From b95dd3683b99d5a34876952f65d915656804c819 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 8 Nov 2022 21:19:34 +0800 Subject: [PATCH] Add missing mask set and tls13 unrecognized extension Signed-off-by: Jerry Yu --- library/ssl_misc.h | 1 + library/ssl_tls.c | 5 +++++ library/ssl_tls13_server.c | 9 +++++++++ 3 files changed, 15 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 77b091d030..ad8754cac2 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -144,6 +144,7 @@ uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type ); MBEDTLS_SSL_EXT_MASK( ENCRYPT_THEN_MAC ) | \ MBEDTLS_SSL_EXT_MASK( EXTENDED_MASTER_SECRET ) | \ MBEDTLS_SSL_EXT_MASK( SESSION_TICKET ) | \ + MBEDTLS_SSL_EXT_MASK( TRUNCATED_HMAC ) | \ MBEDTLS_SSL_EXT_MASK( UNRECOGNIZED ) ) /* RFC 8446 section 4.2. Allowed extensions for ClienHello */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cf71d263a5..4787ca0585 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9155,6 +9155,11 @@ int mbedtls_ssl_write_alpn_ext( mbedtls_ssl_context *ssl, p[6] = MBEDTLS_BYTE_0( protocol_name_len ); memcpy( p + 7, ssl->alpn_chosen, protocol_name_len ); + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_ALPN ); +#endif + return ( 0 ); } #endif /* MBEDTLS_SSL_ALPN */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 378ce8fc91..051afa2705 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -700,6 +700,8 @@ static int ssl_tls13_write_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent selected_identity: %u", ssl->handshake->selected_identity ) ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY ); + return( 0 ); } @@ -1812,6 +1814,9 @@ static int ssl_tls13_write_server_hello_supported_versions_ext( *out_len = 6; + mbedtls_ssl_tls13_set_hs_sent_ext_mask( + ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS ); + return( 0 ); } @@ -1918,6 +1923,8 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, *out_len = p - buf; + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE ); + return( 0 ); } @@ -1982,6 +1989,8 @@ static int ssl_tls13_write_hrr_key_share_ext( mbedtls_ssl_context *ssl, *out_len = 6; + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE ); + return( 0 ); }