From 15a56813a28814cc4132188dd233a8c11b2794de Mon Sep 17 00:00:00 2001 From: Xiaofei Bai Date: Fri, 5 Nov 2021 10:52:12 +0000 Subject: [PATCH 1/4] TLS1.3 Add hostname extention Signed-off-by: Xiaofei Bai --- library/ssl_cli.c | 9 +++++++++ library/ssl_misc.h | 7 +++++++ library/ssl_tls13_client.c | 8 ++++++++ 3 files changed, 24 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 9fc8041262..f070b0fade 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -156,6 +156,15 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl, return( 0 ); } + +int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) +{ + return ssl_write_hostname_ext( ssl, buf, end, olen ); +} + #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_SSL_RENEGOTIATION) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index c7d966bf2c..87347bf263 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1037,6 +1037,13 @@ void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform ); +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) +int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ); +#endif + int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 9c8848454f..511f4cd289 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -798,6 +798,14 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + /* Write server name extention */ + ret = mbedtls_ssl_write_hostname_ext( ssl, p, end, &output_len ); + if( ret != 0 ) + return( ret ); + p += output_len; +#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ + /* Add more extensions here */ /* Write the length of the list of extensions. */ From 58afdba88727babbd9ebea002d60cc1fda7a72fd Mon Sep 17 00:00:00 2001 From: Xiaofei Bai Date: Tue, 9 Nov 2021 03:10:05 +0000 Subject: [PATCH 2/4] Fix typo and remove wrapper Signed-off-by: Xiaofei Bai --- library/ssl_cli.c | 17 ++++------------- library/ssl_tls13_client.c | 2 +- 2 files changed, 5 insertions(+), 14 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index f070b0fade..d871dba66b 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -89,10 +89,10 @@ static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf ) #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) +int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; size_t hostname_len; @@ -156,15 +156,6 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl, return( 0 ); } - -int mbedtls_ssl_write_hostname_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) -{ - return ssl_write_hostname_ext( ssl, buf, end, olen ); -} - #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_SSL_RENEGOTIATION) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 511f4cd289..5abb18c6c6 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -799,7 +799,7 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - /* Write server name extention */ + /* Write server name extension */ ret = mbedtls_ssl_write_hostname_ext( ssl, p, end, &output_len ); if( ret != 0 ) return( ret ); From 6f435f07d2bac2fdcfafb5daec05e197f9aba309 Mon Sep 17 00:00:00 2001 From: Xiaofei Bai Date: Tue, 9 Nov 2021 04:08:32 +0000 Subject: [PATCH 3/4] Fix compile error Signed-off-by: Xiaofei Bai --- library/ssl_cli.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index d871dba66b..f3327b26c6 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1168,10 +1168,10 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if( ( ret = ssl_write_hostname_ext( ssl, p + 2 + ext_len, + if( ( ret = mbedtls_ssl_write_hostname_ext( ssl, p + 2 + ext_len, end, &olen ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_hostname_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_hostname_ext", ret ); return( ret ); } ext_len += olen; From f36e1677b12622da38864af4fc44936db33a7aba Mon Sep 17 00:00:00 2001 From: Xiaofei Bai Date: Tue, 9 Nov 2021 09:28:25 +0000 Subject: [PATCH 4/4] Fix alignment Signed-off-by: Xiaofei Bai --- library/ssl_cli.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index f3327b26c6..8c5c0242be 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1169,7 +1169,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) if( ( ret = mbedtls_ssl_write_hostname_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) + end, &olen ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_hostname_ext", ret ); return( ret );