From 566c781290a5baa4df7a63de6dc52ba47357e270 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 26 Jan 2022 15:41:22 +0800 Subject: [PATCH] Add dummy state for client_certifiate Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 37 +++++++++++++++++++++++++++++++++++-- library/ssl_tls13_generic.c | 13 ++++++++++++- 2 files changed, 47 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 7f120a28ef..c10b69801c 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1916,8 +1916,13 @@ static int ssl_tls13_process_server_finished( mbedtls_ssl_context *ssl ) ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED ); #else - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); -#endif +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + if( ssl->handshake->client_auth ) + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE ); + else +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); +#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ return( 0 ); } @@ -1938,6 +1943,25 @@ static int ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ +/* + * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE + */ +static int ssl_tls13_write_client_certificate( mbedtls_ssl_context *ssl ) +{ + mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake ); + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY ); + return( 0 ); +} + +/* + * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY + */ +static int ssl_tls13_write_client_certificate_verify( mbedtls_ssl_context *ssl ) +{ + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); + return( 0 ); +} + /* * Handler for MBEDTLS_SSL_CLIENT_FINISHED */ @@ -2027,6 +2051,15 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) ret = ssl_tls13_process_server_finished( ssl ); break; + case MBEDTLS_SSL_CLIENT_CERTIFICATE: + ret = ssl_tls13_write_client_certificate( ssl ); + break; + + case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY: + ret = ssl_tls13_write_client_certificate_verify( ssl ); + break; + + case MBEDTLS_SSL_CLIENT_FINISHED: ret = ssl_tls13_write_client_finished( ssl ); break; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index d1646ebd2b..14884aa3b9 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1142,7 +1142,18 @@ static int ssl_tls13_finalize_change_cipher_spec( mbedtls_ssl_context* ssl ) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO ); break; case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED ); +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + if( ssl->handshake->client_auth ) + { + mbedtls_ssl_handshake_set_state( ssl, + MBEDTLS_SSL_CLIENT_CERTIFICATE ); + } + else +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + { + mbedtls_ssl_handshake_set_state( ssl, + MBEDTLS_SSL_CLIENT_FINISHED ); + } break; default: MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );