commit 10a6f02f8371f3d137b3648b56cf48bbf94b3345
author Simon Butcher <simon.butcher@arm.com> Mon Jul 27 13:45:40 2015 +0100
committer Simon Butcher <simon.butcher@arm.com> Mon Jul 27 13:45:40 2015 +0100
tree 70e8a042bca6bbaee8a3fde3737669e92f95b2be
parent 4cc8c632265414a97b5a4f5382702b0e849ef4de
parent 52a5079cf243c029e480a0d7debc80c790a14495

Merge branch 'development' into IOTSSL-442-hello-noext

Conflicts:
	ChangeLog

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index fcd30ec..70adb47 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,8 @@
    * Fix segfault in the benchmark program when benchmarking DHM.
    * Fix build error with CMake and pre-4.5 versions of GCC (found by Hugo
      Leisink).
+   * Fix bug when parsing a ServerHello without extensions (found by David
+     Sears).
    * Fix bug in CMake lists that caused libmbedcrypto.a not to be installed
      (found by Benoit Lecocq).
    * Fix bug in Makefile that caused libmbedcrypto and libmbedx509 not to be

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 1d683d3..b09a7ab 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1269,7 +1269,7 @@
         return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
     }
 
-    if( ssl->in_hslen > 39 + n )
+    if( ssl->in_hslen > mbedtls_ssl_hs_hdr_len( ssl ) + 39 + n )
     {
         ext_len = ( ( buf[38 + n] <<  8 )
                   | ( buf[39 + n]       ) );
@@ -1281,7 +1281,7 @@
             return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
         }
     }
-    else if( ssl->in_hslen == 38 + n )
+    else if( ssl->in_hslen == mbedtls_ssl_hs_hdr_len( ssl ) + 38 + n )
     {
         ext_len = 0;
     }

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index e69091c..34c1565 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1480,8 +1480,6 @@
             msg_len != ext_offset + 2 + ext_len )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-            MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions",
-                              buf + ext_offset + 2, ext_len );
             return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
         }
     }
@@ -1489,6 +1487,7 @@
         ext_len = 0;
 
     ext = buf + ext_offset + 2;
+    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len );
 
     while( ext_len != 0 )
     {

tests/ssl-opt.sh

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index d3b7b3f..c07c8ca 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2488,6 +2488,14 @@
             0 \
             -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256"
 
+# Test for ClientHello without extensions
+
+run_test    "CLientHello without extensions" \
+            "$P_SRV debug_level=3" \
+            "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION" \
+            0 \
+            -s "dumping 'client hello extensions' (0 bytes)"
+
 # Tests for mbedtls_ssl_get_bytes_avail()
 
 run_test    "mbedtls_ssl_get_bytes_avail: no extra data" \