lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Merge pull request #4927 from yuhaoth/pr/add-tls13-serverhello-utils

Browse Source 
TLS 1.3: ServerHello: add  utils functions used by ServerHello
Regarding the merge job, there was only one of the failure we currently encounter on almost all PR (Session resume using tickets, DTLS: openssl client test case see #5012) thus we can consider that this PR passed CI.
This commit is contained in:
Ronald Cron
2021-10-11 11:01:11 +02:00
committed by GitHub
parent 0c7c524b25 fd320e9a6e
commit e23bba04ee
8 changed files with 263 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
library/ssl_msg.c
View File

@ -2101,7 +2101,7 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight )
static int ssl_swap_epochs( mbedtls_ssl_context *ssl )
{
mbedtls_ssl_transform *tmp_transform;
unsigned char tmp_out_ctr[8];
unsigned char tmp_out_ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN];
if( ssl->transform_out == ssl->handshake->alt_transform_out )
{
@ -2117,9 +2117,11 @@ static int ssl_swap_epochs( mbedtls_ssl_context *ssl )
ssl->handshake->alt_transform_out = tmp_transform;
/* Swap epoch + sequence_number */
memcpy( tmp_out_ctr, ssl->cur_out_ctr, 8 );
memcpy( ssl->cur_out_ctr, ssl->handshake->alt_out_ctr, 8 );
memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, 8 );
memcpy( tmp_out_ctr, ssl->cur_out_ctr, sizeof( tmp_out_ctr ) );
memcpy( ssl->cur_out_ctr, ssl->handshake->alt_out_ctr,
sizeof( ssl->cur_out_ctr ) );
memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr,
sizeof( ssl->handshake->alt_out_ctr ) );
/* Adjust to the newly activated transform */
mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out );
@ -2562,7 +2564,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
ssl->conf->transport, ssl->out_hdr + 1 );
memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 );
memcpy( ssl->out_ctr, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
MBEDTLS_PUT_UINT16_BE( len, ssl->out_len, 0);
if( ssl->transform_out != NULL )
@ -2574,7 +2576,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
rec.data_len = ssl->out_msglen;
rec.data_offset = ssl->out_msg - rec.buf;
memcpy( &rec.ctr[0], ssl->out_ctr, 8 );
memcpy( &rec.ctr[0], ssl->out_ctr, sizeof( rec.ctr ) );
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
ssl->conf->transport, rec.ver );
rec.type = ssl->out_msgtype;
@ -3649,9 +3651,12 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
#endif
{
unsigned i;
for( i = 8; i > mbedtls_ssl_ep_len( ssl ); i-- )
for( i = MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
i > mbedtls_ssl_ep_len( ssl ); i-- )
{
if( ++ssl->in_ctr[i - 1] != 0 )
break;
}
/* The loop goes to its end iff the counter is wrapping */
if( i == mbedtls_ssl_ep_len( ssl ) )
@ -4791,7 +4796,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
}
else
#endif /* MBEDTLS_SSL_PROTO_DTLS */
memset( ssl->in_ctr, 0, 8 );
memset( ssl->in_ctr, 0, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
mbedtls_ssl_update_in_pointers( ssl );
@ -4827,12 +4832,12 @@ void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl,
{
ssl->out_ctr = ssl->out_hdr + 3;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ssl->out_cid = ssl->out_ctr + 8;
ssl->out_cid = ssl->out_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
ssl->out_len = ssl->out_cid;
if( transform != NULL )
ssl->out_len += transform->out_cid_len;
#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->out_len = ssl->out_ctr + 8;
ssl->out_len = ssl->out_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->out_iv = ssl->out_len + 2;
}
@ -4881,17 +4886,17 @@ void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl )
* ssl_parse_record_header(). */
ssl->in_ctr = ssl->in_hdr + 3;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ssl->in_cid = ssl->in_ctr + 8;
ssl->in_cid = ssl->in_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
ssl->in_len = ssl->in_cid; /* Default: no CID */
#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->in_len = ssl->in_ctr + 8;
ssl->in_len = ssl->in_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->in_iv = ssl->in_len + 2;
}
else
#endif
{
ssl->in_ctr = ssl->in_hdr - 8;
ssl->in_ctr = ssl->in_hdr - MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
ssl->in_len = ssl->in_hdr + 3;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ssl->in_cid = ssl->in_len;
@ -5065,9 +5070,11 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
}
in_ctr_cmp = memcmp( ssl->in_ctr + ep_len,
ssl->conf->renego_period + ep_len, 8 - ep_len );
out_ctr_cmp = memcmp( ssl->cur_out_ctr + ep_len,
ssl->conf->renego_period + ep_len, 8 - ep_len );
&ssl->conf->renego_period[ep_len],
MBEDTLS_SSL_SEQUENCE_NUMBER_LEN - ep_len );
out_ctr_cmp = memcmp( &ssl->cur_out_ctr[ep_len],
&ssl->conf->renego_period[ep_len],
sizeof( ssl->cur_out_ctr ) - ep_len );
if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 )
{
@ -5551,6 +5558,20 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform )
mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
}
void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform )
{
ssl->transform_in = transform;
memset( ssl->in_ctr, 0, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
}
void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform )
{
ssl->transform_out = transform;
memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl )