commit 9198ad110153626981e4ef70fe0504b27c30472f
author Hanno Becker <hanno.becker@arm.com> Tue Feb 05 17:00:50 2019 +0000
committer Hanno Becker <hanno.becker@arm.com> Tue Feb 26 14:38:09 2019 +0000
tree b2ae0987d443ccb6a453408385e43b84e28bfa79
parent 8d84fd83ff5dd409a77e216c09b576d3b36481aa

Extend mbedtls_ssl_session by buffer holding peer CRT digest

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ac652d2..26832bc 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -304,6 +304,22 @@
             return( ret );
         }
     }
+
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    if( src->peer_cert_digest != NULL )
+    {
+        dst->peer_cert_digest_len = src->peer_cert_digest_len;
+        dst->peer_cert_digest =
+            mbedtls_calloc( 1, dst->peer_cert_digest_len );
+        if( dst->peer_cert_digest == NULL )
+            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+        memcpy( dst->peer_cert_digest, src->peer_cert_digest,
+                src->peer_cert_digest_len );
+        dst->peer_cert_digest_type = src->peer_cert_digest_type;
+    }
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
@@ -5733,6 +5749,17 @@
         mbedtls_free( session->peer_cert );
         session->peer_cert = NULL;
     }
+
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    if( session->peer_cert_digest != NULL )
+    {
+        /* Zeroization is not necessary. */
+        mbedtls_free( session->peer_cert_digest );
+        session->peer_cert_digest      = NULL;
+        session->peer_cert_digest_type = MBEDTLS_MD_NONE;
+        session->peer_cert_digest_len  = 0;
+    }
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 }
 
 /*