diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6c2ba7263..833246141 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8248,7 +8248,7 @@ int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, server_name_list_len ); server_name_list_end = p + server_name_list_len; - while ( p < server_name_list_end ) + while( p < server_name_list_end ) { MBEDTLS_SSL_CHK_BUF_READ_PTR( p, server_name_list_end, 3 ); hostname_len = MBEDTLS_GET_UINT16_BE( p, 1 ); @@ -8257,6 +8257,11 @@ int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl, if( p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ) { + /* sni_name is intended to be used only during the parsing of the + * ClientHello message (it is reset to NULL before the end of + * the message parsing). Thus it is ok to just point to the + * reception buffer and not make a copy of it. + */ ssl->handshake->sni_name = p + 3; ssl->handshake->sni_name_len = hostname_len; if( ssl->conf->f_sni == NULL ) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index e4ca6aa2d..6527e2177 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -392,7 +392,7 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) { ssl->handshake->key_cert = key_cert; MBEDTLS_SSL_DEBUG_CRT( - 3, "selected certificate chain, certificate", + 3, "selected certificate (chain)", ssl->handshake->key_cert->cert ); return( 0 ); } @@ -769,10 +769,18 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, ssl_tls13_debug_print_client_hello_exts( ssl ); #endif /* MBEDTLS_DEBUG_C */ + return( hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK ); +} + +/* Update the handshake state machine */ + +static int ssl_tls13_postprocess_client_hello( mbedtls_ssl_context* ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + /* * Here we only support the ephemeral or (EC)DHE key echange mode */ - if( !ssl_tls13_check_ephemeral_key_exchange( ssl ) ) { MBEDTLS_SSL_DEBUG_MSG( @@ -783,15 +791,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } - return( hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK ); -} - -/* Update the handshake state machine */ - -static int ssl_tls13_postprocess_client_hello( mbedtls_ssl_context* ssl ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - /* * Server certificate selection */