mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-04 15:39:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #6123 from yuhaoth/pr/finialize-tls13-serialize_session_save_load

Browse Source 
TLS 1.3:finalize tls13 serialize session save and load
This commit is contained in:
Ronald Cron 2022-08-19 08:16:05 +02:00 committed by GitHub
commit f3f6b0a5c3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 41 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
library/ssl_tls.c
View File

@ -1898,7 +1898,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
* struct { * struct {
* uint64 ticket_received; * uint64 ticket_received;
* uint32 ticket_lifetime; * uint32 ticket_lifetime;
* opaque ticket<0..2^16>; * opaque ticket<1..2^16-1>;
* } ClientOnlyData; * } ClientOnlyData;
* *
* struct { * struct {
@ -1915,16 +1915,23 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
* *
*/ */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
static size_t ssl_tls13_session_save( const mbedtls_ssl_session *session, MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_session_save( const mbedtls_ssl_session *session,
unsigned char *buf, unsigned char *buf,
size_t buf_len ) size_t buf_len,
size_t *olen )
{ {
unsigned char *p = buf; unsigned char *p = buf;
size_t needed = 1 /* endpoint */ size_t needed = 1 /* endpoint */
+ 2 /* ciphersuite */ + 2 /* ciphersuite */
+ 4 /* ticket_age_add */ + 4 /* ticket_age_add */
+ 2 /* resumption_key length */ + 1 /* ticket_flags */
+ session->resumption_key_len; /* resumption_key */ + 1; /* resumption_key length */
*olen = 0;
if( session->resumption_key_len > MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
needed += session->resumption_key_len; /* resumption_key */
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
needed += 8; /* start_time or ticket_received */ needed += 8; /* start_time or ticket_received */
@ -1934,13 +1941,19 @@ static size_t ssl_tls13_session_save( const mbedtls_ssl_session *session,
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT ) if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
{ {
needed += 4 /* ticket_lifetime */ needed += 4 /* ticket_lifetime */
+ 2 /* ticket_len */ + 2; /* ticket_len */
+ session->ticket_len; /* ticket */
/* Check size_t overflow */
if( session->ticket_len > SIZE_MAX - needed )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
needed += session->ticket_len; /* ticket */
} }
#endif /* MBEDTLS_SSL_CLI_C */ #endif /* MBEDTLS_SSL_CLI_C */
*olen = needed;
if( needed > buf_len ) if( needed > buf_len )
return( needed ); return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
p[0] = session->endpoint; p[0] = session->endpoint;
MBEDTLS_PUT_UINT16_BE( session->ciphersuite, p, 1 ); MBEDTLS_PUT_UINT16_BE( session->ciphersuite, p, 1 );
@ -1973,14 +1986,15 @@ static size_t ssl_tls13_session_save( const mbedtls_ssl_session *session,
MBEDTLS_PUT_UINT16_BE( session->ticket_len, p, 0 ); MBEDTLS_PUT_UINT16_BE( session->ticket_len, p, 0 );
p += 2; p += 2;
if( session->ticket_len > 0 )
if( session->ticket != NULL && session->ticket_len > 0 )
{ {
memcpy( p, session->ticket, session->ticket_len ); memcpy( p, session->ticket, session->ticket_len );
p += session->ticket_len; p += session->ticket_len;
} }
} }
#endif /* MBEDTLS_SSL_CLI_C */ #endif /* MBEDTLS_SSL_CLI_C */
return( needed ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
@ -2056,14 +2070,17 @@ static int ssl_tls13_session_load( mbedtls_ssl_session *session,
} }
#else /* MBEDTLS_SSL_SESSION_TICKETS */ #else /* MBEDTLS_SSL_SESSION_TICKETS */
static size_t ssl_tls13_session_save( const mbedtls_ssl_session *session, MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_session_save( const mbedtls_ssl_session *session,
unsigned char *buf, unsigned char *buf,
size_t buf_len ) size_t buf_len,
size_t *olen )
{ {
((void) session); ((void) session);
((void) buf); ((void) buf);
((void) buf_len); ((void) buf_len);
return( 0 ); *olen = 0;
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
} }
static int ssl_tls13_session_load( const mbedtls_ssl_session *session, static int ssl_tls13_session_load( const mbedtls_ssl_session *session,
@ -3007,7 +3024,10 @@ static int ssl_session_save( const mbedtls_ssl_session *session,
unsigned char *p = buf; unsigned char *p = buf;
size_t used = 0; size_t used = 0;
size_t remaining_len; size_t remaining_len;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
size_t out_len;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#endif
if( session == NULL ) if( session == NULL )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@ -3047,7 +3067,10 @@ static int ssl_session_save( const mbedtls_ssl_session *session,
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
case MBEDTLS_SSL_VERSION_TLS1_3: case MBEDTLS_SSL_VERSION_TLS1_3:
used += ssl_tls13_session_save( session, p, remaining_len ); ret = ssl_tls13_session_save( session, p, remaining_len, &out_len );
if( ret != 0 && ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL )
return( ret );
used += out_len;
break; break;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

2
tests/suites/test_suite_ssl.function
View File

@ -4809,7 +4809,7 @@ void ssl_serialize_session_save_load( int ticket_len, char *crt_file,
original.resumption_key_len ) == 0 ); original.resumption_key_len ) == 0 );
} }
#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
if( endpoint_type == MBEDTLS_SSL_IS_CLIENT) if( endpoint_type == MBEDTLS_SSL_IS_SERVER )
{ {
TEST_ASSERT( original.start == restored.start ); TEST_ASSERT( original.start == restored.start );
} }