From 251a12e9428ee473e977c977c48b905d8e220c70 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 13 Jul 2022 15:15:48 +0800 Subject: [PATCH 1/6] Add dummy session save Signed-off-by: Jerry Yu --- library/ssl_tls.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e60b82fa5..68d91e8f3 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -443,6 +443,7 @@ static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char * static size_t ssl_session_save_tls12( const mbedtls_ssl_session *session, unsigned char *buf, size_t buf_len ); + MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_session_load_tls12( mbedtls_ssl_session *session, const unsigned char *buf, @@ -1885,6 +1886,19 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( } #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +static size_t ssl_session_save_tls13( const mbedtls_ssl_session *session, + unsigned char *buf, + size_t buf_len ) +{ + ((void) session); + ((void) buf); + ((void) buf_len); + return( 0 ); +} +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type, size_t taglen, psa_algorithm_t *alg, @@ -2811,6 +2825,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session, { unsigned char *p = buf; size_t used = 0; + size_t remaining_len; if( !omit_header ) { @@ -2838,17 +2853,25 @@ static int ssl_session_save( const mbedtls_ssl_session *session, } /* Forward to version-specific serialization routine. */ + remaining_len = used <= buf_len ? buf_len - used : 0; switch( session->tls_version ) { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) case MBEDTLS_SSL_VERSION_TLS1_2: { - size_t remaining_len = used <= buf_len ? buf_len - used : 0; used += ssl_session_save_tls12( session, p, remaining_len ); break; } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + case MBEDTLS_SSL_VERSION_TLS1_3: + { + used += ssl_session_save_tls13( session, p, remaining_len ); + break; + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + default: return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } From e67bef4aba55ca5234a61f12dc04f1a368bc7c6a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 7 Jul 2022 07:29:42 +0000 Subject: [PATCH 2/6] Add tls13 write new session ticket Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 1 + library/ssl_tls13_server.c | 293 +++++++++++++++++++++++++++++++++++++ 2 files changed, 294 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e665ec1b7..551248215 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -667,6 +667,7 @@ typedef enum MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST, + MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH, } mbedtls_ssl_states; diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 7c28c578c..e0527e1fa 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -585,6 +585,11 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, */ ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + /* Store minor version for later use with ticket serialization. */ + ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ + /* ... * Random random; * ... @@ -1807,10 +1812,277 @@ static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) ); mbedtls_ssl_tls13_handshake_wrapup( ssl ); + +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + mbedtls_ssl_handshake_set_state( ssl, + MBEDTLS_SSL_NEW_SESSION_TICKET ); +#else /* MBEDTLS_SSL_SESSION_TICKETS */ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER ); +#endif /* !MBEDTLS_SSL_SESSION_TICKETS */ return( 0 ); } +/* + * Handler for MBEDTLS_SSL_NEW_SESSION_TICKET + */ +#define SSL_NEW_SESSION_TICKET_SKIP 0 +#define SSL_NEW_SESSION_TICKET_WRITE 1 +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_write_new_session_ticket_coordinate( mbedtls_ssl_context *ssl ) +{ + /* Check whether the use of session tickets is enabled */ + if( ssl->conf->f_ticket_write == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "new session ticket is not enabled" ) ); + return( SSL_NEW_SESSION_TICKET_SKIP ); + } + + if( !mbedtls_ssl_tls13_some_psk_enabled( ssl ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "psk or psk_ephemeral is not enabled" ) ); + return( SSL_NEW_SESSION_TICKET_SKIP ); + } + + return( SSL_NEW_SESSION_TICKET_WRITE ); +} + +#if defined(MBEDTLS_SSL_SESSION_TICKETS) +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_prepare_new_session_ticket( mbedtls_ssl_context *ssl, + unsigned char *ticket_nonce, + size_t ticket_nonce_size ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_ssl_session *session = ssl->session; + mbedtls_ssl_ciphersuite_t *ciphersuite_info; + psa_algorithm_t psa_hash_alg; + int hash_length; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> prepare NewSessionTicket msg" ) ); + +#if defined(MBEDTLS_HAVE_TIME) + session->start = mbedtls_time( NULL ); +#endif + + /* Generate ticket_age_add */ + if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, + (unsigned char*) &session->ticket_age_add, + sizeof( session->ticket_age_add ) ) != 0 ) ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "generate_ticket_age_add", ret ); + return( ret ); + } + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket_age_add: %u", + ( unsigned int )session->ticket_age_add ) ); + + /* Generate ticket_nonce */ + ret = ssl->conf->f_rng( ssl->conf->p_rng, ticket_nonce, ticket_nonce_size ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "generate_ticket_nonce", ret ); + return( ret ); + } + MBEDTLS_SSL_DEBUG_BUF( 3, "ticket_nonce:", + ticket_nonce, ticket_nonce_size ); + + ciphersuite_info = + (mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info; + psa_hash_alg = mbedtls_psa_translate_md( ciphersuite_info->mac ); + hash_length = PSA_HASH_LENGTH( psa_hash_alg ); + if( hash_length == -1 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + /* In this code the psk key length equals the length of the hash */ + session->resumption_key_len = hash_length; + session->ciphersuite = ciphersuite_info->id; + + /* Compute resumption key + * + * HKDF-Expand-Label( resumption_master_secret, + * "resumption", ticket_nonce, Hash.length ) + */ + ret = mbedtls_ssl_tls13_hkdf_expand_label( + psa_hash_alg, + session->app_secrets.resumption_master_secret, + hash_length, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( resumption ), + ticket_nonce, + ticket_nonce_size, + session->resumption_key, + hash_length ); + + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 2, + "Creating the ticket-resumed PSK failed", + ret ); + return ( ret ); + } + MBEDTLS_SSL_DEBUG_BUF( 3, "Ticket-resumed PSK", + session->resumption_key, + session->resumption_key_len ); + + MBEDTLS_SSL_DEBUG_BUF( 3, "resumption_master_secret", + session->app_secrets.resumption_master_secret, + hash_length ); + + return( 0 ); +} + +/* This function creates a NewSessionTicket message in the following format: + * + * struct { + * uint32 ticket_lifetime; + * uint32 ticket_age_add; + * opaque ticket_nonce<0..255>; + * opaque ticket<1..2^16-1>; + * Extension extensions<0..2^16-2>; + * } NewSessionTicket; + * + * The ticket inside the NewSessionTicket message is an encrypted container + * carrying the necessary information so that the server is later able to + * re-start the communication. + * + * The following fields are placed inside the ticket by the + * f_ticket_write() function: + * + * - creation time (start) + * - flags (flags) + * - age add (ticket_age_add) + * - key (key) + * - key length (key_len) + * - ciphersuite (ciphersuite) + */ +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_write_new_session_ticket_body( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *out_len, + unsigned char *ticket_nonce, + size_t ticket_nonce_size ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char *p = buf; + mbedtls_ssl_session *session = ssl->session; + size_t ticket_len; + uint32_t ticket_lifetime; + + *out_len = 0; + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write NewSessionTicket msg" ) ); + + /* + * ticket_lifetime 4 bytes + * ticket_age_add 4 bytes + * ticket_nonce 1 + ticket_nonce_size bytes + * ticket >=2 bytes + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 + 4 + 1 + ticket_nonce_size + 2 ); + + /* Generate ticket and ticket_lifetime */ + ret = ssl->conf->f_ticket_write( ssl->conf->p_ticket, + session, + p + 9 + ticket_nonce_size + 2, + end, + &ticket_len, + &ticket_lifetime); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "write_ticket", ret ); + return( ret ); + } + /* RFC 8446 4.6.1 + * ticket_lifetime: Indicates the lifetime in seconds as a 32-bit + * unsigned integer in network byte order from the time of ticket + * issuance. Servers MUST NOT use any value greater than + * 604800 seconds (7 days). The value of zero indicates that the + * ticket should be discarded immediately. Clients MUST NOT cache + * tickets for longer than 7 days, regardless of the ticket_lifetime, + * and MAY delete tickets earlier based on local policy. A server + * MAY treat a ticket as valid for a shorter period of time than what + * is stated in the ticket_lifetime. + */ + ticket_lifetime %= 604800; + MBEDTLS_PUT_UINT32_BE( ticket_lifetime, p, 0 ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket_lifetime: %u", + ( unsigned int )ticket_lifetime ) ); + + /* Write ticket_age_add */ + MBEDTLS_PUT_UINT32_BE( session->ticket_age_add, p, 4 ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket_age_add: %u", + ( unsigned int )session->ticket_age_add ) ); + + /* Write ticket_nonce */ + p[8] = ( unsigned char )ticket_nonce_size; + if( ticket_nonce_size > 0 ) + { + memcpy( p + 9, ticket_nonce, ticket_nonce_size ); + } + p += 9 + ticket_nonce_size; + + /* Write ticket */ + MBEDTLS_PUT_UINT16_BE( ticket_len, p, 0 ); + p += 2; + MBEDTLS_SSL_DEBUG_BUF( 4, "ticket", p, ticket_len); + p += ticket_len; + + /* Ticket Extensions + * + * Note: We currently don't have any extensions. + * Set length to zero. + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + MBEDTLS_PUT_UINT16_BE( 0, p, 0 ); + p += 2; + + *out_len = p - buf; + MBEDTLS_SSL_DEBUG_BUF( 4, "ticket", buf, *out_len ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write new session ticket" ) ); + + return( 0 ); +} + +/* + * Handler for MBEDTLS_SSL_NEW_SESSION_TICKET + */ +static int ssl_tls13_write_new_session_ticket( mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_write_new_session_ticket_coordinate( ssl ) ); + + if( ret == SSL_NEW_SESSION_TICKET_WRITE ) + { + unsigned char ticket_nonce[MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH]; + unsigned char *buf; + size_t buf_len, msg_len; + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_new_session_ticket( + ssl, ticket_nonce, sizeof( ticket_nonce ) ) ); + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl, + MBEDTLS_SSL_HS_NEW_SESSION_TICKET, &buf, &buf_len ) ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_new_session_ticket_body( + ssl, buf, buf + buf_len, &msg_len, + ticket_nonce, sizeof( ticket_nonce ) ) ); + + mbedtls_ssl_handshake_set_state( ssl, + MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH ); + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( + ssl, buf_len, msg_len ) ); + } + else + { + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER ); + } + + +cleanup: + + return( ret ); +} +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ + /* * TLS 1.3 State Machine -- server side */ @@ -1931,6 +2203,27 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) } break; +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + case MBEDTLS_SSL_NEW_SESSION_TICKET: + ret = ssl_tls13_write_new_session_ticket( ssl ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, + "ssl_tls13_write_new_session_ticket ", + ret ); + } + break; + case MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH: + /* This state is necessary to do the flush of the New Session + * Ticket message written in MBEDTLS_SSL_NEW_SESSION_TICKET + * as part of ssl_prepare_handshake_step. + */ + ret = 0; + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER ); + break; + +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ + default: MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) ); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); From f7b5b59a92385d408028e7d559c6a1377b3470bc Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 7 Jul 2022 07:55:53 +0000 Subject: [PATCH 3/6] Add tests for write new session ticket Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 942d70524..797b82170 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -12627,6 +12627,50 @@ run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \ -c "got new session ticket." \ -c "HTTP/1.0 200 OK" +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +run_test "TLS 1.3: NewSessionTicket: Basic check, O->m" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=1" \ + "$O_NEXT_CLI -msg -debug -tls1_3 -no_middlebox" \ + 0 \ + -s "=> write NewSessionTicket msg" \ + -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \ + -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" + +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_DEBUG_C +run_test "TLS 1.3: NewSessionTicket: Basic check, G->m" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=1" \ + "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%DISABLE_TLS13_COMPAT_MODE -V" \ + 0 \ + -s "=> write NewSessionTicket msg" \ + -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \ + -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" \ + -c "NEW SESSION TICKET (4) was received" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_DEBUG_C +run_test "TLS 1.3: NewSessionTicket: Basic check, m->m" \ + "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=1" \ + "$P_CLI debug_level=4" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "MBEDTLS_SSL_NEW_SESSION_TICKET" \ + -c "got new session ticket." \ + -c "HTTP/1.0 200 OK" \ + -s "=> write NewSessionTicket msg" \ + -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \ + -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 6cb4fcd1a5b6e3a5a359692850cc37cf35990c27 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 20 Jul 2022 22:40:00 +0800 Subject: [PATCH 4/6] Remove key exchange mode check. This change does not meet RFC requirements. It should be revert after key exchange mode issue fixed Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index e0527e1fa..b27136d52 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1837,12 +1837,6 @@ static int ssl_tls13_write_new_session_ticket_coordinate( mbedtls_ssl_context *s return( SSL_NEW_SESSION_TICKET_SKIP ); } - if( !mbedtls_ssl_tls13_some_psk_enabled( ssl ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "psk or psk_ephemeral is not enabled" ) ); - return( SSL_NEW_SESSION_TICKET_SKIP ); - } - return( SSL_NEW_SESSION_TICKET_WRITE ); } From fca4d579a4d504a62835b9904a5f5c549ddb6616 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 21 Jul 2022 10:37:48 +0800 Subject: [PATCH 5/6] fix various issues - unnecessary comments - format issue - improve readability Signed-off-by: Jerry Yu --- library/ssl_tls.c | 2 +- library/ssl_tls13_server.c | 26 ++++++++++++++------------ 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 68d91e8f3..99768a2e4 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2853,7 +2853,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session, } /* Forward to version-specific serialization routine. */ - remaining_len = used <= buf_len ? buf_len - used : 0; + remaining_len = (buf_len >= used) ? buf_len - used : 0; switch( session->tls_version ) { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index b27136d52..4dcd60908 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -588,7 +588,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_SESSION_TICKETS) /* Store minor version for later use with ticket serialization. */ ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ +#endif /* ... * Random random; @@ -1814,11 +1814,10 @@ static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl ) mbedtls_ssl_tls13_handshake_wrapup( ssl ); #if defined(MBEDTLS_SSL_SESSION_TICKETS) - mbedtls_ssl_handshake_set_state( ssl, - MBEDTLS_SSL_NEW_SESSION_TICKET ); -#else /* MBEDTLS_SSL_SESSION_TICKETS */ + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_NEW_SESSION_TICKET ); +#else mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER ); -#endif /* !MBEDTLS_SSL_SESSION_TICKETS */ +#endif return( 0 ); } @@ -1860,14 +1859,14 @@ static int ssl_tls13_prepare_new_session_ticket( mbedtls_ssl_context *ssl, /* Generate ticket_age_add */ if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, - (unsigned char*) &session->ticket_age_add, + (unsigned char *) &session->ticket_age_add, sizeof( session->ticket_age_add ) ) != 0 ) ) { MBEDTLS_SSL_DEBUG_RET( 1, "generate_ticket_age_add", ret ); return( ret ); } MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket_age_add: %u", - ( unsigned int )session->ticket_age_add ) ); + (unsigned int)session->ticket_age_add ) ); /* Generate ticket_nonce */ ret = ssl->conf->f_rng( ssl->conf->p_rng, ticket_nonce, ticket_nonce_size ); @@ -1883,8 +1882,12 @@ static int ssl_tls13_prepare_new_session_ticket( mbedtls_ssl_context *ssl, (mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info; psa_hash_alg = mbedtls_psa_translate_md( ciphersuite_info->mac ); hash_length = PSA_HASH_LENGTH( psa_hash_alg ); - if( hash_length == -1 ) + if( hash_length == -1 || + hash_length > (int)sizeof( session->resumption_key ) ) + { return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + /* In this code the psk key length equals the length of the hash */ session->resumption_key_len = hash_length; session->ciphersuite = ciphersuite_info->id; @@ -2059,18 +2062,17 @@ static int ssl_tls13_write_new_session_ticket( mbedtls_ssl_context *ssl ) ssl, buf, buf + buf_len, &msg_len, ticket_nonce, sizeof( ticket_nonce ) ) ); - mbedtls_ssl_handshake_set_state( ssl, - MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH ); - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl, buf_len, msg_len ) ); + + mbedtls_ssl_handshake_set_state( ssl, + MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH ); } else { mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER ); } - cleanup: return( ret ); From 6119715e05ce111a1e11fc35483fd7128e32bdf6 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 21 Jul 2022 16:28:02 +0800 Subject: [PATCH 6/6] Change type cast to size_t Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 4dcd60908..0159b0292 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1883,7 +1883,7 @@ static int ssl_tls13_prepare_new_session_ticket( mbedtls_ssl_context *ssl, psa_hash_alg = mbedtls_psa_translate_md( ciphersuite_info->mac ); hash_length = PSA_HASH_LENGTH( psa_hash_alg ); if( hash_length == -1 || - hash_length > (int)sizeof( session->resumption_key ) ) + (size_t)hash_length > sizeof( session->resumption_key ) ) { return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); }