Add Mbed TLS version to SSL sessions

The format of serialized SSL sessions depends on the version and the
configuration of Mbed TLS; attempts to restore sessions established
in different versions and/or configurations lead to undefined behaviour.

This commit adds an 3-byte version header to the serialized session
generated and cleanly fails ticket parsing in case a session from a
non-matching version of Mbed TLS is presented.
This commit is contained in:
Hanno Becker 2019-05-16 12:39:07 +01:00 committed by Jarno Lamsa
parent aa75583ced
commit a835da5cb1

View file

@ -47,6 +47,7 @@
#include "mbedtls/ssl.h" #include "mbedtls/ssl.h"
#include "mbedtls/ssl_internal.h" #include "mbedtls/ssl_internal.h"
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
#include "mbedtls/version.h"
#include <string.h> #include <string.h>
@ -9842,10 +9843,22 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_co
return( ssl->session ); return( ssl->session );
} }
/*
* Define ticket header determining Mbed TLS version
* and structure of the ticket.
*/
static unsigned char ssl_serialized_session_header[] = {
MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR,
MBEDTLS_VERSION_PATCH,
};
/* /*
* Serialize a session in the following format: * Serialize a session in the following format:
* (in the presentation language of TLS, RFC 8446 section 3) * (in the presentation language of TLS, RFC 8446 section 3)
* *
* opaque mbedtls_version[3]; // major, minor, patch
* uint64 start_time; * uint64 start_time;
* uint8 ciphersuite[2]; // defined by the standard * uint8 ciphersuite[2]; // defined by the standard
* uint8 compression; // 0 or 1 * uint8 compression; // 0 or 1
@ -9881,6 +9894,19 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
/*
* Add version identifier
*/
used += sizeof( ssl_serialized_session_header );
if( used <= buf_len )
{
memcpy( p, ssl_serialized_session_header,
sizeof( ssl_serialized_session_header ) );
p += sizeof( ssl_serialized_session_header );
}
/* /*
* Time * Time
*/ */
@ -10060,6 +10086,21 @@ static int ssl_session_load( mbedtls_ssl_session *session,
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
/*
* Check version identifier
*/
if( (size_t)( end - p ) < sizeof( ssl_serialized_session_header ) )
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
if( memcmp( p, ssl_serialized_session_header,
sizeof( ssl_serialized_session_header ) ) != 0 )
{
/* A more specific error code might be used here. */
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
p += sizeof( ssl_serialized_session_header );
/* /*
* Time * Time
*/ */