Fix TLS 1.2 session serialization on server side
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
parent
7b1921ac57
commit
feb577a949
1 changed files with 35 additions and 31 deletions
|
|
@ -9059,20 +9059,22 @@ static size_t ssl_tls12_session_save(const mbedtls_ssl_session *session,
|
||||||
* Session ticket if any, plus associated data
|
* Session ticket if any, plus associated data
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
|
||||||
used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */
|
if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) {
|
||||||
|
used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */
|
||||||
|
|
||||||
if (used <= buf_len) {
|
if (used <= buf_len) {
|
||||||
*p++ = MBEDTLS_BYTE_2(session->ticket_len);
|
*p++ = MBEDTLS_BYTE_2(session->ticket_len);
|
||||||
*p++ = MBEDTLS_BYTE_1(session->ticket_len);
|
*p++ = MBEDTLS_BYTE_1(session->ticket_len);
|
||||||
*p++ = MBEDTLS_BYTE_0(session->ticket_len);
|
*p++ = MBEDTLS_BYTE_0(session->ticket_len);
|
||||||
|
|
||||||
if (session->ticket != NULL) {
|
if (session->ticket != NULL) {
|
||||||
memcpy(p, session->ticket, session->ticket_len);
|
memcpy(p, session->ticket, session->ticket_len);
|
||||||
p += session->ticket_len;
|
p += session->ticket_len;
|
||||||
|
}
|
||||||
|
|
||||||
|
MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0);
|
||||||
|
p += 4;
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0);
|
|
||||||
p += 4;
|
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
|
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
|
||||||
|
|
||||||
|
|
@ -9241,33 +9243,35 @@ static int ssl_tls12_session_load(mbedtls_ssl_session *session,
|
||||||
* Session ticket and associated data
|
* Session ticket and associated data
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
|
||||||
if (3 > (size_t) (end - p)) {
|
if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) {
|
||||||
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
if (3 > (size_t) (end - p)) {
|
||||||
}
|
|
||||||
|
|
||||||
session->ticket_len = MBEDTLS_GET_UINT24_BE(p, 0);
|
|
||||||
p += 3;
|
|
||||||
|
|
||||||
if (session->ticket_len != 0) {
|
|
||||||
if (session->ticket_len > (size_t) (end - p)) {
|
|
||||||
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||||
}
|
}
|
||||||
|
|
||||||
session->ticket = mbedtls_calloc(1, session->ticket_len);
|
session->ticket_len = MBEDTLS_GET_UINT24_BE(p, 0);
|
||||||
if (session->ticket == NULL) {
|
p += 3;
|
||||||
return MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
|
||||||
|
if (session->ticket_len != 0) {
|
||||||
|
if (session->ticket_len > (size_t) (end - p)) {
|
||||||
|
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||||
|
}
|
||||||
|
|
||||||
|
session->ticket = mbedtls_calloc(1, session->ticket_len);
|
||||||
|
if (session->ticket == NULL) {
|
||||||
|
return MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
||||||
|
}
|
||||||
|
|
||||||
|
memcpy(session->ticket, p, session->ticket_len);
|
||||||
|
p += session->ticket_len;
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(session->ticket, p, session->ticket_len);
|
if (4 > (size_t) (end - p)) {
|
||||||
p += session->ticket_len;
|
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (4 > (size_t) (end - p)) {
|
session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0);
|
||||||
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
p += 4;
|
||||||
}
|
}
|
||||||
|
|
||||||
session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0);
|
|
||||||
p += 4;
|
|
||||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
|
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue