mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-02-19 18:39:55 +00:00
tls13: early_data: cli: assign ciphersuite properly
When early_data extension is enabled and sent in ClientHello, the client does not know if the server will accept early data and select the first proposed pre-shared key with a ciphersuite that is different from the ciphersuite associated to the selected pre-shared key. To address aforementioned case, we do associated verification when parsing early_data ext in EncryptedExtensions. Therefore we have to assign the ciphersuite in current handshake to session_negotiate later than the associated verification. This won't impact decryption of EncryptedExtensions since we compute handshake keys by the ciphersuite in handshake not via the one in session_negotiate. Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This commit is contained in:
parent
c3cd410acf
commit
a29db7da2e
@ -1925,7 +1925,6 @@ static int ssl_tls13_postprocess_server_hello(mbedtls_ssl_context *ssl)
|
||||
|
||||
mbedtls_ssl_set_inbound_transform(ssl, handshake->transform_handshake);
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to handshake keys for inbound traffic"));
|
||||
ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id;
|
||||
ssl->session_in = ssl->session_negotiate;
|
||||
|
||||
cleanup:
|
||||
@ -2203,6 +2202,20 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl)
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* When early_data extension is enabled and sent in ClientHello, the client
|
||||
* does not know if the server will accept early data and select the first
|
||||
* proposed pre-shared key with a ciphersuite that is different from the
|
||||
* ciphersuite associated to the selected pre-shared key. To address
|
||||
* aforementioned case, we do associated verification when parsing
|
||||
* early_data ext in EncryptedExtensions. Therefore we have to assign
|
||||
* the ciphersuite in current handshake to session_negotiate later than
|
||||
* the associated verification. This won't impact decryption of
|
||||
* EncryptedExtensions since we compute handshake keys by the ciphersuite
|
||||
* in handshake not via the one in session_negotiate.
|
||||
*/
|
||||
ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id;
|
||||
|
||||
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
|
||||
ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
|
||||
buf, buf_len));
|
||||
|
Loading…
x
Reference in New Issue
Block a user