From 35178fe7ecd473328248c3f0cc0dc3a0603d2a21 Mon Sep 17 00:00:00 2001 From: BensonLiou Date: Thu, 11 Jan 2024 15:28:17 +0800 Subject: [PATCH 1/5] Do not generate new random number while receiving HRR Signed-off-by: BensonLiou --- library/ssl_client.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index 270db41683..dd10d72fc6 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -797,10 +797,15 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl) (ssl->handshake->cookie == NULL)) #endif { - ret = ssl_generate_random(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "Random bytes generation failed", ret); - return ret; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + if (ssl->handshake->hello_retry_request_count == 0) +#endif + { + ret = ssl_generate_random(ssl); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "Random bytes generation failed", ret); + return ret; + } } } From 41bed383ec9454d882b2a820b95aadb41a38a1f4 Mon Sep 17 00:00:00 2001 From: BensonLiou Date: Fri, 16 Feb 2024 16:07:53 +0800 Subject: [PATCH 2/5] To check if client random number is unchanged while receiving HRR Signed-off-by: BensonLiou --- tests/suites/test_suite_ssl.function | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 2751e58c16..41f8bb7669 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3802,6 +3802,7 @@ void tls13_cli_early_data_status(int scenario) MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; + uint8_t client_random[MBEDTLS_CLIENT_HELLO_RANDOM_LEN]; mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); @@ -3931,9 +3932,11 @@ void tls13_cli_early_data_status(int scenario) if (client_ep.ssl.handshake->hello_retry_request_count == 0) { TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); + memcpy(client_random, client_ep.ssl.handshake->randbytes, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); } else { TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + TEST_MEMORY_COMPARE(client_random, MBEDTLS_CLIENT_HELLO_RANDOM_LEN, client_ep.ssl.handshake->randbytes, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); } break; } From bedd2519e64cd31fd43370ef28bb4b7ae96c5ae0 Mon Sep 17 00:00:00 2001 From: BensonLiou Date: Wed, 13 Mar 2024 20:21:26 +0800 Subject: [PATCH 3/5] fix code style Signed-off-by: BensonLiou --- tests/suites/test_suite_ssl.function | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 41f8bb7669..c2655de936 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2419,7 +2419,7 @@ void ssl_session_serialize_version_check(int corrupt_major, * corrupt them bit-by-bit. */ for (cur_byte = 0; cur_byte < sizeof(should_corrupt_byte); cur_byte++) { int cur_bit; - unsigned char * const byte = &serialized_session[cur_byte]; + unsigned char *const byte = &serialized_session[cur_byte]; if (should_corrupt_byte[cur_byte] == 0) { continue; @@ -3932,11 +3932,16 @@ void tls13_cli_early_data_status(int scenario) if (client_ep.ssl.handshake->hello_retry_request_count == 0) { TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); - memcpy(client_random, client_ep.ssl.handshake->randbytes, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); + memcpy(client_random, + client_ep.ssl.handshake->randbytes, + MBEDTLS_CLIENT_HELLO_RANDOM_LEN); } else { TEST_EQUAL(client_ep.ssl.early_data_status, MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); - TEST_MEMORY_COMPARE(client_random, MBEDTLS_CLIENT_HELLO_RANDOM_LEN, client_ep.ssl.handshake->randbytes, MBEDTLS_CLIENT_HELLO_RANDOM_LEN); + TEST_MEMORY_COMPARE(client_random, + MBEDTLS_CLIENT_HELLO_RANDOM_LEN, + client_ep.ssl.handshake->randbytes, + MBEDTLS_CLIENT_HELLO_RANDOM_LEN); } break; } From 7b8b696790f0e6777e6c5b309dbc6d30a96f8d4d Mon Sep 17 00:00:00 2001 From: BensonLiou Date: Thu, 14 Mar 2024 18:11:09 +0800 Subject: [PATCH 4/5] Add change log Signed-off-by: BensonLiou --- ChangeLog.d/fix-new-rn-on-hrr.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/fix-new-rn-on-hrr.txt diff --git a/ChangeLog.d/fix-new-rn-on-hrr.txt b/ChangeLog.d/fix-new-rn-on-hrr.txt new file mode 100644 index 0000000000..1b4f5e6a8c --- /dev/null +++ b/ChangeLog.d/fix-new-rn-on-hrr.txt @@ -0,0 +1,3 @@ +Bugfix + * In TLS 1.3 clients, fix an interoperability problem due to the client + generating a new random after a HelloRetryRequest. Fixes #8669. From 93b305dc8ed1b688ca823df706663aa46c28bef3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 14 Mar 2024 15:05:09 +0100 Subject: [PATCH 5/5] tls13: Use a flag not a counter for CCS and HRR handling Reconcile with 5fbd27055d15c8ac234a229389ff4e31977487a0 on another branch Signed-off-by: Gilles Peskine --- library/ssl_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index 371c06c974..345e608938 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -793,7 +793,7 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl) #endif { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (ssl->handshake->hello_retry_request_count == 0) + if (!ssl->handshake->hello_retry_request_flag) #endif { ret = ssl_generate_random(ssl);