eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

itls13: early_data: cli: improve comment

Browse source 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This commit is contained in:
Yanray Wang 2023-11-30 15:36:43 +08:00
parent a29db7da2e
commit f4bad42670
1 changed files with 16 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

29
library/ssl_tls13_client.c
View file

@ -2184,9 +2184,14 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl)
* - The selected cipher suite * - The selected cipher suite
* - The selected ALPN [RFC7301] protocol, if any * - The selected ALPN [RFC7301] protocol, if any
* *
* We check here that when early data is involved the server * When parsing EncryptedExtensions, the client does not know if
* selected the cipher suite associated to the pre-shared key * the server will accept early data and select the first proposed
* as it must have. * pre-shared key with a cipher suite that is different from the
* cipher suite associated to the selected pre-shared key. To address
* aforementioned case, when early data is involved, we check:
* - the selected pre-shared key is the first proposed one
* - the selected cipher suite same as the one associated with the
* pre-shared key.
*/ */
if (handshake->selected_identity != 0 || if (handshake->selected_identity != 0 ||
handshake->ciphersuite_info->id != handshake->ciphersuite_info->id !=
@ -2203,16 +2208,14 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl)
#endif #endif
/* /*
* When early_data extension is enabled and sent in ClientHello, the client * Move `session_negotiate->ciphersuite` assignment here which after
* does not know if the server will accept early data and select the first * early data cipher suite check when receiving "early_data" extension
* proposed pre-shared key with a ciphersuite that is different from the * in EncryptedExtensions.
* ciphersuite associated to the selected pre-shared key. To address *
* aforementioned case, we do associated verification when parsing * We compute transform_handshake by the cipher suite chosen from
* early_data ext in EncryptedExtensions. Therefore we have to assign * the server in `handshake`. `session_negotiate->ciphersuite` is the
* the ciphersuite in current handshake to session_negotiate later than * cipher suite negotiated in previous connection and it is not used for
* the associated verification. This won't impact decryption of * computing transform_handshake.
* EncryptedExtensions since we compute handshake keys by the ciphersuite
* in handshake not via the one in session_negotiate.
*/ */
ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id; ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id;