lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

Merge pull request #5523 from ronald-cron-arm/one-flush-output-development

Browse Source 
TLS 1.3: One flush output
This commit is contained in:
Ronald Cron
2022-03-21 08:44:04 +01:00
committed by GitHub
parent e5b53193e0 a8b38879e1
commit 8d7afc642c
5 changed files with 88 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
library/ssl_tls13_client.c
View File

@ -919,12 +919,6 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
return( 0 );
}
static int ssl_tls13_finalize_client_hello( mbedtls_ssl_context *ssl )
{
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
return( 0 );
}
static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl )
{
int ret;
@ -991,11 +985,12 @@ static int ssl_tls13_write_client_hello( mbedtls_ssl_context *ssl )
msg_len );
ssl->handshake->update_checksum( ssl, buf, msg_len );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_client_hello( ssl ) );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( ssl,
buf_len,
msg_len ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
cleanup:
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
@ -2049,52 +2044,62 @@ static int ssl_tls13_process_server_finished( mbedtls_ssl_context *ssl )
ssl,
MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED );
#else
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
#else
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
return( 0 );
}
/*
* Handler for MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED
*/
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
static int ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl )
{
int ret;
ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl );
if( ret != 0 )
return( ret );
return( 0 );
}
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
* Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE
*/
static int ssl_tls13_write_client_certificate( mbedtls_ssl_context *ssl )
{
int non_empty_certificate_msg = 0;
MBEDTLS_SSL_DEBUG_MSG( 1,
( "Switch to handshake traffic keys for outbound traffic" ) );
mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake );
return( mbedtls_ssl_tls13_write_certificate( ssl ) );
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if( ssl->handshake->client_auth )
{
int ret = mbedtls_ssl_tls13_write_certificate( ssl );
if( ret != 0 )
return( ret );
if( mbedtls_ssl_own_cert( ssl ) != NULL )
non_empty_certificate_msg = 1;
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "No certificate message to send." ) );
}
#endif
if( non_empty_certificate_msg )
{
mbedtls_ssl_handshake_set_state( ssl,
MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
}
else
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
return( 0 );
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
* Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY
*/
static int ssl_tls13_write_client_certificate_verify( mbedtls_ssl_context *ssl )
{
return( mbedtls_ssl_tls13_write_certificate_verify( ssl ) );
int ret = mbedtls_ssl_tls13_write_certificate_verify( ssl );
if( ret == 0 )
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
return( ret );
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
@ -2105,13 +2110,6 @@ static int ssl_tls13_write_client_finished( mbedtls_ssl_context *ssl )
{
int ret;
if( !ssl->handshake->client_auth )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "Switch to handshake traffic keys for outbound traffic" ) );
mbedtls_ssl_set_outbound_transform( ssl,
ssl->handshake->transform_handshake );
}
ret = mbedtls_ssl_tls13_write_finished_message( ssl );
if( ret != 0 )
return( ret );
@ -2192,11 +2190,11 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
ret = ssl_tls13_process_server_finished( ssl );
break;
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
case MBEDTLS_SSL_CLIENT_CERTIFICATE:
ret = ssl_tls13_write_client_certificate( ssl );
break;
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:
ret = ssl_tls13_write_client_certificate_verify( ssl );
break;
@ -2218,9 +2216,16 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
* Injection of dummy-CCS's for middlebox compatibility
*/
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:
ret = ssl_tls13_write_change_cipher_spec( ssl );
ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl );
if( ret == 0 )
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
break;
case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl );
if( ret == 0 )
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
break;
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */