lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

Add ALPN checking when accepting early data

Browse Source 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
This commit is contained in:
Waleed Elmelegy
2024-03-14 01:48:40 +00:00
parent 131b2ffd89
commit 4dfb0e7c90
6 changed files with 118 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
library/ssl_tls13_server.c
View File

@ -1819,7 +1819,6 @@ static int ssl_tls13_check_early_data_requirements(mbedtls_ssl_context *ssl)
* NOTE:
* - The TLS version number is checked in
* ssl_tls13_offered_psks_check_identity_match_ticket().
* - ALPN is not checked for the time being (TODO).
*/
if (handshake->selected_identity != 0) {
@ -1846,6 +1845,28 @@ static int ssl_tls13_check_early_data_requirements(mbedtls_ssl_context *ssl)
return -1;
}
#if defined(MBEDTLS_SSL_ALPN)
const char *alpn = mbedtls_ssl_get_alpn_protocol(ssl);
size_t alpn_len;
if (alpn == NULL && ssl->session_negotiate->ticket_alpn == NULL) {
return 0;
}
if (alpn != NULL) {
alpn_len = strlen(alpn);
}
if (alpn == NULL ||
ssl->session_negotiate->ticket_alpn == NULL ||
alpn_len != strlen(ssl->session_negotiate->ticket_alpn) ||
(memcmp(alpn, ssl->session_negotiate->ticket_alpn, alpn_len) != 0)) {
MBEDTLS_SSL_DEBUG_MSG(1, ("EarlyData: rejected, the selected ALPN is different "
"from the one associated with the pre-shared key."));
return -1;
}
#endif
return 0;
}
#endif /* MBEDTLS_SSL_EARLY_DATA */