Remove peer CRT from mbedtls_ssl_session if !KEEP_PEER_CERT

This commit is contained in:
Hanno Becker 2019-02-06 15:40:27 +00:00
parent 4a2f8e584f
commit 2e6d34761f
5 changed files with 33 additions and 20 deletions

View file

@ -851,14 +851,15 @@ struct mbedtls_ssl_session
unsigned char master[48]; /*!< the master secret */ unsigned char master[48]; /*!< the master secret */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
mbedtls_x509_crt *peer_cert; /*!< peer X.509 cert chain */ mbedtls_x509_crt *peer_cert; /*!< peer X.509 cert chain */
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/*! The digest of the peer's end-CRT. This must be kept to detect CRT /*! The digest of the peer's end-CRT. This must be kept to detect CRT
* changes during renegotiation, mitigating the triple handshake attack. */ * changes during renegotiation, mitigating the triple handshake attack. */
unsigned char *peer_cert_digest; unsigned char *peer_cert_digest;
size_t peer_cert_digest_len; size_t peer_cert_digest_len;
mbedtls_md_type_t peer_cert_digest_type; mbedtls_md_type_t peer_cert_digest_type;
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
uint32_t verify_result; /*!< verification result */ uint32_t verify_result; /*!< verification result */

View file

@ -70,7 +70,8 @@ struct mbedtls_ssl_cache_entry
mbedtls_time_t timestamp; /*!< entry timestamp */ mbedtls_time_t timestamp; /*!< entry timestamp */
#endif #endif
mbedtls_ssl_session session; /*!< entry session */ mbedtls_ssl_session session; /*!< entry session */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
mbedtls_x509_buf peer_cert; /*!< entry peer_cert */ mbedtls_x509_buf peer_cert; /*!< entry peer_cert */
#endif #endif
mbedtls_ssl_cache_entry *next; /*!< chain pointer */ mbedtls_ssl_cache_entry *next; /*!< chain pointer */

View file

@ -100,7 +100,8 @@ int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session )
goto exit; goto exit;
} }
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* /*
* Restore peer certificate (without rest of the original chain) * Restore peer certificate (without rest of the original chain)
*/ */
@ -127,7 +128,7 @@ int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session )
goto exit; goto exit;
} }
} }
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
ret = 0; ret = 0;
goto exit; goto exit;
@ -247,7 +248,8 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
#endif #endif
} }
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* /*
* If we're reusing an entry, free its certificate first * If we're reusing an entry, free its certificate first
*/ */
@ -256,7 +258,7 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
mbedtls_free( cur->peer_cert.p ); mbedtls_free( cur->peer_cert.p );
memset( &cur->peer_cert, 0, sizeof(mbedtls_x509_buf) ); memset( &cur->peer_cert, 0, sizeof(mbedtls_x509_buf) );
} }
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/* Copy the entire session; this temporarily makes a copy of the /* Copy the entire session; this temporarily makes a copy of the
* X.509 CRT structure even though we only want to store the raw CRT. * X.509 CRT structure even though we only want to store the raw CRT.
@ -270,7 +272,8 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
goto exit; goto exit;
} }
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* If present, free the X.509 structure and only store the raw CRT data. */ /* If present, free the X.509 structure and only store the raw CRT data. */
if( cur->session.peer_cert != NULL ) if( cur->session.peer_cert != NULL )
{ {
@ -291,7 +294,7 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
mbedtls_free( cur->session.peer_cert ); mbedtls_free( cur->session.peer_cert );
cur->session.peer_cert = NULL; cur->session.peer_cert = NULL;
} }
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
ret = 0; ret = 0;
@ -333,9 +336,10 @@ void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache )
mbedtls_ssl_session_free( &prv->session ); mbedtls_ssl_session_free( &prv->session );
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
mbedtls_free( prv->peer_cert.p ); mbedtls_free( prv->peer_cert.p );
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
mbedtls_free( prv ); mbedtls_free( prv );
} }

View file

@ -9104,7 +9104,9 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
uint64_t start; uint64_t start;
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
size_t cert_len; size_t cert_len;
#endif
#endif #endif
/* /*
@ -9175,6 +9177,7 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
* Peer's end-entity certificate * Peer's end-entity certificate
*/ */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
if( session->peer_cert == NULL ) if( session->peer_cert == NULL )
cert_len = 0; cert_len = 0;
else else
@ -9195,8 +9198,8 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
} }
} }
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/* Digest of peer certificate */ /* Digest of peer certificate */
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
if( session->peer_cert_digest != NULL ) if( session->peer_cert_digest != NULL )
{ {
used += 1 /* type */ + 1 /* length */ + session->peer_cert_digest_len; used += 1 /* type */ + 1 /* length */ + session->peer_cert_digest_len;
@ -9295,8 +9298,10 @@ static int ssl_session_load( mbedtls_ssl_session *session,
uint64_t start; uint64_t start;
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
size_t cert_len; size_t cert_len;
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif
#endif
/* /*
* Check version identifier * Check version identifier
@ -9359,10 +9364,11 @@ static int ssl_session_load( mbedtls_ssl_session *session,
/* Immediately clear invalid pointer values that have been read, in case /* Immediately clear invalid pointer values that have been read, in case
* we exit early before we replaced them with valid ones. */ * we exit early before we replaced them with valid ones. */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
session->peer_cert = NULL; session->peer_cert = NULL;
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) #else
session->peer_cert_digest = NULL; session->peer_cert_digest = NULL;
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif #endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
session->ticket = NULL; session->ticket = NULL;
@ -9372,6 +9378,7 @@ static int ssl_session_load( mbedtls_ssl_session *session,
* Peer certificate * Peer certificate
*/ */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
if( 3 > (size_t)( end - p ) ) if( 3 > (size_t)( end - p ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@ -9407,8 +9414,7 @@ static int ssl_session_load( mbedtls_ssl_session *session,
p += cert_len; p += cert_len;
} }
#else /* defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* Deserialize CRT digest from the end of the ticket. */ /* Deserialize CRT digest from the end of the ticket. */
if( 2 > (size_t)( end - p ) ) if( 2 > (size_t)( end - p ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );

View file

@ -311,14 +311,14 @@ static int ssl_populate_session( mbedtls_ssl_session *session,
MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE; MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
session->peer_cert_digest_len = session->peer_cert_digest_len =
MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN; MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/* Move temporary CRT. */ /* Move temporary CRT. */
session->peer_cert = mbedtls_calloc( 1, sizeof( *session->peer_cert ) ); session->peer_cert = mbedtls_calloc( 1, sizeof( *session->peer_cert ) );
if( session->peer_cert == NULL ) if( session->peer_cert == NULL )
return( -1 ); return( -1 );
*session->peer_cert = tmp_crt; *session->peer_cert = tmp_crt;
memset( &tmp_crt, 0, sizeof( tmp_crt ) ); memset( &tmp_crt, 0, sizeof( tmp_crt ) );
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
mbedtls_x509_crt_free( &tmp_crt ); mbedtls_x509_crt_free( &tmp_crt );
} }
@ -706,6 +706,7 @@ void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
restored.master, sizeof( original.master ) ) == 0 ); restored.master, sizeof( original.master ) ) == 0 );
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
TEST_ASSERT( ( original.peer_cert == NULL ) == TEST_ASSERT( ( original.peer_cert == NULL ) ==
( restored.peer_cert == NULL ) ); ( restored.peer_cert == NULL ) );
if( original.peer_cert != NULL ) if( original.peer_cert != NULL )
@ -716,7 +717,7 @@ void ssl_serialize_session_save_load( int ticket_len, char *crt_file )
restored.peer_cert->raw.p, restored.peer_cert->raw.p,
original.peer_cert->raw.len ) == 0 ); original.peer_cert->raw.len ) == 0 );
} }
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
TEST_ASSERT( original.peer_cert_digest_type == TEST_ASSERT( original.peer_cert_digest_type ==
restored.peer_cert_digest_type ); restored.peer_cert_digest_type );
TEST_ASSERT( original.peer_cert_digest_len == TEST_ASSERT( original.peer_cert_digest_len ==