From 985c967a146f41b65df79d46addf64f76e528a22 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 4 Dec 2022 14:06:30 +0800 Subject: [PATCH 01/10] tls13: add more checks for server early data - check if it is enabled - check if it is psk mode - check if it is resumption - check if it is tls13 version Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 6445a00a19..2599961901 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1752,6 +1752,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_EARLY_DATA) static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) { + mbedtls_ssl_session *session = ssl->session_negotiate; mbedtls_ssl_handshake_params *handshake = ssl->handshake; if ((handshake->received_extensions & @@ -1762,9 +1763,42 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) return; } - /* We do not accept early data for the time being */ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; + if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) { + MBEDTLS_SSL_DEBUG_MSG( + 1, ("EarlyData: rejected. configured disabled.")); + return; + } + + MBEDTLS_SSL_DEBUG_MSG( + 3, ("EarlyData: conf->max_early_data_size = %u", + (unsigned int) ssl->conf->max_early_data_size)); + + if (!mbedtls_ssl_conf_tls13_some_psk_enabled(ssl)) { + MBEDTLS_SSL_DEBUG_MSG( + 1, + ("EarlyData: rejected. psk or psk_ephemeral is not available.")); + return; + } + + if (handshake && handshake->resume != 1) { + MBEDTLS_SSL_DEBUG_MSG( + 1, ("EarlyData: rejected. not resumption session.")); + return; + } + + if (session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { + MBEDTLS_SSL_DEBUG_MSG( + 1, + ("EarlyData: rejected. not a TLS 1.3 ticket.")); + return; + } + + /* TODO: Add more checks here. */ + + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; + } #endif /* MBEDTLS_SSL_EARLY_DATA */ From 71c14f1db61611c480c7898566060dcd47a4f22c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 12 Dec 2022 11:10:35 +0800 Subject: [PATCH 02/10] write early data indication in EE msg Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 2599961901..cc8a0a1789 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2458,6 +2458,16 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, p += output_len; #endif /* MBEDTLS_SSL_ALPN */ +#if defined(MBEDTLS_SSL_EARLY_DATA) + if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { + ret = mbedtls_ssl_tls13_write_early_data_ext(ssl, p, end, &output_len); + if (ret != 0) { + return ret; + } + p += output_len; + } +#endif /* MBEDTLS_SSL_EARLY_DATA */ + extensions_len = (p - p_extensions_len) - 2; MBEDTLS_PUT_UINT16_BE(extensions_len, p_extensions_len, 0); From 0edafa94492f85fce79227382f627cd544ea414f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 8 Feb 2023 15:09:32 +0800 Subject: [PATCH 03/10] Add test case for writing early data in EE Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-misc.sh | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index d5efc9edc1..c11dd70535 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -493,6 +493,9 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_all." \ -S "No suitable key exchange mode" \ -s "found matched identity" +EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 )) +EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 )) + requires_gnutls_next requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ @@ -508,3 +511,19 @@ run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \ -s "EncryptedExtensions: early_data(42) extension does not exist." \ -s "NewSessionTicket: early_data(42) extension does not exist." \ -s "Last error was: -29056 - SSL - Verification of the message MAC failed" + +requires_gnutls_next +requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ + MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3 G->m: EarlyData: psk*: feature is enabled, fail." \ + "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=$EARLY_DATA_INPUT_LEN $(get_srv_psk_list)" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK \ + -d 10 -r --earlydata $EARLY_DATA_INPUT \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ + 1 \ + -s "ClientHello: early_data(42) extension exists." \ + -s "EncryptedExtensions: early_data(42) extension exists." \ + -s "NewSessionTicket: early_data(42) extension does not exist." From 2db16b7b16d0397c43fd6afbe48163317ac8092f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 15 Aug 2023 16:52:25 +0800 Subject: [PATCH 04/10] disable tests when ecp is not available Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-misc.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index c11dd70535..dbc2e43466 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -500,7 +500,7 @@ requires_gnutls_next requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_ECP_LIGHT requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \ @@ -515,7 +515,7 @@ run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \ requires_gnutls_next requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ - MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_ECP_LIGHT requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3 G->m: EarlyData: psk*: feature is enabled, fail." \ From 454dda3e250597b94069918ea2cbf54959f72618 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Oct 2023 15:13:54 +0800 Subject: [PATCH 05/10] fix various issues - improve output message - Remove unnecessary checks - Simplify test command Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 21 +++++++-------------- tests/opt-testcases/tls13-misc.sh | 18 ++++++++++-------- 2 files changed, 17 insertions(+), 22 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index cc8a0a1789..44abb4b62f 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1766,32 +1766,25 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("EarlyData: rejected. configured disabled.")); - return; - } - - MBEDTLS_SSL_DEBUG_MSG( - 3, ("EarlyData: conf->max_early_data_size = %u", - (unsigned int) ssl->conf->max_early_data_size)); - - if (!mbedtls_ssl_conf_tls13_some_psk_enabled(ssl)) { MBEDTLS_SSL_DEBUG_MSG( 1, - ("EarlyData: rejected. psk or psk_ephemeral is not available.")); + ("EarlyData: rejected, feature disabled in server configuration.")); return; } - if (handshake && handshake->resume != 1) { + if (!handshake->resume) { + /* We currently support early data only in the case of PSKs established + via a NewSessionTicket message thus in the case of a session + resumption. */ MBEDTLS_SSL_DEBUG_MSG( - 1, ("EarlyData: rejected. not resumption session.")); + 1, ("EarlyData: rejected, not resumption session.")); return; } if (session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { MBEDTLS_SSL_DEBUG_MSG( 1, - ("EarlyData: rejected. not a TLS 1.3 ticket.")); + ("EarlyData: rejected, not a TLS 1.3 ticket.")); return; } diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index dbc2e43466..ffa914e92f 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -500,7 +500,7 @@ requires_gnutls_next requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_ECP_LIGHT + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \ @@ -513,17 +513,19 @@ run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \ -s "Last error was: -29056 - SSL - Verification of the message MAC failed" requires_gnutls_next + requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ - MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_ECP_LIGHT + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m: EarlyData: psk*: feature is enabled, fail." \ - "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=$EARLY_DATA_INPUT_LEN $(get_srv_psk_list)" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK \ - -d 10 -r --earlydata $EARLY_DATA_INPUT \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ +run_test "TLS 1.3 G->m: EarlyData: feature is enabled, fail." \ + "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=$EARLY_DATA_INPUT_LEN" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:+KX-ALL \ + -d 10 -r --earlydata $EARLY_DATA_INPUT " \ 1 \ -s "ClientHello: early_data(42) extension exists." \ -s "EncryptedExtensions: early_data(42) extension exists." \ - -s "NewSessionTicket: early_data(42) extension does not exist." + -s "NewSessionTicket: early_data(42) extension does not exist." \ + -s "Last error was: -29056 - SSL - Verification of the message MAC failed" From ce3b95e2c9cd26cc39fd2b4c79d6c79fe2fb3336 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Oct 2023 16:02:04 +0800 Subject: [PATCH 06/10] move ticket version check Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 44abb4b62f..5a0c69fa7a 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -159,6 +159,13 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( /* We delete the temporary buffer */ mbedtls_free(ticket_buffer); +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if (ret == 0 && session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ticket version invalid.")); + ret = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; + } +#endif + if (ret != 0) { goto exit; } @@ -1752,7 +1759,6 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_EARLY_DATA) static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) { - mbedtls_ssl_session *session = ssl->session_negotiate; mbedtls_ssl_handshake_params *handshake = ssl->handshake; if ((handshake->received_extensions & @@ -1781,12 +1787,6 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) return; } - if (session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { - MBEDTLS_SSL_DEBUG_MSG( - 1, - ("EarlyData: rejected, not a TLS 1.3 ticket.")); - return; - } /* TODO: Add more checks here. */ From 82fd6c11bda1f50babd303776c02ed025fabdbb5 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Oct 2023 16:32:19 +0800 Subject: [PATCH 07/10] Add selected key and ciphersuite check Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 5a0c69fa7a..2288a1ae24 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1787,6 +1787,35 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) return; } + /* RFC 8446 4.2.10 + * + * In order to accept early data, the server MUST have accepted a PSK cipher + * suite and selected the first key offered in the client's "pre_shared_key" + * extension. In addition, it MUST verify that the following values are the + * same as those associated with the selected PSK: + * - The TLS version number + * - The selected cipher suite + * - The selected ALPN [RFC7301] protocol, if any + * + * NOTE: + * - ALPN hasn't been checked. + * - TLS version is checked in + * ssl_tls13_offered_psks_check_identity_match_ticket() + */ + + if (handshake->selected_identity != 0) { + MBEDTLS_SSL_DEBUG_MSG( + 1, ("EarlyData: rejected, first psk key is not offered.")); + return; + } + + if (handshake->ciphersuite_info->id != + ssl->session_negotiate->ciphersuite) { + MBEDTLS_SSL_DEBUG_MSG( + 1, ("EarlyData: rejected, selected ciphersuite mismatch.")); + return; + + } /* TODO: Add more checks here. */ From 960b7ebbcf16b5684b56afa4f9fb88c179ae2d66 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Oct 2023 16:40:01 +0800 Subject: [PATCH 08/10] move psk check to EE message on client side early_data extension is sent in EE. So it should not be checked in SH message. Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 66 ++++++++++++++++++++------------------ 1 file changed, 34 insertions(+), 32 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index c6fa3b3909..7e59af320f 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1906,36 +1906,6 @@ static int ssl_tls13_postprocess_server_hello(mbedtls_ssl_context *ssl) ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; goto cleanup; } -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA) && - (handshake->selected_identity != 0 || - handshake->ciphersuite_info->id != - ssl->session_negotiate->ciphersuite)) { - /* RFC8446 4.2.11 - * If the server supplies an "early_data" extension, the - * client MUST verify that the server's selected_identity - * is 0. If any other value is returned, the client MUST - * abort the handshake with an "illegal_parameter" alert. - * - * RFC 8446 4.2.10 - * In order to accept early data, the server MUST have accepted a PSK - * cipher suite and selected the first key offered in the client's - * "pre_shared_key" extension. In addition, it MUST verify that the - * following values are the same as those associated with the - * selected PSK: - * - The TLS version number - * - The selected cipher suite - * - The selected ALPN [RFC7301] protocol, if any - * - * We check here that when early data is involved the server - * selected the cipher suite associated to the pre-shared key - * as it must have. - */ - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } -#endif if (!mbedtls_ssl_conf_tls13_check_kex_modes( ssl, handshake->key_exchange_mode)) { @@ -2211,6 +2181,9 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) int ret; unsigned char *buf; size_t buf_len; +#if defined(MBEDTLS_SSL_EARLY_DATA) + mbedtls_ssl_handshake_params *handshake = ssl->handshake; +#endif MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse encrypted extensions")); @@ -2223,8 +2196,37 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) ssl_tls13_parse_encrypted_extensions(ssl, buf, buf + buf_len)); #if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->handshake->received_extensions & - MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) { + if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) { + /* RFC8446 4.2.11 + * If the server supplies an "early_data" extension, the + * client MUST verify that the server's selected_identity + * is 0. If any other value is returned, the client MUST + * abort the handshake with an "illegal_parameter" alert. + * + * RFC 8446 4.2.10 + * In order to accept early data, the server MUST have accepted a PSK + * cipher suite and selected the first key offered in the client's + * "pre_shared_key" extension. In addition, it MUST verify that the + * following values are the same as those associated with the + * selected PSK: + * - The TLS version number + * - The selected cipher suite + * - The selected ALPN [RFC7301] protocol, if any + * + * We check here that when early data is involved the server + * selected the cipher suite associated to the pre-shared key + * as it must have. + */ + if (handshake->selected_identity != 0 || + handshake->ciphersuite_info->id != + ssl->session_negotiate->ciphersuite) { + + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; + } + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; } #endif From 2bea94ce2e61620d101b96527f91f82ec2e4b27e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 7 Nov 2023 14:18:17 +0800 Subject: [PATCH 09/10] check the ticket version unconditional Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 2288a1ae24..61559462bf 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -159,12 +159,10 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( /* We delete the temporary buffer */ mbedtls_free(ticket_buffer); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) if (ret == 0 && session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { MBEDTLS_SSL_DEBUG_MSG(3, ("ticket version invalid.")); ret = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; } -#endif if (ret != 0) { goto exit; From 7ef9fd8989f5ced6185a9922a77e4cdc4627302d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 7 Nov 2023 14:30:38 +0800 Subject: [PATCH 10/10] fix various issues - Debug message - Improve comments Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 18 ++++++++++-------- tests/opt-testcases/tls13-misc.sh | 1 - 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 61559462bf..ee6e89c59f 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -160,7 +160,8 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( mbedtls_free(ticket_buffer); if (ret == 0 && session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket version invalid.")); + MBEDTLS_SSL_DEBUG_MSG(3, ("Ticket TLS version is not 1.3.")); + /* TODO: Define new return value for this case. */ ret = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; } @@ -1781,7 +1782,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) via a NewSessionTicket message thus in the case of a session resumption. */ MBEDTLS_SSL_DEBUG_MSG( - 1, ("EarlyData: rejected, not resumption session.")); + 1, ("EarlyData: rejected, not a session resumption.")); return; } @@ -1796,26 +1797,27 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) * - The selected ALPN [RFC7301] protocol, if any * * NOTE: - * - ALPN hasn't been checked. - * - TLS version is checked in - * ssl_tls13_offered_psks_check_identity_match_ticket() + * - The TLS version number is checked in + * ssl_tls13_offered_psks_check_identity_match_ticket(). + * - ALPN is not checked for the time being (TODO). */ if (handshake->selected_identity != 0) { MBEDTLS_SSL_DEBUG_MSG( - 1, ("EarlyData: rejected, first psk key is not offered.")); + 1, ("EarlyData: rejected, the selected key in " + "`pre_shared_key` is not the first one.")); return; } if (handshake->ciphersuite_info->id != ssl->session_negotiate->ciphersuite) { MBEDTLS_SSL_DEBUG_MSG( - 1, ("EarlyData: rejected, selected ciphersuite mismatch.")); + 1, ("EarlyData: rejected, the selected ciphersuite is not the one " + "of the selected pre-shared key.")); return; } - /* TODO: Add more checks here. */ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index ffa914e92f..2c25354af9 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -513,7 +513,6 @@ run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \ -s "Last error was: -29056 - SSL - Verification of the message MAC failed" requires_gnutls_next - requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \