eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

TLS 1.3: Add pre_share_key last ext check

Browse source 
From RFC, pre_share_key must be the last one.
Add check for it. And with/without psk, it should
be check

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2022-07-21 12:37:39 +08:00
parent 352cd7db59
commit 1c9247cff4
1 changed files with 19 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

29
library/ssl_tls13_server.c
View file

@ -1037,6 +1037,23 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
size_t extension_data_len; size_t extension_data_len;
const unsigned char *extension_data_end; const unsigned char *extension_data_end;
/* RFC 8446, page 57
*
* The "pre_shared_key" extension MUST be the last extension in the
* ClientHello (this facilitates implementation as described below).
* Servers MUST check that it is the last extension and otherwise fail
* the handshake with an "illegal_parameter" alert.
*/
if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY )
{
MBEDTLS_SSL_DEBUG_MSG(
3, ( "pre_shared_key is not last extension." ) );
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 ); MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
extension_type = MBEDTLS_GET_UINT16_BE( p, 0 ); extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 ); extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
@ -1146,19 +1163,18 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
break; break;
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) );
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
/* Delay processing of the PSK identity once we have /* Delay processing of the PSK identity once we have
* found out which algorithms to use. We keep a pointer * found out which algorithms to use. We keep a pointer
* to the buffer and the size for later processing. * to the buffer and the size for later processing.
*/ */
pre_shared_key_ext_start = p; pre_shared_key_ext_start = p;
pre_shared_key_ext_end = extension_data_end; pre_shared_key_ext_end = extension_data_end;
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY; ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PRE_SHARED_KEY;
break; break;
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
case MBEDTLS_TLS_EXT_ALPN: case MBEDTLS_TLS_EXT_ALPN:
@ -1231,13 +1247,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
ret ); ret );
return( ret ); return( ret );
} }
/* If pre_shared_key is not last extension */
if( p - pre_shared_key_ext_end )
{
ssl->handshake->update_checksum( ssl,
pre_shared_key_ext_end,
p - pre_shared_key_ext_end );
}
} }
else else
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */