Fix TLS 1.2 session serialization on server side
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
parent
7b1921ac57
commit
feb577a949
1 changed files with 35 additions and 31 deletions
|
|
@ -9059,20 +9059,22 @@ static size_t ssl_tls12_session_save(const mbedtls_ssl_session *session,
|
|||
* Session ticket if any, plus associated data
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
|
||||
used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */
|
||||
if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) {
|
||||
used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */
|
||||
|
||||
if (used <= buf_len) {
|
||||
*p++ = MBEDTLS_BYTE_2(session->ticket_len);
|
||||
*p++ = MBEDTLS_BYTE_1(session->ticket_len);
|
||||
*p++ = MBEDTLS_BYTE_0(session->ticket_len);
|
||||
if (used <= buf_len) {
|
||||
*p++ = MBEDTLS_BYTE_2(session->ticket_len);
|
||||
*p++ = MBEDTLS_BYTE_1(session->ticket_len);
|
||||
*p++ = MBEDTLS_BYTE_0(session->ticket_len);
|
||||
|
||||
if (session->ticket != NULL) {
|
||||
memcpy(p, session->ticket, session->ticket_len);
|
||||
p += session->ticket_len;
|
||||
if (session->ticket != NULL) {
|
||||
memcpy(p, session->ticket, session->ticket_len);
|
||||
p += session->ticket_len;
|
||||
}
|
||||
|
||||
MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0);
|
||||
p += 4;
|
||||
}
|
||||
|
||||
MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0);
|
||||
p += 4;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
|
||||
|
||||
|
|
@ -9241,33 +9243,35 @@ static int ssl_tls12_session_load(mbedtls_ssl_session *session,
|
|||
* Session ticket and associated data
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
|
||||
if (3 > (size_t) (end - p)) {
|
||||
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
session->ticket_len = MBEDTLS_GET_UINT24_BE(p, 0);
|
||||
p += 3;
|
||||
|
||||
if (session->ticket_len != 0) {
|
||||
if (session->ticket_len > (size_t) (end - p)) {
|
||||
if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) {
|
||||
if (3 > (size_t) (end - p)) {
|
||||
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
session->ticket = mbedtls_calloc(1, session->ticket_len);
|
||||
if (session->ticket == NULL) {
|
||||
return MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
||||
session->ticket_len = MBEDTLS_GET_UINT24_BE(p, 0);
|
||||
p += 3;
|
||||
|
||||
if (session->ticket_len != 0) {
|
||||
if (session->ticket_len > (size_t) (end - p)) {
|
||||
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
session->ticket = mbedtls_calloc(1, session->ticket_len);
|
||||
if (session->ticket == NULL) {
|
||||
return MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
||||
}
|
||||
|
||||
memcpy(session->ticket, p, session->ticket_len);
|
||||
p += session->ticket_len;
|
||||
}
|
||||
|
||||
memcpy(session->ticket, p, session->ticket_len);
|
||||
p += session->ticket_len;
|
||||
}
|
||||
if (4 > (size_t) (end - p)) {
|
||||
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
if (4 > (size_t) (end - p)) {
|
||||
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||
session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0);
|
||||
p += 4;
|
||||
}
|
||||
|
||||
session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0);
|
||||
p += 4;
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
|
||||
|
||||
/*
|
||||
|
|
|
|||
Loading…
Reference in a new issue