From d540d995b21ec7f9a43df87d7051174940b26f62 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 7 Mar 2023 09:41:48 +0100 Subject: [PATCH] tls13: srv: Postpone client random copy To avoid doing it twice in case we eventually negotiate the version 1.2 of the protocol, postpone the copy of the client random bytes. Signed-off-by: Ronald Cron --- library/ssl_tls13_server.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index b2166d293d..128c460391 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1241,6 +1241,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *p = buf; + const unsigned char *random; size_t legacy_session_id_len; size_t cipher_suites_len; const unsigned char *cipher_suites_end; @@ -1297,10 +1298,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, * with Random defined as: * opaque Random[32]; */ - MBEDTLS_SSL_DEBUG_BUF(3, "client hello, random bytes", - p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); - - memcpy(&handshake->randbytes[0], p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); + random = p; p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN; /* ... @@ -1372,6 +1370,14 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, ssl->session_negotiate->endpoint = ssl->conf->endpoint; #endif + /* + * We are negotiation the version 1.3 of the protocol. Do what we have + * postponed: copy of the client random bytes. + */ + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, random bytes", + random, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); + memcpy(&handshake->randbytes[0], random, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); + /* * Search for a matching ciphersuite */