tls13: server: fully check ticket_flags with available kex mode.
We need to fully check if the provided session ticket could be
used in the handshake, so that we wouldn't cause handshake
failure in some cases. Here we bring f8e50a9 back.
Example scenario:
A client proposes to a server, that supports only the psk_ephemeral
key exchange mode, two tickets, the first one is allowed only for
pure PSK key exchange mode and the second one is psk_ephemeral only.
We need to select the second tickets instead of the first one whose
ticket_flags forbid psk_ephemeral and thus cause a handshake
failure.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
This commit is contained in:
Pengyu Lv
parent
cfb23b8090
commit
29daf4a36b
1 changed files with 21 additions and 7 deletions
|
|
@ -106,6 +106,10 @@ static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl,
|
||||||
#define SSL_TLS1_3_OFFERED_PSK_MATCH 0
|
#define SSL_TLS1_3_OFFERED_PSK_MATCH 0
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||||
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
|
static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl);
|
||||||
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
|
static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl);
|
||||||
|
|
||||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
static int ssl_tls13_offered_psks_check_identity_match_ticket(
|
static int ssl_tls13_offered_psks_check_identity_match_ticket(
|
||||||
|
|
@ -117,6 +121,8 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
unsigned char *ticket_buffer;
|
unsigned char *ticket_buffer;
|
||||||
|
unsigned int ticket_flags;
|
||||||
|
unsigned int key_exchanges;
|
||||||
#if defined(MBEDTLS_HAVE_TIME)
|
#if defined(MBEDTLS_HAVE_TIME)
|
||||||
mbedtls_time_t now;
|
mbedtls_time_t now;
|
||||||
uint64_t age_in_s;
|
uint64_t age_in_s;
|
||||||
|
|
@ -172,13 +178,21 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
|
||||||
* We regard the ticket with incompatible key exchange modes as not match.
|
* We regard the ticket with incompatible key exchange modes as not match.
|
||||||
*/
|
*/
|
||||||
ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR;
|
ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR;
|
||||||
MBEDTLS_SSL_PRINT_TICKET_FLAGS(4,
|
MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags);
|
||||||
session->ticket_flags);
|
ticket_flags = mbedtls_ssl_session_get_ticket_flags(
|
||||||
if (mbedtls_ssl_tls13_check_kex_modes(
|
session, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL);
|
||||||
ssl,
|
|
||||||
mbedtls_ssl_session_get_ticket_flags(
|
key_exchanges = 0;
|
||||||
session,
|
if ((ticket_flags & MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION) &&
|
||||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL))) {
|
ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) {
|
||||||
|
key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
|
||||||
|
}
|
||||||
|
if ((ticket_flags & MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION) &&
|
||||||
|
ssl_tls13_check_psk_key_exchange(ssl)) {
|
||||||
|
key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (key_exchanges == 0) {
|
||||||
MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode"));
|
MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode"));
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue