Add missing mask set and tls13 unrecognized extension

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-08 21:19:34 +08:00 · 2022-11-08 21:19:34 +08:00 · b95dd3683b
commit b95dd3683b
parent c437ee3bac
3 changed files with 15 additions and 0 deletions
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -144,6 +144,7 @@ uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type );
              MBEDTLS_SSL_EXT_MASK( ENCRYPT_THEN_MAC )                       | \
              MBEDTLS_SSL_EXT_MASK( EXTENDED_MASTER_SECRET )                 | \
              MBEDTLS_SSL_EXT_MASK( SESSION_TICKET )                         | \
+              MBEDTLS_SSL_EXT_MASK( TRUNCATED_HMAC )                         | \
              MBEDTLS_SSL_EXT_MASK( UNRECOGNIZED ) )

 /* RFC 8446 section 4.2. Allowed extensions for ClienHello */
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -9155,6 +9155,11 @@ int mbedtls_ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
    p[6] = MBEDTLS_BYTE_0( protocol_name_len );

    memcpy( p + 7, ssl->alpn_chosen, protocol_name_len );
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+    mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_ALPN );
+#endif
+
    return ( 0 );
 }
 #endif /* MBEDTLS_SSL_ALPN */
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -700,6 +700,8 @@ static int ssl_tls13_write_server_pre_shared_key_ext( mbedtls_ssl_context *ssl,
    MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent selected_identity: %u",
                                ssl->handshake->selected_identity ) );

+    mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY );
+
    return( 0 );
 }

@ -1812,6 +1814,9 @@ static int ssl_tls13_write_server_hello_supported_versions_ext(

    *out_len = 6;

+    mbedtls_ssl_tls13_set_hs_sent_ext_mask(
+        ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS );
+
    return( 0 );
 }

@ -1918,6 +1923,8 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,

    *out_len = p - buf;

+    mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE );
+
    return( 0 );
 }

@ -1982,6 +1989,8 @@ static int ssl_tls13_write_hrr_key_share_ext( mbedtls_ssl_context *ssl,

    *out_len = 6;

+    mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE );
+
    return( 0 );
 }