Add transforms to be used for TLS 1.3

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-10 09:24:19 +01:00 · 2021-08-10 09:24:19 +01:00 · 3aa186f946
commit 3aa186f946
parent 0e719ff341
3 changed files with 25 additions and 0 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1341,6 +1341,12 @@ struct mbedtls_ssl_context
                                                                  *    This pointer owns the transform
                                                                  *    it references.                  */

+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    /* The application data transform in TLS 1.3.
+     * This pointer owns the transform it references. */
+    mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_application);
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
    /*
     * Timers
     */
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -562,6 +562,13 @@ struct mbedtls_ssl_handshake_params
    uint16_t mtu;                       /*!<  Handshake mtu, used to fragment outgoing messages */
 #endif /* MBEDTLS_SSL_PROTO_DTLS */

+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    /* TLS 1.3 transforms for 0-RTT and encrypted handshake messages.
+     * Those pointers own the transforms they reference. */
+    mbedtls_ssl_transform *transform_handshake;
+    mbedtls_ssl_transform *transform_earlydata;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
    /*
     * Checksum contexts
     */
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -5393,6 +5393,13 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
    handle_buffer_resizing( ssl, 1, mbedtls_ssl_get_input_buflen( ssl ),
                                    mbedtls_ssl_get_output_buflen( ssl ) );
 #endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    mbedtls_free( handshake->transform_earlydata );
+    mbedtls_free( handshake->transform_handshake );
+    handshake->transform_earlydata = NULL;
+    handshake->transform_handshake = NULL;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 }

 void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
@ -6091,6 +6098,11 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
        mbedtls_free( ssl->session_negotiate );
    }

+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    mbedtls_ssl_transform_free( ssl->transform_application );
+    mbedtls_free( ssl->transform_application );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
    if( ssl->session )
    {
        mbedtls_ssl_session_free( ssl->session );