lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Add server name check when proposeing pre-share key

Browse Source 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
This commit is contained in:
Xiaokang Qian
2022-09-20 11:35:41 +00:00
parent 8fd3254cfc
commit 281fd1bdd8
6 changed files with 197 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
library/ssl_tls.c
View File

@ -297,6 +297,18 @@ int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
if( src->hostname != NULL )
{
dst->hostname = mbedtls_calloc( 1, src->hostname_len + 1 );
if( dst->hostname == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
memcpy( dst->hostname, src->hostname, src->hostname_len );
dst->hostname[src->hostname_len] = '\0';
}
#endif
return( 0 );
}
@ -1978,6 +1990,11 @@ static int ssl_tls13_session_save( const mbedtls_ssl_session *session,
#if defined(MBEDTLS_SSL_CLI_C)
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
needed += 1 /* hostname_len */
+ session->hostname_len; /* hostname */
#endif
needed += 4 /* ticket_lifetime */
+ 2; /* ticket_len */
@ -2004,6 +2021,19 @@ static int ssl_tls13_session_save( const mbedtls_ssl_session *session,
memcpy( p, session->resumption_key, session->resumption_key_len );
p += session->resumption_key_len;
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_SSL_CLI_C)
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT &&
session->hostname_len != 0 &&
session->hostname != NULL )
{
/* save host name */
p[0] = session->hostname_len;
p++;
memcpy( p, session->hostname, session->hostname_len );
p += session->hostname_len;
}
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
if( session->endpoint == MBEDTLS_SSL_IS_SERVER )
{
@ -2062,6 +2092,22 @@ static int ssl_tls13_session_load( mbedtls_ssl_session *session,
memcpy( session->resumption_key, p, session->resumption_key_len );
p += session->resumption_key_len;
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_SSL_CLI_C)
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
/* load host name */
session->hostname_len = p[0];
p += 1;
if( end - p < session->hostname_len )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
session->hostname = mbedtls_calloc( 1, session->hostname_len );
if( session->hostname == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
memcpy( session->hostname, p, session->hostname_len );
p += session->hostname_len;
}
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
if( session->endpoint == MBEDTLS_SSL_IS_SERVER )
{
@ -2430,6 +2476,39 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
return( 0 );
}
int mbedtls_ssl_reset_hostname( mbedtls_ssl_context *ssl,
const char *hostname,
const char *rec_hostname )
{
/* Initialize to suppress unnecessary compiler warning */
size_t rec_hostname_len = 0;
if( hostname == NULL || rec_hostname == NULL )
return( 0 );
rec_hostname_len = strlen( rec_hostname );
if( rec_hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( rec_hostname_len == strlen( hostname ) &&
memcmp( hostname, rec_hostname, rec_hostname_len ) == 0 )
return( 0 );
if( ssl->hostname != NULL )
{
mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) );
mbedtls_free( ssl->hostname );
ssl->hostname = NULL;
ssl->hostname = mbedtls_calloc( 1, rec_hostname_len + 1 );
if( ssl->hostname == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
memcpy( ssl->hostname, rec_hostname, rec_hostname_len );
ssl->hostname[rec_hostname_len] = '\0';
}
return( 0 );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
@ -3679,6 +3758,10 @@ void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
mbedtls_free( session->ticket );
#endif
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
mbedtls_free( session->hostname );
#endif
mbedtls_platform_zeroize( session, sizeof( mbedtls_ssl_session ) );
}