From cba64af50de6445f1927f569e7e48e015653a2c2 Mon Sep 17 00:00:00 2001 From: Xiaofei Bai Date: Tue, 15 Feb 2022 10:00:56 +0000 Subject: [PATCH 01/12] TLS1.3: add writing encrypted extensions Signed-off-by: Xiaofei Bai --- library/ssl_misc.h | 8 ++ library/ssl_tls13_server.c | 184 +++++++++++++++++++++++++++++++++++++ 2 files changed, 192 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 141c40a4e..abf33a634 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -809,6 +809,14 @@ struct mbedtls_ssl_handshake_params size_t digest_len; } finished_in; +#if defined(MBEDTLS_SSL_SRV_C) + /* Server, outgoing ClientKeyExchange */ + struct + { + uint8_t preparation_done; + } encrypted_extensions_out; +#endif /* MBEDTLS_SSL_SRV_C */ + } state_local; /* End of state-local variables. */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index d06b9a88e..72ac8ad50 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -22,10 +22,186 @@ #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3) #include "mbedtls/debug.h" +#include "mbedtls/error.h" +#include "mbedtls/platform.h" +#include #include "ssl_misc.h" #include "ssl_tls13_keys.h" #include "ssl_debug_helpers.h" +#include "ecdh_misc.h" +#include "ssl_tls13_keys.h" + +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) +/* + * struct { + * ExtensionType extension_type; + * opaque extension_data<0..2^16-1>; + * } Extension; + */ +static int ssl_tls13_write_sni_server_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *out_len ) +{ + unsigned char *p = buf; + *out_len = 0; + + if( ( ssl->handshake->extensions_present & + MBEDTLS_SSL_EXT_SERVERNAME ) == 0 ) + { + return( 0 ); + } + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding server_name extension" ) ); + + /* Check if we have enough space: + * - ExtensionType (2 bytes) + * - extensions length (2 bytes) + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4); + + /* Write extension type */ + MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SERVERNAME, p, 0 ); + + /* Write extension length */ + MBEDTLS_PUT_UINT16_BE( 0, p, 2 ); + + *out_len = 4; + + return( 0 ); +} +#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ + + +static int ssl_tls13_prepare_encrypted_extensions( mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_ssl_key_set traffic_keys; + mbedtls_ssl_transform *transform_handshake = NULL; + + /* Compute handshake secret */ + ret = mbedtls_ssl_tls13_key_schedule_stage_handshake( ssl ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_key_schedule_stage_handshake", ret ); + return( ret ); + } + + /* Derive handshake key material */ + ret = mbedtls_ssl_tls13_generate_handshake_keys( ssl, &traffic_keys ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, + "mbedtls_ssl_tls13_generate_handshake_keys", ret ); + return( ret ); + } + + transform_handshake = mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) ); + if( transform_handshake == NULL ) + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + + /* Setup transform from handshake key material */ + ret = mbedtls_ssl_tls13_populate_transform( + transform_handshake, + ssl->conf->endpoint, + ssl->session_negotiate->ciphersuite, + &traffic_keys, + ssl ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_populate_transform", ret ); + mbedtls_free( transform_handshake ); + return( ret ); + } + + ssl->handshake->transform_handshake = transform_handshake; + mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake ); + + /* + * Switch to our negotiated transform and session parameters for outbound + * data. + */ + MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) ); + memset( ssl->out_ctr, 0, 8 ); + + return( 0 ); +} + +/* + * struct { + * Extension extensions<0..2 ^ 16 - 1>; + * } EncryptedExtensions; + * + */ +static int ssl_tls13_write_encrypted_extensions( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *out_len ) +{ + unsigned char *p = buf; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t extensions_len = 0; + unsigned char *p_extensions_len; + size_t length = 0; // length of this extension + *out_len = 0; + + /* Skip extension length; first write extensions, then update length */ + p_extensions_len = p; + p += 2; + +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + ret = ssl_tls13_write_sni_server_ext( ssl, p, end, &length ); + if( ret != 0 ) + return( ret ); + p += length; +#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ + + *out_len = (size_t)( p - buf ); + + /* write extensions length */ + extensions_len = ( p - p_extensions_len ) - 2; + MBEDTLS_PUT_UINT16_BE( extensions_len, p_extensions_len, 0); + + return( 0 ); +} + +static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char *buf; + size_t buf_len = 0; + size_t msg_len = 0; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write encrypted extension" ) ); + + if( ssl->handshake->state_local.encrypted_extensions_out.preparation_done == 0 ) + { + MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_encrypted_extensions( ssl ) ); + ssl->handshake->state_local.encrypted_extensions_out.preparation_done = 1; + } + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl, + MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, &buf, &buf_len ) ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_encrypted_extensions( + ssl, buf, buf + buf_len, &msg_len ) ); + + mbedtls_ssl_add_hs_msg_to_checksum( + ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len ); + + /* Update state */ + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST ); + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( + ssl, buf_len, msg_len ) ); + +cleanup: + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write encrypted extension" ) ); + return( ret ); +} + #if defined(MBEDTLS_ECP_C) #include "mbedtls/ecp.h" @@ -1089,6 +1265,14 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) ret = ssl_tls13_write_server_hello( ssl ); break; + case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: + ret = ssl_tls13_process_encrypted_extensions( ssl ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_process_encrypted_extensions", ret ); + } + break; + default: MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) ); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); From 4d3841a4d17a48e11706df59bb2d295d686a00eb Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 16 Apr 2022 12:37:19 +0800 Subject: [PATCH 02/12] fix various issues Signed-off-by: Jerry Yu --- library/ssl_misc.h | 8 - library/ssl_tls13_server.c | 310 ++++++++++++++++--------------------- 2 files changed, 130 insertions(+), 188 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index abf33a634..141c40a4e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -809,14 +809,6 @@ struct mbedtls_ssl_handshake_params size_t digest_len; } finished_in; -#if defined(MBEDTLS_SSL_SRV_C) - /* Server, outgoing ClientKeyExchange */ - struct - { - uint8_t preparation_done; - } encrypted_extensions_out; -#endif /* MBEDTLS_SSL_SRV_C */ - } state_local; /* End of state-local variables. */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 72ac8ad50..cdbc8a720 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -24,184 +24,6 @@ #include "mbedtls/debug.h" #include "mbedtls/error.h" #include "mbedtls/platform.h" -#include - -#include "ssl_misc.h" -#include "ssl_tls13_keys.h" -#include "ssl_debug_helpers.h" -#include "ecdh_misc.h" -#include "ssl_tls13_keys.h" - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -/* - * struct { - * ExtensionType extension_type; - * opaque extension_data<0..2^16-1>; - * } Extension; - */ -static int ssl_tls13_write_sni_server_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len ) -{ - unsigned char *p = buf; - *out_len = 0; - - if( ( ssl->handshake->extensions_present & - MBEDTLS_SSL_EXT_SERVERNAME ) == 0 ) - { - return( 0 ); - } - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding server_name extension" ) ); - - /* Check if we have enough space: - * - ExtensionType (2 bytes) - * - extensions length (2 bytes) - */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4); - - /* Write extension type */ - MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SERVERNAME, p, 0 ); - - /* Write extension length */ - MBEDTLS_PUT_UINT16_BE( 0, p, 2 ); - - *out_len = 4; - - return( 0 ); -} -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - - -static int ssl_tls13_prepare_encrypted_extensions( mbedtls_ssl_context *ssl ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_key_set traffic_keys; - mbedtls_ssl_transform *transform_handshake = NULL; - - /* Compute handshake secret */ - ret = mbedtls_ssl_tls13_key_schedule_stage_handshake( ssl ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_key_schedule_stage_handshake", ret ); - return( ret ); - } - - /* Derive handshake key material */ - ret = mbedtls_ssl_tls13_generate_handshake_keys( ssl, &traffic_keys ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, - "mbedtls_ssl_tls13_generate_handshake_keys", ret ); - return( ret ); - } - - transform_handshake = mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) ); - if( transform_handshake == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); - - /* Setup transform from handshake key material */ - ret = mbedtls_ssl_tls13_populate_transform( - transform_handshake, - ssl->conf->endpoint, - ssl->session_negotiate->ciphersuite, - &traffic_keys, - ssl ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_populate_transform", ret ); - mbedtls_free( transform_handshake ); - return( ret ); - } - - ssl->handshake->transform_handshake = transform_handshake; - mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake ); - - /* - * Switch to our negotiated transform and session parameters for outbound - * data. - */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) ); - memset( ssl->out_ctr, 0, 8 ); - - return( 0 ); -} - -/* - * struct { - * Extension extensions<0..2 ^ 16 - 1>; - * } EncryptedExtensions; - * - */ -static int ssl_tls13_write_encrypted_extensions( mbedtls_ssl_context *ssl, - unsigned char *buf, - unsigned char *end, - size_t *out_len ) -{ - unsigned char *p = buf; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t extensions_len = 0; - unsigned char *p_extensions_len; - size_t length = 0; // length of this extension - *out_len = 0; - - /* Skip extension length; first write extensions, then update length */ - p_extensions_len = p; - p += 2; - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - ret = ssl_tls13_write_sni_server_ext( ssl, p, end, &length ); - if( ret != 0 ) - return( ret ); - p += length; -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - - *out_len = (size_t)( p - buf ); - - /* write extensions length */ - extensions_len = ( p - p_extensions_len ) - 2; - MBEDTLS_PUT_UINT16_BE( extensions_len, p_extensions_len, 0); - - return( 0 ); -} - -static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *buf; - size_t buf_len = 0; - size_t msg_len = 0; - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write encrypted extension" ) ); - - if( ssl->handshake->state_local.encrypted_extensions_out.preparation_done == 0 ) - { - MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_encrypted_extensions( ssl ) ); - ssl->handshake->state_local.encrypted_extensions_out.preparation_done = 1; - } - - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl, - MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, &buf, &buf_len ) ); - - MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_encrypted_extensions( - ssl, buf, buf + buf_len, &msg_len ) ); - - mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len ); - - /* Update state */ - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST ); - - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( - ssl, buf_len, msg_len ) ); - -cleanup: - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write encrypted extension" ) ); - return( ret ); -} - #if defined(MBEDTLS_ECP_C) #include "mbedtls/ecp.h" @@ -215,6 +37,10 @@ cleanup: #define mbedtls_free free #endif /* MBEDTLS_PLATFORM_C */ +#include "ssl_misc.h" +#include "ssl_tls13_keys.h" +#include "ssl_debug_helpers.h" + /* From RFC 8446: * struct { * ProtocolVersion versions<2..254>; @@ -1230,6 +1056,129 @@ cleanup: return( ret ); } +/* + * Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS + */ +static int ssl_tls13_prepare_encrypted_extensions( mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_ssl_key_set traffic_keys; + mbedtls_ssl_transform *transform_handshake = NULL; + + /* Compute handshake secret */ + ret = mbedtls_ssl_tls13_key_schedule_stage_handshake( ssl ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( + 1, "mbedtls_ssl_tls13_key_schedule_stage_handshake", ret ); + return( ret ); + } + + /* Derive handshake key material */ + ret = mbedtls_ssl_tls13_generate_handshake_keys( ssl, &traffic_keys ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( + 1, "mbedtls_ssl_tls13_generate_handshake_keys", ret ); + return( ret ); + } + + transform_handshake = mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) ); + if( transform_handshake == NULL ) + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + + /* Setup transform from handshake key material */ + ret = mbedtls_ssl_tls13_populate_transform( + transform_handshake, + ssl->conf->endpoint, + ssl->session_negotiate->ciphersuite, + &traffic_keys, + ssl ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_populate_transform", ret ); + mbedtls_free( transform_handshake ); + return( ret ); + } + + ssl->handshake->transform_handshake = transform_handshake; + mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake ); + + /* + * Switch to our negotiated transform and session parameters for outbound + * data. + */ + MBEDTLS_SSL_DEBUG_MSG( + 3, ( "switching to new transform spec for outbound data" ) ); + memset( ssl->out_ctr, 0, 8 ); + + return( 0 ); +} + +/* + * struct { + * Extension extensions<0..2 ^ 16 - 1>; + * } EncryptedExtensions; + * + */ +static int ssl_tls13_write_encrypted_extensions_body( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + size_t *out_len ) +{ + ((void) ssl); + unsigned char *p = buf; + size_t extensions_len = 0; + unsigned char *extensions_start; + *out_len = 0; + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + extensions_start = p; + p += 2; + + *out_len = (size_t)( p - buf ); + + /* write extensions length */ + extensions_len = ( p - extensions_start ) - 2; + MBEDTLS_PUT_UINT16_BE( extensions_len, extensions_start, 0); + + MBEDTLS_SSL_DEBUG_BUF( 4, "encrypted extensions", buf, *out_len ); + + return( 0 ); +} + +static int ssl_tls13_write_encrypted_extensions( mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char *buf; + size_t buf_len = 0; + size_t msg_len = 0; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write encrypted extension" ) ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_encrypted_extensions( ssl ) ); + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl, + MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, &buf, &buf_len ) ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_encrypted_extensions_body( + ssl, buf, buf + buf_len, &msg_len ) ); + + mbedtls_ssl_add_hs_msg_to_checksum( + ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len ); + + /* Update state */ + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE ); + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( + ssl, buf_len, msg_len ) ); + +cleanup: + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write encrypted extension" ) ); + return( ret ); +} + /* * TLS 1.3 State Machine -- server side */ @@ -1266,10 +1215,11 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) break; case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: - ret = ssl_tls13_process_encrypted_extensions( ssl ); + ret = ssl_tls13_write_encrypted_extensions( ssl ); if( ret != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_process_encrypted_extensions", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_encrypted_extensions", ret ); + return( ret ); } break; From cef55dbd6a49009fc5ae2e1f0501f6c7481052f0 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 23 Apr 2022 11:02:05 +0800 Subject: [PATCH 03/12] ssl-opt: add state check Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index bcbc0a0eb..202ad68fc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10484,6 +10484,7 @@ run_test "TLS 1.3: Server side check - openssl" \ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ -s "SSL - The requested feature is not available" \ -s "=> parse client hello" \ -s "<= parse client hello" @@ -10500,6 +10501,7 @@ run_test "TLS 1.3: Server side check - gnutls" \ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ -s "SSL - The requested feature is not available" \ -s "=> parse client hello" \ -s "<= parse client hello" @@ -10515,6 +10517,7 @@ run_test "TLS 1.3: Server side check - mbedtls" \ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ -s "SSL - The requested feature is not available" \ -s "=> parse client hello" \ From ab452cc257d86eab05ed80e4a8ab1561f9626053 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 28 Apr 2022 15:27:08 +0800 Subject: [PATCH 04/12] fix name issue Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index cdbc8a720..fda56a2a3 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1154,7 +1154,7 @@ static int ssl_tls13_write_encrypted_extensions( mbedtls_ssl_context *ssl ) size_t buf_len = 0; size_t msg_len = 0; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write encrypted extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write encrypted extensions" ) ); MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_encrypted_extensions( ssl ) ); @@ -1175,7 +1175,7 @@ static int ssl_tls13_write_encrypted_extensions( mbedtls_ssl_context *ssl ) cleanup: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write encrypted extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write encrypted extensions" ) ); return( ret ); } From 8937eb491a72d7e8ae7bf13a059ed74189d9937d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 3 May 2022 12:12:14 +0800 Subject: [PATCH 05/12] fix various issues Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index fda56a2a3..cdffd972f 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1104,10 +1104,6 @@ static int ssl_tls13_prepare_encrypted_extensions( mbedtls_ssl_context *ssl ) ssl->handshake->transform_handshake = transform_handshake; mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake ); - /* - * Switch to our negotiated transform and session parameters for outbound - * data. - */ MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) ); memset( ssl->out_ctr, 0, 8 ); @@ -1126,21 +1122,21 @@ static int ssl_tls13_write_encrypted_extensions_body( mbedtls_ssl_context *ssl, unsigned char *end, size_t *out_len ) { - ((void) ssl); unsigned char *p = buf; size_t extensions_len = 0; - unsigned char *extensions_start; + unsigned char *p_extensions_len; *out_len = 0; MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); - extensions_start = p; + p_extensions_len = p; p += 2; - *out_len = (size_t)( p - buf ); + ((void) ssl); - /* write extensions length */ - extensions_len = ( p - extensions_start ) - 2; - MBEDTLS_PUT_UINT16_BE( extensions_len, extensions_start, 0); + extensions_len = ( p - p_extensions_len ) - 2; + MBEDTLS_PUT_UINT16_BE( extensions_len, p_extensions_len, 0 ); + + *out_len = p - buf; MBEDTLS_SSL_DEBUG_BUF( 4, "encrypted extensions", buf, *out_len ); @@ -1167,12 +1163,18 @@ static int ssl_tls13_write_encrypted_extensions( mbedtls_ssl_context *ssl ) mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len ); - /* Update state */ - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE ); - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl, buf_len, msg_len ) ); +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) ) + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED ); + else + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE ); +#else + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED ); +#endif + cleanup: MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write encrypted extensions" ) ); From 39730a70cdcd730a7603ca0af80a35e49c0aa98d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 3 May 2022 12:14:04 +0800 Subject: [PATCH 06/12] remove variable initial Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index cdffd972f..511ba1f70 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1147,8 +1147,7 @@ static int ssl_tls13_write_encrypted_extensions( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *buf; - size_t buf_len = 0; - size_t msg_len = 0; + size_t buf_len, msg_len; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write encrypted extensions" ) ); From de66d12afc915111f4ff880aa2d752362d4ba87d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 3 May 2022 12:15:19 +0800 Subject: [PATCH 07/12] remove out couter reset Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 511ba1f70..1b553e353 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1103,10 +1103,9 @@ static int ssl_tls13_prepare_encrypted_extensions( mbedtls_ssl_context *ssl ) ssl->handshake->transform_handshake = transform_handshake; mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) ); - memset( ssl->out_ctr, 0, 8 ); + return( 0 ); } From 7c0da07445e4ad31f70c7265457087379cb4a681 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 3 May 2022 15:08:54 +0800 Subject: [PATCH 08/12] Update state check Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 202ad68fc..0a61c195e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10518,7 +10518,7 @@ run_test "TLS 1.3: Server side check - mbedtls" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ + -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ -s "SSL - The requested feature is not available" \ -s "=> parse client hello" \ -s "<= parse client hello" From 9da5e5a2f2c396a1e6f261e298143ae9e8ac2263 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 3 May 2022 15:46:09 +0800 Subject: [PATCH 09/12] fix coding style issues Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 1b553e353..0deeb7601 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1106,7 +1106,6 @@ static int ssl_tls13_prepare_encrypted_extensions( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) ); - return( 0 ); } @@ -1124,6 +1123,7 @@ static int ssl_tls13_write_encrypted_extensions_body( mbedtls_ssl_context *ssl, unsigned char *p = buf; size_t extensions_len = 0; unsigned char *p_extensions_len; + *out_len = 0; MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); From e110d258d9f6fc175e05a79078ecbb779112052c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 5 May 2022 10:19:22 +0800 Subject: [PATCH 10/12] Add set outbound transform Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 45 +++-------------------- library/ssl_tls13_keys.c | 55 ++++++++++++++++++++++++++++ library/ssl_tls13_keys.h | 11 ++++++ library/ssl_tls13_server.c | 73 ++++++++++++-------------------------- 4 files changed, 93 insertions(+), 91 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index d024abf18..93b063278 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1189,8 +1189,6 @@ cleanup: static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_key_set traffic_keys; - mbedtls_ssl_transform *transform_handshake = NULL; mbedtls_ssl_handshake_params *handshake = ssl->handshake; /* Determine the key exchange mode: @@ -1234,50 +1232,20 @@ static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl ) ret = mbedtls_ssl_tls13_key_schedule_stage_early( ssl ); if( ret != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_key_schedule_stage_early_data", + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_key_schedule_stage_early", ret ); goto cleanup; } - /* Compute handshake secret */ - ret = mbedtls_ssl_tls13_key_schedule_stage_handshake( ssl ); + ret = mbedtls_ssl_tls13_set_handshake_transform( ssl ); if( ret != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_derive_master_secret", ret ); - goto cleanup; - } - - /* Next evolution in key schedule: Establish handshake secret and - * key material. */ - ret = mbedtls_ssl_tls13_generate_handshake_keys( ssl, &traffic_keys ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_generate_handshake_keys", + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_set_handshake_transform", ret ); goto cleanup; } - transform_handshake = mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) ); - if( transform_handshake == NULL ) - { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto cleanup; - } - - ret = mbedtls_ssl_tls13_populate_transform( transform_handshake, - ssl->conf->endpoint, - ssl->session_negotiate->ciphersuite, - &traffic_keys, - ssl ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_populate_transform", ret ); - goto cleanup; - } - - handshake->transform_handshake = transform_handshake; - mbedtls_ssl_set_inbound_transform( ssl, transform_handshake ); - + mbedtls_ssl_set_inbound_transform( ssl, handshake->transform_handshake ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to handshake keys for inbound traffic" ) ); ssl->session_in = ssl->session_negotiate; @@ -1287,16 +1255,13 @@ static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl ) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS ); cleanup: - - mbedtls_platform_zeroize( &traffic_keys, sizeof( traffic_keys ) ); if( ret != 0 ) { - mbedtls_free( transform_handshake ); - MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } + return( ret ); } diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 6559bc91c..dd6677ddf 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -27,6 +27,7 @@ #include "mbedtls/hkdf.h" #include "mbedtls/debug.h" #include "mbedtls/error.h" +#include "mbedtls/platform.h" #include "ssl_misc.h" #include "ssl_tls13_keys.h" @@ -1510,4 +1511,58 @@ int mbedtls_ssl_tls13_generate_application_keys( return( ret ); } +int mbedtls_ssl_tls13_set_handshake_transform( mbedtls_ssl_context *ssl ) +{ + int ret; + mbedtls_ssl_key_set traffic_keys; + mbedtls_ssl_transform *transform_handshake = NULL; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; + + /* Compute handshake secret */ + ret = mbedtls_ssl_tls13_key_schedule_stage_handshake( ssl ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_derive_master_secret", ret ); + goto cleanup; + } + + /* Next evolution in key schedule: Establish handshake secret and + * key material. */ + ret = mbedtls_ssl_tls13_generate_handshake_keys( ssl, &traffic_keys ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_generate_handshake_keys", + ret ); + goto cleanup; + } + + transform_handshake = mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) ); + if( transform_handshake == NULL ) + { + ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; + goto cleanup; + } + + ret = mbedtls_ssl_tls13_populate_transform( transform_handshake, + ssl->conf->endpoint, + ssl->session_negotiate->ciphersuite, + &traffic_keys, + ssl ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_populate_transform", ret ); + goto cleanup; + } + handshake->transform_handshake = transform_handshake; + +cleanup: + mbedtls_platform_zeroize( &traffic_keys, sizeof( traffic_keys ) ); + if( ret != 0 ) + { + mbedtls_free( transform_handshake ); + } + + return( ret ); +} + #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index d56067cef..62bd6c005 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -638,6 +638,17 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context *ssl, size_t *actual_len, int which ); +/** + * \brief Compute TLS 1.3 handshake transform + * + * \param ssl The SSL context to operate on. The early secrtet must have been + * computed. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ +int mbedtls_ssl_tls13_set_handshake_transform( mbedtls_ssl_context *ssl ); + #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 0deeb7601..d6c1f5edc 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1026,6 +1026,25 @@ static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl, return( ret ); } +static int ssl_tls13_finalize_write_server_hello( mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + ret = mbedtls_ssl_tls13_set_handshake_transform( ssl ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_set_handshake_transform", + ret ); + return( ret ); + } + + mbedtls_ssl_set_outbound_transform( ssl, + ssl->handshake->transform_handshake ); + MBEDTLS_SSL_DEBUG_MSG( + 3, ( "switching to new transform spec for outbound data" ) ); + + return( ret ); +} + static int ssl_tls13_write_server_hello( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -1049,7 +1068,10 @@ static int ssl_tls13_write_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl, buf_len, msg_len ) ); + MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_write_server_hello( ssl ) ); + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS ); + cleanup: MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) ); @@ -1059,55 +1081,6 @@ cleanup: /* * Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS */ -static int ssl_tls13_prepare_encrypted_extensions( mbedtls_ssl_context *ssl ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ssl_key_set traffic_keys; - mbedtls_ssl_transform *transform_handshake = NULL; - - /* Compute handshake secret */ - ret = mbedtls_ssl_tls13_key_schedule_stage_handshake( ssl ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_key_schedule_stage_handshake", ret ); - return( ret ); - } - - /* Derive handshake key material */ - ret = mbedtls_ssl_tls13_generate_handshake_keys( ssl, &traffic_keys ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_generate_handshake_keys", ret ); - return( ret ); - } - - transform_handshake = mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) ); - if( transform_handshake == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); - - /* Setup transform from handshake key material */ - ret = mbedtls_ssl_tls13_populate_transform( - transform_handshake, - ssl->conf->endpoint, - ssl->session_negotiate->ciphersuite, - &traffic_keys, - ssl ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_populate_transform", ret ); - mbedtls_free( transform_handshake ); - return( ret ); - } - - ssl->handshake->transform_handshake = transform_handshake; - mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake ); - MBEDTLS_SSL_DEBUG_MSG( - 3, ( "switching to new transform spec for outbound data" ) ); - - return( 0 ); -} /* * struct { @@ -1150,8 +1123,6 @@ static int ssl_tls13_write_encrypted_extensions( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write encrypted extensions" ) ); - MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_encrypted_extensions( ssl ) ); - MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, &buf, &buf_len ) ); From f86eb75c58f7a2fae462d6ddf0bf0354e45a69ca Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 6 May 2022 11:16:55 +0800 Subject: [PATCH 11/12] fix various issues Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 5 +++-- library/ssl_tls13_keys.c | 4 +--- library/ssl_tls13_keys.h | 4 ++-- library/ssl_tls13_server.c | 7 ++++--- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 93b063278..59e42c868 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1237,10 +1237,11 @@ static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl ) goto cleanup; } - ret = mbedtls_ssl_tls13_set_handshake_transform( ssl ); + ret = mbedtls_ssl_tls13_compute_handshake_transform( ssl ); if( ret != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_set_handshake_transform", + MBEDTLS_SSL_DEBUG_RET( 1, + "mbedtls_ssl_tls13_compute_handshake_transform", ret ); goto cleanup; } diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index dd6677ddf..74b269e6a 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1511,7 +1511,7 @@ int mbedtls_ssl_tls13_generate_application_keys( return( ret ); } -int mbedtls_ssl_tls13_set_handshake_transform( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_tls13_compute_handshake_transform( mbedtls_ssl_context *ssl ) { int ret; mbedtls_ssl_key_set traffic_keys; @@ -1558,9 +1558,7 @@ int mbedtls_ssl_tls13_set_handshake_transform( mbedtls_ssl_context *ssl ) cleanup: mbedtls_platform_zeroize( &traffic_keys, sizeof( traffic_keys ) ); if( ret != 0 ) - { mbedtls_free( transform_handshake ); - } return( ret ); } diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 62bd6c005..676ebae8d 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -641,13 +641,13 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context *ssl, /** * \brief Compute TLS 1.3 handshake transform * - * \param ssl The SSL context to operate on. The early secrtet must have been + * \param ssl The SSL context to operate on. The early secret must have been * computed. * * \returns \c 0 on success. * \returns A negative error code on failure. */ -int mbedtls_ssl_tls13_set_handshake_transform( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_tls13_compute_handshake_transform( mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index d6c1f5edc..b2a5cfcf5 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1029,10 +1029,11 @@ static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl, static int ssl_tls13_finalize_write_server_hello( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ret = mbedtls_ssl_tls13_set_handshake_transform( ssl ); + ret = mbedtls_ssl_tls13_compute_handshake_transform( ssl ); if( ret != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_set_handshake_transform", + MBEDTLS_SSL_DEBUG_RET( 1, + "mbedtls_ssl_tls13_compute_handshake_transform", ret ); return( ret ); } @@ -1040,7 +1041,7 @@ static int ssl_tls13_finalize_write_server_hello( mbedtls_ssl_context *ssl ) mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake ); MBEDTLS_SSL_DEBUG_MSG( - 3, ( "switching to new transform spec for outbound data" ) ); + 3, ( "switching to handshake transform for outbound data" ) ); return( ret ); } From ef2b98a2461a69b68ddbdc49751ce5eeb07cc405 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 6 May 2022 16:40:05 +0800 Subject: [PATCH 12/12] fix coding style issues Signed-off-by: Jerry Yu --- library/ssl_tls13_keys.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 74b269e6a..8ffd9a1a0 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1507,13 +1507,14 @@ int mbedtls_ssl_tls13_generate_application_keys( /* randbytes is not used again */ mbedtls_platform_zeroize( ssl->handshake->randbytes, sizeof( ssl->handshake->randbytes ) ); + mbedtls_platform_zeroize( transcript, sizeof( transcript ) ); return( ret ); } int mbedtls_ssl_tls13_compute_handshake_transform( mbedtls_ssl_context *ssl ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_key_set traffic_keys; mbedtls_ssl_transform *transform_handshake = NULL; mbedtls_ssl_handshake_params *handshake = ssl->handshake; @@ -1543,11 +1544,12 @@ int mbedtls_ssl_tls13_compute_handshake_transform( mbedtls_ssl_context *ssl ) goto cleanup; } - ret = mbedtls_ssl_tls13_populate_transform( transform_handshake, - ssl->conf->endpoint, - ssl->session_negotiate->ciphersuite, - &traffic_keys, - ssl ); + ret = mbedtls_ssl_tls13_populate_transform( + transform_handshake, + ssl->conf->endpoint, + ssl->session_negotiate->ciphersuite, + &traffic_keys, + ssl ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_populate_transform", ret );