Add CCS after client hello in case of early data and comp mode

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2025-02-04 06:40:03 +00:00 · 2023-01-04 10:47:05 +00:00 · 2023-01-04 10:47:05 +00:00 · 592021aceb
commit 592021aceb
parent 303f82c5b9
3 changed files with 25 additions and 7 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -677,6 +677,7 @@ typedef enum {
    MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED,
    MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO,
    MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO,
+    MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO,
    MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST,
    MBEDTLS_SSL_HANDSHAKE_OVER,
    MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET,
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@ -963,6 +963,18 @@ int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl)
                                                              buf_len,
                                                              msg_len));

+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+        if ((ssl->handshake->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_3) &&
+            (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3)) {
+#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
+            mbedtls_ssl_handshake_set_state(
+                ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO);
+#else
+            mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO);
+#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
+        } else
+#endif
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO);
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
        mbedtls_ssl_tls13_finalize_write_client_hello(ssl);
 #endif
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -1221,9 +1221,7 @@ int mbedtls_ssl_tls13_finalize_write_client_hello(mbedtls_ssl_context *ssl)
    const unsigned char *psk;
    size_t psk_len;
    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
-#endif
-    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO);
-#if defined(MBEDTLS_SSL_EARLY_DATA)
+
    if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) {
        MBEDTLS_SSL_DEBUG_MSG(
            1, ("Set hs psk for early data when writing the first psk"));
@ -1265,10 +1263,6 @@ int mbedtls_ssl_tls13_finalize_write_client_hello(mbedtls_ssl_context *ssl)
            return ret;
        }

-        MBEDTLS_SSL_DEBUG_MSG(
-            1, ("Switch to early data keys for outbound traffic"));
-        mbedtls_ssl_set_outbound_transform(
-            ssl, ssl->handshake->transform_earlydata);
    }
 #endif /* MBEDTLS_SSL_EARLY_DATA */
    return 0;
@ -2959,6 +2953,17 @@ int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl)
                mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE);
            }
            break;
+        case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO:
+            ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
+            if (ret == 0) {
+                mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO);
+
+                MBEDTLS_SSL_DEBUG_MSG(
+                    1, ("Switch to early data keys for outbound traffic"));
+                mbedtls_ssl_set_outbound_transform(
+                    ssl, ssl->handshake->transform_earlydata);
+            }
+            break;
 #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */

 #if defined(MBEDTLS_SSL_SESSION_TICKETS)