cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix set key exchange mode issue

Browse Source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2021-09-19 15:57:53 +08:00
parent 4ae2d62cce
commit fd532e506b
1 changed files with 23 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
library/ssl_tls13_client.c
View File

@ -1274,26 +1274,38 @@ static int ssl_tls1_3_finalize_server_hello( mbedtls_ssl_context *ssl )
/* We need to set the key exchange algorithm based on the /* We need to set the key exchange algorithm based on the
* following rules: * following rules:
* *
* 1 ) IF PRE_SHARED_KEY extension was received * 1) IF PRE_SHARED_KEY extension was received
* THEN set MBEDTLS_KEY_EXCHANGE_PSK * THEN set KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
* 2 ) IF PRE_SHARED_KEY extension && KEY_SHARE was received * 2) IF PRE_SHARED_KEY extension && KEY_SHARE was received
* THEN set MBEDTLS_KEY_EXCHANGE_ECDHE_PSK * THEN set KEY_EXCHANGE_MODE_PSK;
* 3 ) IF KEY_SHARES extension was received && SIG_ALG extension received * 3) IF KEY_SHARES extension was received && SIG_ALG extension received
* THEN set MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA * THEN set KEY_EXCHANGE_MODE_EPHEMERAL
* ELSE unknown key exchange mechanism. * ELSE unknown key exchange mechanism.
*/ */
if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY )
{ {
if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_KEY_SHARE ) if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_KEY_SHARE )
ssl->handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; {
/* Condition 2) */
ssl->handshake->tls1_3_kex_modes =
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
}
else else
ssl->handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK; {
/* Condition 1) */
ssl->handshake->tls1_3_kex_modes =
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
}
}
else if( ( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_KEY_SHARE ) )
{
/* Condition 3) */
ssl->handshake->tls1_3_kex_modes =
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
} }
else if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_KEY_SHARE )
ssl->handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
else else
{ {
/* ELSE case */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unknown key exchange." ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unknown key exchange." ) );
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
} }