mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-28 08:37:25 +00:00
Refactor cookie members of handshake struct
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu
parent
c3902ac661
commit
ac5ca5a0ea
@ -524,8 +524,8 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
|
|||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
|
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
|
||||||
handshake->cookie,
|
handshake->cookie,
|
||||||
handshake->verify_cookie_len );
|
handshake->cookie_len );
|
||||||
cookie_len = handshake->verify_cookie_len;
|
cookie_len = handshake->cookie_len;
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, cookie_len + 1 );
|
MBEDTLS_SSL_CHK_BUF_PTR( p, end, cookie_len + 1 );
|
||||||
|
|||||||
@ -846,19 +846,33 @@ struct mbedtls_ssl_handshake_params
|
|||||||
} buffering;
|
} buffering;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_CLI_C) && \
|
#if defined(MBEDTLS_SSL_CLI_C) && \
|
||||||
( defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
|
( defined(MBEDTLS_SSL_PROTO_DTLS) || \
|
||||||
unsigned char *cookie; /*!< HelloVerifyRequest cookie for DTLS
|
defined(MBEDTLS_SSL_PROTO_TLS1_3) )
|
||||||
* HelloRetryRequest cookie for TLS 1.3 */
|
unsigned char *cookie; /*!< HelloVerifyRequest cookie for DTLS
|
||||||
|
* HelloRetryRequest cookie for TLS 1.3 */
|
||||||
|
#if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
|
/* RFC 6347 page 15
|
||||||
|
...
|
||||||
|
opaque cookie<0..2^8-1>;
|
||||||
|
...
|
||||||
|
*/
|
||||||
|
uint8_t cookie_len;
|
||||||
|
#else
|
||||||
|
/* RFC 8446 page 39
|
||||||
|
...
|
||||||
|
opaque cookie<0..2^16-1>;
|
||||||
|
...
|
||||||
|
If TLS1_3 is enabled, the max length is 2^16 - 1
|
||||||
|
*/
|
||||||
|
uint16_t cookie_len; /*!< DTLS: HelloVerifyRequest cookie length
|
||||||
|
* TLS1_3: HelloRetryRequest cookie length */
|
||||||
|
#endif
|
||||||
#endif /* MBEDTLS_SSL_CLI_C &&
|
#endif /* MBEDTLS_SSL_CLI_C &&
|
||||||
( MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 ) */
|
( MBEDTLS_SSL_PROTO_DTLS ||
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
MBEDTLS_SSL_PROTO_TLS1_3 ) */
|
||||||
unsigned char verify_cookie_len; /*!< Cli: HelloVerifyRequest cookie
|
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
* length
|
unsigned char cookie_verify_result; /*!< Srv: flag for sending a cookie */
|
||||||
* Srv: flag for sending a cookie */
|
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS */
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
|
||||||
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
|
||||||
uint16_t hrr_cookie_len; /*!< HelloRetryRequest cookie length */
|
|
||||||
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_3 */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
|
unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
|
||||||
|
|||||||
@ -1200,7 +1200,7 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
|
|
||||||
memcpy( ssl->handshake->cookie, p, cookie_len );
|
memcpy( ssl->handshake->cookie, p, cookie_len );
|
||||||
ssl->handshake->verify_cookie_len = cookie_len;
|
ssl->handshake->cookie_len = cookie_len;
|
||||||
|
|
||||||
/* Start over at ClientHello */
|
/* Start over at ClientHello */
|
||||||
ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
|
ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
|
||||||
@ -1284,7 +1284,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
/* We made it through the verification process */
|
/* We made it through the verification process */
|
||||||
mbedtls_free( ssl->handshake->cookie );
|
mbedtls_free( ssl->handshake->cookie );
|
||||||
ssl->handshake->cookie = NULL;
|
ssl->handshake->cookie = NULL;
|
||||||
ssl->handshake->verify_cookie_len = 0;
|
ssl->handshake->cookie_len = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
|||||||
@ -1274,12 +1274,12 @@ read_record_header:
|
|||||||
ssl->cli_id, ssl->cli_id_len ) != 0 )
|
ssl->cli_id, ssl->cli_id_len ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification failed" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification failed" ) );
|
||||||
ssl->handshake->verify_cookie_len = 1;
|
ssl->handshake->cookie_verify_result = 1;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification passed" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification passed" ) );
|
||||||
ssl->handshake->verify_cookie_len = 0;
|
ssl->handshake->cookie_verify_result = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -2244,7 +2244,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||||
ssl->handshake->verify_cookie_len != 0 )
|
ssl->handshake->cookie_verify_result != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "client hello was not authenticated" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "client hello was not authenticated" ) );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) );
|
||||||
|
|||||||
@ -553,7 +553,7 @@ static int ssl_tls13_parse_cookie_ext( mbedtls_ssl_context *ssl,
|
|||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "cookie extension", p, cookie_len );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "cookie extension", p, cookie_len );
|
||||||
|
|
||||||
mbedtls_free( handshake->cookie );
|
mbedtls_free( handshake->cookie );
|
||||||
handshake->hrr_cookie_len = 0;
|
handshake->cookie_len = 0;
|
||||||
handshake->cookie = mbedtls_calloc( 1, cookie_len );
|
handshake->cookie = mbedtls_calloc( 1, cookie_len );
|
||||||
if( handshake->cookie == NULL )
|
if( handshake->cookie == NULL )
|
||||||
{
|
{
|
||||||
@ -564,7 +564,7 @@ static int ssl_tls13_parse_cookie_ext( mbedtls_ssl_context *ssl,
|
|||||||
}
|
}
|
||||||
|
|
||||||
memcpy( handshake->cookie, p, cookie_len );
|
memcpy( handshake->cookie, p, cookie_len );
|
||||||
handshake->hrr_cookie_len = cookie_len;
|
handshake->cookie_len = cookie_len;
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
@ -587,21 +587,21 @@ static int ssl_tls13_write_cookie_ext( mbedtls_ssl_context *ssl,
|
|||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
|
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
|
||||||
handshake->cookie,
|
handshake->cookie,
|
||||||
handshake->hrr_cookie_len );
|
handshake->cookie_len );
|
||||||
|
|
||||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, handshake->hrr_cookie_len + 6 );
|
MBEDTLS_SSL_CHK_BUF_PTR( p, end, handshake->cookie_len + 6 );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding cookie extension" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding cookie extension" ) );
|
||||||
|
|
||||||
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_COOKIE, p, 0 );
|
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_COOKIE, p, 0 );
|
||||||
MBEDTLS_PUT_UINT16_BE( handshake->hrr_cookie_len + 2, p, 2 );
|
MBEDTLS_PUT_UINT16_BE( handshake->cookie_len + 2, p, 2 );
|
||||||
MBEDTLS_PUT_UINT16_BE( handshake->hrr_cookie_len, p, 4 );
|
MBEDTLS_PUT_UINT16_BE( handshake->cookie_len, p, 4 );
|
||||||
p += 6;
|
p += 6;
|
||||||
|
|
||||||
/* Cookie */
|
/* Cookie */
|
||||||
memcpy( p, handshake->cookie, handshake->hrr_cookie_len );
|
memcpy( p, handshake->cookie, handshake->cookie_len );
|
||||||
|
|
||||||
*out_len = handshake->hrr_cookie_len + 6;
|
*out_len = handshake->cookie_len + 6;
|
||||||
|
|
||||||
mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_COOKIE );
|
mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_COOKIE );
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user