eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Prepare function to parse hrr cookie extension

Browse source 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
This commit is contained in:
XiaokangQian 2022-01-21 04:32:58 +00:00
parent 2b01dc30cb
commit 43550bd761
1 changed files with 48 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

73
library/ssl_tls13_client.c
View file

@ -518,6 +518,40 @@ static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_COOKIE_C)
static int ssl_tls13_parse_cookie_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
{
size_t cookie_len;
const unsigned char *p = buf;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
/* Retrieve length field of cookie */
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
cookie_len = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cookie_len );
MBEDTLS_SSL_DEBUG_BUF( 3, "cookie extension", p, cookie_len );
mbedtls_free( handshake->verify_cookie );
handshake->verify_cookie = mbedtls_calloc( 1, cookie_len );
if( handshake->verify_cookie == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "alloc failed ( %" MBEDTLS_PRINTF_SIZET " bytes )",
cookie_len ) );
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
}
memcpy( handshake->verify_cookie, p, cookie_len );
handshake->verify_cookie_len = (unsigned char) cookie_len;
return( 0 );
}
#endif /* MBEDTLS_SSL_COOKIE_C */
/* Write cipher_suites /* Write cipher_suites
* CipherSuite cipher_suites<2..2^16-2>; * CipherSuite cipher_suites<2..2^16-2>;
*/ */
@ -1007,10 +1041,6 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
uint16_t cipher_suite; uint16_t cipher_suite;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info; const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
int supported_versions_ext_found = 0; int supported_versions_ext_found = 0;
#if defined(MBEDTLS_SSL_COOKIE_C)
size_t cookie_len;
unsigned char *cookie;
#endif /* MBEDTLS_SSL_COOKIE_C */
/* /*
* Check there is space for minimal fields * Check there is space for minimal fields
@ -1161,6 +1191,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
{ {
unsigned int extension_type; unsigned int extension_type;
size_t extension_data_len; size_t extension_data_len;
const unsigned char *extension_data_end;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 ); MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
extension_type = MBEDTLS_GET_UINT16_BE( p, 0 ); extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
@ -1168,6 +1199,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
p += 4; p += 4;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
extension_data_end = p + extension_data_len;
switch( extension_type ) switch( extension_type )
{ {
@ -1182,26 +1214,15 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
} }
/* Retrieve length field of cookie */ ret = ssl_tls13_parse_cookie_ext( ssl,
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 2 ); p, extension_data_end );
cookie_len = MBEDTLS_GET_UINT16_BE( p, 0 ); if( ret != 0 )
cookie = (unsigned char *) ( p + 2 );
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, cookie_len + 2 );
MBEDTLS_SSL_DEBUG_BUF( 3, "cookie extension", cookie, cookie_len );
mbedtls_free( handshake->verify_cookie );
handshake->verify_cookie = mbedtls_calloc( 1, cookie_len );
if( handshake->verify_cookie == NULL )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, MBEDTLS_SSL_DEBUG_RET( 1,
( "alloc failed ( %" MBEDTLS_PRINTF_SIZET " bytes )", "ssl_tls13_parse_cookie_ext",
cookie_len ) ); ret );
return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); return( ret );
} }
memcpy( handshake->verify_cookie, cookie, cookie_len );
handshake->verify_cookie_len = (unsigned char) cookie_len;
break; break;
#endif /* MBEDTLS_SSL_COOKIE_C */ #endif /* MBEDTLS_SSL_COOKIE_C */
@ -1212,7 +1233,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
ret = ssl_tls13_parse_supported_versions_ext( ssl, ret = ssl_tls13_parse_supported_versions_ext( ssl,
p, p,
p + extension_data_len ); extension_data_end );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
break; break;
@ -1231,10 +1252,10 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found key_shares extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "found key_shares extension" ) );
if( is_hrr ) if( is_hrr )
ret = ssl_tls13_parse_hrr_key_share_ext( ssl, ret = ssl_tls13_parse_hrr_key_share_ext( ssl,
p, p + extension_data_len ); p, extension_data_end );
else else
ret = ssl_tls13_parse_key_share_ext( ssl, ret = ssl_tls13_parse_key_share_ext( ssl,
p, p + extension_data_len ); p, extension_data_end );
if( ret != 0 ) if( ret != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, MBEDTLS_SSL_DEBUG_RET( 1,
@ -1412,6 +1433,8 @@ static int ssl_tls13_postprocess_hrr( mbedtls_ssl_context *ssl )
ret = ssl_tls13_reset_key_share( ssl ); ret = ssl_tls13_reset_key_share( ssl );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
#else
((void) ssl);
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
return( 0 ); return( 0 );