lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Merge pull request #8576 from yanrayw/issue/fix-tls13-session_negotiate-assignment

Browse Source 
TLS13: CLI: EarlyData: Assign ciphersuite after associated verification in EE
This commit is contained in:
Ronald Cron
2023-12-05 08:31:24 +00:00
committed by GitHub
parent 3d12d65946 744577a429
commit a1e867c676
1 changed files with 24 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
library/ssl_tls13_client.c
View File

@ -1925,7 +1925,6 @@ static int ssl_tls13_postprocess_server_hello(mbedtls_ssl_context *ssl)
mbedtls_ssl_set_inbound_transform(ssl, handshake->transform_handshake); mbedtls_ssl_set_inbound_transform(ssl, handshake->transform_handshake);
MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to handshake keys for inbound traffic")); MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to handshake keys for inbound traffic"));
ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id;
ssl->session_in = ssl->session_negotiate; ssl->session_in = ssl->session_negotiate;
cleanup: cleanup:
@ -2153,9 +2152,7 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl)
int ret; int ret;
unsigned char *buf; unsigned char *buf;
size_t buf_len; size_t buf_len;
#if defined(MBEDTLS_SSL_EARLY_DATA)
mbedtls_ssl_handshake_params *handshake = ssl->handshake; mbedtls_ssl_handshake_params *handshake = ssl->handshake;
#endif
MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse encrypted extensions")); MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse encrypted extensions"));
@ -2185,11 +2182,19 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl)
* - The selected cipher suite * - The selected cipher suite
* - The selected ALPN [RFC7301] protocol, if any * - The selected ALPN [RFC7301] protocol, if any
* *
* We check here that when early data is involved the server * The server has sent an early data extension in its Encrypted
* selected the cipher suite associated to the pre-shared key * Extension message thus accepted to receive early data. We
* as it must have. * check here that the additional constraints on the handshake
* parameters, when early data are exchanged, are met,
* namely:
* - a PSK has been selected for the handshake
* - the selected PSK for the handshake was the first one proposed
* by the client.
* - the selected ciphersuite for the handshake is the ciphersuite
* associated with the selected PSK.
*/ */
if (handshake->selected_identity != 0 || if ((!mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) ||
handshake->selected_identity != 0 ||
handshake->ciphersuite_info->id != handshake->ciphersuite_info->id !=
ssl->session_negotiate->ciphersuite) { ssl->session_negotiate->ciphersuite) {
@ -2203,6 +2208,18 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl)
} }
#endif #endif
/*
* In case the client has proposed a PSK associated with a ticket,
* `ssl->session_negotiate->ciphersuite` still contains at this point the
* identifier of the ciphersuite associated with the ticket. This is that
* way because, if an exchange of early data is agreed upon, we need
* it to check that the ciphersuite selected for the handshake is the
* ticket ciphersuite (see above). This information is not needed
* anymore thus we can now set it to the identifier of the ciphersuite
* used in this session under negotiation.
*/
ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id;
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
buf, buf_len)); buf, buf_len));