move kex mode check in ticket_flags to psks_check_identity_match_ticket

Move the kex mode check in ticket_flags to
ssl_tls13_offered_psks_check_identity_match_ticket and add new error
'MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE' to indicate the check
failure.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
This commit is contained in:
Pengyu Lv 2022-12-05 16:35:12 +08:00
parent c7af2c4f8c
commit 3eb49be6a8
2 changed files with 21 additions and 19 deletions

View file

@ -96,7 +96,8 @@
/* Error space gap */ /* Error space gap */
/** Processing of the Certificate handshake message failed. */ /** Processing of the Certificate handshake message failed. */
#define MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00 #define MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00
/* Error space gap */ /** The kex mode allowed by ticket is not supported by client */
#define MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE -0x7A80
/** /**
* Received NewSessionTicket Post Handshake Message. * Received NewSessionTicket Post Handshake Message.
* This error code is experimental and may be changed or removed without notice. * This error code is experimental and may be changed or removed without notice.

View file

@ -161,6 +161,25 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
goto exit; goto exit;
} }
/* RFC 8446 section 4.2.9
*
* Servers SHOULD NOT send NewSessionTicket with tickets that are not
* compatible with the advertised modes; however, if a server does so,
* the impact will just be that the client's attempts at resumption fail.
*
* We regard the ticket with incompatible key exchange modes as not match.
*/
ret = MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE;
MBEDTLS_SSL_DEBUG_TICKET_FLAGS(4,
session->ticket_flags);
if (mbedtls_ssl_tls13_check_kex_modes(ssl,
mbedtls_ssl_tls13_session_get_ticket_flags(session,
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL)))
{
MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode"));
goto exit;
}
ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
now = mbedtls_time(NULL); now = mbedtls_time(NULL);
@ -249,24 +268,6 @@ static int ssl_tls13_offered_psks_check_identity_match(
if (ssl_tls13_offered_psks_check_identity_match_ticket( if (ssl_tls13_offered_psks_check_identity_match_ticket(
ssl, identity, identity_len, obfuscated_ticket_age, ssl, identity, identity_len, obfuscated_ticket_age,
session) == SSL_TLS1_3_OFFERED_PSK_MATCH) { session) == SSL_TLS1_3_OFFERED_PSK_MATCH) {
/* RFC 8446 section 4.2.9
*
* Servers SHOULD NOT send NewSessionTicket with tickets that are not
* compatible with the advertised modes; however, if a server does so,
* the impact will just be that the client's attempts at resumption fail.
*
* We regard the ticket with incompatible key exchange modes as not match.
*/
MBEDTLS_SSL_DEBUG_TICKET_FLAGS(4,
session->ticket_flags);
if (mbedtls_ssl_tls13_check_kex_modes(ssl,
mbedtls_ssl_tls13_session_get_ticket_flags(session,
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL)))
{
MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode"));
return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH;
}
ssl->handshake->resume = 1; ssl->handshake->resume = 1;
*psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION; *psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION;
mbedtls_ssl_set_hs_psk(ssl, mbedtls_ssl_set_hs_psk(ssl,