X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=src%2Fssl%2Fssl_hs_common.t0;h=05b1797c18fd906516ebfb0b331d46b7fad667f5;hp=28a40326590e6a81568db5a92e6edf3ef5d79837;hb=968da0f646a43c69a2517a240c9963ff513981b3;hpb=05ac106834fa8889cf55ee462fe4108d4712040a

diff --git a/src/ssl/ssl_hs_common.t0 b/src/ssl/ssl_hs_common.t0
index 28a4032..05b1797 100644
--- a/src/ssl/ssl_hs_common.t0
+++ b/src/ssl/ssl_hs_common.t0
@@ -275,7 +275,9 @@ cc: flush-record ( -- ) {
 	addr-action get8 dup if
 		case
 			1 of 0 do-close endof
-			2 of addr-application_data get8 if 0x10 or then endof
+			2 of addr-application_data get8 1 = if
+				0x10 or
+			then endof
 		endcase
 	else
 		drop
@@ -330,13 +332,18 @@ cc: flush-record ( -- ) {
 \ -- If 'cnr' is zero, then incoming data is discarded until a close_notify
 \    is received.
 \ -- At the end, the context is terminated.
+\
+\ cnr shall be either 0 or -1.
 : do-close ( cnr -- ! )
 	\ 'cnr' is set to non-zero when a close_notify is received from
 	\ the peer.
 	{ cnr }
 
-	\ Get out of application data state.
-	0 addr-application_data set8
+	\ Get out of application data state. If we were accepting
+	\ application data (flag is 1), and we still expect a close_notify
+	\ from the peer (cnr is 0), then we should set the flag to 2.
+	\ In all other cases, flag should be set to 0.
+	addr-application_data get8 cnr not and 1 << addr-application_data set8
 
 	\ Flush existing payload if any.
 	flush-record
@@ -369,6 +376,10 @@ cc: flush-record ( -- ) {
 		has-input? if
 			addr-record_type_in get8 21 = if
 				drop process-alerts
+				\ If we received a close_notify then we
+				\ no longer accept incoming application
+				\ data records.
+				0 addr-application_data set8
 			else
 				discard-input
 			then
@@ -469,7 +480,7 @@ cc: read-chunk-native ( addr len -- addr len ) {
 			\ no_renegotiation has value 100, and we treat it
 			\ as a fatal alert.
 			dup 100 = if 256 + fail then
-			0= ret
+			0=
 		endof
 		\ Fatal alert implies context termination.
 		drop 256 + fail
@@ -1062,13 +1073,22 @@ cc: compute-Finished-inner ( from_client prf_id -- ) {
 	read16 open-elt
 	begin dup while
 		read8 { hash } read8 { sign }
-		\ We keep the value if the signature is either 1 (RSA)
-		\ or 3 (ECDSA), and the hash is one of the SHA-* functions
-		\ (2 to 6, from SHA-1 to SHA-512); we reject MD5.
-		hash 2 >= hash 6 <= and
-		sign 1 = sign 3 = or
-		and if
-			hashes 1 sign 1- 2 << hash + << or >hashes
+
+		\ If hash is 0x08 then this is a "new algorithm" identifier,
+		\ and we set the corresponding bit if it is in the 0..15
+		\ range. Otherwise, we keep the value only if the signature
+		\ is either 1 (RSA) or 3 (ECDSA), and the hash is one of the
+		\ SHA-* functions (2 to 6). Note that we reject MD5.
+		hash 8 = if
+			sign 15 <= if
+				1 sign 16 + << hashes or >hashes
+			then
+		else
+			hash 2 >= hash 6 <= and
+			sign 1 = sign 3 = or
+			and if
+				hashes 1 sign 1- 2 << hash + << or >hashes
+			then
 		then
 	repeat
 	close-elt