diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 517a063f77..8bc8fd0bc2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -677,6 +677,7 @@ typedef enum { MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED, MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO, + MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST, MBEDTLS_SSL_HANDSHAKE_OVER, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET, diff --git a/library/ssl_client.c b/library/ssl_client.c index 7acb725a1c..62af0f99f0 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -963,6 +963,18 @@ int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl) buf_len, msg_len)); +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + if ((ssl->handshake->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_3) && + (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3)) { +#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) + mbedtls_ssl_handshake_set_state( + ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO); +#else + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); +#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ + } else +#endif + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) mbedtls_ssl_tls13_finalize_write_client_hello(ssl); #endif diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 252c217acb..57843a520e 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1221,9 +1221,7 @@ int mbedtls_ssl_tls13_finalize_write_client_hello(mbedtls_ssl_context *ssl) const unsigned char *psk; size_t psk_len; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; -#endif - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); -#if defined(MBEDTLS_SSL_EARLY_DATA) + if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) { MBEDTLS_SSL_DEBUG_MSG( 1, ("Set hs psk for early data when writing the first psk")); @@ -1265,10 +1263,6 @@ int mbedtls_ssl_tls13_finalize_write_client_hello(mbedtls_ssl_context *ssl) return ret; } - MBEDTLS_SSL_DEBUG_MSG( - 1, ("Switch to early data keys for outbound traffic")); - mbedtls_ssl_set_outbound_transform( - ssl, ssl->handshake->transform_earlydata); } #endif /* MBEDTLS_SSL_EARLY_DATA */ return 0; @@ -2959,6 +2953,17 @@ int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); } break; + case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: + ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); + if (ret == 0) { + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); + + MBEDTLS_SSL_DEBUG_MSG( + 1, ("Switch to early data keys for outbound traffic")); + mbedtls_ssl_set_outbound_transform( + ssl, ssl->handshake->transform_earlydata); + } + break; #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ #if defined(MBEDTLS_SSL_SESSION_TICKETS)