Add extension check for ServerHello and HRR

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2025-02-28 19:13:28 +00:00 · 2022-08-04 17:42:49 +08:00 · 2022-08-04 17:42:49 +08:00 · 2c5363e58b
commit 2c5363e58b
parent 2eaa76044b
1 changed files with 44 additions and 6 deletions
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -1496,6 +1496,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
    mbedtls_ssl_handshake_params *handshake = ssl->handshake;
    size_t extensions_len;
    const unsigned char *extensions_end;
+    uint32_t extensions_present, allowed_extension_mask;
    uint16_t cipher_suite;
    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
    int fatal_alert = 0;
@ -1641,6 +1642,11 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,

    MBEDTLS_SSL_DEBUG_BUF( 3, "server hello extensions", p, extensions_len );

+    extensions_present = MBEDTLS_SSL_EXT_NONE;
+    allowed_extension_mask = is_hrr ?
+                                  MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR :
+                                  MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH;
+
    while( p < extensions_end )
    {
        unsigned int extension_type;
@ -1655,6 +1661,24 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
        extension_data_end = p + extension_data_len;

+        /* RFC 8446 page 35
+         *
+         * If an implementation receives an extension which it recognizes and which
+         * is not specified for the message in which it appears, it MUST abort the
+         * handshake with an "illegal_parameter" alert.
+         */
+        extensions_present |= mbedtls_tls13_get_extension_mask( extension_type );
+        MBEDTLS_SSL_DEBUG_MSG( 3,
+                    ( "%s: received %s(%u) extension",
+                      is_hrr ? "hello retry request" : "server hello",
+                      mbedtls_tls13_get_extension_name( extension_type ),
+                      extension_type ) );
+        if( ( extensions_present & allowed_extension_mask ) == 0 )
+        {
+            fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER;
+            goto cleanup;
+        }
+
        switch( extension_type )
        {
            case MBEDTLS_TLS_EXT_COOKIE:
@ -1727,18 +1751,32 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
                break;

            default:
-                MBEDTLS_SSL_DEBUG_MSG(
-                    3,
-                    ( "unknown extension found: %u ( ignoring )",
+                MBEDTLS_SSL_DEBUG_MSG( 3,
+                    ( "%s: ignore %s(%u) extension",
+                      is_hrr ? "hello retry request" : "server hello",
+                      mbedtls_tls13_get_extension_name( extension_type ),
                      extension_type ) );
-
-                fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT;
-                goto cleanup;
+                break;
        }

        p += extension_data_len;
    }

+    MBEDTLS_SSL_TLS1_3_PRINT_EXTS(
+        3, is_hrr ? "HelloRetryRequest" : "ServerHello", extensions_present );
+
+    /* RFC 8446 page 102
+     * -  "supported_versions" is REQUIRED for all ClientHello, ServerHello, and
+     *    HelloRetryRequest messages.
+     */
+    if( ( extensions_present & MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS ) == 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1,
+                    ( "%s: supported_versions not found",
+                      is_hrr ? "hello retry request" : "server hello" ) );
+        fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER;
+    }
+
 cleanup:

    if( fatal_alert == MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT )