From b6bbbb174da33a860b5556e989e334f8d7eee7b3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Aug 2021 09:00:14 +0100 Subject: [PATCH 1/4] Fix typo in documentation of ssl->transform_out Signed-off-by: Hanno Becker --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 221cee3379..639e3d962a 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1329,7 +1329,7 @@ struct mbedtls_ssl_context * Record layer transformations */ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (in) */ + mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (out) */ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params */ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation */ From 0e719ff34144a71d60e1c4e14d63565cb15673bf Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Aug 2021 09:24:08 +0100 Subject: [PATCH 2/4] Improve the documentation of legacy msg layer transforms Signed-off-by: Hanno Becker --- include/mbedtls/ssl.h | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 639e3d962a..dc4782e65b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1328,10 +1328,18 @@ struct mbedtls_ssl_context /* * Record layer transformations */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (out) */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params */ - mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation */ + mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) + * This is always a reference, + * never an owning pointer. */ + mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (out) + * This is always a reference, + * never an owning pointer. */ + mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params + * This pointer owns the transform + * it references. */ + mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation + * This pointer owns the transform + * it references. */ /* * Timers From 3aa186f9462f6afd2943980863f37d8a608dbaa5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Aug 2021 09:24:19 +0100 Subject: [PATCH 3/4] Add transforms to be used for TLS 1.3 Signed-off-by: Hanno Becker --- include/mbedtls/ssl.h | 6 ++++++ library/ssl_misc.h | 7 +++++++ library/ssl_tls.c | 12 ++++++++++++ 3 files changed, 25 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index dc4782e65b..34353daffb 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1341,6 +1341,12 @@ struct mbedtls_ssl_context * This pointer owns the transform * it references. */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + /* The application data transform in TLS 1.3. + * This pointer owns the transform it references. */ + mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_application); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + /* * Timers */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index cc19f4723b..174bad88b5 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -562,6 +562,13 @@ struct mbedtls_ssl_handshake_params uint16_t mtu; /*!< Handshake mtu, used to fragment outgoing messages */ #endif /* MBEDTLS_SSL_PROTO_DTLS */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + /* TLS 1.3 transforms for 0-RTT and encrypted handshake messages. + * Those pointers own the transforms they reference. */ + mbedtls_ssl_transform *transform_handshake; + mbedtls_ssl_transform *transform_earlydata; +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + /* * Checksum contexts */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bb5ddc470e..8316d252b7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5393,6 +5393,13 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) handle_buffer_resizing( ssl, 1, mbedtls_ssl_get_input_buflen( ssl ), mbedtls_ssl_get_output_buflen( ssl ) ); #endif + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + mbedtls_free( handshake->transform_earlydata ); + mbedtls_free( handshake->transform_handshake ); + handshake->transform_earlydata = NULL; + handshake->transform_handshake = NULL; +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ } void mbedtls_ssl_session_free( mbedtls_ssl_session *session ) @@ -6091,6 +6098,11 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) mbedtls_free( ssl->session_negotiate ); } +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + mbedtls_ssl_transform_free( ssl->transform_application ); + mbedtls_free( ssl->transform_application ); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + if( ssl->session ) { mbedtls_ssl_session_free( ssl->session ); From e043d15d75e81fef9c93aba0639a7dba165b4062 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Aug 2021 06:22:32 +0100 Subject: [PATCH 4/4] Turn comments of 1.3 record transforms into Doxygen documentation Signed-off-by: Hanno Becker --- include/mbedtls/ssl.h | 4 ++-- library/ssl_misc.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 34353daffb..960a262e43 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1342,8 +1342,8 @@ struct mbedtls_ssl_context * it references. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - /* The application data transform in TLS 1.3. - * This pointer owns the transform it references. */ + /*! The application data transform in TLS 1.3. + * This pointer owns the transform it references. */ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_application); #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 174bad88b5..0b64e010bc 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -563,8 +563,8 @@ struct mbedtls_ssl_handshake_params #endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - /* TLS 1.3 transforms for 0-RTT and encrypted handshake messages. - * Those pointers own the transforms they reference. */ + /*! TLS 1.3 transforms for 0-RTT and encrypted handshake messages. + * Those pointers own the transforms they reference. */ mbedtls_ssl_transform *transform_handshake; mbedtls_ssl_transform *transform_earlydata; #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */