Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / 864a81fdc0e66ea037c3ecb7b5df51345cb12bdb^! / .
commit864a81fdc0e66ea037c3ecb7b5df51345cb12bdb[log] [tgz]
authorManuel Pégourié-Gonnard <mpg@elzevir.fr>Mon Feb 10 14:25:10 2014 +0100
committerPaul Bakker <p.j.bakker@polarssl.org>Tue Oct 21 16:30:04 2014 +0200
treea4ee826515d2bfbd82bdb6d4dbe4ea749e81edb9
parentb21ca2a69f1cc2dce0305c5dc8885fb9e5f5d3b1 [diff]
More ssl_set_XXX() functions can return BAD_INPUT

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 09bc907..e68714a 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h

@@ -959,11 +959,12 @@
  * \param transport transport type:
  *                  SSL_TRANSPORT_STREAM for TLS,
  *                  SSL_TRANSPORT_DATAGRAM for DTLS.
+ * \return         0 on success or POLARSSL_ERR_SSL_BAD_INPUT_DATA
  *
  * \note            If DTLS is selected and max and/or min version are less
  *                  than TLS 1.1 (DTLS 1.0) they are upped to that value.
  */
-void ssl_set_transport( ssl_context *ssl, int transport );
+int ssl_set_transport( ssl_context *ssl, int transport );
 
 /**
  * \brief          Set the certificate verification mode
@@ -1377,38 +1378,35 @@
  *                 (Default: SSL_MAX_MAJOR_VERSION, SSL_MAX_MINOR_VERSION)
  *
  *                 Note: This ignores ciphersuites from 'higher' versions.
- *                 Note: Input outside of the SSL_MAX_XXXXX_VERSION and
- *                       SSL_MIN_XXXXX_VERSION range is ignored.
  *
  * \param ssl      SSL context
  * \param major    Major version number (only SSL_MAJOR_VERSION_3 supported)
  * \param minor    Minor version number (SSL_MINOR_VERSION_0,
  *                 SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
  *                 SSL_MINOR_VERSION_3 supported)
+ * \return         0 on success or POLARSSL_ERR_SSL_BAD_INPUT_DATA
  *
  * \note           With DTLS, use SSL_MINOR_VERSION_2 for DTLS 1.0 and
  *                 SSL_MINOR_VERSION_3 for DTLS 1.2
  */
-void ssl_set_max_version( ssl_context *ssl, int major, int minor );
+int ssl_set_max_version( ssl_context *ssl, int major, int minor );
 
 
 /**
  * \brief          Set the minimum accepted SSL/TLS protocol version
  *                 (Default: SSL_MIN_MAJOR_VERSION, SSL_MIN_MINOR_VERSION)
  *
- *                 Note: Input outside of the SSL_MAX_XXXXX_VERSION and
- *                       SSL_MIN_XXXXX_VERSION range is ignored.
- *
  * \param ssl      SSL context
  * \param major    Major version number (only SSL_MAJOR_VERSION_3 supported)
  * \param minor    Minor version number (SSL_MINOR_VERSION_0,
  *                 SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
  *                 SSL_MINOR_VERSION_3 supported)
+ * \return         0 on success or POLARSSL_ERR_SSL_BAD_INPUT_DATA
  *
  * \note           With DTLS, use SSL_MINOR_VERSION_2 for DTLS 1.0 and
  *                 SSL_MINOR_VERSION_3 for DTLS 1.2
  */
-void ssl_set_min_version( ssl_context *ssl, int major, int minor );
+int ssl_set_min_version( ssl_context *ssl, int major, int minor );
 
 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
 /**

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 13b7115..8d1b3b3 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -3597,16 +3597,31 @@
 #endif
 }
 
-void ssl_set_transport( ssl_context *ssl, int transport )
+int ssl_set_transport( ssl_context *ssl, int transport )
 {
-    ssl->transport = transport;
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+    if( transport == SSL_TRANSPORT_DATAGRAM )
+    {
+        ssl->transport = transport;
 
-    /* DTLS starts with TLS1.1 */
-    if( ssl->min_minor_ver < SSL_MINOR_VERSION_2 )
-        ssl->min_minor_ver = SSL_MINOR_VERSION_2;
+        /* DTLS starts with TLS1.1 */
+        if( ssl->min_minor_ver < SSL_MINOR_VERSION_2 )
+            ssl->min_minor_ver = SSL_MINOR_VERSION_2;
 
-    if( ssl->max_minor_ver < SSL_MINOR_VERSION_2 )
-        ssl->max_minor_ver = SSL_MINOR_VERSION_2;
+        if( ssl->max_minor_ver < SSL_MINOR_VERSION_2 )
+            ssl->max_minor_ver = SSL_MINOR_VERSION_2;
+
+        return( 0 );
+    }
+#endif
+
+    if( transport == SSL_TRANSPORT_STREAM )
+    {
+        ssl->transport = transport;
+        return( 0 );
+    }
+
+    return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
 }
 
 void ssl_set_authmode( ssl_context *ssl, int authmode )
@@ -3969,32 +3984,39 @@
 }
 #endif /* POLARSSL_SSL_ALPN */
 
-void ssl_set_max_version( ssl_context *ssl, int major, int minor )
+static int ssl_check_version( const ssl_context *ssl, int major, int minor )
 {
     if( major < SSL_MIN_MAJOR_VERSION || major > SSL_MAX_MAJOR_VERSION ||
         minor < SSL_MIN_MINOR_VERSION || minor > SSL_MAX_MINOR_VERSION ||
         ( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
           minor < SSL_MINOR_VERSION_2 ) )
     {
-        return;
+        return( -1 );
     }
 
+    return( 0 );
+}
+
+int ssl_set_max_version( ssl_context *ssl, int major, int minor )
+{
+    if( ssl_check_version( ssl, major, minor ) != 0 )
+        return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
     ssl->max_major_ver = major;
     ssl->max_minor_ver = minor;
+
+    return( 0 );
 }
 
-void ssl_set_min_version( ssl_context *ssl, int major, int minor )
+int ssl_set_min_version( ssl_context *ssl, int major, int minor )
 {
-    if( major < SSL_MIN_MAJOR_VERSION || major > SSL_MAX_MAJOR_VERSION ||
-        minor < SSL_MIN_MINOR_VERSION || minor > SSL_MAX_MINOR_VERSION ||
-        ( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
-          minor < SSL_MINOR_VERSION_2 ) )
-    {
-        return;
-    }
+    if( ssl_check_version( ssl, major, minor ) != 0 )
+        return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
 
     ssl->min_major_ver = major;
     ssl->min_minor_ver = minor;
+
+    return( 0 );
 }
 
 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index d99806d..63c8e38 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c

@@ -876,9 +876,14 @@
 #endif
 
     ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
-    ssl_set_transport( &ssl, opt.transport );
     ssl_set_authmode( &ssl, opt.auth_mode );
 
+    if( ( ret = ssl_set_transport( &ssl, opt.transport ) ) != 0 )
+    {
+        printf( "selected transport is not available\n" );
+        goto exit;
+    }
+
 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
     if( ( ret = ssl_set_max_frag_len( &ssl, opt.mfl_code ) ) != 0 )
     {
@@ -963,9 +968,24 @@
 #endif
 
     if( opt.min_version != -1 )
-        ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
+    {
+        ret = ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
+        if( ret != 0 )
+        {
+            printf( " selected min_version is not available\n" );
+            goto exit;
+        }
+    }
+
     if( opt.max_version != -1 )
-        ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
+    {
+        ret = ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
+        if( ret != 0 )
+        {
+            printf( " selected max_version is not available\n" );
+            goto exit;
+        }
+    }
 
     /*
      * 4. Handshake

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 707731a..36feb6f 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c

@@ -1261,9 +1261,14 @@
     }
 
     ssl_set_endpoint( &ssl, SSL_IS_SERVER );
-    ssl_set_transport( &ssl, opt.transport );
     ssl_set_authmode( &ssl, opt.auth_mode );
 
+    if( ( ret = ssl_set_transport( &ssl, opt.transport ) ) != 0 )
+    {
+        printf( "selected transport is not available\n" );
+        goto exit;
+    }
+
 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
     if( ( ret = ssl_set_max_frag_len( &ssl, opt.mfl_code ) ) != 0 )
     {
@@ -1392,10 +1397,24 @@
 #endif
 
     if( opt.min_version != -1 )
-        ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
+    {
+        ret = ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
+        if( ret != 0 )
+        {
+            printf( " selected min_version is not available\n" );
+            goto exit;
+        }
+    }
 
     if( opt.max_version != -1 )
-        ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
+    {
+        ret = ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
+        if( ret != 0 )
+        {
+            printf( " selected max_version is not available\n" );
+            goto exit;
+        }
+    }
 
     printf( " ok\n" );