mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-27 06:35:22 +00:00
Add MBEDTLS_SSL_SESSION_TICKETS guard to server name check
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
This commit is contained in:
Xiaokang Qian
parent
d7adc374d3
commit
03409290d2
@ -1182,6 +1182,7 @@ struct mbedtls_ssl_session
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
uint8_t MBEDTLS_PRIVATE(endpoint); /*!< 0: client, 1: server */
|
||||
uint8_t MBEDTLS_PRIVATE(ticket_flags); /*!< Ticket flags */
|
||||
uint32_t MBEDTLS_PRIVATE(ticket_age_add); /*!< Randomly generated value used to obscure the age of the ticket */
|
||||
uint8_t MBEDTLS_PRIVATE(resumption_key_len); /*!< resumption_key length */
|
||||
@ -1200,10 +1201,10 @@ struct mbedtls_ssl_session
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
mbedtls_ssl_tls13_application_secrets MBEDTLS_PRIVATE(app_secrets);
|
||||
|
||||
uint8_t MBEDTLS_PRIVATE(endpoint); /*!< 0: client, 1: server */
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
|
||||
defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
char *MBEDTLS_PRIVATE(hostname); /*!< host name binded with tickets */
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_SESSION_TICKETS */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
};
|
||||
|
||||
|
||||
@ -872,6 +872,7 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
defined(MBEDTLS_SSL_SESSION_TICKETS) && \
|
||||
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
|
||||
ssl->handshake->resume )
|
||||
@ -885,14 +886,18 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
|
||||
if( hostname_mismatch )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||
( "hostname mismatch the session ticket, should not resume " ) );
|
||||
( "hostname mismatch the session ticket,"
|
||||
" should not resume " ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
}
|
||||
}
|
||||
else
|
||||
mbedtls_ssl_session_set_hostname( ssl->session_negotiate,
|
||||
ssl->hostname );
|
||||
{
|
||||
return mbedtls_ssl_session_set_hostname( ssl->session_negotiate,
|
||||
ssl->hostname );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 &&
|
||||
MBEDTLS_SSL_SESSION_TICKETS &&
|
||||
MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
|
||||
return( 0 );
|
||||
|
||||
@ -2495,7 +2495,9 @@ int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext(
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
defined(MBEDTLS_SSL_SESSION_TICKETS) && \
|
||||
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_session_set_hostname( mbedtls_ssl_session *session,
|
||||
const char *hostname );
|
||||
#endif
|
||||
|
||||
@ -298,13 +298,14 @@ int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
defined(MBEDTLS_SSL_SESSION_TICKETS) && \
|
||||
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
|
||||
defined(MBEDTLS_SSL_CLI_C)
|
||||
if( src->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
||||
{
|
||||
dst->hostname = NULL;
|
||||
mbedtls_ssl_session_set_hostname( dst,
|
||||
src->hostname );
|
||||
return mbedtls_ssl_session_set_hostname( dst,
|
||||
src->hostname );
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -1973,6 +1974,7 @@ static int ssl_tls13_session_save( const mbedtls_ssl_session *session,
|
||||
{
|
||||
unsigned char *p = buf;
|
||||
#if defined(MBEDTLS_SSL_CLI_C) && \
|
||||
defined(MBEDTLS_SSL_SESSION_TICKETS) && \
|
||||
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
size_t hostname_len = ( session->hostname == NULL ) ?
|
||||
0 : strlen( session->hostname );
|
||||
@ -1995,7 +1997,8 @@ static int ssl_tls13_session_save( const mbedtls_ssl_session *session,
|
||||
#if defined(MBEDTLS_SSL_CLI_C)
|
||||
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
|
||||
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
needed += 2 /* hostname_len */
|
||||
+ hostname_len; /* hostname */
|
||||
#endif
|
||||
@ -2026,7 +2029,9 @@ static int ssl_tls13_session_save( const mbedtls_ssl_session *session,
|
||||
memcpy( p, session->resumption_key, session->resumption_key_len );
|
||||
p += session->resumption_key_len;
|
||||
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_SSL_CLI_C)
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
|
||||
defined(MBEDTLS_SSL_SESSION_TICKETS) && \
|
||||
defined(MBEDTLS_SSL_CLI_C)
|
||||
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
||||
{
|
||||
MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 );
|
||||
@ -2039,7 +2044,9 @@ static int ssl_tls13_session_save( const mbedtls_ssl_session *session,
|
||||
p += hostname_len;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION &&
|
||||
MBEDTLS_SSL_SESSION_TICKETS &&
|
||||
MBEDTLS_SSL_CLI_C */
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
|
||||
if( session->endpoint == MBEDTLS_SSL_IS_SERVER )
|
||||
@ -2099,7 +2106,9 @@ static int ssl_tls13_session_load( mbedtls_ssl_session *session,
|
||||
memcpy( session->resumption_key, p, session->resumption_key_len );
|
||||
p += session->resumption_key_len;
|
||||
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_SSL_CLI_C)
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
|
||||
defined(MBEDTLS_SSL_SESSION_TICKETS) && \
|
||||
defined(MBEDTLS_SSL_CLI_C)
|
||||
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
||||
{
|
||||
size_t hostname_len;
|
||||
@ -2120,7 +2129,9 @@ static int ssl_tls13_session_load( mbedtls_ssl_session *session,
|
||||
p += hostname_len;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION &&
|
||||
MBEDTLS_SSL_SESSION_TICKETS &&
|
||||
MBEDTLS_SSL_CLI_C */
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
|
||||
if( session->endpoint == MBEDTLS_SSL_IS_SERVER )
|
||||
@ -8862,6 +8873,7 @@ int mbedtls_ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
|
||||
#endif /* MBEDTLS_SSL_ALPN */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
defined(MBEDTLS_SSL_SESSION_TICKETS) && \
|
||||
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
int mbedtls_ssl_session_set_hostname( mbedtls_ssl_session *session,
|
||||
const char *hostname )
|
||||
@ -8904,6 +8916,8 @@ int mbedtls_ssl_session_set_hostname( mbedtls_ssl_session *session,
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 &&
|
||||
MBEDTLS_SSL_SESSION_TICKETS &&
|
||||
MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
|
||||
#endif /* MBEDTLS_SSL_TLS_C */
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user