TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 06164057b3c3130c42cb3496663264415f1333bd^! / . / library
commit06164057b3c3130c42cb3496663264415f1333bd[log] [tgz]
authorJarno Lamsa <jarno.lamsa@arm.com>Thu Dec 19 14:40:36 2019 +0200
committerJarno Lamsa <jarno.lamsa@arm.com>Thu Dec 19 14:40:36 2019 +0200
tree26c831482b389f9266dd8e0641bd4ef562d29029
parente1621d47005f8aff6422678b0f003209168c5332 [diff]
Check that we have all the proper keys

The proper keys should be set at the end of
the handshake, if not, fail the handshake.

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 4871885..08d4fd3 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -2344,7 +2344,6 @@
 {
     volatile int ret;
 
-    ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_UNSET;
     /*
      * Generate (part of) the pre-master secret as
      *  struct {
@@ -2396,7 +2395,6 @@
         MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2;
     mbedtls_pk_context *peer_pk = NULL;
 
-    ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_UNSET;
     if( buflen < len_bytes )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small for encrypted pms" ) );

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 7d00797..e70dd12 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -3980,7 +3980,6 @@
     unsigned int diff;
     volatile unsigned int pmscounter = 0;
 
-    ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_UNSET;
     /* In case of a failure in decryption, the decryption may write less than
      * 2 bytes of output, but we always read the first two bytes. It doesn't
      * matter in the end because diff will be nonzero in that case due to

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4fc6aa8..2068336 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -1974,7 +1974,6 @@
 
     mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
         mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
-    ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_UNSET;
 #if defined(MBEDTLS_USE_TINYCRYPT)
     if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
         == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA                       ||
@@ -2159,7 +2158,6 @@
     unsigned char *end = p + sizeof( ssl->handshake->premaster );
     const unsigned char *psk = ssl->conf->psk;
     size_t psk_len = ssl->conf->psk_len;
-    ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_UNSET;
 
     /* If the psk callback was called, use its result */
     if( ssl->handshake->psk != NULL )
@@ -7977,7 +7975,9 @@
         mbedtls_platform_enforce_volatile_reads();
         if( ssl->handshake->resume )
         {
+            /* When doing session resume, no premaster or peer authentication */
             ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET;
+            ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
         }
         else
         {
@@ -7997,13 +7997,41 @@
         else
         {
             ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+            goto cleanup;
         }
     }
     else
     {
         ret = MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED;
+        goto cleanup;
     }
 
+    if( ssl->handshake->hello_random_set == MBEDTLS_SSL_FI_FLAG_SET &&
+        ssl->handshake->key_derivation_done == MBEDTLS_SSL_FI_FLAG_SET &&
+        ssl->handshake->premaster_generated == MBEDTLS_SSL_FI_FLAG_SET )
+    {
+        mbedtls_platform_enforce_volatile_reads();
+        if( ssl->handshake->hello_random_set == MBEDTLS_SSL_FI_FLAG_SET &&
+            ssl->handshake->key_derivation_done == MBEDTLS_SSL_FI_FLAG_SET &&
+            ssl->handshake->premaster_generated == MBEDTLS_SSL_FI_FLAG_SET )
+        {
+            ret = 0;
+        }
+        else
+        {
+            ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+            goto cleanup;
+        }
+    }
+    else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "hello random %d", ssl->handshake->hello_random_set ) );
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "key_derivation_done %d", ssl->handshake->key_derivation_done ) );
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "premaster_generated %d", ssl->handshake->premaster_generated ) );
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    }
+
+cleanup:
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
         ssl->handshake->flight != NULL )