TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a835da5cb194800c15145b4212f4febe56f8cea5^! / . / library / ssl_tls.c
commita835da5cb194800c15145b4212f4febe56f8cea5[log] [tgz]
authorHanno Becker <hanno.becker@arm.com>Thu May 16 12:39:07 2019 +0100
committerJarno Lamsa <jarno.lamsa@arm.com>Fri Aug 23 12:51:21 2019 +0300
treecba7d04ee5e2ec988c8bf2d6d42dbb936ff50e67
parentaa75583ced5166edf21ebcef7ff6f7713c19a72b [diff] [blame]
Add Mbed TLS version to SSL sessions

The format of serialized SSL sessions depends on the version and the
configuration of Mbed TLS; attempts to restore sessions established
in different versions and/or configurations lead to undefined behaviour.

This commit adds an 3-byte version header to the serialized session
generated and cleanly fails ticket parsing in case a session from a
non-matching version of Mbed TLS is presented.

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4a886ae..b6c585f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -47,6 +47,7 @@
 #include "mbedtls/ssl.h"
 #include "mbedtls/ssl_internal.h"
 #include "mbedtls/platform_util.h"
+#include "mbedtls/version.h"
 
 #include <string.h>
 
@@ -9843,9 +9844,21 @@
 }
 
 /*
+ * Define ticket header determining Mbed TLS version
+ * and structure of the ticket.
+ */
+
+ static unsigned char ssl_serialized_session_header[] = {
+    MBEDTLS_VERSION_MAJOR,
+    MBEDTLS_VERSION_MINOR,
+    MBEDTLS_VERSION_PATCH,
+ };
+
+/*
  * Serialize a session in the following format:
  * (in the presentation language of TLS, RFC 8446 section 3)
  *
+ *  opaque mbedtls_version[3];      // major, minor, patch
  *  uint64 start_time;
  *  uint8 ciphersuite[2];           // defined by the standard
  *  uint8 compression;              // 0 or 1
@@ -9882,6 +9895,19 @@
 
 
     /*
+     * Add version identifier
+     */
+
+    used += sizeof( ssl_serialized_session_header );
+
+    if( used <= buf_len )
+    {
+        memcpy( p, ssl_serialized_session_header,
+                sizeof( ssl_serialized_session_header ) );
+        p += sizeof( ssl_serialized_session_header );
+    }
+
+    /*
      * Time
      */
 #if defined(MBEDTLS_HAVE_TIME)
@@ -10061,6 +10087,21 @@
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
     /*
+     * Check version identifier
+     */
+
+    if( (size_t)( end - p ) < sizeof( ssl_serialized_session_header ) )
+        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+    if( memcmp( p, ssl_serialized_session_header,
+                sizeof( ssl_serialized_session_header ) ) != 0 )
+    {
+        /* A more specific error code might be used here. */
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+    p += sizeof( ssl_serialized_session_header );
+
+    /*
      * Time
      */
 #if defined(MBEDTLS_HAVE_TIME)