tls13: guards transform negotiate
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu
parent
a6ca882943
commit
2e19981e17
3 changed files with 34 additions and 11 deletions
|
|
@ -1656,9 +1656,11 @@ struct mbedtls_ssl_context
|
|||
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params
|
||||
* This pointer owns the transform
|
||||
* it references. */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation
|
||||
* This pointer owns the transform
|
||||
* it references. */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
/*! The application data transform in TLS 1.3.
|
||||
|
|
|
|||
|
|
@ -5097,9 +5097,12 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
|
|||
* data.
|
||||
*/
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) );
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
ssl->transform_in = ssl->transform_negotiate;
|
||||
#endif
|
||||
ssl->session_in = ssl->session_negotiate;
|
||||
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
|
|
|
|||
|
|
@ -965,13 +965,16 @@ MBEDTLS_CHECK_RETURN_CRITICAL
|
|||
static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
/* Clear old handshake information if present */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->transform_negotiate )
|
||||
mbedtls_ssl_transform_free( ssl->transform_negotiate );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
if( ssl->session_negotiate )
|
||||
mbedtls_ssl_session_free( ssl->session_negotiate );
|
||||
if( ssl->handshake )
|
||||
mbedtls_ssl_handshake_free( ssl );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
/*
|
||||
* Either the pointers are now NULL or cleared properly and can be freed.
|
||||
* Now allocate missing structures.
|
||||
|
|
@ -980,6 +983,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
|||
{
|
||||
ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
if( ssl->session_negotiate == NULL )
|
||||
{
|
||||
|
|
@ -998,18 +1002,23 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
|||
#endif
|
||||
|
||||
/* All pointers should exist and can be directly freed without issue */
|
||||
if( ssl->handshake == NULL ||
|
||||
if( ssl->handshake == NULL ||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
ssl->transform_negotiate == NULL ||
|
||||
ssl->session_negotiate == NULL )
|
||||
#endif
|
||||
ssl->session_negotiate == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc() of ssl sub-contexts failed" ) );
|
||||
|
||||
mbedtls_free( ssl->handshake );
|
||||
mbedtls_free( ssl->transform_negotiate );
|
||||
mbedtls_free( ssl->session_negotiate );
|
||||
|
||||
ssl->handshake = NULL;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
mbedtls_free( ssl->transform_negotiate );
|
||||
ssl->transform_negotiate = NULL;
|
||||
#endif
|
||||
|
||||
mbedtls_free( ssl->session_negotiate );
|
||||
ssl->session_negotiate = NULL;
|
||||
|
||||
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
||||
|
|
@ -1017,9 +1026,12 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
|||
|
||||
/* Initialize structures */
|
||||
mbedtls_ssl_session_init( ssl->session_negotiate );
|
||||
mbedtls_ssl_transform_init( ssl->transform_negotiate );
|
||||
ssl_handshake_params_init( ssl->handshake );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
mbedtls_ssl_transform_init( ssl->transform_negotiate );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
defined(MBEDTLS_SSL_SRV_C) && \
|
||||
defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
|
|
@ -3975,7 +3987,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
|||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_hash_abort( &handshake->fin_sha256_psa );
|
||||
#else
|
||||
mbedtls_sha256_free( &handshake->fin_sha256 );
|
||||
mbedtls_sha256_free( &handshake->fin_sha256 );
|
||||
#endif
|
||||
#endif
|
||||
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||
|
|
@ -4512,10 +4524,12 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
|
|||
|
||||
/* This has been allocated by ssl_handshake_init(), called by
|
||||
* by either mbedtls_ssl_session_reset_int() or mbedtls_ssl_setup(). */
|
||||
ssl->transform = ssl->transform_negotiate;
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
ssl->transform = ssl->transform_negotiate;
|
||||
ssl->transform_in = ssl->transform;
|
||||
ssl->transform_out = ssl->transform;
|
||||
ssl->transform_negotiate = NULL;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
prf_func = ssl_tls12prf_from_cs( ssl->session->ciphersuite );
|
||||
|
|
@ -4748,14 +4762,18 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
|
|||
mbedtls_free( ssl->transform );
|
||||
}
|
||||
|
||||
|
||||
if( ssl->handshake )
|
||||
{
|
||||
mbedtls_ssl_handshake_free( ssl );
|
||||
mbedtls_ssl_transform_free( ssl->transform_negotiate );
|
||||
mbedtls_ssl_session_free( ssl->session_negotiate );
|
||||
|
||||
mbedtls_free( ssl->handshake );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
mbedtls_ssl_transform_free( ssl->transform_negotiate );
|
||||
mbedtls_free( ssl->transform_negotiate );
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_session_free( ssl->session_negotiate );
|
||||
mbedtls_free( ssl->session_negotiate );
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue