lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-05 19:35:48 +03:00
Code Activity

tls13: srv: Do not allow early data indication in 2nd ClientHello

Browse Source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Jerry Yu
2022-10-26 10:51:27 +08:00
committed by Ronald Cron
parent 1483dc3bde
commit 263dbf7167
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
library/ssl_tls13_server.c
View File

@@ -1533,6 +1533,12 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
unsigned int extension_type; unsigned int extension_type;
size_t extension_data_len; size_t extension_data_len;
const unsigned char *extension_data_end; const unsigned char *extension_data_end;
uint32_t allowed_exts = MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH;
if (ssl->handshake->hello_retry_request_count > 0) {
/* Do not accept early data extension in 2nd ClientHello */
allowed_exts &= ~MBEDTLS_SSL_EXT_MASK(EARLY_DATA);
}
/* RFC 8446, section 4.2.11 /* RFC 8446, section 4.2.11
* *
@@ -1560,7 +1566,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
ret = mbedtls_ssl_tls13_check_received_extension( ret = mbedtls_ssl_tls13_check_received_extension(
ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type, ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type,
MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH); allowed_exts);
if (ret != 0) { if (ret != 0) {
return ret; return ret;
} }