diff --git a/library/ssl_client.c b/library/ssl_client.c index b0d2dcf3c..16cef0204 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -107,8 +107,7 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl, *olen = hostname_len + 9; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_tls13_set_sent_ext_mask( ssl, - MBEDTLS_TLS_EXT_SERVERNAME ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_SERVERNAME ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent %s extension", mbedtls_tls13_get_extension_name( @@ -186,8 +185,7 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, MBEDTLS_PUT_UINT16_BE( *out_len - 4, buf, 2 ); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_tls13_set_sent_ext_mask( ssl, - MBEDTLS_TLS_EXT_ALPN ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_ALPN ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent %s extension", mbedtls_tls13_get_extension_name( @@ -312,8 +310,7 @@ static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, *out_len = p - buf; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_tls13_set_sent_ext_mask( ssl, - MBEDTLS_TLS_EXT_SUPPORTED_GROUPS ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_SUPPORTED_GROUPS ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent %s extension", mbedtls_tls13_get_extension_name( MBEDTLS_TLS_EXT_SUPPORTED_GROUPS ) ) ); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index dad1c82a1..3aeab0cd8 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -103,11 +103,12 @@ #define MBEDTLS_SSL_EXT_SIG_ALG_CERT ( 1 << 20 ) #define MBEDTLS_SSL_EXT_KEY_SHARE ( 1 << 21 ) -/* For request messages, we should just ignore unrecognized extension when - * parsing messages. For response messages, we should not ignore unrecognized - * extension when parsing messages. Request messages include ClientHello, - * Certificate and NewSessionTicket. Response messages include ServerHello, - * EncryptExtensions, Certificate and HelloRetryRequest. +/* In messages containing extension requests, we should ignore unrecognized + * extensions. In messages containing extension responses, unrecognized + * extensions should result in handshake abortion. Messages containing + * extension requests include ClientHello, CertificateRequest and + * NewSessionTicket. Messages containing extension responses include + * ServerHello, HelloRetryRequest, EncryptedExtensions and Certificate. * * RFC 8446 section 4.1.3 * @@ -1932,13 +1933,14 @@ static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl ) uint32_t mbedtls_tls13_get_extension_mask( unsigned int extension_type ); MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_tls13_check_received_extensions( mbedtls_ssl_context *ssl, - int hs_msg_type, - uint32_t extension_type, - uint32_t allowed_mask ); +int mbedtls_ssl_tls13_check_received_extension( + mbedtls_ssl_context *ssl, + int hs_msg_type, + unsigned int received_extension_type, + uint32_t hs_msg_allowed_extensions_mask ); -static inline void mbedtls_tls13_set_sent_ext_mask( mbedtls_ssl_context *ssl, - uint16_t extension_type ) +static inline void mbedtls_ssl_tls13_set_hs_sent_ext_mask( + mbedtls_ssl_context *ssl, unsigned int extension_type ) { ssl->handshake->sent_extensions |= mbedtls_tls13_get_extension_mask( extension_type ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9947d39d8..3678ec0bd 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8713,8 +8713,7 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, *out_len = p - buf; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - mbedtls_tls13_set_sent_ext_mask( ssl, - MBEDTLS_TLS_EXT_SIG_ALG ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_SIG_ALG ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent %s extension", mbedtls_tls13_get_extension_name( diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index c29b90ee3..27747a209 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -89,8 +89,8 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, } *out_len = 5 + versions_len; - mbedtls_tls13_set_sent_ext_mask( ssl, - MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( + ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent %s extension", mbedtls_tls13_get_extension_name( @@ -365,8 +365,7 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, key_share extension", buf, *out_len ); - mbedtls_tls13_set_sent_ext_mask( ssl, - MBEDTLS_TLS_EXT_KEY_SHARE ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent %s extension", @@ -612,8 +611,7 @@ static int ssl_tls13_write_cookie_ext( mbedtls_ssl_context *ssl, *out_len = handshake->hrr_cookie_len + 6; - mbedtls_tls13_set_sent_ext_mask( ssl, - MBEDTLS_TLS_EXT_COOKIE ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_COOKIE ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent %s extension", mbedtls_tls13_get_extension_name( @@ -688,8 +686,8 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl, *out_len = p - buf; - mbedtls_tls13_set_sent_ext_mask( ssl, - MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( + ssl, MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent %s extension", mbedtls_tls13_get_extension_name( @@ -1059,8 +1057,8 @@ int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key binders", buf, p - buf ); - mbedtls_tls13_set_sent_ext_mask( ssl, - MBEDTLS_TLS_EXT_PRE_SHARED_KEY ); + mbedtls_ssl_tls13_set_hs_sent_ext_mask( + ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY ); MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent %s extension", mbedtls_tls13_get_extension_name( @@ -1668,7 +1666,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "server hello extensions", p, extensions_len ); - ssl->handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; allowed_extensions_mask = is_hrr ? MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR : MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH; @@ -1687,7 +1685,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); extension_data_end = p + extension_data_len; - ret = mbedtls_tls13_check_received_extensions( + ret = mbedtls_ssl_tls13_check_received_extension( ssl, is_hrr ? -MBEDTLS_SSL_HS_SERVER_HELLO : MBEDTLS_SSL_HS_SERVER_HELLO, @@ -1766,7 +1764,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, is_hrr ? -MBEDTLS_SSL_HS_SERVER_HELLO : MBEDTLS_SSL_HS_SERVER_HELLO, - ssl->handshake->received_extensions ); + handshake->received_extensions ); cleanup: @@ -1999,6 +1997,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, size_t extensions_len; const unsigned char *p = buf; const unsigned char *extensions_end; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 ); @@ -2008,7 +2007,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len ); extensions_end = p + extensions_len; - ssl->handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; while( p < extensions_end ) { @@ -2028,7 +2027,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); - ret = mbedtls_tls13_check_received_extensions( + ret = mbedtls_ssl_tls13_check_received_extension( ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, extension_type, MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE ); if( ret != 0 ) @@ -2036,16 +2035,6 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, switch( extension_type ) { - case MBEDTLS_TLS_EXT_SERVERNAME: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found server_name extension" ) ); - - /* The server_name extension should be an empty extension */ - - break; - case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extensions supported groups" ) ); - break; - #if defined(MBEDTLS_SSL_ALPN) case MBEDTLS_TLS_EXT_ALPN: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); @@ -2069,7 +2058,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, } MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, - ssl->handshake->received_extensions ); + handshake->received_extensions ); /* Check that we consumed all the message. */ if( p != end ) @@ -2176,6 +2165,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, size_t certificate_request_context_len = 0; size_t extensions_len = 0; const unsigned char *extensions_end; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; /* ... * opaque certificate_request_context<0..2^8-1> @@ -2191,7 +2181,6 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "Certificate Request Context", p, certificate_request_context_len ); - mbedtls_ssl_handshake_params *handshake = ssl->handshake; handshake->certificate_request_context = mbedtls_calloc( 1, certificate_request_context_len ); if( handshake->certificate_request_context == NULL ) @@ -2215,7 +2204,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len ); extensions_end = p + extensions_len; - ssl->handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; while( p < extensions_end ) { @@ -2229,7 +2218,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); - ret = mbedtls_tls13_check_received_extensions( + ret = mbedtls_ssl_tls13_check_received_extension( ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, extension_type, MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR ); if( ret != 0 ) @@ -2260,7 +2249,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, MBEDTLS_SSL_TLS1_3_PRINT_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, - ssl->handshake->received_extensions ); + handshake->received_extensions ); /* Check that we consumed all the message. */ if( p != end ) @@ -2274,7 +2263,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl, * * The "signature_algorithms" extension MUST be specified */ - if( ( ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_SIG_ALG ) == 0 ) + if( ( handshake->received_extensions & MBEDTLS_SSL_EXT_SIG_ALG ) == 0 ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "no signature algorithms extension found" ) ); @@ -2514,10 +2503,11 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, const unsigned char *buf, const unsigned char *end ) { + mbedtls_ssl_handshake_params *handshake = ssl->handshake; const unsigned char *p = buf; - ssl->handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; while( p < end ) { @@ -2532,7 +2522,7 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extension_data_len ); - ret = mbedtls_tls13_check_received_extensions( + ret = mbedtls_ssl_tls13_check_received_extension( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type, MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH ); if( ret != 0 ) @@ -2556,7 +2546,7 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, } MBEDTLS_SSL_TLS1_3_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl->handshake->received_extensions ); + 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, handshake->received_extensions ); return( 0 ); } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 2fbcdf063..21644ede4 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -398,6 +398,7 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, size_t certificate_list_len = 0; const unsigned char *p = buf; const unsigned char *certificate_list_end; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 ); certificate_request_context_len = p[0]; @@ -507,7 +508,7 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, extensions_len ); extensions_end = p + extensions_len; - ssl->handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; while( p < extensions_end ) { @@ -527,9 +528,9 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); - ret = mbedtls_tls13_check_received_extensions( - ssl, MBEDTLS_SSL_HS_CERTIFICATE, extension_type, - MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT ); + ret = mbedtls_ssl_tls13_check_received_extension( + ssl, MBEDTLS_SSL_HS_CERTIFICATE, extension_type, + MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT ); if( ret != 0 ) return( ret ); @@ -547,7 +548,7 @@ int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, } MBEDTLS_SSL_TLS1_3_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_CERTIFICATE, ssl->handshake->received_extensions ); + 3, MBEDTLS_SSL_HS_CERTIFICATE, handshake->received_extensions ); } exit: @@ -555,7 +556,7 @@ exit: if( p != end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad Certificate message" ) ); - MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \ + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, MBEDTLS_ERR_SSL_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } @@ -1759,43 +1760,46 @@ void mbedtls_ssl_tls13_print_extensions( const mbedtls_ssl_context *ssl, * */ -int mbedtls_tls13_check_received_extensions( mbedtls_ssl_context *ssl, - int hs_msg_type, - uint32_t extension_type, - uint32_t allowed_mask ) +int mbedtls_ssl_tls13_check_received_extension( + mbedtls_ssl_context *ssl, + int hs_msg_type, + unsigned int received_extension_type, + uint32_t hs_msg_allowed_extensions_mask ) { - uint32_t extension_mask; - #if defined(MBEDTLS_DEBUG_C) const char *hs_msg_name = ssl_tls13_get_hs_msg_name( hs_msg_type ); #endif - - extension_mask = mbedtls_tls13_get_extension_mask( extension_type ); + uint32_t extension_mask = mbedtls_tls13_get_extension_mask( received_extension_type ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s : received %s(%x) extension", hs_msg_name, - mbedtls_tls13_get_extension_name( extension_type ), - (unsigned int)extension_type ) ); + mbedtls_tls13_get_extension_name( received_extension_type ), + (unsigned int)received_extension_type ) ); - if( ( extension_mask & allowed_mask ) == 0 ) + if( ( extension_mask & hs_msg_allowed_extensions_mask ) == 0 ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s : forbidden extension received.", hs_msg_name ) ); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } ssl->handshake->received_extensions |= extension_mask; + /* + * If it is a message containing extension responses, check that we + * previously sent the extension. + */ switch( hs_msg_type ) { case MBEDTLS_SSL_HS_SERVER_HELLO: case -MBEDTLS_SSL_HS_SERVER_HELLO: // HRR does not have IANA value. case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS: case MBEDTLS_SSL_HS_CERTIFICATE: - if( ( ~ssl->handshake->sent_extensions & extension_mask ) == 0 ) + /* Check if the received extension is sent by peer message.*/ + if( ( ssl->handshake->sent_extensions & extension_mask ) != 0 ) return( 0 ); break; default: @@ -1803,11 +1807,11 @@ int mbedtls_tls13_check_received_extensions( mbedtls_ssl_context *ssl, } MBEDTLS_SSL_DEBUG_MSG( - 3, ( "%s : forbidden extension received.", hs_msg_name ) ); + 3, ( "%s : unexpected extension received.", hs_msg_name ) ); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); + return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); } #endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 4fdd6ade8..f0f06b81a 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1239,6 +1239,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, const unsigned char *cipher_suites_end; size_t extensions_len; const unsigned char *extensions_end; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; int hrr_required = 0; #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) @@ -1304,7 +1305,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN ); - memcpy( &ssl->handshake->randbytes[0], p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN ); + memcpy( &handshake->randbytes[0], p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN ); p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN; /* ... @@ -1374,13 +1375,13 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, continue; ssl->session_negotiate->ciphersuite = cipher_suite; - ssl->handshake->ciphersuite_info = ciphersuite_info; + handshake->ciphersuite_info = ciphersuite_info; MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %04x - %s", cipher_suite, ciphersuite_info->name ) ); } - if( ssl->handshake->ciphersuite_info == NULL ) + if( handshake->ciphersuite_info == NULL ) { MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); @@ -1416,7 +1417,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", p, extensions_len ); - ssl->handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; + handshake->received_extensions = MBEDTLS_SSL_EXT_NONE; while( p < extensions_end ) { @@ -1431,8 +1432,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, * Servers MUST check that it is the last extension and otherwise fail * the handshake with an "illegal_parameter" alert. */ - if( ssl->handshake->received_extensions & - mbedtls_tls13_get_extension_mask( MBEDTLS_TLS_EXT_PRE_SHARED_KEY ) ) + if( handshake->received_extensions & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "pre_shared_key is not last extension." ) ); @@ -1450,7 +1450,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len ); extension_data_end = p + extension_data_len; - ret = mbedtls_tls13_check_received_extensions( + ret = mbedtls_ssl_tls13_check_received_extension( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type, MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH ); if( ret != 0 ) @@ -1554,13 +1554,13 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, case MBEDTLS_TLS_EXT_PRE_SHARED_KEY: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) ); - if( ( ssl->handshake->received_extensions & + if( ( handshake->received_extensions & MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) == 0 ) { MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) /* Delay processing of the PSK identity once we have @@ -1614,7 +1614,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, } MBEDTLS_SSL_TLS1_3_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_CLIENT_HELLO, ssl->handshake->received_extensions ); + 3, MBEDTLS_SSL_HS_CLIENT_HELLO, handshake->received_extensions ); mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, @@ -1628,10 +1628,9 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, /* If we've settled on a PSK-based exchange, parse PSK identity ext */ if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) && mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) && - ( ssl->handshake->received_extensions & - MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) ) + ( handshake->received_extensions & MBEDTLS_SSL_EXT_PRE_SHARED_KEY ) ) { - ssl->handshake->update_checksum( ssl, buf, + handshake->update_checksum( ssl, buf, pre_shared_key_ext - buf ); ret = ssl_tls13_parse_pre_shared_key_ext( ssl, pre_shared_key_ext, @@ -1640,8 +1639,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, cipher_suites_end ); if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY ) { - ssl->handshake->received_extensions &= - ~MBEDTLS_SSL_EXT_PRE_SHARED_KEY; + handshake->received_extensions &= ~MBEDTLS_SSL_EXT_PRE_SHARED_KEY; } else if( ret != 0 ) { @@ -1653,14 +1651,14 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl, else #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ { - ssl->handshake->update_checksum( ssl, buf, p - buf ); + handshake->update_checksum( ssl, buf, p - buf ); } ret = ssl_tls13_determine_key_exchange_mode( ssl ); if( ret < 0 ) return( ret ); - mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info ); + mbedtls_ssl_optimize_checksum( ssl, handshake->ciphersuite_info ); return( hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK ); }