Add ALPN checking when accepting early data

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2025-07-29 11:41:15 +03:00 · 2024-03-14 01:48:40 +00:00
parent 131b2ffd89
commit 4dfb0e7c90
6 changed files with 118 additions and 1 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -238,6 +238,11 @@ int mbedtls_ssl_session_copy(mbedtls_ssl_session *dst,
 #endif
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */

+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_ALPN) && \
+    defined(MBEDTLS_SSL_EARLY_DATA)
+    dst->ticket_alpn = NULL;
+#endif
+
 #if defined(MBEDTLS_X509_CRT_PARSE_C)

 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
@ -275,6 +280,16 @@ int mbedtls_ssl_session_copy(mbedtls_ssl_session *dst,

 #endif /* MBEDTLS_X509_CRT_PARSE_C */

+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_ALPN) && \
+    defined(MBEDTLS_SSL_EARLY_DATA)
+    {
+        int ret = mbedtls_ssl_session_set_ticket_alpn(dst, src->ticket_alpn);
+        if (ret != 0) {
+            return ret;
+        }
+    }
+#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_ALPN && MBEDTLS_SSL_EARLY_DATA */
+
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
    if (src->ticket != NULL) {
        dst->ticket = mbedtls_calloc(1, src->ticket_len);
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -1819,7 +1819,6 @@ static int ssl_tls13_check_early_data_requirements(mbedtls_ssl_context *ssl)
     * NOTE:
     *  - The TLS version number is checked in
     *    ssl_tls13_offered_psks_check_identity_match_ticket().
-     *  - ALPN is not checked for the time being (TODO).
     */

    if (handshake->selected_identity != 0) {
@ -1846,6 +1845,28 @@ static int ssl_tls13_check_early_data_requirements(mbedtls_ssl_context *ssl)
        return -1;
    }

+#if defined(MBEDTLS_SSL_ALPN)
+    const char *alpn = mbedtls_ssl_get_alpn_protocol(ssl);
+    size_t alpn_len;
+
+    if (alpn == NULL && ssl->session_negotiate->ticket_alpn == NULL) {
+        return 0;
+    }
+
+    if (alpn != NULL) {
+        alpn_len = strlen(alpn);
+    }
+
+    if (alpn == NULL ||
+        ssl->session_negotiate->ticket_alpn == NULL ||
+        alpn_len != strlen(ssl->session_negotiate->ticket_alpn) ||
+        (memcmp(alpn, ssl->session_negotiate->ticket_alpn, alpn_len) != 0)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("EarlyData: rejected, the selected ALPN is different "
+                                  "from the one associated with the pre-shared key."));
+        return -1;
+    }
+#endif
+
    return 0;
 }
 #endif /* MBEDTLS_SSL_EARLY_DATA */