From adf84a4a8c036268beed5b92a7430e30b905b91a Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Sun, 9 Oct 2022 09:21:22 +0000 Subject: [PATCH] Remove public api mbedtls_ssl_reset_hostname() Signed-off-by: Xiaokang Qian --- include/mbedtls/ssl.h | 26 +++----------------------- library/ssl_tls.c | 33 --------------------------------- programs/ssl/ssl_client2.c | 4 ++-- tests/ssl-opt.sh | 2 +- 4 files changed, 6 insertions(+), 59 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 5e493f5f27..e6c545e058 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1182,7 +1182,6 @@ struct mbedtls_ssl_session #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) - uint8_t MBEDTLS_PRIVATE(endpoint); /*!< 0: client, 1: server */ uint8_t MBEDTLS_PRIVATE(ticket_flags); /*!< Ticket flags */ uint32_t MBEDTLS_PRIVATE(ticket_age_add); /*!< Randomly generated value used to obscure the age of the ticket */ uint8_t MBEDTLS_PRIVATE(resumption_key_len); /*!< resumption_key length */ @@ -1200,12 +1199,14 @@ struct mbedtls_ssl_session #if defined(MBEDTLS_SSL_PROTO_TLS1_3) mbedtls_ssl_tls13_application_secrets MBEDTLS_PRIVATE(app_secrets); -#endif + + uint8_t MBEDTLS_PRIVATE(endpoint); /*!< 0: client, 1: server */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) uint8_t MBEDTLS_PRIVATE(hostname_len); /*!< host_name length */ char *MBEDTLS_PRIVATE(hostname); /*!< host name binded with tickets */ uint8_t hostname_mismatch; /*!< whether new host_name match with saved one */ #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ }; /* @@ -3667,27 +3668,6 @@ void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf, * On too long input failure, old hostname is unchanged. */ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); - -/** - * \brief Reset the hostname to the new server name when reconnection. - * - * \param ssl SSL context - * \param hostname the server hostname, may be NULL - * \param rec_hostname the server rec_hostname, may be NULL - - * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN. - * - * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on - * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on - * too long input rec_hostname. - * - * Rec_hostname set to the one provided on success. - * On allocation failure hostname is unchanged. - * On too long input failure, old hostname is unchanged. - */ -int mbedtls_ssl_reset_hostname( mbedtls_ssl_context *ssl, - const char *hostname, - const char *rec_hostname ); #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6a0a67800c..abadc80d01 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2484,39 +2484,6 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) return( 0 ); } - -int mbedtls_ssl_reset_hostname( mbedtls_ssl_context *ssl, - const char *hostname, - const char *rec_hostname ) -{ - /* Initialize to suppress unnecessary compiler warning */ - size_t rec_hostname_len = 0; - - if( hostname == NULL || rec_hostname == NULL ) - return( 0 ); - - rec_hostname_len = strlen( rec_hostname ); - if( rec_hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - if( rec_hostname_len == strlen( hostname ) && - memcmp( hostname, rec_hostname, rec_hostname_len ) == 0 ) - return( 0 ); - - if( ssl->hostname != NULL ) - { - mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) ); - mbedtls_free( ssl->hostname ); - ssl->hostname = NULL; - ssl->hostname = mbedtls_calloc( 1, rec_hostname_len + 1 ); - if( ssl->hostname == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); - memcpy( ssl->hostname, rec_hostname, rec_hostname_len ); - ssl->hostname[rec_hostname_len] = '\0'; - } - - return( 0 ); -} #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index a7705ac9fa..9102ab40a1 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -3119,10 +3119,10 @@ reconnect: } #if defined(MBEDTLS_X509_CRT_PARSE_C) - if( ( ret = mbedtls_ssl_reset_hostname( &ssl, opt.server_name, + if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.reco_server_name ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_reset_hostname returned %d\n\n", + mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret ); goto exit; } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 414b8607bb..2a63610df7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -12909,7 +12909,7 @@ run_test "TLS 1.3: NewSessionTicket: servername negative check, m->m" \ -c "got new session ticket." \ -c "Saving session for reuse... ok" \ -c "Reconnecting with saved session" \ - -c "hostname mismatch the session ticker, should not resume" \ + -c "hostname mismatch the session ticket, should not resume" \ -s "=> write NewSessionTicket msg" \ -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \ -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH"