lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Merge pull request #8697 from BensonLiou/random_bye_on_hrr

Browse Source 
Do not generate new random number while receiving HRR
This commit is contained in:
Gilles Peskine
2024-03-14 15:59:21 +00:00
committed by GitHub
parent 50da462fc8 93b305dc8e
commit 1c5ebf4352
3 changed files with 21 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog.d/fix-new-rn-on-hrr.txt Normal file
View File

@ -0,0 +1,3 @@
Bugfix
* In TLS 1.3 clients, fix an interoperability problem due to the client
generating a new random after a HelloRetryRequest. Fixes #8669.

5
library/ssl_client.c
View File

@ -790,6 +790,10 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl)
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) ||
(ssl->handshake->cookie == NULL))
#endif
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if (!ssl->handshake->hello_retry_request_flag)
#endif
{
ret = ssl_generate_random(ssl);
@ -798,6 +802,7 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl)
return ret;
}
}
}
/*
* Prepare session identifier. At that point, the length of the session

8
tests/suites/test_suite_ssl.function
View File

@ -3850,6 +3850,7 @@ void tls13_cli_early_data_state(int scenario)
MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
MBEDTLS_SSL_IANA_TLS_GROUP_NONE
};
uint8_t client_random[MBEDTLS_CLIENT_HELLO_RANDOM_LEN];
mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
@ -3987,9 +3988,16 @@ void tls13_cli_early_data_state(int scenario)
if (!client_ep.ssl.handshake->hello_retry_request_flag) {
TEST_EQUAL(client_ep.ssl.early_data_state,
MBEDTLS_SSL_EARLY_DATA_STATE_CAN_WRITE);
memcpy(client_random,
client_ep.ssl.handshake->randbytes,
MBEDTLS_CLIENT_HELLO_RANDOM_LEN);
} else {
TEST_EQUAL(client_ep.ssl.early_data_state,
MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED);
TEST_MEMORY_COMPARE(client_random,
MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
client_ep.ssl.handshake->randbytes,
MBEDTLS_CLIENT_HELLO_RANDOM_LEN);
}
break;