From c62ae5f5392eec8eabb9bd496c9a8253c4d25577 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 7 Jul 2022 09:42:26 +0000 Subject: [PATCH] Add new session ticket message check Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 1 + library/ssl_msg.c | 70 ++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 67 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 24c9077b2c..8ea096648a 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -658,6 +658,7 @@ typedef enum MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST, + MBEDTLS_SSL_CLIENT_NEW_SESSION_TICKET, } mbedtls_ssl_states; diff --git a/library/ssl_msg.c b/library/ssl_msg.c index fb0b709979..4d73068138 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5288,6 +5288,48 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_RENEGOTIATION */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) +static int ssl_tls13_check_new_session_ticket( mbedtls_ssl_context *ssl ) +{ + + if( ( ssl->in_hslen == mbedtls_ssl_hs_hdr_len( ssl ) ) || + ( ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET ) ) + { + return( 0 ); + } + + ssl->keep_current_message = 1; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "NewSessionTicket received" ) ); + mbedtls_ssl_handshake_set_state( ssl, + MBEDTLS_SSL_CLIENT_NEW_SESSION_TICKET ); + + return( MBEDTLS_ERR_SSL_WANT_READ ); +} +#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ + +static int ssl_tls13_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl ) +{ + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "received post-handshake message" ) ); + +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + { + int ret = ssl_tls13_check_new_session_ticket( ssl ); + if( ret != 0 ) + return( ret ); + } +#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ + + /* Fail in all other cases. */ + return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); +} +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) /* This function is called from mbedtls_ssl_read() when a handshake message is * received after the initial handshake. In this context, handshake messages * may only be sent for the purpose of initiating renegotiations. @@ -5297,8 +5339,7 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) * and having a helper function allows to distinguish between TLS <= 1.2 and * TLS 1.3 in the future without bloating the logic of mbedtls_ssl_read(). */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl ) +static int ssl_tls12_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -5380,18 +5421,39 @@ static int ssl_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) ); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ( ret = mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_WARNING, MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 ) { return( ret ); } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } return( 0 ); } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl ) +{ + /* Check protocol version and dispatch accordingly. */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 ) + { + return( ssl_tls13_handle_hs_message_post_handshake( ssl ) ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if( ssl->tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 ) + { + return( ssl_tls12_handle_hs_message_post_handshake( ssl ) ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + + /* Should never happen */ + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +} /* * Receive application data decrypted from the SSL layer