groups) {
}
if (signature_algorithms) {
}
if (digest_update(&conn->dgst_ctx, conn->plain_record + 5, conn->plain_recordlen - 5) != 1) { if (digest_update(&conn->dgst_ctx, conn->plain_record + 5, conn->plain_recordlen - 5) != 1) {
error_print(); error_print();
return -1; return -1;