yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix various issues

Browse source 
- Format issues
- Possible memory leak
- Improve naming and comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2022-09-13 11:11:48 +08:00
parent 8d4bbbae4f
commit 4746b10c2e
2 changed files with 19 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
library/ssl_tls13_server.c
View file

@ -143,21 +143,14 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> check_identity_match_ticket" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> check_identity_match_ticket" ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET
". ticket_parse is %sconfigured. "
"ticket_write is %sconfigured.",
identity_len,
ssl->conf->f_ticket_parse == NULL ? "NOT " : "",
ssl->conf->f_ticket_write == NULL ? "NOT " : "" ) );
/* Ticket parser is not configured, Skip */ /* Ticket parser is not configured, Skip */
if( ssl->conf->f_ticket_parse == NULL || identity_len == 0 ) if( ssl->conf->f_ticket_parse == NULL || identity_len == 0 )
return( 0 ); return( 0 );
/* We create a copy of the encrypted ticket since decrypting /* We create a copy of the encrypted ticket since the ticket parsing
* it into the same buffer will wipe-out the original content. * function is allowed to use its input buffer as an output buffer
* We do, however, need the original buffer for computing the * (in-place decryption). We do, however, need the original buffer for
* psk binder value. * computing the PSK binder value.
*/ */
ticket_buffer = mbedtls_calloc( 1, identity_len ); ticket_buffer = mbedtls_calloc( 1, identity_len );
if( ticket_buffer == NULL ) if( ticket_buffer == NULL )
@ -258,8 +251,8 @@ static int ssl_tls13_offered_psks_check_identity_match(
const unsigned char *identity, const unsigned char *identity,
size_t identity_len, size_t identity_len,
uint32_t obfuscated_ticket_age, uint32_t obfuscated_ticket_age,
void *session, int *psk_type,
int *psk_type ) mbedtls_ssl_session *session )
{ {
((void) session); ((void) session);
((void) obfuscated_ticket_age); ((void) obfuscated_ticket_age);
@ -268,8 +261,6 @@ static int ssl_tls13_offered_psks_check_identity_match(
MBEDTLS_SSL_DEBUG_BUF( 4, "identity", identity, identity_len ); MBEDTLS_SSL_DEBUG_BUF( 4, "identity", identity, identity_len );
ssl->handshake->resume = 0; ssl->handshake->resume = 0;
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
if( ssl_tls13_offered_psks_check_identity_match_ticket( if( ssl_tls13_offered_psks_check_identity_match_ticket(
ssl, identity, identity_len, obfuscated_ticket_age, ssl, identity, identity_len, obfuscated_ticket_age,
@ -444,31 +435,26 @@ static int ssl_tls13_select_ciphersuite_for_resumption(
if( ciphersuite_info == NULL ) if( ciphersuite_info == NULL )
continue; continue;
*selected_ciphersuite = session->ciphersuite; *selected_ciphersuite = cipher_suite;
*selected_ciphersuite_info = ciphersuite_info; *selected_ciphersuite_info = ciphersuite_info;
return( 0 ); return( 0 );
} }
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
} }
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_session_copy( mbedtls_ssl_session *dst, static int ssl_tls13_session_copy_ticket( mbedtls_ssl_session *dst,
mbedtls_ssl_session *src ) const mbedtls_ssl_session *src )
{ {
dst->endpoint = src->endpoint;
dst->ciphersuite = src->ciphersuite;
dst->ticket_age_add = src->ticket_age_add; dst->ticket_age_add = src->ticket_age_add;
dst->ticket_flags = src->ticket_flags; dst->ticket_flags = src->ticket_flags;
dst->resumption_key_len = src->resumption_key_len; dst->resumption_key_len = src->resumption_key_len;
if( src->resumption_key_len == 0 ) if( src->resumption_key_len == 0 )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
memcpy( dst->resumption_key, src->resumption_key, src->resumption_key_len ); memcpy( dst->resumption_key, src->resumption_key, src->resumption_key_len );
#if defined(MBEDTLS_HAVE_TIME)
dst->start = src->start;
#endif
return( 0 ); return( 0 );
} }
#endif /* MBEDTLS_SSL_SESSION_TICKETS */ #endif /* MBEDTLS_SSL_SESSION_TICKETS */
@ -551,7 +537,7 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t *ciphersuite_info; const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_session session; mbedtls_ssl_session session;
memset( &session, 0, sizeof( session ) ); mbedtls_ssl_session_init( &session );
#endif #endif
MBEDTLS_SSL_CHK_BUF_READ_PTR( p_identity_len, identities_end, 2 + 1 + 4 ); MBEDTLS_SSL_CHK_BUF_READ_PTR( p_identity_len, identities_end, 2 + 1 + 4 );
@ -573,7 +559,7 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl,
ret = ssl_tls13_offered_psks_check_identity_match( ret = ssl_tls13_offered_psks_check_identity_match(
ssl, identity, identity_len, obfuscated_ticket_age, ssl, identity, identity_len, obfuscated_ticket_age,
&session, &psk_type ); &psk_type, &session );
if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH ) if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH )
continue; continue;
@ -590,6 +576,8 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl,
ret = ssl_tls13_select_ciphersuite_for_resumption( ret = ssl_tls13_select_ciphersuite_for_resumption(
ssl, ciphersuites, ciphersuites_end, &session, ssl, ciphersuites, ciphersuites_end, &session,
&cipher_suite, &ciphersuite_info ); &cipher_suite, &ciphersuite_info );
if( ret != 0 )
mbedtls_ssl_session_free( &session );
#else #else
ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
#endif #endif
@ -632,18 +620,13 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl,
/* Update handshake parameters */ /* Update handshake parameters */
ssl->handshake->ciphersuite_info = ciphersuite_info; ssl->handshake->ciphersuite_info = ciphersuite_info;
if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL ) ssl->session_negotiate->ciphersuite = cipher_suite;
{ MBEDTLS_SSL_DEBUG_MSG( 2, ( "overwrite ciphersuite: %04x - %s",
ssl->session_negotiate->ciphersuite = cipher_suite; cipher_suite, ciphersuite_info->name ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "overwrite ciphersuite: %04x - %s",
cipher_suite,
ciphersuite_info->name ) );
}
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
else
if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION ) if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION )
{ {
ret = ssl_tls13_session_copy(ssl->session_negotiate, &session ); ret = ssl_tls13_session_copy_ticket(ssl->session_negotiate, &session );
mbedtls_ssl_session_free( &session ); mbedtls_ssl_session_free( &session );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );

1
programs/ssl/ssl_client2.c
View file

@ -708,6 +708,7 @@ exit:
mbedtls_ssl_session_free( &exported_session ); mbedtls_ssl_session_free( &exported_session );
return( ret ); return( ret );
} }
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
int ret = 0, len, tail_len, i, written, frags, retry_left; int ret = 0, len, tail_len, i, written, frags, retry_left;