Merge pull request #5970 from gabor-mezei-arm/5229_Send_dummy_change_cipher_spec_records_from_server

TLS 1.3 server: Send dummy change_cipher_spec records The internal CI PR-merge job ran successfully thus good to go.
2025-07-30 22:43:08 +03:00 · 2022-06-29 09:47:49 +02:00
parent d86abf2392 9e4b7bd199
commit 7898fd456a
4 changed files with 383 additions and 12 deletions
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -1261,11 +1261,6 @@ static int ssl_tls13_finalize_write_server_hello( mbedtls_ssl_context *ssl )
        return( ret );
    }

-    mbedtls_ssl_set_outbound_transform( ssl,
-                                        ssl->handshake->transform_handshake );
-    MBEDTLS_SSL_DEBUG_MSG(
-        3, ( "switching to handshake transform for outbound data" ) );
-
    return( ret );
 }

@ -1295,7 +1290,16 @@ static int ssl_tls13_write_server_hello( mbedtls_ssl_context *ssl )

    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_write_server_hello( ssl ) );

+#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
+    /* The server sends a dummy change_cipher_spec record immediately
+     * after its first handshake message. This may either be after
+     * a ServerHello or a HelloRetryRequest.
+     */
+    mbedtls_ssl_handshake_set_state(
+            ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO );
+#else
    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
+#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */

 cleanup:

@ -1360,7 +1364,16 @@ static int ssl_tls13_write_hello_retry_request( mbedtls_ssl_context *ssl )

    ssl->handshake->hello_retry_request_count++;

+#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
+    /* The server sends a dummy change_cipher_spec record immediately
+     * after its first handshake message. This may either be after
+     * a ServerHello or a HelloRetryRequest.
+     */
+    mbedtls_ssl_handshake_set_state(
+            ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST );
+#else
    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
+#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */

 cleanup:
    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello retry request" ) );
@ -1421,6 +1434,11 @@ static int ssl_tls13_write_encrypted_extensions( mbedtls_ssl_context *ssl )
    unsigned char *buf;
    size_t buf_len, msg_len;

+    mbedtls_ssl_set_outbound_transform( ssl,
+                                        ssl->handshake->transform_handshake );
+    MBEDTLS_SSL_DEBUG_MSG(
+        3, ( "switching to handshake transform for outbound data" ) );
+
    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write encrypted extensions" ) );

    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
@ -1748,6 +1766,23 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
            break;
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */

+        /*
+         * Injection of dummy-CCS's for middlebox compatibility
+         */
+#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
+        case MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST:
+            ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl );
+            if( ret == 0 )
+                mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
+            break;
+
+        case MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO:
+            ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl );
+            if( ret == 0 )
+                mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
+            break;
+#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
+
        case MBEDTLS_SSL_SERVER_FINISHED:
            ret = ssl_tls13_write_server_finished( ssl );
            break;