yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

ssl_session: Define unconditionally the endpoint field

Browse source 
The endpoint field is needed to serialize/deserialize
a session in TLS 1.2 the same way it is needed in the
TLS 1.3 case: client specific fields that should not
be in the serialized version on server side if both
TLS client and server are enabled in the TLS library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2023-11-22 10:29:42 +01:00
parent ba5165e09a
commit 17ef8dfddb
5 changed files with 4 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
include/mbedtls/ssl.h
View file

@ -1199,6 +1199,7 @@ struct mbedtls_ssl_session {
* or resuming a session instead of the configured minor TLS version.
*/
mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version);
uint8_t MBEDTLS_PRIVATE(endpoint); /*!< 0: client, 1: server */
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< start time of current session */
@ -1228,7 +1229,6 @@ struct mbedtls_ssl_session {
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
uint8_t MBEDTLS_PRIVATE(endpoint); /*!< 0: client, 1: server */
uint8_t MBEDTLS_PRIVATE(ticket_flags); /*!< Ticket flags */
uint32_t MBEDTLS_PRIVATE(ticket_age_add); /*!< Randomly generated value used to obscure the age of the ticket */
uint8_t MBEDTLS_PRIVATE(resumption_key_len); /*!< resumption_key length */

1
library/ssl_tls12_client.c
View file

@ -1268,6 +1268,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl)
ssl->tls_version = (mbedtls_ssl_protocol_version) mbedtls_ssl_read_version(buf,
ssl->conf->transport);
ssl->session_negotiate->tls_version = ssl->tls_version;
ssl->session_negotiate->endpoint = ssl->conf->endpoint;
if (ssl->tls_version < ssl->conf->min_tls_version ||
ssl->tls_version > ssl->conf->max_tls_version) {

1
library/ssl_tls12_server.c
View file

@ -1161,6 +1161,7 @@ read_record_header:
ssl->tls_version = (mbedtls_ssl_protocol_version) mbedtls_ssl_read_version(buf,
ssl->conf->transport);
ssl->session_negotiate->tls_version = ssl->tls_version;
ssl->session_negotiate->endpoint = ssl->conf->endpoint;
if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2) {
MBEDTLS_SSL_DEBUG_MSG(1, ("server only supports TLS 1.2"));

4
library/ssl_tls13_client.c
View file

@ -1476,10 +1476,8 @@ static int ssl_tls13_preprocess_server_hello(mbedtls_ssl_context *ssl,
return SSL_SERVER_HELLO_TLS1_2;
}
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
ssl->session_negotiate->endpoint = ssl->conf->endpoint;
ssl->session_negotiate->tls_version = ssl->tls_version;
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
ssl->session_negotiate->endpoint = ssl->conf->endpoint;
handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;

4
library/ssl_tls13_server.c
View file

@ -1437,12 +1437,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
* We negotiate TLS 1.3.
*/
ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
/* Store minor version for later use with ticket serialization. */
ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
ssl->session_negotiate->endpoint = ssl->conf->endpoint;
#endif
/*
* We are negotiating the version 1.3 of the protocol. Do what we have