tls13: Send dummy CCS only once

Fix cases where the client was sending two CCS, no harm but better to send only one. Prevent to send even more CCS when early data are involved without having to add conditional state transitions. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-24 14:31:50 +01:00 · 2024-01-24 14:31:50 +01:00 · fe59ff794d
commit fe59ff794d
parent bfcdc069ef
4 changed files with 35 additions and 15 deletions
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -2568,8 +2568,6 @@ static int ssl_tls13_process_server_finished(mbedtls_ssl_context *ssl)
 #if defined(MBEDTLS_SSL_EARLY_DATA)
    if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA);
-    } else if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) {
-        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE);
    } else
 #endif /* MBEDTLS_SSL_EARLY_DATA */
    {
@ -3059,18 +3057,25 @@ int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl)
             */
 #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
        case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:
-            ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
-            if (ret == 0) {
-                mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
+            ret = 0;
+            if (ssl->handshake->ccs_count == 0) {
+                ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
+                if (ret != 0) {
+                    break;
+                }
            }
+            mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
            break;

        case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
-            ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
-            if (ret == 0) {
-                mbedtls_ssl_handshake_set_state(
-                    ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE);
+            ret = 0;
+            if (ssl->handshake->ccs_count == 0) {
+                ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
+                if (ret != 0) {
+                    break;
+                }
            }
+            mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE);
            break;

 #if defined(MBEDTLS_SSL_EARLY_DATA)