mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-26 12:39:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

move CLIENT/SERVER_HELLO_RANDOM_LEN to ssl_misc.h

Browse Source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2021-10-26 10:44:32 +08:00
parent 188468b5f4
commit e6d7e5cef6
2 changed files with 23 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
library/ssl_misc.h
View File

@ -309,6 +309,9 @@
#define MBEDTLS_TLS1_3_MD_MAX_SIZE MBEDTLS_MD_MAX_SIZE #define MBEDTLS_TLS1_3_MD_MAX_SIZE MBEDTLS_MD_MAX_SIZE
#define MBEDTLS_CLIENT_HELLO_RANDOM_LEN 32
#define MBEDTLS_SERVER_HELLO_RANDOM_LEN 32
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
/** /**
* \brief Return the maximum fragment length (payload, in bytes) for * \brief Return the maximum fragment length (payload, in bytes) for
@ -715,7 +718,9 @@ struct mbedtls_ssl_handshake_params
size_t pmslen; /*!< premaster length */ size_t pmslen; /*!< premaster length */
unsigned char randbytes[64]; /*!< random bytes */ unsigned char randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN +
MBEDTLS_SERVER_HELLO_RANDOM_LEN];
/*!< random bytes */
unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
/*!< premaster secret */ /*!< premaster secret */
@ -880,7 +885,9 @@ struct mbedtls_ssl_transform
/* We need the Hello random bytes in order to re-derive keys from the /* We need the Hello random bytes in order to re-derive keys from the
* Master Secret and other session info, * Master Secret and other session info,
* see ssl_tls12_populate_transform() */ * see ssl_tls12_populate_transform() */
unsigned char randbytes[64]; /*!< ServerHello.random+ClientHello.random */ unsigned char randbytes[MBEDTLS_SERVER_HELLO_RANDOM_LEN +
MBEDTLS_CLIENT_HELLO_RANDOM_LEN];
/*!< ServerHello.random+ClientHello.random */
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
}; };

32
library/ssl_tls13_client.c
View File

@ -35,9 +35,6 @@
#include "ecdh_misc.h" #include "ecdh_misc.h"
#include "ssl_tls13_keys.h" #include "ssl_tls13_keys.h"
#define CLIENT_HELLO_RANDOM_LEN 32
#define SERVER_HELLO_RANDOM_LEN 32
/* Write extensions */ /* Write extensions */
/* /*
@ -709,11 +706,11 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
p += 2; p += 2;
/* Write the random bytes ( random ).*/ /* Write the random bytes ( random ).*/
MBEDTLS_SSL_CHK_BUF_PTR( p, end, CLIENT_HELLO_RANDOM_LEN ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
memcpy( p, ssl->handshake->randbytes, CLIENT_HELLO_RANDOM_LEN ); memcpy( p, ssl->handshake->randbytes, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes",
p, CLIENT_HELLO_RANDOM_LEN ); p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
p += CLIENT_HELLO_RANDOM_LEN; p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
/* /*
* Write legacy_session_id * Write legacy_session_id
@ -834,7 +831,7 @@ static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl )
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng,
ssl->handshake->randbytes, ssl->handshake->randbytes,
CLIENT_HELLO_RANDOM_LEN ) ) != 0 ) MBEDTLS_CLIENT_HELLO_RANDOM_LEN ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret );
return( ret ); return( ret );
@ -894,7 +891,7 @@ static int ssl_server_hello_is_hrr( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )
{ {
static const unsigned char magic_hrr_string[SERVER_HELLO_RANDOM_LEN] = static const unsigned char magic_hrr_string[MBEDTLS_SERVER_HELLO_RANDOM_LEN] =
{ 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
@ -1045,12 +1042,12 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
* Check there is space for minimal fields * Check there is space for minimal fields
* *
* - legacy_version ( 2 bytes) * - legacy_version ( 2 bytes)
* - random (SERVER_HELLO_RANDOM_LEN bytes) * - random (MBEDTLS_SERVER_HELLO_RANDOM_LEN bytes)
* - legacy_session_id_echo ( 1 byte ), minimum size * - legacy_session_id_echo ( 1 byte ), minimum size
* - cipher_suite ( 2 bytes) * - cipher_suite ( 2 bytes)
* - legacy_compression_method ( 1 byte ) * - legacy_compression_method ( 1 byte )
*/ */
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, SERVER_HELLO_RANDOM_LEN + 6 ); MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 6 );
MBEDTLS_SSL_DEBUG_BUF( 4, "server hello", p, end - p ); MBEDTLS_SSL_DEBUG_BUF( 4, "server hello", p, end - p );
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", p, 2 ); MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", p, 2 );
@ -1071,18 +1068,17 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
} }
p += 2; p += 2;
/* From RFC8446, page 27. /* ...
* ...
* Random random; * Random random;
* ... * ...
* with Random defined as: * with Random defined as:
* opaque Random[32]; * opaque Random[MBEDTLS_SERVER_HELLO_RANDOM_LEN];
*/ */
memcpy( ssl->handshake->randbytes + CLIENT_HELLO_RANDOM_LEN, p, memcpy( &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN], p,
SERVER_HELLO_RANDOM_LEN ); MBEDTLS_SERVER_HELLO_RANDOM_LEN );
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes",
p, SERVER_HELLO_RANDOM_LEN ); p, MBEDTLS_SERVER_HELLO_RANDOM_LEN );
p += SERVER_HELLO_RANDOM_LEN; p += MBEDTLS_SERVER_HELLO_RANDOM_LEN;
/* ... /* ...
* opaque legacy_session_id_echo<0..32>; * opaque legacy_session_id_echo<0..32>;